Billionaires love AI chatboats so much because they invented the digital Yes-man. They agree obsequiously with everything we say to them. Unfortunately for the rest of us we don't really have the resources to protect ourselves from our bad decisions and really need that critical feedback.
The underlying tension is that "you own the car" means something very different from "you own the software running the car." Tesla treats the firmware as licensed software rather than property you can inspect and modify. The bug bounty program is a PR-friendly way to say "we support security research" while keeping full control over who gets access and under what terms.
Right-to-repair legislation is chipping away at this but slowly. The EU's right-to-repair directive covers physical repair and doesn't really touch software access. The real test would be a regulator taking the position that restricting root access on hardware you own constitutes an anticompetitive tying arrangement, since you can't use the car's data for your own purposes without going through Tesla's APIs and paying their fees.
John Deere has been the main battleground for this argument so far. Farmers can't repair their own tractors without paying for dealer access to diagnostic software. Tesla is the same pattern applied to consumer vehicles, but the consumer advocacy pressure is weaker because fewer people feel the pain directly.
>> Tesla is the same pattern applied to consumer vehicles
No i'd push back on this because the entire workshop manual is available for free without even registration required. You can literally google and land in the relevant sections and it is of a far higher quality than ford, VAG or bmw as three examples i'm pretty familiar with. I haven't seen the John Deere stuff.
Tesla does have "special tools" for some repair procedures, a practice as old as the auto industry but they don't rely on them to the same extent as BMW for example. Anecdotally, the special tools i'm aware of are genuinely useful - for example, the tool for disconnecting seatbelt anchors saves time vs the traditional bolt - where special tools on other marques are often clearly to workaround a failure of packaging or engineering resulting in tight access for a regular tool.
Their online API access is a little bit annoying, or at least unfriendly to casual home user, specifically the workflow to register an OIDC client, but not insurmountable.
> No i'd push back on this because the entire workshop manual is available for free without even registration required
That's because they were forced by Massachusetts expansion of Right to Repair laws. Before that in 2021, service manuals were withheld and required $3,187 a year or $371.88 a month to see them. Before that in 2018, it was $100/day to view them. Before that, you had to pay and book an appointment and go in person to view them.
yeah this is kind of the point. the manuals being free now is genuinely good, but it happened because Massachusetts forced it, not because Tesla decided openness was good for customers. that pricing history is pretty telling -- $100/day to look at a repair manual for a car you already paid for isn't exactly "we support independent repair."
Craig's point about the special tools being well-designed is fair, I don't think Tesla is uniquely bad on the mechanical side. but the software lockdown is a separate thing from workshop manuals. you still can't get root on the infotainment system or run your own diagnostics without going through their API, which is the part that's more like John Deere than a traditional automaker.
If Tesla making the service manuals free is due to the Massachusetts right-to-repair law, then how do other manufacturers (eg: Ford) still get away with not doing so?
I don't think there's a requirement that they give access for free but they are alone i think in doing so.
Here in the UK (where i also have free tesla repair manual access) i have to pay a daily rate (there are annual subscriptions available) for other marques and i would say it's not cheap.
For example, ford charges me £20/hour or £75/day for access to manuals, wiring diagrams, online connected diagnostics (which sounds more impressive than it is, the UI will show vehicle status like fuel tank level or error codes reported by the various ECUs, without physically connecting to the vehicle, i.e. it's done over the vehicle telemetry link), and the ability to connect via a data link connector device for diagnostics and some reflashing activities. Security activities like key coding require a further (chargeable) registration).
The same setup is available by at least VAG, BMW and Fiat Chrysler (the latter has an annoying extra device registration step the others don't). All chargeable.
> "Tesla is the same pattern applied to consumer vehicles"
It really isn't. Unlike John Deere, Tesla is actually pretty good on right-to-repair. All of their technical and repair manuals are available for free to anyone. The service/diagnostics software ("Toolbox") is also available to anyone, albeit for a (not entirely unreasonable) fee.
(There is also a service mode built in to the car which can do many basic diagnostics for free)
> All of their technical and repair manuals are available for free to anyone.
That should be the bare minimum. Ford charges you 40 dollar an hour for it and unless you know exactly what you are looking for you will spend several hundreds on it.
