The Internet of criminal things
Cars, at this point, can be thought of as a rolling network of computers with some interesting peripheral devices, some of which may involve internal combustion technology. The details of an engine's operation have been under software control for a long time, and replacement ROMs changing a car's performance characteristics have been commonplace for nearly as long. Modern "trusted execution" technology makes the creation of such ROMs more difficult, but that turns out not to be an obstacle if the company wanting to subvert an engine's control software is the manufacturer itself.
Volkswagen's hack must have been easily done: one could, for example, have the engine-control software apply a different set of parameters when a connection to the on-board diagnostic port is detected. No need for the attachment of a separate "defeat device" (as the press seems to like to call it) and no need for an elaborate company-wide conspiracy. A single commit by a single engineer at the behest of a single manager would suffice. In retrospect, the surprising part of this story is not that somebody at Volkswagen gave in to the temptation to engage in a bit of benchmark cheating; the surprise is that far more incidents of this nature have not yet come to light.
The consequences of this cheating are severe. Emissions testing is a key part of a strategy that has significantly improved air quality in American cities over the last several decades. Subverting that testing means more poison in the air, more health problems, and more environmental degradation. It is a criminal act on a massive scale. The consequences for Volkswagen are likely to be severe — but probably not severe enough.
As many others have pointed out, VW was certainly helped by the ease with which antifeatures can be hidden in software shipped to others. When we get into a car, we trust our lives and health to a large body of proprietary control software; the source is unavailable, so we cannot inspect it for bugs, vulnerabilities, or explicit evil. Legal regimes in much of the world make a crime out of reverse-engineering this software, so we cannot try to figure out how it operates even without the source. Digital rights management (DRM) mechanisms built into the hardware make that reverse engineering even harder; this DRM may even be mandated by government agencies fearful of individuals modifying their own engine-control software.
Those in favor of such DRM requirements should bear in mind that, by some counts, VW has shipped over 11 million cars with corrupt engine-control software in it. DRM has, in the end, enabled the crime it was meant to prevent, and on a far wider scale that would have otherwise been possible.
Cars are not the only vehicle (so to speak) for software that can hide user-hostile antifeatures. In the US, the Federal Communications Commission is currently pondering changes that would make it far harder to put free software onto WiFi devices. One need not even consider the damage such rules may do to free-software development, which has been the primary source of innovation and improvement in this area, to see where such rules could lead. We cannot expect corporations, many of which show levels of restraint inferior to that of a typical toddler, to resist the temptation to put spyware or malware into their widely distributed devices sitting in privileged positions on thousands of networks. We cannot really even trust them to adhere to the spectrum rules that are the motivation for the proposed restrictions; VW's lack of respect for emissions rules has made that clear.
Similar problems exist with voting machines, Internet-connected appliances, phone handsets, fitness monitors, set-top boxes, and more. Each of these devices is, at a minimum, in a position to spy on us. Keeping governmental fingers out of these devices is a challenge in its own right, but companies will often find a strong incentive to play games of their own. Companies that are struggling, or even those that fear a downturn in the next quarter's numbers, will often give in to that incentive; when all it takes is an easily hidden patch, why not?
This will not be the first time that somebody points out that it is hard to see a solution that doesn't involve making those patches harder to hide. That, of course, means moving toward something that looks a lot like free software. If VW's engine-control software were open (with reproducible builds so that the software running in a specific car could be verified), it would have been far harder for the company to get away with violating the rules for as long as it did. Source availability is far from a guarantee that the code will be reviewed or that any reviewers will actually find deliberately introduced antifeatures, but it improves the odds considerably. Many a company might find the backbone to resist temptation if it knew that its code would be reviewed by sharp-eyed outsiders. Said companies might just find the wherewithal to clean up the code and fix some of their bugs as well.
A free-software mandate for safety-critical (and privacy-critical) software
seems unlikely to happen anytime soon, alas. Decriminalizing research into
how these systems operate might be a more achievable goal, but there are
challenges there too; the Electronic Frontier Foundation has run
into significant opposition in its efforts to get a ruling that
investigating automotive software is not a violation of the
anti-circumvention provisions of the US Digital Millennium Copyright Act,
for example. Hidden, proprietary software gives a lot of power to those
who control it; they will not give it up willingly. As a result, we can,
unfortunately, expect to continue to be subjected to surveillance and
criminal behavior from the devices that we think we own. We can't say we
weren't warned.
| Index entries for this article | |
|---|---|
| Security | Automotive |
| Security | Embedded systems |
Posted Sep 24, 2015 3:23 UTC (Thu)
by Garak (guest, #99377)
[Link]
I believe the CIA terminology is 'Learned Helplessness'
Posted Sep 24, 2015 6:04 UTC (Thu)
by marcH (subscriber, #57642)
[Link] (7 responses)
I don't think anyone but the most naive users think they "own" any kind of software. Smartphones / portable tracking devices put the last nail in the coffin of that belief.
The education missing is more about the sheer and underestimated *amount* of software/firmware all around us (maybe this is what you meant). Even in supposedly technical circles you'll find people complaining loudly about, say firmware blobs in the kernel - ignoring there are ten times more running in various places on the same board; just much less visible.
And for a technical attempt to solve a political problem we have of course the GPLv3...
Posted Sep 24, 2015 11:09 UTC (Thu)
by robbe (guest, #16131)
[Link] (6 responses)
I guess most users have only the most nebulous concept of what software/firmware actually is. You can't touch it.
Do you think people have the same reservations and/or uncertainties about physical objects that they fully paid for, like cars, printers, or lightbulbs? Even if they contain firmware...
Mobiles are somewhat of a special case, as they are very often leased as part of a phone service contract.
Posted Sep 24, 2015 11:29 UTC (Thu)
by hummassa (subscriber, #307)
[Link] (5 responses)
In the USofA... in most of the rest of the world, it's a user-owned device, not a network-owned device.
Posted Sep 24, 2015 21:06 UTC (Thu)
by dlang (guest, #313)
[Link] (4 responses)
Posted Sep 26, 2015 18:40 UTC (Sat)
by giraffedata (guest, #1954)
[Link] (3 responses)
So I think whatever users expect of things they own, like cars, they probably expected of these phones that were tied to service contracts.
Posted Oct 1, 2015 11:03 UTC (Thu)
by Wol (subscriber, #4433)
[Link] (2 responses)
Not to be confused with (although it often is) lease purchase, where the user typically puts a big slab of the price up front as an initial payment. Ownership of the device then transfers to the user at the end of the contract, but before then the user can return the device and walk away.
Then of course, we have contract leases (like our car) where we pay over three years for a brand new car, then at the end of that time we hand it back and enter a new contract for a new car.
The tax treatment of all these variants is capricious and arbitrary, and it would be nice if you didn't have to play tax games when trying to work out which option is best.
Cheers,
Posted Oct 1, 2015 16:20 UTC (Thu)
by giraffedata (guest, #1954)
[Link] (1 responses)
Incidentally, I was being abstract when I said in the case of early termination the customer has to "refund to the service provider the discount he received ..." It's actually characterized by the parties as an "early termination fee" or "early termination penalty" and the ones I've seen are a fixed amount regardless of how much time is left on the contract and the contract doesn't mention a purpose for it.
