Having worked on a John Deere integration for an agtech company I can't say I'm surprised. The MyJohnDeere API had a lot of idiosyncrasies that smelled like inexperienced or mismanaged development, especially around authentication/authorization.
At the time I was working on it they had some extremely arcane authentication process that required round-trip emails, various link clicking and code entering, and all kinds of craziness. Toward the end of my tenure our point of contact finally told us they were moving to OAuth but they had nearly zero documentation on it.
For anyone who isn't knowledgable in the farming space, I'd highly recommend a browse through John Deere's API documentation [0]. Before the agtech gig I hadn't really given it a second though, but modern farms are very high tech operations. Really cool stuff happening in agtech.
We need a new word for these high tech massive farming operations. I come from the Canadian farming sector. Most of the farmers here are individuals, or medium sized family operations. Even the big farms aren't "high tech". There just a lot of guys and a bunch of leased machines. We have essentially 0 "high tech" farms.
I wouldn't say "modern farms are very high tech operations", I'd say "high tech industrial players are in the process of taking over western agriculture".
The word "farm" mean something special to me, as I was born and raised on one. What your talking about is something completely different.
I'm curious to know what your standards for high tech are. I know that there are many farms in southern alberta who regularly get the latest farming equipment which includes john deere's that drive themselves.
Hell, Lethbridge is home to at least one successful agtech biz, if not more. They're flying drones to analyze weed cover and optimize spraying based on positional data.
It can be very high tech. I don't know what you're saying that it doesn't exist. It's happening in canada literally right now.
That said a lot of these are for medium to large operations. Despite high tech, farmers who farm smaller plots generally have better yield. The automation has basically just let business expand into larger operations they might not otherwise have manpower or expertise to cover.
> There just a lot of guys and a bunch of leased machines. We have essentially 0 "high tech" farms.
I think OP might mean that these "high tech farms" are less like farms and more like movie studios. The tractor makers and the bank are acting like a movie studio. The are running a production in a certain area, with certain high tech equipment, with certain subleases on land for a certain number of years. There is no one driving vision and keeping the flame of what high tech should be. It's more like, "let's get this soy to market in the new way that is 7% cheaper before the other team does." Just a guess on what OP means
hmm... having grown up on a farm in Germany and even though my father was only employed as the manager, it still felt more like "our" farm. It was definately a big farm compared to the german average, but then that average also includes a lot of part-time/side-business farms, where.
Despite the size, the general methods between a smaller and a larger farm are not that different imho. But the amount of tech in a modern tractor was and still is amazing, and at the time the average car was definately not up to par. "automatic" GPS assisted driving, "laser" assisted driving (on harvesters). Beyond that, most of the "management" data was already digital 15 years ago, partly due to compliance requirements. And satellite imagery, soil samples, etc... were at least partly integrated.
And I would still call this a farm! Times change, and clinging to the old times in some nostalgia doesn't help. (I don't want to imply that you do!)
And on a slightly different perspective: I don't think bigger farms necessarily produce worse food, generate more externalities, etc... The processes are much more optimized, and at least I think the potential for better food with less externalities is with bigger farms. Also it is a somewhat bogus comparison: Mostly nobody complains that their car / laptop / smartphone comes from a factory, but for farming there is this strange preference for something of 50-100years past.
> Also it is a somewhat bogus comparison: Mostly nobody complains that their car / laptop / smartphone comes from a factory, but for farming there is this strange preference for something of 50-100years past.
It is not specific to farming. Handmade, artisan stuff sells well, even when it is objectively worse. And in general, people are more sympathetic to small businesses than big, faceless corporations. We value the human element I guess.
As for food, we tend to equate big farms with everything bad with current agriculture, even if it doesn't have to do with it: crops bred for yield instead of taste/nutrition, monoculture with pesticides/herbicides, ... It is partly true because small, traditional farms then to focus on quality and ethics/sustainability/... rather than price, because they can't compete on price.
I think this is because when an artisan makes something, usually you know he tried hard, even if it ends being crap because subpar skills.
With industrialized products you know they want it cheap, resulting in crap product that didn't need to be crap.
For example once I had to repair my Electrolux fridge, when I opened it up I saw two very nasty things: 1. the holes between parts were all misaligned, to the point it was impossible to insert the screws intended to go in them. 2. it was then glued with a ton of glue spread "randomly" all over the place, it was obviously shoddy.
And the issue I had to fix in that fridge? They used the cheapest "defrost" button they could, one that notoriously got stuck often, so your fridge would stay in "defrost" mode forever and stop working, the solution was disassemble it, force the button back with a screwdriver, assemble it again... every time you used the button.
Somewhat related, but the glue situation reminded me of the time I realized I'm going to need to hire a woodworker if I ever want quality cabinets in my kitchen. I was doing delivery for one of the big home improvement stores and got asked to stay late and run some cabinets to a customer. Light crap on overtime? I'm there.
