Please create an account to participate in the Slashdot moderation system


Forgot your password?

Comment Re: It's not what Google wants.... (Score 1) 370

You're talking about reading the ODBII data. That's a very different application to an information display that most drivers will be using routinely. So if nothing else, there's probably a good chance that many of those downloads were professionals who work on cars. Most of the rest were presumably enthusiasts who enjoy tweaking, and if you reckon you've personally saved $5-10K just on diagnostics with Torque then clearly you're not a typical driver.

Comment Re:It's not what Google wants.... (Score 1) 370

But lets see if you can compromise it without taking off a panel, disconnecting a wire, or otherwise having privileged access to it.

Does your definition of privileged access include being within radio range? Being within radio range when the legitimate owner activates a remote feature? Gaining access to the manufacturer's facilities, either to extract sensitive information or to initiate contact with vehicles through the manufacturer's own remote access tools?

(If you're wondering if these questions aren't random and this line of questioning is a trap... Yes. Yes, it is.)

As for "infotainment" systems you can't have a bad system without a good/better one to compare it to.

I hope we could all agree that, for example, a system that allows a potentially dangerous compromise of the vehicle's control systems is bad even if all cars have the same defect.

Also, the standards of presentation of these systems are awful. There is nothing good/better for comparison only if you exclude pretty much the entire field of user interface design in modern technology outside of cars.

Comment Re:FUD (Score 1) 370

The auto manufacturers are looking for this data themselves -- this is a matter of public record in some cases, and widely acknowledged privately in others -- and so it is logical that they will choose their commercial partnerships in light of that. If Google want to keep that data for themselves but someone else will implement more integrated telemetry that lets the manufacturers spy on drivers and send the data to insurers, the second person is probably going to win the deal, unless and until the privacy regulators start stepping in.

As for ads, just tracking the locations someone visits regularly is a treasure trove of mineable information, and you can probably tell a lot about someone from their driving style as well. Of course, the implications of commercial services literally tracking our every move are pretty unpleasant for some of us.

Comment Re:FUD (Score 1) 370

The information isn't that interesting either, the most likely use would be applications to help people

The most likely use of collecting data about vehicles and driving style is probably selling it to insurers for a huge profit.

The next most likely use of collecting data about vehicles and driving style is probably selling it to advertisers for a huge profit.

Somewhere down the list there are probably things to do with law enforcement.

Somewhere near a footnote on page 17 there are probably things that will actually help make cars better for their owners, or least make future versions of cars better for their future owners. Auto manufacturers already do a huge amount of both simulation and real world testing during development of a new vehicle, using vastly more sophisticated and comprehensive systems than anything fitted to a production car you or I would drive on the road. There is only so much extra they could learn from large scale collection of real world driving data that they can't already determine from other sources.

There might be a decent argument for some sort of black box style recording for all cars, to help with investigating after something went wrong and hopefully make the roads safer for everyone in the long term. But like any black box, the integrity of that data would be important, so some remotely accessible system that is also hooked up to all kinds of infotainment widgets is probably the last place you would want it.

Comment Re:It's not what Google wants.... (Score 1) 370

Information about the car is what CONSUMERS want.

Are you sure about that? What little actual user research I've seen suggests that most customers don't think much of in-car "infotainment" systems generally. The same research suggests that these systems are almost never a deciding factor in sales, except in the wrong direction if they are so bad that they stick out or, in a few cases, because of security or privacy concerns.

And really, who can blame those customers, when these systems almost invariably look awful and work even worse, even in very expensive prestige vehicles? It bends my mind that luxury car brands spend so much money getting metalwork and paint colours and seat shapes just right, but then throw in a "high tech" system that looks like the love child of a 1990s "under construction" web site and a first generation iOS app written by your neighbour's 14-year-old kid.