Too bad ford killed their old site, the print form was unauthenticated and you could print the entire schematics to pdf if you knew the internal model number. Or do what I did and run a script to dump it to higher res PNGs.
charm.li covers Fords and many other makes too up to 2013 ish. It is a pirate archive site holding workshop manuals for thousands of cars. Very useful. Very free. Long may it stay hidden.
More legitimately, alldata.com has repair data, workshop manuals for most marques up to today and will sell you either single vehicle (called "DIY") or a package aimed at independent mechanics where you can access anything. Same manuals either way, but you pay per vehicle with DIY (and have to contact support to switch.)
I didn't know they had shop manuals. That's been a pretty big limitation of my spouse's Buick is that there isn't any information or exploded-view diagrams of anything so we basically have to pay an hourly for someone else to change emissions parts in response to trouble codes.
ETIS is dead and Ford finally pulled the plug, though since the current backend is some semi-custom IBM bloat I would not be surprized if you could get by that without too much hassle (took them three years to find out I was downloading all my car's travel and charging logs before they banned the dummy account, but now they track it and discontinued most of it anyways).
I won't go into details but searching around with the "forum" keyword and etis might get you somewhere (at least that did the trick a few years ago, now with LLM slop I don't know, and what the other person posted).
I would love to lobby to change how the law works for these cases: for some definition of "firmware" (informally "software that ships with hardware and is not intended to be selected by the consumer like a computer operating system"), add a copyright exception so that modifying the firmware in situ is treated like modifying the physical hardware, because in practice they are in fact the same thing: a single component that does a single thing.
With this, the John Deere approach to gatekeeping vehicle repair would no longer be legally protected by the DMCA or by copyright law. All the other protections afforded by copyright law would still apply: you cannot rip the firmware off the hardware and distribute it, the manufacturer is under no obligation to help you modify it, etc.
However, tools which patch or circumvent antifeatures of the firmware would now be legal to use on hardware you own: it would be legal to patch out software locks, retune engine computers, etc.
I think the law should regard the general thing being copied (firmware, software, etc) as different from a single copy. For example, the law could regard modifying a single instance of firmware similarly to the way it regards modifying a book. Right now you can take a book and mark it up or tear pages out if you want without any permission, and the only reason permission would be required for firmware is because of the ability to have telemetry and attestation. So it seems like a pretty good extension of copyright law to protect any modification of a copy but not the sale of additional copies.
>The underlying tension is that "you own the car" means something very different from "you own the software running the car."
What does that mean? "The software" is a specific configuration of the hardware you own. How can you own the hardware and not the specific copy of whatever data is on it? Note that I'm not confusing the copy of the data with the IP rights to it.
Because American courts have entertained utterly moronic claims for decades now and the DMCA eliminates any sanity in consumer rights around IP products.
When you bought a DVD, you didn't "Own" the movie, but you had a legal right to do things with that data you didn't "own" anyway, like format shifting and selling that physical object on to another person. You could copy that data off and do things with it. I think technically it would be a copyright violation to then put that movie file into Movie Maker and cut up your own personal highlight reel, but good luck finding a judge willing to hear that case if you don't upload it to youtube.
Now, thanks to the DMCA and courts being absurdly credulous of bullshit arguments from corporate attorneys, you no longer have basic consumer rights. If you try to even inspect the code that runs to protect your literal life, that can be a crime. You own the literal hardware, but if you try to act like you own it, that's a crime. You technically still have the right to format shift a BluRay for example, but bypassing the math protecting that data overrides that "right" and you are guilty of a crime. A CEO's wet dream.
If the DMCA was older, IBM could have prevented the existence of the Clone PC market and ensured a locked up market. We would all be stuck on absurdly shit hardware because that's what was more profitable for IBM.
Pre-DMCA, Sega was told that their trademark rights were overridden by the innate market right to interoperate with their product. IP rights used to be fairly weak! Sony could not prevent a company from selling a software product that ran playstation games. To this day, Nintendo simply pretends these court cases didn't happen.
This is part of why China has so much success in manufacturing and product development IMO. They don't need to develop purposely worse versions of things just so some other company can sit on their hands for 20 years collecting rent. If you want a fast moving market, the ability to lock things down for 20 years is fundamentally unacceptable, only enriching a few owners, and outright harming our country. Basically every time in history that IP rights are weakened or nullified, you see a burst of development and advancement in products and solutions.
