Welcome to Tesla Motors Club
Discuss Tesla's Model S, Model 3, Model X, Model Y, Cybertruck, Roadster and More.
Register

Search results

  1. nspollution

    Minnesota Tesla Owners Club

    I'm building right now with a geothermal system and the way I am interpreting things (not 100% sure yet), you need 3 meters: 1. Regular energy meter 2. Off peak meter for geothermal 3. ToD for EV You can connect the EV to the off-peak, but off-peak allows you to charge only during off-peak. If...
  2. nspollution

    Model S "Hacked" (again)?

    Flaw, not a Vulnerability It is a flaw in the architecture. As I pointed out in the past and another has pointed out with further research, this is an architectural flaw that makes these kinds of hacks easier to carry out and more damaging when they are carried out. But it's not a vulnerability.
  3. nspollution

    Will Tesla support CarPlay?

    Right now Tesla is way ahead of everyone else in terms of in-car software. Apple has no experience doing pure software development in an environment in which it has no control over the hardware. I have Apple products throughout my house and I have no interest in Apple CarPlay until it proves...
  4. nspollution

    Battery drains very rapidly in really cold weather!

    Yep, that's about the way it's supposed to work. For best results, pre-heat your car 1/2 hour before leaving. That will warm up the battery and increase your ability to regen while driving.
  5. nspollution

    Authentication flaws in the REST API (if you give 3rd party your private login info)

    I know there are solutions for houses. I am having one put into my new home. The issue is exactly that they are very costly for a home to implement, and thus taking those precautions is not common place nor considered "reasonable". With respect to APIs, implementing processes to protect them in...
  6. nspollution

    Authentication flaws in the REST API (if you give 3rd party your private login info)

    If you are such a brilliant REST API architect, please RTFA and explain it to us all for him.
  7. nspollution

    Authentication flaws in the REST API (if you give 3rd party your private login info)

    I honestly didn't realize that this forum had the hostility towards anything negative of Tesla that the Tesla Motors forums do. I stand corrected. There are a large number of people who just can't deal with criticism of Tesla in any form. I honestly don't think he's asking me the question in...
  8. nspollution

    Authentication flaws in the REST API (if you give 3rd party your private login info)

    Actually, I did state it in the article. But, no, it's not considered an opinion. It's considered a basic information security control that's part of most standards. This is a unique feature of this forum that any moderator with an agenda can alter the title of a thread to reflect something in...
  9. nspollution

    Authentication flaws in the REST API (if you give 3rd party your private login info)

    Houses do have this flaw. But they aren't REST APIs, so the rules that apply to them are different. Furthermore, there are no commonly accepted ways of dealing with the problem, as there are with REST APIs. It's only a flaw if its reasonable for you to have done otherwise. In the workplace...
  10. nspollution

    Authentication flaws in the REST API (if you give 3rd party your private login info)

    My article obviously went way over your head. All of the points you made above have nothing to do with my article.
  11. nspollution

    Authentication flaws in the REST API (if you give 3rd party your private login info)

    Yes, they do. That's a well-described problem, and it's much more serious than this same problem in the Tesla.
  12. nspollution

    Authentication flaws in the REST API (if you give 3rd party your private login info)

    The change is not accurate and thus less clear. Whoever changed is being intellectually dishonest. Thread titles should not change against the wishes of the author of the thread.
  13. nspollution

    Authentication flaws in the REST API (if you give 3rd party your private login info)

    I started the thread and I am its author. No one else has the right to attempt to change what I wrote to reflect their agenda. This isn't a flaw "if you give your credentials to third parties". It's a potential vulnerability if you give your credentials to third parties. It's a flaw regardless...
  14. nspollution

    Authentication flaws in the REST API (if you give 3rd party your private login info)

    2 Things here... #1 How is it that the title of MY THREAD gets changed to wording that I neither agree with nor intend? #2 Again, the focus of everyone's vitriol seems to be that I did not write the facts in a manner they approve of? My writing was clear and appropriate to the target audience...
  15. nspollution

    Authentication flaws in the REST API (if you give 3rd party your private login info)

    Actually, if you take that to its logical conclusion, no one should ever say anything because someone might misinterpret it. Every fact can be spun to meet a specific agenda. That's not a reason to avoid communication.
  16. nspollution

    Authentication flaws in the REST API (if you give 3rd party your private login info)

