
The Internet of Criminal Things - rvense
http://lwn.net/Articles/658198/
======
noonespecial
I'm not so sure that governments are too concerned with the 11 million
cheating cars so long as they have a nice easy target to blame, fine, and play
politics with. I have a feeling they'd much rather have one company and 11
million violations than 10,000 backyard mechanics helping themselves to 15
extra horsepower after reading an article on Hackaday.

Politically, DRM is still a feature not a bug.

~~~
lifeisstillgood
I see nothing whatsoever incompatible with hardware refusing to run anything
other than a small list of signed binaries, and publishing the source code and
makefiles (etc) to create said binaries.

Hackers turning their / your car into a socially offensive mechanism should be
treated similarly to putting firing pins back in decommissioned handguns.

~~~
mindslight
> _hardware refusing to run anything other than a small list of signed
> binaries_

Other than that the owner should have complete control over the thing they
own. I'd rather suffer the occasional hick "rolling coal" than be restricted
in what I can read and write.

> _turning ... your car into a socially offensive mechanism should be
> [illegal]_

Sure, but police the violation - not the mere ability to violate.

~~~
lifeisstillgood
Police the violation - I agree. Should have been clearer perhaps.

i think we need to discuss why you should be able to write to your car. Or
rather, there will become a OSL layer style to the car. Drive train, brakes,
steering. These are things I question why you should be able to do more than
verify the binary. If you want to, turn up the fuel mix or something (showing
my clear understanding of cars), well, apply for a UEFI key and sign your own
binary. If the GPS on the car shows you on a public highway with a unlicensed
binary drive train, frankly they can pull out the tyre bursting chains.

I don't think there should be some untouchable chip at the bottom of the stack
able to stop the car if the "right" people send the code. Too dangerous. But I
also don't want half coded ideas driving next to me at 100kph.

Does this mean there won't be a Debian binary for Ford, undoing all the crap
they throw in. No it should exist, but should also get on the highway approval
eventually.

Yes, you should be free to modify your car, to the bare metal. No you should
not be free to drive your modified car on the road next to the rest of us.

All our cars pass yearly tests assuring us they meet minimum engineering
standards - why not the software in the car.

And no, not so stringent on the rest of the OSL layers - you can swap binaries
on the CD player

~~~
mindslight
> _Yes, you should be free to modify your car, to the bare metal. No you
> should not be free to drive your modified car on the road next to the rest
> of us._

This type of cryptofascism is quite odd to me. You are not tolerant of
modifications, so why bother pretending to be? Invoking some ambiguous
authoritative "us" is ridiculous in light of actual reality.

People are driving all sorts of modified cars, on the road, _right now_.
People modifying things necessarily know about them in depth and are likely to
do better maintenance and care than someone who expects a car to "just work"
if they bring it to the stealership on the service schedule (and otherwise
have no idea what a weird sound means or even how to react in the event their
Toyota "suddenly accelerates").

> _All our cars pass yearly tests assuring us they meet minimum engineering
> standards_

Lol. Vehicle inspections (I'm familiar with MA) cover the bare minimum of
safety/signaling, plus emissions. You can technically be rejected for some
types of aftermarket parts that don't meet FMVSS from when the car was
manufactured, but only some shops check a couple specific things (say,
headlight dispersion).

If your comment had any basis in reality, we wouldn't nearly have as many
idiots driving around with "HID retrofits" that blind oncoming drivers. Do you
realize that in the US, most auto parts actually aren't tested or certified by
the government, but merely "self certified" by the manufacturer as conforming?

Sorry if I'm bursting your bubble here.

> _These are things I question why you should be able to do more than verify
> the binary_

