In a commercial closed source environment, there are still likely to be far fewer eyes looking at the code. Very few people look deliberately outside their area unless a major problem comes to light (no budget to) and other teams don't like defects being raised against them from outside.

You also can't perform a proper review with a bunch of hobbyist coders, you need highly-trained experts. Every single line of code needs to be checked, double checked, and triple checked against every single other line in the code to make sure that there isn't anything that could possibly compromise the security of the system. These failures are always subtle and usually unintentional.

If you are writing for some critical applications like a flight control computer then it is clear that there will many formal reviews. However, in most systems, commercial users do not have that luxury. Everything tends to be time boxed. With the status of Linux not only as a usable O/S but also as a teaching tool, new people are studying the kernel all the time (and performing exercises like "how random is the RNG"). However "hobbyist" it may seem, and especially with the methods used by the kernel maintainers, there is probably more scrutiny than with commercial systems.

With just a radar linked cruise-control/collision avoidance system you only know about what the guy immediately in front of you is doing. What you need to know is what the guys in front of him are doing. This is why you want the signal passed through immediately from the lead car so all trailing cars start to reduce speed or brake where necessary like a train - so no human reaction time involved.

A first part would be to simply relay the brake signal backwards. This is not a simple problem because the lead vehicle in the offside lane should not affect a vehicle in the nearside lane other than as a FYI. If the lead car is changing lane or turning, they should surrender their role and the next vehicle takes over. However, this could allow, for a small investment to be able to pass the event of the lead car braking backwards so that it could, be indicated on the dash of each trailing vehicle.

A more complex system would actually apply speed control via throttle or braking based on the info from the lead vehicle, all the way through the trailing vehicles.

This is the point. Making big curved mirrors is expensive, so they use lots of straight pieces of glass to make a nice downwards focussing concave effect. So you take a new building with refelctive film on the windows, and you have a pretty good concentrator. Luckily not a very good one because there is a structure in Spain that gets to 4 figure temperatures.

The idea is automatic convoying. It is very unlikely that the car in front of you comes to a dead halt. The issue is that you do not know what is happening in front of that car. People are studying the idea that the leading car will relay information to the trailing cars so that the instant it begins to brake, so do all other cars in the virtual convoy. Such systems can also allow for all kinds of interactions, so a car on the nearside lane on a two lane road can be permitted to pull out to overtake by adjusting the speed of the trailing cars to make a gap and maintain separation.

One of the biggest issues is good intervehicle communications which also means that they cannot send misleading information that could lead to crashes.

Alexander needs to go, yesterday. He's more inept than Ballmer.

No serving general should ever be given so much power over a civilian agency and the population as a whole. Soldiers are very good at military campaigns but they are not so good at managing by consent and they are used to protecting the state and projecting its will. To work effectively, a general has to stop being a general outside the military, especially when turning their agency against civilians. Instead, the better model is that of "policeman", to serve the people over the state.

The method posted requires, access to the car interior to get at the OBD2 port. Hopefully you would have set off the ultrasonic alarm before then.

The device shown is way overpriced, essentially you just need a custom OBD2 device. Just a bit of googling and I managed to find one for a fraction of the price.

I think these guys are able to breakin without access to the OBD2 port, probably by interception of the RFID signals.

For hardware I started with an 11/40, and then went through the range down and up. I got used to pulling and shuffling cards and even removing the wire-wrapped NPR jumper but the software was fun. For the software , we started with a monstrosity called DOS/BATCH, I went on to RSX-11M, RSX-11S (a paired down version of 11M for hard realtime), RT-11 and RSTS/E and ended up on RSX-11M-plus. The latter was a really cool multiprocessing capable O/S. The best thing is that for M and M-plus, they had to give you the kernel source so you could configure it (which was down to conditional assembly and lots of macros).

