It really goes to show Apple Advertising has no basis in reality. "Security" claims are obviously debunked on a weekly basis if you work in tech.
"Privacy" claims are just as nonsensical as we've seen Apple bend to multiple governments (PRISM). You bet Apple will sell your privacy if the deal is good enough.
That being said, I don't think anything can be secure, we must treat everything as potentially compromised and act accordingly. I diversify my emails/bank/HDD/etc... So if one gets hacked, I didn't lose everything. Edit- Also those Superstars may be known, but you bet there are experts that would take the money rather than prestige.
> "Privacy" claims are just as nonsensical as we've seen Apple bend to multiple governments (PRISM)
From everything I have seen, PRISM wasn't about companies cooperating. It was about literally hardware splicing the fiber lines between FAANG type corp datacenters and taking that info. Google famously was using dark fiber unencrypted and started encrypting that traffic between DCs because of it. It just so happens you split a fiber line into 2 by using a crystal prism...
Google end-to-end encrypts Android backups. Apple does not end-to-end encrypt iCloud backups (on by default on every iOS device), and it serves as an effective cryptographic backdoor to the end-to-end encryption in iMessage by escrowing the keys (as well as the full message content and attachment history) to Apple each night, using Apple keys, which permits Apple (and by extension the FBI, without a warrant) to read every message sent or received by a device in such a default iCloud backup configuration, without ever touching that device.
They were going to fix this, but Apple Legal killed the project while it was underway. This was done at FBI request, according to Reuters' sources.
PRISM absolutely was about tech companies sharing data with the government.
From the PRISM Wikipedia article[1]:
> The documents identified several technology companies as participants in the PRISM program, including Microsoft in 2007, Yahoo! in 2008, Google in 2009, Facebook in 2009, Paltalk in 2009, YouTube in 2010, AOL in 2011, Skype in 2011 and Apple in 2012.
"Participating" covers a broad range of activity when it comes to this program, and would include things like having a portal to provide the legally mandated info that must be returned upon proper presentation of a warrant. Is it really 'sharing data with the government' if the latter shows up with a properly executed warrant for the data?
PRISM data is obtained without a warrant, even for USians whose data is supposed to be protected by a warrant, because of a special secret interpretation of the FISA Amendments Act (FAA) Section 702.
It's warrantless, and the court that decides whether or not it's legal is itself classified and unaccountable and almost never denies surveillance.
This abuse was cited by Ed Snowden as one of the reasons he came forward. It's a public law, but a secret interpretation by a secret court that cannot be challenged by the people to which it applies.
It's not inaccurate to describe it as a military coup, given that it allows the US intelligence community to surveil everyone in the legislature and judiciary.
Section 702 only allows them to request data from accounts that belong to foreigners outside the US, so no, it doesn't allow the US intelligence community to surveil everyone in the legislature and judiciary.
The slides on that page diagree. PRISM was/is a data collection project. The sources came from other projects like the diagrams show. Those dont show anything about cooperation, only collection.
The documents don't identity them as "participants." They only say when data from those company was ingested into PRISM, which is simply a data integration program between the NSA and the FBI. The FBI's Data Intercept Technology Unit is clearly labeled in the slides.
The government issues a Section 702 order for some account(s) data, the company reviews the request and denies it if the account appears to belong to somebody in the US or an American (both of which cannot have their data requested via a Section 702 order), and then sets up a forward to the FBI. PRISM then geta that data from the FBI and parses it into fields for various NSA databases. Again, this is very clearly drawn out in the system diagram slide that Snowden leaked.
You seem to be quite prone to making unfounded hyperbolic pronouncements about Apple in several different threads lately. As the responses show, it might be worth toning down the rhetoric and staying true to proven reality for a while concerning this subject.
Apple is far from perfect, but often in the context of its market peers being much further from perfect. In that context, saying that their considerable security efforts and accomplishments amount to nothing but marketing lies is more than a little uncharitable.
I think that saying that Apple is especially bad at security would be wrong. But apple claiming they are the only ones who can protect users might be going a bit far....
No. The only people who make this claim are Apple critics who put words in Apple's mouth to justify whatever clickbait blog post they're putting out this week to pad their resumes and harvest echo chamber thumbs.
But as we know from politics, if you tell a lie enough times it becomes the truth.
In the article you linked to, I didn't see Apple claiming they alone can protect user's privacy. I read instead that Apple suggested all companies should strive to protect their user's privacy.
Not seeing Apple claiming only they can protect user's privacy. Instead the article quotes Tim Cook trying to pressure the governments t recognize privacy as a fundamental human right.
