Profits 1st, Safety 2nd?

Author	Message
ML1 Volunteer moderator Volunteer tester Send message Joined: 25 Nov 01 Posts: 20283 Credit: 7,508,002 RAC: 20	Message 2006496 - Posted: 9 Aug 2019, 15:56:16 UTC - in response to Message 2000888. Last modified: 9 Aug 2019, 15:57:10 UTC Such connectedness can be done (and should be done) such that the system doing the 'connecting' is separate and independent of the Flight Control System. That is easily done using monitoring devices that can only monitor the signals and data of interest. It is then that monitoring device/system that is 'internet connected' to report back to home. For such a safety critical system as the Flight Control Computer, there simply should be no physical way to endanger that system in flight... Never going to happen. One upload from the ground in flight that happens now is a change in flight plan. Also the fuel weight and balance, weight of cargo and which cargo hold has how much is updated usually in taxi not airborne. All of this feeds into the FMS. Others are all the same ones for any computer such a a BIOS flash. You simply can't allow a rouge ground person the opportunity to plug a carefully crafted update USB into a jack on the flight deck where trust would be implicit. No NO NO! That update needs to be verified by a ground computer and then loaded via satellite radio. There are far too many ways to compromise ramp personnel and there are lots of them. Or that will be the thinking of some safety person and they might be right. The maps that are part of the navigation system are valid for only 28 days. Updated a little more often than your Tom Tom. That may well be so for the Flight Management System (FMS). But for the critical Flight Control Computers (FCC)?... So, where is there any documentation for what is actually implemented and what is actually done? To my most humble and ignorantly personally prejudiced mind: This latest snippet looks rather scary... And with good portent for disaster: WTF is Boeing on? Not just customer databases lying around on the web. 787 jetliner code, too, security bugs and all Fears of cyber-hijackings? That's plane crazy, says Dreamliner maker... ... A Black Hat presentation on how to potentially hijack a 787 â€“ by exploiting bugs found in internal code left lying around on a public-facing server â€“ was last night slammed as "irresponsible and misleading" by Boeing... ... It is important to note here that there are essentially three electronic networks on a 787: the first is home to non-critical stuff like the in-flight entertainment system; the second is used by slightly more important applications reserved for crew and maintenance teams; and the third is used by the vital avionics gear that controls the airplane's flight and reads its sensors. The software Santamarta probed â€“ a crew information service â€“ lives in the second network. He suggested it may be possible to exploit holes in, say, the in-flight entertainment system on the first network to access the adjoining second network where one could abuse the flaws he found in the crew information software to then reach into the adjoining third network. Once there, one could tap into the avionics equipment... From my reading, the really scary bit is... Are Boeing really relying on mere software/firmware firewalls(!!!) to isolate the three networks? ... And we all know how (un)reliable firewalls and antivirus are, yes?... To give meaningful guarantees, note that data network physical isolation with non-programmable hardware one-way data flows is oh so easy to do... All in our only one world, Martin See new freedom: Mageia Linux Take a look for yourself: Linux Format The Future is what We all make IT (GPLv3) ID: 2006496 ·

Gary Charpentier Volunteer tester Send message Joined: 25 Dec 00 Posts: 30646 Credit: 53,134,872 RAC: 32	Message 2006555 - Posted: 9 Aug 2019, 21:50:18 UTC - in response to Message 2006496. Last modified: 9 Aug 2019, 21:51:26 UTC Martin, how is the FMS going to tell the FCC to turn left at the waypoint and descend if the FMS doesn't talk to the FCC? They are one single system. The maintenance net needs to read the outputs of the FCC and FMS to know what things need to serviced and what error codes they may have thrown. They are one single system. Never mind the maintenance net is likely used to upload software to the FMS and FCC when an update is needed! In flight entertainment should be separate. However it likely has to share a single (air to ground) receiver transmitter with the other networks. Depending on how that interface works, it may not be TCP/IP over eithernet, the systems may have to talk to each other to sort out who has the bus. When this stuff was designed, no one thought about a hacker onboard. How many miles of wire in how many planes from how many manufactures will need to be replaced? How many billions of lines of code will have to be rewritten? ID: 2006555 ·

rob smith Volunteer moderator Volunteer tester Send message Joined: 7 Mar 03 Posts: 22199 Credit: 416,307,556 RAC: 380	Message 2006633 - Posted: 10 Aug 2019, 7:19:58 UTC There are technologies that allow a one-way communication between two systems. These technologies are "well known" to many secure/insecure system design engineers, and are remarkably simple to implement, and are inviolable. Probably the simplest to understand is "single direction memory" - this is memory that you place in the data stream between the two devices, the secure device can write to it, but not read it, and the insecure device can read it but not write to it, the enable/prohibit being a hardware function. One might consider it to be a bit like a blocking diode in "normal" electronics, but one working at a digital level. Bob Smith Member of Seti PIPPS (Pluto is a Planet Protest Society) Somewhere in the (un)known Universe? ID: 2006633 ·

