How the Car Industry Has Hidden Its Software Behind the DMCA

Lucas123 writes: The DCMA has allowed carmakers to keep third parties from looking at the code in their electronic control modules. The effect has been that independent researchers are wary of probing vehicle code, which may have lead companies like Volkswagen to get away with cheating emissions tests far longer than necessary. In a July letter to the U.S. Copyright Office, the Environmental Protection Agency expressed its own concern of the protection provided by the DMCA to carmakers, saying it's "difficult for anyone other than the vehicle manufacturer to obtain access to the software." Kit Walsh, an attorney with the Electronic Frontier Foundation, said the legal uncertainly created by the DMCA "makes it easier for manufacturers to conceal intentional wrongdoing. The EFF has petitioned the U.S. Copyright Office for an exemption to the DMCA for embedded vehicle code so that independent research can be performed on electronic control modules (ECMs), which run a myriad of systems, including emissions. Eben Moglen was right.

Eben Moglen is always right

Eben Moglen is always right. Now take some time and watch some of his lectures on internet freedom, privacy and open source software

The Volkswagen scandal is a good thing

[Applehu+Akbar]

It may push even Congress to allow us access to our own cars' ECM and diagnostic systems.

Re:The Volkswagen scandal is a good thing

[Locke2005]

Not going to happen. Honda wouldn't even let me replace the battery in my hybrid. That's right, they refuse to sell you a new hybrid battery, you can only get one by having the Honda dealer install it! They didn't even listen to my argument that I had a degree in Electronics Engineering and had worked as an Electronics technician, so I probably understood the fact that batteries are dangerous.

Re:The Volkswagen scandal is a good thing

[billyswong]

I heard that car batteries for hybrid/electronic vehicles could be very high voltage. So car companies go the better-safe-than-sorry route. They can't afford someone got over-confident and killed themselves.

Re:The Volkswagen scandal is a good thing

If you were trying to replace the entire expensive battery, then you were probably doing it wrong. The best thing to do is crack open the battery and replace the cells that are bad. In my brother's Prius, he only needed to replace about 10% of the cells. Also, you don't have to buy any proprietary parts. Honda parts are crazy overpriced.

Re:The Volkswagen scandal is a good thing

[Dutch+Gun]

For every person like you who may be qualified to do the job safely, there are probably many dozens that would still attempt this themselves simply for the cost savings, and risk injuring / electrocuting themselves, after which their families would sue the bejezus out of Honda.

While there certainly may be a profit motive here, I wouldn't discount a fear of lawsuits.

Re:The Volkswagen scandal is a good thing

[Dutch+Gun]

In other words it's all about the profit motive.

Isn't it pretty much a tautology to accuse a corporation of wanting to make a profit? That's sort of like accusing the Pope of wanting to promote Catholicism.

Re:The Volkswagen scandal is a good thing

Great, so because we have a bunch of fucking idiots we can't have nice things.

Oh wait, this is the US so this is legal:

By purchasing this battery, you agree to binding legal arbitration through our pre-selected and super friendly arbitrator, and to indemnify the Company from any possible claim in court including but not limited to: wrongful death or injury, accidental death or injury.....

So why is this an issue if you can just slap a EULA on the battery's shrinkwrap and be completely immune from a lawsuit?

Oh right because it makes them more money if you can't install it yourself.

Re:The Volkswagen scandal is a good thing

[adolf]

So let me get this straight: Because big batteries are dangerous, they shant be sold to mere mortals.

But a mere mortal can go up to the counter and order a set of brake pads, lines, and calipers. A mere mortal can buy a replacement seatbelt. A mere mortal can buy a set of ball joints, suspension bushings, tie rods, and/or control arms.

A bad installation of any of things things can result in death.

What makes batteries so special?

(And before anyone says something about "potential energy," let me remind you that in most states folks are also allowed to pump their own gasoline into their own cars.)

(And nevermind the fact that big/dangerous batteries are widely available ell over the place. Just not, apparently, at the Honda parts counter.)

Re:The Volkswagen scandal is a good thing

[nitehawk214]

EULAs have been proven unenforceable time and time again. If you put a sign on the front of your business that says "if you hurt yourself while on our premises, it is not our fault", you can be sure the first idiot that stubs his toe is going to sue you. And even if they don't win its going to be expensive for the business.

Probably the downfall of our litigious society, but you can see why companies have to be in constant CYA mode. On the other hand, this does prevent us from having companies make faulty items or have willfully unsafe premises and not have to pay for damages.

Re:The Volkswagen scandal is a good thing

[thegarbz]

They didn't even listen to my argument that I had a degree in Electronics Engineering and had worked as an Electronics technician, so I probably understood the fact that batteries are dangerous.

