"The WD MBL log files indicate a script issued “FactoryReset” command to users all over the world.
I don’t use Cloud Storage so I don’t understand how this can happen?"
Oh boy... plus side is other users said data seems to be potentially recoverable
IoT once again proven to be a horrible idea. Hardware OEMs can't be trusted with security. They can hardly make a product that holds up to normal use, let alone malicious attacks.
I agree with your point however I’m sure there’s some analyst or someone who thinks they’d be losing out on services revenue or something equally short sighted
Say your going to open your firmware, and who ever stands up to oppose it, fire them! There standing in the way of progress.
On a serious note though, it's kind of a double edge sword, you still have to provide firmware "I bought this device and I can't even use it without downloading something from the internet...!!!" or "The firmware I downloaded off the internet stole my wife and burned down my house!"
For this product class, just build something that OpenWRT runs on; yes even for a NAS. If chips support / blobs / etc aren't there, get them on the way to being up-streamed and public.
This was fairly obvious a decade ago, and today it should be planly obvious.
I went through this process. Got a little nas device that had linux support. Unfortunately the performance was not good enough for SSHFS and it didn't have enough performance to run any kind of web ui like nextcloud. Eventually got a full power server which could run nextcloud but the hassle of keeping it running, managing backups, and just the cost of the power usage to keep it running made it much more cost and time effective to just use google drive and have all of these problems solved for me.
Google may not be the most trustworthy but I at least trust my data is backed up and safe from hackers.
The fact that these are decade old devices that haven't had a firmware update in over five years yet are still so integral to their owners' lives that people are keenly feeling their loss suggests to me that they were not a horrible idea, nor poorly engineered. I have a WD MyBook World (not connected to the internet) that's probably the oldest still operating piece of computer technology I own--outlasting many computers, phones, tablets, etc. My family uses it to listen to music or watch movies all the time, and the fact that it "just works" and supports simple IoT/UPnP protocols is the only reason that's viable--no way could I convince my spouse or kid to use it if they had to go through the same pain I experience trying to stream something from my laptop.
I think his point is that the short interest is low, therefore it's not that heavily shorted, so if the attacker was doing the hack and shorting the stock to make money on the dip, he wasn't shorting enough to make that much money. Either that, or the attacker didn't short the stock in the first place.
And that sucks for those affected, you're right. But sometimes the point isn't to make the consumer whole (and I'm curious how one would you even come up with an average price for everyone affected anyways), but to make a statement that this is not okay. This would at least give a hypothetical Seagate engineer some real-world example to push back against phoning home for a HDD. It doesn't help here, but it can set an example (implying larger fines for the next company to screw this is), and hopefully prevent other companies doing the same thing.
"Western Digital has determined that some My Book Live devices are being compromised by malicious software. In some cases, this compromise has led to a factory reset that appears to erase all data on the device. The My Book Live device received its final firmware update in 2015. We understand that our customers’ data is very important. At this time, we recommend you disconnect your My Book Live from the Internet to protect your data on the device. We are actively investigating and we will provide updates to this thread when they are available." - Western Digital
Yeah but leasing the physical car normally meant you got the car and all associated functionality, for the duration of the lease. The alarming change here is incorporating a lease (of software/hardware controlled functionality) into the actual purchase of a car.
I think a subscription would be different in that you'd be able to easily switch to a different car on demand, for example if you needed a truck/van to carry some stuff.
And possibly work like electric scooters, you just park the car and it's not your problem, the next day you use a different one that's close by.
I talked to a non-technical Tesla owner friend of mine and I was expressing the sentiment that I didn't want a Tesla because I didn't want to join the rent-extraction everything-is-a-SaaS world that Tesla (and just about every business) seems to be driving towards. His response was of course about how he's never had to pay for any upgrades or anything like that for his Tesla.
A lot of people have jumped on this train with us (the "techies") because some of said it was awesome and the best version of the future and it seems like a lot of people do not see where this track is leading and will be surprised when we get to the terminus.
Other than the Acceleration Boost and Full Self-Driving options available for purchase, what's rent extraction with the Tesla? I mean they'd need to disable a feature and then charge you for it in a future release, I suppose.
Then again buy or lease a BMW and you'll need to pay a lot of money to the dealer for simple parts to be changed, because a, the parts are pricey, b, the parts are hard to access. The Tesla at least doesn't have that -hardware- issue.
I'm a recent Tesla owner. What's the worst case scenario you're envisaging ?
I’ve seen this a couple times and, whatever Tesla’s plans might be, the current Tesla lineup is not a “rent extraction” scheme: the only subscription is the option to pay for cell connectivity for media and a couple other things.
You don't think this is a reaction to what Tesla is doing? I see this as manufacturers trying to get in on the wave that Tesla is starting but doing it awkwardly since they don't have a "acceleration" or "full self driving" mode to push.
The blurb at the top of the Tesla upgrades page (https://www.tesla.com/support/upgrades) feels like it would be a shot across the bow for any car company in the same premium car market that Tesla operates in. I really don't think this monetization model was considered heavily before Tesla existed. Info-tainment sure, but the rest of the car I don't think so.