I'm looking at these cabinets in the stock room and they're crap. No joinery, no screws, just flat pieces of cheap wood glued together. So I go to joke with the woman who works in that department about how cheaply they were constructed. She looked me dead in the eye and told me, oh no, these were the nicest cabinets we sold in the store. Top of the line. They even use extra glue to make them sturdier.
I know a guy who can't go through a drive through without lecturing everyone in the car about how being able to get 400kcal for a buck and a half is an amazing feat of societal progress. But he's old and emigrated from Poland so...
My example may be an outlier but there's plenty of people who are happy to get Chilean produce in January and don't care how much methane their 75/25 beef emitted. HN has the spare cash and brain cycles to care about a lot of things that normal people don't even think about.
As to distrusting large companies, I think that is an intuitive understanding we have that in any organization larger than 100 people, it is likely led by a sociopath. They gravitate towards positions of power, they have superficial charm that hold in large groups where you don't get to know people well, and they occur at about 1 in 100.
Even ignoring leaders, once you get beyond 100-200 people responsibility is necessarily divided up such that people stop being responsible for the organization and start being responsible to the organization. And then the organization does sociopathic things things whether people want to or not. Even an organization's leaders are subject to this. After all 100s of people's paychecks depend on their decisions. The more people you add, the more you divide up responsibility, the more you remove the leaders from the customers, the worse it gets.
> What your talking about is something completely different.
I wonder if farmers felt the same way when tractors first started coming onto the scene replacing ox/horses and a plow, or combines, or grain carts, or seed drills, or...
Did you grow up using any of that at-the-time "high tech" equipment? It was high tech at some point, now just common tech. At what point is something considered "high tech?" If you were born in the age of cell phones, are they considered high tech, or just common tech you can find on any street corner like gumball machines? If you were born in the 1950's, does your opinion differ on cell phones from someone currently in their 20's who grew up with it and knew no other way?
If a John Deere salesman knocked on that screen door 80 years ago and said, "Mr. Farmer I have something that will make your life easier. The only drawback is when it breaks down, you can't buy parts, can't see repair documatation, and only pricy factory workers whom live far away will be able to repair the machine at set rates.
The farmer would have slammed the door, and fed his horses.
for tractors generally, maybe, but have read many things specifically about john deere being very DRM/anti repair, and a quick google seems to highlight that there are court battles being fought over exactly this right now.
"Farmer" is an interesting word these days. Think giant corp running 1 million acres across 200 sites. And think of "tractor" as a fleet of combines that cost $500K each and are shared across all 200 sites.
The picture of a hard-working solo farmer repairing his only tractor out in the barn is becoming a rare thing. When you say "farmer" today, it is unclear if you mean the multi-billion dollar multi-national, the "manager" for this 400-acre parcel, or the lady next to the field operating the drone or mostly-autonomous equipment. Or perhaps you meant the latest breed--that fellow who greases the conveyor belt in the metal building in the middle of town where they do the vertical farming with the fancy lights and watering systems. No tractors or even dirt involved.
Foundries were a thing, but even those are giving way to factories, right?
I mean, someone will always make stock, but fewer companies melt metal these days, or at the very least relative to those that carve it up or weld it together (which may or may not involve a little melting, given spin welding and other techniques).
Yeah, "factory" is really the general term for a facility that adds value to inputs at an industrialized scale. A lay person would call everything from a smelting plant to an electronics assembly floor a "factory" and not be wrong.
From a pre-industrial blacksmith's perspective, the bigger distinction might be between a "factory" and a "shop". The processes involved are effectively the same; the difference is the scale/flexibility tradeoff (a shop can make different things every day without added overhead, where a "factory" gains enormous efficiency by being configured to do a single process).
For perspective, my parents both grew up on farms and I spent my summers on them. You are right but "farming" used to be a family with 3 acres and an ox and a plow. These small farms you lament are just as much a whole new world to the ox and plow as a 16/20 row combine that can process 150 acres a day is to your childhood. Efficiency comes from specialization which creates incentives for economies of scale. Software will continue to eat the world.
I don't know if I agree with you. These kind of agtech farms tend to get heavy on pesticides use and tillage, which on the long term kills the ground life.
I've worked as a contractor for John Deere, and I can vouch for "inexperienced and mismanaged development". I was working on the embedded side of the business, not the API side. Some interesting observations:
* John Deere didn't hire anyone for a Software Engineering job unless they were a licensed engineer, at least in the area that I worked in. This meant a lot of EE and CE majors were writing the software and they pretty much all viewed software dev as "a foot in the door" to do the hardware work to which they aspired. This may not have been true across the company (perhaps only in the area that I worked in) and it may not be true today.
