fn.lc
proposals
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
fn.lc
-
Hackers manage to unlock Tesla software-locked features
Not sure why they aren't loading, seem to be fine now
They're also at https://github.com/d4l3k/fn.lc/tree/master/static%2Fdiy-self...
proposals
-
Hackers manage to unlock Tesla software-locked features
This is the same attack (and same people who developed) faulTPM[1] that was previously discussed[2]. This article is the same people demonstrating that attack against Tesla vehicles. The paper[1] and previous discussion[2] address the underlying problems with AMD's Secure Processor (AMD-SP) that is embedded in their CPU SoCs and previously and more commonly known as Platform Security Processor (AMD-PSP).
Unlike a web browser where W3C AntiFraudCG folk propose that websites would blacklist all impacted AMD-SP hardware and create massive amounts of e-waste[3], Tesla likely can't do much about this attack because Tesla (not users) would be responsible for a very expensive change of vehicle hardware.
If it's not an easy-to-execute attack like faulTPM, there are more complex (but becoming more mainstream and cheaper) IC reverse engineering methods like polishing the die down to take photos of each metal layer and regenerating VHDL, FIB editing an operational IC to bypass tamper detection methods, etc[4].
A security architect of the Xbox One presented a talk[5] a few years ago which provides some good background too. Largely the Xbox One has managed to avoid piracy because they made it economically not worth anyone's time to attack due to competitive pricing models versus high cost of attack. Similar to use of Denuvo for a month or two after release of a PC game, attackers aren't going to bother if their work amounts to nothing a month later.
Hacking a Tesla to enable additional features is worth a lot of money, so the economics are quite different. It's also different economics for printer cartridges, "pay to enable more features or performance" network equipment, etc. The cost of IC reverse engineering / FIB editing attacks (or other future attack methods) will keep reducing. IC tamper detection features will get more complex. Perhaps attackers will even get an advantage once they can readily reverse engineer 3nm ICs and defenders can't do much other than implementing ever more complex and obfuscated IC tamper detection features and VHDL logic (kind of like a Denuvo situation in hardware).
[1] https://arxiv.org/abs/2304.14717
[2] https://news.ycombinator.com/item?id=35787195
[3] https://github.com/antifraudcg/proposals/issues/19
[4] https://www.youtube.com/watch?v=6390Zqca3Mg
[5] https://www.youtube.com/watch?v=U7VwtOrwceo
What are some alternatives?
academia-hugo - Academia is a Hugo resume theme. You can showcase your academic resume, publications and talks using this theme.
torchdrive - torch models and primitives for birdseye view and voxel models for self driving tasks.
openalpr - Automatic License Plate Recognition library
cookie - Landing website + Blog using Jekyll & Tailwind CSS
doks - Everything you need to build a stellar documentation website. Fast, accessible, and easy to use.