I see nothing whatsoever incompatible with hardware refusing to run anything other than a small list of signed binaries, and publishing the source code and makefiles (etc) to create said binaries.
Hackers turning their / your car into a socially offensive mechanism should be treated similarly to putting firing pins back in decommissioned handguns.
> hardware refusing to run anything other than a small list of signed binaries
Other than that the owner should have complete control over the thing they own. I'd rather suffer the occasional hick "rolling coal" than be restricted in what I can read and write.
> turning ... your car into a socially offensive mechanism should be [illegal]
Sure, but police the violation - not the mere ability to violate.
Police the violation - I agree. Should have been clearer perhaps.
i think we need to discuss why you should be able to write to your car. Or rather, there will become a OSL layer style to the car. Drive train, brakes, steering. These are things I question why you should be able to do more than verify the binary. If you want to, turn up the fuel mix or something (showing my clear understanding of cars), well, apply for a UEFI key and sign your own binary. If the GPS on the car shows you on a public highway with a unlicensed binary drive train, frankly they can pull out the tyre bursting chains.
I don't think there should be some untouchable chip at the bottom of the stack able to stop the car if the "right" people send the code. Too dangerous. But I also don't want half coded ideas driving next to me at 100kph.
Does this mean there won't be a Debian binary for Ford, undoing all the crap they throw in. No it should exist, but should also get on the highway approval eventually.
Yes, you should be free to modify your car, to the bare metal. No you should not be free to drive your modified car on the road next to the rest of us.
All our cars pass yearly tests assuring us they meet minimum engineering standards - why not the software in the car.
And no, not so stringent on the rest of the OSL layers - you can swap binaries on the CD player
> Yes, you should be free to modify your car, to the bare metal. No you should not be free to drive your modified car on the road next to the rest of us.
This type of cryptofascism is quite odd to me. You are not tolerant of modifications, so why bother pretending to be? Invoking some ambiguous authoritative "us" is ridiculous in light of actual reality.
People are driving all sorts of modified cars, on the road, right now. People modifying things necessarily know about them in depth and are likely to do better maintenance and care than someone who expects a car to "just work" if they bring it to the stealership on the service schedule (and otherwise have no idea what a weird sound means or even how to react in the event their Toyota "suddenly accelerates").
> All our cars pass yearly tests assuring us they meet minimum engineering standards
Lol. Vehicle inspections (I'm familiar with MA) cover the bare minimum of safety/signaling, plus emissions. You can technically be rejected for some types of aftermarket parts that don't meet FMVSS from when the car was manufactured, but only some shops check a couple specific things (say, headlight dispersion).
If your comment had any basis in reality, we wouldn't nearly have as many idiots driving around with "HID retrofits" that blind oncoming drivers. Do you realize that in the US, most auto parts actually aren't tested or certified by the government, but merely "self certified" by the manufacturer as conforming?
Sorry if I'm bursting your bubble here.
> These are things I question why you should be able to do more than verify the binary
You can currently take apart apart and modify any of these mechanical systems, yet people have a strong incentive to make sure they work before driving anywhere. Where exactly is this a priori worry and FUD coming from just because those systems are becoming software? Open software aligns incentives properly - it enables inspection, maintenance, repair, and design fixes long after the manufacturer has lost interest - just like standardized wrenches and threads. Our computerized devices should not be black boxes that we can only worship or discard.
I am perfectly happy to have my arguments picked apart, and my expression of the arguments is frequently in need of improvement. Sometimes I even learn from my interlocutors.
But cryptofascist?! Honestly ?
I mean this is HN. You are supposed to play the ball, not the man, and certainly not call the ball a cryptofascist ball.
Do you do this to people in real life? Have you actually used the word "cryptofasist" to a living breathing police officer? Did it come with the word "Man!" as well.
Really, stop it.
I should probably comment on the rest of your points, but it's hard to get over the first point. :-)
Edit: so, actually trying to respond.
It seems you say that open source software will align incentives, in a similar manner to (openish) standards of wrenches and parts.
I am a big supporter (can't spell proponent) of OSS in place of black box solutions - it opens up an enormous range of positive solutions. However OSS does not produce or guarantee standards. And standards are the issue I see here.
The ability to freely inspect is vital to produce a market of reliable products. It however is not sufficient - open inspection, agreed tests and measurements, and enforcement, are just parts of that.
