I'm not so sure that governments are too concerned with the 11 million cheating cars so long as they have a nice easy target to blame, fine, and play politics with. I have a feeling they'd much rather have one company and 11 million violations than 10,000 backyard mechanics helping themselves to 15 extra horsepower after reading an article on Hackaday.
Any entity only perceives things it can measure and control. It will therefore never work to reduce its control, even when doing so would further its mission.
Which is why nobody "perceives" history, or anything outside our solar system, or the laws of physics, or anything else it's not possible for us to have any effect on.
I see nothing whatsoever incompatible with hardware refusing to run anything other than a small list of signed binaries, and publishing the source code and makefiles (etc) to create said binaries.
Hackers turning their / your car into a socially offensive mechanism should be treated similarly to putting firing pins back in decommissioned handguns.
> hardware refusing to run anything other than a small list of signed binaries
Other than that the owner should have complete control over the thing they own. I'd rather suffer the occasional hick "rolling coal" than be restricted in what I can read and write.
> turning ... your car into a socially offensive mechanism should be [illegal]
Sure, but police the violation - not the mere ability to violate.
Police the violation - I agree. Should have been clearer perhaps.
i think we need to discuss why you should be able to write to your car. Or rather, there will become a OSL layer style to the car. Drive train, brakes, steering. These are things I question why you should be able to do more than verify the binary. If you want to, turn up the fuel mix or something (showing my clear understanding of cars), well, apply for a UEFI key and sign your own binary. If the GPS on the car shows you on a public highway with a unlicensed binary drive train, frankly they can pull out the tyre bursting chains.
I don't think there should be some untouchable chip at the bottom of the stack able to stop the car if the "right" people send the code. Too dangerous. But I also don't want half coded ideas driving next to me at 100kph.
Does this mean there won't be a Debian binary for Ford, undoing all the crap they throw in. No it should exist, but should also get on the highway approval eventually.
Yes, you should be free to modify your car, to the bare metal. No you should not be free to drive your modified car on the road next to the rest of us.
All our cars pass yearly tests assuring us they meet minimum engineering standards - why not the software in the car.
And no, not so stringent on the rest of the OSL layers - you can swap binaries on the CD player
> Yes, you should be free to modify your car, to the bare metal. No you should not be free to drive your modified car on the road next to the rest of us.
This type of cryptofascism is quite odd to me. You are not tolerant of modifications, so why bother pretending to be? Invoking some ambiguous authoritative "us" is ridiculous in light of actual reality.
People are driving all sorts of modified cars, on the road, right now. People modifying things necessarily know about them in depth and are likely to do better maintenance and care than someone who expects a car to "just work" if they bring it to the stealership on the service schedule (and otherwise have no idea what a weird sound means or even how to react in the event their Toyota "suddenly accelerates").
> All our cars pass yearly tests assuring us they meet minimum engineering standards
Lol. Vehicle inspections (I'm familiar with MA) cover the bare minimum of safety/signaling, plus emissions. You can technically be rejected for some types of aftermarket parts that don't meet FMVSS from when the car was manufactured, but only some shops check a couple specific things (say, headlight dispersion).
If your comment had any basis in reality, we wouldn't nearly have as many idiots driving around with "HID retrofits" that blind oncoming drivers. Do you realize that in the US, most auto parts actually aren't tested or certified by the government, but merely "self certified" by the manufacturer as conforming?
Sorry if I'm bursting your bubble here.
> These are things I question why you should be able to do more than verify the binary
You can currently take apart apart and modify any of these mechanical systems, yet people have a strong incentive to make sure they work before driving anywhere. Where exactly is this a priori worry and FUD coming from just because those systems are becoming software? Open software aligns incentives properly - it enables inspection, maintenance, repair, and design fixes long after the manufacturer has lost interest - just like standardized wrenches and threads. Our computerized devices should not be black boxes that we can only worship or discard.
