Started with FCA/Stellantis in 2018+, thanks to the Jeep "hack" through the infotainment system. They slapped a "secure gateway" on the CANbus you had to authenticate through.
They then took that system, refined it into "AutoAuth", an "independent" authority that controls access to the SGWs for "automakers".
AutoAuth is for FCA, Stellantis, and some new Nissans (apparently the 2020+ Sentra?).
VW and Mercedes also have their own "secure gateway" bullshit as well.
--
As for this Hyundai situation, there is a workaround. Unfortunately, it's the "more expensive" option.
People are using J2534 "passthrough" dongle devices to work with automotive service software. J2534 is an SAE standard for ECU programming, and thus there's a large market of cheap and expensive dongles to interface with OE software that allows J2534 "generic" access to program modules.
That's what Hyundai is protecting with the NASTF login.
If you spent even more money and bought a genuine Hyundai vehicle communications interface (VCI) pod, you could have just used the normal Hyundai GDS and accessed all the brake service functions instead of the "lower cost" J2534 generic access. It'd slide right past the NASTF stuff, and the only time you'd even be asked for NASTF is actually touching the immobilizer.
All of this at the end of the day is because cheap-ass scan tools can, with the right software, be a one-click Kia Boyz solution to perform an "all keys lost" procedure, program in a new transponder key, and run off with your car.
Surprised they aren't deploying NAT64/DNS64 with 464XLAT on the CPE. You get essentially the same setup as CGNAT for IPv4 services but your whole core network is native IPv6 so you only have one set of address space to manage and your customers will be able to directly connect to anything IPv6 related.
802.11ad/ay on unlicensed 60ghz, our most economical option is to deploy Ubiquiti Wave Pros. We see real-world 2gbps+ speeds at 15km distances. We have Wave Pro, XG, and XR radios all throughout the network for multigig links, and 95% of our non-business installs are Wave LRs and Nanos. We can do up to 33gbps symmetric on 70ghz licensed bands on a single radio, and I have a number of 10gbps radios, but they're not cheap.
> Good online communities die primarily by refusing to defend themselves.
> Somewhere in the vastness of the Internet, it is happening even now. It was once a well-kept garden of intelligent discussion, where knowledgeable and interested folk came, attracted by the high quality of speech they saw ongoing. But into this garden comes a fool, and the level of discussion drops a little—or more than a little, if the fool is very prolific in their posting. (It is worse if the fool is just articulate enough that the former inhabitants of the garden feel obliged to respond, and correct misapprehensions—for then the fool dominates conversations.)
> and were able to steal 240GB of files with information on Toyota employees and customers, as well as contracts and financial information,
> They also claim to have collected network infrastructure information, including credentials, using the open-source ADRecon tool that helps extract vast amounts of information from Active Directory environments.
> One day later, a spokesperson clarified in a new statement shared with BleepingComputer that Toyota Motor North America's systems were "not breached or compromised," and the data was stolen from what appears to be "a third-party entity that is misrepresented as Toyota."
I wonder if the third party entity is Microsoft and it was their Azure AD, exchange, sharepoint, onedrive, etc that was accessed. If so it's an interesting word choice to use to try to dodge responsibility and criticism.
One thing to keep in mind is that CR-39 is not impact resistant. They will shatter and can do horrible things to your eyes when they do. Kids should always be put in impact resistant lenses.
If you’re a desk jockey, or impact resistance is not a concern, CR-39 will give the least aberration with the exception of crown glass.
The hidden hack here if you need/want impact resistance is to ask for Trivex lenses. Same impact resistance as polycarbonate but much better ABBE value. It’s often overlooked because it costs a little more than polycarbonate and most people don’t complain about the distortion.
Also, anecdotally, you get what you pay for with progressive lenses. I have a cheap lens in my sunglasses and a higher end lens in my daily drivers and I can easily tell the difference.
You might actually be interested in this but last week the ex chief of operations for the CIA who was involved in both the Chile and Iran Contra fiascos sat down for a 3 hour chat about it amongst other topics in a fair amount of detail.