Tesla's upgrades are definitely new: between OTA firmware updates and a slow body refresh cycle, there is much less difference between a 2020 Model 3 and a 2021 Model 3 than between spaced Honda Accords. I don't really see, though, how this is fundamentally different from the way BMW, Mercedes, Porsche nickel-and-dime you for various packages at purchase time: if anything, it's better because it lets Tesla release features developed in 2021 to people who bought a car three years ago. But, as long as this doesn't turn into a subscription model. I don't really see the analogy to SaaS.
True, it's definitely not different in that aspect -- nickel and diming is certainly not new.
> But, as long as this doesn't turn into a subscription model. I don't really see the analogy to SaaS.
As long as it doesn't! It's also fully possible that the sum-total of changes that this future Tesla is pioneering will be a consumer positive, will be interesting to see how it turns out.
With Tesla, the base Model 3 SR+ doesn't have rear heated seats enabled, but they're still in the car and you can purchase them after-the-fact for $300. Whether or not that's acceptable is up to you, but it's not like you paid for them up front, they just made it possible for you to pay for them later. It saves them from having to make another sku variation (which is expensive in manufacturing and logistics) and makes it so that adding it after-the-fact doesn't cost $500 in labor.
This is also true of many manufacturers - a lot of the 'extras' that each trim level gets are just configurable settings in the ECU.
Personally I picked up a VCDS adapter for my VW GTI and was able to turn on things like a startup gauge sweep, automatic window closing when it detects rain, configure the puddle lights to turn on when the windows fold and heaps more.
Everything you’ve listed is a preference that has nothing to do with trim level, not really the same as whether or not you have heated seats.
When you don’t pay for heated seats in a VW it doesn’t come with heated seats at all. Maybe the Tesla way is better? But the comparison isn’t one to one.
So this reminds me of the dude that was doing repairs on teslas from a few years ago -- The Rogue Tesla Mechanic Resurrecting Salvaged Cars [0]. He runs a channel called Rich Rebuilds[1] (I'm not a subscriber) a company in New Hampshire that specializes in repairing Teslas, and has a recent video on his relationship with Tesla (and the community of fans)[2] (which I haven't seen yet, but watching now).
I don't follow this channel but I do not remember Tesla being particularly encouraging of the trend, similar to other defacto closed ecosystems. They're definitely not egregious but just a little bit closed-by-default.
Well you'll need to take out your tin foil hat from under the desk but I think this is a boiling frogs situation. Today it's Acceleration Boost and Full Self-Driving but tomorrow it will be smaller things.
To be fair to Tesla, infotainment systems were already heading in this direction, but they have a well established after market and most of the time it's very easy for people to refuse the option and install their own (with Apple/Google/etc integration). Tesla didn't invent this, but the move from just an add-on to what some might consider core "car" functionality seems to me like it can be attributed to Tesla. There is an argument to be had over whether those features are core or not -- are you selling a car that has better acceleration or not? Does it self drive or not? The answer becomes a maybe only because of Tesla's choices, and marks a shift in the thinking. For example turbo'd cars have to get their turbos tuned dynamically -- imagine a world where you have to pay for your car's turbo tuning as a service every month.
> Then again buy or lease a BMW and you'll need to pay a lot of money to the dealer for simple parts to be changed, because a, the parts are pricey, b, the parts are hard to access. The Tesla at least doesn't have that -hardware- issue.
I agree that the current luxury market has a lot of fat. Tesla has come a long way in reducing the fat (the amount of vertical integration they've done is amazing), but my problem is that I don't think the choice to buy an option that isn't doing this monetization model will be around much longer in the worst case.
> I'm a recent Tesla owner. What's the worst case scenario you're envisaging ?
I mean realistically, a world where cars are just another rent-seeking vehicle for conglomerates. For most of history you could buy a car that just worked, and eventually it would become an asset to you and "pay itself off". Cars that never pay themselves off are great at first, until you hit the inflection point where they would have paid themselves off. In a world where most cars (and/or functionality) are leases and thus rent-able machinery, it feels kind of like kicking the ladder in a way that's hard for me to pin down.
Further down the road in my worst case scenario, non-self-driving cars are outlawed all together for safety reasons (once the tech is down it will very likely be hard to argue for letting people put others in danger).
[EDIT] - Just to add for people who have never dealt with turbo-ing their own cars or getting "tunes" for turbo setups, you tune turbo setups on cars and essentially get a golden set of data that works for a certain performance profile. This is necessary because altitude, pressure, specifics of your setup can cause changes in what the software should be telling the components to do at any given time or place in the "power band" (your tachometer, roughly).
This is the kind of thing that can be a dark art since you could optimize nearly endlessly and bad settings are dangerous but once you do it can be reproduced for near free given similar inputs (and of course, dealer-made cars are very similar inputs by design). It would be a perfect thing to SaaS-ify -- most performance-concerned consumers wouldn't think twice about paying $xx or even $xxx a month for a decent tune (assuming a decent general tune wasn't free). Then you have to do things like make sure they're not hobbling base tunes to make premium models more attractive (this has happened in the past already IIRC).
That's decades away for places like Canada and Scandinavia. Outside of California where you actually have snow, the self driving doesn't seem very impressive when it only works for like 40% of the year
> Then again buy or lease a BMW and you'll need to pay a lot of money to the dealer for simple parts to be changed, because a, the parts are pricey, b, the parts are hard to access. The Tesla at least doesn't have that -hardware- issue.