    You should try yoga, because you know how to stretch things.
  17. nspollution

    Authentication flaws in the REST API (if you give 3rd party your private login info)

    Not to revive a thread that everyone wants dead, but here's the promised follow-up article to the article that started it all: The Myth of the Private API - Programming - O'Reilly Media
  18. nspollution

    MSP Airport EV Parking

    Now Terminal 1 is painted that way, and they have some bit of teeth behind it. First picture is of some gas cars parked in the newly painted EV spots (plus a Leaf). Second picture is the "ticket" they get for having done that. - - - Updated - - - The "ticket" basically says that their...
  19. nspollution

    Pano Roof

    I've had mine since June, and no noises or squeaks.
  20. nspollution

    Random Model S sightings

    Working out of the North Bay and having to do any travel during the course of the day will drain a gas engine, so it definitely won't be too kind to a Model S 60. Most any travel you have to do involves going into one of the cities or the valley. A very different radius than Minneapolis.
  21. nspollution

    Sitting on the side of the highway with a flat tire ...

    That's common these days, though most of them have run-flat tires. Note that a run-flat would not have helped in this situation, however.
  22. nspollution

    Would you have bought your Model S if it wasn't electric?

    My point is that I would not buy a $90K car unless it were an EV. Asking me if I would pay $60K for it (which is my limit for gas-powered vehicles) is unfair to the $60K BMW and Audi options. Yes, I would buy a gas-powered Tesla if it were the same vehicle it currently is except for gas instead...
  23. nspollution

    Random Model S sightings

    Not practical in those counties. A basic day's driving on a busy day can cause daily range anxiety. Sometimes even in a gas car :)
  24. nspollution

    Would you have bought your Model S if it wasn't electric?

    The only reason I was willing to pay this amount of money for a car was because it was electric. I was not considering comparably priced gas cars.
  25. nspollution

    Valet Mode! (confirmed by Elon)

    In some cases, the parking areas where valets park cars aren't entirely close to the location where the valet is working.
  26. nspollution

    Pano Roof

    After three months with the car, I can't conceive of getting this car without the panoramic roof.
  27. nspollution

    Stolen Model S?

    When you are afraid to have discussions like this, the only people armed with proper information are the bad guys. So, no, it's not common sense. It's nonsense.
  28. nspollution

    Authentication flaws in the REST API (if you give 3rd party your private login info)

    Update on Token Expiration It seems people are getting mixed results on token expiration. My best guess is that there's some caching thing going on here. I noted this in the article and its implications. Basically, it means of the issues I have noted: 1. It cannot safely operate over any...
  29. nspollution

    Authentication flaws in the REST API (if you give 3rd party your private login info)

    I've honestly come to the conclusion that a certain portion of you are working hard to assign nefarious motives to me so that you can sleep at night feeling your beloved Tesla is perfect. I'm getting kind of tired of fighting that nonsense. I'm not changing my article to suit your conclusions...
  30. nspollution

    Authentication flaws in the REST API (if you give 3rd party your private login info)

    The context you are quoting is not me calling it a spectacular security flaw. It's a spectacular flaw in software architecture.
  31. nspollution

    Stolen Model S?

    I don't understand how a Tesla can be stolen in a meaningful way.
  32. nspollution

    Authentication flaws in the REST API (if you give 3rd party your private login info)

    I think my conversation with you is done here. - - - Updated - - - I intend to address these issues in a follow-up article. I think those items are too complex and largely tangential to the overall point to just shove into the current article.
  33. nspollution

    Model S REST API

    If you are not a programmer, the takeaways are: * If you don't use a third-party add-on application, there's nothing to see here * Be careful about giving your email address/password to any third-party service If you are a programmer, see the long discussion in the other thread.
  34. nspollution

    Authentication flaws in the REST API (if you give 3rd party your private login info)

    Because if I spent time correcting mis-interpretations (especially mis-interpretations that are more likely than not willful) of my articles, they'd be filled with unparseable "clarifications". As a side note, there seems to be some disagreement on whether or not changing your password...
  35. nspollution

    Authentication flaws in the REST API (if you give 3rd party your private login info)

    I know you can control the sunroof. I haven't tried the lights and horn. If you are right, it's not a material issue. I know you really want to control what I write, but it's not going to happen.
  36. nspollution

    Authentication flaws in the REST API (if you give 3rd party your private login info)

