This is a good point wrapped in a fairly bad article. It conflates source code with machine code, calls the rules "totalitarian," refers to the opposition as "drones," and implies that VW only kept their software secret to hide their scam, despite the fact that every automaker keeps their software secret.
The cause is pretty easy to defend and I agree they need to make their arguments more explicit. Also, many of those articles mention "If..., we could have done ...", but few demonstrate that there is enough budget and attention to spare for non-corporate inspection of car software. For example it would be very pragmatic to ask "Copyright office, is it now ok to inspect Audi's software even against DMCA rules?"
I was told in a French garage that only Renault had an ecological malus whereas the 4 competitors for this car claim to be complying. Should we start inspecting those?
>> despite the fact that every automaker keeps their software secret.
And that refutes the point they are hiding their scam how? Just because the other automakers were not caught (yet) does not mean they are not all doing dishonest shit with their code
OK, it doesn't refute that point if they're all cheating.
In that case, what refutes the point is simply that businesses usually keep their code secret by default, and require some motivation to open them. They may take advantage of closed source to do bad things, but those bad things are not the reason for closed source.
Not sure how much traction this will get but it is a good start. In particular the 'bad building materials' meme, if it can be pushed, is easy to explain to regulators. My brother-in-law tells me that, all civil and structural engineers have to publish their models and analysis that proved to them a material was "good enough" for the intended structure, we need to convince the EPA and others that the source code for these integral pieces of our infrastructure needs just as much transparency.
Or, at a minimum, the ability to poke it with a stick to sufficiently understand how it works under a wide variety of conditions, to a degree that it probably constitutes reverse engineering. Right now that's not legal.
The worst part of this, IMHO, is that the EPA's motives are just stupid here.
First, they can already regulate and stop projects that actually distribute ECU changes that are harmful. They do not need the DMCA when they can fine people heavily. If they fine a few people 100k, it's enough of a deterrent.
Even if everyone just runs these projects out of europe, you make examples of a few users in the US, and then the number of people who do it in practice is so low as to be pointless.
Second, The likelihood that anyone has the time and energy to go and build ECU software and flash it into their car is low.
I may bop around and read the source code and notice cheating, mind you, but the barrier to entry on actually building anything and getting it into my car is high (and I have a car where i have near-complete control of flashing components)
> Second, The likihood that anyone has the time and energy to go and build ECU software and flash it into their car is low.
I don't think this is true. There are plenty of enthusiasts who already do exactly this kind of thing. A friend of mine had an aftermarket ECU installed in his Mustang a few years ago. There's also the (idiotic) phenomenon of rolling coal[0], which also requires at minimum altering some engine tuning parameters in real time. Hackers abound in all walks of life, and this includes auto enthusiasts.
My point was simply never to underestimate the ingenuity of clever people working on something cool. If something cool is possible, then no matter how impractical there's probably someone out there interested and dedicated enough to make it work.
It's a numbers game. There are always going to be some people who do this, but how many? If 10% of people are hacking their car to violate emissions, that's a problem. If it's one in ten thousand, that's pretty much ignorable. The ultimate goal with emissions control is merely to keep the total down. If a few cars are blowing past the limits it doesn't really affect that.
There is little or no proprietary magic in ECU code. Publishing buildable, verifiable code should be a regulatory requirement for ECUs, and probably many other devices.
And you know that how? Magic sense?
The code is full of implemented proprietary strategies. Many technical patents find their implementation in there. Who's mad to give up the source code for models researched after investing millions in equipment and engineering, on a such competitive market?
ECUs are a function that maps sensor inputs to timing and other actuator outputs. A handful of suppliers make them and provide the framework and tool chain. Mere mi!!ions will buy you the dev seats and support from the supplier. There is no scope for making magic with what's left over.
Next you'll tell me it would be theft to require voting machine makers publish their code.
How do you know for sure the code you review really runs on the voting machine on the poll date? How do you really know? You don't. You trust some regulators who inspect the machine. Then let the regulators check the cars too. I imagine tons of false alarms coming from the public (run out of fuel? open Safari, submit bug report "car not runs").
> How do you know for sure the code you review really runs on the voting machine on the poll date?
This is exactly what requiring open code would address: Anyone can audit it. Anyone can build it. Signing the build, you know what build was installed. Independent observers can verify this, just as they can verify a count of paper ballots.
Many SW projects don't get the same hate for doing the exact same things.
Still, I would like to know in what way do you want the source exposed? Just the code files? How is anybody going to judge what's a bug? The usual process is requirement->design->code->workproduct. To be able to start to understand the code, you need to have access to at least the requirements, but usually also the design. Should car makers and the suppliers publish these to? Maybe stream on Twitch.tv the engineering work?
And when should it all happen? After the car is released or during the development process? Should we upload today's checkpoint for the next year's Ranger model for EU? I mean, how long should we wait for bug reports before making the cars? Keep in mind OTA updates are out of question at this moment for large care makers and post-SoP (start of production) releases are really expensive.
I don't want to sound like an a-hole, but I truly want to understand what people think they will achieve with access to the source code. I am quite sure the VW hack could have gone unnoticed till the end of time.
The car market needs a reshape for sure, like an article in The Economist suggested, but let's not get carried away with this wave of revolt and call the hangman on the car makers.
Can't wait to see a forum similar to XDA-developer where custom ROM's for every car will be made available and all the footnotes saying "use at your own risk" and the first 1000 people which, instead of bricking their shit android phones, will end up in the emergency room (if lucky)... Actually, I don't wanna be that cynical, I hope no sane people will use custom ROMs they don't fully trust the source at least on the engine ECU.
Open sourcing car SW (especially safety relevant) is a can full of worms. Side effects are being ignored by all these militants. If they wanna be inventive, go ahead and design their own SW from ground up (some projects exist), they will find a way to bypass tuning protection on their cars and they'll be able to run their own brain fart on their own cars, but leave the car makers out. Car makers just don't want them to do it and no body of law will ever be capable of forcing them. At most, car makers will open SW for inspecting commissions, but really low chance to do it for the public.
And to me, this is really a hangman situation. An opportunity some people/organizations have waited for some time and are really kicking VW with all force possible, especially from the US direction. But VW fucked up and they can't respond in any way. I wonder how big the fine will be compared to other incidents that actually killed people, or real mass pollution cases (petrol in the sea, etc.).
If the EPA really want to stop users from flashing new firmware onto the ECU, why not require that code is open source, but must be signed by the manufacturer.
The article tries to shoehorn its issue onto what is clearly corporate greed and an absolutely stunning lack of judgement. Would this cheat have been found through the code? Who knows maybe, but the fact that VW went ahead knowing their numbers were fake is unforgivable and almost unbelievable. It would eventually come out.