I am perfectly happy to have my arguments picked apart, and my expression of the arguments is frequently in need of improvement. Sometimes I even learn from my interlocutors.
But cryptofascist?! Honestly ?
I mean this is HN. You are supposed to play the ball, not the man, and certainly not call the ball a cryptofascist ball.
Do you do this to people in real life? Have you actually used the word "cryptofasist" to a living breathing police officer? Did it come with the word "Man!" as well.
Really, stop it.
I should probably comment on the rest of your points, but it's hard to get over the first point. :-)
Edit: so, actually trying to respond.
It seems you say that open source software will align incentives, in a similar manner to (openish) standards of wrenches and parts.
I am a big supporter (can't spell proponent) of OSS in place of black box solutions - it opens up an enormous range of positive solutions. However OSS does not produce or guarantee standards. And standards are the issue I see here.
The ability to freely inspect is vital to produce a market of reliable products. It however is not sufficient - open inspection, agreed tests and measurements, and enforcement, are just parts of that.
Fake spare motor parts (OK, spare parts not meeting standards and with no accountability) should be prevented from entering the market - they increase the risk of failure, and even if it is possible to inspect the goods to determine their suitability, why should we impose that cost on every market participant? We have standards and enforcement to avoid such a problem - it could be seen as nanny state keeping people safe, or it could be seen as encouraging markets.
The method of ensuring markets are not polluted to the point of market failure will vary - most people relying on licensing and enforcement. It usually works.
I am arguing that someone who wants to inspect and play and learn about their car software should be allowed to just as they should be allowed to strip and clean an engine.
But even the cursory annual inspections (MA I assume is similar to UK's MOT) are supposed to catch below standard modifications. Even when I was younger, engines were too complex to be learnt, Father to Son, without a Hayes manual.
These days I am sure it is possible for a motivated, intelligent person to become sufficiently skilled that they could modify a modern engine, but I doubt they could do that and learn how to spot fake medication, determine if an aircraft jet engine was properly serviced and if their office block is using the correct steel joists.
The world is way to complex for us to trust God and test the rest. We have to trust that there are sufficient standards and enforcements in place that we can rely on goods and services - otherwise we see market failure.
And finally in my rambling, I do not see it sufficent that if someone has modified their car, their own self preservation instinct will prevent them driving it if it could kill us both. That's never going to fly.
We need standards, inspection, accountability to ensure we defeat market failure.
We want to move beyond markets that deal in goods or services that cannot be trivially inspected by each participant.
Ps
The code of Haranumbai (?) is an interesting example of regulatory failure and where standards are needed. There is a part
In the context of discussing modifications and purporting to be open to the idea of end-user modification ("police the violation"), you wrote:
> If the GPS on the car shows you on a public highway with a unlicensed binary drive train, frankly they can pull out the tyre bursting chains
To me, it's a bait and switch to lead off as if you're open to end-user modifications, only to draw a line ruling out doing so on a public road - the normal and only use of 99% of consumer vehicles. And I don't think my characterization of your solution as "fascist" is overzealous either - it's based on fundamental reasoning that if someone breaks the rules they deserve immediate and severe punishment.
Also FWIW, I don't think I've ever encountered any police officer who was a cryptofascist. Perhaps the ones in unmarked cars.
Now, looking at your profile I see that you are in the UK (although I should have perceived based on spelling and kph). And I know regulation works much differently in the EU, with deny-by-default whitelisting instead of only reacting to problems. Perhaps in that environment, an individual working on their car really is different from an "official" mechanic. Or maybe the more cohesive regulatory environment just has you believing that it's more foolproof than it actually is.
In the US, an individual and a mechanic are the same thing, both philosophically and practically. And while the US's ad-hoc regulatory environment causes its own problems, I wouldn't say that an epidemic of mechanically unsafe cars is one of them.