Sirius B Volunteer tester Send message Joined: 26 Dec 00 Posts: 24879 Credit: 3,081,182 RAC: 7	Message 2006634 - Posted: 10 Aug 2019, 7:29:54 UTC - in response to Message 2006633. The question is: Does Boeing use that technology? ID: 2006634 ·

ML1 Volunteer moderator Volunteer tester Send message Joined: 25 Nov 01 Posts: 20283 Credit: 7,508,002 RAC: 20	Message 2006720 - Posted: 10 Aug 2019, 22:26:47 UTC - in response to Message 2006555. Last modified: 10 Aug 2019, 22:27:17 UTC For the network isolation, Rob has explained very nicely, thanks Rob. Further specific comment: Martin, how is the FMS going to tell the FCC to turn left at the waypoint and descend if the FMS doesn't talk to the FCC? Any "talk to" should more simply and safely be a "talk at"... I have no idea what Boeing have implemented but my own personal design for such a network system would be: Avionics network, fully multiply redundant. Spans the entire aircraft for flight sensors, flight actuators, and cockpit displays. \| One way push connection to \| V Flight Management Network, should include intrinsic or automatic redundancy. Spans the cockpit area for the FMS and associated displays. \| One way push connection to \| V General purpose network for the entertainment systems and internet. Note that ground and maintenance crews receive whatever pre-set push data is pushed through from the first two networks to the last network. The autopilot runs directly on the FCC(s). The networks must be physically separate entities. None of the "virtual lan" and "firewalls" stupidity. Virtual lans (vlans) are fine in datacentres. I know what goes wrong with them. Certainly don't want to risk my life to any such silliness as flying vlans! They are one single system. Nope. They are physically separate computers. On the Boeing 737 MAX, I believe there are two separate Flight Control Computers and at least one Flight Management System computer (and only optionally two FMS computers). Considering the burdensome extra workload distracting the pilots if the FMS fails, I'm surprised the FMS hasn't a redundant spare as standard. The maintenance net needs to read the outputs of the FCC and FMS to know what things need to serviced and what error codes they may have thrown. They are one single system. Never mind the maintenance net is likely used to upload software to the FMS and FCC when an update is needed! As noted, the FCC and FMS are separate entities on separate physical boxes. The maintenance people are fine for reading pre-set pushed read-only data. Any updates should require a physical presence or some other physical device to ensure an update cannot possibly happen in flight!!! After all, these are not Microsoft systems for example with all the encumbent "must update must reboot memes"... In flight entertainment should be separate. However it likely has to share a single (air to ground) receiver transmitter with the other networks. Depending on how that interface works, it may not be TCP/IP over eithernet, the systems may have to talk to each other to sort out who has the bus. Not quite, in that data from the other isolated networks can be simply sent one-way. There are multiple physical solutions for doing that. Agreed that the internet connection (and the compromise risks associated with that) should be to the non-critical entertainment system and well away from flying the aircraft! When this stuff was designed, no one thought about a hacker onboard. How many miles of wire in how many planes from how many manufactures will need to be replaced? How many billions of lines of code will have to be rewritten? Hopefully none if Boeing have done The Right Thing from the outset... Anyone know for sure? I ain't flying Boeing until I get some better answers! All in our only one world, Martin See new freedom: Mageia Linux Take a look for yourself: Linux Format The Future is what We all make IT (GPLv3) ID: 2006720 ·

ML1 Volunteer moderator Volunteer tester Send message Joined: 25 Nov 01 Posts: 20283 Credit: 7,508,002 RAC: 20	Message 2006722 - Posted: 10 Aug 2019, 22:36:14 UTC - in response to Message 2006634. The question is: Does Boeing use that technology? Very good question... How do we get to know?? All in our only one world, Martin See new freedom: Mageia Linux Take a look for yourself: Linux Format The Future is what We all make IT (GPLv3) ID: 2006722 ·