Fake spare motor parts (OK, spare parts not meeting standards and with no accountability) should be prevented from entering the market - they increase the risk of failure, and even if it is possible to inspect the goods to determine their suitability, why should we impose that cost on every market participant? We have standards and enforcement to avoid such a problem - it could be seen as nanny state keeping people safe, or it could be seen as encouraging markets.
The method of ensuring markets are not polluted to the point of market failure will vary - most people relying on licensing and enforcement. It usually works.
I am arguing that someone who wants to inspect and play and learn about their car software should be allowed to just as they should be allowed to strip and clean an engine.
But even the cursory annual inspections (MA I assume is similar to UK's MOT) are supposed to catch below standard modifications. Even when I was younger, engines were too complex to be learnt, Father to Son, without a Hayes manual.
These days I am sure it is possible for a motivated, intelligent person to become sufficiently skilled that they could modify a modern engine, but I doubt they could do that and learn how to spot fake medication, determine if an aircraft jet engine was properly serviced and if their office block is using the correct steel joists.
The world is way to complex for us to trust God and test the rest. We have to trust that there are sufficient standards and enforcements in place that we can rely on goods and services - otherwise we see market failure.
And finally in my rambling, I do not see it sufficent that if someone has modified their car, their own self preservation instinct will prevent them driving it if it could kill us both. That's never going to fly.
We need standards, inspection, accountability to ensure we defeat market failure.
We want to move beyond markets that deal in goods or services that cannot be trivially inspected by each participant.
Ps
The code of Haranumbai (?) is an interesting example of regulatory failure and where standards are needed. There is a part
In the context of discussing modifications and purporting to be open to the idea of end-user modification ("police the violation"), you wrote:
> If the GPS on the car shows you on a public highway with a unlicensed binary drive train, frankly they can pull out the tyre bursting chains
To me, it's a bait and switch to lead off as if you're open to end-user modifications, only to draw a line ruling out doing so on a public road - the normal and only use of 99% of consumer vehicles. And I don't think my characterization of your solution as "fascist" is overzealous either - it's based on fundamental reasoning that if someone breaks the rules they deserve immediate and severe punishment.
Also FWIW, I don't think I've ever encountered any police officer who was a cryptofascist. Perhaps the ones in unmarked cars.
Now, looking at your profile I see that you are in the UK (although I should have perceived based on spelling and kph). And I know regulation works much differently in the EU, with deny-by-default whitelisting instead of only reacting to problems. Perhaps in that environment, an individual working on their car really is different from an "official" mechanic. Or maybe the more cohesive regulatory environment just has you believing that it's more foolproof than it actually is.
In the US, an individual and a mechanic are the same thing, both philosophically and practically. And while the US's ad-hoc regulatory environment causes its own problems, I wouldn't say that an epidemic of mechanically unsafe cars is one of them.
So the only difference I see between modifying software and modifying hardware is that software has developed an insidious culture of "seems to work; good enough", even while being much more complex. But I think the answer to that is to push for openness and proper engineering, rather than entrenching manufacturers' sloppy processes of cobbling together reams of C and then keeping cameras out of the sausage factory.
edit: I'll respond to the points in your substantial edit tomorrow, since it requires internalizing the two very different philosophies of top-down guarantees vs bottom-up flexibility. But I will say that in the US, the self-preservation instinct has indeed been enough for people to mostly self regulate (and when it fails, insurance). Perhaps not as much as the UK (no idea about the relative stats), but it is sustainable.
I am going to have to digest a lot of this (I cannot see you have landed any significant mind-changers) but it is more and more clear that public policy is going to be informed and sometimes driven by a software literate culture - and the "works on my machine" approach you allude to is correctly more terrifying than "started up ok in my garage" approach to mechanical issues.
But I honestly think that what I understand of the libertarian / anarchy / whatever approach places waaaay to much emphasis on individual ability to determine the reliability / safety of goods available.
I agree with your characterization of not being able to inspect+understand every good, from things being too complex and reliant on the invisible (grade of metal etc). A lot of that kind of testing is destructive testing, which obviously an individual looking to buy one item is not going to do.
But all of this speaks to the needs for standards and guarantees in the commercial marketplace, yet you're applying them to private after-market modification.
