hey wanna read some horrors? https://www.w3.org/TR/exi/

@whitequark I miss respecting w3. It's been a long time but I still miss it.

@whitequark #wtfEXI

is it only me or does a 1.0 - second edition seem that it will be a bumpy road?

@whitequark
The real horror is that #EXI is used in an ISO 15118 sandwich on top of HomePlug AV (with broken encryption) and TCP (mostly with no encryption, but sometimes mixed with a wild PKI) to real-time control up to a Megawatt of electric power flowing into a car.

#PowerLine #V2G #EV

@ge0rg aaahhhh

@whitequark
And to add to the horror, all of the cars and chargers are in the same physical powerline broadcast domain, so when another car is plugged in, it needs to broadcast ping and measure the response signal strength(*) to find out which charger it's connected to...

And once the data channel is up, you authorize the payment with the absolutely unforgeable and secret... *checks notes* serial number of your RFID card!

(*) SLAC (Signal Level Attenuation Characterization)

@ge0rg I would rhetorically ask "are these people on drugs?" however I've known many, _many_ drug addicts and most of them designed vastly better architecture that whatever the fuck this is

@whitequark
Designed by electrical engineers!

@ge0rg See, this unfortunately makes an amount of sense I wish it didn't

@whitequark @ge0rg

... Yeah I gotta agree, uncomfortably that answer makes sense.

@whitequark @ge0rg in the same way that digital protocols designed by RF (and/or telecoms) engineers tend to, I’d guess

@ge0rg @whitequark and a ketaminated bufoon, apparently.

@f4grx @ge0rg i have done a lot of ketamine. it doesn't make you Like That

@whitequark @f4grx @ge0rg can confirm for both this and other compounds

The Drug Alone ain't the whole story

@whitequark oh fuck DER was not enough for them they had to invent yet one more tree serialization.

why not CBOR encoding rules for XML while at it?

Even better, lets resurrect bittorrent serialization.

@f4grx @whitequark CBOR and it seems DER are dumb tlv encodings. Add Minecraft NBT here while at it.

EXI appears to do additional compression with grammar derived from schema.

@uis @f4grx i bet you $100 it will lose to "simply run it through zstd afterwards" on any real-world benchmark. probably through gzip even

@whitequark @f4grx afterwards, not before.
I've seen cases where uncompressed binary representation beats compressed json.
Not for nothing in every compression schema there is a filter before entropy coder. This is just more context-aware filter.

@uis @f4grx "afterwards" as in "run text through zstd".

@whitequark @uis @f4grx on sdn-advanced.xml from https://sanctionslist.ofac.treas.gov/Home/SdnList , I get 14x compression with EXI, and around 23x with zstd -3

I guess it could be faster, but it doesn’t seem to be with the Java tools I found (tho I’m timing from the CLI and the startup costs are probably non-optimized by Siemens (yes, it’s their creation apparently) so who knows how fast even Java is)

@ignaloidas @f4grx @uis fascinating choice of XML document but yes, this is essentially what i would expect

@ignaloidas @f4grx @uis oh they sanctioned so many people it's 100 MB, that explains it

@ge0rg @whitequark
Just to confirm my slightest hope here:
When my car isn’t premium enough to have ISO 15118 charging … I‘m better off? Or is the communication between charging station and eg provider app equally cursed?

@AliveDevil @ge0rg @whitequark So basically all of the EV charging plugs allow encapsulation of arbitrary IEEE 802.* protocols.

I’m shocked we haven’t seen a ransomware incident spread from a public charger to cars yet.

@whitequark pages and pages of spec and no clear benefit over gzip

@hailey the NSA would love all the opportunities to have a buffer overrun there, though!

@whitequark this is my fav w3c horror spec https://www.w3.org/Protocols/HTTP-NG/http-ng-arch.html

@tef oh wow, this is basically HTTP/3 but ... actually much more sane and sedate

@whitequark wait i think i meant this one that arrived later https://www.w3.org/TR/WD-HTTP-NG-architecture/Overview.html

@tef > 3.13.5. Distributed Garbage Collection

What the fuck

@whitequark there we go

@ignaloidas @whitequark @f4grx EXI+zstd -3 how much?

@uis @whitequark @f4grx IIRC only marginally smaller than just zstd -3

but I only tested the bit-packed mode, maybe others compress better than it

@ignaloidas @f4grx @uis (marginally smaller... at how much complexity cost?)

@hailey @whitequark Except that using gzip inside encryption makes you susceptible for CRIME/BREACH style attacks.

@pixelschubsi @hailey not sure how this is a "clear benefit" given we have plenty of mitigations for CRIME/BREACH style attacks, while the option it seems you're proposing is "cleartext envelope" that leaks lots of metadata

@ge0rg @whitequark yeah, I think one alternative had been “single wire CAN” over the control pilot pin, as used by Tesla Superchargers back then. 83kbps, bidirectional, the basics known by everyone in the industry, a pragmatic and completely sane solution for the problem of charging cars, with much future expandability to spare. Pretty much on point.

But then we came into the “design by committee” phase of EV charging, and now we have this fucking thing.

@vogelchr
But you can't do TLS PKI over 83kbit/s CAN!!111
@whitequark

@ge0rg @vogelchr you can't?

@whitequark
This is not a question of technical feasibility.
@vogelchr

@ge0rg @vogelchr let me rephrase: I'm curious what the argument presented against it was

@vogelchr @ge0rg @whitequark Yeah, that's the part about EV charging that I never understood: What decisions resulted int using a standard derived from residential power line communications being used for vehicle-to-charger communications since
- It's not even powerline with the physical layer impairments that come with it
- They could have used CAN or single-pair ethernet

Was someone on that committee really destined to find new markets for their existing powerline communications protocol?

@karotte
If you ever figure this out I would be interested in the result. Powerline felt so wrong since I learned tha it is used in ev charginging... @vogelchr @ge0rg @whitequark

@ge0rg @whitequark I'm sorry, THEY'RE IN THE SAME BROADCAST DOMAIN AND THEY DO WHAT???

@robot
You know, powerline is essentially a high frequency radio protocol using power lines as antennas, and there is _quite_ a bunch of power lines in an EV charging park.

https://www.sstic.org/media/SSTIC2019/SSTIC-actes/v2g_injector_playing_with_electric_cars_and_chargi/SSTIC2019-Article-v2g_injector_playing_with_electric_cars_and_charging_stations_via_powerline-dudek.pdf §3.2 has a nice write-up of that protocol. Bring booze.
@whitequark

@ge0rg @whitequark i just assumed there was some attempt at isolation, thanks for the article. I definitely am going to read it.

@robot
The isolation happens by creating a logical powerline network between the EV and its charger, after the attenuation measurement, by exchanging the network encryption key in cleartext.
@whitequark

@f4grx
by bittorrent serialization you mean bencode? If so, what's wrong with that?
@whitequark

@wolf480pl @whitequark nothing, it just works, it's just yet another Nth standard :)

@f4grx @whitequark
I like it because it doesn't have nested length fields, so there's at most one way to parse it