US technology service providers have plenty of experience retaining ownership of the terminal device and know the benefits and costs of that, and wireless telephone service providers seem to have deliberately avoided that model.
Posted Oct 1, 2015 19:45 UTC (Thu)
by dlang (guest, #313)
[Link]
Posted Sep 24, 2015 6:23 UTC (Thu)
by marcH (subscriber, #57642)
[Link] (14 responses)
At least this one's easy - if obsessions for technology are set aside. I once helped tally (transparent) ballot boxes at my polling station and I could see for myself how incredibly high is the ratio reliability.security/cost for this system. KISS.
Posted Sep 24, 2015 11:19 UTC (Thu)
by smitty_one_each (subscriber, #28989)
[Link]
Dare (!) to write a letter by hand a mail it.
Posted Sep 24, 2015 13:48 UTC (Thu)
by dskoll (subscriber, #1630)
[Link] (12 responses)
Voting machines are a really terrible solution to something that isn't even a problem. Manual vote-tallying works just fine and scales extremely well; you only need O(log N) tallyers if you use a tree structure.
Posted Sep 24, 2015 20:00 UTC (Thu)
by tzafrir (subscriber, #11501)
[Link] (10 responses)
Posted Sep 24, 2015 20:06 UTC (Thu)
by marcH (subscriber, #57642)
[Link]
Yeah it's very much like "breaking" news: must choose between getting wrong information immediately versus waiting for some time.
Posted Sep 24, 2015 20:13 UTC (Thu)
by marcH (subscriber, #57642)
[Link]
With voting machines you: - either have to do the same thing in a possibly more technical and demanding way; - or you don't even have anything at all you can re-count.
From an counting mistake perspective ballot boxes are an "analog" system, meaning errors are negligible and don't matter except for the rare cases where the vote is very tight.
Posted Sep 24, 2015 20:41 UTC (Thu)
by raven667 (subscriber, #5198)
[Link] (2 responses)
What is the actual requirement for speed here? For example in the US Presidential election, the ballots are cast on November 8 but the results aren't absolutely required until inauguration on January 20 of the next year, a few hours (or days or weeks) in a 73 day window is not significant.
Posted Sep 25, 2015 3:51 UTC (Fri)
by edgewood (subscriber, #1123)
[Link] (1 responses)
But the bigger problem is that the US has a lot more separate elections per ballot than I think other places with parliamentary systems do. See http://v.gd/7cIVRX for the *front* of a recent election in North Carolina. There are 14 elections on the *front* of the ballot. I couldn't find a good image of the back, but I recall that many or more there.
Posted Sep 26, 2015 15:46 UTC (Sat)
by marcH (subscriber, #57642)
[Link]
Maybe an interesting trade-off could be "hardware assisted tallying", where a scanner operates slowly enough that anyone in the room can keep an eye on it.
Posted Sep 25, 2015 2:18 UTC (Fri)
by bfields (subscriber, #19510)
[Link]
(For some reason, I don't think that manual recount necessarily happens in the absence of a challenge. It's easy enough to do.)
You fill out the form by hand with a pencil. I haven't used one, but I seem to recall being told that the polling places also have electronic voting machines, but that all they do is produce paper ballots. That can be helpful for voters that have some disabilities (poor eyesight, or whatever). I suppose in theory you could compromise those but I think that would be easier to detect (and less rewarding) than a similar attack on a purely electronic system.
Posted Sep 25, 2015 12:25 UTC (Fri)
by NAR (subscriber, #1313)
[Link] (2 responses)
So I don't think counting is a bottleneck currently. However, if we'd have more complicated voting system like the Schulze method, then having the votes in a computer could be more useful.
Posted Sep 29, 2015 16:05 UTC (Tue)
by martin.langhoff (subscriber, #61417)
[Link] (1 responses)
In the USA there's been some odd media fabrication of "it can't be done unless we replace the paper vote with horridly unreliable computers". It is clearly not true, but it would take looking at how other countries do things... so... ;-)
Posted Sep 29, 2015 16:42 UTC (Tue)
by marcH (subscriber, #57642)
[Link]
Conversely: http://arstechnica.com/business/2014/08/chip-based-credit...
Posted Sep 27, 2015 18:57 UTC (Sun)
by debacle (subscriber, #7114)
[Link]
Posted Sep 25, 2015 7:44 UTC (Fri)
by jezuch (subscriber, #52988)
[Link]
To be fair, the current crop of voting machines is a terribly naive implementation of the concept, wasting an enormous opportunity for improvement. They basically do nothing more than the human tallyers can do, except faster - and with less auditability. But there are algorithms that [promise to][1] allow the vote to be both secret and auditable, by anyone who can count, not just the tallyers. But to do that you need to implement actual cryptography, not the half-arsed "add 1 to this variable" machines we are offered today.
[1] I'm not a cryptographer so me not being able to spot any flaws in such an algorithm doesn't mean anything, obviously :) Anything that wants to be used in actual elections need to be first exposed to intense scrutiny by the security community. Which is he opposite of the current state of affairs.
Posted Sep 24, 2015 6:29 UTC (Thu)
by erwaelde (subscriber, #34976)
[Link]
E.
Posted Sep 24, 2015 7:44 UTC (Thu)
by pr1268 (guest, #24648)
[Link]
From the NYT article: Oh, the irony!! Mr. Moglen's experience with the passenger elevator (also from the NYT article) reminds me of the car elevator park system being held hostage (along with patrons' cars) Granted, this was a case of cyberextortion, and these two situations are somewhat orthogonal, but the evils of proprietary software are similar.
Posted Sep 24, 2015 9:16 UTC (Thu)
by meskio (guest, #100774)
[Link]
Posted Sep 24, 2015 9:17 UTC (Thu)
by petur (guest, #73362)
[Link] (42 responses)
So demanding that this whole system is opened up *will*backfire and actually be far worse for the environment.
Posted Sep 24, 2015 9:50 UTC (Thu)
by SimonO (guest, #56318)
[Link]
Of course some people are going to abuse their abilities gained with open source software to do harm instead of good. Is that a reason to take the route of proprietary control of software? I don't think so.
Chainsaws are bad when applied to people as well, etc. etc. etc.
/Simon
Posted Sep 24, 2015 11:21 UTC (Thu)
by robbe (guest, #16131)
[Link] (1 responses)
Posted Sep 24, 2015 16:10 UTC (Thu)
by raven667 (subscriber, #5198)
[Link]
We shouldn't have to blindly trust the software on our devices and web services, or trust spokespeople and published privacy policies, we should always have independent verification of exactly what is being done so we can make the appropriate security and privacy trade offs with eyes wide open.
Posted Sep 24, 2015 11:51 UTC (Thu)
by davecb (subscriber, #1574)
[Link]
Posted Sep 24, 2015 14:09 UTC (Thu)
by ibukanov (subscriber, #3942)
[Link] (34 responses)
Open does not imply that anybody can install it. What is essential is that third parties should be able to look at code and verify that the actual binary matches the code. The system can still use technical measures to limit who and what can be installed.