But you can buy parts for a BMW. Its not even an option to buy OEM or aftermarket parts with a Tesla. That simple fact cuts out a huge segment of the market from even considering one. You have the crowd that can afford to keep a late model car still under warranty (soccer moms, yuppies, suburbanites, etc) and then you have everybody else who drives used cars or runs them for business. That second group needs to be able to buy parts and the realistic ability to fix them themselves, independent shops, or fleet service. Without that teslas are disposable vehicles. Most people aren't going to buy a second wrecked tesla and park it in the side yard just so they can keep their daily driver running. They'll just buy a different car unless Tesla can sell theirs so cheap everybody will be able to buy another every couple years.
That's not true, and there are OEM modifications for Model 3s. And even, I hear, software mods. It'll probably do something terrible to your warranty but you can do aftermarket mods. I found some stores online by accident when searching something unrelated, and I've seen Model 3's that looked modded.
My point above was that talk to any BMW owner about maintenance costs and see if it's any better than the rent seeking concern around software above.
I'll give you a strike against Tesla if you want one, though. If I wreck my car or get it replaced, I lose Acceleration Boost because it's not tied to my account in any way.
There are no licensed aftermarket parts makers for Tesla and you cannot buy parts from Tesla without being Tesla certified.
This is unusual and unique for auto manufacturers. And its the only thing like it other than other industries such as agriculture (e.g. John Deer). Normal federal laws require auto makers to produce or stock parts for a time period after manufacturer date. This is usually the reason you have licensed aftermarket parts from other makes. Its also the reason GM forced everybody to return all those EV1s since they didn't want to take the loss making those parts after the trial run. Federal law also requires standard interfaces for diagnostics and information such as OBD2. So both state or federal inspection can happen as well as automotive techs can keep the economy going when your vehicle breaks down far from a licensed dealer. The US isn't being weird here, almost every country has the same sorts of rules on the books.
Tesla has these "strange" and extremely unique exemptions from both. Not entirely sure how you get those since its extremely lucrative to have. GM would have probably let people keep their EV1s if they had them. You'd certainly see regular makes come to production with more popular concept cars and keep them true to the concept if they had them. Basically, every other make would love to do the same thing Tesla is doing right now. But for them, they have no choice but to play the uneven playing field if they want to enter the American market. So they have to remain more cautious and careful about what they do release into the wild.
You can "mod" anything but that is not buying new suspension components or even a windshields. And hacking it is no different than what farmers keep trying to do with their John Deer equipment. That is also why right-to-repair is such a big issue. What I can't understand is why nobody ever talks about Tesla there. They're probably the biggest offender.
> Tesla has these "strange" and extremely unique exemptions from both.
I'm curious why. I've heard that they're exempt from reporting reliability because of some legislative tie-in to emissions reporting. Is it similar to that?
This is one for a write up I'm planning to do. TLDR: Software recalls are a problem across all manufacturers. Thankfully, software has yet to eat the car, so most of these defects have been benign. Mechanical failures and battery fires still dominate the most dangerous recalls, and I have a feeling those issues will persist until the space figures out EVs.
Do EV battery fires cause many deaths? I would imagine that "I crashed the car into a highway barrier at 70 mph" kills far more people than "It caught fire in my garage overnight".
The case of "I crashed but then my car caught fire before emergency services could give me medical help" is hard to categorize, and may be substantial...
I don't have a good number on this, but its a more risky issue than "my infotainment display died" or "my backup camera stopped working".
Basically, the unknown unknowns for vehicle manufacturers is skyrocketing since they are now working outside of core competencies be that EVs, software driven power trains, or backup cameras.
I cant think of a single case where a EV just started on fire and killed someone. Its possible that the Bolt EV burned down some houses but I'm not entirely sure. Most of the time its a terrible crash that causes the cars to start on fire. But those are usually horrendous crashes that would have probably killed the occupant in the first place.
It is interesting how I am unable to find one single link whatsoever on that webpage which goes to wd.com, instead of community.wd.com, including the hyperlinked logo of wd, to discover what actually wd is.
Why should the industry accept as inevitable, even push forward aggressively, on the paradigm that every single device (even non computing ones) should be network connected 24x7?
Are we always mind-connected to every other human? Wouldn't that open us to all sorts of hacking?
I think the s/w and IoT industry needs to step back and consider if they aren't inventing problems rather than solving them.
Some of it is beyond strange too. Even self hosted things break. The Unifi Dream Machine Pro or Plex seem to insist on a WAN connection to their home and break without it.
Because that's apparently the "solution" to the existential horror that someone might buy something, pay money once, and then use it for a long time and maybe even fix it if it breaks. Instead, of course, the desired end state is that nobody ever buys anything, but is always on the hook for endless "rental" and "subscription" fees. More profitable that way for the companies producing the crap.
Unfortunately, they also believe (rightly or wrongly, I don't know, I'm not the target market here) that unless things have an App(TM) to go with it, nobody will buy it. Why would you buy a "dumb toaster" when you can buy an app-enabled "smart toaster" with firmware updates and the ability to send your phone a notification when your toast is done? Standing in the kitchen listening for the ding is soooooo old fashioned!