If you're going to sell the car with the modified firmware, fine.
But at least in my jurisdiction, I can mechanically modify the car in any way I please, as long as it still has seat belts, brake lights, and bumpers of a certain height. It doesn't even still require a steering wheel; that's not specified in the law as far as I've been able to find. (Now, if I removed the muffler and made it louder than proscribed by law, I could be cited for a noise violation, but only at such a time as I womped on the gas and actually made the noise. The car itself being _capable_ of the noise is not, inherently, illegal.)
This blew my coworkers' mind once as I unplugged the passenger-side airbag while mounting a bunch of new stuff there. Apparently in some places, it requires paperwork and certifications just to unplug a connector? Weird.
The EU has explicit requirements in UNECE R155 and R156 related to cyber security and software update. A manufacturer will NEVER ever get a car homologated with root access, regardless if it is due to a vulnerability or by design. In fact, if some CVEs are found for your car that allows root access, you have to report this to the authorities and take immediate corrective action. It’s basically the same as if you found the car has defective brakes or airbags.
> The underlying tension is that "you own the car" means something very different from "you own the software running the car."
How is this different from the 2000s, or the 90s, or even before, when the normal thing to do with commercial software was to purchase a license to use said software and a physical medium containing a copy? You'd also then not "own the software", but you owned the right to install a copy on your own computer and use it. That worked without having to hand over the keys to your own computer.
Sure, the physical delivery medium is gone, but that's just a detail. Why do we now think that just because we license software for use, we can't be in ultimate charge of our own devices?
In 1990 Ford couldn't turn off your Mustang because you plugged a TwEECer into the J3 port and screwed around with the tune. Best they could do was void your warranty and deny you further upgrades (i.e. tunes flashed as part of a recall or TSB).
These days unauthorized access tends to lose you effective use of the hardware you bought because the hardware requires software features to work and that software often unnecessarily phones home so if the OEM toggles a field in a DB somewhere you lose access to back up assist or whatever other fancy tech features that you a) paid for b) don't strictly need to have dependencies that phone home to work but do "because reasons".
Tesla absolutely does not apply the same patterns as John Deere.
Everyone can fix Teslas. Parts are easy to obtain. Never had issues with them.
John Deere on the otherhand is the absolute evil of right to repair.
It's not whataboutism, it's a legitimate question. How does it increase safety on the road to reject local SSH connections by a dumb user, when that same user can mess with the car physically?
Simplest example: a driver could probably disable attentive driving checks by pasting a script in from a web search in a few minutes. Nothing like an inattentive 3750 lbs weapon.
Yeah and they could hire a professional driver or a engineer and IPO for billions a life sized driving AI powered crypto robot too. Look, like clearly google + ctrl-v scripting or running an one click deployment exe on your computer on a whim is different than physically ordering/picking up something and then installing it into a vehicle?
Of course they're different, but you're trying to argue that the former takes objectively less effort than the latter, and it doesn't. One or the other may take less effort depending on who you are and what you know.
In most cases I agree with this, but maybe not for potentially dangerous things like cars? What if someone roots into their car and disables some essential safety feature - maybe even a legally mandated safety feature?
More concretely, the expertise-required-to-access-root is in a different field to the expertise-required-to-make-wise-changes. i.e. you might know how to hack a car, but that doesn't mean you know how cars operate.
Given electric cars are responsible for much bigger responsibilities than combustion cars (avoid driving into that bicyclist), there are new concerns here which beg extra consideration.
I actually think we should be asking more of safety regulations here with regards to the design of electric/computerized cars.
Think of it this way: every concern you have about a teenager having root on their electric car is the same as any sociopath hacker (AI enabled for modern nightmare fuel) who finds a root vulnerability and decides to not be a good person with it. If a teenager can mess with the collision avoidance, e.g. Israel can modify it to murder anyone who talks shit about Israel in the car. Or the CIA could turn it into a weapon. Or one day some dev could push a bad OTA update. Et cetera. Our safety regulations should mandate design features to prevent a malfunctioning computer from posing any greater safety risk than any other modified part in the car.
Up until v recently cars were not remotely accessible and part of a command-and-control network which Teslas are (perhaps other modern cars are too, I only know Tesla because I have one).