You can currently take apart apart and modify any of these mechanical systems,
yet people have a strong incentive to make sure they work before driving
anywhere. Where exactly is this _a priori_ worry and FUD coming from just
because those systems are becoming software? Open software aligns incentives
properly - it enables inspection, maintenance, repair, and design fixes long
after the manufacturer has lost interest - just like standardized wrenches and
threads. Our computerized devices should not be black boxes that we can only
worship or discard.

~~~
lifeisstillgood
I am perfectly happy to have my arguments picked apart, and my expression of
the arguments is frequently in need of improvement. Sometimes I even learn
from my interlocutors.

But _cryptofascist_?! Honestly ?

I mean this is HN. You are supposed to play the ball, not the man, and
certainly not call the ball a cryptofascist ball.

Do you do this to people in real life? Have you actually used the word
"cryptofasist" to a living breathing police officer? Did it come with the word
"Man!" as well.

Really, stop it.

I should probably comment on the rest of your points, but it's hard to get
over the first point. :-)

Edit: so, actually trying to respond.

It seems you say that open source software will align incentives, in a similar
manner to (openish) standards of wrenches and parts.

I am a big supporter (can't spell proponent) of OSS in place of black box
solutions - it opens up an enormous range of positive solutions. However OSS
does not produce or guarantee standards. And standards are the issue I see
here.

The ability to freely inspect is vital to produce a market of reliable
products. It however is not sufficient - open inspection, agreed tests and
measurements, and enforcement, are just parts of that.

Fake spare motor parts (OK, spare parts not meeting standards and with no
accountability) should be prevented from entering the market - they increase
the risk of failure, and even if it is possible to inspect the goods to
determine their suitability, why should we impose that cost on every market
participant? We have standards and enforcement to avoid such a problem - it
could be seen as nanny state keeping people safe, or it could be seen as
encouraging markets.

The method of ensuring markets are not polluted to the point of market failure
will vary - most people relying on licensing and enforcement. It usually
works.

I am arguing that someone who wants to inspect and play and learn about their
car software should be allowed to just as they should be allowed to strip and
clean an engine.

But even the cursory annual inspections (MA I assume is similar to UK's MOT)
are supposed to catch below standard modifications. Even when I was younger,
engines were too complex to be learnt, Father to Son, without a Hayes manual.

These days I am sure it is possible for a motivated, intelligent person to
become sufficiently skilled that they could modify a modern engine, but I
doubt they could do that _and_ learn how to spot fake medication, determine if
an aircraft jet engine was properly serviced and if their office block is
using the correct steel joists.

The world is way to complex for us to trust God and test the rest. We have to
trust that there are sufficient standards and enforcements in place that we
can rely on goods and services - otherwise we see market failure.

And finally in my rambling, I do not see it sufficent that if someone has
modified their car, their own self preservation instinct will prevent them
driving it if it could kill us both. That's never going to fly.

We need standards, inspection, accountability to ensure we defeat market
failure.

We want to move beyond markets that deal in goods or services that cannot be
trivially inspected by each participant.

Ps The code of Haranumbai (?) is an interesting example of regulatory failure
and where standards are needed. There is a part

~~~
mindslight
In the context of discussing modifications and purporting to be open to the
idea of end-user modification ("police the violation"), you wrote:

> _If the GPS on the car shows you on a public highway with a unlicensed
> binary drive train, frankly they can pull out the tyre bursting chains_

To me, it's a bait and switch to lead off as if you're open to end-user
modifications, only to draw a line ruling out doing so on a public road - the
normal and _only_ use of 99% of consumer vehicles. And I don't think my
characterization of your solution as "fascist" is overzealous either - it's
based on fundamental reasoning that if someone breaks the rules they deserve
immediate and severe punishment.

Also FWIW, I don't think I've ever encountered any police officer who was a
_crypto_ fascist. Perhaps the ones in unmarked cars.

Now, looking at your profile I see that you are in the UK (although I should
have perceived based on spelling and kph). And I know regulation works much
differently in the EU, with deny-by-default whitelisting instead of only
reacting to problems. Perhaps in that environment, an individual working on
their car really is different from an "official" mechanic. Or maybe the more
cohesive regulatory environment just has you believing that it's more
foolproof than it actually is.

In the US, an individual and a mechanic are the same thing, both
philosophically and practically. And while the US's ad-hoc regulatory
environment causes its own problems, I wouldn't say that an epidemic of
mechanically unsafe cars is one of them.

So the only difference I see between modifying software and modifying hardware
is that software has developed an insidious culture of "seems to work; good
enough", even while being much more complex. But I think the answer to that is
to push for openness and proper engineering, rather than entrenching
manufacturers' sloppy processes of cobbling together reams of C and then
keeping cameras out of the sausage factory.

edit: I'll respond to the points in your substantial edit tomorrow, since it
requires internalizing the two very different philosophies of top-down
guarantees vs bottom-up flexibility. But I will say that in the US, the self-
preservation instinct has indeed been enough for people to mostly self
regulate (and when it fails, insurance). Perhaps not as much as the UK (no
idea about the relative stats), but it is sustainable.

~~~
lifeisstillgood
Good joke about the police.

I am going to have to digest a lot of this (I cannot see you have landed any
significant mind-changers) but it is more and more clear that public policy is
going to be informed and sometimes driven by a software literate culture - and
the "works on my machine" approach you allude to is correctly more terrifying
than "started up ok in my garage" approach to mechanical issues.

But I honestly think that what I understand of the libertarian / anarchy /
whatever approach places waaaay to much emphasis on individual ability to
determine the reliability / safety of goods available.