We can't prevent someone from ordering paper brake pads and internally-stressed-steel bolts direct from China, putting them on their own car, and then selling it. Or jury rigging repairs in any manner of ways. Which is why there is such a market for "immutable" new manufacturer-authentic cars.
Presently there's no way to know if one's ECU's software was modified by the previous owner, and even if it has some modifications that are necessary because other hardware has been changed - such that replacing the ECU with a "stock" one would actually make other things stop working.
Free software actually solves this aftermarket-modification problem with regards to software, since a buyer would be able to re-flash the car to stock (and even require the seller do so before money/title changed hands).
And this fundamental problem of aftermarket inspection is also why state vehicle inspections don't certify the "entire car", but the bare modicum of external behavior (gross safety, signaling, and emissions). These are the "standards" we're talking about with respect to individual modification, and currently one can modify most anything they like as long as it meets that external behavior. Preventing any aftermarket modification whatsoever is a much stricter regime, one that I don't see the necessity to change to.
> But I honestly think that what I understand of the libertarian / anarchy / whatever approach places waaaay to much emphasis on individual ability to determine the reliability / safety
Anybody driving a car, at any time, can choose to steer into others, drive drunk/high, speed, drive on the wrong side of the road, park on the highway, use dodgy aftermarket parts, ignore mechanical upkeep, tow unsafely, be distracted, or fall asleep.
And despite all of this, people's own sense of self-preservation and personal responsibility does actually work to keep traffic mostly flowing!
One factor you've ignored is that to drive a car, you are required to carry insurance. Even if you modify your car, the insurance is still there to provide at least some relief to any loss of life and property you may cause.
Tomte is right. Your comments have broken the HN guidelines by calling names (indeed, the ultimate name) instead of sticking to substance. The harm in this is not just the incivility of calling names but also how it dramatically increases the noise in subsequent comments.
You wrote "this type of cryptofascism" in your first sentence, and "you are not tolerant" in your second. A straightforward read of your comment was that you were saying the commenter was a cryptofascist.
I think just avoid inflammatory rhetoric altogether. If your argument is strong, it doesn't get stronger by invoking "fascism". It just makes you sound like Britta Perry.
Yes I tend to avoid "fascist", even when it is technically appropriate, because people tune out.
I assume this TV caricature you referenced is seen as annoying and is generally ignored, rather than someone who is getting in physical fights all the time for offending people? To me that sounds hyper-benign, not inflammatory.
We are way touchier about anything that might be a personal attack on HN these days. I think it's a good change. I'm sure I'll run afoul of the new norms regularly, but I also think it will make me a better writer.
On HN the distinction between "that's idiotic" and "you're an idiot" doesn't matter a whole lot (though you're right that the latter is worse) because both vibrate at the frequency that drives HN threads mad.
This isn't about swearing, it's about discussion quality. Inflammatory epithets are noise, distract from the substance of what you're saying, and lower the expected value of the thread by increasing the odds of an nasty, low-substance subthread. Conversely, if you edit that out and stick to substance, your argument will come through more clearly and you will increase the odds of high-signal replies.
Your account doesn't have a history of being uncivil, so we've unkilled the flagkilled comments upthread.
I guess I did not realize that "cryptofascist" is unequivocally an "inflammatory epithet". I really do think the word captures the all-too-common construction of purporting freedom, while defining it in such a limited way as to make it useless. I would love to know of a synonym, so that we are not blind to a concept merely because the word that describes it is inflammatory.
You and tptacek are right in that my entire comment would have been better if it were much less personal. I ended up down that road because the comment I was replying to seemed to be hand waving away my point with a perspective that glossed over key points. I still can't necessarily see how I could have responded better in-the-large (local edits could obviously make it seem less personal), but I will take a step back next time.
Thanks—we appreciate that. These things are often not obvious up close, and we're all learning to develop the HN culture in the desired (high signal-noise) direction together.
Since minimum emissions, maximum fuel economy, and maximum performance are somewhat contrary to each other, I wonder what most of the population would choose if they were explicitly asked to decide on the tuning whenever they bought a car. The extremes would be minimum emissions with horrible fuel economy and dismal performance, maximum fuel economy with higher emissions and also not the best performance (around where VW seems to be aiming), and maximum performance with horrible "rolling coal" emissions and low fuel economy. I doubt most people would choose these extremes, but it'd be interesting to see where the majority would want their cars tuned. I'd probably choose the optimum somewhere between fuel economy and performance, meaning emissions somewhere in the middle.
