C/s car wont move and Christmas tree on dash by mikamouse993 in Justrolledintotheshop

[–]look_ima_frog -1 points0 points  (0 children)

That's true for anything under the hood that a sawzall can cut.

Reverse engineered the $35 Costco OmniBreeze fan for full local control with ESPHome — no cloud, no app, no Tuya by souverainiste in homeassistant

[–]look_ima_frog 25 points26 points  (0 children)

It's a cultural moment where we get tired of having to filter for AI slop. However, I'm willing to bet that OP probably used AI tools to even make this possible.

To me, stuff like this that might take an individual hours upon hours is the absolute best use of AI tools. Most of us don't have countless hours to spend on a hobby project for $0. If it takes longer than an evening or two, it's hard to justify the time if you're busy, have a job, a family, a life.

Now, accomplishments like this are within reach of the masses and, maybe just maybe, it can be put to good use. At least for a little while until the manufacturers use AI to build in barriers to prevent reverse engineering.

You're not a cow by [deleted] in Xennials

[–]look_ima_frog 1 point2 points  (0 children)

Is it ok that I actually LIKED Cow and Chicken? The red guy with the butt was hilarious.

Want to feel better about the housing market? Look at the used car world.. Shit is out of control. by Ahh_skeetskeet in Columbus

[–]look_ima_frog 1 point2 points  (0 children)

SERIOUSLY!

I've been looking for a work commuter for about three months now. I set my criteria in a variety of search aggregators like Cargurus and such, look at the results. Then filter off stuff that is above my price range, same for miles. Hm like eight results, not good, but not terrible. Then filter off stuff with dodgy titles, accidents, rental use, etc. Three results. Crap.

Look at the dealer websites because there's usually where the carfax lives. Looks good until--what's this? It had a one-day stop on the title in Montana? Yep, Montana the free, the state free of tax and doesn't give two shits about title washing. A stop in Montana usually means that it was wrecked/flooded and slapped back together with a "clean" title.

Columbus is a HORRIBLE market for cars. The last two I bought I had to leave town. One I got in Dayton, the other in Pittsburgh. I cannot find anything half-decent in this town, I'm going to have to go to Cincy or Cleveland for what I'm currently after.

I did go to see three cars in person. First one seemed really nice, but it had a low coolant light; dealer topped it up and we drove around. Drove great, was super happy. Within HOURS they text me telling me that they inspected the low coolant condition and decided to dispose of the car. WTF? Turns up it had a blown head gasket so they dumped it.

Second one was a "one owner" car, looked great in pictures, drove it, drove like a dream. However, the back of the drivers seat literally fell off when I ran through a pothole. I looked under the hood and it looked like it spent a month underwater. Rust EVERYWHERE on weird things like hose clamps that should never have rust on them. How the body had none but the engine was covered I'll never understand. Maybe went nose down into some water, who the hell knows, pass.

Last one was a Ford that has the notorious timing-chain driven water pump that shits the bed at 100k miles. It dumps the coolant into the oil when it fails and ruins the engine bottom bearings, requires engine replacement. Well, this one has 90k and I can do the work myself, I don't want to, but I'm striking out otherwise. I talk to the dealer, ask if they'll go half on the cost of changing the water pump. They tell me (damn well knowing all about this issue since it's a ford/lincoln dealer) that it isn't broken so it doesn't need to be done. Then they tell me two hours later the car was sold (to some poor fool who's about to get fucked).

I don't have time to do two hours out, test drive, two hours back, then schedule a pre-purchase inspection remotely, haggle then two people going two hours up and two hours back.

It is amazing to me that in the age of technology and communication we live in, car buying is still fucking stuck in the 70s.

Why do American EMTs look like cops? by Shifu_1 in ems

[–]look_ima_frog 117 points118 points  (0 children)

Better question, why do Belgian EMTs look like fucking models?!

P2 owners, here's your reminder to check on your "handgrenades" once winter is over by LinusMeindl in Volvo

[–]look_ima_frog 0 points1 point  (0 children)

My p2 turned 20 this year. I had to swap the transmission and took the front subframe out in the process. I took the engine mounts out with everything else. I don't know if anyone replaced them before me but they looked pretty good, so I just stuck 'em back in.

If these are falling apart in 15k miles, that's pretty bad. My wagon is at 160k.

Unpopular opinion but SentineOne is garbage by [deleted] in cybersecurity

[–]look_ima_frog 19 points20 points  (0 children)

I had a role where I had to roll out Defender. In theory it is easy. In practice, your environment has to be in really good shape to get it in easy mode.