~~~
mindslight
I agree with your characterization of not being able to inspect+understand
every good, from things being too complex and reliant on the invisible (grade
of metal etc). A lot of that kind of testing is destructive testing, which
obviously an individual looking to buy one item is not going to do.

But all of this speaks to the needs for standards and guarantees in the
_commercial_ marketplace, yet you're applying them to private after-market
modification.

We can't prevent someone from ordering paper brake pads and internally-
stressed-steel bolts direct from China, putting them on their own car, and
then selling it. Or jury rigging repairs in any manner of ways. Which is why
there is such a market for "immutable" new manufacturer-authentic cars.

Presently there's no way to know if one's ECU's software was modified by the
previous owner, and even if it has some modifications that are necessary
because other hardware has been changed - such that replacing the ECU with a
"stock" one would actually make other things stop working.

Free software actually _solves_ this aftermarket-modification problem with
regards to software, since a buyer would be able to re-flash the car to stock
(and even require the seller do so before money/title changed hands).

And this fundamental problem of aftermarket inspection is also why state
vehicle inspections don't certify the "entire car", but the bare modicum of
external behavior (gross safety, signaling, and emissions). _These_ are the
"standards" we're talking about with respect to individual modification, and
currently one can modify most anything they like as long as it meets that
external behavior. Preventing any aftermarket modification whatsoever is a
much stricter regime, one that I don't see the necessity to change to.

> _But I honestly think that what I understand of the libertarian / anarchy /
> whatever approach places waaaay to much emphasis on individual ability to
> determine the reliability / safety_

Anybody driving a car, at any time, can choose to steer into others, drive
drunk/high, speed, drive on the wrong side of the road, park on the highway,
use dodgy aftermarket parts, ignore mechanical upkeep, tow unsafely, be
distracted, or fall asleep.

And despite all of this, people's own sense of self-preservation and personal
responsibility does actually work to keep traffic mostly flowing!

------
frozenport
Okay you make the software open source, then the cheating will take place in
hardware. At the heart of the emission testing problem lies a poorly designed
emissions test. We need better test coverage.

~~~
angelbob
That would at least be more expensive. Moving the cheating to harder and
harder chunks of the entire system is a fine start.

You can't have perfect security. You _can_ have security that makes bad actors
pay more for the privilege of being bad actors.

~~~
Spivak
But this is just a band-aid fix. Personally, I would just put the user in
control. Let the user decide whether they want to run their car in high
mileage low emissions mode or high performance mode. Now automakers can
"cheat" all they want and it makes everyone better off.

~~~
pherq
Better off in every way except for the whole choking in smog because you've
essentially abolished emission regulations.

~~~
Spivak
You're right it some respects, but wrong in others. The person who really
cares about their car's performance is just going to buy a high emission car
and constantly pollute. If you allow drivers to have different driving modes
then those gas guzzlers might be enticed to buy a more environmentally
friendly car and leave it in low emissions mode for their day-to-day driving
and put it in performance mode when they want it.

Hell you could put a green odometer in it and give a tax break proportional to
the percent of miles driven in green mode to encourage it's use.

Trying to force car enthusiasts to give up performance will just drive them to
older cars which don't have crippling software or dangerous hacks to bypass
the restrictions.

------
conradev
I don't understand why people talk about open-source as means of guaranteeing
software integrity.

For most software projects these days, it's impossible to verify that a binary
blob came from a given set of source code.

It's possible to do, though. Bitcoin, tor and a large number of Debian
packages build reproducibly:

[https://wiki.debian.org/ReproducibleBuilds/About](https://wiki.debian.org/ReproducibleBuilds/About)

[https://blog.torproject.org/blog/deterministic-builds-
part-t...](https://blog.torproject.org/blog/deterministic-builds-part-two-
technical-details)

~~~
lifeisstillgood
Open source is the _only_ means to guarantee software integrity. What
surprises me is the fear that not enough eyeballs will look. But for VW, the
scrutinising eyeballs will be employed by GM, Toyota etc. The incentive to
catch your competition in cheating and thus collapse their business is
enormous.

We should encourage more of it. Maybe give the competitors a factory each.

~~~
roymurdock
Or they will collude, as they probably did with the emissions testing. There's
no way GM and Toyota saw VW's numbers and just blindly believed they were
plausible. They were probably scared of calling VW out because it would bring
an industry-wide crackdown, which it is. Now things are going to be more
expensive for all auto manufacturers.

