Does Tesla sell parts? If so, do you need a Tesla tool to program/activate them?
Electronics fail more often than mechanical parts and even today with independent auto shops having access to manufacturers programming software you still have to go to the dealer for some things
Assuming they do, that's not enough. There needs to be a market for non-Tesla-built parts that will nonetheless work in the cars. We shouldn't allow manufacturers to lock things down so that becomes impossible (or even illegal, when the DMCA comes into play).
Even the need to "reverse engineer" something that you paid for and ostensiblyown, though, is overwhelmingly insulting and in some ways (though obviously not technically legally, ethically) is basically directly challenging public perception of property ownership.
It's not even like it's say, a watch that I might actually need specialist equipment or knowledge to repair/maintain.
It's actually something I'm expected to at some point, be required of me, but is tactically not provided to me as to benefit a private entity.
And arguments can be made about who's ethical and economical burden it is to make documentation, but the fact is it'd just save an overall immense amount of societal time and productivity for those who already have the potential to provide documentation, to do so.
And so the expectation that we are left to our own devices on various forums and social media websites that may or may not be SEO'd by google to be brought to our attention with the right combination of keywords.
Is kind of baffling, to be honest. If it's easy for us, it should be even easier and quicker for them. Especially when most in many countries are unfortunately reliant on such things, many of them may not be reverse engineerers, or even versed in google-fu.
>It's not even like it's say, a watch that I might actually need specialist equipment or knowledge to repair/maintain.
If it doesn't need specialist knowledge then why are you asking for people to release their knowledge on how it works? Just use your general knowledge on how it works then.
Right to repair eventually runs head first into security and encryption--how do you allow right to repair and TLS, encryption, secure computing, etc to coexist? Get rid of IoT black boxes like Google Homes? Allow Linux on Xbox?
How do you create secure platforms while also giving consumers the keys to their devices?
(FWIW I'm not advocating against right to repair, I actually hope it helps to get rid of black box IoT devices. My device, my keys, etc)
I don't see the conflict. If it important that the device can prove its authenticity to some centralised service then yes, it is likely that the consumer can't also modify that device.
But how many devices really need that level of attestation? Does a tractor need to be able to prove to John Deere that it is a genuine unmolested vehicle, or does it just need to prove to JD that an active subscription is in place for whatever remote service is being used?
If just the latter, then we can still have encryption, no problems. That's just username & password over TLS, same as we have been doing for decades on untrusted endpoints.
In automotive, we've had to conform to Right to Repair laws for 10+ years. We handle encryption by facilitating access to tools that allow users to encrypt/unencrypted the data so they can make the repairs, but without exposing how the data is encrypted/unencrypted.
With TLS it’s just authing the server, accept any income connections. Support basic authentication.
For home devices don’t require TLS. I don’t run TLS on my home network. I’m remote, I get devices, I accept that risk. TLS is not required for security.
For encryption just design so customers can swap out keys.
The biggest problem is designing cloud in the loop so they can mine data. This needs to stop.
People have been repairing their own cars for a century, and the world functioned just fine with it. This locking down is a recent phenomenon. Your car is not going to mow down people just because someone other than the dealer serviced it.
Sorry but still doesn't hold water. A user accepts risk modifying their vehicle. However, The burden of proof would be on the manufacturer to show that they modified something that had an impact on the automated systems. To my knowledge there's not a single case of an automated tractor or car due to end user modification related to the automated systems that's caused injury. So right now your argument is by and large hypothetical. John Deere and the right to repair will be the proving ground for a end user modifications of personal vehicles.
Which is another reason right to repair is so important, because carmakers can go out of business without all their cars ceasing to to exist. Someone finds an exploitable bug in a million cars after the only systems with the documentation and signing keys have been wiped and sold at auction, and what then?
It calls for the ability of the general public to be able to repair their vehicles, so that anyone with such a vehicle can fix such problems.
What alternative would you even propose? The only entity with the ability to feasibly fix the bug is defunct and bankrupt, leaving them both judgment proof and with no resources to develop a patch. The only people with the incentive to spend resources fixing it are the people who own the vehicles. So the owners need the ability to repair their vehicles.
Which you can solve by just doing that to begin with, requiring no separate legislation.
I’d propose something like the FDIC. Every car sold pays into an insurance fund that, if a company collapses, takes over to maintain access to software updates for the reasonable lifespan of the vehicles.
I don’t think people should be forced to self-manage software updates on multi-ton machinery.
> Every car sold pays into an insurance fund that, if a company collapses, takes over to maintain access to software updates for the reasonable lifespan of the vehicles.
That's still a third party. Where are they supposed to get parts or source code after the company fails? It could be a car company in Asia with no engineering team in your country. The reason they failed could be a natural disaster that wiped out their facility.
The ability to make repairs has to be in the hands of the public before something happens to them. And it has to be the public and not some government filing cabinet to demonstrate that whatever they provide actually allows it to be done.
A clear example would be that they rotate the signing keys without providing the new ones to anyone else. Third party mechanics would notice this immediately; government bureaucrats may not.
> I don’t think people should be forced to self-manage software updates on multi-ton machinery.
They're not forced to do it any more than they are now. They can have someone else do it for them -- anyone else, in fact.
The problem right now is that the one someone else is trying to keep a monopoly on being able to do it, which creates a single point of failure in the event that anything happens to them.
You could perform phone phreaking in the 1960s, but a million phones in a botnet provides different challenges even if both are technically just a compromised phone.
Remember the old days when you would open up an appliance and there would be the full circuit diagram pasted on the inside of the case? Unfortunately VLSI kinda killed this off, nowadays everything is crammed into a single chip that you can't repair.
Right to repair should be a full set of instructions for "everything" are available.
That's it. Give the full specs for everything. If it's code reliant(which wtf), what does it require to work?
That's. Fucking. It. We give you rules to say peeps cannot sell what you made, you make it so we can repair it.
If you don't like it, sell fucking service.