And, the reality is that most of the companies pushing stuff like that are also "data extraction" companies. There are other companies that pay what, apparently, is reasonably large sums of money for "big data elements" about people. How often do you make toast? Do you like your toast light or dark? What sort of bread do you like? What time do you eat breakfast? Do you sleep in on weekends and make toast later? Do you like eggs on your toast? Do you eat it in a box? Do you eat it with a fox? Do you eat it here or there? Will you make toast anywhere?
Why this is so valuable, I've no idea, but I certainly want no part of this ecosystem.
I've been considering a streaming stick of some sort to replace what appears to be a dying NUC, and some of the "privacy" policies are utterly absurd. Roku's is the worst. It roughly amounts to, "Anything we can think of, we will do and upload, to include scanning your network to find out what else you use. Once we have the data, we will do anything we want with it. And if the laws of your country would make that a problem, we'll just move it to another country that doesn't care and use it there." Really quite horrifying to read.
But they're absolutely inventing new problems - that your device is suddenly without firmware updates and "Oh No, Security Issues!" The solution is, of course, for you to buy another one to replace what would be a perfectly functional one, but they got bored, and updates are hard, and... seriously, who uses a hard drive more than like... 2 years, anyway?
Over the years, I've been increasingly spending my free time away from the internet, working with what seems to be a trend towards older and older machinery. Motorcycles from the early 2000s (some based on late 1930s designs with fairly little evolution since then), a tractor from the early 40s, a car from 1930, etc. And it's a nice breath of fresh air (well, and usually a bit of gas vapors...) compared to the modern stuff. They were built to be maintained, repaired, and have no bloody firmware in them. It's a nice direction.
> Why should the industry accept as inevitable, even push forward aggressively, on the paradigm that every single device (even non computing ones) should be network connected 24x7?
A major software defect would be hard to repair otherwise.
Yes, your statement is correct but I disagree with what you are implying. Please remember that I am the owner of the devices I bought and whether to repair any defect in MY devices should be my decision.
Back when Consumer Reports was testing the Model 3 and found that the brakes sucked compared to other cars, Tesla overnighted them an OTA update and fixed the problem, and everyone seemed focused on how amazing it was that Tesla could do this, and how dealership visits will be a thing of the past, etc.
Very few people asked how they managed to ship a car with both defective brakes out of the box, that were easily fixed with a software update. That's the sort of thing automakers used to test, rather extensively, before sending cars out for testing and use.
I'm old enough to remember when games shipped complete, not "broken and we'll patch it later." I'm not sure the changes have been an improvement.
I'm aware that modern cars ship with something like 150M lines of code, and that nobody could possibly be expected to make sure they're all correct. My solution of "Maybe we shouldn't ship gigabytes of untested and often broken software in a car?" doesn't seem to be very popular.
I posted this in the other thread on this topic, but the CVE for this issue - https://nvd.nist.gov/vuln/detail/CVE-2018-18472 - has been public since 2019. No action taken by WD to remedy it, by their own admission (I found this link on their own announcement).
That's seriously messed up. I'd have to very seriously second-guess buying anything that involves software of any kind from this company.
This should really trigger some kind of mass recall like what is done for cars when there is a safety issue. WD should be obligated to try to make contact with every user of the product to refund them.
I understand the sentiment, but the reality of the situation is if your WD device is hacked while on your home LAN network, you have a much bigger security problem than where your data isn't.
I don't use this specific WD product, but I've had some other network devices automatically and silently add port-forwarding rules to my router using uPnP, even though I never planned to access them from the internet. Maybe that's what happened here?
Dumb hard disks are still fine I'd guess. Just don't go for any "smart", connected or networked device. I have several plain backup HDDs from WD and they, IME, have been more reliable than Seagate from a hardware point of view.
These WD devices were phoning home on scheduled intervals and it appears that got issued a factory-reset command, but only at the “quick” format level so everything might still be there but will need to go through a recovery procedure.
I would take a guess this is not a 'hacker', but instead some mistake by a WD employee who was changing serverside software/config. Maybe even a disgruntled employee trying to wreak havoc...
> The vulnerability report CVE-2018-18472 affects My Book Live devices originally introduced to the market between 2010 and 2012. These products have been discontinued since 2014 and are no longer covered under our device software support lifecycle.
So support can be discontinued after two years after introducing a product??? That's ridiculous. It's not even like this was a one-off product and they're no longer supporting that line of work. WD still sells MyBooks.
Support can be ended at any time and leave you hanging when relying on proprietary software.
The fallout from this will be worse for western digitals brand than just patching the cloud service or smartly shutting it off if they weren’t going to support it.
If they sold it in the EU I think legally they have at least 2 years of support to do. Assuming the software not working directly affects the devices sold abilities.
I don't think so. The seller (not the manufacturer) has to make sure that the device is free of faults for up to two years. The first 6 months it's up to the seller to prove that the device had no issues in the first place, afterwards it it up to the buyer to prove that the device was faulty to begin with.
The manufacturer can only provide a warranty and exclude a lot from it. Like Motorola does with the batteries of the smartphones, which only have 3 months of warranty. The seller has to cover the 2 years.
