|
|
Subscribe / Log in / New account

The Internet of criminal things

The Internet of criminal things

Posted Sep 26, 2015 17:19 UTC (Sat) by ibukanov (subscriber, #3942)
In reply to: The Internet of criminal things by zack
Parent article: The Internet of criminal things

> Why should be software modifications any difference?

Hardware tinkering is localized and hardware bugs are easy to spot after some reasonable amount of testing that can be done by a person. With modern complex software this is just not the case. A small change that is "an obvious improvement" can easily lead to a disaster that can only be spotted after very through testing. So why a user should be able to install any patch and drive on a public road without paying first for such extensive testing?

to post comments

The Internet of criminal things

Posted Sep 26, 2015 17:40 UTC (Sat) by marcH (subscriber, #57642) [Link]

> So why a user should be able to install any patch and drive on a public road without paying first for such extensive testing?

... as well as thorough code reviews and every usual (and costly) software QA practice.

Software... "what could possibly go wrong?" https://www.ima.umn.edu/~arnold/disasters/ariane.html

And of course when you wrote "install any patch" I assume you meant "download any patch from any random place without even looking at it and then install it".

Anyway it's good software licences don't conflate these two different issues: transparency and certification, so they can be debated and regulated independently. Oh, wait...

The Internet of criminal things

Posted Sep 26, 2015 18:07 UTC (Sat) by zack (subscriber, #7062) [Link] (2 responses)

> So why a user should be able to install any patch and drive on a public road without paying first for such extensive testing?

S/he should not; or at least not necessarily. Public regulation on embedded car software can certainly decide that *any* software change (for the reasons you discussed) require approval before the car is allows to be on the road again. That would not get in the way of the user ability to install modified software on his/her car, as required by licenses such as GPLv3. Simply, by doing so, they accept the risk (or the certainty, depending on what the law says) that the car can no longer --- before some official seal of approval --- be used in the streets.

The Internet of criminal things

Posted Sep 26, 2015 18:28 UTC (Sat) by raven667 (subscriber, #5198) [Link] (1 responses)

As I think about this thread it seems there is some underlying assumption that regulation, audit, policing, government and democracy in general are unable to solve these kinds of problems sufficiently so that we need technical measures enforced by corporations to solve them for us instead. It used to be a joke that closed, proprietary, unmodifiable software is like a car with the hood welded shut, which was meant to be a bad thing, now people are literally advocating for pulling out the welding torches. How odd.

The Internet of criminal things

Posted Sep 26, 2015 21:43 UTC (Sat) by mathstuf (subscriber, #69389) [Link]

People always did complain that those car analogies weren't that useful. I guess now we're seeing why.

It's interesting; I've been thinking about converting my old Jeep to be electric and writing my own control software. Though, I'll be locking it down so only I can update the firmware, so I guess that's OK? ;)

The Internet of criminal things

Posted Sep 26, 2015 18:19 UTC (Sat) by raven667 (subscriber, #5198) [Link] (1 responses)

As was already pointed out in another sub-thread, the ability to modify and the certification for use of public infrastructure are two different things that should be kept separate from a regulatory perspective. Right now the concept already exists of modification that make a car no longer street-legal, why should software be treated any differently than hardware, when the ultimate effect is the same? Also, if I do modify software and it doesn't cause any problems, is there really enough reason for the state to spend resources mandating draconian security systems to prevent modification by the owner. The public interest in my car ends with safety on the public roads and pollution of the public air, beyond that what I do is my business, especially on private property.

I'm strongly for security and systems defending themselves from unauthorized remote modification, but the owner should always technically authorized to modify, even to the point of dropping warranty support or regulatory compliance.

The Internet of criminal things

Posted Sep 26, 2015 19:46 UTC (Sat) by marcH (subscriber, #57642) [Link]

> why should software be treated any differently than hardware, when the ultimate effect is the same?

It probably shouldn't at a high, conceptual level, however software's completely different nature on so many levels calls for different solutions. As just one example: the VW cheat would never have lasted that long without software. In fact it probably would not even have been deployed in the first place.

See other sub threads for more.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds