The State of Massachusetts' Right-to-Repair law was passed in 2012, laying the foundation for the rest of the United States to begin securing consumer protections that would allow them to work on the products they own. General Motors and Stellantis are now claiming they cannot possibly adhere to the rules and have done nothing to prepare for complying with the law.
"We tried nothing and we're all out of ideas". This is a textbook example of "not my problem". If GM doesn't want to comply, then they can deal with the enormous fines we choose to levy against...
General Motors and Stellantis are now claiming they cannot possibly adhere to the rules and have done nothing to prepare for complying with the law.
"We tried nothing and we're all out of ideas".
This is a textbook example of "not my problem". If GM doesn't want to comply, then they can deal with the enormous fines we choose to levy against them. They are foolish to think we should be sympathetic here.
The most simple way to force compliance is easy: Sue for the release of any signing keys and instructions for flashing firmware. Bet they come up with a less cataclysmic solution much quicker.
The most simple way to force compliance is easy: Sue for the release of any signing keys and instructions for flashing firmware.
Bet they come up with a less cataclysmic solution much quicker.
That is certainly a nuclear option. I'm not sure it would go over well though, since there are genuine safety concerns with allowing arbitrary software to run on these systems. What we really want...
That is certainly a nuclear option.
I'm not sure it would go over well though, since there are genuine safety concerns with allowing arbitrary software to run on these systems.
What we really want is for automakers to stop using their locked down software to prevent third party hardware repairs. And I don't see why we cannot mandate that and fine automakers into bankruptcy if they refuse to comply.
There's safety concerns about virtually every part of a car. Software isn't somehow exempt from this. The automakers justify locking out hardware changes under the same premise and its just as...
There's safety concerns about virtually every part of a car. Software isn't somehow exempt from this. The automakers justify locking out hardware changes under the same premise and its just as ridiculous.
The people who would be doing these software mods are the same people who would be installing the physical parts of the car, which are far more critical at the end of the day.
The average Joe isn't gonna mess with flashing his car firmware given they can't figure out how to mess with their phones...and thats way easier.
My concern is more over people using custom software to get around emissions requirements. Software mods are far easier to to hide, as evidenced by VW's diesel emissions scandal. When someone can...
My concern is more over people using custom software to get around emissions requirements. Software mods are far easier to to hide, as evidenced by VW's diesel emissions scandal. When someone can just disable the mod in software by hitting a combination of buttons on the dash before going in for inspection.
shrug Fuel is gonna get so expensive nobody would dare do such a thing unless they were wealthy enough that bypassing emission standards is gonna be the least of their pollution. The reality is...
shrug
Fuel is gonna get so expensive nobody would dare do such a thing unless they were wealthy enough that bypassing emission standards is gonna be the least of their pollution.
The reality is that personal ownership of cars is ecologically unsustainable....squeezing a few extra MPG out of the equation doesn't change that much.
And the reverse arguement is also true...modders working to squeeze out every last bit of fuel efficiency by tweaking it the other way.
If you recall, the VW emissions scandal had nothing to do with fuel economy. Software can trade emissions quality for performance without hurting fuel consumptions
If you recall, the VW emissions scandal had nothing to do with fuel economy. Software can trade emissions quality for performance without hurting fuel consumptions
What about them? People gonna smash my windows to flash some unsafe firmware? Comprehensive auto insurance covers theft for such problems...even back when stealing a car was much simpler.
What about them? People gonna smash my windows to flash some unsafe firmware?
Comprehensive auto insurance covers theft for such problems...even back when stealing a car was much simpler.
Yeah. Or use a hacked transponder to unlock the car and get in that way. This is not something outside the capabilities of nation-state actors (or creepy stalkers) to do.
People gonna smash my windows to flash some unsafe firmware?
Yeah.
Or use a hacked transponder to unlock the car and get in that way. This is not something outside the capabilities of nation-state actors (or creepy stalkers) to do.
Cars are sufficiently interconnected now that a poorly secured one can be used for all sorts of malicious activity. People plug their phones into their cars and that's data transfer that can...
Cars are sufficiently interconnected now that a poorly secured one can be used for all sorts of malicious activity. People plug their phones into their cars and that's data transfer that can happen. There are self-driving functions and other safety features. There's the possibility of key logging and tracing the GPS location all done fairly transparently I ways that are difficult to trace because nobody actually updates this stuff, not even the certified repair technicians.
Then there's the host of other electronic components, speed governors, mechanical safety checks to control volume or acceleration or the automatic transmission that people can muck around with to make their cars less road safe for fun or to flex.
Which are only kind of working anyway, and the ultimate liability is on the driver. GPS tracking can be done with hardware already. And what kind of keylogging could come from a vehicle that would...
There are self-driving functions and other safety features
Which are only kind of working anyway, and the ultimate liability is on the driver.
