Linux turns the crank on code for cars

Re: Tizen

>But we won't throw away our car just like that.

Nope. We'll probably just reinstall the code.

Re: Tizen

"I can't help but feel that we're sleepwalking into another bunch of unnecessary security woes"

I couldn't agree more. WTF are they thinking building the sort of mission critical stuff required to run a car on top of bloated web browser engines? It 's not as if we are going to be wanting a huge app store full of fart apps and twitface apps knocked out by every teenage kid in their bedroom.

I'd be much more impressed if they built a new custom, pared down middle level to sit on a hardened kernel that would require actual programmers to develop for instead of wannabees who string black boxs together with a bit of java(script) code and think they are programmers.

Re: With added Google?

Indeed. It was bad enough 20 years ago when ALL the instruments went to zero on a rented Ford Mondeo. Apparently loose earth to the panel...

having a dashboard with a single point of failure..

Re: With added Google?

Where does it say anything about Google?

Re: "key applications developed in HTML5 and JavaScript"

You are not alone.

JavaScript might be OK for some random web page that no one really cares about, but for something requiring a reasonably robust implementation, not so much. While I don't think we need aerospace quality, I want a bit something a bit better than a web page in my car.

For this to work it will also need some way of getting software updates FOR THE LIFE OF THE CAR. This does not mean I need to buy a new car every time a new version of the OS is released.

Re: Finally a chance tp drive from the command line

> Bugger - what's the syntax for 'stop'?

$ apropos stop

Re: Finally a chance tp drive from the command line

>Bugger - what's the syntax for 'stop'?

#halt

Hang on. Why are you shutting down?

Re: Huh? Ransomware?

Exactly. Industrial control systems and monitoring systems have been done for a long time and don't have to be directly connected in unsafe ways at all. The key is having a standard, or at the very least, tightly defined interface between the two systems that is only usable for the information that is required.

In the past I've dealt with industrial systems that are linked by a serial cable which, while running standard-ish protocols over the link and using standard comms libraries at each end is pretty damn secure. While in theory it may have been possible for somebody to somehow overload the remote serial link and handling software and exploit it somehow (more likely at the higher application level) but given the simplicity of the communication structures it was definitely secure enough. Anybody going to that trouble to exploit such a link would have found it much easier to just walk over to the control system itself. Even at the control system, there were physical limits and safety protocols implemented at the electromechanical level, not overrideable in software. Similar levels of isolation are currently and will be built into automotive systems.

Re: Huh? Ransomware?

"Tesla have been doing this for a while now so linux in a car is hardly earth-shattering news.

And I won't mention Apple CarPlay."

There's nothing wrong with Linux as such, just like there's nothing wrong with QNX (which is what Apple Airplay runs on). They're OSes much like any other OS; they're pretty good.

The trouble starts when you put a network connection in and run a bunch of poorly written and oh so very exploitable apps on top. Then you need an automatic update system, staff to look for and fix problems across all versions of the software, and so on. That's a very expensive thing to do.

Plus it's not like the mobile industry where you can get away with dropping support for year old models. People will be expecting the support to last as long as it does for the rest of the car. That's really expensive.

The economic impact is potentially quite high. Say some script kiddie found a way to stop all Fords working and actually did so. In a country like the USA that means half the work force aren't going to work that day. That kind of thing shows up in GDP figures really quickly.

"The beardy types will be spluttering their coffee all over their terminals at the thought of ransomware on linux."

Well, there is already ransomware for Android, and that's Linux isn't it?!

"From what I can make out though, the plan is for linux to control the non-essential stuff like nav, climate control, bluetooth - not the stuff that's critical to making a car move. Unless I read TFA wrong I don't see any mention of a car's ECU running linux?"

Well, if the infotainment system is displaying data like fuel economy that has to come from the ECU. Which means there's a data connection between the two. That may be a path for an attack on the ECU.