There is no obligation to support a device, like to provide firmware to fix bugs. If the hardware/firmware has a bug, it is a defect, which entitles you to a fault-free replacement within 2 years.
The page you link to does not refer to the manufacturer, but to the seller.
The seller will tell you to send the item to the manufacturer to check if it is a "warranty" case. You, on the other hand, will tell your seller that you won't do that, that you will send the product to him, and that the will have to check if it is covered by the "legal warranty" (notice the difference between just "warranty" of the manufacturer, and "legal warranty" of the seller). It is up to the seller then to forward the product to the manufacturer or to provide you directly a replacement or repair it himself.
If you send it to the manufacturer, like the seller wanted you to, the manufacturer can send it back to you untouched, saying it is not covered by his "warranty". You will have to pay the shipping. Then you will have to send it to the seller, and also let him know that you had to pay for shipping to the manufacturer, that you'd like that money back as well, which the seller can reject (but probably won't).
The seller is in a worse position than the manufacturer, because only he is bound to the the things mentioned on the page you linked to.
There is a difference between the seller and the maker. But as the customer is supposed to be covered one way or another for 2 years, does it really matter in the end ?
For instance Apple had to extend its warranty to 2 years in europe, while leaving it at one year everywhere else for a while. The same way, most sellers won’t deal with makers that will put them on the spot for repeated repairs down the line.
It does matter, because in Europe the manufacturer usually has a reduced warranty (or like you say, 1 year in other parts of the world).
Apple had to extend it because they are not only the manufacturer, but also a seller (same goes for Google and Microsoft).
If you buy your MacBook on Amazon then it can very well be the case that you are not getting the same warranty you get when you buy it directly from Apple. In that case Amazon is responsible for covering the difference in warranty, and you'll have to deal with Amazon if you have problems. But Amazon will tell you to send it to Apple, and if they don't cover it, send it to Amazon, and they'll either repair or replace the device for you.
> The same way, most sellers won’t deal with makers that will put them on the spot for repeated repairs down the line.
This is why the manufacturers will usually be accommodating towards the seller. You're in a better position if you let them both take care of it between themselves, instead of doing the seller's work. Of course this will take more time, but you're more likely to get a better result.
If you live in Europe, just keep in mind that you usually have more rights if you contact the seller instead of the manufacturer, as there's no small print you'd need to read on a warranty card. Either the device works or it doesn't.
> That's seriously messed up. I'd have to very seriously second-guess buying anything that involves software of any kind from this company.
If you connect a device to the Internet, you must maintain it. If it's a server, you need typically some system administrator behind. If it's a hardware object such as a camera or a NAS, you need a maintenance contract.
Having a device connected to the Internet without any maintenance is asking for troubles.
This is the only wrongdoing here for WD: not informing their customer that "end of life support" strictly means "DO NOT CONNECT ANYMORE TO THE INTERNET YOU FOOLS!"
Seagate EOL'd its "GoFlex" series of drives (NAS and external cases) a couple years ago. The right thing to do would have been to open it up (they're running linux) so that people could make better use of them instead of essentially turning them into semi-crippled garbage. Someone's dedicated blog gave a bit more usability for a while (such as the necessary hacks to actually make the drives compatible with their own system!) - http://goflexhome.blogspot.com/p/ive-had-my-goflex-home-for-....
Yeah - they sold interchangeable drives/docks that wouldn't actually work interchangeably until you issued your own fixes. They had a stupid server-based auth system that they obviously didn't want to keep maintaining. But, that auth system wasn't even necessary except for utilizing their webclient.
It's a shame, because the NAS/DLNA drive was fast and reliable on a home network.
108 comments
[ 0.24 ms ] story [ 163 ms ] thread"The WD MBL log files indicate a script issued “FactoryReset” command to users all over the world. I don’t use Cloud Storage so I don’t understand how this can happen?"
Oh boy... plus side is other users said data seems to be potentially recoverable
On a serious note though, it's kind of a double edge sword, you still have to provide firmware "I bought this device and I can't even use it without downloading something from the internet...!!!" or "The firmware I downloaded off the internet stole my wife and burned down my house!"
This was fairly obvious a decade ago, and today it should be planly obvious.
Google may not be the most trustworthy but I at least trust my data is backed up and safe from hackers.
Sounds like for at least some of them, the IoT part was purely a negative as it's solely responsible for their lost data.
The storage is effectively integral to all of them, yeah. Not necessarily the IoT.
https://www.nasdaq.com/market-activity/stocks/wdc/short-inte...
To make money off shorting the stock, all you need is for the stock to drop in price
https://www.investopedia.com/terms/d/deltagamma-hedging.asp
This shit is coming.
We're getting what we deserve.
See: John Deere & tractors, Right to Repair, etc.
And possibly work like electric scooters, you just park the car and it's not your problem, the next day you use a different one that's close by.
I talked to a non-technical Tesla owner friend of mine and I was expressing the sentiment that I didn't want a Tesla because I didn't want to join the rent-extraction everything-is-a-SaaS world that Tesla (and just about every business) seems to be driving towards. His response was of course about how he's never had to pay for any upgrades or anything like that for his Tesla.