So the only difference I see between modifying software and modifying hardware is that software has developed an insidious culture of "seems to work; good enough", even while being much more complex. But I think the answer to that is to push for openness and proper engineering, rather than entrenching manufacturers' sloppy processes of cobbling together reams of C and then keeping cameras out of the sausage factory.
edit: I'll respond to the points in your substantial edit tomorrow, since it requires internalizing the two very different philosophies of top-down guarantees vs bottom-up flexibility. But I will say that in the US, the self-preservation instinct has indeed been enough for people to mostly self regulate (and when it fails, insurance). Perhaps not as much as the UK (no idea about the relative stats), but it is sustainable.
I am going to have to digest a lot of this (I cannot see you have landed any significant mind-changers) but it is more and more clear that public policy is going to be informed and sometimes driven by a software literate culture - and the "works on my machine" approach you allude to is correctly more terrifying than "started up ok in my garage" approach to mechanical issues.
But I honestly think that what I understand of the libertarian / anarchy / whatever approach places waaaay to much emphasis on individual ability to determine the reliability / safety of goods available.
I agree with your characterization of not being able to inspect+understand every good, from things being too complex and reliant on the invisible (grade of metal etc). A lot of that kind of testing is destructive testing, which obviously an individual looking to buy one item is not going to do.
But all of this speaks to the needs for standards and guarantees in the commercial marketplace, yet you're applying them to private after-market modification.
We can't prevent someone from ordering paper brake pads and internally-stressed-steel bolts direct from China, putting them on their own car, and then selling it. Or jury rigging repairs in any manner of ways. Which is why there is such a market for "immutable" new manufacturer-authentic cars.
Presently there's no way to know if one's ECU's software was modified by the previous owner, and even if it has some modifications that are necessary because other hardware has been changed - such that replacing the ECU with a "stock" one would actually make other things stop working.
Free software actually solves this aftermarket-modification problem with regards to software, since a buyer would be able to re-flash the car to stock (and even require the seller do so before money/title changed hands).
And this fundamental problem of aftermarket inspection is also why state vehicle inspections don't certify the "entire car", but the bare modicum of external behavior (gross safety, signaling, and emissions). These are the "standards" we're talking about with respect to individual modification, and currently one can modify most anything they like as long as it meets that external behavior. Preventing any aftermarket modification whatsoever is a much stricter regime, one that I don't see the necessity to change to.
> But I honestly think that what I understand of the libertarian / anarchy / whatever approach places waaaay to much emphasis on individual ability to determine the reliability / safety
Anybody driving a car, at any time, can choose to steer into others, drive drunk/high, speed, drive on the wrong side of the road, park on the highway, use dodgy aftermarket parts, ignore mechanical upkeep, tow unsafely, be distracted, or fall asleep.
And despite all of this, people's own sense of self-preservation and personal responsibility does actually work to keep traffic mostly flowing!
One factor you've ignored is that to drive a car, you are required to carry insurance. Even if you modify your car, the insurance is still there to provide at least some relief to any loss of life and property you may cause.
Tomte is right. Your comments have broken the HN guidelines by calling names (indeed, the ultimate name) instead of sticking to substance. The harm in this is not just the incivility of calling names but also how it dramatically increases the noise in subsequent comments.
You wrote "this type of cryptofascism" in your first sentence, and "you are not tolerant" in your second. A straightforward read of your comment was that you were saying the commenter was a cryptofascist.
I think just avoid inflammatory rhetoric altogether. If your argument is strong, it doesn't get stronger by invoking "fascism". It just makes you sound like Britta Perry.
Yes I tend to avoid "fascist", even when it is technically appropriate, because people tune out.
I assume this TV caricature you referenced is seen as annoying and is generally ignored, rather than someone who is getting in physical fights all the time for offending people? To me that sounds hyper-benign, not inflammatory.
We are way touchier about anything that might be a personal attack on HN these days. I think it's a good change. I'm sure I'll run afoul of the new norms regularly, but I also think it will make me a better writer.