ML1 Volunteer moderator Volunteer tester Send message Joined: 25 Nov 01 Posts: 20283 Credit: 7,508,002 RAC: 20	Message 2006723 - Posted: 10 Aug 2019, 22:53:08 UTC Last modified: 10 Aug 2019, 22:58:23 UTC The Boeing 737 MAX story gets yet ever even yet worse: FAA already knew another Boeing 737 Max malfunction was likely after Lion Air crash... ... Senators wanted to know why the FAA didnâ€™t take necessary steps after the first 737 Max crash last October. They pointed to internal FAA analysis, done just days after the crash, predicting the similar emergency incident was likely within the next 10 months, due to the fault in Planeâ€™s anti-stall system, known as MCAS. Instead of grounding the plane, the FAA issued an emergency order directing pilots to review the existing procedures while Boeing fixed the MCAS system. But within the five months, another 737 Max crashed. FAA executives found that their recommendations to pilots were insufficient... Plane&Pilot - Boeing 737 Max Crisis: 5 Things We Need To Know ... Little has changed in the past couple of months. We still donâ€™t have very good answers, but at least we have a strong sense of what the questions are... Boeing CEO to Business Travel Execs: Trust Us, 737 Max Is Safe Now ... in Chicago on Monday, Boeing CEO Dennis Muilenburg worked hard to assuage corporate travelâ€™s creme de la creme that everything is going to be just fine. Half the audience in the banquet hall, however, headed for the exits as his name was announced... To my view, a continuing damning story that should never have happened... All in our only one world, Martin See new freedom: Mageia Linux Take a look for yourself: Linux Format The Future is what We all make IT (GPLv3) ID: 2006723 ·

rob smith Volunteer moderator Volunteer tester Send message Joined: 7 Mar 03 Posts: 22199 Credit: 416,307,556 RAC: 380	Message 2006802 - Posted: 11 Aug 2019, 15:29:31 UTC - in response to Message 2006722. I don know that at least two of Boeing's suppliers use such technologies in some of their products, so there is a chance..... But if the reported attitudes demonstrated recently by Boeing I wouldn't be surprised if they didn't. Bob Smith Member of Seti PIPPS (Pluto is a Planet Protest Society) Somewhere in the (un)known Universe? ID: 2006802 ·

ML1 Volunteer moderator Volunteer tester Send message Joined: 25 Nov 01 Posts: 20283 Credit: 7,508,002 RAC: 20	Message 2007060 - Posted: 12 Aug 2019, 23:24:03 UTC - in response to Message 2006723. Last modified: 12 Aug 2019, 23:25:03 UTC The Boeing 737 MAX story gets yet ever even yet worse: Is this the source of (what I see as) deadly greed? Boeing creates new in-house avionics unit, reversing years of outsourcing Boeing has set up a new in-house unit called Boeing Avionics to pursue the development and production of avionics and electronics systems. Itâ€™s a reversal of a strategy of outsourcing avionics controls... ... for future airplanes, Boeing is now hungrily eyeing the profits made by its systems suppliers, who collect money long after an airplane leaves Boeingâ€™s factory by maintaining and updating the avionics throughout the jetâ€™s service life... ... Itâ€™s one more step toward Muilenburgâ€™s stated goal of growing the companyâ€™s overall services business from $14 billion today to $50 billion within five to 10 years... To me, that looks like overly aggressive growth... Or is that moving to turn the thumbscrews on a monopoly or 'leveraging' proprietary lock-in? To my view, a continuing damning story that should never have happened... All in our only one world, Martin See new freedom: Mageia Linux Take a look for yourself: Linux Format The Future is what We all make IT (GPLv3) ID: 2007060 ·