One day I really want to walk into a dealership for one of these brands and when they do the spiel about how great their high-tech keyless entry and infotainment systems are, see if they're willing to bet me the car that I can't compromise their system in some significant way in under 24 hours. Given I've worked in several relevant industries and have some idea of how low the standards are in the auto industry in this area, I find it disturbingly possible that I might actually be able to do that. But even if I couldn't, it would be fun watching the sales guys squirm, a bit like the SEO people who spam me saying they can get my business onto page 1 of Google in our field, when I reply that we actually are on page 1 of Google in our field and but when I searched for SEO I didn't see their site on the first page.

Comment Re:It's even worse as an international merchant :- (Score 1) 341

Thanks for the ideas, but yes, we've pretty much exhausted the sensible options, at least with the current card payment service we use. We do wonder whether that service might itself be part of the problem -- if having a programmer-friendly system so taking card payments on-line make it easier to take payments, naturally it also makes it easier to take fraudulent payments, and I wonder whether these new services' own "reputations" within the industry affect their custoemrs' fraud ratings on whatever systems check these things.

As for the crooks angle, of course there is always the problem with services being used to validate illegally obtained credentials, but in this case it is likely that every one of those users was legitimate. We're in a niche market, and the access patterns of the users in question are far too consistent with normal use and unlike anything someone just testing out a card would be likely to hit by accident -- we're talking dozens if not hundreds of page views looking up specialised information in specific, logical orders here. Also, while we see quite a few failures in month 2, in a frustrating proportion of the cases that mysteriously fail it's a subscriber who's had many months of continued membership and/or been known in our field and/or been in touch with us personally at some point, i.e., a good customer who was probably very happy to continue subscribing (but might not get around to doing it again for a while if the failed payment means hassle to stay signed up).

Comment Re:It's even worse as an international merchant :- (Score 1) 341

Peoples cards expire, and they don't update their user data if they've been subscribed for a while.

Sadly, it's definitely not that simple. I'm already excluding all other identified forms of card failure, including expiry. And actually, that particular issue isn't such a big problem these days anyway, as there are mechanisms to avoid routine card expiry or change of address details breaking existing subscriptions now that most of the major card schemes participate in.

What I'm talking about here is literally just some neutral "payment refused" code, and that's it. We've queried the high rate of failures with our own payment service, and they are (or at least say they are) in the dark as we are. We also know of a few other small businesses with a similar story, so it's not something special about us or probably about the payment service we're using.

Our hunch is that because we're in the UK and we see a dramatically higher proportion of such failures from customers abroad compared to back home, the charge from a different country is considered a big signal of potential fraud by some customers' card issuers, and since we see a way dramatically higher proportion of failures around the second or third month of a subscription the lack of CVC on repeat transactions is enough to tip us over someone's threshold.

Comment It's even worse as an international merchant :-( (Score 1, Interesting) 341

I had my card suspended because i sent $2.50 over paypal to a kid in the UK for some software.

I'll see you that and raise you how it looks from a UK merchant's side. Running a simple on-line service with a small monthly subscription fee and a fair proportion of international customers, we literally lose more subscriptions because of unexplained card failures than all other causes put together, including active cancellation by a subscriber's own choice.

Worse, as far as we can tell, there is absolutely nothing we can do about it. The system simply doesn't work reliably and there is no useful information whatsoever provided to the merchant when the card fails. About the best you can do as a merchant is contact your customers after the failed charge, try to convince them that their card being declined is neither an indication of fraud on your part nor something they should be embarrassed about themselves, and hope they are willing to sit on the phone being told how important their call is for a few minutes while they wait to speak to their card issuer and confirm it's a valid transaction. Unsurprisingly, relatively few customers will actually do this, even those who have otherwise been active customers apparently happy with the service.

The card industry's incompetence is a tax on trade, and the sooner it dies its long overdue death and payment methods fit for this century take over, the better off literally everyone involved else will be.

Comment Re:what about game consoles (Score 1) 73

It's a shame they don't seem to have added much about EULAs and similar "agreements", though.

To clarify a little, there certainly is an attempt to include this sort of licence agreement within the fairness regime -- the new law refers to "consumer notices", which as defined would almost certainly include most EULAs and similar agreements -- but we still have the flaky legal basis for having EULAs in the first place.