On HN the distinction between "that's idiotic" and "you're an idiot" doesn't matter a whole lot (though you're right that the latter is worse) because both vibrate at the frequency that drives HN threads mad.
This isn't about swearing, it's about discussion quality. Inflammatory epithets are noise, distract from the substance of what you're saying, and lower the expected value of the thread by increasing the odds of an nasty, low-substance subthread. Conversely, if you edit that out and stick to substance, your argument will come through more clearly and you will increase the odds of high-signal replies.
Your account doesn't have a history of being uncivil, so we've unkilled the flagkilled comments upthread.
I guess I did not realize that "cryptofascist" is unequivocally an "inflammatory epithet". I really do think the word captures the all-too-common construction of purporting freedom, while defining it in such a limited way as to make it useless. I would love to know of a synonym, so that we are not blind to a concept merely because the word that describes it is inflammatory.
You and tptacek are right in that my entire comment would have been better if it were much less personal. I ended up down that road because the comment I was replying to seemed to be hand waving away my point with a perspective that glossed over key points. I still can't necessarily see how I could have responded better in-the-large (local edits could obviously make it seem less personal), but I will take a step back next time.
Thanks—we appreciate that. These things are often not obvious up close, and we're all learning to develop the HN culture in the desired (high signal-noise) direction together.
Since minimum emissions, maximum fuel economy, and maximum performance are somewhat contrary to each other, I wonder what most of the population would choose if they were explicitly asked to decide on the tuning whenever they bought a car. The extremes would be minimum emissions with horrible fuel economy and dismal performance, maximum fuel economy with higher emissions and also not the best performance (around where VW seems to be aiming), and maximum performance with horrible "rolling coal" emissions and low fuel economy. I doubt most people would choose these extremes, but it'd be interesting to see where the majority would want their cars tuned. I'd probably choose the optimum somewhere between fuel economy and performance, meaning emissions somewhere in the middle.
Optimal self interest is maximum fuel efficiency when cruising or lightly accelerating, and maximum power when flooring it. If everything is computer controlled, then it doesn't seem like there is a tradeoff here.
Besides altruism or avoiding repercussions, why would anybody choose to tune for emissions? It's a collective action problem. Maybe when slowing down / stopped, so a tailwind didn't leave you breathing your horrible exhaust.
Thinking a little further, inspections won't be able to prevent this modification if flashing is really easy - just revert before and restore the modifications afterwards.
My general stance is "fuck trusted hardware", because any contemporary implementation is likely to involve a foreign asymmetric key that makes it so someone else owns "your" hardware. But I do see a Free approach to it that involves time locks / hashing proof of work, and possibly logs changes. This way would provide some appropriate physical security and auditing, while not restricting any party in long-term possession of the device.
Besides altruism or avoiding repercussions, why would anybody choose to tune for emissions?
At least for petrol engines, ultra-high emissions usually means low fuel economy and performance, as optimum combustion means negligible CO and NOx (and unburned hydrocarbons). In other words, turning for those will decrease emissions to a low point, although maybe not to the point where the environmentalists are satisfied. The three points are quite close together.
With diesels the situation is somewhat different, since there's no throttle plate and the only thing that can be adjusted is the amount of fuel injected, and increasing that both increases power and emissions while decreasing fuel economy.
Emissions can benefit when you tune for something else, but I wouldn't call that tuning for emissions.
My point is that if you don't care about emissions, then there is nothing to trade off. A computer controlled system can be tuned entirely for mileage at low power output and also tuned entirely for power at the high end.
As someone who has built homemade firearms, I'm amused by your example.
It seems like municipalities with emissions testing requirements could easily catch these "socially offensive hackers" if they use the older hook-it-up-to-the-tailpipe testing technology. Then we wouldn't have to get permission from our betters to alter our own property.
To be fair I don't understand either why the onboard computer was involved instead of just monitoring the tailpipe. But one could imagine a range of means to guess one is being tested ...