A lot of people have jumped on this train with us (the "techies") because some of said it was awesome and the best version of the future and it seems like a lot of people do not see where this track is leading and will be surprised when we get to the terminus.
(all puns are intended)
Then again buy or lease a BMW and you'll need to pay a lot of money to the dealer for simple parts to be changed, because a, the parts are pricey, b, the parts are hard to access. The Tesla at least doesn't have that -hardware- issue.
I'm a recent Tesla owner. What's the worst case scenario you're envisaging ?
If anything, it’s traditional manufacturers like BMW ( https://www.businessinsider.com/bmw-subscription-model-for-f... ) that are pushing for this, not Tesla.
The blurb at the top of the Tesla upgrades page (https://www.tesla.com/support/upgrades) feels like it would be a shot across the bow for any car company in the same premium car market that Tesla operates in. I really don't think this monetization model was considered heavily before Tesla existed. Info-tainment sure, but the rest of the car I don't think so.
> But, as long as this doesn't turn into a subscription model. I don't really see the analogy to SaaS.
As long as it doesn't! It's also fully possible that the sum-total of changes that this future Tesla is pioneering will be a consumer positive, will be interesting to see how it turns out.
Personally I picked up a VCDS adapter for my VW GTI and was able to turn on things like a startup gauge sweep, automatic window closing when it detects rain, configure the puddle lights to turn on when the windows fold and heaps more.
When you don’t pay for heated seats in a VW it doesn’t come with heated seats at all. Maybe the Tesla way is better? But the comparison isn’t one to one.
What about if you replace parts of the car yourself? (I guess that's not even possible?)
It sounds like Massachusetts is pushing for laws to make it even easier: https://grist.org/politics/tesla-want-to-fix-your-own-massac...
I don't follow this channel but I do not remember Tesla being particularly encouraging of the trend, similar to other defacto closed ecosystems. They're definitely not egregious but just a little bit closed-by-default.
[0]: https://www.youtube.com/watch?v=NuAMczraBIM
[1]: https://www.youtube.com/channel/UCfV0_wbjG8KJADuZT2ct4SA
[2]: https://www.youtube.com/watch?v=1PWlkAZCojg
To be fair to Tesla, infotainment systems were already heading in this direction, but they have a well established after market and most of the time it's very easy for people to refuse the option and install their own (with Apple/Google/etc integration). Tesla didn't invent this, but the move from just an add-on to what some might consider core "car" functionality seems to me like it can be attributed to Tesla. There is an argument to be had over whether those features are core or not -- are you selling a car that has better acceleration or not? Does it self drive or not? The answer becomes a maybe only because of Tesla's choices, and marks a shift in the thinking. For example turbo'd cars have to get their turbos tuned dynamically -- imagine a world where you have to pay for your car's turbo tuning as a service every month.
> Then again buy or lease a BMW and you'll need to pay a lot of money to the dealer for simple parts to be changed, because a, the parts are pricey, b, the parts are hard to access. The Tesla at least doesn't have that -hardware- issue.
I agree that the current luxury market has a lot of fat. Tesla has come a long way in reducing the fat (the amount of vertical integration they've done is amazing), but my problem is that I don't think the choice to buy an option that isn't doing this monetization model will be around much longer in the worst case.
> I'm a recent Tesla owner. What's the worst case scenario you're envisaging ?
I mean realistically, a world where cars are just another rent-seeking vehicle for conglomerates. For most of history you could buy a car that just worked, and eventually it would become an asset to you and "pay itself off". Cars that never pay themselves off are great at first, until you hit the inflection point where they would have paid themselves off. In a world where most cars (and/or functionality) are leases and thus rent-able machinery, it feels kind of like kicking the ladder in a way that's hard for me to pin down.
Further down the road in my worst case scenario, non-self-driving cars are outlawed all together for safety reasons (once the tech is down it will very likely be hard to argue for letting people put others in danger).
[EDIT] - Just to add for people who have never dealt with turbo-ing their own cars or getting "tunes" for turbo setups, you tune turbo setups on cars and essentially get a golden set of data that works for a certain performance profile. This is necessary because altitude, pressure, specifics of your setup can cause changes in what the software should be telling the components to do at any given time or place in the "power band" (your tachometer, roughly).
This is the kind of thing that can be a dark art since you could optimize nearly endlessly and bad settings are dangerous but once you do it can be reproduced for near free given similar inputs (and of course, dealer-made cars are very similar inputs by design). It would be a perfect thing to SaaS-ify -- most performance-concerned consumers wouldn't think twice about paying $xx or even $xxx a month for a decent tune (assuming a decent general tune wasn't free). Then you have to do things like make sure they're not hobbling base tunes to make premium models more attractive (this has happened in the past already IIRC).
That's decades away for places like Canada and Scandinavia. Outside of California where you actually have snow, the self driving doesn't seem very impressive when it only works for like 40% of the year
But you can buy parts for a BMW. Its not even an option to buy OEM or aftermarket parts with a Tesla. That simple fact cuts out a huge segment of the market from even considering one. You have the crowd that can afford to keep a late model car still under warranty (soccer moms, yuppies, suburbanites, etc) and then you have everybody else who drives used cars or runs them for business. That second group needs to be able to buy parts and the realistic ability to fix them themselves, independent shops, or fleet service. Without that teslas are disposable vehicles. Most people aren't going to buy a second wrecked tesla and park it in the side yard just so they can keep their daily driver running. They'll just buy a different car unless Tesla can sell theirs so cheap everybody will be able to buy another every couple years.
