Forums » Grassroots Motorsports »

Let’s talk about connected cars

1 2 3
frenchyd
frenchyd MegaDork
3/15/22 7:57 p.m.

In reply to Snowdoggie (Forum Supporter) :

Fair enough. If you want to stay under the radar don't drive newer cars on the track.

 There is very little real difference between Vintage Wheel to wheel racing and HPDE time trials.  With the 13/13 rule contact is verboten.    I'll go several years to vintage races before I see even mild contact.  I've never seen serious contact in 40+ years of vintage racing.  Sure it's happened but in the 100+ races I've been in its never happened on that weekend or week. ( speed week in the Bahama's ) 

    If you really want to simplify racing cars built from the ground up as race cars. Like Formula cars or Sports racers. Tend to be the least expensive to maintain.  Especially formula Fords Spec racers. or other stock production engines.  Most reliable, easiest to work on, and most responsive to driver input. 
Sure you can buy old Formula 1 and Can Am cars if you want to dump cubic money.   But for every $1 a spec racer costs to maintain those probably cost $10,000 or more. 
   Consumables for a Formula Ford or spec racer are probably well under a $1000 for a season. If you're not pushing those cars to the absolute edge of the envelope the engines/ trans probably last 5 years or more before refreshing is called for. I know my stock bottom Jaguar lasted 40+ years. Plus I won some really big events. 

SV reX
SV reX MegaDork
3/15/22 9:16 p.m.

In reply to frenchyd :

What in the world do vintage race cars have to do with connected technology cars?

Appleseed
Appleseed MegaDork
3/16/22 12:30 a.m.

In reply to SV reX :

None. Which is the point. I think?

SKJSS (formerly Klayfish)
SKJSS (formerly Klayfish) PowerDork
3/16/22 6:13 a.m.
Snowdoggie (Forum Supporter) said:

I drive a whole lot differently on a track day or an autocross than I do on the way to work in heavy traffic. I also feel that motorsports activities actually help me keep my driving skills up. But try to explain that to an insurance company reading your black box. You can't.

The thing is...insurance companies don't read your "black box" (it's actually called an Event Data Recorder, or EDR) unless you volunteer for one of those programs where you plug something into your OBDII port.  Autox/HPDE aren't covered by an auto policy anyway, so I'm not sure underwriting would care that much if they knew you were doing those things with your car.

frenchyd
frenchyd MegaDork
3/16/22 8:09 a.m.
SV reX said:

In reply to frenchyd :

What in the world do vintage race cars have to do with connected technology cars?

They aren't by definition connected. 
  If connection bothers you that's the way to avoid it. 

frenchyd
frenchyd MegaDork
3/16/22 8:14 a.m.
SKJSS (formerly Klayfish) said:
Snowdoggie (Forum Supporter) said:

I drive a whole lot differently on a track day or an autocross than I do on the way to work in heavy traffic. I also feel that motorsports activities actually help me keep my driving skills up. But try to explain that to an insurance company reading your black box. You can't.

The thing is...insurance companies don't read your "black box" (it's actually called an Event Data Recorder, or EDR) unless you volunteer for one of those programs where you plug something into your OBDII port.  Autox/HPDE aren't covered by an auto policy anyway, so I'm not sure underwriting would care that much if they knew you were doing those things with your car.

The problem is I doubt actual people read those.  For sure there is no entry indicating the activity is off road, on a close course for racing only.  
     That's a whole bunch of events ( speed , braking, cornering) outside of how the insurance companies think they want their customers to drive.  
One further issue is in the event of an accident assumptions will be made. One more unwarranted intrusion onto your life. 
   

alfadriver
alfadriver MegaDork
3/16/22 8:26 a.m.
David S. Wallens said:
AngryCorvair (Forum Supporter) said:

my uncle has a country place...

No one knows about.... 

He said it used to be a farm.

alfadriver
alfadriver MegaDork
3/16/22 8:28 a.m.