One of my biggest complaints is how https flags text based websites for being dangerous.
What danger could possibly happen if I'm reading about a Physical Therapy clinic?
They don't take credit cards, there's no information for me to enter on the website.
But unless the Physical Therapist knows how to manage the server, they get this scary warning.
Maybe it isn't a big deal to US healthcare because they make lots of money. But I imagine there are others that don't have the technical abilities to upgrade to https. Could your grandma do it for her sewing store?
Just because the original site was simple, doesn't mean that the thing an MITM replaces it with needs to be. Sites aren't apps; sites that do little don't "install" into the browser with an intentionally-limited set of permissions, such that an attacker would then be limited in their attack by those permissions. An MITM can replace the site with basically whatever they like.
I can't find the example (it was linked on HN a few years back), but a clear demonstration of this is a case where the MITM can serve a phishing page that initially appears to be the original site you've hijacked (so the user trusts it, and leaves it alone); but later, while the page is not visible (for example, when the user switches away from that tab), the page will switch over to showing a Facebook login screen or something.
Since the website isn't a known "malicious site" (so no alert from the browser), the user probably won't bother to look at the URL bar. They'll just think they left Facebook open in a tab, and it logged them out for inactivity. So they'll "log back in."
Grandma’s sewing store would be hosted on a VPS or Squarespace, and will have a checkbox to provision “secure site encryption” for her without any further work required on her part. (They may charge her money for the certificate, if they’re a scummy VPS.)
This ship has sailed, though: “plaintext HTTP” is available only with HTTP/0 and HTTP/1. This article is discussing HTTP/3, which carries forward the requirement of wire encryption that HTTP/2 argued over for a long time and then incorporated into the standard.
(Incidentally, my grandmother was a Smalltalk and 6502 assembly programmer of educational software in the 80s. She let me read her technical books at age 5. Probably best to find another example, such as “non-technical site owners”.)
Your browser might flag a http server as dangerous (mine doesn't - it just has a padlock with a line through), but you're leaking information to your ISP that you are reading about a Physical Therapist.
If your site tries to do https and fails (self signed or invalid certificate) it will rightly flag up that it's a problem.
My grandma would not be able to manage a server on the internet, let alone responsibly manage it. If you can't set up a modern server with https then you shouldn't be running a server on the internet at all.
Assuming your physical therapist has their own website with its own doman, and not just, say, a Facebook page, you're leaking that information to your ISP with https, too. https doesn't hide the domain you're talking to, just the specific URLs within that domain.
SNI doesn't encrypt the desired hostname in the payload of the initial connection. It's still plainly visible to an eavesdropper. They can also observe un-encrypted DNS lookups.
The problem is you can't trust what you're reading to be from the source. Maybe the site doesn't take credit cards. But after a MITM it might suddenly start taking credit cards. And other things. Whatever the attacker wants! All in the seeming name of the origin.
MITM like that still works for most https websites because of the automatic domain validation by ACME-based certificate authorities. The only caveat is that now an attacker has to get a valid certificate, so first he has to do MITM on the route from the datacenters where CAs run validators to the datacenter where the website is hosted, which for most websites today is likely a long route crossing many countries, after that an attacker gets the exact capabilities as with MITMing http.
It doesn't. Pretty much no one monitors CT logs and for those who do there is no way to prove misissuance of domain-validated certificate and revoke it, they don't have private keys.
If you believe you have been successfully attacked this way you should report it, the logs would be part of your evidence. I spent some time looking for this sort of thing, and it does look like it happens sometimes, mostly to military or political targets, but it's rare. That work is owned by a previous employer, but let's say dozens of times across several years.
You are entitled to revocation of any unexpired certificates for names over which you can demonstrate control. For Let's Encrypt for example you can automate this, simply make the API calls to demonstrate control (as you would for issuance) and then present the certificate that is to be revoked (it's in the logs) and ask their API to revoke it.
But if an attacker can intercept domain validation to issue a certificate, there is little reason not to protect his own certificate from revocation by preventing subsequent validations until it is used on a target, if he can't hide this fact in some way of course. A report of that will look like someone is trying to revoke a certificate for a domain they don't control and won't actually solve the problem even if a human can be convinced by other method that you do control the domain.
Maybe DNSSEC could be used here to help if ACME added a way to force DNSSEC-only domain validation.
That's the thing, they don't seem to bother actually addressing the problem and assume no other interception capability than hacking BGP. But we are talking here about exactly that, i.e. if you can intercept traffic in any other way somewhere close to a website or its nameservers - you can get a valid certificate and use it to MITM its visitors anywhere in the world where you can intercept traffic too. And in case of using big cloud providers for validation to "improve" security, this still likely pushes traffic from all of them through some big IX before reaching a datacenter with a website and at worst only adds a couple more points an attacker has to intercept traffic at to get the certificate.
