Question for US Rules committee on AH capability within LX NAV computers?

At 01:19 14 April 2012, Marc wrote:
On Apr 13, 5:50=A0pm, Don Johnstone wrote:
(The private key is in every flight recorder produced so all you
have to so is break into the software to get it, who wants to try and
compute it from the public key?)

The correct wording here would be that "A private key is in every
flight recorder produced so all you have to do is break into the
hardware to get it". Thank you for warning us, every badge or record
flight made by you or your mates in the future will require that the
flight recorder be sent to the IGC for inspection 8^)

Marc

That is not going to work. The same private code is used in many flight
recorders, so all you have to do is break into one and break into the
software. You then have the private key for all similar flight recorders.
Mine as you put it is still intact. It is pointless relying on a private
key of any length if you are going to put it out into the world in an
easily available box, that is not security, that is total ignorance and I
suspect the penny has already dropped with the IGC as well, took em long
enough.
Getting back to the subject of the AH here are so many solid state rate
gyros on the market, which will interface to a pocket PC or whatever that
is is a complete nonsence to ban soaring software that has ability to
display an AH. Using a small stand alone unit, smuggled into the glider in
your Glock holster would make far more sense if someone is determined to
fly in cloud. Having the instrument does not force you to fly in cloud
anyway. Banning useful software in this way is an ignorant and ineffective
thing to do, especially when the software is "Open Source" and you can
change it how you will with no-one else being the wiser.
I have managed to get two of my gyros I use on models to inteface with my
iPaq and provide a working artificial horizon so it is not at all
difficult. Anyone who would like plans forward your name on a £50 note
to............

Don, do you race? Do you understand why there is a rule prohibiting hardware or software that allows cloud flying?

We all understand that if you want to, it is now easy to cheat. But the point is that because of the rule, it is CHEATING, and if you are caught you get booted from the race.

When not racing, by all means have an AH - it can be a life saver. But when you race you agree to play by the rules.

As far as carrying my Sig or Glock in my glider cockpit - You appear to be a Brit. So the most dangerous thing you would encounter following a landout is probably a band of rowdy football (soccer to us colonials) fans.

In my backyard, I have rattlesnakes, scorpions, coyotes, etc. And in some of the places I fly over, there are human coyotes that are a lot more dangerous. So if I choose to arm myself, because I can (unlike you poor bloody poms), then it's because I have evaluated the risk and feel it is worth doing.

Also, a Sig is good for shooting out the AH from your cheating competitor's instrument panel....

Cheers!

Kirk
66
"Gun control is hitting what you aim at - the first time..."

At 23:48 16 April 2012, kirk.stant wrote:
Don, do you race? Do you understand why there is a rule prohibiting
hardwa=
re or software that allows cloud flying?

We all understand that if you want to, it is now easy to cheat. But the
po=
int is that because of the rule, it is CHEATING, and if you are caught
you
=
get booted from the race.

When not racing, by all means have an AH - it can be a life saver. But
whe=
n you race you agree to play by the rules.

As far as carrying my Sig or Glock in my glider cockpit - You appear to
be
=
a Brit. So the most dangerous thing you would encounter following a
lando=
ut is probably a band of rowdy football (soccer to us colonials) fans.

In my backyard, I have rattlesnakes, scorpions, coyotes, etc. And in
some
=
of the places I fly over, there are human coyotes that are a lot more
dange=
rous. So if I choose to arm myself, because I can (unlike you poor
bloody
=
poms), then it's because I have evaluated the risk and feel it is worth
doi=
ng.

Also, a Sig is good for shooting out the AH from your cheating
competitor's=
instrument panel....

Cheers!

Kirk
66
"Gun control is hitting what you aim at - the first time..."

I think you are confusing having an AH with being allowed to cloud fly.
Cloud flying in competition is permmitted in the UK as is the fitting of an
AH. If the EASA rules are strictly complied with the removal of an AH is
not a simple task. A lot of gliders in the UK are fitted with AH for very
good reason, mine was although I took care to never deliberately set out to
fly in cloud. An even larger number, possibly a majority have a turn and
slip fitted. My point is simple, having a rule that says you cannot fly in
cloud is fine and enforceable. A ban on having an AH is not enforceable,
quite apart from the lash up that I built, my iPhone has an app that
provides that instrument so enforcing that ban is not possible without
draconian, and possibly unlawful measures, like searching every pilot
before they get into the cockpit. A rule that cannot be enforced is better
never made. Having an AH is not cheating, flying in cloud is (in some parts
of the world). By all means enforce no cloud flying, but crippling
technology is not the way to go about enforcing it. If someone wants to
cheat they will find a way of fitting an AH that you cannot see. Someone
who has no intention of cheating will not do so whatever instrument they
happen to have fitted.

I do not campaign against you right to bear arms so why should you campaign
to have software crippled that would improve safety where clouds are more
of a problem.

On Tuesday, April 17, 2012 8:17:10 AM UTC-5, Don Johnstone wrote:

I think you are confusing having an AH with being allowed to cloud fly.
Cloud flying in competition is permmitted in the UK as is the fitting of an
AH. If the EASA rules are strictly complied with the removal of an AH is
not a simple task. A lot of gliders in the UK are fitted with AH for very
good reason, mine was although I took care to never deliberately set out to
fly in cloud. An even larger number, possibly a majority have a turn and
slip fitted. My point is simple, having a rule that says you cannot fly in
cloud is fine and enforceable. A ban on having an AH is not enforceable,
quite apart from the lash up that I built, my iPhone has an app that
provides that instrument so enforcing that ban is not possible without
draconian, and possibly unlawful measures, like searching every pilot
before they get into the cockpit. A rule that cannot be enforced is better
never made. Having an AH is not cheating, flying in cloud is (in some parts
of the world). By all means enforce no cloud flying, but crippling
technology is not the way to go about enforcing it. If someone wants to
cheat they will find a way of fitting an AH that you cannot see. Someone
who has no intention of cheating will not do so whatever instrument they
happen to have fitted.

