With newer cars being computers on wheels, some manufacturers are using software to put features behind a paywall or thwarting DIY repairs. Industrious hackers security researchers have taken it upon themselves to set these features free by hacking a Tesla infotainment system. (via Electrek)
The researchers from TU Berlin found that by using a voltage fault injection attack against the AMD Secure Processor (ASP) at the heart of current Tesla models, they could run arbitrary code on the infotainment system. The hack opens up the double-edged sword of an attacker gaining access to encrypted PII or a shadetree mechanic “extracting a TPM-protected attestation key Tesla uses to authenticate the car. This enables migrating a car’s identity to another car computer without Tesla’s help whatsoever, easing certain repairing efforts.” We can see this being handy for certain other unsanctioned hacks as well.
The attack is purported as being “unpatchable” and giving root access that survives reboots and updates of the system. Since AMD is a vendor to multiple vehicle companies, the question arises as to how widely applicable this hack is to other vehicles suffering from AaaS (Automotive as a Service).
Every few years, someone pushing a startup to investors comes up with an acronym or buzzword which rapidly becomes the new hotness in those circles. One of the most pernicious is “as a Service,” which takes regular things and finds a way to charge you a regular fee to use them.
Automotive companies just absolutely loved the sound of this, and the industry is rapidly moving to implement subscription services across the board. Even if there’s hardware in your car for a given feature, you might find you now need to pay a monthly fee to use it. Let’s explore how this came about, and talk about which cars are affected. You might be surprised to find yours already on the list. Continue reading “New Cars Will Nickel-and-Dime You – It’s Automotive As A Service”→
We’ve been keeping a close eye on the development of electronic paper tablets such as the reMarkable for a while now. These large-format devices would be a great way to view schematics and datasheets, and with the right software, could easily become an invaluable digital sidekick. Unfortunately, a troubling discovery made in a beta version of the reMarkable firmware is a strong indication the $400 USD device may be heading down a path that many in this community wouldn’t feel comfortable with.
While trying to get a reMarkable tablet running firmware version 18.104.22.1685 synced up to self-hosted server using rmfakecloud, Reddit user [dobum] was presented with a very unusual prompt. The tablet displayed several subscription levels, as well as brief description of what each one unlocked. It explained that standard users would get “basic functions only”, while the highest tier subscription would unlock an “expanding universe of powerful tools” for the e-paper tablet. In addition, only recently used documents would be synced with the cloud unless you had a paid subscription.
UPDATE: Hackaday was contacted by a PR company claiming to represent Cricut. They clarified that machines are not deactivated upon resale, but the new owner will need to set up their own online account.
In our community we like to think of ourselves as pioneers in the field of domestic CNC machinery, with our cheap 3D printers. But there’s another set of people who were way ahead of us, and they’re a rather unexpected one, too. Crafters were using CNC cutting machines well before we were, and while some may deride them when used for sparkly greeting cards sold on Etsy, they can be an extremely useful tool for much more than that. Probably the best known brand of cutter comes from Cricut, and that company has dropped a bombshell in the form of an update to the web-based design software that leaves their now very annoyed users with a monthly upload limit of 20 new designs unless they sign up for a Cricut Access Plan that costs $9.99 on monthly payments. Worse still, a screenshot is circulating online purporting to be from a communication with a Cricut employee attempting to clarify matters, in which it is suggested that machines sold as second-hand will be bricked by the company.
Also, soon we will be making changes that affect members who use the free Design Space app without a Cricut Access plan. Every calendar month, these members will be allowed to upload up to 20 personal images and/or patterns. Members with a paid Cricut Access plan will have unlimited uploads.
We’d like to think that given the reaction from their online community the subscription plan will backfire, but unlike the world of 3D printing their market is not necessarily an online-savvy one. A crafter who buys a Cricut from a bricks-and-mortar warehouse store and uses it with Cricut cartridges may not balk at being required to pay rent to use hardware that’s already paid for in the same way a member of our community with a 3D printer would. After all, Cricut have always tried to make their software a walled garden. However if the stories about second-hand models being bricked turn out to bear fruit that might be a different matter.
There are of course plenty of alternative CNC cutting machines (The favourite in ones that have made it here seems to be the Silhouette Cameo) that don’t come with this type of baggage, and the online Cricut community are busily raising their profile in the wake of this news. Probably because of their restricted functionality there have been very few hacks here using a Cricut machine, but all of this leaves us wondering whether the machines themselves could be exploited to take less restrictive firmware.
Autodesk has announced that EAGLE is now only available for purchase as a subscription. Previous, users purchased EAGLE once, and used the software indefinitely (often for years) before deciding to move to a new version with another one-time purchase. Now, they’ll be paying Autodesk on a monthly or yearly basis.
Lets break down the costs. Before Autodesk purchased EAGLE from CadSoft, a Standard license would run you $69, paid once. The next level up was Premium, at $820, paid once. The new pricing tiers from Autodesk are a bit different. Standard will cost $15/month or $100/year, and gives similar functionality to the old Premium level, but with only 2 signal layers. If you need more layers, or more than 160 cm^2 of board space, you’ll need the new Premium level, at $65/month or $500/year.
This is a bad deal for the pocket book of many users. If you could have made do with the old Standard option, you’re now paying $100/year instead of the one-time $69 payment. If you need more space or layers, you’ll likely be up to $500/year. Autodesk also killed the lower cost options for non-commercial use, what used to be a $169 version that was positioned for hobbyists.
The free version still exists, but for anyone using Eagle for commercial purposes (from Tindie sellers to engineering firms) this is a big change. Even if you agree with the new pricing, a subscription model means you never actually own the software. This model will require licensing software that needs to phone home periodically and can be killed remotely. If you need to look back at a design a few years from now, you better hope that your subscription is valid, that Autodesk is still running the license server, and that you have an active internet connection.
On the flip side of the coin, we can assume that Eagle was sold partly because the existing pricing model wasn’t doing all it should. Autodesk is justifying these changes with a promise of more frequent updates and features which will be included in all subscriptions. But sadly, Autodesk couldn’t admit that the new pricing has downsides for users:
“We know it’s not easy paying a lump sum for software updates every few years. It can be hard on your budget, and you never know when you need to have funds ready for the next upgrade.”
In their press release, they claim the move is only good for customers. Their marketing speak even makes the cliche comparison to the price of a coffee every day. Seriously.
[Garrett Mace] summarized his view on this nicely on Twitter: “previously paid $1591.21 for 88 months == $18.08/mo. Moving to $65/mo? KICAD looks better.”
We agree [Garrett]. KiCad has been improving steadily in the past years, and now is definitely a good time for EAGLE users to consider it before signing on to the Autodesk Subscription Plan™.
Ponoko is an on-demand manufacturing service. You submit your design and they’ll cut it out of one of their many materials. The site is built so you can sell your products or designs directly. They recently took a major step with the introduction of Designmake Prime. It’s a monthly subscription based service with many benefits. It lets you submit DXFs for evaluation instead of their standard EPS or SVG. You can request any material you want and they’ll provide direct support. You also get priority in manufacturing queues. While they’ve always offered an à la carte service, this new move puts Ponoko directly in the role of a traditional manufacturer. Offering manufacturing as a service shows their intention of former a relationship with their customers, but at the an individual level, which most manufacturers can’t approach because of scale.