There's the possibility of key logging and tracing the GPS location all done fairly transparently
GPS tracking can be done with hardware already. And what kind of keylogging could come from a vehicle that would compromise someone? And how would that happen? You download a malicious app that somehow compromises your car's computer?
Then there's the host of other electronic components, speed governors, mechanical safety checks to control volume or acceleration or the automatic transmission that people can muck around with to make their cars less road safe for fun or to flex
People already do this anyway. Software is not stopping anyone from doing all sorts of stupid, unsafe shit to a car.
I'm not saying these aren't legitimate concerns, I'm just saying that keeping vehicle software as proprietary as it currently is harms the consumer, repair shops, and the environment.
Here's an anecdote: my car's dashboard crashed the other day while I was driving. I lost my tach, speedometer, volume control, and cruise control. It restarted about 30 seconds later. For the money I spent, I don't think I'm out of line to say that's an egregious failure on Honda's part. If we want to talk about safety, reliability, and repairability, literally any other direction than the one we're going now could improve the all of these for the consumer.
Ideally. But more practically the ultimate liability is on the poor bastard the driver kills. Yes, but there's no need to introduce a second vector that is even harder to identify and disable. Or...
Which are only kind of working anyway, and the ultimate liability is on the driver.
Ideally. But more practically the ultimate liability is on the poor bastard the driver kills.
GPS tracking can be done with hardware already.
Yes, but there's no need to introduce a second vector that is even harder to identify and disable.
And what kind of keylogging could come from a vehicle that would compromise someone? And how would that happen? You download a malicious app that somehow compromises your car's computer?
Or the car's computer gets used to run malicious data on devices plugged into it. This isn't a big vector for any old user, but it does have serious implications for anyone who is high profile enough to be a target for spear phishing attacks.
Here's an anecdote: my car's dashboard crashed the other day while I was driving. I lost my tach, speedometer, volume control, and cruise control. It restarted about 30 seconds later. For the money I spent, I don't think I'm out of line to say that's an egregious failure on Honda's part. If we want to talk about safety, reliability, and repairability, literally any other direction than the one we're going now could improve the all of these for the consumer.
Honestly I would prefer they not computerize critical systems like this for just that reason. But as long as they are, I don't see repairability to be more open to tinkering making problems like this better I see it being worse. People will do dumb shit to make themselves less safe 10x more than they do smart things to make the dogshit software less dogshit. If we want to regulate things we should regulate out the incentives to introduce cool looking "showroom" features that introduce unsafe failure points in practical use.
I'm still a bit confused, though - I understand all of these are risks around critical software systems, and I agree that there's a nuanced conversation to be had around what should and shouldn't...
I'm still a bit confused, though - I understand all of these are risks around critical software systems, and I agree that there's a nuanced conversation to be had around what should and shouldn't be modifiable within those systems, but I still don't see how that links to car theft or other similar activity?
I'd expect flashing the firmware on a car to be harder than outright stealing it, if nothing else just because starting the car is something you need to do multiple times daily without frustration whereas a software change can reasonably throw up far more obstacles and security checks. I see the risks of the owner using firmware to fuck with things that shouldn't be fucked with, and honestly it's not a subject I've thought on for long enough to have a strong opinion either way on that, it's just the car thief/general criminal angle that I'm not seeing.
If you're a total stranger yes. But not if you're someone with irregular access to someone else's car, such as a jealous spouse, a roommate, or if it's a rental. Independent mechanics as well,...
I'd expect flashing the firmware on a car to be harder than outright stealing it
If you're a total stranger yes. But not if you're someone with irregular access to someone else's car, such as a jealous spouse, a roommate, or if it's a rental. Independent mechanics as well, though that will be a problem even without the software being locked down since they'll always need access to do their jobs. There is going to need to be some kind of trust/verification system designed for this that just isn't there yet.
The potential with rentals and fleet vehicles is especially wide just because they change so many hands. Imagine every attendant and clerk at a rental car agency with the keys to their cars being able to expose the car's location data. Now imagine you're an attractive woman traveling alone and booking a rental. . .
"We tried nothing and we're all out of ideas".
This is a textbook example of "not my problem". If GM doesn't want to comply, then they can deal with the enormous fines we choose to levy against them. They are foolish to think we should be sympathetic here.
The most simple way to force compliance is easy: Sue for the release of any signing keys and instructions for flashing firmware.
Bet they come up with a less cataclysmic solution much quicker.
That is certainly a nuclear option.
I'm not sure it would go over well though, since there are genuine safety concerns with allowing arbitrary software to run on these systems.
What we really want is for automakers to stop using their locked down software to prevent third party hardware repairs. And I don't see why we cannot mandate that and fine automakers into bankruptcy if they refuse to comply.