This is where all that centralization is really bad for security. It basically makes https a protection only against low effort MITM of last mile ISPs.
https doesn't care about the content, it's the browser that tells the user that his communication is in the clear, and there's no assurance as to who the user is talking to.
> What danger could possibly happen if I'm reading about a Physical Therapy clinic?
Depends what is a "danger" to you. Your insurance learning you're having issues and deciding to increase the amounts you owe them, because they saw that your back is aching, is definitely a problem.
> But unless the Physical Therapist knows how to manage the server, they get this scary warning.
Wrong. In 2020, if the Physical Therapist can have an http website, they can have an https website with a valid certificate.
It's the same for your grandma store. Going from no website to http is a much much bigger step than going from http to https.
Using the same logic, https://facebook.com is also a danger, since we know they routinely sell out our personal data to advertisers and probably anyone who is willing to pay for them. Or an aquitance could be an insurance agent... Not to mention NSA as a source of danger in this sense.
The real danger I see is the disappearance of lots of quality, not-for-profit content that reminds me of the good old Internet, swapping it with new shiny https publishers, of which 90% belong to the same owners. That's the real danger to the society. The long tail is disappearing, while commercial interests, and the manipulation that comes with that sneaks in everywhere.
A real danger of not going with TLS is MITM attacks. Specifically, injection of hostile JS, CSS or whatever that can be used to penetrate your browser and/or local system.
HTTPS is free (with let's encrypt) and useful for privacy.
For example:
No one is stopping someone from intercepting your request to your clinic and add a form asking for personal details - and then using those details to "restore password" - or simply ask for your CC number. You might not fall for it but are you as confident in all other patients?
Not to run, just to keep running long-term. If Let’s Encrypt exploded you would have less than 30 days to get it running again. But that’s not such a short time.
Nope. https, hybrid crypto and pub->free CA's are the largest backdoor into internet traffic ever (accidentally) devised. The standardization on https for everything (including alt app protocols (dns,etc...)) is very apparently an info grab.
Sym crypto is the only answer (Schneier,DJB) people have been trumpeting this for years.
If I connect to a server via https and see it's certificate, I am confident that my communication is secure between me and the server hosting that certificate.
To validate the person holding that certificate is who they claim to be, how can I do that? By either getting their certificate out of band (impractical), or trusting an intermediate.
Lets encrypt doesn't make it any easier or harder to get an invalid certificate.
Now if the server wants me to authenticate, https has that built in. I can present my own client certificate, and if it's signed by somewhere the server trusts, it knows who I am. But how would a random server authenticate who I am? I'd personally rather use certificates or ssh keys or similar than usernames and passwords, but that's too complex for the average person.
Clearly I could have lost control over the key to my certificate, or the server could have lost theirs, there's not much you can do about that, no matter what type of authentication system you use.
It all sounds ageist and misogynystic to me. I work with a few grandmas who are right there on top of the newest technologies going. One is a scientist working on a hell of a cool cloud product. Old ladies aren't the model of stupidity, as this thread might lead someone to believe.
Yes, exactly. Grandma should be able to easily publish. Now grandma doesn't say anything because the unnecessary complication pushed by google (https and now http3 which might be enforced a few years later. These has little to do with security and performance;
mostly the google ad business has any revenue from all these complications)
Grandma also pays her registrar and ICANN for the domain every year too. Free was never the price of having a website, and it's not a reasonable standard of expectation today. As is with literally anything else that needs maintenance, if you can't maintain it yourself, you have to pay someone else to maintain it.
First, getting authentic data from the provider so that you know what they published is what you're reading.
But also links and embedded links/scripts. Since HTTP can be (relatively) trivially MITMd, it not only exposes end users to getting manipulated info, but also, having them running Javascript that's not what the site owner intended.
Safety issues are recalled, so you would see them regardless.
Since Tesla has less than 1 million cars built IIRC, it's actually much worse of a problem. Other automakers have hundreds of millions of cars on the road with different designs, each with potential problems.
Yet something safety critical like a roof falling off happens rarely, but get recalled.
I’m not seeing this VW recall. Are you referring to Takata airbags? That’s an old recall but a really bad one, caused by Takata not the car manufacturers. The ECM getting updated for emissions reasons? I just took my car in for that one during my regular service, it’s a service bulletin not a recall.
