riQQ's recent activity

  1. Comment on Tesla’s two million car Autopilot recall is now under US federal scrutiny in ~transport

    riQQ
    Link
    New development on the same topic previously discussed here: https://tildes.net/~transport/1cul/tesla_recalls_two_million_us_vehicles_over_autopilot_software_issue

    NHTSA has now closed that engineering analysis, which examined 956 crashes. After excluding crashes where the other car was at fault, where Autopilot wasn't operating, or where there was insufficient data to make a determination, it found 467 Autopilot crashes that fell into three distinct categories.

    First, 221 were frontal crashes in which the Tesla hit a car or obstacle despite "adequate time for an attentive driver to respond to avoid or mitigate the crash." Another 111 Autopilot crashes occurred when the system was inadvertently disengaged by the driver, and the remaining 145 Autopilot crashes happened under low grip conditions, such as on a wet road.

    NHTSA also found that Tesla's telematics system has plenty of gaps in it, despite the closely held belief among many fans of the brand that the Autopilot system is constantly recording and uploading to Tesla's servers to improve itself. Instead, it only records an accident if the airbags deploy, which NHTSA data shows only happens in 18 percent of police-reported crashes.

    New development on the same topic previously discussed here:
    https://tildes.net/~transport/1cul/tesla_recalls_two_million_us_vehicles_over_autopilot_software_issue

    19 votes

  3. Comment on How GM tricked millions of drivers into being spied on (including me) (gifted link) in ~transport

  4. Comment on Backdoor in upstream libxz targeting sshd in ~comp

  5. Comment on Backdoor in upstream libxz targeting sshd in ~comp

  6. Comment on Backdoor in upstream libxz targeting sshd in ~comp

    riQQ
    Link
    Another write-up by Kevin Beaumont: https://doublepulsar.com/inside-the-failed-attempt-to-backdoor-ssh-globally-that-got-caught-by-chance-bbfe628fafdd

    Another write-up by Kevin Beaumont:
    https://doublepulsar.com/inside-the-failed-attempt-to-backdoor-ssh-globally-that-got-caught-by-chance-bbfe628fafdd

    Nobody else had raised concerns, and I don’t believe any existing security tooling or processes would have caught this (I realise there will be a torrent of vendors claiming they detect this… but they will detect this now that somebody told them).

    How advanced was the threat actor? The backdoor attempt was a very serious one, with a very high bar of knowledge, research, development and tradecraft to reach this far into the Linux ecosystem. Additionally, changes made by the threat actor on Github span multiple years, and include things like introducing functions incompatible with OSS Fuzzer due to outstanding small issues since 2015, then getting OSS Fuzzer to exclude XZ Utils from scanning last year. The backdoor itself is super well put together, and even includes the ability to remotely deactivate and remove the backdoor via a kill command. Several days in, despite global focus, I haven’t seen anybody who has finished reverse engineering it.

    Also, Andres had a unique testing environment and a set of coincidental setup issues which allowed him to discover the issue. I don’t know of anybody else has this setup.

    When I installed a vulnerable Linux box, I had to double check it was actually vulnerable as I wouldn’t even see a speed issue. For me, it was a completely transparent backdoor — where sshd was running from disk as usual, with the usual file hash and no extra network activity.

    15 votes

  7. Comment on Visa, Mastercard settle long-running antitrust suit over swipe fees with merchants in ~finance

    riQQ
    Link

    Visa and Mastercard announced a major settlement with U.S. merchants on Tuesday, potentially ending nearly two decades of litigation over the fees charged every time a credit or debit card is used in a store or restaurant.

    The deal would lower and cap the fees charged by Visa and Mastercard and allow small businesses to collectively bargain for rates with the payment processors in a similar way that the large merchants do on their own now.

    According to the settlement announced Tuesday, Visa and Mastercard will cap the credit interchange fees until 2030, and the companies must negotiate the fees with merchant-buying groups.

    The law firm that announced the settlement put the value of the savings in swipe fees at close to $30 billion.

    9 votes

  9. Comment on Tests show high-temperature superconducting magnets are ready for fusion in ~science

    riQQ
    Link

    Detailed study of magnets built by MIT and Commonwealth Fusion Systems confirms they meet requirements for an economic, compact fusion power plant.

    Before the Sept. 5 demonstration, the best-available superconducting magnets were powerful enough to potentially achieve fusion energy — but only at sizes and costs that could never be practical or economically viable. Then, when the tests showed the practicality of such a strong magnet at a greatly reduced size, “overnight, it basically changed the cost per watt of a fusion reactor by a factor of almost 40 in one day,” Whyte says.

    1 vote

  11. Comment on What Boeing’s door-plug debacle says about the future of aviation safety in ~transport

    riQQ
    Link
    This section is the gist of the article in my opinion:

    This section is the gist of the article in my opinion:

    So how does this understanding of aviation reliability help us make sense of Boeing’s recent missteps with its 737? Seen through this lens, the door-plug drama looks highly unusual in that it appears to have been an avoidable error. This is stranger than it seems. On the rare occasions when jetliner failures are attributable to the airplane’s manufacturer, they are almost always “rational accidents,” with root causes that had hidden in the uncertainties of experts’ tests and models. If the insecure plug was due to missing bolts, then this was something else. Securing bolts properly is about the lowest-hanging fruit of high-reliability engineering. It is the kind of thing that manufacturers ought to be catching with their elaborate rules and oversight, before they even begin their “march of nines.”

    8 votes

  12. Comment on Boeing is withholding key details about door plug on Alaska 737 Max 9 jet, NTSB says in ~transport

    riQQ
    Link

    More than two months after a door plug panel blew off a Boeing 737 Max 9 jet in midair, the top federal safety investigator says Boeing still has not provided key information that could shed light on what went wrong.

    9 votes

  14. Comment on <deleted topic> in ~health

  15. Comment on Weekly Israel-Hamas war megathread - week of February 26 in ~news

  16. Comment on What are your favorite series that are not from the US or UK and also not popular anime? in ~tv

    riQQ
    Link
    I recommend watching 4 Blocks. It's a German show about an Arab family clan and the drug business in Berlin. It's featuring among others two German rappers as actors who also contributed to the...

    I recommend watching 4 Blocks. It's a German show about an Arab family clan and the drug business in Berlin. It's featuring among others two German rappers as actors who also contributed to the show's great and atmospheric music. One of them plays a lead role with a really good performance especially considering it was one of his first roles as an actor.

    2 votes

  17. Comment on New report from US Federal Aviation Administration: Boeing lacks key elements of safety culture in ~transport

  18. Comment on JavaScript bloat in 2024 in ~comp

  19. Comment on [SOLVED] Bug report: Firefox login in ~tildes

    riQQ
    Link
    Have you tried it with a fresh Firefox profile? For me it works without problems with Firefox.

    Have you tried it with a fresh Firefox profile? For me it works without problems with Firefox.

    6 votes

  20. Comment on Minimal Linux bootloader debugging story in ~comp

    riQQ
    Link
    Interesting read about debugging a Linux bootloader failure.

    Interesting read about debugging a Linux bootloader failure.

    I maintain two builds of the Linux kernel, a linux/arm64 build for gokrazy, my Go appliance platform, which started out on the Raspberry Pi, and then a linux/amd64 one for router7, which runs on PCs.

    The update process for both of these builds is entirely automated, meaning new Linux kernel releases are automatically tested and merged, but recently the continuous integration testing failed to automatically merge Linux 6․7 — this article is about tracking down the root cause of that failure.

    5 votes