Then as an engineer and a technician you should be well aware that you pretty much can't do any specific work without certification for that piece of work. Understanding and doing are not the same thing, just like being an engineer doesn't mean you can go and wire up your own house in much of the world.

Mind you I agree that it's licensing gone mad, but people aren't trusted to kill themselves anymore without transferring liability onto someone else, and as such we don't get to play with toys anymore.

Re:The Volkswagen scandal is a good thing

It may push even Congress to allow us access to our own cars' ECM and diagnostic systems.

And opening up the possibility for anyone to fiddle with the emission controls etc.? I very much doubt that'll happen.

Re:The Volkswagen scandal is a good thing

[war4peace]

EULAs have been proven unenforceable time and time again. If you put a sign on the front of your business that says "if you hurt yourself while on our premises, it is not our fault", you can be sure the first idiot that stubs his toe is going to sue you. And even if they don't win its going to be expensive for the business.

In the States, probably.
In my country, nobody would give a fuck. Such a sign is legally-binding.

Re:The Volkswagen scandal is a good thing

[drinkypoo]

What makes batteries so special?

(And before anyone says something about "potential energy," let me remind you that in most states folks are also allowed to pump their own gasoline into their own cars.)

Not to mention that an automobile is already a device for turning potential energy (in fuel, or a battery) in to kinetic energy which could kill someone. And they kill a whole lot of someones every year. How many people are killed by screwing with their hybrid battery?

Re:The Volkswagen scandal is a good thing

[drinkypoo]

In the States, probably.
In my country, nobody would give a fuck. Such a sign is legally-binding.

Nobody gives a fuck in a country with national health care, either. If you break your toe, you just go to the doctor's. The ACA is a punch right in the nuts for small business. It solves problems for the poor, creates problems for the middle class, and the rich just get to sit back and laugh as per usual

Re:The Volkswagen scandal is a good thing

[KGIII]

After I designed my place, including the various sub-drawings thanks, I actually helped the various contractors build my house. I even helped the electricians. In my area you can fun your own initial wiring but it has to be inspected before they'll hook you up to the mains. I did not help the roofers. That looked like work and it was August.

As for my drafting work, that was all checked by a real licensed architect. I was told that I did, "much better than expected." I suspect they say that to everyone but they really didn't change much of anything and liked my idea of running plenty of conduit. As I have an envelope house, I do wish I'd thought ahead and run a BUS line and drop channel through it though I've not needed it yet. I could add it on but I'm unlikely to bother doing so. It would be nice to have, however.

Re:The Volkswagen scandal is a good thing

[nitehawk214]

The uninsured would have gone the hospital and not paid a dime anyhow. The ACA doesn't change much for injuries except some accounting on the billing side.

For preventable diseases, this will cause previously uninsured to seek a doctor instead of waiting for it to be an emergency. An emergency room visit is about 100x more expensive than a doctor's office visit. Plus everything dangerous is more survivable the earlier it is detected.

Re: The Volkswagen scandal is a good thing

[O('_')O_Bush]

People don't sue to pay for doctor bills... people sue because "pain and suffering" for a few hours can make them millionaires overnight.

Re:The Volkswagen scandal is a good thing

[ScienceofSpock]

So why is this an issue if you can just slap a EULA on the battery's shrinkwrap and be completely immune from a lawsuit?

Because it won't prevent relatives of injured/killed parties from filing a suit.

Re:The Volkswagen scandal is a good thing

[adolf]

I have no citation, but I'll wager on the following: More people are killed working under their Hondas, than are killed by screwing with the battery in their Hondas.

"Deadly voltage" is pretty far down on the flow-chart of ways to get fucked-up working on a car -- even if the flowchart only includes hybrids.

Re:The Volkswagen scandal is a good thing

Chemical, not potential. Potential is at the top of a hill.

Re:The Volkswagen scandal is a good thing

[samwichse]

The good news is, depending on the year, you can get a better aftermarket battery than the NOS crap Honda is selling anyway.

Call Eli over at Bumblebee Batteries, he'll sell you a battery for self-install no problems. Heck, even Dorman sells new hybrid batteries now.

http://bumblebeebatteries.com/...

Bought a replacement from them for my 2004 HCH ~3 years ago, works like a champ.

Sam

Open source ECM?

[sims+2]

Wouldn't it be nice to be able to make your own ecm with a arduino or raspberry pi? Last one I had to replace was $700.
That kind of money will buy a lot of add on boards.

Re:Open source ECM?

[0123456]

Wouldn't it be nice to be able to make your own ecm with a arduino or raspberry pi? Last one I had to replace was $700.