    You claiming it's inaccurate nonsense doesn't make it so. The article is, in fact, accurate. It just doesn't come to conclusions that you like.
  37. nspollution

    Authentication flaws in the REST API (if you give 3rd party your private login info)

    No. I don't believe anyone's is. That's the difference between a vulnerability and an architectural flaw. If it were a vulnerability, I would have had a duty to disclose it to Tesla before making it public because the public disclosure would have put people at risk. As a flaw, the duty is to...
  38. nspollution

    Authentication flaws in the REST API (if you give 3rd party your private login info)

    I'll have to assume that invoking Broder in this forum is the TMC equivalent of Godwin's Law. I will therefore act accordingly.
  39. nspollution

    Authentication flaws in the REST API (if you give 3rd party your private login info)

    I don't believe in editing articles post-publication unless there are factual errors. Doing so changes the article for different readers and makes a common point of discussion problematic. The issue you are questioning is worthy of an article in and of itself, and so that's the way I am...
  40. nspollution

    Authentication flaws in the REST API (if you give 3rd party your private login info)

    It's not explicitly stated in the article. My target audience (the O'Reilly audience) gets it when I talk about the "Internet of Things". For this audience, it obviously needs clarification. I will be writing a followup article on the premise.
  41. nspollution

    Authentication flaws in the REST API (if you give 3rd party your private login info)

    First of all, it is a premise. You can call it an ideology, but for the purposes of this article, it's a premise. assumes that everyone [believes -> grants] your [ideology -> premise]. Second, in the forum to which I posted (an O'Reilly technology blog), I would venture the majority would tend...
  42. nspollution

    Authentication flaws in the REST API (if you give 3rd party your private login info)

    No, it does not. #1 With OAuth, you never give the third-party web site access to the low security, high sensitivity email/password pair. That web site never, ever sees it. It simply receives an application-specific token that's registered with the core API provider. #2 The token can be used...
  43. nspollution

    Authentication flaws in the REST API (if you give 3rd party your private login info)

    This is an idiotic false choice. Is it really expected that, in order to be intellectually honest, I'll write about EVERY SINGLE API THAT EXISTS? That's just plain absurd. I have a Tesla, I care about it's API. Someone asked me why I thought it was a flawed API, and I wrote it up. It's...
  44. nspollution

    Authentication flaws in the REST API (if you give 3rd party your private login info)

    The other option is for people to remain silent out of fear of being misquoted. That would be the greater disservice.
  45. nspollution

    Just announced: Minneapolis Service Center is also an official Sales Center

    I understand the motivation of mixing the two, but the Eden Prairie location is so very not customer-oriented. The staff or great, but the location is hard to find and, in the end, it's a garage.
  46. nspollution

    Escort Passport 9500ci Install in Twin Cities

    Have you seen it done like that? They tried and it interfered with the hatch button.
  47. nspollution

    Authentication flaws in the REST API (if you give 3rd party your private login info)

    That's what journalists do. I am not a journalist. I am a technology writer. I identify issues in technology and raise them for a larger discussion. Really? A company with a market capitalization in the billions got blindsided? I published in a technology forum about a real issue. I am not a...
  48. nspollution

    Escort Passport 9500ci Install in Twin Cities

    The quality could be better here, but I took the photos in the garage and the car needs a wash. First, the rear laser: One of the front laser sensors (the other is on the other side of the license plate, looks the same): The controls: The display:
  49. nspollution

    Authentication flaws in the REST API (if you give 3rd party your private login info)

    That claim was not meant to be support for my argument. That claim was to explain why I wrote the article I wrote in the medium in which I picked to write it. In particular, I regularly write on the subject of RESTful APIs. I actually felt the same reaction, but that was before I considered...
  50. nspollution

    Authentication flaws in the REST API (if you give 3rd party your private login info)

    I don't read them that way, but I am accustomed to reading security-related articles in technology publications. I'll note again, this was published in a technology blog.

About Us

Formed in 2006, Tesla Motors Club (TMC) was the first independent online Tesla community. Today it remains the largest and most dynamic community of Tesla enthusiasts. Learn more.

Do you value your experience at TMC? Consider becoming a Supporting Member of Tesla Motors Club. As a thank you for your contribution, you'll get nearly no ads in the Community and Groups sections. Additional perks are available depending on the level of contribution. Please visit the Account Upgrades page for more details.


SUPPORT TMC
Top