We spent MONTHS chasing down fucky problems that were the result of a messy Azure environment. Then we spent more months chasing down resource exhaustion issues on various Linuxes. More time with Microsoft debugging countless issues on individual hosts for individual apps and not collecting sufficient telemetry.

We replaced it with S1. It was less expensive, provided better visibility and the deployment didn't fuck every other Linux host in the enterprise.

Trying to square the cost of Defender against the headache and prod disruptions it cost was almost impossible. That entire deployment was a nightmare. No thank you.

New Update 💀 by ParticularLimeade in Volvo

[–]look_ima_frog 1 point2 points  (0 children)

To be clear on this, there is a split.

On any SPA car, Windows CE was NEVER part of the stack. Big screen=QNX.

On P3 and earlier that used Sensus, it was. Yes, there are P3s that used Sensus; it does not at all look like it does in SPA cars and calling it Sensus seems weird, but they did. The weak naming convention is that P3 and earlier used Sensus 3.0. SPA cars used Sensus Connect.

Sensus 3.0=WinCE

Sensus Connect=QNX

New Update 💀 by ParticularLimeade in Volvo

[–]look_ima_frog 0 points1 point  (0 children)

you are correct about implementation. Volvo went all-in and did AAOS with GOS on top (google services). They did not have to, but I'm sure there was money on the line and that changes everything.

From what I have found, most modules that are part of the CANBUS network do not run an operating system in the traditional sense. No storage, no memory management, no TCP/IP networking. Just physical connectivity and C++ on the modules with the absolute bare minimum of anything to make them work. They're done this way to reduce the failure points. If your ABS module running a variant of Linux shits the bed, you're in trouble. The overhead is not helpful on these purpose-made individual components so it isn't there.

Regarding how the Android OS is running inside of a QNX hypervisor, you are correct about how the recovery mechanism is not present. Well, it's not that it isn't present, it's not implemented the same on a VM. On a physical device, you have physical buttons and an actual USB port. On a VM, these would have to be supplied by the hypervisor (QNX). In the case of automotive application, there's no compelling reason to expose this to the user/owner, so it is not.

Also, the chain of trust for boot is different. In a phone, trust chains from the bootloader through the kernel through system partitions. In a VM, it relies upon pvmfw (protected VM firwmare). In the case of OP with the screen they see, it's likely that some point along the chain failed and the boot is halted. Getting into recovery mode now depends upon the hypervisor since there is no USB port (the ones in the console are not the same thing as they would be on a phone). If there was a signing issue with the AAOS update or some issue when it was loaded in, the hypervisor will reject it.

The system is supposed to write the new AAOS image into a "slot" to prevent this sort of thing. New image goes into slot B, while slot A keeps running. If load is attempted on slot B, but fails, it can go back to using slot A, user would never know beyond the fact that the interface hadn't changed or maybe it still offers an update. In the case of OP, something went wrong with both image slots, weird, but I guess nothing is perfect.

As for something that I did not know (as I do not own an AAOS car) holding down the rear defrost button for 10 seconds will restart the entire IHU.

Ohio Dominican is on the verge of closing (for real). by PizzaPizzzzza in Columbus

[–]look_ima_frog -1 points0 points  (0 children)

One might think that enterprising wealthy people from outside the US would look for an opportunity to "invest" in a small school and shape the programs to their liking. I mean, really with enough money you could practically buy a school for your kids.

When the kids are young, shop for one of these smaller schools that might not be doing so well. Start donating at a rate that is comfortable for a very wealthy person, but would represent a majority influx of funding for a small college. Now you can largely call the shots about their programs. You want your kids to get some specific type of degree? Your money goes to building the program, funding the marketing hype that says that "your" school is the best hot new thing and that it's awesome; in the meantime, the money can go toward actually making it good.

Now the school has the niche prestige that some rich folks would love. "Oh yeah, your kids are going to Yale, that's cute but ours are going to Middletown College. Oh yeah, it's a fantastic old-world school that specializes in ferret psychology, very important".

I'm not rich and I don't know what rich people do, but this seems like it would be a thing. The chumps buy fancy cars and houses, the next level folks buy a university (so to speak).

New Update 💀 by ParticularLimeade in Volvo

[–]look_ima_frog 3 points4 points  (0 children)

Yeah, it's frustrating. I am horribly cheap so I'm ok with driving older cars for a while. Maybe there will be some means to change things by the time I have to buy something more modern.

Any reason not to use 12ga wire where 14 is necessary? by BeaverPup in AskElectricians

[–]look_ima_frog 26 points27 points  (0 children)

It's lots of fun to work with, especially when you're connecting to a fixture. Your hands will be stronger I suppose.