That would be great. Until it broke after about two miles.

Cars are generally considered to one of the toughest environments for electronics. For example, there's so much electrical noise that you really, really, really don't want to be using RAM without error correction.

Re:Open source ECM?

It's hard to understand what you mean by this. Do you mean that the R-pi is far and away better? In that case, I agree (owner of three R-pi and no Arduino).

Re:Open source ECM?

[JBMcB]

It takes multiple years to type-approve an ECM for a single application. That's on top of the years-to-decades of development on the engine itself.

But if you think you can hack together one with a consumer grade ARM, go right ahead.

Re:Open source ECM?

Here you go:
http://rusefi.com/wiki/index.php?title=Main_Page

Re:Open source ECM?

He means people like you.

Re:Open source ECM?

[sims+2]

Thats impressive thank you!

Re:Open source ECM?

While there are certainly micros with ECC used in automotive electronics, I wouldn't say even a majority use them, only a few critical modules on the system will and not even all of those. Off road equipment(my industry) typically uses micros targeted for automotive and entire families of micros do without ECC.

Re:Open source ECM?

[0123456]

Again, read the court documents on the Toyota ECU in the 'unintended acceleration' cases. The people who examined the software showed that a single bit flip could cause the ECU to stop reading the throttle, because there was no ECC to correct it.

Re:Open source ECM?

A 10% or even 5% failure rate would be a tremendous expense for a corporation just for replacement parts & labor. A 10% failure rate for a hobbyist mod is nothing short of success. And then there's the legal issue--a hobbyist is probably judgment proof were anybody to sue him. Whereas even if the bad ECM had no safety implications (and thus no negligence issues), the corporation is burdened by legal liability under a host of consumer and regulatory agency laws inapplicable to the hobbyist.

Telling somebody who wants to put in the effort and time, "don't do that, it's too difficult" is pretty stupid. He may be more than capable (this is Slashdot afterall, and as far as its fallen there are still quite a few experienced engineers here), and in any event the best way to learn how difficult something is to attempt it yourself.

Re:Open source ECM?

Neither of those have an eTPU.

As far as I know there isn't an OSS eTPU compiler, nor is there isn't an OSS compiler for the PPC chips that most automotive ECMs use.

Re:Open source ECM?

[Aighearach]

While I agree it is not feasible to home-brew an internal combustion ECM for a modern automobile, you should be advised that the full range of "grades" of parts are available to consumers. There is no special access for auto grade or military grade parts, it is just a different temperature/vibration/noise spec. There is no difficulty at all in choosing industrial controller chips and components. Getting even vaguely close to the needed timing adjustments based on sensor readings would be a major project though.

For a full electric car, you can buy aftermarket controllers, and building your own is totally feasible for somebody that can design circuits and write firmware. In practice amateur controllers rarely get the range that higher quality commercial controllers do, but a good build can beat a cheap controller. The first one I saw was in the 90s.

Re:Open source ECM?

[drinkypoo]

While I agree it is not feasible to home-brew an internal combustion ECM for a modern automobile,

You guys are all sitting around arguing if it can be done, when it has already been done. Megasquirt is a homebrewed ECU which can be twiddled in build for different injector drivers etc. You can use it as a replacement PCM for tuning or you can use it for adding EFI to a carbureted vehicle.

You guys think that ECMs are rocket surgery or something, but they frankly are not. Yes, there's a lot of noise underhood, but the ECM is located in a metal box. Yes, there's a lot of vibration in a car, but the metal box of the ECM is normally shock-mounted. And you think it's hard to do better than the real guys, but they screw it up too, and they don't try particularly hard.

Remember, companies were throwing together working ECMs back in the eighties out of discrete components and one dinky microcontroller. Hitachi used a 3 MHz 6800-series chip in the computers that ran the Impreza, 240SX and some of its other contemporaries.

Re:Open source ECM?

[JBMcB]

And you think it's hard to do better than the real guys, but they screw it up too, and they don't try particularly hard.

Remember, companies were throwing together working ECMs back in the eighties out of discrete components and one dinky microcontroller. Hitachi used a 3 MHz 6800-series chip in the computers that ran the Impreza, 240SX and some of its other contemporaries.

They do screw up sometimes, that's why there are years of testing done.

It's not the parts, or even necessarily the code. It's the process and experience. You need something that works reliably with precision AND accuracy for the life of the engine (ideally more than ten years) under every possible condition.

 

Re:Open source ECM?

yep. and by the time that he was finished hardening and testing it, he'd probably be out $70k.

Re:Open source ECM?