I do not campaign against you right to bear arms so why should you campaign
to have software crippled that would improve safety where clouds are more
of a problem.

Don, I'm not confusing anything. If you don't compete in contests that have the no AH rule (all FAI or SSA sponsored races, for example), then by all means have an AH or T&B. But the rule is there, and it's pretty simple to enforce - look in the cockpit for AH or T&B, have pilot state on contest registration what software he is using on his moving map, and sign a statement that he does not have AH apps on his smart phone.

Most pilots wont cheat, and going to the effort to conceal AH software (or pull out and use your smart phone) is probably going to make that cheater more likely to take a chance and get caught - and booted.

And realize that this brouhaha is mainly from the US, where cloud flying is extremely uncommon - and AHs are rare in most glider cockpits, so it isn't a big handicap to not have one installed.

But leaving an AH up and running is just too much of a temptation to take that extra turn in 10 knots up into the cloud....and guys do that now without an AH!

So I don't see what the big panic is all about. Just comply with the bloody rules and have fun!

Cheers,

Kirk

On Apr 16, 3:21*pm, Don Johnstone wrote:
That is not going to work. The same private code is used in many flight
recorders, so all you have to do is break into one and break into the
software. You then have the private key for all similar flight recorders.
Mine as you put it is still intact. It is pointless relying on a private
key of any length if you are going to put it out into the world in an
easily available box, that is not security, that is total ignorance and I
suspect the penny has already dropped with the IGC as well, took em long
enough.

Don, use of a single private key for multiple units of a given
approved flight recorder model is not permissible. Each flight
recorder unit must have a unique private key. This requirement was
added to the specification in 2001 (AL4), after it was shown that one
design (since updated) had this flaw. See section 6.1 and Appendix G
of the IGC Technical Specification for GNSS Flight Recorders, if it
amuses you.

Any device that is freely available to a community at large (as
opposed to locked away in safes) can't be 100% free of security
issues, but shared private keys is not one of them...

Marc

Marc wrote:
Don, use of a single private key for multiple units of a given
approved flight recorder model is not permissible. Each flight
recorder unit must have a unique private key.

Food for thought (opening Pandora's box a little):

The VALI-xxx.EXE (or the according DLL) needs to contain all public
keys of all flight recorders of its kind.

Does everybody have to update their VALI-xxx.EXE when I send my flight
recordor for seal repair to the manufacturer?
If not, how else are new public keys distributed?

(Yes, there are other technical solutions like including the signed
certificate and the public key in the G record, but this technology
has not been documented and peer reviewed, and crypto technology that
hasn't been peer reviewed is insecure more often than not.)

Max

On Apr 17, 1:52*am, Max Kellermann wrote:
Food for thought (opening Pandora's box a little):

The VALI-xxx.EXE (or the according DLL) needs to contain all public
keys of all flight recorders of its kind.

Does everybody have to update their VALI-xxx.EXE when I send my flight
recordor for seal repair to the manufacturer?
If not, how else are new public keys distributed?

(Yes, there are other technical solutions like including the signed
certificate and the public key in the G record, but this technology
has not been documented and peer reviewed, and crypto technology that
hasn't been peer reviewed is insecure more often than not.)


There are a variety of ways this is handled with varying levels of
complexity. In general, though, the VALI program and/or DLL contains
the public side of a pre-generated pool of key pairs intended to be
sufficient to cover the entire lifecycle of the flight recorder
design. The manufacturer provides designated repair agents with key
reset hardware and/or software, which involves communication of
various one-time-only factors in both directions to set a valid
private key within the unit. In the rare event that the key pool is
exhausted, the VALI code can inform the user that a newer revision of
the software is needed. Including a manufacturer signed copy of the
public key in the G record has been proposed in the past, but there
are a number of flaws with that approach which make it unacceptable...

Marc

Getting back to the subject of the AH here are so many solid state rate
gyros on the market, which will interface to a pocket PC or whatever


Enjoy....

http://itunes.apple.com/us/app/airpl...385491648?mt=8

At 17:22 20 April 2012, Guy Byars wrote:
Getting back to the subject of the AH here are so many solid state rate
gyros on the market, which will interface to a pocket PC or whatever


Enjoy....

http://itunes.apple.com/us/app/airpl...385491648?mt=8

Yes, and I know it works, so that will be a ban on mobile phones then.

On Monday, April 23, 2012 at 12:53:05 PM UTC-7, Don Johnstone wrote:
At 17:22 20 April 2012, Guy Byars wrote:
Getting back to the subject of the AH here are so many solid state rate
gyros on the market, which will interface to a pocket PC or whatever


Enjoy....

http://itunes.apple.com/us/app/airpl...385491648?mt=8

Yes, and I know it works, so that will be a ban on mobile phones then.

One more thing: before you use your iPhone or Android AHRS app for cloud flying, you better try it while you can still see the horizon. All of them I have seen are easily confused by simple accelerations and would be worse than useless - dangerous actually - flying through a cloud.