* This also manifest in a culture that was utterly divorced from the rest of the software industry. They're just moving from subversion to git, much of their "CI/CD pipeline" was built with windows .bat scripts and code generation via excel files that take hours to run (I shit thee not). They build pretty much everything in-house from hardware to embedded operating systems, and their embedded codebases are littered with #ifdefs to conditionally compile different code snippets based on the specific model of tractor/comine/sprayer/etc and feature set that it is to be loaded onto. It's hard to put into writing how difficult this is to maintain.
* They build everything in-house, but it's a big company and people just email around binaries for various development tools with no way to find the source code or even the author except to ask around. Submitting a patch to a dev tool is an enormous effort. Word is they're moving to GitHub, and I think it's going to be a game changer for developers.
* Other than that, there's a long tail of other problems. IT seems to have management paranoid that if developers are too productive the hackers will steal their IP and the company will go under or something. So getting a server provisioned is a months-long affair and teams will occasionally just run a Jenkins server from a former coworker's desktop that IT forgot to pick up. There's a culture of "don't try to improve things that aren't immediately in your purview". They routinely pick tools that are abysmal to work with--I don't mean "everyone has different preferences", I mean "they bought SharePoint and made everyone use it, but didn't pay for the SharePoint consultants who program the software to be actually usable within an organization (I'm generously assuming that it's possible to make SharePoint usable--I'm not sure this is the case).
All of that said, John Deere has some really cool problems that would be really fun to work on if not for all of their organizational issues. They had self driving tech years before anyone else, they have a vast array of vehicles that run these distributed networks of embedded controllers, they make their own hardware and software (which could be a lot of fun to work on if managed properly), they aspire to use ag data to improve yields and have a credible path forward (as opposed to the "step 1: use big data, step 2: profit!" sense). Additionally, I think they probably are innovative and well-run in many non-software respects, but I'm not qualified to comment.
Similarly, for all of its issues (including hostility toward folks who want to repair their vehicles), I really want them to turn a corner and succeed because agtech is really cool and they're an American Icon with a (increasingly tarnished) reputation for quality, innovation, and providing quality jobs. I wish them the best and maybe one day I'll apply and try and help from within.
> Sick Codes said he could iterate and brute force all VIN numbers in the database, as they were "sequential," according to him
Seems like they didn't think that people would enter someone else's VIN. A few years back I discovered that I could get activation code for a map update in my car simply by entering my VIN and the product number of the DVDs with the map update.
They gave me a list to choose from when I enterd my VIN, but that didn't stop me from asking for a different product -- and they gladly sent me an email with the matching code.
PS: I'm also from Norway. I see that's a thing now.
This is pretty common, oftentimes cars with parts restricted to VIN (special editions, etc.) or online manual or software download portals will ask for a VIN. Sometimes this is to verify parts fitment and sometimes it is to attempt to rate-limit parts purchase (i.e. - to keep a dealer from buying 100 sets of "special edition" wheels and reselling them, they need to supply a unique VIN for each).
The difference is that these are usually an extremely basic (and ultimately pointless) authentication test, not a way to download PII.
In my case I was able to get activation codes for product I hadn't purchased, but yeah, once personal information is involved, its a whole different game.
There was a lawsuit in Norway a while back were the question essentially was: are you breaking the law if you change the URL? (no, it wasn't). More specifically, a guy logged into Norways DMV and looked up information about his own car and by changing the license plate in the URL he got information about other cars, including their owner. I guess the triggering factor was that he scraped this information into a big database.
In Norway you can freely look up car information based on license plate, but it cost extra (?) to get the name of the owner. So the information wasn't secret in any way.
But that brings us back to the question: where does the line go when scraping the web for information?
Is owning John Deere tractors somehow controversial, since they're talking about how owners were "doxed"? Is there a special place on the web where we can laugh at the hall of shame of John Deere tractor owners? Jokes aside, John Deere are pretty good tractors tho. Very common among farmers here in Norway. ^^
I think the author was using "doxxed" to mean "discovered the ability to expose personal identifying information of", rather than "exposed personal identifying information with the intent to shame by publicizing said PIN". I agree that's not a very accurate usage.
They're only slightly controversial here in the Midwestern US. Somewhat like Harley Davidson motorcycles, their users are highly brand loyal due more to historical factors than a modern quality or value comparison. Their owners can be derided for overpaying for underperforming tractors that can only be repaired by a dealer for exorbitant fees, the smart money is buying Kubota or Agco now. Though like a Honda rider in a biker bar, you want to be careful where you say that.
I sometimes think john deere and harley and to a lesser extent ford/chevy are basically americana cults with merchandizing and machinery sales attached
Another question: are Norwegians overrepresented here on HN? I've been wondering this for a while but I'm unsure if it is that or of I just happen to notice everyone who in any way signal that they are Norwegians.