Posted Sep 24, 2015 20:26 UTC (Thu)
by marcH (subscriber, #57642)
[Link] (33 responses)
Trusted and other secure boots are not incompatible with transparency and open-source; not at all. The GPLv3 would not even have been invented if that were the case.
Posted Sep 24, 2015 20:53 UTC (Thu)
by raven667 (subscriber, #5198)
[Link] (1 responses)
Posted Sep 24, 2015 21:12 UTC (Thu)
by marcH (subscriber, #57642)
[Link]
Well said. Call this a "fuse", make a nice sentence around it with "voided warranty" in it, and that's it: you've made the whole issue simple enough for anyone to fully understand. Even lawmakers.
Posted Sep 25, 2015 8:48 UTC (Fri)
by ibukanov (subscriber, #3942)
[Link] (30 responses)
Posted Sep 25, 2015 9:37 UTC (Fri)
by dlang (guest, #313)
[Link]
Cars started out built by tinkerers and the "build your own car from scratch/scrap" has never completely vanished, let alone modifying existing vehicles.
Think about how locked down the game consoles are and how people create 'mod chips' that you press into contact with solder pads on the board to override functionality. The same sort of thing has been available for car computers from the earliest days.
ODB-II has actually greatly eased the car tinkerer's work because a lot of parameters can be accessed directly through a standard interface (which costs <$10 and works with cheap/free software on your smartphone/laptop)
Getting access to the source would just mean that the people doing the tinkering wouldn't be working blind and the result would be safer for everyone.
Posted Sep 25, 2015 17:18 UTC (Fri)
by raven667 (subscriber, #5198)
[Link]
Posted Sep 26, 2015 13:51 UTC (Sat)
by zack (subscriber, #7062)
[Link] (20 responses)
GPLv3 vs "safety" restrictions is a false dichotomy, fueled a lot by anti-FOSS agendas within the automotive sector.
You can have both a license (e.g., GPLv3) that mandates the ability to install modified versions of some software, and regulations that say that a car with a modified, non "certified" software cannot be used to drive on public roads. That is pretty much the situation for hardware modification to cars (you can make some, but others, e.g. to boost car performances, will put your care out of compliance with regulations that are required to actually use the care on public roads). Why should be software modifications any difference?
We should really insist on this similarity, because doing so removes the car manufacturer arguments that they cannot adopt GPLv3 software due to potential liabilities problems.
Posted Sep 26, 2015 15:03 UTC (Sat)
by marcH (subscriber, #57642)
[Link] (1 responses)
Because software possibilities are infinite, because it's invisible, because massive replication (and copyright infringement when applicable) comes for "free", and probably others I can't think of right now.
I can hardly believe a free software advocate is wondering about differences between hardware and software... Is there a GPL for hardware somewhere?
Posted Sep 26, 2015 15:34 UTC (Sat)
by zack (subscriber, #7062)
[Link]
That's a straw-man, right? :-) I'm (obviously, I thought) arguing there is no significant different in this specific context that would warrant a difference in regulatory treatment.
Cheers.
Posted Sep 26, 2015 15:35 UTC (Sat)
by marcH (subscriber, #57642)
[Link] (1 responses)
The GPLv2 is a pure software licence. The GPLv3 is a software+hardware licence. No surprise it's ruffling many more feathers.
As a citizen, I totally agree with the article's position that some systems should be absolutely required by law to be open-source so they become as visible and auditable than hardware is. With a serious and prolonged education effort, I think the rationale for safety and transparency can be understood and rallied to by voters - even the non-technical ones. This VW scandal is a good opportunity to push this agenda.
But if you want to lose it all, ask too much and never back down. I believe that extending this important battle, adding to it a GPLv3-like requirement to run your own modifications, *would* make it much less understandable by the public, dilute it, and like you wrote be met with fierce opposition from some industries. If some car or voting machines want to use the GPLv3 then great, just don't require it by law.
IMHO the difference of opinion and fragmentation between GPLv2 and GPLv3 is doing more harm to FOSS than most anti-FOSS advocates.
Posted Sep 26, 2015 15:52 UTC (Sat)
by zack (subscriber, #7062)
[Link]
I agree with you that the message about modifiability would be much more difficult to hold in public debates around car-related software transparency issues.
FWIW, I personally wasn't thinking of mandatory regulation that impose GPLv3-like clauses. I would be very happy with "only" mandating any free software license (which, as the article concludes, is probably nowhere near our current reach). But I did chime in on the specific issue of GPLv3 vs car-manufacturers-liability, because I maintain it's an entirely false dichotomy.
> IMHO the difference of opinion and fragmentation between GPLv2 and GPLv3 is doing more harm to FOSS than most anti-FOSS advocates.
That seems largely OT in this discussion, so I pass :)
Posted Sep 26, 2015 17:19 UTC (Sat)
by ibukanov (subscriber, #3942)
[Link] (6 responses)
Hardware tinkering is localized and hardware bugs are easy to spot after some reasonable amount of testing that can be done by a person. With modern complex software this is just not the case. A small change that is "an obvious improvement" can easily lead to a disaster that can only be spotted after very through testing. So why a user should be able to install any patch and drive on a public road without paying first for such extensive testing?
Posted Sep 26, 2015 17:40 UTC (Sat)
by marcH (subscriber, #57642)
[Link]
... as well as thorough code reviews and every usual (and costly) software QA practice.
Software... "what could possibly go wrong?" https://www.ima.umn.edu/~arnold/disasters/ariane.html
And of course when you wrote "install any patch" I assume you meant "download any patch from any random place without even looking at it and then install it".
Anyway it's good software licences don't conflate these two different issues: transparency and certification, so they can be debated and regulated independently. Oh, wait...
Posted Sep 26, 2015 18:07 UTC (Sat)
by zack (subscriber, #7062)
[Link] (2 responses)
S/he should not; or at least not necessarily. Public regulation on embedded car software can certainly decide that *any* software change (for the reasons you discussed) require approval before the car is allows to be on the road again. That would not get in the way of the user ability to install modified software on his/her car, as required by licenses such as GPLv3. Simply, by doing so, they accept the risk (or the certainty, depending on what the law says) that the car can no longer --- before some official seal of approval --- be used in the streets.
Posted Sep 26, 2015 18:28 UTC (Sat)
by raven667 (subscriber, #5198)
[Link] (1 responses)
Posted Sep 26, 2015 21:43 UTC (Sat)
by mathstuf (subscriber, #69389)
[Link]
It's interesting; I've been thinking about converting my old Jeep to be electric and writing my own control software. Though, I'll be locking it down so only I can update the firmware, so I guess that's OK? ;)
Posted Sep 26, 2015 18:19 UTC (Sat)
by raven667 (subscriber, #5198)
[Link] (1 responses)
I'm strongly for security and systems defending themselves from unauthorized remote modification, but the owner should always technically authorized to modify, even to the point of dropping warranty support or regulatory compliance.