The car makers knew the liabilities of using ammonium nitrate as an airbag propellant. It was just cheaper. It's not like Takata swapped from a stable propellant to one which could be stable if everything was done just right on their own without telling anyone.
That doesn’t answer my question first off and moves the goal posts elsewhere secondly. The issue here is there isn’t a VW recall I can find that he’s talking about, the airbag issue was an industry wide thing and not tied to a specific manufacturer, whereas this issue is tied directly to Tesla moving fast and breaking things still.
As someone who’s designed auto interiors, where other people see simplicity like a single touchscreen for all controls, I see an ergonomic disaster motivated by cost cutting.
I'm genuinely curious, could you explain how the touchscreen is a disaster?
I haven't seen a Tesla interior so when you say "all controls" it's a bit concerning. I'm assuming you're talking only of non-driving related control...
Because of the lack of tactile feedback, touchscreens often lead to distracted driving by forcing drivers to take their eyes off of the road to carry out simple tasks. As an example, take HVAC and radio functionality -- in older cars with buttons and knobs, after a short amount of time, people can operate these functions without looking. The same is not true for touchscreens. That's not to say that there is no place for them in cars, but the consensus it's better to use a combination of touch screen (for things you don't often adjust while driving) and physical controls (for things you do). But it's generally cheaper to slap a big ol' touchscreen in cars that does everything, and change configurations in software, rather than investing in custom interior designs for each model of car. And it's not just Tesla doing this, even companies who hang their hat on safety like Subarus are stuffing more and more functionality into touchscreens[0].
Not entirely related, but I always hated the red dash lighting on my car. I thought it looked ugly and wondered why they didn't just go with a cleaner white colour.
Then I read about red light is specifically used in car dashboard lighting and airplane cockpits because it helps with night vision. What I thought at first was just an ugly colour choice was actually a very subtle design decision to help while driving at night.
It always reminds me how complicated and multifaceted good design is. There are always trade offs to consider, but minimalism as a design trend often seems a little too willing to ignore those trade offs and will sacrifice traits like safety, efficiency and flexibility for the sake of cost and simplicity.
Then I read about red light is specifically used in car dashboard lighting and airplane cockpits because it helps with night vision.
Given that there is a stream of not-red lights shining at me in the opposite lane, I've been skeptical of this claim since Nissan did it in the 300Z like 30 years ago. It's there to look cool, not be useful. There's a subtle design lesson in there as well, I'm just not sure what it is.
When I took an astronomy class in college, we'd have "night" class on the roof, with telescopes, and star maps.
We were instructed to bring flashlights, but cover the lens with a red layer, to keep the pupils from closing too much, so we could both look at stars but read our star charts.
The headlights in the other lane don't disqualify the benefits of using red lighting inside the car.
You don't need night vision when headlights are visible in the opposite lane. You'll appreciate it when you are driving on a dark road on a moonless or overcast night.
I don't even have a Tesla, I have a 2013 Prius which has an array of buttons for everything instead. The only knobs are the miniscule (and hard to turn) volume and tune buttons on the radio. They made a token effort but placing indentations on the heater temp and fan speed buttons but after five years I still can't operate anything on the center console without taking my eyes off the road.
I love almost everything about my Prius but the person who designed the interior to look like a Starfleet shuttlecraft should be shot.
As a Model Y owner (who still has his roof!), you very quickly become accustomed to it. Excellent voice controls allow for finding music easily, and adjusting things like the AC is done so infrequently that doing it through the touch screen is a non-issue.
Every human factors study I’ve seen results for indicated that touchscreens were ergonomically inferior. Drivers would take longer to make the same adjustments and were more distracted while doing so. You may be underestimating how much the touchscreen impacts your ability to drive. Voice control is indeed much better, but as others have pointed out, experiences may vary.
or are a non native english speakers.
Sure, not getting voice control to work properly in my language is one thing, but not being able to deal with local accents (which is a majority in the world) makes voice control almost useless.
Even the Ford Mustang Mach E has copied the Tesla center-screen design. At least they also have a short-wide screen behind the steering wheel too, and they've included a big knob embedded into the bottom of the center console screen. Hopefully that helps.
Wow. I feel like I got my Subaru at just the right time when driver assistance tech was somewhat mature but the user interface was still mostly mechanical.
I'm not familiar with Teslas at all, but it sounds like a voice interface might help work around some of these limitations, a la Alexa/Hey Google. Maybe they already have it?
Please no, nothing is more frustrating and distracting to try to get my virtual assistant to fix something they've misunderstood. That's about as fun as arguing with your passenger about directions while driving.
