Tesla's response to me leaking info about the P100D?

[MsElectric]

Umm, the i8 needs the grill and exhaust..

Kidney grill: check
Fake exhaust when operating in retarded EV mode: check
Retarded ICE engine sounds piped through the sound system when operating in retarded EV mode: check

 

[S4WRXTTCS]

Does anyone else find the humor in the fact that Tesla paid WK057 for finding a security issue, but then WK057 underestimated the ability of the people on this site to crack a secret he posted.

I don't think Tesla is actually mad at him. I think they would have done something differently like a stern warning. Instead this bug was something they likely fixed too quickly, and it resulted in unintended issues with certain configurations. Heck the bug that was fixed was due to poor verification testing.

As to WK057's hacking I think that's pretty much green lighted not only by Tesla bug bounty program, but by recently passed pro-hacking laws when it comes to cars.

 

[doofenshmirtz]

@mselectric wow...was unaware of the fake sound in ev mode

 

[cpa]

Ok, I have stayed by the river with the luggage while the rest of you ventured forth.

I think I understand the drift of what happened between WK and Tesla. But I am struggling with a couple of things :smile:

wk said he should have "salted the hash." I get salted--it is part of an old con with trying to sell a mine--you salt the mine with whatever it is you claim to have found in order to swindle someone. But the term hash (noun) is foreign to me, since we are not talking about a food dish, an extract of C. sativa, or agricultural byproducts that have limited value. Clearly to me these strings of numbers and letters had some sort of meaning. But they just looked like a bunch of gibberish to me. As a stupid person, it would seem to me that if these strings of letters and numbers were important or sensitive, they could have been altered.

Then, Bonnie mentioned something about these EAP participants. What are EAP participants?

Thanks in advance!

 

[wdolson]

Also, please stop going on about IP law. That has nothing to do with this.

If you are referring to my comments, I apologize. When I made them, I didn't realize I was 21 pages behind the latest posts. I thought I was only one, maybe two and the conversation evolved quite a bit over those 21 pages.

Methinks you don't know the difference between obsolete and obsolescence enough to at least use the latter.

Literally anything no longer produced can be called obsolete

adjective: obsolete
1.
no longer produced or used; out of date.

but figuratively obsolete is reserved for things that are no longer useful. And since a car is usually drivable for 10+ years I don't consider a car from a few months ago obsolete if they stop making it today.

The distinction between obsolete and obsolescence is one of those things most people don't quite understand and use obsolete for everything. As I use it, obsolescence is behind the technological curve, but still useful. I use Windows 7 on my computers because I like it better than Windows 8 or 10. It's obsolescent as far as the computer industry goes, but it isn't obsolete.

It is possible to still load Windows 95 on a computer, but it's very obsolete at this point. You don't have to make many sacrifices to use Windows 7 today, but you would be very hamstrung trying to use Windows 95 today. With Win 95, you either would have to use a 1990s vintage computer or put up with most of your hardware not having drivers available, it would be slower, and you would be limited to using software of that vintage.

With cars, you can say a 1947 Pontiac is obsolete. It may be a fun hobby car, but it wouldn't be a daily driver because it lacks modern safety features, getting spare parts is very difficult, and it's not as comfortable to drive as a modern car: unless you replace the stock radio you're stuck with AM radio only, probably no automatic transmission, no power steering or brakes, no cruise control, etc. My 1992 Buick is clearly obsolescent, but it has enough modern features it's still comfortable to drive and if I needed to commute to work (I work from home), I could do so with little concern. Though the only spare parts available these days are used ones off wrecks and it does lack some modern safety features as well as the infotainment options on modern cars. Some would consider it obsolete for those reasons, but its in the gray zone where people might debate between the two, whereas the 1947 Pontiac most people would agree is obsolete.

As for a slightly older model Tesla that isn't made anymore, the most I would ever call one is obsolescent. Even the 2012s aren't obsolete yet. A 2012 Tesla today is more advanced than 90% of the cars on the road!

My understanding of the law is that generally an employer is only vicariously liable for the acts of their employees, negligent or otherwise, is if the act done was within the scope and authority of their employment. It may be that this was a rogue employee who acted on his own accord and outside of his authority. As such Tesla, may not be liable. That's just my personal opinion though regarding the application of the law.

Tesla might prevail in court, but if an employee does something maliciously to a customer's property, there is probably enough smoke to include the company in a suit. At minimum the company would probably have to show they are taking steps to make sure it doesn't happen again. At least that's what I've picked up from the lawyers I hang out with/ live with.