Posted Sep 26, 2015 19:46 UTC (Sat)
by marcH (subscriber, #57642)
[Link]
It probably shouldn't at a high, conceptual level, however software's completely different nature on so many levels calls for different solutions. As just one example: the VW cheat would never have lasted that long without software. In fact it probably would not even have been deployed in the first place.
See other sub threads for more.
Posted Sep 27, 2015 1:49 UTC (Sun)
by dlang (guest, #313)
[Link] (8 responses)
Yes, there are aspects of the result that get measured to see if they are in complance, but far fewer than you are thinking. Outside of California the emissions requirements are significantly easier to comply with.
When you modify vehicles, you run into more restrictions than if you build from scratch for recent vehicles, but if you work on slightly older vehicles you pretty quickly get into 'anything goes' territory where the restrictions are more things like height of bumpers and lights than anything related to the engine or emissions.
Posted Sep 27, 2015 2:24 UTC (Sun)
by pizza (subscriber, #46)
[Link] (3 responses)
Generally speaking a modified car has to meet all applicable regulations in effect at the time the car was manufactured. There are some exceptions (eg seatbelts required for all occupants) but you can get away with a lot more with an older car as a result. (In general though, vehicles spewing smoke and other noxiousness are due more to poor maintenance than modifications..)
If you build your own, there are all sorts of exceptions to the regs that auto manufacturers have to comply with, but the exact details vary wildly depending on your location.
Posted Sep 29, 2015 20:37 UTC (Tue)
by mathstuf (subscriber, #69389)
[Link] (2 responses)
Posted Sep 29, 2015 22:07 UTC (Tue)
by pizza (subscriber, #46)
[Link] (1 responses)
Doors are another matter; it really depends on the state and locale, and the type of road you're on -- they're often required for interstates and other limited-access highways, but perfectly okay on local roads, as long as the vehicle still has proper mirrors.
Posted Oct 1, 2015 11:27 UTC (Thu)
by Wol (subscriber, #4433)
[Link]
The main purpose of the MOT (the mandatory annual road-worthiness test) is mostly to make sure that the car is up to those original specs - checking that the brakes are functional, the engine is running efficiently, the structure isn't rusty, etc etc.
Cheers,
Posted Sep 27, 2015 3:58 UTC (Sun)
by pr1268 (guest, #24648)
[Link] (3 responses)
Interesting... I would suspect it's a regulatory and compliance nightmare to get a homebuilt car certified, not just in Calif. but anywhere in the USA. As I understand it, the ultra-strict emissions regulations on vehicles in Calif. have their genesis in what people thought was a noxious gas attack (presumably from the Japanese) in WWII. Turned out to be exhaust-created smog. Ain't nothin' like a little wartime terror to tighten regulations a bit... ;-) Also, correct me if I'm wrong, but doesn't someone moving to Calif. (from elsewhere in the USA) have to get their car modified/retrofitted for Calif. emissions? And, curious, what about older cars? (In many states, Vehicles older than 1968 model year need not be tested, because that's when initial exhaust standards were implemented, IIRC.)
Posted Sep 27, 2015 5:33 UTC (Sun)
by raven667 (subscriber, #5198)
[Link] (2 responses)
In practice all cars made for sale in the US are designed to meet California emissions standards as that is more cost effective than designing separate models for the California market.
Posted Sep 27, 2015 5:56 UTC (Sun)
by dlang (guest, #313)
[Link] (1 responses)
The basic design in the same, but there are a handful of expensive add-ons, not all of them technical components (warranties by the manufactueres for the first X years after sale for example)
Posted Sep 27, 2015 6:13 UTC (Sun)
by sfeam (subscriber, #2841)
[Link]
Posted Oct 2, 2015 9:08 UTC (Fri)
by oldtomas (guest, #72579)
[Link] (6 responses)
This is one of the often-cited "limitations" or "problems" with GPLV3.
It is a red herring, IMHO. In a state of right (I'm assuming that here) infraction is the user's responsibility. The manufacturer should make it possible for you to comply with the law; it's not his job to *force* you to (although in the more technical realm we're seeing things slide in this direction, alas).
That's why your standard kitchen knife doesn't come with an "anti-murder device" and why you can install extra "firmware" in your brains (e.g. alcohol) and then drive. It's expected from you to know you're supposed to not do it, and perhaps, when you get caught doing it nevertheless, you have to face some consequences. We might agree on changing that, but until then this often-quoted argument is, and will stay a red herring.
Posted Oct 2, 2015 11:22 UTC (Fri)
by tao (subscriber, #17563)
[Link] (5 responses)
I would certainly love to have access to the firmware of all devices I own. To be able to fix the small things that annoy me in my camera, TV, gaming console, etc. I'm sure I'd love to have the firmware to my car too. And I would perhaps even dare to try to hack it. But I sure as hell wouldn't trust random hacks downloaded from the net.
The amount of people who install stuff like "Make your computer 10% faster!" software is rather worrying. Imagine the amount of people willing to install "Make your car consume 10% less petrol!". Now, further imagine having such cars driving on the same road you're driving on.
A knife is sharp -- most people know that. Alcohol is a drug -- most people know that. Firmware for your car *might* be malware -- hardly anyone will know that, nor will they believe warnings; if people did believe warnings about malware there'd be far less viruses, trojans, botnets, scammers, etc.
So, allowing the users access to all source code for all devices they own -- absolutely.
I suspect that the "ohhhh, upgrading my BMW to a firmware I got online that says that it gives 10% higher top speed" crowd would be fairly small if it voided their insurance (well, perhaps except for the traffic insurance, which is to pay for the damage you *cause*).
Posted Oct 2, 2015 13:54 UTC (Fri)
by raven667 (subscriber, #5198)
[Link] (3 responses)
Posted Oct 2, 2015 16:10 UTC (Fri)
by BlueLightning (subscriber, #38978)
[Link]
Sure, that's not nearly as complicated or perhaps as subtle as modifying code in the ECU - but that's part of the point - it's trivially easy to do the wrong thing here and yet most people don't even have the inclination to try something they shouldn't.
Posted Oct 4, 2015 7:16 UTC (Sun)
by marcH (subscriber, #57642)
[Link] (1 responses)
... while trying to close it could reduce risks. Worst case it will make little difference.
> a small number of "tuners" will do so while the vast majority will be unwilling to take the risk, people take their cars more seriously than their computers,
As a member of this vast majority I very much welcome an easy, convenient, "secure boot like" way to easily prove any random officer that I did not "jailbreak/root" my car and have no responsibility whatsoever in its abnormal level of emission/risk/etc. and that it was all Volkswagen's fault.
Since car manufacturers ironically wish the same thing, it will happen more and more. Get over it.
And once again: absolutely nothing here incompatible with open-source and transparency.
Posted Oct 5, 2015 1:35 UTC (Mon)
by raven667 (subscriber, #5198)
[Link]
This seems incredibly short sighted to me, if you don't bake ownership control in at the beginning, like was done with Secure Boot, you will end up where the manufacturers have always wanted, where it is only possible to get service of any kind at an authorized shop where that manufacturer can take a cut of the revenue (maybe all of the profit).