It feels like a specialized voice control interface with a limited set pre-programmed functionality accessible through specific hard-coded keywords (which is what I assume Teslas could be equipped with for this purpose) might have a much easier time getting things right compared to an open ended general purpose virtual assistant that has to deal with completely arbitrary voice commands and unbounded ambiguity.
I used to think that voice recognition sucked until I tried Google Assistant. Holy shit is it amazing when it picks up every single word you utter every single time. Truly impressive and if car manufacturers can license the voice tech from Google I can definitely see the tech being quite useful.
They do. You can control many things with voice in Tesla.
I don't know the comprehensive list of things you can use it for, but so far I used it to:
* Change temperature
* Play a specific song
* Set navigation to a new destination
I didn't put switching music tracks (next&previous)/adjusting volume on that list, because those can be easily performed using the scrollable button on the steering wheel.
If by voice control, you mean asking a passenger to do it, sure. If you mean trying to find the right keywords while driving a vehicle at 65 mph, no thanks. I'm a native english speaker with a california accent and none of the systems I've used have been much help.
It's like playing an old text adventure without the manual, so you don't know the verbs. It uses too much thinking to try to come up with different words while also trying to drive.
Your federal law does not necessarily apply everywhere a tesla may be purchased and operated (I'm not saying it makes economic sense or anything, just that US law is likely not the sole reason it's there)
> I'm genuinely curious, could you explain how the touchscreen is a disaster?
Touchscreens in cars are a disaster, in general. They're a bad technology for the use case. They're more so in a Tesla, because Tesla relies on them far more heavily than any other manufacturer, and gives users no alternative for most functions.
Cars should be designed to minimize touchscreen use, not maximize it.
I completely agree. They're not as reliable as buttons. A single failure breaks everything. They're not particularly robust to temperature extremes. I can't use them by touch alone. They don't work with gloves.
In fact, the reliance on a touch screen is why I've stricken Tesla off the list while shopping for an EV. I currently drive an old BMW and I love the interface. There are physical buttons for everything and there's no unnecessary fluffy stuff.
The most-modern vehicle I've driven whose interface I've liked was a Skoda Fabia.
Sounds like you are stating an opinion rather than some fact based on data. As proven by exponential growth in Teslas, there is clearly a massive fanbase of people who like touchscreen. I personally absolutely love it, and don't really know why other cars have knobs and buttons.
So if that happens, embrace the touchscreens then? I mean, in the 90s, Microsoft was pretty hung ho about having voice as the main interface to computers in the near future. They kept the keyboard, which, given the history of early noughties voice recognition, was probably just as well.
My point is that you shouldn't design things being made right now for an entirely speculative future change.
I don't think anyone believes that Tesla will have actual self-driving cars, which don't require constant driver attention, within the lifetime of the cars currently being produced.
One thing I’ve never seen mentioned online but a Model 3 owner I know complained about is that the speedometer is blocked if you have your right hand between 3 and 6 o clock on the steering wheel. He had to change the way he’s used to gripping the wheel to accommodate the car which seemed like a high burden for a luxury product.
I truly don't understand how your friend has this problem. I have a Model 3, and after I read your comment, I tried to block my view of the speedometer with my right hand and couldn't do it. I tried sitting closer and farther back, higher and lower. I tried every position on the steering wheel. I flared my elbows out. I tried to imagine my hands and wrists were twice the size. I just don't see how this is possible. I'd love to see a POV pic from your friend that illustrates the problem. For my money, having the speedometer on the central screen makes it more visible. My view of a conventional dash is always partially blocked by the steering wheel.
Think I misremembered slightly, I only rode with him once. I though the speedo was at the lower left of the screen but it looks like the upper left. Think maybe he was used to having his hand between 12 and 3 and had to move? He was a larger guy if that makes a difference
Not a friend, just a former coworker I didn’t keep in contact with so I don’t have any way to follow up.
Almost every modern car has an adjustable steering wheel which you can move around to ensure you have a line to the instrument panel. Cars in the Model 3 price range will often project speed and other driving information into the windshield.
A lot of people have offered other details. I’d add: in the Model 3 even instrument panel information like speed is in the center display.
Touchscreens cut costs because you can ship the same hardware to all SKUs and change features in software. Buttons need to be added or replaced with fillers depending on the options that each car has.
On my dad's old land rover, you can literally operate the radio wearing blindfolds because everywhere is simply placed. It responds instantly, draws no power, and shut up when you aren't using it. His current car just gets in your way, even if it has more features.
