> Chris Roberts, a security researcher with One World Labs, told the FBI agent during an interview in February that he had hacked the in-flight entertainment system, or IFE, on an airplane and overwrote code on the plane’s Thrust Management Computer while aboard the flight. He was able to issue a climb command and make the plane briefly change course, the document states.
> “He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights,” FBI Special Agent Mark Hurley wrote in his warrant application
Goes without saying this is so reckless and dangerous. Was he ever charged? I couldn't find any information.
The telling quote from the linked Wired article is:
Although Roberts hasn’t been charged yet with any crime, and there are questions about whether his actions really did cause the plane to list to the side or he simply thought they did,
"or he simply thought they did"
The principal article for this thread concerns some far more open hackers who had an entire functioning COVID grounded aircraft scheduled for scrapping to play with. They assert that, as expected, the in flight entertainment and flight control systems are fully isolated as required to meet FAA regulations.
"caused one of the airplane engines to climb" is about what you'd expect from a bad Hollywood take, so I think you're being overly polite with regard to the validity of his claims
"Roberts had previously told WIRED that he caused a plane to climb during a simulated test on a virtual environment he and a colleague created, but he insisted then that he had not interfered with the operation of a plane while in flight."
So they wrote a simulation without knowing how any of it works and then showed they could hack their own cobbled together mess.
"They built a test lab using demo software obtained from infotainment vendors and others in order to explore what they could to the networks."
Yep, cobbled together random non-production infotainment software which is isolated from the actual flight systems. Generally only certified to DO-178 DAL Level D/E since they are isolated in such a way that total failure or even maliciousness can not possibly cause a meaningful safety impact.
The functional equivalent of claiming you could totally steal from a bank vault because you successfully stole some pens from the counter. Just another self-aggrandizing idiot.
I don't thinks that would be a helpful discussion right here. Any one point there might come someone who points at some external "solution" (package, tool, ...) that might also do the same feature in some way for X, ignoring the fact that there are lot of Y without that particular thing still, but leads into derailing the argument anyways.
Elixir (and esp. Phoenix for web dev) is more like the culmination of the best ideas and heavily draws/depends on the last decades of real-world experience. Most stuff isn't (or shouldn't) be surprising, but the point is that everything you might need for the vast majority of projects is right there, nicely packaged up into a unified nice thingy.
But to give you a few of _my_ top points:
1. Architecture and DX for complex interactions: there is no need to bring in supplemental infrastructure crutches (Redis, AWS whatever service, ...) in many cases to begin with. OTP, which is like a core library always available, already includes the building blocks for things like cache servers, application clustering and supervision strategies, ... .
2. Reliability and availability: this tech is the original one achieving the "nine-nines" of uptime record. To get an idea of how, https://www.youtube.com/watch?v=JvBT4XBdoUE this talked is packed and excellent, and also highlights a few things why it can achieve my point 1 above.
3. "SPA-like" interactivity with full server side rendering without all the pains of exposing/consuming a dedicated HTTP API in between, or overcomplicated nuances of rendering pipelines (also see react server components) to achieve SSR/CSR in a way that not sucks or is noticeably slow. Liveview is tried to be replicated in other stacks, but they don't come close in reality today or complicate the apps' infrastructure with additional crudges. And don't get me started on the integration testing story compared with SPA+Backend setups.
4. Agents/Message passing parallelism (not only concurrency, but also distributed!) at your fingertips, which makes modeling current "async problems" kinda trivial. OTOH, building something like a proper async-based web framework in rust is quite a pain in the ass, with lots of type fiddling needed, instead of doing the solution you actually want to deliver with it.
5. Some absolutely awesome takes on some typical libraries. Take the ORM options for javascript/typescript (all with severe tradeoffs, and analysis paralysis ontop). Take Rails' ActiveRecord with lots of magic and while great to get started becomes quickly bloated (iE fat models) in bigger projects. And then Ecto got it "just right" with slim schemas, changesets, and basically pure functions + pipelines. Any "model" can be used within new usecases by adding new changesets/validations explicitly and easily, there is no "general" validation right on the model level you have to tiptoe around, and starting If-cascades.