I know that the car reports practically all user events to Tesla in real time over the cell network (eg, open door), and I know it has root access. I don't know if that root is available remotely and I don't know if foundational commands like steering, acceleration and brake are accessible via the CLI (they are computer controlled actions locally)
THUS I would not want to drive a Tesla if there was the possibility of all cars being rooted and remotely controlled by an unauthorized actor.
No one should have nuclear weapons, we aught to have robust policy, institutions, and vigilance to prevent their proliferation and use.
Computerized vehicles aught to be strictly regulated in terms of how computers may affect the physical operation of the car, such that a reasonable standard of safety can be ensured outside the usual risk one takes when hopping in a motor vehicle. The fact that a hacker can possibly kill people by rooting an infotainment system is a symptom of the general disregard for security in design, and we continue to ignore it for engineering expediency.
Then why wasn't it a problem before? People have always been able to install aftermarket or possibly even hacked together physical parts. If there was liability you'd expect some sort of shield blocking access to, for example, the hydraulic system for the brakes.
As it turns out though blatant irresponsibility is quite rare (depending on your definition anyway) since people have a strong self interest in not endangering their own lives or wallets. It's similar for homeowners - many states explicitly carve out a requirement that insurance companies cover DIY modifications that are within reason and this generally works out since you have a strong vested interest in not destroying your own house regardless of any insurance policy.
People get killed by changes to exhaust, height (lift kits), bumpers (bull bars in particular), etc pretty often, though. And I can imagine software changes (exhaust is part of that actually) could kill people too.
Maybe you think daytime running lights are stupid and want to disable them for instance.
Sure. Point is nothing has really changed. Largely there's no problem and to the extent that bad things happen it isn't something novel that's only just come up. It's not in and of itself an excuse to erode private ownership. If intervention is required then regulation should be passed deliberately by the legislature.
Well both of those examples could potentially electrocute you or start a fire and both can be done by a homeowner if he feels like it.
I don't disagree that it's a bit different in certain ways but I feel like that's drifting off topic. It shouldn't be up to manufactures to determine these things unilaterally but rather the legislature. Particularly any justification to the contrary rings hollow in this case because there's a very strong conflict of interest.
It is. Thousands of people have died because of aftermarket headlights. Harder to assess, but probably much larger, is the number of excess deaths from nitrous oxide etc. emitted by modified cars.
There are about 3000 deaths per year in Sweden attributed to position from cars, and 300 physical accidents. So it is a really big issue, but it is almost impossible to make people understand that their car use and modification mains people.
Modified cars can release 1000x more polution, on streets with 800 daily cars that will have an affect.
You can ban modifying your car to pollute more (which we do) without banning modifying your car.
This isn't complicated FFS.
The difficulty against this in the US is the unfortunate reality that the people coming to these shops to enable their stupid trucks to roll coal are the people who should technically be raiding and shutting down these companies. This can be fixed.
Physically, you can already modify your car to be controlled by a stupid program and that has been possible since at least the 90s. You can do the supposed harm by not being aware of damage to your exhaust system.
The solution to exhaust harms of ICE engines is electric cars, not a reduction in consumer rights.
The EPA heavily regulates any emissions defeat devices. The problem is they spend most of their time going after tuner shops where most cars run on ethanol rather than diesel shops who cater to brain-damaged customers who think rolling coal is "cool"
In Spain (but I think in every EU country) you must go through legal inspection and certification if you do modify your car. And most of the aftermarket mods people install are totally illegal and would not pass that exam. I mean changes like putting a spoiler, lowering the height from ground etc
I don’t think that’s the reason, seeing as a car is already endangering everyone around it by existing. More likely about keeping the tooling to diagnose issues proprietary and expensive.
That kind of thing is always the stated justification but never the real reason.
Almost invariably when that excuse is trotted out, there are are usually many things that are much more common that are also far more dangerous. For example, texting while driving or driving with bald tires in the wet are both 100x more dangerous than anything almost anybody would do by modifying the car's software.
Four 9/11s worth of people die every year from drunk driving. If we can't even get that under control, I don't see why being able to modify your own car is a big deal.
Enforcement is abysmal for stupid reasons. Courts are reluctant to remove the ability for people to drive because America purposely made itself dependent on cars, and cops are reluctant to actually arrest a lot of people for drunk driving because they tend to be buddies, or worse. You can find plentiful examples of off duty officers trying to get out of drunk driving simply by being a cop.
