Yasoob Khalid (via Hacker News):
They talk about the tripple redundancy system and how SpaceX uses the Actor-Judge system. In short there are 3 dual core ARM processors running on custom board (according to elteto). For each decision a “flight string” compares the result from each core on a single processor. If the output matches the command is sent to different controllers. There are 3 processors (with dual cores) so that means each controller/sensor will get three different commands. The controllers then act as the judge and compare the three commands. If all three are in agreement, they carry out the operation. If even a single command is in disagreement, the controller carries out the command from the processor which had previously been sending the correct commands.
As Alfred Spector and David Gifford explain, the Space Shuttle did something similar, only the judge wasn’t a microprocessor:
For the aerosurface actuators, each of the four computers sends out an independent command on an independent bus. With no failures, the commands should be identical. The voting is done at the actuator using a hydraulic voting mechanism, called a force-fight voter. In it, there are four hydraulic ports called secondary ports, each commanded by one of the four GPCs. The secondary ports go into the primary ports, which are heavy-duty actuators that connect to what’s called a “summing bar,” which is no more than a massive steel rod. If there are three good computers and one bad one, the three good commands physically out-muscle the fourth. This limits the control authority a little bit--we don’t get the total force we’d like to get, but there’s still enough power to control the vehicle. If you have a large enough pressure differential for a large enough time, the port is hydraulically bypassed, which relieves the pressure in that one port. The remaining three ports then regain their full authority.
Previously:
Update (2020-06-09): See also: Reddit AMA.
ARM Chromium Craft Programming SpaceX
Andy Grant (via Wojciech Reguła):
Per the specification, an event can have URI-specified attachments, but when such an event is exported from Calendar, such as an attachment to an email or sent as a meeting invite, the files are embedded into the resultant ICS file. This makes sense—how else would the receiver get the attachments? However, an attacker can combine this behavior with a little-known specification directive in order to silently exfiltrate files from a user’s machine.
[…]
Using SCHEDULE-FORCE-SEND I was able to create an ICS file that described an event wherein my target user was the organizer (required for Calendar to send an invite after import) and I was an attendee, that included one or more attachments by file:// URI, and, when imported into Calendar, immediately sent (in the background) a meeting invite back to me that included the target user’s files embedded inside. The only user interaction required was for the victim to open the event in Calendar—such as by double-clicking it in an email. Or, in other words, a “1-click” file exfiltration.
[…]
Some target files would be embedded while others would not. This is due to Calendar being a sandboxed application. Calendar can still access a number of sensitive files though, such as the user’s calendars, contacts, and keychains databases.
It’s mitigated in macOS 10.15.5. I wonder if some of these services will eventually be moved out of process, e.g. so that apps can query the Contacts database without receiving permission to read the database file itself.
Previously:
Bug CalDAV Calendar Contacts Mac macOS 10.15 Catalina Privacy Sandboxing
Rust Core Team (tweet, Hacker News):
Rust has changed a lot these past five years, so we wanted to reflect back on all of our contributors’ work since the stabilization of the language.
[…]
One thing that we haven’t mentioned much is how much Rust’s error messages and diagnostics have improved since 1.0. Looking at older error messages now feels like looking at a different language.
That’s five years since Rust 1.0. It was announced ten years ago, and work started before that. (Swift was announced six years ago and labeled 1.0 a few months later.)
Previously:
Anniversary Compiler Language Design Open Source Programming Rust Programming Language
