Interestingly enough, I didn't even speak out against debt. I just suggested keeping debt in a low interest loan instead of on a credit card.
That said, I maintain zero debt and strongly suggest that others do the same if at all possible (and it is possible for a much larger segment of the population than think it is)
Rogers Platinum Mastercard is 1.75% on all domestic purchases, and 4% on any foreign currency transactions, with no annual fee. If you've done any price comparison recently, you'll see that 1.75% of a basket of items bought in Canada is likely to be more than PayPal's 2% of the same basket of items bought in the USA, and if you decide to cross border shop to save the difference, you get 4% instead of 1.75%
That said, there are other good options. Most of those "category of their choosing" include groceries and gasoline, which to be honest, are probably the things most people use their credit card the most on. Also there are some cards (like Tangerine) where YOU choose the categories for the extra cash back. Also depending on how much you put on your card annually, the ones with a fee may still make sense. For example I have a $99/yr fee on mine to get higher cash back (2% on recurring bill payments, 4% on gas and groceries, and 1% on everything else), but with the amount I spend each year the difference between the lower and higher percentage is way more than the annual fee, so it pays for itself.
Credit cards are a horrendous place to keep your debt. But they're a great way to do your shopping. Make sure you pay off the credit card in full every single month. If you also have debt, make sure that's in a low interest bank loan, and never the 2 shall meet.
So in other words, Synchrony Financial issues the card. Paypal just puts its name on it. So paypal has no need to be a bank for this, many non-bank companies have cards with their name on it without being banks. They're just not the ones who are actually issuing it.
The funny part I always found (even when Star Trek was new) was that they had PADDs not PADD. Why plural? why would you carry around a stack of PADDs? it never made sense. The concept that one PADD could only have one document seemed ridiculous to me even at the time, let alone now.
You're ignoring the fact that the difference between the "dealership" and the "finance company" is pure semantics. They operate as one and the same business, and are likely owned by the same individual/family. So to say the dealership was "not involved" when they're the ones who talked to the person to get him to lease the car in the first place, and are the ones who took him to a room inside their own business to sign paperwork with someone presenting themselves as part of the same company, is just trying to confuse the facts.
Of course this is exactly why the dealership and the finance company are legally separate, because they know that they'll be doing shady things and want to be able to pass the buck.
As for "the dude accepted" You better have proof of that, because the CBC tends to check it's stories, and likely looked at the paperwork and saw that, just as they guy stated, there was no mention of this.
The problem isn't in having the tech built in, the problem is in using it without the authorization of the owner of the vehicle.
If my car gets stolen, and I call onstar and ask them to disable it, that's a service that is of benefit to the owner, and is perfectly legal. If however GM decides on their own to disable my car without my permission, that's illegal as it's not their car any more.
As for Tesla... that's a whole other ball of wax, and they've been caught doing illegal things with their software, but I have yet to hear of them disabling someone's car remotely (though they have been known frequently to illegally disable some functionality of the car remotely without permission)
CBC didn't mis-identify the dealership, the dealership is continuing their shady practices by claiming that another entity that happens to be within their own dealership, but somehow unrelated to them, was the guilty party not them. It's an absurd statement, but quite possibly legally correct as likely the dealership has a separate numbered company (owned by the same people) who actually handle the lease just for this exact reason.
You realize that the only reason the dealership was willing to try this in the first place is because they knew that the guy had no money right?
Dealerships don't do this to people who can afford lawyers (both because they expect those people to be able to pay their lease, and because they know they can afford to sue)
The dealerships that pull this sort of thing specialize in dealing with customers with very little to no money. That's precisely why they do this, first because these are high risk people for not paying their bills, and secondly because they know that these people can't afford to take them to court for this sort of garbage.
Why are these tied to the head unit? You aren't even in the car.
Apparently you missed this part:
But it's also a matter of usability, the infotainment screen is probably the largest and easiest to use screen in the car, so any setting you can control, seems like a logical place to do so, it's either that or you're stuck choosing between adding a whole extra settings screen which is only rarely used, or using very clunky steering wheel controls in conjunction with the dash display, which is rather unintuitive.