If for no other reason than to just understand how those things came to be and what the chain of command actually looks like in real life covert action programs and how things go wrong because I think you and maybe a lot of people here who don’t have any real background on these things outside of what they heard on a Joe Rogan podcast for example are missing some important pieces of the puzzle which leads to ridiculous comments like the OP made.
In semi-fairness(?) to trend-following humanities scholars, deconstruction is a little bit passe by now anyway. (It's telling that the article we're talking about is from 1993). Badiou is the big new star, Deleuze/Guattari is much edgier, and Zizek has a stranglehold on the mass teenybopper market. Deconstruction still retains some following but some people kept Yahoo as their homepage all through the 00's.
It's useful as an intellectual exercise to analyze the theoretical merits and shortcomings of deconstruction, but because I'm a basically shallow person I'd like to point out that in terms of hipness and relevance we may as well be analyzing the music of Hall & Oates.
SEEKING WORK | US | Boston or Remote
Compliance specialist with experience with privacy and data security frameworks from a systems background.
If you're in need of someone to audit your controls or help build out your security program to meet common security requirements I can help. If you're a non-profit looking for a hot audit of security concerns I'm happy to provide that at a lower cost than to help support your mission.
Common frameworks that I support and can help implement or assess against:
- PCI DSS
- HECVAT
- CPPA
- GDPR
- SOC 2
- CISA
- StateRAMP and TXRAMP aka NIST 800-53
Single mode fiber is small, easy to run, insensitive to interference, future proof and... a little bit more expensive than copper. But worth the hassle.
A (call) stock option is the option to buy X shares at Y price by Z date (a put option is the same thing but to sell instead). You can go on any brokerage and buy a call option on Apple, for example, which would be the option (but not the obligation) to buy 100 shares of Apple at some strike price, say $200, by some date, let's say August 31, 2023. This privilege of having this option will cost you: let's say $2,000 (the real price is calculated via complex formulas). When August 31 comes around, you can either buy or not buy, but your $2,000 is gone either way. If Apple goes up to $300 on August 31, that option will now be worth $8,000 (($300 spot price - $200 strike price) * 100 shares - the original $2,000 it cost you to buy this option). If Apple went to anything below $220 ($220 - $200 * 100 - original $2,000), it wouldn't make sense to exercise your option since you would lose money. This is the basics of it.
It's generally not interesting for an employee to receive options because if the company doesn't perform well by the time your exercise date comes around or you leave the company then you get little or nothing. You would rather get stock grants which are shares that have value. If you get some shares when Apple is $200 and it goes to $100, you still have half the value of your shares.
Generally, in public companies (with extreme exceptions), options are issued to executives whose compensation is dependent on how much they can increase the company's share price. If they fail, they get little to nothing. If they succeed, they make a lot.
Thanks for asking. Let me know if you have any questions, I'd be happy to explain more.
https://nakashimawoodworkers.com (new commissions around $7K-$15K for a coffee table, $20K-40K for dining table, plus shipping; older Nakashima pieces are highly valued in the art world and sell anywhere between $15K-$300K)
Edit: Also, to echo what someone mentioned below, if you're interested in solid wood furniture you should find a local woodworker.
Another edit and thought: I used to own a lot of IKEA furniture and as I've gotten older, have slowly replaced those pieces with items from Knoll, with custom pieces from local woodworkers, with a few pieces from the studios listed above. A lot of people are commenting on the cost, and yes they're expensive and could be considered luxury goods.
But if you like art and design and you care about quality, you save for what you want to buy. I wanted to be surrounded by great craftsmanship, so instead of buying "stuff" and instead of spending money on lots of subscriptions and services, or constantly upgrading phones and computers, I buy one piece of nice furniture every year. I believe the more you appreciate the things around you, the more they begin to influence your own work, and your sense of place.
I regularly see a lot of IKEA furniture on the side of the road and in dumpsters. I think this is the difference between buying "things" and having "possessions" but that's a discussion for another day.
Heat recovery ventilation is still a technology in its infancy.
Typically only around 90% of the energy is recovered, even in ideal conditions.
That sounds good, but considering that for 'good air', you really want to be replacing the air fully every 10 minutes. That means after ~1.5 hours, you've lost nearly all the heat in your home.
