Toyota owners have to pay $8/mo to keep using their key fob for remote start

[Rothman]

And the price of everything is determined solemnly by the buyer, right?

Wrong thread? The economics debate is in a different thread (check who made the last 10 posts and who's absent), and I really don't want it to spill into this one.

I actually thought it was clever commentary on the point being made.

[Scott5114]

I don't give a damn about prices.

[kalvado]

And the price of everything is determined solemnly by the buyer, right?

Wrong thread? The economics debate is in a different thread (check who made the last 10 posts and who's absent), and I really don't want it to spill into this one.

it is the same level of expectation, though.
I can see many reasons why a large corporation would be unwilling to open significant chunks of code - already deployed code! - to a random audience.  Liability is just too high - in terms of car malfunction, data leaks, and what not.

[Scott5114]

If the code is already deployed, all of those potential exploits are there in the car already, waiting to be...well...exploited. Keeping the source code secret, in-house only, burn after reading is just a method of security through obscurity. If the code is opened up, experienced security experts can fix the problems before they get exploited. If the code is kept closed, the good guys can't look through it for things needing to be fixed, but the bad guys aren't going to stop looking for exploits.

It is rather akin to fixing a pothole by putting a tarp over it, under the idea that if people can't see the hole they won't try to hit it.

Do note that a good chunk of the software stack that powers things like banks and governments runs on an open source model... This is a solved problem. You can download the code to the MySQL database server that runs damn near every database application in the world and read through it looking for security holes that would allow you access to pretty much every bit of critical data on the planet. You're unlikely to find any, though, since there are developers with far more experience than any two-bit attacker who have done the same thing and fixed them before they can cause a problem.

[kalvado]

If the code is already deployed, all of those potential exploits are there in the car already, waiting to be...well...exploited. Keeping the source code secret, in-house only, burn after reading is just a method of security through obscurity. If the code is opened up, experienced security experts can fix the problems before they get exploited. If the code is kept closed, the good guys can't look through it for things needing to be fixed, but the bad guys aren't going to stop looking for exploits.

It is rather akin to fixing a pothole by putting a tarp over it, under the idea that if people can't see the hole they won't try to hit it.

Do note that a good chunk of the software stack that powers things like banks and governments runs on an open source model... This is a solved problem. You can download the code to the MySQL database server that runs damn near every database application in the world and read through it looking for security holes that would allow you access to pretty much every bit of critical data on the planet. You're unlikely to find any, though, since there are developers with far more experience than any two-bit attacker who have done the same thing and fixed them before they can cause a problem.

This is a solved problem... to some extent. I saw source code of Win2000 (not that I understood much) - it was leaked at some point. Latest versions are still closed, as far as I understand. I doubt forcing MS into a full open source would succeed. 
My general impression is that company has to grow up to that stage,  not to be forced into compliance within few months. And I certainly see some portions of the code still being proprietary - as far as I understand, injection and ignition control, and associated engine diagnostics, is a highly technological area where things are protected for solid IP reasons.

Although releasing some limited API shouldn't expose too much stuff. But we don't know specifics behind, there may be other things to consider.

[Scott5114]

And yet full open-source operating systems are generally preferred for critical server infrastructure. The number of servers that run Windows/IIS/MS SQL Server/ASP is tiny compared to the number that run the LAMP stack, for exactly the same reasons discussed in this thread–it generally being a bad idea to give Microsoft control of critical server infrastructure (as they will make decisions based on their own profitability, rather than the needs of the customer), and the security benefits of having many eyes reviewing the code.

In this case, there's a clear benefit to having the tie-wearing monstrosities' IP interests shoved forcefully down the list of priorities–if the way the injection and ignition procedures work is general knowledge, it makes repairing those systems easier when they fail.

Which points to what the real motive here is, right? It's not about security at all. If that was the real motive, they would open-source the code yesterday. The real motive here is to put third-party mechanics out of business and require all repairs to be made by a dealer...isn't it?

[kalvado]

And yet full open-source operating systems are generally preferred for critical server infrastructure. The number of servers that run Windows/IIS/MS SQL Server/ASP is tiny compared to the number that run the LAMP stack, for exactly the same reasons discussed in this thread–it generally being a bad idea to give Microsoft control of critical server infrastructure (as they will make decisions based on their own profitability, rather than the needs of the customer), and the security benefits of having many eyes reviewing the code.

In this case, there's a clear benefit to having the tie-wearing monstrosities' IP interests shoved forcefully down the list of priorities–if the way the injection and ignition procedures work is general knowledge, it makes repairing those systems easier when they fail.

Which points to what the real motive here is, right? It's not about security at all. If that was the real motive, they would open-source the code yesterday. The real motive here is to put third-party mechanics out of business and require all repairs to be made by a dealer...isn't it?