You're correct that there's a big problem with aging electronics in vehicles. The average age of a car on the road these days is 10-12 years, just imagine using a 10-12 year old cell phone on a daily basis! But that said, it isn't insurmountable. Things like Android Auto are a step in the right direction, my phone is likely to be updated, if the car can basically provide a big touchscreen, speakers, and a microphone, those things don't need to be outdated quickly. Couple that with a proper API for interacting with vehicle systems through a secure gateway, and you could allow the phone to keep all that stuff without relying on the car's electronics.
The biggest problem so far with automotive electronics is that manufacturers haven't really taken them seriously, they've been somewhat of an afterthought. That's (slowly) changing, and I think things will get better.
As you obviously have zero grasp on how software or networking work, nor any experience with either computer security in general, or Tesla's systems in particular, I see no reason to continue this conversation.
To summarize: tesla vehicles always connect to the service wifi automatically without user intervention. If you connect to a compromised ap and visit any webpage, the compromised ap can redirect you to a malicious site and the malicious site can then use a browser exploit to give the attacker root access on the car.
If you think getting root access to the computers in a Tesla is easy, please post an image of the diagnostic screen in your vehicle with the vin visible for confirmation (to prove you didn't take one of the known screenshots from the internet) You talk a big game, but it's obvious from what you're saying that you can't walk the walk.
Anyway, I'm done discussing this with you, it's not with my time discussing any further with someone so I'll informed on the topic at hand.
You specifically state that you have to visit a web page, which is exactly what I stated. That proves that this is a browser exploit, otherwise you wouldn't have to open the browser. The point about a malicious WiFi access point, is simply a way to make sure your browser visits the page that they want you to visit when you open it. Otherwise they would have no way of forcing you to go to the malicious page. But with a malicious access point they can force any page load to go to the specific malicious page they want. As for the service access point I can 100% guarantee that your car will always connect to the service WiFi. It is one of the wifi networks stored in the car and it will always connect to it no matter what. There is absolutely no possible way you can convince your car not to connect to that access point (short of hacking in to the vehicle as I have) Considering that the WPA key for that access point is well known, it is easy for an attacker to spoof that particular access point.
The fact that you're more concerned about someone pulling login information off of your phone proves that you are completely naive when it comes to security. The risk of that happening is far below someone spoofing the access point of the service network. The former requires that you do something stupid by letting someone access your phone. The latter requires simply that you use normal functionality of the vehicle and use the built-in web browser while connected to a network that you can't tell your car boot to connect to.
Physical access is required only to open a webpage, something you might do for them if they set up in the right place at the right time. Now there are other methods into the car that do require physical access, those ones I'm not particularly concerned about. The exploits that require you to completely disassemble the dash and rewire the network connections inside are not something that I'm worried about an attacker doing. It is however something I've done myself to gain access to the software on my own vehicle.
Trust me, I've investigated this thoroughly as I have full root access on the instrument cluster, centre display, and gateway computers of the car and have analyzed the software it contains. In my particular case I've blocked access by both hackers using this exploit and by tesla themselves using their normal access, but most people can't do that and rely on the updates tesla releases, which means they're at the mercy of whatever other changes tesla wants to bundle in with the security updates.
The exploit required using the browser, not just connecting to wifi. It appears it was really a browser exploit, but making you connect to a compromised wifi was the only way to guarantee you'd go to the page with the correct payload, as you could be redirected.
The problem with saying you only use your own wifi though is that all tesla cars automatically connect to the service wifi, and you can't turn that off. It's easy for an attacker to spoof that ap and know you'll connect whether you like it or not.
You're missing the point. this company is choosing to actively reward the idiots vs the polite customers. They ARE choosing to limit their customer base to exclude polite people. I'm suggesting that they'd be better off choosing to do business with both, rather than only with the idiots.
I'm not suggesting that you can afford to work only with good customers, but when you have some, why discourage them in favour of the idiots?
As I said, you're currently discouraging your polite and intelligent users, while not discouraging the idiots. Why would anyone want to purposely select to only provide support to the idiots?