This is what you get when you can vote on the sheriff and judges who insist they are "Tough on crime" because they sentence a dude smoking a joint to years in the joint while ignoring real problems like, you know, murder and theft and violence and all the shit their buddies are doing. The "Tough on crime" people are the ones drunk driving often enough.
Even as a well trained software engineer who works on transportation software including ECUs (heavy equipment not cars), I'm not sure there is much I could do with root. IF I had full source code to my car's radio I might try to add android-auto back in (it has android-automotive so I know it can do it), but if that isn't easy I'd probably give up. Without source code and a lot of time doing anything is impossible - as anyone else who works on complex software knows.
You can feel that way, but plenty of car configuration has always been locked away and walled off, and manufacturers make a tidy profit selling software licenses to dealers and mechanics to perform basic diagnostics. Proprietary software is big business what can you do.
Definitely not always. It used to be that a mechanic or a skilled owner could tune, modify, repair or replace absolutely anything in your car. That was basically since the invention of the car, up to somewhere in the 2000s. And even then, various hackers and pirates made sure almost anyone could get their hands on the software. In fact, many mechanics these days use 3rd party software because the manufacturer refuses to sell them their version or even that version doesn't have all the features.
That is the recent (and gradually worsening) situation but it is not in and of itself a justification. Effectively you're saying "it's currently this way therefore it's okay for it to be this way".
Manufacturers have increasingly restricted control over products as they've gradually been digitized. Prior to the digital era anyone could do anything to personal property (regulations notwithstanding ofc); more expensive items typically came with circuit diagrams for the purpose of repairing them.
The problem is that it actually gets harder. I was a holdout against cell phones when I was young. Eventually payphones started disappearing. Pre-cellphone they were everywhere. By the time I finally caved and got a cellphone I knew where there still were some in important spots around Chicago. Plus you ran into changing norms. Before cell phones people would schedule a meetup (let's meet at noon in this square then go do what we were going to do) but after cell phones it became, "just call me when you get close."
I then tried to resist smart phones and stick with my nokia. But then you start to get into things like, the kiosk where they would print your boarding pass doesn't do that anymore. You need a QR code on your phone. You can't call places anymore, you need to do it on their website, etc.
Now the government is starting to treat a lack of social media or technology as a reason for suspicion. In the not-too-distant future I imagine it will not be possible to go to an airport without a smart phone and a digital history known to Palentir.
the headline literally says "could", not that it did. can you point to evidence that DOGE cutbacks did negatively affect aviation safety, particularly with regards to ATCs?
Specifically the Eurodollar is the main reason for the City of London to exist.
Eurodollars are US dollar deposits at European banks. Originally these were used as a way to give the Soviet Union access to the dollar markets through French banks, but eventually it became a way for basically anyone to participate in dollar exchange who can't have a US bank account.
Sangamon was converted back into a tanker and wrecked ironically in Japan after the war.
The Sangamon class along with the Bogue, Casablanca and Commencement Bay were classes of escort carriers (CVE) created during WWII for anti-submarine operations. They were also used on a wide variety of tasks including resupply (especially of aircraft) to the front in the pacific war, and close air support of landing beaches.
The Sangamons (there were 5) were converted tankers; the smaller Bogues were converted freighters. The later classes were built as aircraft carriers. All together the US built well over 100 CVEs during the war. Several were lost.
USS Wolverine and USS Sable were converted lake steamers built specifically for training air crews. Of course the US needed vast numbers of qualified carrier pilots to man all these new carriers. Training pilots for carrier operations required an aircraft carrier. But at the beginning of the war the US was very short on carriers.
Additionally there were U-boats and Japanese I-Boats sinking shipping on both American coasts. Any carrier out there lazily sailing around while pilots practiced landings would be a sitting duck without a big fleet around it.
The Great Lakes were safe from U-boats but large ships couldn't yet enter them since the St Lawrence Seaway didn't yet exist, so they needed to use ships that were already on the lakes.
I believe George HW Bush qualified as a naval pilot on USS Wolverine.
The Chicago Maritime Museum is a very small but well-curated museum that includes a large scale model of USS Wolverine.
Microsoft cleaned up when they got hit with antitrust and then started feeling a bit of competition when operating under consent decree. That's all "behind" them now and the Google settlement put antitrust to bed.
reply