6. Livebook, Jupyter notebook are amazing in Python, Livebook is the same but for Elixir. Also you can connect to your running environment and interact with it.
7. The Nx ecosystem, ML is not only a Python thing now, Elixir is completely usable for ML now.
8. Ash framework, this is not a web framework but a framework for your domain, it's amazing
absolutelt hard agree on livebook, but I think thats not an immediate thing every webdev needs.
but speaking from recent practice, it is laughably simple and kinda mindblowing for non-experts in this stuff. Like, I klick me a few smart cells to interact with external data and get a connection/data, write a few straightforward logic modules to do something, and a super simple form for users of this thing (like two inputs and a submit button, and an event handler) and I can eliminate a business workflow or report. I can call a dev into it ad-hoc to help with a code snippet like a liveshare-coding-session. And finally I deploy it to a bookmarkable URL with a password.
Maybe an hour worth of work, _including_ talking with people while fleshing this out in quick iterations as-we-speak.
I mean people kinde get how cool phoenix is for one reason or the other, but livebook is really killing it for me. It's hard to talk with business people about tech internals no matter how awesome, but its a different game with lightweight livebooks. If you also happen to have phoenix as your actual product/app, linking the livebook indeed is nice to directly call functions instead of rewriting those snippets in SQL... but the endgame here is when the livebook starts to become unwieldly due to increasing feature requests, it can be integrated into a phoenix app rather easily, since a dev starts out with working code to begin with (and can play with it interactively).
I've replaced postman (and postman likes) with a liveview notebook. It's absolutely great. No need to mess with weird plugins or mentally have to parse responses, you can just use cells that use real elixir to do that.
By this I mean taking the code logic snippets and slap a dedicated new liveview UI on it within your phoenisx app - which isn't too hard since the initial ui in the livebook is pretty bare bones. Yes its rebuilding the whole thing technically, but probably really quick to do
I think instilling values and ethics on society is way harder than making a new technology. This is why I'm rooting for "trustless" nature of cryptocurrencies.
I'd argue it's a bit easier in English if it comes to learning a grammatically correct expression of a thought. Polish or other slavic languages have quite a complexity hidden in "odmiany", "przypadki", and "koniugacje", etc.
Biggest problem is that people just dont understand graphql for some reason. Using graphql is really hard for a lot of developers, in my experience. They just don’t get it, don’t understand the syntax, don’t get separation of query and variables, and really don’t get why an error is returned as 200 ok.
The typing system is also not enforced perfectly. If you got an enum input value, the client can just submit another value not included in the enum and apollo server just doesn’t care.
This gives me a false sense of security, and prompted us to add these validations in all resolvers, so now we have schema definitions and matching validations, basically repeating the schema twice.
The api doc generators and sandboxing tools are generally poor or I haven’t found a nice one.
Apollo’s built-in caching is a mystery and poorly documented, and HTTP based caching isn’t really supported.
I might be using it wrong - I rarely felt Graphql did actually help me in some way.
If the goal is B2B server-to-server I would recommend to look at gRPC+Protobuf as typing is enforced.
Also incrementing your API while keeping the old one around is relatively easy to do.
I wouldn’t say it’s “everything free”. If you purchase outside of FOREX hours you pay 2% on top of every tx. People tend to spend more when they have free time, i.e. on weekends, where the 2% fee applies.
My guess is that Revolut is doing just great in terms of revenue.
> They routed traffic through approximately 34 servers located in nearly 20 countries to obfuscate their true location, used encrypted communication channels within Equifax’s network to blend in with normal network activity
How cool is that. They have been able to grab and correlate netflow from across 20 countries.
It looks like they’re using the common meaning of routing and are implying tunneling instead actual route hijacking. So finding which servers they’re tunneling to is thorough but doesn’t seem all that impressive.