The other problem is that first level contact centres, although staffed with humans, are completely incapable of even reading your message, let alone providing a relevant reply. If you ask something that isn't in their script (and really, their script only includes things an absolute moron would ask) they'll just send you back a generic "reboot and try again" type of email which does you absolutely no good and just proves they didn't read the email where you specifically state that you already tried the exact steps they are now asking you to try.
Depends what features you want. Modern cars often have all sorts of functionality that requires various tie-ins. For example, I find it extremely handy to be able to vent my sunroof from the app on my phone, that needs integration between infotainment and the sunroof. I also like being able to turn on and adjust the climate control remotely, so it needs a tie to the HVAC system. Some of these other features are maybe more "gimmicky" but I can also unlock the doors and enable keyless driving remotely, these are kind of handy, but I could live without them.
But it's also a matter of usability, the infotainment screen is probably the largest and easiest to use screen in the car, so any setting you can control, seems like a logical place to do so, it's either that or you're stuck choosing between adding a whole extra settings screen which is only rarely used, or using very clunky steering wheel controls in conjunction with the dash display, which is rather unintuitive.
But once we get cars with more autonomy, we'll want even more tie-ins. Early self-driving will do simple things like pull out of your garage and meet you at your front door, or park in a parking lot at the mall after dropping you at the door. That needs some pretty deep integration. And a full self-driving vehicle would be able to drive across out of town and pick up your kid from summer camp, that's a lot of integration.
So sure, you don't need to integrate everything together, but if you don't you sacrifice a lot of the newer features and customization.
Maybe, just maybe, you should consider using a different address then? It seems you really do accept replies, so why send from no-reply? You're discouraging your nice and polite users, while not discouraging the idiots. Seems somewhat the opposite of what you should want.
Slashdot Mirror
Interestingly enough, I didn't even speak out against debt. I just suggested keeping debt in a low interest loan instead of on a credit card.
That said, I maintain zero debt and strongly suggest that others do the same if at all possible (and it is possible for a much larger segment of the population than think it is)
Rogers Platinum Mastercard is 1.75% on all domestic purchases, and 4% on any foreign currency transactions, with no annual fee. If you've done any price comparison recently, you'll see that 1.75% of a basket of items bought in Canada is likely to be more than PayPal's 2% of the same basket of items bought in the USA, and if you decide to cross border shop to save the difference, you get 4% instead of 1.75%
That said, there are other good options. Most of those "category of their choosing" include groceries and gasoline, which to be honest, are probably the things most people use their credit card the most on. Also there are some cards (like Tangerine) where YOU choose the categories for the extra cash back. Also depending on how much you put on your card annually, the ones with a fee may still make sense. For example I have a $99/yr fee on mine to get higher cash back (2% on recurring bill payments, 4% on gas and groceries, and 1% on everything else), but with the amount I spend each year the difference between the lower and higher percentage is way more than the annual fee, so it pays for itself.
They are also why a "non-commission" sales person isn't any less pushy than one paid a commission, despite the image the store is trying to portray.
Or you could avoid carrying a balance.
Credit cards are a horrendous place to keep your debt. But they're a great way to do your shopping. Make sure you pay off the credit card in full every single month. If you also have debt, make sure that's in a low interest bank loan, and never the 2 shall meet.
Honestly in Canada you have a lot of other options for cash-back credit cards already, and none of them require getting paypal involved.
So in other words, Synchrony Financial issues the card. Paypal just puts its name on it.
So paypal has no need to be a bank for this, many non-bank companies have cards with their name on it without being banks. They're just not the ones who are actually issuing it.
Apparently in the 24th century you need thousands of volts available at every control panel.
The funny part I always found (even when Star Trek was new) was that they had PADDs not PADD. Why plural? why would you carry around a stack of PADDs? it never made sense. The concept that one PADD could only have one document seemed ridiculous to me even at the time, let alone now.
You're ignoring the fact that the difference between the "dealership" and the "finance company" is pure semantics. They operate as one and the same business, and are likely owned by the same individual/family. So to say the dealership was "not involved" when they're the ones who talked to the person to get him to lease the car in the first place, and are the ones who took him to a room inside their own business to sign paperwork with someone presenting themselves as part of the same company, is just trying to confuse the facts.