As for the firearm, let's imagine decommissioned firearms are all painted pink, because that tells other people the gun is completely safe. If you replace the pin in a pink gun (or paint your real gun pink) you are sending out fake and potentially lethal social signals. Regulation is not part of it. Convention is.
We have enforced minimum standards and behaviour on drivers and cars, because the social signals tell us something useful. And still morons drive too fast in souped up cars.
Edit: the analogy is not meant to imply you are the moron. It's a bit early in the morning
Let's keep, or at least not further erode, respect for guns. There are few things civilians will ever touch that deserve more respect than guns, and I suggest we don't cloud that message.
Hey downvoters, why don't you take that attitude to the army and see how they react? Professional gun-handlers tend to have a lot more respect for guns than you have. That ought to make you pause for thought.
Automobiles do not require less care than guns. A lot more people accidentally kill and/or injure themselves and others with the former than the latter. Between cars and guns, I would say that cars are more due for a bump in respect. At least guns aren't so widely used so recklessly.
Not sure if I'm reading this right but per the NCHS (via the CDC)[1][2][3], in 2013, for people aged 15-24, ~6500 died relating to motor vehicle injuries whereas ~6000 died relating to firearms (although ~2000 of those were suicides -- not sure how that factors in, but it's probably important). Anyways, it seems like an awful lot of people kill themselves with guns, so perhaps we should just consider it a binary: if something is lethal, treat it with all the care you can muster.
Wow. In the UK we see (from memory) around 4500 road deaths pa, and 4-40 gun deaths. It's not even close - you msg remember that America is the outlier for guns in almost all ways
Considering how often, and by how many, cars are used in comparison to guns, anything else would bee outrageous. According to your line of thinking, we should all drive drunk, since most people involved in car accidents are sober.
I don't know how you get 'we should all drive drunk' from a call for giving more respect to the danger of driving cars. The line of thinking you are following is not mine.
Okay you make the software open source, then the cheating will take place in hardware. At the heart of the emission testing problem lies a poorly designed emissions test. We need better test coverage.
This is how the arms race begins. Soon the manufacturers will know how much the equipment weighs, and if the car's total weight is within tolerance for that plus a test driver, the mechanisms activate.
Or whatever - the point isn't the methods, it's the pattern of one-upsmanship.
True, but there shouldn't be an arms race to begin with - one of the parties has men with guns, the other has not. VW should be sued to the ground for fucking with society like that. They should be turned into an example of what happens when you try to pull off highly damaging criminal stunts like that.
Problem is that you don't get the people responsible if you do this. Punishing corporations only work if you do it in real time as the crimes are committed so that it has consequences for the individuals responsible.
Indeed. Also, it may sound brutal but even if all the responsible evaded the hard punishment that came upon the company, the next time someone would think about pulling such a stunt off, he'd be opposed by the rest. You just need to make the consequences hard enough to bubble up the ladder and ruin the day for someone at the top.
But this is just a band-aid fix. Personally, I would just put the user in control. Let the user decide whether they want to run their car in high mileage low emissions mode or high performance mode. Now automakers can "cheat" all they want and it makes everyone better off.
You're right it some respects, but wrong in others. The person who really cares about their car's performance is just going to buy a high emission car and constantly pollute. If you allow drivers to have different driving modes then those gas guzzlers might be enticed to buy a more environmentally friendly car and leave it in low emissions mode for their day-to-day driving and put it in performance mode when they want it.
Hell you could put a green odometer in it and give a tax break proportional to the percent of miles driven in green mode to encourage it's use.
Trying to force car enthusiasts to give up performance will just drive them to older cars which don't have crippling software or dangerous hacks to bypass the restrictions.
Tht sounds like a very bad idea. When buying a car, you already have to make a tradeoff between performance, practicality and environmental impact, but at the very least you have discrete choices and you know the car will be usable. If remapping the ECU at will becomes standard, what is to stop manufacturers from basing MPG figures on a map that does 0-60 in 40 seconds? Where would you draw the line for the definition of misleading consumers? Or what's to stop rednecks from constantly running sky-high NOx and CO2 emissions?