Optimal self interest is maximum fuel efficiency when cruising or lightly accelerating, and maximum power when flooring it. If everything is computer controlled, then it doesn't seem like there is a tradeoff here.
Besides altruism or avoiding repercussions, why would anybody choose to tune for emissions? It's a collective action problem. Maybe when slowing down / stopped, so a tailwind didn't leave you breathing your horrible exhaust.
Thinking a little further, inspections won't be able to prevent this modification if flashing is really easy - just revert before and restore the modifications afterwards.
My general stance is "fuck trusted hardware", because any contemporary implementation is likely to involve a foreign asymmetric key that makes it so someone else owns "your" hardware. But I do see a Free approach to it that involves time locks / hashing proof of work, and possibly logs changes. This way would provide some appropriate physical security and auditing, while not restricting any party in long-term possession of the device.
Besides altruism or avoiding repercussions, why would anybody choose to tune for emissions?
At least for petrol engines, ultra-high emissions usually means low fuel economy and performance, as optimum combustion means negligible CO and NOx (and unburned hydrocarbons). In other words, turning for those will decrease emissions to a low point, although maybe not to the point where the environmentalists are satisfied. The three points are quite close together.
With diesels the situation is somewhat different, since there's no throttle plate and the only thing that can be adjusted is the amount of fuel injected, and increasing that both increases power and emissions while decreasing fuel economy.
Emissions can benefit when you tune for something else, but I wouldn't call that tuning for emissions.
My point is that if you don't care about emissions, then there is nothing to trade off. A computer controlled system can be tuned entirely for mileage at low power output and also tuned entirely for power at the high end.
As someone who has built homemade firearms, I'm amused by your example.
It seems like municipalities with emissions testing requirements could easily catch these "socially offensive hackers" if they use the older hook-it-up-to-the-tailpipe testing technology. Then we wouldn't have to get permission from our betters to alter our own property.
To be fair I don't understand either why the onboard computer was involved instead of just monitoring the tailpipe. But one could imagine a range of means to guess one is being tested ...
As for the firearm, let's imagine decommissioned firearms are all painted pink, because that tells other people the gun is completely safe. If you replace the pin in a pink gun (or paint your real gun pink) you are sending out fake and potentially lethal social signals. Regulation is not part of it. Convention is.
We have enforced minimum standards and behaviour on drivers and cars, because the social signals tell us something useful. And still morons drive too fast in souped up cars.
Edit: the analogy is not meant to imply you are the moron. It's a bit early in the morning
Let's keep, or at least not further erode, respect for guns. There are few things civilians will ever touch that deserve more respect than guns, and I suggest we don't cloud that message.
Hey downvoters, why don't you take that attitude to the army and see how they react? Professional gun-handlers tend to have a lot more respect for guns than you have. That ought to make you pause for thought.
Automobiles do not require less care than guns. A lot more people accidentally kill and/or injure themselves and others with the former than the latter. Between cars and guns, I would say that cars are more due for a bump in respect. At least guns aren't so widely used so recklessly.
Not sure if I'm reading this right but per the NCHS (via the CDC)[1][2][3], in 2013, for people aged 15-24, ~6500 died relating to motor vehicle injuries whereas ~6000 died relating to firearms (although ~2000 of those were suicides -- not sure how that factors in, but it's probably important). Anyways, it seems like an awful lot of people kill themselves with guns, so perhaps we should just consider it a binary: if something is lethal, treat it with all the care you can muster.
Wow. In the UK we see (from memory) around 4500 road deaths pa, and 4-40 gun deaths. It's not even close - you msg remember that America is the outlier for guns in almost all ways
Considering how often, and by how many, cars are used in comparison to guns, anything else would bee outrageous. According to your line of thinking, we should all drive drunk, since most people involved in car accidents are sober.
I don't know how you get 'we should all drive drunk' from a call for giving more respect to the danger of driving cars. The line of thinking you are following is not mine.
Hackers turning their / your car into a socially offensive mechanism should be treated similarly to putting firing pins back in decommissioned handguns.