Of course this is exactly why the dealership and the finance company are legally separate, because they know that they'll be doing shady things and want to be able to pass the buck.
As for "the dude accepted" You better have proof of that, because the CBC tends to check it's stories, and likely looked at the paperwork and saw that, just as they guy stated, there was no mention of this.
The problem isn't in having the tech built in, the problem is in using it without the authorization of the owner of the vehicle.
If my car gets stolen, and I call onstar and ask them to disable it, that's a service that is of benefit to the owner, and is perfectly legal. If however GM decides on their own to disable my car without my permission, that's illegal as it's not their car any more.
As for Tesla... that's a whole other ball of wax, and they've been caught doing illegal things with their software, but I have yet to hear of them disabling someone's car remotely (though they have been known frequently to illegally disable some functionality of the car remotely without permission)
CBC didn't mis-identify the dealership, the dealership is continuing their shady practices by claiming that another entity that happens to be within their own dealership, but somehow unrelated to them, was the guilty party not them. It's an absurd statement, but quite possibly legally correct as likely the dealership has a separate numbered company (owned by the same people) who actually handle the lease just for this exact reason.
You realize that the only reason the dealership was willing to try this in the first place is because they knew that the guy had no money right?
Dealerships don't do this to people who can afford lawyers (both because they expect those people to be able to pay their lease, and because they know they can afford to sue)
The dealerships that pull this sort of thing specialize in dealing with customers with very little to no money. That's precisely why they do this, first because these are high risk people for not paying their bills, and secondly because they know that these people can't afford to take them to court for this sort of garbage.
Why are these tied to the head unit? You aren't even in the car.
Apparently you missed this part:
But it's also a matter of usability, the infotainment screen is probably the largest and easiest to use screen in the car, so any setting you can control, seems like a logical place to do so, it's either that or you're stuck choosing between adding a whole extra settings screen which is only rarely used, or using very clunky steering wheel controls in conjunction with the dash display, which is rather unintuitive.
You're correct that there's a big problem with aging electronics in vehicles. The average age of a car on the road these days is 10-12 years, just imagine using a 10-12 year old cell phone on a daily basis! But that said, it isn't insurmountable. Things like Android Auto are a step in the right direction, my phone is likely to be updated, if the car can basically provide a big touchscreen, speakers, and a microphone, those things don't need to be outdated quickly. Couple that with a proper API for interacting with vehicle systems through a secure gateway, and you could allow the phone to keep all that stuff without relying on the car's electronics.
The biggest problem so far with automotive electronics is that manufacturers haven't really taken them seriously, they've been somewhat of an afterthought. That's (slowly) changing, and I think things will get better.
As you obviously have zero grasp on how software or networking work, nor any experience with either computer security in general, or Tesla's systems in particular, I see no reason to continue this conversation.
To summarize: tesla vehicles always connect to the service wifi automatically without user intervention. If you connect to a compromised ap and visit any webpage, the compromised ap can redirect you to a malicious site and the malicious site can then use a browser exploit to give the attacker root access on the car.
If you think getting root access to the computers in a Tesla is easy, please post an image of the diagnostic screen in your vehicle with the vin visible for confirmation (to prove you didn't take one of the known screenshots from the internet) You talk a big game, but it's obvious from what you're saying that you can't walk the walk.
Anyway, I'm done discussing this with you, it's not with my time discussing any further with someone so I'll informed on the topic at hand.
You specifically state that you have to visit a web page, which is exactly what I stated. That proves that this is a browser exploit, otherwise you wouldn't have to open the browser. The point about a malicious WiFi access point, is simply a way to make sure your browser visits the page that they want you to visit when you open it. Otherwise they would have no way of forcing you to go to the malicious page. But with a malicious access point they can force any page load to go to the specific malicious page they want. As for the service access point I can 100% guarantee that your car will always connect to the service WiFi. It is one of the wifi networks stored in the car and it will always connect to it no matter what. There is absolutely no possible way you can convince your car not to connect to that access point (short of hacking in to the vehicle as I have) Considering that the WPA key for that access point is well known, it is easy for an attacker to spoof that particular access point.