Combine that with the fact the 90% is an ideal figure - in more typical installations it might be more like 50% because the incoming and outgoing airflows are not balanced, the heat exchanger is full of fluff and dust, and the humidity of the air is such that lots of energy is lost to the latent heat of vaporization.
Is it worth having one if you want a well ventilated house? Yes. Will it be worth replacing it in 5-10 years when more efficient models get designed...? Probably also yes.
I quit FAANG to do startups this year. I quit because I was completely bored out of my mind, hyper underutilized, there were so many people around me doing the same work as me so zero interesting growth options.
Now that I am in a (very good) startup, I am incredibly happy, learning and innovating nonstop, meeting new people, in a hyper growth market, building a completely new skillset.
I could never go back to these big companies. Not unless I was reporting directly to a CEO.
I am not getting rich but I am filled with joy.
At my previous job, I was so frustrated and the work was so pointless I was literally throwing things in my house. It made me so angry how stupid and useless a waste of time. We were working on a product which was entirely fake and everyone in the team knew it, but it was generally agreed we would all fake it together.
I would rather suck on a gas pipe than go back. It was damaging my mental health.
Say what you want about desperation: You only have time in your life. They were wasting my only resource, my time.
First I would use unlec.com to determine where it is currently allocated. The SPID/OCN tells you who has it. SPID = Service Provider ID; OCN = Operating Company Name.
Then look at the LNP history, which is the history of who and when the number was assigned/re-assigned over the years.
Tell both companies that you will be involving the FCC and try to reach the "porting group" who will be able to fix this. Porting problems happen all the time, even with 99% of ports (that might be an optimistic number) happening in a nearly-automatic fashion. (EDIT: I mean the porting group at each company, not the FCC).
I think a lot of these claims can make sense on paper, but often don't really add up to meaningful impact if actually implemented. Hypothetically, turning off your webcam reduces overall network traffic and would reduce the resources required to deliver adequate connection speeds. But in reality, modest reductions in internet traffic won't impact the datacenters and network infrastructures that have already been built. A more likely outcome is that network traffic is used for other applications.
Similar situations exist when pointing to the environmental impact of meat production, for example. Not consuming meat would reduce transportation of feed, and transportation accounts for almost all of the carbon emissions from meat production. But that only actually reduces emissions if we assume that the total amount of transportation would go down, rather than the same transportation capacity being used for other goods.
Tocilizumab drug in Naples hospital seems promising: «The health of the patient suffering from covid 19, who arrived in critical condition, intubated and treated with the new drug therapy is recovering. Maybe we extubate him because his conditions have improved a lot ». They also say they got confirmation from Chinese colleagues who tested that earlier on 21 cases. The drug is now undergoing trial at Roche.
Started with FCA/Stellantis in 2018+, thanks to the Jeep "hack" through the infotainment system. They slapped a "secure gateway" on the CANbus you had to authenticate through.
They then took that system, refined it into "AutoAuth", an "independent" authority that controls access to the SGWs for "automakers".
AutoAuth is for FCA, Stellantis, and some new Nissans (apparently the 2020+ Sentra?).
VW and Mercedes also have their own "secure gateway" bullshit as well.
--
As for this Hyundai situation, there is a workaround. Unfortunately, it's the "more expensive" option.
People are using J2534 "passthrough" dongle devices to work with automotive service software. J2534 is an SAE standard for ECU programming, and thus there's a large market of cheap and expensive dongles to interface with OE software that allows J2534 "generic" access to program modules.
That's what Hyundai is protecting with the NASTF login.
If you spent even more money and bought a genuine Hyundai vehicle communications interface (VCI) pod, you could have just used the normal Hyundai GDS and accessed all the brake service functions instead of the "lower cost" J2534 generic access. It'd slide right past the NASTF stuff, and the only time you'd even be asked for NASTF is actually touching the immobilizer.
All of this at the end of the day is because cheap-ass scan tools can, with the right software, be a one-click Kia Boyz solution to perform an "all keys lost" procedure, program in a new transponder key, and run off with your car.