My point above was that talk to any BMW owner about maintenance costs and see if it's any better than the rent seeking concern around software above.
I'll give you a strike against Tesla if you want one, though. If I wreck my car or get it replaced, I lose Acceleration Boost because it's not tied to my account in any way.
This is unusual and unique for auto manufacturers. And its the only thing like it other than other industries such as agriculture (e.g. John Deer). Normal federal laws require auto makers to produce or stock parts for a time period after manufacturer date. This is usually the reason you have licensed aftermarket parts from other makes. Its also the reason GM forced everybody to return all those EV1s since they didn't want to take the loss making those parts after the trial run. Federal law also requires standard interfaces for diagnostics and information such as OBD2. So both state or federal inspection can happen as well as automotive techs can keep the economy going when your vehicle breaks down far from a licensed dealer. The US isn't being weird here, almost every country has the same sorts of rules on the books.
Tesla has these "strange" and extremely unique exemptions from both. Not entirely sure how you get those since its extremely lucrative to have. GM would have probably let people keep their EV1s if they had them. You'd certainly see regular makes come to production with more popular concept cars and keep them true to the concept if they had them. Basically, every other make would love to do the same thing Tesla is doing right now. But for them, they have no choice but to play the uneven playing field if they want to enter the American market. So they have to remain more cautious and careful about what they do release into the wild.
You can "mod" anything but that is not buying new suspension components or even a windshields. And hacking it is no different than what farmers keep trying to do with their John Deer equipment. That is also why right-to-repair is such a big issue. What I can't understand is why nobody ever talks about Tesla there. They're probably the biggest offender.
I'm curious why. I've heard that they're exempt from reporting reliability because of some legislative tie-in to emissions reporting. Is it similar to that?
They will be looking for vehicles that are easily repaired.
https://www.bbc.com/news/technology-39898319
https://www.edn.com/toyotas-killer-firmware-bad-design-and-i...
https://www.nbcnews.com/business/consumer/honda-recalls-1-4m...
https://www.motorbiscuit.com/jeep-cherokees-recalled-over-sl...
https://www.autonews.com/regulation-safety/mercedes-benz-rec...
https://pressroom.toyota.com/toyota-is-conducting-a-safety-r...
https://www.forbes.com/wheels/news/tesla-recalls-135000-cars...
https://www.prnewswire.com/news-releases/hyundai-issues-reca...
https://www.reuters.com/article/us-bmw-emissions-idUSKCN1G72...
https://www.reuters.com/article/uk-volkswagen-software-idUSK...
https://www.motorbiscuit.com/nissan-issues-huge-recall-on-se...
https://www.mlive.com/news/2019/08/audi-recalls-144k-vehicle...
https://www.automotive-fleet.com/336135/mazda-recalls-three-...
https://www.thetruthaboutcars.com/2020/02/gms-software-recal...
https://www.motorsafety.org/subaru-recalls-2020-legacy-and-o...
The case of "I crashed but then my car caught fire before emergency services could give me medical help" is hard to categorize, and may be substantial...
Basically, the unknown unknowns for vehicle manufacturers is skyrocketing since they are now working outside of core competencies be that EVs, software driven power trains, or backup cameras.
Are we always mind-connected to every other human? Wouldn't that open us to all sorts of hacking?
I think the s/w and IoT industry needs to step back and consider if they aren't inventing problems rather than solving them.
Unfortunately, they also believe (rightly or wrongly, I don't know, I'm not the target market here) that unless things have an App(TM) to go with it, nobody will buy it. Why would you buy a "dumb toaster" when you can buy an app-enabled "smart toaster" with firmware updates and the ability to send your phone a notification when your toast is done? Standing in the kitchen listening for the ding is soooooo old fashioned!
And, the reality is that most of the companies pushing stuff like that are also "data extraction" companies. There are other companies that pay what, apparently, is reasonably large sums of money for "big data elements" about people. How often do you make toast? Do you like your toast light or dark? What sort of bread do you like? What time do you eat breakfast? Do you sleep in on weekends and make toast later? Do you like eggs on your toast? Do you eat it in a box? Do you eat it with a fox? Do you eat it here or there? Will you make toast anywhere?
Why this is so valuable, I've no idea, but I certainly want no part of this ecosystem.
I've been considering a streaming stick of some sort to replace what appears to be a dying NUC, and some of the "privacy" policies are utterly absurd. Roku's is the worst. It roughly amounts to, "Anything we can think of, we will do and upload, to include scanning your network to find out what else you use. Once we have the data, we will do anything we want with it. And if the laws of your country would make that a problem, we'll just move it to another country that doesn't care and use it there." Really quite horrifying to read.
But they're absolutely inventing new problems - that your device is suddenly without firmware updates and "Oh No, Security Issues!" The solution is, of course, for you to buy another one to replace what would be a perfectly functional one, but they got bored, and updates are hard, and... seriously, who uses a hard drive more than like... 2 years, anyway?
