Search results

I'm building right now with a geothermal system and the way I am interpreting things (not 100% sure yet), you need 3 meters: 1. Regular energy meter 2. Off peak meter for geothermal 3. ToD for EV You can connect the EV to the off-peak, but off-peak allows you to charge only during off-peak. If...

Flaw, not a Vulnerability It is a flaw in the architecture. As I pointed out in the past and another has pointed out with further research, this is an architectural flaw that makes these kinds of hacks easier to carry out and more damaging when they are carried out. But it's not a vulnerability.

Right now Tesla is way ahead of everyone else in terms of in-car software. Apple has no experience doing pure software development in an environment in which it has no control over the hardware. I have Apple products throughout my house and I have no interest in Apple CarPlay until it proves...

Yep, that's about the way it's supposed to work. For best results, pre-heat your car 1/2 hour before leaving. That will warm up the battery and increase your ability to regen while driving.

I know there are solutions for houses. I am having one put into my new home. The issue is exactly that they are very costly for a home to implement, and thus taking those precautions is not common place nor considered "reasonable". With respect to APIs, implementing processes to protect them in...

If you are such a brilliant REST API architect, please RTFA and explain it to us all for him.

I honestly didn't realize that this forum had the hostility towards anything negative of Tesla that the Tesla Motors forums do. I stand corrected. There are a large number of people who just can't deal with criticism of Tesla in any form. I honestly don't think he's asking me the question in...

Actually, I did state it in the article. But, no, it's not considered an opinion. It's considered a basic information security control that's part of most standards. This is a unique feature of this forum that any moderator with an agenda can alter the title of a thread to reflect something in...

Houses do have this flaw. But they aren't REST APIs, so the rules that apply to them are different. Furthermore, there are no commonly accepted ways of dealing with the problem, as there are with REST APIs. It's only a flaw if its reasonable for you to have done otherwise. In the workplace...

My article obviously went way over your head. All of the points you made above have nothing to do with my article.

Yes, they do. That's a well-described problem, and it's much more serious than this same problem in the Tesla.

The change is not accurate and thus less clear. Whoever changed is being intellectually dishonest. Thread titles should not change against the wishes of the author of the thread.

I started the thread and I am its author. No one else has the right to attempt to change what I wrote to reflect their agenda. This isn't a flaw "if you give your credentials to third parties". It's a potential vulnerability if you give your credentials to third parties. It's a flaw regardless...

2 Things here... #1 How is it that the title of MY THREAD gets changed to wording that I neither agree with nor intend? #2 Again, the focus of everyone's vitriol seems to be that I did not write the facts in a manner they approve of? My writing was clear and appropriate to the target audience...

Actually, if you take that to its logical conclusion, no one should ever say anything because someone might misinterpret it. Every fact can be spun to meet a specific agenda. That's not a reason to avoid communication.

You should try yoga, because you know how to stretch things.

Not to revive a thread that everyone wants dead, but here's the promised follow-up article to the article that started it all: The Myth of the Private API - Programming - O'Reilly Media

Now Terminal 1 is painted that way, and they have some bit of teeth behind it. First picture is of some gas cars parked in the newly painted EV spots (plus a Leaf). Second picture is the "ticket" they get for having done that. - - - Updated - - - The "ticket" basically says that their...

I've had mine since June, and no noises or squeaks.

Working out of the North Bay and having to do any travel during the course of the day will drain a gas engine, so it definitely won't be too kind to a Model S 60. Most any travel you have to do involves going into one of the cities or the valley. A very different radius than Minneapolis.

That's common these days, though most of them have run-flat tires. Note that a run-flat would not have helped in this situation, however.

My point is that I would not buy a $90K car unless it were an EV. Asking me if I would pay $60K for it (which is my limit for gas-powered vehicles) is unfair to the $60K BMW and Audi options. Yes, I would buy a gas-powered Tesla if it were the same vehicle it currently is except for gas instead...

Not practical in those counties. A basic day's driving on a busy day can cause daily range anxiety. Sometimes even in a gas car :)

The only reason I was willing to pay this amount of money for a car was because it was electric. I was not considering comparably priced gas cars.

In some cases, the parking areas where valets park cars aren't entirely close to the location where the valet is working.