> As a member of this vast majority I very much welcome an easy, convenient, "secure boot like" way to easily prove any random officer that I did not "jailbreak/root" my car and have no responsibility whatsoever in its abnormal level of emission/risk/etc. and that it was all Volkswagen's fault.
That is a massive red herring and completely confused, in no way to you have to take extreme technical measures to lock the owner out of modifying their own car for the courts to be able to figure out where liability lies when something goes wrong. There are hundreds, maybe thousands of years of precedent on how liability works when a person purchases a good made by someone else, this is not fundamentally different just because computers are involved.
Posted Oct 3, 2015 8:25 UTC (Sat)
by oldtomas (guest, #72579)
[Link]
At first blush, yes. But if law states that it's illegal to drive a car with a non-certified software on public roads, you better not get caught (and there are means to check that -- a strong cryptographic hash...).
And as BlueLightning stated, it'd be trivial to put one, two squirts of nitromethane (DISCLAIMER: I don't really know how that'd work out in practice [1] ;-) into your diesel tank, and still pretty few people do that. Why?
[1] Besides, correctly spelling "nitromethane" might get you in hot water after 9/11
Posted Sep 24, 2015 15:24 UTC (Thu)
by raven667 (subscriber, #5198)
[Link] (1 responses)
No it doesn't, not from the owner of the car. It is not the job of the engine firmware designer to police the engine owner from doing bad things, if they want to "tune" their engine there shouldn't be a technical measure preventing it, if they then get in trouble for violating emissions and making other citizens sick with smog or whatever then it's the owners responsibility to answer for their actions, not the manufacturers.
> So demanding that this whole system is opened up *will*backfire and actually be far worse for the environment.
That's why many places do emissions testing, to try and catch this kind of shenanigans. Even without that, or with active attempts to fool the test, it's not necessarily a failure if there are a small number of scofflaws, no rule is ever 100% followed or enforced, as long as the total loss due to illegal behavior is less than some damaging threshold.
Trying to *prevent* 100% of "bad" behavior in people is actually its own kind of disease, like an auto-immune disorder, that tends to destroy the good parts of a civilized system and is usually worse than the bad behavior in the first place.
Posted Sep 24, 2015 21:04 UTC (Thu)
by dlang (guest, #313)
[Link]
For decades car performance folks have been able to override what the manufacturers program the cars to do. In some cases they do so by unplugging the computer and plugging in a wiring harness that has it's own computer that reads all the inputs from the car and then changes them before they are sent to the 'official' computer. no modifications to the official computer or it's software required, and they can override thigns to make the car perform significantly differently.
It's even possible to get completely open replacements for some engines.
So the stance that the security of the cars computer must be maintained is just wrong.
Posted Sep 25, 2015 3:36 UTC (Fri)
by liam (guest, #84133)
[Link]
Posted Sep 24, 2015 11:46 UTC (Thu)
by davecb (subscriber, #1574)
[Link] (2 responses)
Posted Sep 25, 2015 6:48 UTC (Fri)
by mjthayer (guest, #39183)
[Link] (1 responses)
Posted Sep 25, 2015 11:37 UTC (Fri)
by davecb (subscriber, #1574)
[Link]
Posted Sep 24, 2015 14:43 UTC (Thu)
by ttonino (guest, #4073)
[Link] (1 responses)
The term originates when pollution controls (called "smog controls" at the time) were all hardware - as in screws, pumps and levers - based. The term might even be in the law.
Posted Sep 26, 2015 19:43 UTC (Sat)
by giraffedata (guest, #1954)
[Link]
The term "defeat device" is used in the EPA complaint letter, which is why it is used by the press.
The term originates when pollution controls (called "smog controls" at the time) were all hardware - as in screws, pumps and levers - based. The term might even be in the law.
I'm sure it is in the law. The law refers to function provided by software as a "device" all the time, even in modern times. It's not actually the code that is a device - it is a logical part of some physical object (in this case the engine control computer). (If a book can have a plot device, I have no problem with an ECC containing an emissions control defeat device).
This is the way things that are implemented in software are patentable even though software itself is not subject to patent - the patent refers to a device, not a piece of code.
Posted Sep 24, 2015 17:01 UTC (Thu)
by pr1268 (guest, #24648)
[Link] (22 responses)
Allow me to play "devil's advocate" for just a moment: Is there anyone out there who thinks the EPA emissions requirements are too draconian? VW certainly did—why else would they go to such lengths to circumvent emissions requirements like this? Surely business schools still teach the likes of cost vs. benefit and risk/reward analysis, right? Is it safe to assume VW estimated a substantial benefit (profit) for faking emissions while assuming near-zero cost for implementation and risk of being caught? Enough benefit to defray even the imagined cost of being caught? I see the software part of this as merely a smaller component of a much larger issue. This is not meant to impugn our editor's work here—I do agree we'll likely see more occurrences of this, especially in the DRM arena. Finally, lest I get accused of being an EPA-basher, let me make it clear that I do support their efforts to clean up the environment. And I think what VW did was reprehensible.
Posted Sep 24, 2015 19:43 UTC (Thu)
by seyman (subscriber, #1172)
[Link]
I seriously doubt that. I suspect most people who have an opinion on the subject would like to see the requirements even more restrictive.
> VW certainly did—why else would they go to such lengths to circumvent emissions requirements like this?
Bragging rights? To skimp on costs?
If VW really thought they knew more about environmental protection than the EPA does, they should have been upfront about it. As things stand, this stunt may not kill Volkswagen but it will hurt it badly.
Posted Sep 24, 2015 20:14 UTC (Thu)
by kleptog (subscriber, #1183)
[Link]
There's a relationship between engine power and NOx emissions. If you can get around emissions requirements you could offer a more powerful engine while advertising you're "clean". So there's an incentive to fake if you can, it makes your car more attractive. VW ads were even proud about how their magic engine was so powerful while being clean.
They're only draconian if they're unachievable, and they're not that. What we need is better testing.
Posted Sep 24, 2015 21:15 UTC (Thu)
by dlang (guest, #313)
[Link] (19 responses)
The EPA has been under fire for the last month due to the massive pollution that they caused, and so have been looking for something to distract the press, the late friday release of this announcement is suspicious.
I don't think we have the full story on this.
If they made the car perform differently when it's on a dyno, it would affect the EPA smog tests, but it would also affect the performance numbers that result.
If they made the car optimize things under constant throttle, that is a valid thing to do, even on the open road.
There are a lot of accusations going around, with very little actual data.
If they programmed it to detect the specific profile of actions for the test, this would fail in a few years when the cars are being re-tested (and have to still pass emissions) because the test profile changes over time. If they were to end up with lots of their cars unable to pass the California Smog tests because the test changed slightly and no longer triggered their 'low emissions' mode, they would end up being faced with either a massive recall or class-action lawsuit from the vehicle owners.
This isn't a new engine that's just been introduced either, this is a model they've been selling and improving for several years, so they've seen these tests change over time.
So I really doubt that it's as simple a situation as it's being made out to be.