I was writing drivers and having fun. MACRO-11 was great. I used a heavily modded set of macros to provide a C like structure called SMAC and was using home-brewed structured exception handling by burying stuff in the stack frame, a bit like a VAX does. This gave me the ability to unwind quite gracefully. At one stage I managed to get hold of a copy of Unix, but we were commercial and it was hideously expensive at the time so couldn't use it for anything. The point being that a PDP-11 with EIS/CIS had a really nice instruction set and was easy to hold in the mind so I am fairly certain that a competent assembler programmer could write better code than most of the compilers. The instruction set was truly orthogonal so that all addressing modes worked whether it was real memory or registers.

The original PDP-11 standard Fortran would churn out pseudo code. This would be a list of addresses into the library with a link via R4, something like jmp @(r4)+. This was slow but actually quite elegant (easy to switch amongst the innumerable hardware variants via choice of library), but it was hard work to link because the entire program was external references. F4P cost a relative fortune though and I didn't get to use it until a time working at Digital.

I have passed long days in electromagnetic testing room, and I can say that you will be surprised by what can happens with complex and highly programmable electronics !

I had to work on a navigation system some years back, I didn't have to spend time in the "bubble" but colleagues did. We certainly did have people who were very aware of RF design and cross talk issues as we had a TEMPEST rated room as they had also been working on secure digital comms.

Your "demonstration" prove that a software modification can open up the frequency range.

True, but it is hard as the radio in a phone tends not to be open software. A USRP would be much better but then you need amplification and power. You are inside a metal tube and you need to get inside an antenna on the outside which is designed to go off when it receives a burst from a 50KW radar. The transponder squirts data back using something like 20w or so. It would be hard to overwhelm that from inside the plane. I would agree that if you hold up to a window, you could get some power outside (a phone does work on a plane on the ground up to a certain height, it is just a weak signal).

Inside the plane, RF goes by coax. Data goes by different means, usually twisted pair. Either way, the data wiring goes from the front-end in the cockpit to the avionics bay which is located underneath the cockpit (so no long cable runs). The FMS does not fly the plane (it acts more as a top-level monitoring system), there are other computers that worry about that.

If you have read the publication subject of this article, you will see that aircraft manufacturers have actually not worried at all about vulnerability.

Please remember that planes ship with standard flight control systems only. Cockpits and avionics are selected by airlines based on different options. It would be quite hard to try out every variant. However flight test has a big increase in general RF "crud" in the fuselage as you have multiple high performance logging and telemeter systems with cabling all over the place.

In the end, it seems that if you want to cause chaos, just get an airband radio and claim to be Frankfurt Radar or something.

Good point. And not only that, information is flowing into the pilot from multiple sources, visual clues, ATC and multiple instruments.

It seems that the aircraft industry is about as security conscious as the car industry.

Not really.

Aircraft typically carry different ways of getting the same vital information, passenger aircraft must do so. Equipment in former times was very unreliable, so essentially the plane must carry two (or more) of everything. Critical components, may have the "A" and "B" computers programmed by different teams or even using different architectures. They also carry a human, who may notice if their are strange instruments.

Drones are a different matter and do seem to be spoofable.

Except that TIS-B is not wired into TCAS at the moment. In fact, I have not heard of any use of ADS-B for air to air, just air to ground. Separations are controlled via time slots outside controlled air space and inside controlled airspace, by ground controller using good old fashioned PPI displays. Yes, those displays are "enhanced" by information from ADS-B but many smaller or older aircraft don't have it.

Nope.

A good demonstration of this was the issue about Nexus 4s being able by accident, to transmit a little bit on LTE (only one frequency) and only because the LTE frequencies were enabled by accident in the software. Unless there are antennas designed, the signal would be weak as hell even if you can get it out of the phone. Then you have to get the signal out of the fuselage which is normally working, more or less, as a Faraday cage to an antenna pointing at the ground or a satellite. The vulnerability that worries aircraft manufacturers (about mobile phone use) is the fact that ageing RF cabling and connectors may have faulty shielding.

Yes, the antennas are fixed but the ILS can be tweaked and often had to be (worked a long time ago at a place that built ILS equipment). They are supposed to be self maintaining using ground mounted calibration antennas but every so often an aircraft has to check the slope out by probing the ILS envelope (flying deliberately off the glide path) under VFR conditions. However, on top of the glide slope, there are radar altimeters (on the plane) and marker beacons (on the ground).