It's a design that is getting sold to people who are getting starry eyed over other aspects of the car. They don't care that the fit and finish is befitting an Aveo. They care that they're driving a sexy new EV from the leading manufacturer of sexy new EVs. From the perspective of "keep Tesla relevant and financially solvent-ish" it's a great design. They know what the people they're selling to care about and what they don't and the latter isn't getting much attention.
It's like how the Tacoma has been the turd of it's segment on paper for 20+yr but still flies off the shelves. Clearly the metric don't tell the whole story. In both cases there's an emotional value proposition that's doing a lot of heavy lifting.
And since I know in advance that this comment is gonna piss off a hell of a lot of people here (if I had to pick a demographic that will have both a Tacoma and a Tesla in their driveway HN would be about the perfect fit) I'll ask in advance if any of those people would like to tell me why I'm so wrong.
Just my own personal experience, I've owned two Teslas (a 2014 Model S and a 2018 Model 3) and they both had a pretty good number of problems here and there. The S was particularly bad, though that is maybe not surprising since it was one of the first 50k cars the company built, but the 3 has had its share of issues as well.
But the thing is, I've never had any issues that rendered the car undriveable or unsafe, and service has always been a joy to work with. Every problem I've encountered has been addressed quickly and effectively with no hassle or charge. So, I'm willing to forgive some of the rough edges, and I suspect this is why they get such good customer satisfaction ratings despite the relatively high number of issues.
I have a recent X, the panels fit together, no rattles or squeeks and the issues I've had were fixed fast. Last was the voice control button on the steering wheel that failed to work, reported it on last Thursday, they were at my door with mobile service at 9 this Monday.
I did test drive a 2013 S and I decided to wait until they matured at that point but now they seem to have gotten their act together in most cases.
They're actually on par with Audi here in Norway when it comes to customer satisfaction so it's not all bad [1]. Only Toyota, volvo and BMW beat them. They had a dip due to an overcrowded service department at the launch of the Model 3, but they hired a ton of people and trained them.
Now this roof falling off is one area they could improve greatly, factory Q&A. There should be a bumpy test track where they take all their vehicles for a control drive before shipping them to eliminate issues like that roof.
Cars should be available, not spend time in the shop for repairs that could have been avoided. It's great that you are so forgiving but for me a trip to the garage for some small issue would eat up half a day easily and that adds up quickly when there are a number of issues.
I mean, I agree with the sentiment, but also you're assuming you'd similarly waste half a day for a Tesla repair, and that's usually not the way things work. Tesla will frequently send a technician to a customer's home or place of work and fix issues on the spot. Even when I've had to go to a service center in person, they've included free rideshare credits for quick repairs so that I don't have to wait around, or free loaner cars for longer repairs.
Back in the old days when I lived far away from a service center, they once drove hundreds of miles with a flatbed to come pick up my car, and dropped off a free loaner at my house while my car was in the shop, then came back and returned my car and picked up the loaner a few days later. (The loaner was also a nicer Tesla than the one I owned.) They really do go above and beyond to resolve issues as pleasantly and conveniently as possible.
Well, for one example: Tesla Model 3 production was constrained based on the amount of paint their factory was consented to spray every day. When Model 3 production started climbing, customers were seeing very thin and uneven paint application, well below what's normal for a car in this price bracket, and often very light on critical areas like the sills. Owners in snow-bound places where Tesla is popular, such as Scandanavia, were reporting pain stripping within a few months of ownership.
I don't know about you, but my expectation for what is nominally a luxury car would be to have paint standards better than British Leyland in the 70s.
But I designed interior parts, so it's my own Engineering take. Tesla's were not competitive at all. The gaps between panels were so bad, you could stick your finger in it. That's not just an appearance issue, kids and adults will mess around with large gaps and put stuff inside.
And features in the interior were non existent. (Especially for a luxury car)
Interesting that you are just glossing over the fact that a) Tesla trounces all competition on performance and b) Tesla trounces basically everyone on safety as well.
a) for that kind of money, and lack of features, it better go fast (cornering, meh, not so much).
b) You are commenting on an article that talks about a Tesla loosing its roof. That's a new one on me, and I'd thought I'd seen it all back when I was an auto mechanic.
You don't buy a Tesla for reliability. You buy one to show your friends.
No other automaker gets this pass(except maybe Jeep vehicles).
Anyway, as bad as Tesla quality is, customers getting new cars from new companies should have little expectation of quality. (Although Tesla made it's first car in 2006, at when do they stop getting such sympathy?)