Comment Re:what about game consoles (Score 1) 73

The law has always said that you are owed one, this just clarifies the situation further.

In particular, the legal changes that came into effect today extend various rights specifically in relation to digital content. Prior to these changes, there were a lot of loopholes and grey areas if you bought something like software or audio-visual content purely on-line. For example, a lot of the laws we had before dated from a time when we were talking about a single physical copy of something.

It's a shame they don't seem to have added much about EULAs and similar "agreements", though. These already had a somewhat unclear legal status, thanks to various technicalities about copyright law. However, they also increasingly seem to be abused by suppliers of on-line content and those who use DRM, product activation, and similar measures.

For example, it seems grossly unfair to me that a games distributor might have a policy where a dispute about a new purchase or an unproven allegation about on-line behaviour in one game could result in no longer having access even to other games or previous purchases from the same distributor. This would be a totally disproportionate level of power that could allow such a distributor to abuse a past purchase history in order to resolve any current dispute in its favour or to prevent a customer from legitimately exercising their normal consumer rights in relation to one purchase without risking losing items of much greater value. Not that I'm suggesting this actually happens with any specific game distributor, of course.

Comment Why does *anyone* pre-order in 2015? (Score 4, Insightful) 73

I really don't understand why anyone pre-orders games that are delivered via digital download. A few years ago, it made sense, because maybe you wanted to make sure there was a physical box waiting for you at the game store on launch day. How many games are still bought that way today, though? It's not as if the download server is going to run out of copies.

Game companies want everyone to pre-order, of course, because it guarantees them income no matter how much of a turkey the game turns out to be. But usually they offer at best some token DLC to go with the pre-ordered version, and often different token DLC for people getting the game in different ways so no-one can have everything, and in any case if that DLC is worth anything it will unbalance the game (which is bad) and if it's not then it's no incentive to pre-order anyway.

Don't pre-order on-line games, kids. There is no way it ends positively for you, and it gives the game companies every incentive to ship unfinished junk instead of polished products you'll enjoy.

Comment Re:It's not just IT (Score 1) 152

I don't think that's cynical, just realistic. I'm quite sure that's why they do it, and it's why I have no sympathy with them when they bleat about how terrible it would be for the health and safety of patients if they had to actually do things at a normal speed. For one thing, I don't believe them. For another, screw anyone who tries to play the health and safety card without justification, because there are enough genuine H&S issues worth thinking about and trying to fix that distracting from them by crying wolf is damaging.

While we're at it, taking a regulated document (a prescription signed by a qualified doctor) from a customer when you can't actually fill it, and then trying to keep hold of it and use it as leverage to get the customer not only to accept a partial supply that day but also to come back another day should be both a criminal offence and grounds for having the relevant licence to practise revoked. Way too many pharmacies -- again, it somehow always seems to be the ones in big stores -- try to play this trick, and in some cases it literally means people aren't getting the medication prescribed by their doctor until several days after they could have had it if they'd been able to take the prescription to a different pharmacy instead.

This seems rather off-topic now, but actually it's a great example of why you need supervision that understands enough of a technical field to call bullshit at the appropriate point and not accept dubious justifications for underperformance.

Comment Re:Not just a technical management problem. (Score 1) 152

Yes, I agree with that as well. As they say, there are two important questions: did we build the right product, and did we build the product right? It takes a mix of technical and non-technical skills to handle both aspects well.

I don't think one person necessarily needs to have deep skills on both sides, but you need a combination of people who do. Crucially, you also need enough understanding of the business side from the technical people and vice versa for everyone to communicate effectively.

If the management team for a project don't know enough about the technical issues to understand what is realistic to achieve and when, then that communication can't happen. At that point, management are essentially just trusting that the senior technical people will know what they're doing and deliver good results anyway. Perhaps they will, because a business-savvy tech lead can help a lot in this situation, but in any case ignorant management probably isn't contributing much to the project.

Be careful when a loop exits to the same place from side and bottom.