After three months with the car, I can't conceive of getting this car without the panoramic roof.

When you are afraid to have discussions like this, the only people armed with proper information are the bad guys. So, no, it's not common sense. It's nonsense.

Update on Token Expiration It seems people are getting mixed results on token expiration. My best guess is that there's some caching thing going on here. I noted this in the article and its implications. Basically, it means of the issues I have noted: 1. It cannot safely operate over any...

I've honestly come to the conclusion that a certain portion of you are working hard to assign nefarious motives to me so that you can sleep at night feeling your beloved Tesla is perfect. I'm getting kind of tired of fighting that nonsense. I'm not changing my article to suit your conclusions...

The context you are quoting is not me calling it a spectacular security flaw. It's a spectacular flaw in software architecture.

I don't understand how a Tesla can be stolen in a meaningful way.

I think my conversation with you is done here. - - - Updated - - - I intend to address these issues in a follow-up article. I think those items are too complex and largely tangential to the overall point to just shove into the current article.

If you are not a programmer, the takeaways are: * If you don't use a third-party add-on application, there's nothing to see here * Be careful about giving your email address/password to any third-party service If you are a programmer, see the long discussion in the other thread.

Because if I spent time correcting mis-interpretations (especially mis-interpretations that are more likely than not willful) of my articles, they'd be filled with unparseable "clarifications". As a side note, there seems to be some disagreement on whether or not changing your password...

I know you can control the sunroof. I haven't tried the lights and horn. If you are right, it's not a material issue. I know you really want to control what I write, but it's not going to happen.

You claiming it's inaccurate nonsense doesn't make it so. The article is, in fact, accurate. It just doesn't come to conclusions that you like.

No. I don't believe anyone's is. That's the difference between a vulnerability and an architectural flaw. If it were a vulnerability, I would have had a duty to disclose it to Tesla before making it public because the public disclosure would have put people at risk. As a flaw, the duty is to...

I'll have to assume that invoking Broder in this forum is the TMC equivalent of Godwin's Law. I will therefore act accordingly.

I don't believe in editing articles post-publication unless there are factual errors. Doing so changes the article for different readers and makes a common point of discussion problematic. The issue you are questioning is worthy of an article in and of itself, and so that's the way I am...

It's not explicitly stated in the article. My target audience (the O'Reilly audience) gets it when I talk about the "Internet of Things". For this audience, it obviously needs clarification. I will be writing a followup article on the premise.

First of all, it is a premise. You can call it an ideology, but for the purposes of this article, it's a premise. assumes that everyone [believes -> grants] your [ideology -> premise]. Second, in the forum to which I posted (an O'Reilly technology blog), I would venture the majority would tend...

No, it does not. #1 With OAuth, you never give the third-party web site access to the low security, high sensitivity email/password pair. That web site never, ever sees it. It simply receives an application-specific token that's registered with the core API provider. #2 The token can be used...

This is an idiotic false choice. Is it really expected that, in order to be intellectually honest, I'll write about EVERY SINGLE API THAT EXISTS? That's just plain absurd. I have a Tesla, I care about it's API. Someone asked me why I thought it was a flawed API, and I wrote it up. It's...

The other option is for people to remain silent out of fear of being misquoted. That would be the greater disservice.

I understand the motivation of mixing the two, but the Eden Prairie location is so very not customer-oriented. The staff or great, but the location is hard to find and, in the end, it's a garage.

Have you seen it done like that? They tried and it interfered with the hatch button.

That's what journalists do. I am not a journalist. I am a technology writer. I identify issues in technology and raise them for a larger discussion. Really? A company with a market capitalization in the billions got blindsided? I published in a technology forum about a real issue. I am not a...

The quality could be better here, but I took the photos in the garage and the car needs a wash. First, the rear laser: One of the front laser sensors (the other is on the other side of the license plate, looks the same): The controls: The display:

That claim was not meant to be support for my argument. That claim was to explain why I wrote the article I wrote in the medium in which I picked to write it. In particular, I regularly write on the subject of RESTful APIs. I actually felt the same reaction, but that was before I considered...

I don't read them that way, but I am accustomed to reading security-related articles in technology publications. I'll note again, this was published in a technology blog.