Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Comment Re:Holy Fuck People! (Score 5, Insightful) 688

Tesla doesn't want these buffoons selling Teslas because dealers don't really want to say them.

Sure, they'll pay lip service to the idea. But the problem is that Tesla's have very few moving parts. There's no money to be made off of Tesla services. And that's where these guys make their money. So they will use Tesla's to draw people in, but they'll sell something else.

By the way, who cares why? What if it is just because Elon hates TADA? In a free market, he should be able to sell direct if he wants.

Comment Re:To say these are flaws is an opinion (Score 1) 161

If I were to try this attack, I would up the car to a range charge and turn air conditioning on full blast. Then I would go through cycles of charging the battery up full and discharging it.

The electricity will add up, but maybe not a lot for most who can afford an $80K+ car.

The bigger issue is that this will decrease the battery life.

Comment Re:Seems Trollish (Score 1) 161

Re: #1
What has logging in over SSL got to do with anything?

If a third-party is storing credentials that control everything, then you are screwed if that third-party is compromised. Twitter suffered greatly from these kinds of problems prior to adopting OAuth. The trick with OAuth is that the third-party never sees the primary credentials, just an application-specific set of credentials with very specific access rights. Because of the design of OAuth, it's also easy to revoke credentials on an app-by-app basis and thus not impact the other apps interacting with the OAuth system.

Re: #2

Tesla is blameworthy because they opted for a less secure approach than is commonly accepted practice. If a third-party is compromised in an OAuth environment, only that one token with the application's specific access rights are at risk. You can revoke them and re-issue without impacting anything else using those credentials.

Finally, there's no need for any panic at all. TFA is not pushing panic. It's pushing the facts of an architectural flaw that does not arise to the level of being an active vulnerability. A flaw that exists for no good reason at all.

Comment Re:no exploits, though. (Score 1) 161

In a world of interconnected devices (the Internet of Things), it's not about hypothetical sites. It's about real, interconnected sites. There are real sites out there that talk to Teslas and provide value beyond what Tesla provides. If you are building a connected device in 2013, you should take this reality into account.

Comment Forget the Race Issue Here (Score 5, Insightful) 1078

I do think the race issue is worth discussing. As well as the gender issue.

But there's something more fundamental and less likely to stoke passions at play here:

DOING SCIENCE IS ABOUT MAKING MISTAKES. Her "punishment" should be to write a paper on what she was trying to do and why the results were not what she expected. Simple, end of story.

There should be no real punishment of any kind, much less the over the top expulsion and arrest.

The simple fact is that she should be encouraged to make mistakes, not punished for them. And the most basic problem we are dealing with is that our school systems don't understand this fact.

Slashdot Top Deals

They are called computers simply because computation is the only significant job that has so far been given to them.

Working...