 

[doofenshmirtz]

Ok, I have stayed by the river with the luggage while the rest of you ventured forth.

I think I understand the drift of what happened between WK and Tesla. But I am struggling with a couple of things[emoji2]
wk said he should have "salted the hash." I get salted--it is part of an old con with trying to sell a mine--you salt the mine with whatever it is you claim to have found in order to swindle someone. But the term hash (noun) is foreign to me, since we are not talking about a food dish, an extract of C. sativa, or agricultural byproducts that have limited value. Clearly to me these strings of numbers and letters had some sort of meaning. But they just looked like a bunch of gibberish to me. As a stupid person, it would seem to me that if these strings of letters and numbers were important or sensitive, they could have been altered.

Then, Bonnie mentioned something about these EAP participants. What are EAP participants?

Thanks in advance!

Hash - encrypting something is alsocalled hashing it
Salt the hash - use a seed value for the encryption algorithm that makes it harder to reverse unless you know the seed (salt)

 

[JER]

*sigh*

I will say this one more time in the (probably vain) hope that certain people take notice this time:

wk057 did not deliberately leak information

That dubious distinction belongs to whoever first broke the cryptographic hash and published the result, not wk.

The only thing wk did wrong was making the obfuscation too easy to overcome. It was an honest mistake, not malice or recklessness.

If you do not acknowledge the above, you're not even on topic here.

 

[bonnie]

I will say this one more time in the (probably vain) hope that certain people take notice this time:

wk057 did not deliberately leak information

That dubious distinction belongs to whoever first broke the cryptographic hash and published the result, not wk.

The only thing wk did wrong was making the obfuscation too easy to overcome. It was an honest mistake, not malice or recklessness.

If you do not acknowledge the above, you're not even on topic here.

Wow. If I post a puzzle and challenge people to solve it ... and they do ... well it's clear you and I reach different conclusions on that scenario. But I'm sure he appreciates such loyal followers that rise to his defense.

 

[tomas]

I will say this one more time in the (probably vain) hope that certain people take notice this time:

wk057 did not deliberately leak information

That dubious distinction belongs to whoever first broke the cryptographic hash and published the result, not wk.

The only thing wk did wrong was making the obfuscation too easy to overcome. It was an honest mistake, not malice or recklessness.

If you do not acknowledge the above, you're not even on topic here.

i love it when people think their opinion defines the topic!

 

[bonnie]

Ok, I have stayed by the river with the luggage while the rest of you ventured forth.

I think I understand the drift of what happened between WK and Tesla. But I am struggling with a couple of things :smile:

wk said he should have "salted the hash." I get salted--it is part of an old con with trying to sell a mine--you salt the mine with whatever it is you claim to have found in order to swindle someone. But the term hash (noun) is foreign to me, since we are not talking about a food dish, an extract of C. sativa, or agricultural byproducts that have limited value. Clearly to me these strings of numbers and letters had some sort of meaning. But they just looked like a bunch of gibberish to me. As a stupid person, it would seem to me that if these strings of letters and numbers were important or sensitive, they could have been altered.

Then, Bonnie mentioned something about these EAP participants. What are EAP participants?

Thanks in advance!

Hash - encrypting something is alsocalled hashing it
Salt the hash - use a seed value for the encryption algorithm that makes it harder to reverse unless you know the seed (salt)

EAP: Early Access Program, also referred to on the forum as Beta Testing (and participants as 'beta testers'). A select group of owners that receive new software that isn't available to the general public, to further test on a larger scale and provide feedback to Tesla.

 

[brianman]

via "The Google", during an interview with Danish press during European factory opening

600-Mile Range Tesla | Specs, News, Rumors | Digital Trends

Thanks! I never saw this event streamed. The article's phrasing is very sloppy IMO so I'd love to see some actual quotes. As an example, their phrasing could be true even for a Tesla-made bicycle. Anybody have a transcript?

 

[JER]

Wow. If I post a puzzle and challenge people to solve it ... and they do ... well it's clear you and I reach different conclusions on that scenario.

Again, you miss the point. Had wk actually done this properly - i.e. use random salt - it would've been literally impossible to break without the salt. There could be no leak.

Don't believe me? Well, he's posted another hash - this time done right - and nobody has broken it. Nobody will, because cryptography done right is, to all intents and purposes, an unbreakable box.

