Day: June 8, 2023

Tree Planting Festivals, Air Cannons, Self-Burying Seeds, And The Complexities Of Reforestation

June 8, 2023 by 20 Comments

At first glance the problem of how to plant trees would seem to be a straightforward one: take a seed, jam it into the soil and let nature take its course. Or alternatively do much the same with a sapling that already got a start in a nice, comfortable greenhouse before leaving it to its own devices. To the average person this is generally the point where it’s considered a ‘done deal’, but one only has to take a look at the average survival rate of saplings out in the wild to perish that thought.

Each environment offers its own set of challenges when it comes to reforestation, which can perhaps be considered ironic as many of these trees are being planted where forests used to be, albeit centuries ago in many cases. There are the easy spots, such as flat fields, with rich soil, ample rain and mild weather, to the challenging terrain of Iceland, or mountainous terrain. Here the logistics are challenging and where once rich forests flourished, the very landscape seems adamant to reject this botanic intrusion.

Further complicating matters here are the myriad of reasons why we’re looking at planting so many new trees that it has even become an internet thing, as with the 2019 ‘Team Trees’ 20 million new trees challenge. So how did we get here, why exactly are we doing all of this, and how much of these attempts do bear fruit?

Continue reading “Tree Planting Festivals, Air Cannons, Self-Burying Seeds, And The Complexities Of Reforestation”

Contrary View: Chatbots Don’t Help Programmers

June 8, 2023 by 67 Comments

[Bertrand Meyer] is a decided contrarian in his views on AI and programming. In a recent Communications of the ACM blog post, he reveals that — unlike many others — he thinks AI in its current state isn’t very useful for practical programming. He was responding, in part, to another article from the ACM entitled “The End of Programming,” which, like many other articles, is claiming that, soon, no one will write software the way we do and have done for the last few decades. You can see [Matt Welsh] describe his thoughts on this in the video below. But [Bertrand] disagrees.

As we have also noted, [Bretrand] says:

“AI in its modern form, however, does not generate correct programs: it generates programs inferred from many earlier programs it has seen. These programs look correct but have no guarantee of correctness.”

Continue reading “Contrary View: Chatbots Don’t Help Programmers”

Photo of the head unit , with "Hacked by greenluigi1" in the center of the UI

Hacking A Hyundai Ioniq’s Infotainment System Again After Security Fixes

June 8, 2023 by 15 Comments

These days modern cars are nothing if not a grouping of networked software held together by bits of hardware. This is reflected not only in the rapidly increasing number of ECUs, but also infotainment systems and all-glass cockpits. For better or worse, this offers many exciting hacking possibilities, which [greenluigi1] was more than happy to explore with their new 2021 Hyundai Ioniq SEL last year. Naturally, Hyundai then proceeded to ‘fix’ these vulnerabilities, offering the exciting chance to test the Hyundai engineers’ homework, and proceed to bypass it again.

When we last left off in [greenluigi1]’s adventures, the Hyundai D-Audio 2V Linux-based infotainment system (formally called in-vehicle entertainment, or IVI) in question had been convinced to run custom applications after a fair bit of effort to get root access via the Engineering Menu and some firmware image hacking. Joyous hacking and exploration of the car’s CAN network and RPC messaging system ensued. Then Hyundai released a new firmware image, after months of silence and all old firmware images pulled from the download page.

In this new firmware image, big changes were visible right off the bat, with two different ZIP files instead of the single one from before. One of these ZIP files also couldn’t be decrypted any more with the old key. Unfortunately for Hyundai, the curse of backwards compatibility with older IVIs meant that the ZIP targeting headunits running the older firmware also contained the key for the new ZIP file.

Other changes included some further obfuscation to this key and the public key used for firmware hash verification, which also involved using a Micom RPC call via the CAN bus to obtain some vehicle specific information. Unfortunately, this is where Hyundai’s engineers seemed to have stopped copying reference code samples, and used a unique RSA private key to sign firmware images with. Fortunately, they did not bother to check whether the updater actually always verifies the signature, allowing for unsigned code to be installed.

All in all, a fascinating bit of reverse-engineering and sheer stubborn persistence, just so that the IVI that’s in your car can run the applications which you developed. We’re looking forward to the next installments in this series as the ball is once again firmly in Hyundai’s court.