Well, I can see zillion reasons for different parts of the system to have different level of openness.
Mechanics may be one part of the situation - but a lot of service is done by diagonal replacement of components. Wheels, brakes, AC, generator, glass, body, pumps - all done by replacement of parts with pretty rudimentary diagnostics.
Engine operation is proprietary because there is a lot of knowledge behind it. Optimal temperature distributions, cooling rates, algorithms to control those,  wear-out profiles - manufacturer did spend a lot of effort on that, and don't want rivals to grab that knowledge. If you will, your server may run open OS - but CUDA driver would still be proprietary.
Then, it is well known that many things are sold at - or below - cost with assumptions that post-sales service and support would be profitable. Inkjet printers are infamous for that.   

Bottom line - I do repair things myself. I hate when there is not enough documentation to do that. More than once I actually came to a boiling point over manufacturer being explicitly anal (and proud about it) about things.  But - I still don't believe in open-f&king-everything.

[Scott5114]

Then, it is well known that many things are sold at - or below - cost with assumptions that post-sales service and support would be profitable. Inkjet printers are infamous for that.   

And here is the key point of difference between you and I–I don't necessarily agree that just because someone can make a profit off of something, that they should be allowed to do so. People will come up with business models that depend on violating the Geneva conventions if we let them. Business should serve the interests of the end consumer and society at large, not solely the shareholders or management. If a business cannot do both, it should be dissolved, by force if necessary.

[kalvado]

Then, it is well known that many things are sold at - or below - cost with assumptions that post-sales service and support would be profitable. Inkjet printers are infamous for that.   

And here is the key point of difference between you and I–I don't necessarily agree that just because someone can make a profit off of something, that they should be allowed to do so. People will come up with business models that depend on violating the Geneva conventions if we let them. Business should serve the interests of the end consumer and society at large, not solely the shareholders or management. If a business cannot do both, it should be dissolved, by force if necessary.

I'm afraid there is one thing you miss here.
Knowledge is easy to share, but pretty difficult to produce. And whoever produces that knowledge - be it car design, new drug, code, technology, movie - hopes to get some compensation for doing that, for time and money spent.
It  causes most tensions when novel life-saving medical treatments are at stake. On one hand, company seemingly defies social responsibility by refusing to save lives; on the other hand - company wouldn't be doing that research if there was no compensation to be collected at the end of the day and that would be a net loss in terms of lives saved.   
While this is quite a bit more extreme situation to consider, the spirit is the same - rights of end user vs rights of creator.
Things can be somewhat resolved if public funding is on the table, but that is another huge can of worms I don't want to open here.

Coming back to the topic - there should be a certain level of disclosure; and current situation certainly favors big companies vs end users. I don't know where the balance should be, but you certainly want to push the needle further than I do.

[hbelkins]

It's pretty obvious that revenue and profit are big drivers of stuff like this.

I can take my old truck out the road to an independent garage and get the oil changed for $30. Get it done at Valvoline Instant Oil Change, and it will likely cost $69.95. I hesitate to think what the dealership would charge.

It just makes sense that people would rather play an independent garage less to put on a set of brakes or a new muffler. A few years ago, the going rate for dealership labor was $48 per hour and I thought that was outrageous, and it's probably gone up to $60 or $72 by now. And lots of garages charge labor not by how much time is actually spent, but by how long a book tells them it should take.

[kalvado]

It's pretty obvious that revenue and profit are big drivers of stuff like this.

I can take my old truck out the road to an independent garage and get the oil changed for $30. Get it done at Valvoline Instant Oil Change, and it will likely cost $69.95. I hesitate to think what the dealership would charge.

It just makes sense that people would rather play an independent garage less to put on a set of brakes or a new muffler. A few years ago, the going rate for dealership labor was $48 per hour and I thought that was outrageous, and it's probably gone up to $60 or $72 by now. And lots of garages charge labor not by how much time is actually spent, but by how long a book tells them it should take.

Frankly speaking, $100 an hour would be about right if you try to do the math from owner's perspective. And I certainly think that someone who can do the job in 30 minutes shouldn't be paid less than someone who does same job over 2 hours.

[Big John]

And GM is now requiring a $1500 3-year On-Star service that was optional on Buick, GMAC and certain Cadillac models.  https://edition.cnn.com/2022/08/10/business/gm-onstar-mandatory/index.html

[ZLoth]

And GM is now requiring a $1500 3-year On-Star service that was optional on Buick, GMAC and certain Cadillac models.  https://edition.cnn.com/2022/08/10/business/gm-onstar-mandatory/index.html

Didn't GM discontinue Sedans in favor of SUVs and Trucks?

[Takumi]

And GM is now requiring a $1500 3-year On-Star service that was optional on Buick, GMAC and certain Cadillac models.  https://edition.cnn.com/2022/08/10/business/gm-onstar-mandatory/index.html

Didn't GM discontinue Sedans in favor of SUVs and Trucks?

For the most part, yes, but Cadillac still has two sedans.