undefined | Better HN

0 pointsmytailorisrich2y ago0 comments

My 2c based on your comment:

* "signed with the wrong cert" should mean the software package is rejected before it it is installed.

* software upgrades are tricky and there should be at least 2 versions available so that fallback to the previous is possible and automatic in case of issues.

0 comments

DannyBee2y ago

The software package probably is signed right but contains multiple signed binaries of which one is signed wrong.

Or is multiple signed packages and one is wrong.

Or the test cars accept prod and test certs.

Or some combo of the above.

There are lots of ways this could have broken that doesn't amount to rivian not being able to write software

mytailorisrichOP2y ago

I am not criticising Rivian, not least because I don't know the details.

That being said, "signed wrong", including all your hypotheses, that results in a bricked unit is definitely a serious oversight in general.

This also might highlight why production tests should be run on exactly production units. No tweaks allowed.

DannyBee2y ago

It is great to live in an ideal world, and in fact, in most software, you can do what you are suggesting quite cheaply. But once you get past the sort of "quip on hacker-news" level of thinking about this, or trivial and cheap production testing scenarios, people have to make real tradeoffs because it's never that simple.

Talking about those is much more interesting than just asserting that everything should be a certain way, without any consideration for real world constraints, like cost of units, etc.

1 more reply

j / k navigate · click thread line to collapse

0 pointsmytailorisrich2y ago0 comments

My 2c based on your comment:

* "signed with the wrong cert" should mean the software package is rejected before it it is installed.

* software upgrades are tricky and there should be at least 2 versions available so that fallback to the previous is possible and automatic in case of issues.

0 comments

DannyBee2y ago

The software package probably is signed right but contains multiple signed binaries of which one is signed wrong.

Or is multiple signed packages and one is wrong.

Or the test cars accept prod and test certs.

Or some combo of the above.

There are lots of ways this could have broken that doesn't amount to rivian not being able to write software

mytailorisrichOP2y ago

I am not criticising Rivian, not least because I don't know the details.

That being said, "signed wrong", including all your hypotheses, that results in a bricked unit is definitely a serious oversight in general.

This also might highlight why production tests should be run on exactly production units. No tweaks allowed.

DannyBee2y ago

Talking about those is much more interesting than just asserting that everything should be a certain way, without any consideration for real world constraints, like cost of units, etc.

1 more reply

j / k navigate · click thread line to collapse