Over the years, I've been increasingly spending my free time away from the internet, working with what seems to be a trend towards older and older machinery. Motorcycles from the early 2000s (some based on late 1930s designs with fairly little evolution since then), a tractor from the early 40s, a car from 1930, etc. And it's a nice breath of fresh air (well, and usually a bit of gas vapors...) compared to the modern stuff. They were built to be maintained, repaired, and have no bloody firmware in them. It's a nice direction.
A major software defect would be hard to repair otherwise.
Back when Consumer Reports was testing the Model 3 and found that the brakes sucked compared to other cars, Tesla overnighted them an OTA update and fixed the problem, and everyone seemed focused on how amazing it was that Tesla could do this, and how dealership visits will be a thing of the past, etc.
Very few people asked how they managed to ship a car with both defective brakes out of the box, that were easily fixed with a software update. That's the sort of thing automakers used to test, rather extensively, before sending cars out for testing and use.
I'm old enough to remember when games shipped complete, not "broken and we'll patch it later." I'm not sure the changes have been an improvement.
I'm aware that modern cars ship with something like 150M lines of code, and that nobody could possibly be expected to make sure they're all correct. My solution of "Maybe we shouldn't ship gigabytes of untested and often broken software in a car?" doesn't seem to be very popular.
That's seriously messed up. I'd have to very seriously second-guess buying anything that involves software of any kind from this company.
These WD devices were phoning home on scheduled intervals and it appears that got issued a factory-reset command, but only at the “quick” format level so everything might still be there but will need to go through a recovery procedure.
> The vulnerability report CVE-2018-18472 affects My Book Live devices originally introduced to the market between 2010 and 2012. These products have been discontinued since 2014 and are no longer covered under our device software support lifecycle.
So support can be discontinued after two years after introducing a product??? That's ridiculous. It's not even like this was a one-off product and they're no longer supporting that line of work. WD still sells MyBooks.
The fallout from this will be worse for western digitals brand than just patching the cloud service or smartly shutting it off if they weren’t going to support it.
The manufacturer can only provide a warranty and exclude a lot from it. Like Motorola does with the batteries of the smartphones, which only have 3 months of warranty. The seller has to cover the 2 years.
There is no obligation to support a device, like to provide firmware to fix bugs. If the hardware/firmware has a bug, it is a defect, which entitles you to a fault-free replacement within 2 years.
https://europa.eu/youreurope/business/dealing-with-customers...
In particular there is mention of purpose:
> is not fit for purpose - either its standard purpose or a specific purpose ordered by the customer which you accepted
The seller will tell you to send the item to the manufacturer to check if it is a "warranty" case. You, on the other hand, will tell your seller that you won't do that, that you will send the product to him, and that the will have to check if it is covered by the "legal warranty" (notice the difference between just "warranty" of the manufacturer, and "legal warranty" of the seller). It is up to the seller then to forward the product to the manufacturer or to provide you directly a replacement or repair it himself.
If you send it to the manufacturer, like the seller wanted you to, the manufacturer can send it back to you untouched, saying it is not covered by his "warranty". You will have to pay the shipping. Then you will have to send it to the seller, and also let him know that you had to pay for shipping to the manufacturer, that you'd like that money back as well, which the seller can reject (but probably won't).
The seller is in a worse position than the manufacturer, because only he is bound to the the things mentioned on the page you linked to.
For instance Apple had to extend its warranty to 2 years in europe, while leaving it at one year everywhere else for a while. The same way, most sellers won’t deal with makers that will put them on the spot for repeated repairs down the line.
Apple had to extend it because they are not only the manufacturer, but also a seller (same goes for Google and Microsoft).
If you buy your MacBook on Amazon then it can very well be the case that you are not getting the same warranty you get when you buy it directly from Apple. In that case Amazon is responsible for covering the difference in warranty, and you'll have to deal with Amazon if you have problems. But Amazon will tell you to send it to Apple, and if they don't cover it, send it to Amazon, and they'll either repair or replace the device for you.
> The same way, most sellers won’t deal with makers that will put them on the spot for repeated repairs down the line.
This is why the manufacturers will usually be accommodating towards the seller. You're in a better position if you let them both take care of it between themselves, instead of doing the seller's work. Of course this will take more time, but you're more likely to get a better result.
If you live in Europe, just keep in mind that you usually have more rights if you contact the seller instead of the manufacturer, as there's no small print you'd need to read on a warranty card. Either the device works or it doesn't.
If you connect a device to the Internet, you must maintain it. If it's a server, you need typically some system administrator behind. If it's a hardware object such as a camera or a NAS, you need a maintenance contract.
Having a device connected to the Internet without any maintenance is asking for troubles.
This is the only wrongdoing here for WD: not informing their customer that "end of life support" strictly means "DO NOT CONNECT ANYMORE TO THE INTERNET YOU FOOLS!"
WD My Book users wake up to find their data deleted - https://news.ycombinator.com/item?id=27624735 - June 2021 (254 comments)
Yeah - they sold interchangeable drives/docks that wouldn't actually work interchangeably until you issued your own fixes. They had a stupid server-based auth system that they obviously didn't want to keep maintaining. But, that auth system wasn't even necessary except for utilizing their webclient.
It's a shame, because the NAS/DLNA drive was fast and reliable on a home network.