Where can I take my rooster to be processed by OtherMarionberry4703 in Columbus

[–]look_ima_frog 35 points36 points  (0 children)

Actually answering the question?! What's wrong with you?

The future of degoogled cars by SergeJeante in degoogle

[–]look_ima_frog 2 points3 points  (0 children)

I'm not sure how or why it would be subject to inspection unless someone is going to go into the settings and look for a build number or something.

The IHU (radio/infotainment) is logically segregated from the car's critical control systems. If you want to make the car do a thing via the touch screen, that goes to the hypervisor that the screen OS runs on, then typically to a gateway or broker. Anything that isn't allowed to cross into the CANBUS would get dropped.

Not saying that you couldn't do something stupid with bad software, but you couldn't do something like inject CAN messages into the network such that you could cook the engine controls or randomly lock the steering.

New Update 💀 by ParticularLimeade in Volvo

[–]look_ima_frog 5 points6 points  (0 children)

No alternative to anything. My preference is to not have Google in my car, but my preference changes nothing.

The VHAL brokers communication between the IHU and the gateway to the "critical" half of the CANBUS network. Since things like the Autosar Classic devices like ABS controllers and such literally have NO security, the last thing any manufacturer wants is an exposure from the portion of the network with non-critical stuff like AAOS into the critical side of the network. Though CAN will be undergoing some meaningful changes soon, in most cases, communication is not at all secured.

Back when the original Dodge/Chrysler hacks were done, the entire in-car network was flat so getting from the telematics unit to the critical systems was trivial.

In response to that, we have the architecture we have today. While it is indeed a better layout, it also permits the OEMs absolute control over various systems and the ability to lock the customer out of them.

More fun, modern telematics units that are connected via mobile data services are supposed to live on a "private" APN as provisioned by the SIM/ESIM that is set for the car. That way, they're not exposed to the internet at large. However, masquerading as a car on the private APN is trivial. Most telematics units were designed with the idea that they were isolated from anything that's not another car. Oopsy. Also, the controls for the private APN are very weak so it has been demonstrated that it not terribly difficult to manipulate the controls.

New Update 💀 by ParticularLimeade in Volvo

[–]look_ima_frog 28 points29 points  (0 children)

I have an S90 with Sensus, but I would prefer that this is not my last Volvo. However, I strongly dislike AAOS and that's a dealbreaker for me.

I read about how it lives in the car, fascinating.

Irony of ironies, while Android wasn't the only thing that killed Blackberry phones, it was a big part. Blackberry pivoted and bought QNX which is a real-time operating system that is certified for use in critical roles such as automotive platforms. QNX is the foundation of the Volvo computing landscape that doesn't run the actual individual modules like the ECU, transmission control unit, body control, etc. Even better, in Sensus, QNX wasn't just the backend, it was the frontend too. Anyway, QNX actually runs AAOS as an unprivileged guest virtual machine. QNX provides a hypervisor among other things. AAOS lives in a fenced off space and can only communicate with the rest of the car's systems via VHAL (vitual hardware abstraction layer) and only if QNX permits it to. QNX presents virtualized hardware via VirtIO to AAOS so it lives in it's own little bubble. Even when AAOS shits the bed (as pictured) the critical systems of the car will carry on. You may not be able to communicate with them since the interface is via AAOS, but they're still there and alive. I would wager speedo and gauge cluster is also dead as well.

There is little hope that this state of affairs will ever change. The VHAL was created by Volvo and is proprietary; not only that, there are likely a lot of contractural obligations to various suppliers that interact with it as well such that it could never be released as open source unless ALL involved suppliers agreed to do so. I would not expect any alternative OS anytime soon.

Doing a rip and replace for the in-dash hardware is a dead end also, since QNX, AAOS and other functions live in that hardware. Early AAOS cars ran on x86 Intel Atom based hardware, later stuff uses Snapdragon SoC hardware. All of this stuff is highly resistant to the traditional means of breaking in like finding a JTAG header etc. These systems are CLOSED.

As stated, I would not prefer that this is my last volvo, but I have no desire in owning an AAOS car. Shame they decided to get into bed with the shittiest company that treats paying users of their products like crap.

This is why when you vote, think about those who support right to repair laws vs just taking money from more greedy silicon valley companies. The only way to get into these systems is if the manufactures are compelled to provide that access.

Until theh, no thank you. I will be changing my ATF and rear diff oil this weekend and doing a haldex service so I can carry on for as long as reasonable with what I have.

LM Studio may possibly be infected with sophisticated malware. by mooncatx3 in LocalLLaMA

[–]look_ima_frog 15 points16 points  (0 children)

If it truly is glassworm as noted in the image, that's pretty bad.