I'm wondering how effective the advertising really is, sometimes.  Everyone says my data is super important, but I also never really pay attention to ads, I use an ad blocker when I can, and I don't think I am alone.

Interesting that forcing ads on people who don't want them is considered more valuable than criminal activity knowledge.

SKJSS (formerly Klayfish)
SKJSS (formerly Klayfish) PowerDork
3/16/22 8:51 a.m.
frenchyd said:
SKJSS (formerly Klayfish) said:
Snowdoggie (Forum Supporter) said:

I drive a whole lot differently on a track day or an autocross than I do on the way to work in heavy traffic. I also feel that motorsports activities actually help me keep my driving skills up. But try to explain that to an insurance company reading your black box. You can't.

The thing is...insurance companies don't read your "black box" (it's actually called an Event Data Recorder, or EDR) unless you volunteer for one of those programs where you plug something into your OBDII port.  Autox/HPDE aren't covered by an auto policy anyway, so I'm not sure underwriting would care that much if they knew you were doing those things with your car.

The problem is I doubt actual people read those.  For sure there is no entry indicating the activity is off road, on a close course for racing only.  
     That's a whole bunch of events ( speed , braking, cornering) outside of how the insurance companies think they want their customers to drive.  
One further issue is in the event of an accident assumptions will be made. One more unwarranted intrusion onto your life. 
   

Agreed.  It would have to be "known" what the event was...or the OBDII dongle removed during these events (which I know gets logged).  IMO, those policies that do monitor driving habits are probably not best suited for people who do autox or HPDE.

wae
wae PowerDork
3/16/22 10:13 a.m.

I work in a tangentially-connected industry and the whole Internet-of-Things (the umbrella of which covers the concept of the connected car) makes me pretty pretty uncomfortable.  Most people just shrug it off and think how cool it is that they can control their toaster from their smartphone on the other side of the planet, but as it sits right there there are a few major problems:

  • Data collection.  Most people think that they're not doing anything that anyone would care about or that people have more things to worry about than what the temperature of their house is.  In my discussions with some of the Big Data companies out there, there are a couple of things that they're pushing to their customers.  First of all, being able to mine that data is getting easier and easier as compute power increases and the cost of memory and storage decreases.  It used to be that when you looked at a big dataset, you were looking for a needle in a haystack.  Today, however, they start with about a thousand haystacks and after they're finished with their search, they'll tell you if there was a needle in there.  Machine learning/AI/Big Data is able to take large datasets that may or may not have any relation to each other and make correlations that would astound you.  The other big thing that they're pushing is to collect every bit of data that you can and store it now.  You may not have the compute power to do anything with it today.  You may not know what metrics or correlations you want to discover.  But if you collect every bit of data you can get your hands on, as you and/or the technology develops, you've already got the data and can always go back and mine it later.  Thus was born the datalake.
  • Ongoing support.  If you have a device that needs to "check in" with a server somewhere on the network, you are buying in to an infrastructure that you do not control and cannot (easily) replace.  If your car has to check in with Toyota's server after you press the remote start button on your remote control and that server is not available, you've just lost that functionality.  That could be because of a transient issue with connectivity, an outage at the manufacturer or some upstream provider, or it could just be that the manufacturer has decided that they don't want to support that product anymore or they go out of business.  What does a connected device - be it a car, thermostat, rectal thermometer, whatever - look like in 10 years?  20 years?  50 years?  Some will argue that "people" will find ways to circumvent some of those server requests and be able to spoof the call-home system to make things like that work.  But....
  • The legal environment.  While there's a "right to repair" push on currently - and there very well should be! - there's also a lot of money on the side of preventing people from being able to decode protocols and spoof servers.  Look at things like the DCMA.  I make no judgement here about the merits of that law, but the fact is that it makes illegal attempts to circumvent copyright protection mechanisms.  So even if I create something that intercepts the packets that my connected device sends and responds to it, I might be liable under those types of statues.  And you can bet your ability to turn on your own heated seats that if there's a subscription fee for any of these call-home enabled features, those types of legal protections are only going to get stronger.  And despite the recent conversation, even if the manufacturer decides not to support your device anymore, they still retain the right to prevent you from circumventing their copyright.  Again, I'm not saying it's right, wrong, or indifferent, but it's the legal system we're in.
  • More legal environment: who can do what for how long?  For the most part, in the US it's totally the wild west for what data you can collect, how long you can keep it, who you can share it with, and what you can do with it.  Sure, maybe you don't mind that your keyboard manufacturer collects "some data" about you today.  But tomorrow you might find out that it actually collects keystrokes and shares that data with law enforcement and anyone else who's willing to pay.  And while you can turn that keyboard into a pile of plastic shards and go back to your old IBM Model M, that data is already stored, shared, and you have no option to pull it back.
  • Forced Obsolescence.  On a similar thread to the ongoing support issue, once you've bought in to that type of device that relies on some sort of external service, if that service is discontinued, your thing could become useless.  Or at the very least, you lose the features you paid for.  I can absolutely see vendors releasing the 5th generation of a product and simultaneously announcing that with that release, the gen 1 products will no longer function.  All they've got to do is alter whatever server the first gen product needs to talk to and you're forced into an upgrade.
  • Forcing your way into my wallet.  This is one of those things that bugs the everloving E36 M3 out of me, so allow me to stand on my soapbox for a moment.  At some point, the guys on Wall Street figured out that recurring revenue was a way better metric than one-time sales numbers.  Sure, selling a widget is great, but once you've sold that you need to find someone else to also buy one.  And you have to go make another widget to sell them.  Now you have every company out there trying to figure out how to transitions their product into MRCs.  Instead of paying up-front for something, now you have to get a subscription and pay every month.  They're going to coat it in this setting of "oh, but if you decide you don't need it this month, you can cancel it!" or "why pay for your heated seats year round, when you only need them during the coldest months of the year!".  But what it's really about is being able to dip into your wallet on a recurring basis because those sales have a lot less friction in them.
  • Security.  Guys, I gotta tell you....  information security is pretty much a sick joke right now.  The way these products are built and coded - and I'm talking about the front end that you get as part of your internet of (rented) things product as well as the back end that it calls home to as a "connected device" - is a pile of dog turds stacked on a lump of E36 M3.  Look at the log4j vulnerability that made the news recently.  It's a little bit technical, but to give you an analogy it would be like finding out that back in 2013, somebody started putting something into about 75% of the steel that was produced starting that year.  That thing made it so that if you went up to anything made with that steel and hit it with just the right shape of hammer in just the right place, the thing would pretty much shatter.  That's what happened with this.  This was a library that all sorts of software developers included in their own products.  I don't know the exact percentage, but a very high percentage of applications that were written in java (which is a high percentage of applications, period) either used log4j or used another library that used log4j.  Or used a library that used a library that used log4j.  It's turtles all the way down, guys.  The effort required to determine where this existed in your environment and how to patch it was absolutely immense.  And you can be absolutely certain that there are still some vulnerable systems out there.  And what if the software vendor is no longer in business or wants to maintain that particular product?  Oh, and by the way, that vulnerability has existed since 2013 and was only discovered publicly in December of 2021.  How many more of those do you think are out there, just lurking.  And new ones are being created every single day.
  • What people want to do with this data.  I've had a number of discussions with customers and vendors about how they envision using data.  I met with a local police department as they were developing their ALPR system.  That's advanced license plate readers.  Understand, first of all, that there are many capture systems, but they all get the same basic data - a license plate, GPS coordinates, and a timestamp.  At the time, repo men weren't cruising parking lots collecting ALPR data yet, but police departments were getting in to it.  The captain in charge of the implementation of this particular system wanted to collect this data and hold it indefinitely.  His plan was that if a kid got abducted on Maple St. at 1600, he could go back and find every car that was on Maple St. from 1500-1700 and investigate every driver.  Or if they knew that drugs were coming in from a city to the east on Thursdays, they could go interview anyone who owned a car that was driving westbound on the highway into the city on more than one Thursday.  The commercial outfits were pushing a story about using cameras to see what you put in your shopping cart and cross-referencing that with your browser history, local twitter data, weather, and your fitness tracker data.  Oh, it looks like you're trying to lose weight, but you put potato chips in your cart.  Let's send you a text message right now with tips on how to make heathy eating decisions!  And that's just some of the most innocuous stuff.  The problem is that there really isn't any limit or any way to opt out and the sheer amount of processing power that's available has absolutely changed the game.
  • Right to repair.  Probably the most mundane of my concerns is this.  We deal with this in the tech world with call-home things now, and have for a long time.  There's always been a cat-and-mouse game with the third party hardware support providers for datacenter equipment, but that's getting more and more serious.  Look at the case with the company that came up with an app that intercepts the data that the McDonalds ice cream machine was sending home.