Tesla shipped 139K[1] cars last quarter and 1 roof blew off, nobody died, and now they are unreliable ? Now compare that to existing automakers that have had years more of manufacturing experience, six sigma bullshit, etc and look at the largest recalls[2]. (Ford recalled 7.9 million cars in 1996)
People buy Tesla because they are much more efficient than combustion engines, have superior technology, and a lot more fun to drive .. and maybe it makes you cool to IDK.
I really do not understand why everyone on HN hates tesla so much ...
Same reason people don't like Apple. A low quality product sold by massive advertising/marketing campaigns.
And yes Tesla is unreliable, there's no debate here. A new car company is going to be unreliable. And why are you using Absolute numbers? 1 roof, 7 million Ford cars. You made a statistical error here.
And what is this about combustion engines? It's 2020, everyone sells an EV. Only Tesla sells a low quality EV.
Re Apple: Apple is the most valuable company in the world, what are you talking about?
Re statistics error - what error did I make ?
Re combustion engines, have you tried to do a road trip in a non-tesla EV using charge point. I suggest you try and then report back about how bad the experience is.
Funny you mentioned Jeep, I remembered reading the Consumer Reports review of the 2021 Wrangler, it was bad. It's by far the lowest rated vehicle there. Pretty much everything is terrible on that thing. Road Test, 36/100, Reliability 1/5, Predicted Owner Satisfaction... 4/5. I had to go back and double check that again, just to be sure. Apparently people love those Wranglers, no matter what.
I have a Tesla and also had a Wrangler until a few weeks ago. Nobody is buying either one for fit and finish. The Wrangler was a total piece of crap and it drives like a pregnant rollerskate. You feel like you could be seconds from death any time you get it up to 75 mph, it chugs gas like nobody's business and it performs like your typical John Deere. It was also awesome, tons of fun and the kind of car that would be every bit as cool in 20 years. I got it back when you could still buy an unlimited miles warranty from Chrysler so I didn't really care that it was junk.
I love the Tesla. I wouldn't say it's built badly, but it's not on par with an import in the same price range. I like it for other reasons. It's unlike any other car. I love the way it drives, I love the features, it feels futuristic. I would challenge anyone to drive a decked out Tesla for a year and then go back to a regular car as their daily driver.
Jeep has gone downhill quite markedly now that they're Fiats. I don't have any history with Fiat but I do know since the merger of Chrysler & Fiat in 2014 Jeep has gone downhill. As others have mentioned it's become a lifestyle brand instead of a utility brand. IMO once more people become aware of the significant reduction in their utility value then their sales will plummet. But I could be wrong. All I know is I have a 2008 Jeep Wrangler with 220,000 miles on it and I found it worthwhile to drop a new engine in it. That was a cheaper and more reliable option than getting a new vehicle - even knowing in 2-3 years I'm going to have to put a new transmission into it.
They are very much a lifestyle vehicle. They offer an idea of "mobility" and "going anywhere", basically vehicular freedom to tackle any type of terrain, even if most people never will. Very American sentiments that resonate with Wrangler owners.
Yep! I own a 2012 Wrangler. It's a toy more than transportation. It gets me where I need to go but carrying more than one passenger is a pain. The windscreen fluid jet is poorly located and doesn't get the whole windscreen when I need to get rid of dirt on the windshield. I have had to JB weld the gear shift knob back together.
It's a completely impractical and inconvenient car. But I still love it because it's fun to drive and it can, in fact, go pretty much anywhere.
I think they also benefit from the fact that off road hobbyists really do use Wranglers. They just use ancient models which have been lovingly restored and modified over decades, but they're Wranglers.
So then the more aspirational type want to emulate them, but they want it newer and shinier and with a warranty, so they wind up with the substandard SUV which is the new Wranglers.
Exactly the same story with Land Rovers in the UK, incidentally.
There really isn't a competitor to the Wrangler if you're into offroading. Sure pickup trucks compete but the size of a Wrangler + the massive aftermarket support make it hard to beat. The new Bronco might eat some of the market but time will tell.
On the other hand, despite minor quality things, my wife loves our Model 3. For the price and what it achieves it is a great vehicle. I always tell people Tesla is a software company that happens to make cars. In that regard they are a decade ahead of traditional manufacturers in my estimation. Look at how low quality the software ecosystems of most traditional manufacturers are.
I didn't really believe this back when I was driving a BMW and Honda daily running CarPlay, but now that I'm on the Model 3 I'm hitting lots of software bugs on the Tesla head unit that would've never passed even the most basic of software QA at my previous job.
The Tesla head unit makes the current automaker's head units look super reliable and as solid as a rock. OTA software updates do have their benefits, but it seems like it leads to compromising quality for pushing features of questionable utility out the door.