ML1 Volunteer moderator Volunteer tester Send message Joined: 25 Nov 01 Posts: 20283 Credit: 7,508,002 RAC: 20	Message 2007067 - Posted: 12 Aug 2019, 23:43:33 UTC - in response to Message 2006802. Last modified: 12 Aug 2019, 23:53:43 UTC I don know that at least two of Boeing's suppliers use such technologies in some of their products, so there is a chance..... But if the reported attitudes demonstrated recently by Boeing I wouldn't be surprised if they didn't. This quote to me does not look good: Boeing 787 On-Board Network Vulnerable to Remote Hacking, Researcher Says ... The 787 has a core network cabinet system on-board that includes multiple network modules that segregate and provide network interfaces among the sensitive avionics network, the passenger information and in-flight entertainment system, and the aircraft maintenance system used by engineers, crew, and airline employees... ... Santamarta also spotted two cases where proxy servers used by airlines to communicate with their 787 aircrafts on the ground via GateLink were exposed on the public Internet. "So it was possible to compromise those servers," which could allow an attacker to reach the plane's network over the Internet, he says... ... At the heart of the firmware issue, according to Santamarta, is that the Honeywell firmware was based on a version of VxWorks that was not certified for use in avionics... ... The Boeing 787 core network security controls includes IP table-filtering in the Ethernet gateway module of the core network, where different rules determine which traffic goes from the open data network to the internal data network, for example. The aircraft also runs a firewall packet-filtering function based on a VxWorks library and employs system rules in the network interface module that help isolate the networks, Santamarta says. Santamarta says that both Boeing and Honeywell confirmed the flaws in the 787 firmware. "However, Boeing did not share with IOActive the version of the CIS/MS firmware they were using in their testing, despite the fact that this information was requested several times. So technically, all of the 787 currently in production contain the vulnerabilities, but Boeing denies those vulnerabilities are exploitable," he says... My personal uneducated uninformed interpretation of those snippets are that at the heart of the Boeing 787, there appears to be a network switch system to which ALL the Boeing 787 networked systems are connected. That central switch implements firewall, data packet filtering, and data routing rules, all dependent upon the firmware running on that switch and the config files installed. *To me, that sounds very much like there is no physical separation between the networks... You have to trust* to the configs keeping the data restricted to the required (expected) functionality.** And I've had all too many examples of maintenance people getting the configs wrong... Or of firmware doing 'unexpected consequences' for a config/rules change... So... How the hell is that sort of setup certified for flight?... Personally, I very definitely will not be risking my life to such an IT setup on an aircraft! (If my interpretation is correctly the case.) How do we get to find out what avionics and network structure is used? For that 787 example and also for the 737?... After all, on an aircraft, your life depends upon it. All in our only one world, Martin See new freedom: Mageia Linux Take a look for yourself: Linux Format The Future is what We all make IT (GPLv3) ID: 2007067 ·

Gary Charpentier Volunteer tester Send message Joined: 25 Dec 00 Posts: 30646 Credit: 53,134,872 RAC: 32	Message 2007072 - Posted: 13 Aug 2019, 0:29:20 UTC - in response to Message 2007060. Or is that moving to turn the thumbscrews on a monopoly or 'leveraging' proprietary lock-in? The fiduciary duty model just like Micro$oft or any other large corporation today even including sports clubs. You do realize the shaver people started this. Give away the handle, charge up the ying yang for the blades. ID: 2007072 ·

Sirius B Volunteer tester Send message Joined: 26 Dec 00 Posts: 24879 Credit: 3,081,182 RAC: 7	Message 2007166 - Posted: 13 Aug 2019, 15:00:51 UTC Hmm, here's one big organisation that will ditch technology. USN to ditch touch screen controls ID: 2007166 ·

Bernie Vine Volunteer moderator Volunteer tester Send message Joined: 26 May 99 Posts: 9954 Credit: 103,452,613 RAC: 328	Message 2007196 - Posted: 13 Aug 2019, 20:53:40 UTC - in response to Message 2007166. Hmm, here's one big organisation that will ditch technology. USN to ditch touch screen controls Yes and this stood out for me "The control systems were "overly complex" because shipbuilders had little official guidance on how they should work. As a result, he said, the control systems on different ships had little in common, so sailors often were not sure where key indicators, such as a ship's heading, could be found on screens." The Navy had no input as to the design of the control system interfaces, good grief!! ID: 2007196 ·

Sirius B Volunteer tester Send message Joined: 26 Dec 00 Posts: 24879 Credit: 3,081,182 RAC: 7	Message 2007232 - Posted: 14 Aug 2019, 3:13:44 UTC "Who's to blame? It's the fault of those who should have got their hands dirty and intervened in the bridge's condition but didn't, those who should have spent the money, but didn't, those who should have checked it, but didn't," d'Ovidio says. One year on ID: 2007232 ·

Sirius B Volunteer tester Send message Joined: 26 Dec 00 Posts: 24879 Credit: 3,081,182 RAC: 7	Message 2007724 - Posted: 16 Aug 2019, 19:31:16 UTC 2 separate incidents: A river in New York A cornfield in Moscow Pilots in total command of the aircraft. 388 people live. 2 separate incidents: Indonesia Ethiopia Software & technology in total command of the aircraft. 346 people dead. I know who I want to be in total command of any aircraft I fly in. ID: 2007724 ·