That's all I've got for right now.  I just looked outside and those damned clouds are back, so I need to go yell at them again.

flatlander937
flatlander937 GRM+ Memberand HalfDork
3/16/22 2:10 p.m.

In reply to wae :

Great post.

 

As someone who does high tech stuff with newer cars (ADAS calibrations, programming, electrical diagnostics), the right to repair thing is what most directly impacts me now.

Chrysler went to a secure gateway module(SGM) starting in 2018. To do anything useful other than read codes and OBD2 generic data, you need to have a Witech subscription. And Mopar TSP. And an Okta account. Just to grant access to do stuff to the car (including just CLEARING DTCs). It's a bunch of hoops to jump through.

Then there is Nissan who went to a SGW phasing in slowly starting with the 2020 Sentra (and other models when they get facelifted since), and while it's not as much of a pain, you need a subscription to unlock the gateway. That said, it's probably the absolutely most secure mfr, with excellent scan tool capabilities. 

 

And then there are SEVERAL mfrs with very poorly written software that certain things can be bypassed. These same mfrs write the software in the car, so God only knows how easy it would be to mess with stuff wirelessly.

I just started a computer science online program to have a better understanding of all this stuff, because where we're headed... It will be needed.

frenchyd
frenchyd MegaDork
3/16/22 3:23 p.m.
wae said:

I work in a tangentially-connected industry and the whole Internet-of-Things (the umbrella of which covers the concept of the connected car) makes me pretty pretty uncomfortable.  Most people just shrug it off and think how cool it is that they can control their toaster from their smartphone on the other side of the planet, but as it sits right there there are a few major problems:

  • Data collection.  Most people think that they're not doing anything that anyone would care about or that people have more things to worry about than what the temperature of their house is.  In my discussions with some of the Big Data companies out there, there are a couple of things that they're pushing to their customers.  First of all, being able to mine that data is getting easier and easier as compute power increases and the cost of memory and storage decreases.  It used to be that when you looked at a big dataset, you were looking for a needle in a haystack.  Today, however, they start with about a thousand haystacks and after they're finished with their search, they'll tell you if there was a needle in there.  Machine learning/AI/Big Data is able to take large datasets that may or may not have any relation to each other and make correlations that would astound you.  The other big thing that they're pushing is to collect every bit of data that you can and store it now.  You may not have the compute power to do anything with it today.  You may not know what metrics or correlations you want to discover.  But if you collect every bit of data you can get your hands on, as you and/or the technology develops, you've already got the data and can always go back and mine it later.  Thus was born the datalake.
  • Ongoing support.  If you have a device that needs to "check in" with a server somewhere on the network, you are buying in to an infrastructure that you do not control and cannot (easily) replace.  If your car has to check in with Toyota's server after you press the remote start button on your remote control and that server is not available, you've just lost that functionality.  That could be because of a transient issue with connectivity, an outage at the manufacturer or some upstream provider, or it could just be that the manufacturer has decided that they don't want to support that product anymore or they go out of business.  What does a connected device - be it a car, thermostat, rectal thermometer, whatever - look like in 10 years?  20 years?  50 years?  Some will argue that "people" will find ways to circumvent some of those server requests and be able to spoof the call-home system to make things like that work.  But....
  • The legal environment.  While there's a "right to repair" push on currently - and there very well should be! - there's also a lot of money on the side of preventing people from being able to decode protocols and spoof servers.  Look at things like the DCMA.  I make no judgement here about the merits of that law, but the fact is that it makes illegal attempts to circumvent copyright protection mechanisms.  So even if I create something that intercepts the packets that my connected device sends and responds to it, I might be liable under those types of statues.  And you can bet your ability to turn on your own heated seats that if there's a subscription fee for any of these call-home enabled features, those types of legal protections are only going to get stronger.  And despite the recent conversation, even if the manufacturer decides not to support your device anymore, they still retain the right to prevent you from circumventing their copyright.  Again, I'm not saying it's right, wrong, or indifferent, but it's the legal system we're in.
  • More legal environment: who can do what for how long?  For the most part, in the US it's totally the wild west for what data you can collect, how long you can keep it, who you can share it with, and what you can do with it.  Sure, maybe you don't mind that your keyboard manufacturer collects "some data" about you today.  But tomorrow you might find out that it actually collects keystrokes and shares that data with law enforcement and anyone else who's willing to pay.  And while you can turn that keyboard into a pile of plastic shards and go back to your old IBM Model M, that data is already stored, shared, and you have no option to pull it back.
  • Forced Obsolescence.  On a similar thread to the ongoing support issue, once you've bought in to that type of device that relies on some sort of external service, if that service is discontinued, your thing could become useless.  Or at the very least, you lose the features you paid for.  I can absolutely see vendors releasing the 5th generation of a product and simultaneously announcing that with that release, the gen 1 products will no longer function.  All they've got to do is alter whatever server the first gen product needs to talk to and you're forced into an upgrade.
  • Forcing your way into my wallet.  This is one of those things that bugs the everloving E36 M3 out of me, so allow me to stand on my soapbox for a moment.  At some point, the guys on Wall Street figured out that recurring revenue was a way better metric than one-time sales numbers.  Sure, selling a widget is great, but once you've sold that you need to find someone else to also buy one.  And you have to go make another widget to sell them.  Now you have every company out there trying to figure out how to transitions their product into MRCs.  Instead of paying up-front for something, now you have to get a subscription and pay every month.  They're going to coat it in this setting of "oh, but if you decide you don't need it this month, you can cancel it!" or "why pay for your heated seats year round, when you only need them during the coldest months of the year!".  But what it's really about is being able to dip into your wallet on a recurring basis because those sales have a lot less friction in them.
  • Security.  Guys, I gotta tell you....  information security is pretty much a sick joke right now.  The way these products are built and coded - and I'm talking about the front end that you get as part of your internet of (rented) things product as well as the back end that it calls home to as a "connected device" - is a pile of dog turds stacked on a lump of E36 M3.  Look at the log4j vulnerability that made the news recently.  It's a little bit technical, but to give you an analogy it would be like finding out that back in 2013, somebody started putting something into about 75% of the steel that was produced starting that year.  That thing made it so that if you went up to anything made with that steel and hit it with just the right shape of hammer in just the right place, the thing would pretty much shatter.  That's what happened with this.  This was a library that all sorts of software developers included in their own products.  I don't know the exact percentage, but a very high percentage of applications that were written in java (which is a high percentage of applications, period) either used log4j or used another library that used log4j.  Or used a library that used a library that used log4j.  It's turtles all the way down, guys.  The effort required to determine where this existed in your environment and how to patch it was absolutely immense.  And you can be absolutely certain that there are still some vulnerable systems out there.  And what if the software vendor is no longer in business or wants to maintain that particular product?  Oh, and by the way, that vulnerability has existed since 2013 and was only discovered publicly in December of 2021.  How many more of those do you think are out there, just lurking.  And new ones are being created every single day.
  • What people want to do with this data.  I've had a number of discussions with customers and vendors about how they envision using data.  I met with a local police department as they were developing their ALPR system.  That's advanced license plate readers.  Understand, first of all, that there are many capture systems, but they all get the same basic data - a license plate, GPS coordinates, and a timestamp.  At the time, repo men weren't cruising parking lots collecting ALPR data yet, but police departments were getting in to it.  The captain in charge of the implementation of this particular system wanted to collect this data and hold it indefinitely.  His plan was that if a kid got abducted on Maple St. at 1600, he could go back and find every car that was on Maple St. from 1500-1700 and investigate every driver.  Or if they knew that drugs were coming in from a city to the east on Thursdays, they could go interview anyone who owned a car that was driving westbound on the highway into the city on more than one Thursday.  The commercial outfits were pushing a story about using cameras to see what you put in your shopping cart and cross-referencing that with your browser history, local twitter data, weather, and your fitness tracker data.  Oh, it looks like you're trying to lose weight, but you put potato chips in your cart.  Let's send you a text message right now with tips on how to make heathy eating decisions!  And that's just some of the most innocuous stuff.  The problem is that there really isn't any limit or any way to opt out and the sheer amount of processing power that's available has absolutely changed the game.
  • Right to repair.  Probably the most mundane of my concerns is this.  We deal with this in the tech world with call-home things now, and have for a long time.  There's always been a cat-and-mouse game with the third party hardware support providers for datacenter equipment, but that's getting more and more serious.  Look at the case with the company that came up with an app that intercepts the data that the McDonalds ice cream machine was sending home.