Posted Sep 24, 2015 21:36 UTC (Thu)
by jzbiciak (guest, #5246)
[Link] (7 responses)
Here's the infographic I saw that laid out which parameters the "defeat device" used to detect it was in testing mode. I don't know the source for this level of detail, so salt to taste. For those who don't care to click on the link, it looked at four factors: Position of steering, speed, duration of engine operation, and barometric pressure. That doesn't sound like how you typically optimize for constant throttle. The more common optimization is "closed loop operation," when the ECU tries to maximize fuel efficiency by straddling the narrow-band O2 sensor's threshold line.
Posted Sep 24, 2015 21:49 UTC (Thu)
by dlang (guest, #313)
[Link] (6 responses)
Which would actually make the test far more representative of the real world.
If it really is as trivial a set of tests as this shows (again, unknown source, unknown reliability), just wiggling the steering wheel during a test would result in drastic power and emissions changes, with no throttle changes at all.
I know that the initial findings of this were based on doing emissions testing on the road, not on a dyno, resulting in drastically different emissions. But from that it's not necessarily even anything wrong with the car, but rather something wrong with the test (the purpose of the test is to try and simulate real-world driving)
It also wouldn't be the first time that the EPA test was found to be so horrifically different from real driving that it needed to be changed. As I've said before (Elsewhere at least), the early Hybrid cars resulted in insanely good test results because the profile let them run on battery most of the time.
It may just be time for the EPA to make a drastic (not just incrimental) change to their test process.
Very little real-world driving involves constant throttle settings over any significant distance, with modern computer controlled Dynos, they should be able to do tests where they vary the throttle, vary the load, vary the speed, etc.
Even the systems in Smog Test stations around the country allow for many different test profiles.
Posted Sep 24, 2015 22:25 UTC (Thu)
by dlang (guest, #313)
[Link] (5 responses)
if you have one set of wheels stationary and the other set moving, that's going to trigger your traction problem detection and attempt to slow the spinning wheels.
Apparently this is even more interesting on the very high-end cars, and so to test those cars you have to do some specific things to disable the traction control. For VW to detect a dyno mode to disable things like this is a user-friendly and mechanic-friendly thing to do.
Since you don't have the same airflow and cooling on the dyno (for things like your tranmission, differentials, etc) there's also legitimate reasons to be more cautions about thinks that can generate heat in those areas.
Again, we really need to see the results of the investigation.
Posted Sep 24, 2015 22:54 UTC (Thu)
by jzbiciak (guest, #5246)
[Link] (4 responses)
I don't think it's specifically dyno vs. not-dyno that's at play here. Given the number of people who like to tune their cars, soup them up, etc., you'd think someone would notice messed up power curves in a dyno test. My guess (and yes, it's just pure speculation) is that the code actually looked very narrowly for the test profile, and that the EPA test profile used for certification is fairly fixed. You're right, though: We really do need to see the results of the investigation. I'm quite curious what exactly they did. Knowing how these things go, we may not know the specifics for years, though.
Posted Sep 24, 2015 23:23 UTC (Thu)
by dlang (guest, #313)
[Link] (3 responses)
The EPA test profile is very fixed, but the profile used at Smog Check stations in California (where the strictest emissions requirements are), both varies over time and is subject to a lot more variation than the "official EPA" test, both from the impossibility of keeping so many thousands of stations _exactly_ in tune, and the fact that they all run their tests on ambient air, rather than 'Standard Temp and Pressure' the way the official EPA test does. The fact that the cars going through the periodic testing are going to have wildly different internal drag (tire pressure, how fresh the lubricants throughout the vehicle are), is going to make it so that the throttle setting needed to run the car at a specific speed for the test is going to vary a fair bit.
This is why I'm a bit sceptical that this is deliberate cheating. The fact that California can and does change it's test profile FAR more frequently than the EPA does makes detecting specific driving profiles much harder.
If (as reported) not triggering the 'EPA test mode" made the NOX levels exceed the testing limits by 40x, just can't see how these cars have been triggering 'test mode' reliably enough to not be an epidemic of failures in the California Smog Test stations.
I'm not saying it's impossible, but some things are far more likely than others, and I know enough of the field (having been Smog Certified in California as well as a car performance guy, and then Information Security as my day job) that some things are far more likely than others, and these claims are odd enough for me to question them. Or at least question that we have valid info yet.
Posted Sep 24, 2015 23:34 UTC (Thu)
by jzbiciak (guest, #5246)
[Link]
Gotcha. I guess I'm just going to have to stay tuned.
Posted Sep 25, 2015 13:40 UTC (Fri)
by mstone_ (subscriber, #66309)
[Link] (1 responses)
The allegation is that VW cheated on the initial EPA test, so that all of the subsequent reporting (including everything done by CA) is invalid.
Posted Sep 25, 2015 17:05 UTC (Fri)
by dlang (guest, #313)
[Link]
When I was first certified, the Dyno was not used for any vehicles, it got added much more recently.
If there has not been an update to the check requirements for Diesels to have them use the same Dyno profiles and emissions sniffing process as Gas vehicles do, it's only a matter of time until there is (and after this mess, I would expect that it will be a fairly short time)
Posted Sep 25, 2015 7:43 UTC (Fri)
by pr1268 (guest, #24648)
[Link] (10 responses)
Sure we do. VW intentionally cheated the emissions tests with a so-called "defeat device". This investigation has been going on for almost two years (according to our editor's PDF link). The $**t hit the fan only a few days ago when VW came clean (no pun intended) and admitted their scheme. In fact, this article from last Friday (Sept. 18) said that 500,000 vehicles were affected. But, VW then later admitted 11 million cars worldwide were rigged. Sounds pretty cut-and-dry, IMO. I'm sure the EPA is relieved at how the VW scandal has deflected attention away from the polluted Animas River, but from what I can tell, the VW scandal had been brewing for quite some time prior to the mine leak. No one was accusing anyone of anything, other than the EPA threatening to withhold certification of VW's 2016 model year diesel cars until the emissions could be fixed. Only then did VW make a public admission of guilt to using software to cheat the emissions tests.
Posted Sep 27, 2015 11:36 UTC (Sun)
by ballombe (subscriber, #9523)
[Link] (9 responses)
> Only then did VW make a public admission of guilt to using software to cheat the emissions test
This is true, but this is still very awkward: US companies never make public admission of guilt under any circumstance, they settle the case with the government without admitting wrongdoing.
Posted Sep 27, 2015 12:33 UTC (Sun)
by pr1268 (guest, #24648)
[Link] (8 responses)
I honestly don't know. I was sort of begging the same question with my previous post(s) here on LWN. I suppose it might be a cultural difference between Germany and the USA. Or a legal one. A slightly whacky analogy I draw VW's actions to is that of a murder trial: Just as the prosecution is about to prove the defendant guilty, the defendant then proclaims that not only did he commit the murder, but he murdered ten others, and here's where the bodies are buried! :-\
Posted Sep 27, 2015 22:06 UTC (Sun)
by raven667 (subscriber, #5198)
[Link] (7 responses)
The cynical person would say that maybe it's like Watergate where the actions taken were to hide a much more serious crime than what the public knew about at the time.