Well Norwegians are probably over represented than their share of the world population would suggest:
1. Northern Europeans tend to speak excellent English. Flawless English is the norm, anyway much better than people from my native countries.
2. Northern Europeans tend to have excellent technical skills compared to the world average.
While both points help y’alls participation in HN, I think point 1 is the most important of the two. I rarely encounter comments from native Japanese or Koreans, even though their populations are much larger than Norway’s. Typically the commenters have since moved to the US. I do, however, encounter non-IT ppl on HN that are very curious (and typically have interesting backstories). I especially enjoy the occasional comments from diesel mechanics.
But you also have a strong observational bias. While the probability of seeing a Ferrari isnt too low the P of seeing two Ferrari’s next to each other is very low... unless you happen to be driving one of the two Ferraris. Add to that that a car lover (ie Norwegian) is much more likely to notice the Ferrari (other Norwegians).
Well Skinkestek is pretty hard to miss for other Norwegians. It means “Ham steak” in my language. :D Which reminds me... I have some in the fridge. Gonna roast it this weekend. Yum!
John Deere tractor owners have to be especially good at fixing stuff if they want to fix their own machinery, because like Phone manufacturers, John Deer try to block their customers from fixing their own machines.
I just saw it and truly appreciate it as a former farm kid who also got to "enjoy" 8 months working at John Deere here in Iowa, it gave me a hearty chuckle.
The problem with a lot of these old school companies is that any development work would always be treated as 2nd tier. Very very few,if any, CEOs will go to their boards and admit that they've been behind with their tech for years and it'd take a lot of stones to move to change the way things are done.
We all know them: crappy pay, work conditions similar to the comedy shows about office work,etc.
Idk about you, but self-driving tractors seem a bit better than 2nd tier developers. Some teams might be lower-end, which almost always happens at large companies. Many of them also integrate with the tools they're attached to. It's definitely not just line of business apps.
Hmm... from personal experience I know that John Deere has multiple development centers around the world that definately do development on the edge of what is possible, and pushing that frontier...
Disclaimer: Not in any associated/involved with John Deere.
>edge of what is possible, and pushing that frontier...
While I understand JD has been ahead of other tractor manufacturers (electric, autonomous), the industry hasn't been anywhere close to on pace with the research investments made in these areas where the consumer auto industry has actually been pushing the frontier in research investment in these spaces for some time now - seems more like riding the wave than contributing to "frontier pushing" from their comparative R&D investment in these areas.
That's not even to mention that it's not out of the imagination or even common experience to have a sitcom-tier office workplace where "interesting (to management)" teams are over-resourced while teams in charge of features that are less "interesting" but similarly important to user experience are under-resourced, seemingly in this case infosec. It's a common pattern of a company that may have lost sight of the customer, and in this case they exposed customer data.
Disclaimer: not related to JD, competitors, or research mentioned in this post, but have experience with JD tractors and them being years behind on engineering but years ahead on right-to-repair advocacy.
Consumer auto has different problems it needs to solve. A vision based system would be a waste of an investment when you have a field with basically no obstacles, and certainly no people and cars and traffic signs. It's closer to an aircraft autopilot in that respect.
For those in the big tech scene...it's not so weird to have technology in farm equipment. In fact, I just listened to a podcast about a software developer who had spent time working for the welding division of caterpillar where they worked on some R&D problems over the last 40 years that are still not solved.
Yeah, a lot of farmers are willing to try new things. The local farmers (ND outlaws corporate farming) bought a pretty expensive drone that has got to be about 5' ft across. Heck, combines are not exactly low tech these days.
So many of these old school industrial companies that are getting into IOT will have these issues. Who is building the Stripe for old school industrials going into IOT? I’m sure someone is building that Comoros.
About the term "dox", is it harder to find out personal information in, say, the US than in other countries? Here in Sweden you are able to just call the authorities to get personal information like social security number. The usage of the term confuses me a bit.
Serious question if you aren't a security pro what do you have to do to make sure your software is secure? Just follow best practices and contract a pen tester?
This is arguably dangerous because I imagine tractor ownership is a strong prior for prediction of political affiliation. Just one of the many exploitable dangers of mass privacy invasion.
At the time I was working on it they had some extremely arcane authentication process that required round-trip emails, various link clicking and code entering, and all kinds of craziness. Toward the end of my tenure our point of contact finally told us they were moving to OAuth but they had nearly zero documentation on it.
For anyone who isn't knowledgable in the farming space, I'd highly recommend a browse through John Deere's API documentation [0]. Before the agtech gig I hadn't really given it a second though, but modern farms are very high tech operations. Really cool stuff happening in agtech.
[0] https://developer-portal.deere.com/#/myjohndeere/api-invento...