A community for discussing events around the World
Rule 1: posts have the following requirements:
Rule 2: Do not copy the entire article into your post. The key points in 1-2 paragraphs is allowed (even encouraged!), but large segments of articles posted in the body will result in the post being removed. If you have to stop and think "Is this fair use?", it probably isn't. Archive links, especially the ones created on link submission, are absolutely allowed but those that avoid paywalls are not.
Rule 3: Opinions articles, or Articles based on misinformation/propaganda may be removed. Sources that have a Low or Very Low factual reporting rating or MBFC Credibility Rating may be removed.
Rule 4: Posts or comments that are homophobic, transphobic, racist, sexist, anti-religious, or ableist will be removed. “Ironic” prejudice is just prejudiced.
Posts and comments must abide by the lemmy.world terms of service UPDATED AS OF OCTOBER 19 2025
Rule 5: Keep it civil. It's OK to say the subject of an article is behaving like a (pejorative, pejorative). It's NOT OK to say another USER is (pejorative). Strong language is fine, just not directed at other members. Engage in good-faith and with respect! This includes accusing another user of being a bot or paid actor. Trolling is uncivil and is grounds for removal and/or a community ban.
Similarly, if you see posts along these lines, do not engage. Report them, block them, and live a happier life than they do. We see too many slapfights that boil down to "Mom! He's bugging me!" and "I'm not touching you!" Going forward, slapfights will result in removed comments and temp bans to cool off.
Rule 6: Memes, spam, other low effort posting, reposts, misinformation, advocating violence, off-topic, trolling, offensive, regarding the moderators or meta in content may be removed at any time.
Rule 7: We didn't USED to need a rule about how many posts one could make in a day, then someone posted NINETEEN articles in a single day. Not comments, FULL ARTICLES. If you're posting more than say, 10 or so, consider going outside and touching grass. We reserve the right to limit over-posting so a single user does not dominate the front page.
We ask that the users report any comment or post that violate the rules, to use critical thinking when reading, posting or commenting. Users that post off-topic spam, advocate violence, have multiple comments or posts removed, weaponize reports or violate the code of conduct will be banned.
All posts and comments will be reviewed on a case-by-case basis. This means that some content that violates the rules may be allowed, while other content that does not violate the rules may be removed. The moderators retain the right to remove any content and ban users.
News !news@lemmy.world
Politics !politics@lemmy.world
World Politics !globalpolitics@lemmy.world
For Firefox users, there is media bias / propaganda / fact check plugin.
https://addons.mozilla.org/en-US/firefox/addon/media-bias-fact-check/
the Chinese supplier had remote access for software updates and diagnostics to the vehicles’ control systems
this feels like what every tech company is doing nowadays?
We used to have vehicles that didn't need over the air updates for over a century. If they had a problem then a technician could simply perform an onsite diagnostic. Why the hell are we keeping them in a network like they're computers or no longer supported IoT dongles?
Location tracking, diagnostics, statistics, security. Etc. it’s not a bad idea… for a bus. Less desirable IMO for a personal car.
This issue is that the manufacturer, or any third party, just has full access. Specifically China, who has a long history of being shady in tech.
Anything government related should really be on a closed system, even if it’s “wireless”
All of this stuff could be open source and hardware verifiable with arduinos but no, let’s outsource it to china
Exactly.
Location tracking, diagnostics, statistics, security. Etc. it’s not a bad idea… for a bus.
There's no good reason for any of that to be updated while the bus is on the road. It should be done at a service location.
The good reason is that this way, they can click a button and push the update to hundreds of buses at once, instead of having to have them all come in one by one. That's a huge number of man-hours.
Won't somebody think of the savings?
Key Points
Jeep Wrangler 4xe models crippled by faulty UConnect over-the-air software update.
Issues caused vehicles to lose power leaving owners stranded.
Incident exposes risks and inadequate testing in modern software-defined vehicles.
https://www.autoblog.com/news/jeeps-latest-software-update-can-disable-your-suv
Some of these people never had to manage a fleet of computers.
I have experience managing multiple network systems with user-facing endpoints. That's irrelevant.
Nothing critical on a passenger-carrying vehicle should be remotely managed and it definitely should be frozen while the bus is in active service. The last thing a crowded bus in motion needs is the lights randomly going out because someone decided it was time for a patch install.
The right choice from a security and safety perspective is for any wireless interfaces on the vehicle to be read-only - they can send data out (like current location). Pushing software changes should require direct physical access, and should only work if the vehicle is parked. Anything else is a stupid unnecessary risk.
A vehicle shouldn't be part of a 'fleet of computers' period.
Yes an over the air update without being in maintenance mode should not happen in any vehicle. In fact, I think there should be a hardware switch to prevent this.
The simplest solution is to just restrict software updates to direct physical access, and put the USB port or whatever behind a locked service panel.
If the software can't be infiltrated remotely, then there won't be any security issues that are so urgent they need to be patched in the middle of a shift, they can wait for a maintenance stop.
Also no good reason for it top be connected to the canbus or have any control or even monitoring of vehicle systems.
A GPS tracker needs access to power, that's it.
Yeah, but when it's chinese companies doing it, it becames a problem. China bad, after all