|
| unknownaccount wrote:
| This is horrifying.
| Denvercoder9 wrote:
| Could you explain why?
| jw1224 wrote:
| A real-life UUID collision
| AzzieElbab wrote:
| Not that terrifying when humans are involved... assuming
| competence
| iworahipfaangs2 wrote:
| Why?
| akmarinov wrote:
| It's an identifier collision, they're supposed to be unique.
| That's what did SHA-1 in.
| mort96 wrote:
| SHA-1 is a hash function. What did it in is that there was
| found a way to make different strings hash to the same
| value. This is just someone accidentally re-using serial
| numbers, it's not a weakness in some algorithm.
| intrasight wrote:
| What's really horrifying is this: "such an incident cannot be
| detected unless the boxes arrive at the same port at the same
| time"
|
| So they running this port with pencil and paper? No database?
| No sanity checks?
| curious_cat_163 wrote:
| What are the odds?
| thrill wrote:
| 100%
| arecurrence wrote:
| The manufacturer reused identifiers (5 to be precise) in a later
| batch. This was a manufacturing error rather than a freak
| collision.
|
| Must be a slow news day for this to be a top story on HN...
| WebbWeaver wrote:
| >Salam said that it is not possible to identify the number of
| boxes with double-up numbers without the report from the Chinese
| manufacturer.
|
| Sounds troubling.
| wheybags wrote:
| I always wondered if there isn't someone out there making dodgy
| devices with mac addresses in someone else's range.
| dspillett wrote:
| Many years ago I encountered cheap knock-off network cards1
| that had default MACs in the range of a big known name brand,
| and as far as I know it wasn't some cross-
| branding/affiliate/other deal. So yes, there has been and no
| doubt still is.
| linuxlizard wrote:
| Several years ago I worked for a company that made a
| usb+network and usb-only skew of their product. The usb-only
| boards were the same as the usb+network boards with a few parts
| not populated.
|
| We started getting tech support complaints when we sold the
| product into China. Turns out, an enterprising vendor bought a
| single usb+network printer, desoldered the EEPROM (containing
| the ethernet mac address). Then that vendor bought usb-only
| (cheaper) products, added the additional parts and bulk copied
| the single eeprom image (with the mac address) onto the new
| products, selling them as the more expensive usb+network sku.
| Result: a dozen+ of our product running on the LAN with the
| same mac address.
| banana_giraffe wrote:
| The container in question is SLHU4500470. The first four
| characters are the owner, the next 6 digits are the unique (per
| owner) number, and the last digit is a check digit.
|
| Somehow I always assumed there'd be more than 6 digit IDs for
| these things. I'd guess collisions have happened, but never been
| caught in the same port before.
| Denvercoder9 wrote:
| What happens when somebody has more than a million containers?
| 6 digits doesn't seem enough to guarantee uniqueness.
| cortesoft wrote:
| You assign a second owner number to the group, probably
| addaon wrote:
| There's only about six million active containers in the
| world. If one owner has more than a sixth of them, an easy
| fix would be to issue them a second owner code, basically
| extending the six-digit field by a bit.
| smm11 wrote:
| Either this is a legit warp in the space-time continuum, or it
| simply is what it is.
| antonymy wrote:
| The minute I started reading I was waiting for the phrase "made
| in China" to appear. It's in the 7th paragraph: " M Salam noted
| that the mistake occurred when containers were made for Sea Lloyd
| in China."
| ortusdux wrote:
| It sounds like the actual unique number is only 6 digits long and
| chosen by the manufacturer, so it could either be a mistake or
| identical randomly generated numbers. My math is a bit rusty -
| how you you solve the birthday problem for 1mil instead of 365?
|
| https://containertech.com/articles/shipping-container-number...
|
| https://en.wikipedia.org/wiki/Birthday_problem
| Upvoter33 wrote:
| The best part for me was discovering that a site called
| "container news" exists.
| anewpersonality wrote:
| Why is this a big deal.. a signal of the end of the world
| perhaps? Or nefarious forces at play?
| _3u10 wrote:
| It's like having two cars with the same plate
| AlexandrB wrote:
| Isn't it more like 2 cars with the same VIN? The plate in
| this analogy would be the seal.
| isatty wrote:
| Sounds like it, but I'm still interested in finding out how
| big a deal it is. A quick search shows that there have been
| cars found with duplicate VINs and making a container with
| the same serial number seems like pretty pedestrian crime
| in comparison. That is not to say that this is a crime,
| could just be plain old manufacturing mistakes and it's
| also obvious that not all container management systems
| check for it (even if it did, unless both end up in the
| same registry it won't matter anyway).
| danielodievich wrote:
| I have a custom license plate on my car in my state. A friend
| of mine told me they saw the same custom license plate on the
| same vehicle make/model in another state. The only bummer was
| that that car's color was red, whereas mine is yellow. So two
| cars with same plate is totally doable if issuing authorities
| are different. Two cars with same plate from same issuing
| authority, that's the problem
| jsiaajdsdaa wrote:
| oh no! now how will they track us!!
___________________________________________________________________
(page generated 2022-07-22 23:00 UTC) |