Your implicit argument that it's really not up to consumers to decide whether to bypass emission requirements is fine. That it's "rednecks" who would do this is not.
My sincere apologies if this offended anyone. What would be an appropriate term in this context? Edit: I'm not a native speaker and have heard this term in use in the media to the point where I did not believe it to be a "racial slur" as wikipedia says it is.
So, say I want, for instance, to represent the stereotype person who rolls coal on their diesel pickup and believes global warming is a left-wing conspiracy. Look it up on youtube if you don't know what rolling coal is. (We can get into a whole debate on whether stereotypes are inherently good or bad, but that's not the point. They're a very effective commumication tool, which is why humans are so quick to label and group other humans, but obviously they're only to be used when not offensive.)
Perhaps it's just better not to stereotype here--however effective doing so might be on MSNBC or Fox News or on some politician's stump speech.
And I suspect that a luxury performance car owner would be just as likely to turn off emission controls if it would help performance as a rural pickup truck owner of whatever political persuasion (in both cases).
I think the problem with the emissions test is it tries to be precise. The authorities seem to think that if we lock down all the variables, we get a good guess as to the actual figures. Which wouldn't be a bad way to do things if you were doing a science experiment.
If we're trying to avoid gaming the system, wouldn't it be better to drive around a bunch of cars, using the natural variability of the conditions to defeat the cheaters? Sure, it's not as precise, but you get better accuracy because people can't trick the system.
Have a large number of tests, let the law of large numbers rule (eg let 1000 random people borrow each type of car). Have a think about whether there's some bias between the manufacturers built in and adjust your sampling accordingly. Make the data available to scrutiny.
I agree. Paying people to do comprehensive tests in a few locations will probably cost less than a single brand new car, of which they're making thousands to millions. Even a thousand test drives is not that much; 20 cars borrowed for a month is more than enough to do those.
The essence of tightening emissions and CAFE standards (as currently implemented) is that they are hard to meet and even passing manufacturers are generally "just barely" passing.
For CAFE, makers sell some high mpg models at cost/slight loss to allow them to sell high-margin luxury and sports models.
The need for testing is the problem, and the realisation that car makers - all of them - are working on the test score over everything else, and that the test scores (which should represent emissions and air quality) have been getting "better" to the extent that that they are increasingly diverging from the real world.
I suspect that in a few decades time this will be regarded as a heavy blow to the internal combustion engine - or at least against Diesel. It is an inflection point at which a scandal pushes into public conciousness and mass media the mounting evidence against Diesel engines and the health effects of smog, and the insufficient actual progress fixing it. Meanwhile electric cars are gaining fast.
The politicians are in "something must be done" mode, which is the usual reaction to a problem that has been ignored for a while and now is in the news.
Open source is the only means to guarantee software integrity. What surprises me is the fear that not enough eyeballs will look. But for VW, the scrutinising eyeballs will be employed by GM, Toyota etc. The incentive to catch your competition in cheating and thus collapse their business is enormous.
We should encourage more of it. Maybe give the competitors a factory each.
Or they will collude, as they probably did with the emissions testing. There's no way GM and Toyota saw VW's numbers and just blindly believed they were plausible. They were probably scared of calling VW out because it would bring an industry-wide crackdown, which it is. Now things are going to be more expensive for all auto manufacturers.
To be precise the first half of Freedom One [1] is the requirement (and not a guarantee), not "Open Source" or "Free Software". And the requisites for that requirement are decriminalization of research including sharing results of those, and possibility of said research, i.e. absence of technical measures that prevent access to the software.
This may work with politicians. I fear, persuading them to grant users other freedoms (like a freedom to change program or distribute your changes) is very unlikely to happen.
[1]: "The freedom to study how the program works, and change it so it does your computing as you wish"
Politically, DRM is still a feature not a bug.