There's safety concerns about virtually every part of a car. Software isn't somehow exempt from this. The automakers justify locking out hardware changes under the same premise and its just as ridiculous.
The people who would be doing these software mods are the same people who would be installing the physical parts of the car, which are far more critical at the end of the day.
The average Joe isn't gonna mess with flashing his car firmware given they can't figure out how to mess with their phones...and thats way easier.
My concern is more over people using custom software to get around emissions requirements. Software mods are far easier to to hide, as evidenced by VW's diesel emissions scandal. When someone can just disable the mod in software by hitting a combination of buttons on the dash before going in for inspection.
shrug
Fuel is gonna get so expensive nobody would dare do such a thing unless they were wealthy enough that bypassing emission standards is gonna be the least of their pollution.
The reality is that personal ownership of cars is ecologically unsustainable....squeezing a few extra MPG out of the equation doesn't change that much.
And the reverse arguement is also true...modders working to squeeze out every last bit of fuel efficiency by tweaking it the other way.
If you recall, the VW emissions scandal had nothing to do with fuel economy. Software can trade emissions quality for performance without hurting fuel consumptions
What about a guy who breaks into your car?
What about them? People gonna smash my windows to flash some unsafe firmware?
Comprehensive auto insurance covers theft for such problems...even back when stealing a car was much simpler.
Yeah.
Or use a hacked transponder to unlock the car and get in that way. This is not something outside the capabilities of nation-state actors (or creepy stalkers) to do.
I don't think I'm following how openly accessible firmware would alter the risk there compared to the status quo?
Cars are sufficiently interconnected now that a poorly secured one can be used for all sorts of malicious activity. People plug their phones into their cars and that's data transfer that can happen. There are self-driving functions and other safety features. There's the possibility of key logging and tracing the GPS location all done fairly transparently I ways that are difficult to trace because nobody actually updates this stuff, not even the certified repair technicians.
Then there's the host of other electronic components, speed governors, mechanical safety checks to control volume or acceleration or the automatic transmission that people can muck around with to make their cars less road safe for fun or to flex.
Which are only kind of working anyway, and the ultimate liability is on the driver.
GPS tracking can be done with hardware already. And what kind of keylogging could come from a vehicle that would compromise someone? And how would that happen? You download a malicious app that somehow compromises your car's computer?
People already do this anyway. Software is not stopping anyone from doing all sorts of stupid, unsafe shit to a car.
I'm not saying these aren't legitimate concerns, I'm just saying that keeping vehicle software as proprietary as it currently is harms the consumer, repair shops, and the environment.
Here's an anecdote: my car's dashboard crashed the other day while I was driving. I lost my tach, speedometer, volume control, and cruise control. It restarted about 30 seconds later. For the money I spent, I don't think I'm out of line to say that's an egregious failure on Honda's part. If we want to talk about safety, reliability, and repairability, literally any other direction than the one we're going now could improve the all of these for the consumer.
Ideally. But more practically the ultimate liability is on the poor bastard the driver kills.
Yes, but there's no need to introduce a second vector that is even harder to identify and disable.
Or the car's computer gets used to run malicious data on devices plugged into it. This isn't a big vector for any old user, but it does have serious implications for anyone who is high profile enough to be a target for spear phishing attacks.
Honestly I would prefer they not computerize critical systems like this for just that reason. But as long as they are, I don't see repairability to be more open to tinkering making problems like this better I see it being worse. People will do dumb shit to make themselves less safe 10x more than they do smart things to make the dogshit software less dogshit. If we want to regulate things we should regulate out the incentives to introduce cool looking "showroom" features that introduce unsafe failure points in practical use.
I'm still a bit confused, though - I understand all of these are risks around critical software systems, and I agree that there's a nuanced conversation to be had around what should and shouldn't be modifiable within those systems, but I still don't see how that links to car theft or other similar activity?
I'd expect flashing the firmware on a car to be harder than outright stealing it, if nothing else just because starting the car is something you need to do multiple times daily without frustration whereas a software change can reasonably throw up far more obstacles and security checks. I see the risks of the owner using firmware to fuck with things that shouldn't be fucked with, and honestly it's not a subject I've thought on for long enough to have a strong opinion either way on that, it's just the car thief/general criminal angle that I'm not seeing.
If you're a total stranger yes. But not if you're someone with irregular access to someone else's car, such as a jealous spouse, a roommate, or if it's a rental. Independent mechanics as well, though that will be a problem even without the software being locked down since they'll always need access to do their jobs. There is going to need to be some kind of trust/verification system designed for this that just isn't there yet.
The potential with rentals and fleet vehicles is especially wide just because they change so many hands. Imagine every attendant and clerk at a rental car agency with the keys to their cars being able to expose the car's location data. Now imagine you're an attractive woman traveling alone and booking a rental. . .