Posted Sep 28, 2015 19:21 UTC (Mon)
by bronson (subscriber, #4806)
[Link] (6 responses)
It took a lot of work and fact checking by CARB/EPA/etc to wear them down:
"We discovered some very strange anomalies," Young said. "For instance, the car was running more cleanly when it was cold than when it was warm, which is the opposite of what every other car does — because once you warm a car up that's when it begins to deliver its best pollution controls. This was not the case. So clearly something else was going on. Over time we assembled enough proof and questions that they could no longer provide any reasonable explanation for what was going on."
I think VW just ran out of things they could plausibly lie about.
Also, pure speculation: engine computers are pretty standardized and not too hard to analyze (much easier than a locked-down smartphone anyway!) It wouldn't surprise me if CARB found evidence of a defeat device on their own and quietly confronted VW about it.
Posted Sep 28, 2015 19:45 UTC (Mon)
by raven667 (subscriber, #5198)
[Link]
True, but that has not stopped many other companies before from continuing to lie, even to try propaganda and lobbyists to change the law and public opinion to support their untruth, so VW is actually different in this case.
Posted Sep 28, 2015 19:46 UTC (Mon)
by dlang (guest, #313)
[Link] (4 responses)
Posted Sep 28, 2015 19:50 UTC (Mon)
by bronson (subscriber, #4806)
[Link] (3 responses)
But, yes, we're probably talking about a few tens or hundreds of lines of software. It's the EPA that named it a "defeat device", not me. :)
Why is it worth repeating?
Posted Sep 28, 2015 20:15 UTC (Mon)
by dlang (guest, #313)
[Link] (2 responses)
Not just cars, but the FCC is currently accepting comments on proposing requiring that access point manufacturers be required to demonstrate how they will prevent people who buy the devices from installing DD-WRT or OpenWRT on the devices based on the fact that such open software is a "defeat device"
we lost the definition of "hacker", don't let if statements (and similar code) start being talked about as if it was a hardware device installed in something that can just be locked out.
Posted Sep 28, 2015 20:46 UTC (Mon)
by bronson (subscriber, #4806)
[Link] (1 responses)
However, "defeat device" is a term coined in the 70s (if not before) when the government was trying to outlaw physical devices designed to defeat emissions testing. Law (as it does) carried that terminology forward into the era of the engine computer: https://www.law.cornell.edu/cfr/text/40/86.1809-10
So, even if you find it to be scare words, that's not the way it was originally intended. I think it can be forgiven in this case.
Just curious, can you suggest a similarly unambiguous term that can be codified into law? Remember, the term needs to cover both software and hardware.
Posted Sep 28, 2015 21:41 UTC (Mon)
by dlang (guest, #313)
[Link]
But I've seen people elsewhere start getting up in arms about the conspiracy because this device has been installed in all these cars for years and nobody has spotted it.
When you point out that it's not a physical device, it's just software in the system, the expectations change. There's still plenty of silly, over-the-top reactions even then.
I don't know a good phrase to try and replace it as a "term of art" in legal matters though :-(
Posted Oct 5, 2015 12:46 UTC (Mon)
by hendry (guest, #50859)
[Link]
Posted Oct 5, 2015 19:08 UTC (Mon)
by przemek.klosowski (guest, #100907)
[Link] (12 responses)
Herein lies a problem, though: IANAL but my understanding is that the manufacturer is deemed to have installed the 'defeat device' if certain set of measurements satisfies the criteria. Those results can happen either because the code has a sinister detectEPAtestAndCheat() procedure written at the request of a pointy-haired boss, or because the algorithm parameters were optimized to death and resulted in such operation. I don't mean to find excuses for the manufacturer---I just hope the investigation will determine the exact sequence of things that lead to the problem, and shine light on how much it was the perfidy of the management versus engineering corner-cutting. I think there's a difference there.
One way of looking at this is: would you judge the situation differently if the algorithm was really a neural network whose learning set consisted of both the EPA test constraints, and a maximum power/torque constraint?
Posted Oct 5, 2015 19:32 UTC (Mon)
by dlang (guest, #313)
[Link] (11 responses)
Samsung is responding that the test patterns are static, and trigger power savings optimizations that are part of normal operation.
so "defeat device" in software depends a lot on the parameters that trigger it and the intent of the programmers.
In the case of VW, is the different fueling used because the throttle is constant and so it can satisfy the power requirements more efficiently? (a valid optimization, even on the open road) or because it detects something that's actually specific to the test?
Posted Oct 5, 2015 19:45 UTC (Mon)
by bronson (subscriber, #4806)
[Link] (2 responses)
It actually detected the test: "The 'switch' senses whether the vehicle is being tested or not based on various inputs including the position of the steering wheel, vehicle speed, the duration of the engine's operation, and barometric pressure. These inputs precisely track the parameters of the federal test procedure..."
http://www3.epa.gov/otaq/cert/documents/vw-nov-caa-09-18-...
Posted Oct 5, 2015 21:53 UTC (Mon)
by dlang (guest, #313)
[Link] (1 responses)
If there is (as is alleged) a "dyno mode" vs a "road mode", the dyno mode would also kick in when doing other dyno tests (performance and economy come to mind)
unless the dyno mode is _very_ specific to the exact details of the EPA test, which seems incredibly unlikely (the test changes over time)
They have a number of fuel maps in the ECU that are used under different conditions, the accusation lumps them all together into 'road mode', but it's very possible that there is very little difference between some of the 'road mode' maps and the 'dyno mode' map. it all depends on exactly what the conditions are for switching.
The EPA thinks they have evidence that it's malicious, and at this point I don't think we will ever find out the real details. The new VW management wants to get this behind them and survive. Proving that this wasn't necessarily malicious would by a Pyrrhic victory at this point.
Posted Oct 5, 2015 23:46 UTC (Mon)
by bronson (subscriber, #4806)
[Link]
You can choose to consider the EPA incompetent or liars if you want. That seems a strange stance to take because even VW publicly stated in a conference call on Sept 3 that the Notice of Violation is basically correct.
And, even if you don't want to take the EPA and VW's word for it, why would VW's fuel maps look so radically different depending on steering input? There's simply no physics-based explanation for why their engine computer would demonstrate such strange behavior.
I'm also looking forward to reading the report. I expect it will describe a series of small and expedient decisions that resulted in this ECU mode. An evil boss telling his engineers, "write me a defeat device from scratch" seems implausible and difficult to keep under wraps. :)
Posted Oct 5, 2015 19:48 UTC (Mon)
by bronson (subscriber, #4806)
[Link] (5 responses)
No, if it increases NOx output 40X above the limit, it is obviously not a valid optimization. Did you mean something else?
Posted Oct 5, 2015 21:43 UTC (Mon)
by dlang (guest, #313)
[Link] (4 responses)
They are going faster, carrying more weight, almost always driven with a heavier foot on the skinny-pedel, etc.
Go read up on what the test actually consists of and you will be horrified at how little resemblance it has to real-world driving.
Posted Oct 5, 2015 23:21 UTC (Mon)
by bronson (subscriber, #4806)
[Link] (3 responses)
At first i thought your reply was saying: since real world driving doesn't match the test very closely, we should just chuck the test out the window and give up. But that's both defeatist and not in reply to anything I said... so I'm guessing I'm misinterpreting?