He assumed (wrongly) first time that what he was posting would have that level of security. Really, can't you give the guy some slack for not being at 100% smarts at that moment?

 

[brianman]

Elon Musk Hints At 50 Percent More Range For Tesla Model S: Video

Note that he could mean under optimum conditions, but the point still applies.

Ooh! Thanks.

 

[MarkS22]

Probably not a great defense, since wk is hardly the only one. There are a lot of people on this forum who keep a lot of information confidential. Only an fyi.

For instance, I'm guessing a large number of EAP participants are here on the forum daily. Yet we don't know who they are. They see the new features weeks, sometimes months, before the rest of us & we don't know about those (unless they leak & then they're no longer in the EAP). They do a lot of work for the rest of us and don't talk about it publicly. A lot of bugs are found because of these folks and your car is safer and more reliable because of them.

Tesla rewards the bug finders publicly. EAP participants contribute quietly in the background, without asking for recognition. Maybe we could show a little appreciation for those folks?

To be clear, it's not about wk vs. the EAP participants. I'm only attempting to point out that he's hardly the only one with confidential information at any given time, since you seem to think wk isn't getting his proper recognition. There are a lot of folks you're ignoring who get zero recognition and are fine with that.

(And EAP participants are only one group who hold confidential information. There are posters here who have vendor relationships and honor the NDAs that they signed. There are other posters here with close family members inside Tesla & you'd never know it because they post zero hints towards what is coming. Just examples. Many more. )

We have a lot of people to thank for these amazing vehicles, including EAP participants. However, I don't think this is relevant to the current situation. EAP participants do receive recognition and rewards in the form of advanced features being added to their vehicles and a more direct line with Tesla on helping shape the vehicle's features. Vendors receive compensation for their relationship.

Personally, I appreciate all the work of people like wk to help contribute to the safety and security of the platform with no official recognition.

 

[Drumheller]

Again, you miss the point. Had wk actually done this properly - i.e. use random salt - it would've been literally impossible to break without the salt. There could be no leak.

Don't believe me? Well, he's posted another hash - this time done right - and nobody has broken it. Nobody will, because cryptography done right is, to all intents and purposes, an unbreakable box.

He assumed (wrongly) first time that what he was posting would have that level of security. Really, can't you give the guy some slack for not being at 100% smarts at that moment?

Who put the information out on the internet? What you're doing is called rationalization.

And no, cryptography done right is not 'unbreakable'. It is tough to break. (source: I spent some of my programming career in cryptography)

You know what's unbreakable? Not sharing the information in any manner.

 

[sillydriver]

I'm just curious -- and obviously no expert -- but is the point of posting a salted hash to be able to release the key after the information is otherwise made public so that you can show you did have the information as of the time you made the post?

 

[bonnie]

Personally, I appreciate all the work of people like wk to help contribute to the safety and security of the platform with no official recognition.

Privacy & Legal | Tesla Motors

 

[JER]

Who put the information out on the internet? What you're doing is called rationalization.

What you're doing is ignoring both circumstance and motivation.

And no, cryptography done right is not 'unbreakable'. It is tough to break.

Really? Go break the second hash and tell me how "tough" it was.

I said "to all intents and purposes... unbreakable"; that is a true statement. I'm sure you've heard of an example in the news of late.

Edit:

You know what's unbreakable? Not sharing the information in any manner.

Agreed. Tesla should not push this information out to the entire fleet if they don't want it leaked.

 

[MikeInFL]

Do you always take pleasure when bad things happen to people?

Depends on the situation. Would you not laugh if you saw a massive amount of snow dump on occupants because someone forgot to clear their roof before opening? Besides, it's snow it's not like it's anything harmful.

All I'm asking for is for Tesla to put more thought into things before releasing them to the public, especially when there are customers who never read their manuals and have no clue how things operate.

Tesla builds this amazing vehicle and while it works great in California's lovely climate, it seems nobody thought to bring up the point of other parts of the world with different climates.

 

[Krugerrand]

Depends on the situation. Would you not laugh if you saw a massive amount of snow dump on occupants because someone forgot to clear their roof before opening?

I've done real winters for decades. Not once did I ever 'forget' to clear snow from the roof or windshield of my vehicle. Not once. It's not something people 'forget' to do. What's far more likely to happen is that people 'purposely decide not to clear the snow off' for a variety of reasons such as just being lazy, not having a snowbrush handy, or being in a hurry to get gone.