Differences

This shows you the differences between two versions of the page.

--- cn:about:start [2017/12/26 08:30]
linthetranslator
+++ cn:about:start [2018/05/15 00:41]
chinger1313 [Censorship]
@@ Line 23: / Line 23: @@
   * 很多用户对于DJI在固件更新中带来的一些变更感到厌恶。当中部分用户对DJI大疆产品进行了逆向工程以解除这些限制并修改DJI大疆的客户端软件
 ===== 剽窃行为 =====
-  * DJI are using open source software components without acknowledging the contributions from the authors, and without complying with GPL license conditions for those components. ((
+  *
-Drone company DJI in active non-compliance of GPL (binaries released) [[https://linustechtips.com/main/topic/808436-drone-company-dji-in-active-non-compliance-of-gpl-binaries-released/|Linustechtips Article]]))
+  * DJI使用开源软件组件而不承认作者的贡献，并且不遵守GPL许可条件。除了不合法之外，使用别人的工作而不相信它，或遵守他们的许可条件是不道德的。更新:25- 8 -2017 - DJI提供了一个链接到一个开源下载页面。目前还不知道这是不是所有的开源代码，但这是DJI的一个非常积极的步骤。我们正在寻求DJI的官方声明，如果他们愿意发表一些关于这个话题的东西。*
-  * As well as being un-lawful, it is simply un-ethical to use someones work without crediting it, or abiding by their license conditions.
+到目前为止，根据分析，已经确定比先前披露的更多的信息正在对外传播。7)DJI已经同意创建一个离线的mode.8，但是DJI并没有公开在离线模式下发送的数据。离线模式被认为是非常积极的一步。DJI在非脱机模式下对通信的进一步评论将极大地帮助DJI客户恢复信任。DJI已经删除了iOS和Tinker的热补丁插件jsPatch，并将检查DJI GO和DJI GO 4的其他第三方插件和服务，并承诺在采取这些插件之前对任何新的第三方插件进行彻底的调查，以应对这里提出的安全问题。
-  * **Update: 25-Aug-2017 - DJI provided a link to an [[http://www.dji.com/opensource|open source download page]]. It is not yet known if this is all of the open source code, but this is a VERY positive step by DJI. We are seeking an official statement from DJI if they are willing to publish something on this topic.**
 ===== Data Leakage =====
   * Based on analysis so far, it has been determined that more information than has been previously disclosed is being transmitted externally. ((A video of network chatter from just opening DJI GO 4 is published  [[faq:dataleakage:chatter|here]])) ((Details of network traffic displayed visually when opening DJI GO here [[https://youtu.be/cuG-nVPQ3Dw|Youtube]]))
   * DJI have agreed to create an offline mode.((China drone maker steps up security after U.S. Army ban [[https://ca.reuters.com/article/technologyNews/idCAKCN1AU294-OCATC|Reuters]])) However, DJI have not disclosed what data is sent when not in offline mode.
   * **Offline mode is seen as a very positive step. Further comments by DJI on communications in flight when not in offline mode would greatly help to restore trust by DJI clients.**
-  * **DJI have [[http://www.dji.com/newsroom/news/dji-enhances-software-security-in-its-flight-control-apps|removed “hot-patching” plugins jsPatch for iOS and Tinker for Android, and will examine other third-party plugins and services in DJI GO and DJI GO 4, and is committed to thoroughly investigating any new third-party plugins before adopting them]] in response to security concerns raised here.**
+  * **DJI have [[http://www.dji.com/newsroom/news/dji-enhances-software-security-in-its-flight-control-apps|removed “hot-patching” plugins jsPatch for iOS and Tinker for Android, and will examine other third-party plugins and services in DJI GO and DJI GO 4, and is committed to thoroughly investigating any new third-party plugins before adopting them]] in response to security concerns raised here.**到目前为止，根据分析，已经确定比先前披露的更多的信息正在对外传播。7)DJI已经同意创建一个离线的mode.8，但是DJI并没有公开在离线模式下发送的数据。离线模式被认为是非常积极的一步。DJI在非脱机模式下对通信的进一步评论将极大地帮助DJI客户恢复信任。DJI已经删除了iOS和Tinker的热补丁插件jsPatch，并将检查DJI GO和DJI GO 4的其他第三方插件和服务，并承诺在采取这些插件之前对任何新的第三方插件进行彻底的调查，以应对这里提出的安全问题。
 ===== Back Doors =====
   * It has been found that the DJI GO application for both Android and IOS have back-doors allowing DJI to "hot patch" applications in a manner that breaches the rules imposed on DJI by both Google and Apple. ((Drone-maker DJI's Go app contains naughty Javascript hot-patching framework[[http://www.theregister.co.uk/2017/08/15/dji_go_app_jspatch_tinker_silent_update_no_review/|Theregister]]))
@@ Line 39: / Line 39: @@
   * While not technically a back-door, being forced into firmware changes is a concern. An alternate approach might be to guarantee that there are at least two firmware versions available for all products, so that in the event of concerns that are believed to be firmware related, that a pilot will at least have the chance to eliminate firmware as the root cause by downgrading to a different firmware level.
   * From a change management and risk mitigation perspective, providing no downgrade options at all is a safety hazard.
+  * 人们已经发现,收去申请Android和IOS后门让收热补丁应用程序的方式违反了规则对谷歌和苹果都收。9)热修补的实践本质上允许收完全改变收的功能应用程序没有一个试点的知识或同意。将其置于不同的背景下，热补丁就相当于一架飞机的航空电子软件完全取代了中段飞行。在这一点上，DJI一直信守诺言。到目前为止，分析确认了从最近的DJI更新中移除JSPatch和Tinker。虽然从技术上讲不是后门，但被强制转换成固件是令人担忧的。另一种方法可能是保证至少有两个固件版本的所有产品,所以在担心被认为是固件相关,飞行员将至少有机会消除根源的固件降级到不同的固件级别。从变更管理和风险缓解的角度来看，不提供降级选项是一种安全隐患。
 ===== Censorship =====
   * In DJI forums, it is against the rules to criticise DJI, or to talk about reverse engineering of DJI software. ((Threads  and posts arguing about company policies are not allowed, No content promoting the unauthorized modification.[[http://forum.dji.com/forum.php?mod=redirect&goto=findpost&ptid=71515&pid=623185&fromuid=836559|Forum Rules]]))
   * In third party forums sponsored by DJI, similar censorship is taking place for those that discuss topics that are not endorsed by DJI.
   * **DJI have recently removed their "NO UNAUTH MODIFICATIONS" warning in the forums. However, the policy has not changed. Lets hope DJI can continue in this direction, and review their forum rules to encourage a user community, instead of oppressing it.**
+  * 在DJI论坛中，批评DJI或讨论DJI软件的逆向工程是违反规则的。10)在DJI赞助的第三方论坛中，类似的审查正在为那些讨论不被DJI认可的话题进行。DJI最近在论坛上删除了他们的NO UNAUTH修改警告。然而，该政策并未改变。让我们希望DJI能够继续这个方向，并回顾他们的论坛规则，鼓励用户社区，而不是压迫它。
 ===== Safety =====
   * DJI has recently rushing out multiple updates and patches to prevent reverse engineering.

User Tools

Site Tools

Differences

Page Tools