That's all I've got for right now.  I just looked outside and those damned clouds are back, so I need to go yell at them again.

My wife works in IT security for one of the biggest banks. It's a constant whack -a-mole dealing with hackers. But that branch of the bank has the big budget and great paychecks to stay ahead. 
     It's only going to get worse. Innovation means ease of access but secure is how the big boys do things.
    The smaller banks tend to just write off their losses and fines. ( yeh, they get fines, serious fines if they get hit ) 

    

flatlander937
flatlander937 GRM+ Memberand HalfDork
3/18/22 8:15 p.m.

Oh yeah, one more thing I forgot to add: 

For the manufacturers who require internet connection to their main server to fix the car or diagnose anything... You're SOL when those servers go down.

It is not uncommon for the Chrysler, GM, Hyundai/Kia servers to go down. Mercedes requires internet connectivity as well but I've never personally had a problem with them.

VW/Audi had problems for several days not too long ago as well.

1 2 3

You'll need to log in to post.

More like this

E46 M3 brakes don't feel right? How to tell if it's the ABS/DSC unit

You Need This: The Kellison Stallion Cobra hero car from “Bad Boys”

Dogbone inserts: Will they work just as well as solid bushings?

Could you be happy with just one car?

How to properly apply vinyl stickers to a car

You Need This: Unmodified S15 Nissan Silvia Spec R

Brake fade: What you need to know and how to fix it

Does your project have a plan?

Turn a smartphone into a data acquisition system | The apps you need

Randy Pobst: Once-in-a-lifetime opportunities only found at Monterey
Our Preferred Partners
Koni GRM
HMS Motorsport
SCCA
Tire Rack GRM
Holley
IMSA
Epartrade
Intercity Lines GRM
Sunoco GRM
Quadlock GRM
BUzo4vacPRiZXOsdWFXgUVzGCPLA9aBTaSUmBEkC28ImMp60HDSa81EcrAtdrUV1