I get really disappointed when I see Tesla implementing really unnecessary features like Rainbow Road (the over-done SNL "more cowbell" skit) and fart mode. Focus on the reliability before making these features.
Look at how low quality the software ecosystems of most traditional manufacturers are.
The new in-dash systems in the Subarus and Ford E-Mustangs appear to be on par with Tesla, usability wise, and unlike Tesla can be used with physical controls.
I am very ambivalent. I love electric vehicles for the environment, but I grew up with and love sports cars. The Tesla is just too clean and clinical for me. I do have to say, though, I own a high end Ford truck that carries their flagship infotainment system and it is /nothing/ like the Tesla. It actually crashes more often. The only thing it has going for it is CarPlay, but even that can be buggy and not work right at times. Meanwhile the giant infotainment screen on the Tesla generally just works and behaves nicely. It is one thing to read people nitpicking Tesla and another to drive them day to day and be realistic. People love the cars for a reason, they are fun, have really great resale value, are very easy to maintain, and can have very exciting driving performance.
It's not that bad. You get a crappy release once in a while and it gets fixed within a week or a month at the most. And most of those bugs are in new features they continue to add after I've bought the car. Meanwhile, my Chevy has the worst software and infotainment system I've ever experienced and the dealer wants $169 just to check for updates. I've owned a half dozen cars in the last 5 years and none of them had software remotely on par with the Tesla. Toyota and Honda were probably the only others I liked because they didn't really try to do much. They just worked.
If "security" is just Apple marketing, can we safely say "privacy" is just marketing too?
Maybe today things seem fine, but with declining sales, desperate companies are likely to do whatever it takes to make money. Doing something Anti-consumer is not new to Apple's core philosophy.
I'm continually reminded that a HN "HUGE!!" security issue is so rarely that.
I can think of so many more much more significant security issue, from remote root access to windows machines, potentially intentionally flawed VPN security, TPM on intel machines that are remotely exploitable and provide persistent access to machine and the list goes on and on.
There is something about Apple that makes folks blow up. Perhaps it's just they are one of the few with a bit of a reasonable reputation here.
Steal someone's phone? You realize iphones since Xs forward are using A12+ chips, they don't even have the intel / T2 combo being talked about as far as I know. And then to get access you need to install a keylogger PHYSCIALLY into the macbook. All this is "possible", but you can probably do a keylogger without breaking T2 and get equivalent access at the end of the day.
I think a lot of people are looking for any reason to put Apple down. I'm guessing it's both because Apple and its users love to brag about security and because HN users hate the cost that you pay for that security: a device locked down from its own owner.
That is true - apple is locking everyone out - including the person who paid for it. But that does make the iphone relatively better from a security standpoint.
The overseas android market is a wasteland security side - no one even pretends, they don't even keep the phones updated.
Which exists on likely 99% of people's setups, Mac, Windows, whatever. Keyloggers on external keyboards, keyboard hacks, bios hacks...
> Stolen phones, people incarcerated
This hack doesn't unencrypted the drive, so this hack won't help if you just steal someone's laptop. You have to get physical access, hack the T2, then get it back into their hands so they can put their password in to decrypt the drive.
> How difficult would it be to steal someone's phone, but illegal stuff on it...
This hack affects MacBooks & Macs with the T2 security chip installed, not about phones.
You can do exactly the same on a machine without a T2 chip though, so I’m not sure what makes this special vs any other time you give someone untrusted physical access to a device
IMO IP protection should be short lived. Imagine if copyright ownership lasted 10 years. The profits made on producing a video game would be almost identical since almost all profit is made in the first few years and half of the lifetime profit is in the first week.
What it would mean is the games that we all played as kids but are long since out of store shelves would now be free to distribute.
It's extremely hard to prove things in programming.
You can either develop both options and pick the best, or you can use "best practices", which is non scientific. Authority and tradition make best practices.
Also "don't @ me" about basic logic like nested loops and bigO. That's not what I'm talking about here.
#/media/File:Prism-slide-7.jpg){kind=link}
#/media/File:Slides-nsa-prism03a-straight.jpg){kind=link}
#/media/File:Prism_-_FAA_702_operations.png){kind=link}
"Privacy" claims are just as nonsensical as we've seen Apple bend to multiple governments (PRISM). You bet Apple will sell your privacy if the deal is good enough.
That being said, I don't think anything can be secure, we must treat everything as potentially compromised and act accordingly. I diversify my emails/bank/HDD/etc... So if one gets hacked, I didn't lose everything. Edit- Also those Superstars may be known, but you bet there are experts that would take the money rather than prestige.