The fact that you're more concerned about someone pulling login information off of your phone proves that you are completely naive when it comes to security. The risk of that happening is far below someone spoofing the access point of the service network. The former requires that you do something stupid by letting someone access your phone. The latter requires simply that you use normal functionality of the vehicle and use the built-in web browser while connected to a network that you can't tell your car boot to connect to.
Physical access is required only to open a webpage, something you might do for them if they set up in the right place at the right time. Now there are other methods into the car that do require physical access, those ones I'm not particularly concerned about. The exploits that require you to completely disassemble the dash and rewire the network connections inside are not something that I'm worried about an attacker doing. It is however something I've done myself to gain access to the software on my own vehicle.
Trust me, I've investigated this thoroughly as I have full root access on the instrument cluster, centre display, and gateway computers of the car and have analyzed the software it contains. In my particular case I've blocked access by both hackers using this exploit and by tesla themselves using their normal access, but most people can't do that and rely on the updates tesla releases, which means they're at the mercy of whatever other changes tesla wants to bundle in with the security updates.
The exploit required using the browser, not just connecting to wifi. It appears it was really a browser exploit, but making you connect to a compromised wifi was the only way to guarantee you'd go to the page with the correct payload, as you could be redirected.
The problem with saying you only use your own wifi though is that all tesla cars automatically connect to the service wifi, and you can't turn that off. It's easy for an attacker to spoof that ap and know you'll connect whether you like it or not.
Toyota Prius. Sure it's a much smaller monitor, but it's still just an electronic display, and in the middle of the car.
Yep, better to be completely ignorant of any risk, rather than properly weigh the consequences.
You're missing the point. this company is choosing to actively reward the idiots vs the polite customers. They ARE choosing to limit their customer base to exclude polite people.
I'm suggesting that they'd be better off choosing to do business with both, rather than only with the idiots.
I'm not suggesting that you can afford to work only with good customers, but when you have some, why discourage them in favour of the idiots?
Then don't reply to the "no-reply" emails!
As I said, you're currently discouraging your polite and intelligent users, while not discouraging the idiots. Why would anyone want to purposely select to only provide support to the idiots?
The other problem is that first level contact centres, although staffed with humans, are completely incapable of even reading your message, let alone providing a relevant reply. If you ask something that isn't in their script (and really, their script only includes things an absolute moron would ask) they'll just send you back a generic "reboot and try again" type of email which does you absolutely no good and just proves they didn't read the email where you specifically state that you already tried the exact steps they are now asking you to try.
depends on the industry. Try to get a company to care about their customers when they have a near monopoly.
Depends what features you want. Modern cars often have all sorts of functionality that requires various tie-ins.
For example, I find it extremely handy to be able to vent my sunroof from the app on my phone, that needs integration between infotainment and the sunroof. I also like being able to turn on and adjust the climate control remotely, so it needs a tie to the HVAC system.
Some of these other features are maybe more "gimmicky" but I can also unlock the doors and enable keyless driving remotely, these are kind of handy, but I could live without them.
But it's also a matter of usability, the infotainment screen is probably the largest and easiest to use screen in the car, so any setting you can control, seems like a logical place to do so, it's either that or you're stuck choosing between adding a whole extra settings screen which is only rarely used, or using very clunky steering wheel controls
in conjunction with the dash display, which is rather unintuitive.
But once we get cars with more autonomy, we'll want even more tie-ins. Early self-driving will do simple things like pull out of your garage and meet you at your front door, or park in a parking lot at the mall after dropping you at the door. That needs some pretty deep integration. And a full self-driving vehicle would be able to drive across out of town and pick up your kid from summer camp, that's a lot of integration.
So sure, you don't need to integrate everything together, but if you don't you sacrifice a lot of the newer features and customization.
Maybe, just maybe, you should consider using a different address then? It seems you really do accept replies, so why send from no-reply? You're discouraging your nice and polite users, while not discouraging the idiots. Seems somewhat the opposite of what you should want.