Gary Charpentier Volunteer tester Send message Joined: 25 Dec 00 Posts: 30646 Credit: 53,134,872 RAC: 32	Message 2007759 - Posted: 16 Aug 2019, 23:07:43 UTC - in response to Message 2007724. Last modified: 16 Aug 2019, 23:11:20 UTC Sorry, airbus A321 is an all glass cockpit, so the software and technology was flying the plane. (It just didn't disagree with the pilot.) Sorry, airbus A320 is an all glass cockpit, so the software and technology was flying the plane. (It just didn't disagree with the pilot.) ID: 2007759 ·

rob smith Volunteer moderator Volunteer tester Send message Joined: 7 Mar 03 Posts: 22199 Credit: 416,307,556 RAC: 380	Message 2007821 - Posted: 17 Aug 2019, 7:08:22 UTC Last modified: 17 Aug 2019, 7:09:22 UTC While the A321 is an all glass cockpit it would not normally be the autopilot that was flying the plane during take-off - very frequently it is the guy in the RH seat (which is how the less experienced pilot gets their take-off up so they can get to the LH seat). Also you confuse "all-glass cockpit" with "fully automated flight" - they are two very, very very different things - I know of a good number of "diddy planes" that have all-glass cockpits, but one has to hands-on them until "flying straight and level". [Edit] The B737NG & B737Max are basically "all-glass", so why didn't that work out? Bob Smith Member of Seti PIPPS (Pluto is a Planet Protest Society) Somewhere in the (un)known Universe? ID: 2007821 ·

Sirius B Volunteer tester Send message Joined: 26 Dec 00 Posts: 24879 Credit: 3,081,182 RAC: 7	Message 2007871 - Posted: 17 Aug 2019, 15:24:29 UTC - in response to Message 2007759. Sorry, airbus A321 is an all glass cockpit, so the software and technology was flying the plane. (It just didn't disagree with the pilot.) Sorry, airbus A320 is an all glass cockpit, so the software and technology was flying the plane. (It just didn't disagree with the pilot.) Interesting thought process you have. Do you have a comprehension issue by chance? Flying equates to total command? Since when? Had the software & technology been in total command of flight 1549, there would have been 155 dead on the Hudson. The software would have gone through the QRH in sequence, The APU was 15th on the list, it would never have got to that point. Also, does the software have glider info & gliding characteristics in its data bank? From the time of the bird strike until it hit the Hudson, a total time elapsed of 208 seconds. How long would it take the software to implement the APU? Count off the seconds... ID: 2007871 ·

Gary Charpentier Volunteer tester Send message Joined: 25 Dec 00 Posts: 30646 Credit: 53,134,872 RAC: 32	Message 2007884 - Posted: 17 Aug 2019, 16:19:52 UTC - in response to Message 2007871. Sorry, airbus A321 is an all glass cockpit, so the software and technology was flying the plane. (It just didn't disagree with the pilot.) Sorry, airbus A320 is an all glass cockpit, so the software and technology was flying the plane. (It just didn't disagree with the pilot.) Interesting thought process you have. Perfectly logical one. As said, the software did not disagree with the pilot. In the case of the crashed planes the software did disagree with the pilot and ignored pilot input. Remember, make no change is input. And Sirius, you are the one with a comprehension problem. Software and technology doesn't mean fully autonomous, or are you one who would get in a Tesla and engage autopilot mode and go to sleep? Rob, loss of the software would be about the same as total hydraulic failure. They aren't Cessna 150's with cables and push rods. Never said the software in the A320 series even has the ability to disagree with the pilot. Boeing built that into the MAX. **Humans can't fly B-2's and some others without a computer actually in charge. Humans can't react to the changes quickly enough to keep the plane stable. ID: 2007884 ·

Sirius B Volunteer tester Send message Joined: 26 Dec 00 Posts: 24879 Credit: 3,081,182 RAC: 7	Message 2007890 - Posted: 17 Aug 2019, 17:39:12 UTC - in response to Message 2007884. Perfectly logical one. As said, the software did not disagree with the pilot*. In the case of the crashed planes the software did disagree with the pilot and ignored pilot input. Therefore, the software was in total command. Software/Technology is meant to assist the flight crew, not command them. And Sirius, you are the one with a comprehension problem. Software and technology doesn't mean fully autonomous, or are you one who would get in a Tesla and engage autopilot mode and go to sleep? Incorrect. As for selecting auto mode & falling asleep, never going to happen - Since Moorgate, trust nothing man made 100% (especially automation). Never said the software in the A320 series even has the ability to disagree with the pilot. Boeing built that into the MAX. Yep, to avoid re-certification. ID: 2007890 ·

©2024 University of California

SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.