Posted Oct 5, 2015 23:24 UTC (Mon)
by dlang (guest, #313)
[Link] (2 responses)
Posted Oct 5, 2015 23:51 UTC (Mon)
by bronson (subscriber, #4806)
[Link] (1 responses)
Posted Oct 6, 2015 20:46 UTC (Tue)
by dlang (guest, #313)
[Link]
The EPA test profile is very strict and not something that will exactly match any on-the-road test. It was people doing on-the-road emissions tests and looking at differences that raised the concerns and started the investigation.
how close the EPA dyno test is to the on-the-road test that showed issues is part of what ends up confusing the issue (see the samsung TV power consumption issue), it all depends on what the exact triggers are to change the fuel profiles are and what the justification and logic for them are.
Posted Oct 7, 2015 20:49 UTC (Wed)
by mathstuf (subscriber, #69389)
[Link] (1 responses)
Even if it were, the excess NOx makes the "on-the-road" profile invalid to choose in the US under any circumstances.
Posted Oct 7, 2015 21:01 UTC (Wed)
by dlang (guest, #313)
[Link]
That is where you misunderstand the regulations.
The requirements for the amount of NOx produced are under specific conditions. Under other conditions (full load climbing a hill), the vehicle is not expected to work the same way it does under light load.
This is what I was referring to when I talked about how unrealistic the tests are compared to real-world driving earlier.
Posted Oct 19, 2015 2:15 UTC (Mon)
by apollock (subscriber, #14629)
[Link]
The Internet of criminal things
The Internet of criminal things
The Internet of criminal things
> kind of software.
The Internet of criminal things
The Internet of criminal things
But that's just a pricing model. The ownership situation was always presented as the user owns the device and the service provider does not. The term "lease" was never used and no part of the monthly payment was called rent. Service providers never said the device was their property. When the contract terminated, the user did not return the device. If it terminated early, the user refunded to the service provider the discount he had received on the purchase price in consideration of the long service contract.
user-owned vs network-owned
user-owned vs network-owned
Wol
I'll bet all of those are legally distinct from these US phone contracts because in these hiring variations, legal title to the phone during the contract period would be in the network operator, whereas in the US phone contracts, it is in the subscriber. With enough provisions in the contract, the difference can be practically tiny, but it can still matter with things such as where one of the parties declares bankruptcy, dies, gets divorced, or owes the government money.
user-owned vs network-owned
user-owned vs network-owned
The Internet of criminal things
The Internet of criminal things
Voting machines (was The Internet of criminal things)
Voting machines (was The Internet of criminal things)
Voting machines (was The Internet of criminal things)
Voting machines (was The Internet of criminal things)
Voting machines (was The Internet of criminal things)
Voting machines (was The Internet of criminal things)
Voting machines (was The Internet of criminal things)
Voting machines (was The Internet of criminal things)
I think at the last Hungarian elections the counting was finished in 3 hours in the first round (where everybody had two votes) and maybe 1,5 hours in the second round (where voters had only a single vote). The political analyzers on TV barely had the time to speculate before the results were ready.
Voting machines (was The Internet of criminal things)
Voting machines (was The Internet of criminal things)
Voting machines (was The Internet of criminal things)
Voting machines (was The Internet of criminal things)
Voting machines (was The Internet of criminal things)
The Internet of criminal things
https://freedom-to-tinker.com/blog/jeremyepstein/vw-votin...
Oh, the irony!
Far from trying to make trouble for Volkswagen, the engineers had been hired by the International Council on Clean Transportation, a clean-air advocacy group that hoped to use Volkswagens to show European regulators how efficiently diesel cars could meet the strict emissions limits set by the United States.
The Internet of criminal things
https://boingboing.net/2012/01/10/lockdown.html
The Internet of criminal things
And you don't need to guess why they want to do this: to change the parameters so that the engine has more power, even if that means it will be polluting like hell, more than what VW did.
willful pollution
The Internet of criminal things
The Internet of criminal things
Individual initiative should do less harm than mass-production
The Internet of criminal things
The Internet of criminal things
The Internet of criminal things
The Internet of criminal things
The Internet of criminal things
The Internet of criminal things
The Internet of criminal things
The Internet of criminal things
The Internet of criminal things
The Internet of criminal things
The Internet of criminal things
The Internet of criminal things
The Internet of criminal things
The Internet of criminal things
The Internet of criminal things
The Internet of criminal things
The Internet of criminal things
The Internet of criminal things
The Internet of criminal things
The Internet of criminal things
The Internet of criminal things
The Internet of criminal things
The Internet of criminal things
The Internet of criminal things
Wol
The great smog attack of 1943
The great smog attack of 1943
The great smog attack of 1943
Your summary is out of date. There are currently 12+ states that have adopted the CA standards, and the entire US is doing so next year. Hence the broohaha with VW not being able to meet the 2016 standards.
Wikepedia US emission standards
The great smog attack of 1943
The Internet of criminal things
The Internet of criminal things
Allowing them to freely install it? I'm not so sure in all cases -- in some cases it should require recertification, in other cases void warranties (in most cases both) and insurances.
The Internet of criminal things
The Internet of criminal things
The Internet of criminal things
The Internet of criminal things
The Internet of criminal things
The Internet of criminal things
The Internet of criminal things
The Internet of criminal things
This seems a case where opening one hole while closing another (so to speak:) seems a wise move.
Topically, this month's CACM has an article on detecting hidden hardware-based attacks
Topically, this month's CACM has an article on detecting hidden hardware-based attacks
Topically, this month's CACM has an article on detecting hidden hardware-based attacks
The Internet of criminal things
software as a device
Internet of criminal things
Internet of criminal things
Internet of criminal things
Internet of criminal things
Internet of criminal things
Internet of criminal things
Internet of criminal things
Internet of criminal things
Internet of criminal things
Internet of criminal things
Internet of criminal things
Internet of criminal things
Internet of criminal things
personally I don't think we know for sure what VW did. The execs agreed to cooperate with the investigation this last weekend, which means that there still needs to be an investigation.
The EPA has been under fire for the last month due to the massive pollution that they caused, and so have been looking for something to distract the press, the late friday release of this announcement is suspicious.
There are a lot of accusations going around, with very little actual data.
Internet of criminal things
Why is VW doing otherwise, when it is so easy to say it is just a software bug?
Internet of criminal things
Why is VW doing otherwise, when it is so easy to say it is just a software bug?
Internet of criminal things
Internet of criminal things
Internet of criminal things
Internet of criminal things
Internet of criminal things
Internet of criminal things
Internet of criminal things
Internet of criminal things
The Internet of criminal things
The Internet of criminal things
The Internet of criminal things
The Internet of criminal things
The Internet of criminal things
The Internet of criminal things
The Internet of criminal things
The Internet of criminal things
The Internet of criminal things
The Internet of criminal things
The Internet of criminal things
The Internet of criminal things
The Internet of criminal things
The Internet of criminal things
The Internet of criminal things