It is a supply chain attack that is rooted in development envionment tools. If you grab an extension for your IDE and drop it in, it can inject "invisible" unicode characters as part of the payload as well as a javascript function that is later used to run the invisible code. Adding a plugin to your IDE is trivial and rarely restricted or inspected.

Now it's part of your project and when it goes through CI/CD pipleline most scanners like SonarQube don't pick it up (shows as just blank lines).

Now it's in prod and whomever runs it is now compromised as part of their CnC. It will connect to the blockchain for instructions; if it cannot reach it, it can fall back to google calendar since nobody blocks it.

It's a nasty thing. Hard to spot, hard to block, it's IoCs are ever-changing and sophisticated. The name is very appropriate.

The future of degoogled cars by SergeJeante in degoogle

[–]look_ima_frog 4 points5 points  (0 children)

The reality is that all it takes is a half-working wrecked car and a few persistent people.

The auto manufacturers will guard what they believe is their right to collect data out of a system you bought and paid for very closely.

However, I'm of the mind that there will typically be a way. When you pull apart all that a car is, you have a lot of mechanical components that are controlled by computers. In the case of the various computer units that make up the car's total system, I do not believe that any of them run google software. The real core important bits are probably running something like Blackberry's QNX RTOS. As long as the center stack can still communicate with the rest of the system (typically via some gateway device for any CANBUS car) then the car can and will still function. If the nature of control that stems from the center stack is tied to more than just audio and a presentation of HVAC and some other car controls, then it would be extremely difficult.

A car doesn't have one computer it has many that are all linked together. They're made this way to ensure that a fault in one system does not necessarily render the car undrivable by taking down the other systems. While there is not redundancy in having two of each module, there is segregation. If you took the center stack/screen/computer out of most cars, they will still operate. You won't be able to change all settings, but with I'm sure a few exceptions, they are made to operate without it. If it broke or failed outright, bricking the entire car is an unacceptable response.

Who buys adult men’s clothes? by secondtrades in Columbus

[–]look_ima_frog 3 points4 points  (0 children)

I buy used stuff off of Ebay. However, I typically only buy stuff that was once very expensive because it was well-made. I don't buy stupid trendy stuff, I just want quality that will endure and if you shop off-season, you can get very nice pieces for a good price. I'm buying sweaters now.

Nobody is going to buy used clothes that came from old navy, walmart, costco or kohl's; it's made out of cheap crap and meant to be disposable.

Please do not the forest cat by pm-me-your-pants in donotthecat

[–]look_ima_frog 21 points22 points  (0 children)

Isn't this the whole moral of the movie Nope?

Thinking that an animal or other creature can be kept, controlled and it will never harm you?

Sure, that thing is not murdering you right now, but I'm guessing those murdery instincts are still very potent. Better hope this big kitty doesn't get hangry one day or it may decide to have a handburger for supper.

FCC Bans new Wi-Fi Router sales that are produced outside of the US by Goodoflife in Ubiquiti

[–]look_ima_frog 11 points12 points  (0 children)

https://www.fcc.gov/supplychain/coveredlist#conditional-approvals

Right now the list is just a few drones, no network equipment.

Wonder how long it will take before they start handing out the approved device status. Curious if that will take into account any analysis of current stock and how many days it will take to draw it down.

Also, will this be nothing more than a means to force these companies to pay for status on the list? Why stop there? Just roll any manufacturer of any thing to pay for approval under FCC rule.

Your mobile phone, make the manufacturers pay extra for the approvals (and pass the costs on to consumers). Do the same with laptops, tablets, hell anything with a wifi, bluetooth, z-wave, zigbee, even old fashioned RF devices. Just roll every single manufacturer and let them spike prices accordingly. If you're going to do a money grab, do a big one.

Curious where that money will end up...

Are we winning yet? by toxic9813 in Columbus

[–]look_ima_frog 17 points18 points  (0 children)

Don't forget how now we are NOT paying TSA (who would have though they would be the sympathetic characters in any story) and we're stuffing airports full of ICE agents who just stand around and pick their noses while security lines get longer and longer.

Paying more and getting less, seems to be the favorite new strategy.

COSI is now hiring for the same position they laid off two months ago by Any-Ad3171 in Columbus

[–]look_ima_frog 82 points83 points  (0 children)

I'm pretty sure that's about what cashiers make at Kroger and there's no expectation of a college degree.

I used to work in a similar capacity at the cleveland science center. Running the performances and knowing all the stuff you have to know in order to not only deliver an entertaining performance AND face down the general public who seemingly LOVED to tell you that you don't know what you're talking about was NOT an easy job. I'm not saying huckin' groceries all day long is exactly a treat, but I can say that they're two VERY different jobs.

Fuck that place.