I find it really funny that it's published on GitHub with the MIT license, but with a disclaimer it's illegal to use it outside of government websites.
It's great that it's publicly available, like many other public stuff the French Government is doing like https://beta.gouv.fr/ or the tax calculators, but it's still funny.
The conditions in the disclaimer only apply to the French government. Translated with Firefox (which apparently still makes some typos):
> Conditions for the use of the Components by the Other Users
> All Other Users are allowed to use the source code according to the terms of the MIT license.
> Other Users are expressly reminded that any use of the Components outside the limits referred to herein or for the purpose of diverting them and otherwise appropriateing the State Mark is punishable by civil and/or criminal sanctions.
Oh, right, on the readme! That's so weird, because it kinda contradicts the "general conditions for use" document. I guess they mean the source code is ok to use but you must alter the design first? The UK's doesn't have such a dumb limitation.
I have very little understanding on the power requirements for a window, but couldn't Tesla have just reserved some battery off the main battery as an emergency fallback? Just enough power to lower the windows to a safe route, maybe illuminate some LEDs on the emergency latches or paths to the emergency latches? I'm not really interested in discussing Tesla's intended design, but more from just a mechanical/electrical standpoint if it would be expensive (power wise) to have a reserve like this.
Edit: Also, I guess weight also of such a battery, but I suppose maybe the weight can be understood by how much reserve it would need.
The exploit will leak more or less random data (data which was accessed recently by the CPU). You cannot target a specific part of the memory, but you can keep fetching data until you get something interesting.
so if I wanted to test if it leaks my root password, I should run the code and open a terminal and say, upgrade packages, or upgrade packages before running the exploit code?
This is also a sign that code reviews are not working properly (either missing due to a team too small; or not enough time invested to do them properly; or people are not "free" enough to tell their coworker that their code is bad; or it was done too late, once there isn't enough time to fix it; etc).
Or code reviews are working fine but there are no long-term consequence for people whose code consistently takes 10x more revision after reviewing. (This is also a kind of organizational failure, but one where reprimanding the IC in question can still be the right response. But I also doubt a drive-by ad hoc external review of every person in the company is going to be the best approach to find this!)
> depending on the use case for a Pi Zero WireGuard server, it could get the job done with ~30-40 megabits per second speed capabilities.