Just use a carburetor car with a steel wire throttle, no more ECU software problems.

Re:Open source ECM?

[Aighearach]

When people say something complicated "isn't feasible for home-brew," they're not saying it is rocket surgery or brain science.

Heck, a great example would be rocket science, something people absolutely do at home, using kits, but doing it entirely from scratch "isn't feasible for home-brew." You need to be some sort of smarty-pants who can understand the relevant details of the underlying technology, and take on the risk associated with doing it.

In the case of an auto ECM, it isn't just the owner's risk that needs to be consented to, so it is not obviously as simple and safe as home-brew manned rockets.

If you're literally just talking about driving things with a custom PCM in the shop, yeah I can do that on a breadboard with a 555 and nobody is going to get hurt unless I slip my thumb under the timing belt.

80s ECMs were doing very little, and sucked at it pretty bad. There was motivation for companies to sell replacements, and it still wasn't very popular or lucrative. Modern ECMs work very well. Few people even want to replace them, because they really do work well, and it is difficult to get parts to even fit unless the part is made as a replacement, in which case it already has sensors compatible with the original. It is not normal to add entirely new engine functionality onto an existing engine. What they want, and do, is usually to tweak the constants to reduce emissions control. That is way over 99% of the demand for alterations.

The other use case cited is diagnostics, but that is already available through a standardized access port. There is a lack of documentation that is limiting, sure. If somebody had some Free Software for the elm chip or something similar so that it would start creating a giant database of seen data, then in a decade we'd be able to correlate easily and be able to create something like the proprietary diagnostics, but that would run on-board and give you early warning of exactly what was failing. On my own vehicle, a 2000 Nissan, there is actually very little in the service manual that can't already be done with a Generic Scan Tool, which is approximately what a Elm+Android setup is. And yet, there is very little action happening in the areas that available. Why? Because most of the interest that cites diagnostics is not from people willing to put time into that sort of project; it is just a checklist reason to include when people want to increase their pollution to save 3 cents and prove that hippies suck.

Re:Open source ECM?

[drinkypoo]

Few people even want to replace them, because they really do work well, and it is difficult to get parts to even fit unless the part is made as a replacement, in which case it already has sensors compatible with the original.

It is not difficult to get parts to fit. You just splice the harness. There's only a few different types of sensors ever used, and they all fall into a small handful of resistance or voltage ranges, so supporting them is trivial.

It is not normal to add entirely new engine functionality onto an existing engine. What they want, and do, is usually to tweak the constants to reduce emissions control. That is way over 99% of the demand for alterations.

Nearly nobody is replacing their PCM to reduce emissions control, because that is expensive. Yet, there are still quite a number of companies making aftermarket PCMs. That is because people are adding entirely new engine functionality onto their engine, in many cases; for example, aftermarket turbocharging is relatively common. In other cases, people replace the PCM because its hacks are not yet well-known and they need to replace it for tuning for parts changes, e.g. a hotter cam.

The other use case cited is diagnostics, but that is already available through a standardized access port. There is a lack of documentation that is limiting, sure. If somebody had some Free Software for the elm chip or something similar so that it would start creating a giant database of seen data, then in a decade we'd be able to correlate easily and be able to create something like the proprietary diagnostics, but that would run on-board and give you early warning of exactly what was failing.

It would take more than that. What it would really take is doing OBD-II sniffing of use of the dealer scan tool, with a video record of what was done that could be correlated to the trace. ELM-327 can run in a capture-only mode where it does precisely this, and presumably this is the mechanism by which many of these codes have been discovered. A clever user could hook up a sniffer someplace sneaky, adding a second OBD-II port if necessary (some cars already have them!) and then take their 2 liter TDI VW in for service, and find out precisely what's being flashed...

Re:Open source ECM?

[Aighearach]

When I was talking about getting parts to fit, I'm talking about mechanical parts. These are mechanical engines, with an electronic controller. The controller doesn't need to have new code to replace existing functionality; for that you fiddle the constants. New mechanical parts that would need new controller code don't fit without doing real engineering. In practice it is rarely done.

And the reason that nobody is replacing their "PCM" for emissions is that vehicles don't generally have a separate PCM and ECU, they have an ECU and the PCM is only discussed separately because that functionality has a separate harness going into the ECU. The only usefulness of discussing "PCM" in the context of home-brew would be Pulse Code Modulation to test sensors. The Powertrain Control Module isn't even an actual part in most cases.

And yes, the reason people change them is to turn down the emissions controls. We're talking, over 99% of the actual use. People talk about "custom tuning," that is what they mean. They're not better engineers than the guys at the car company; and the electronics didn't get out of tune. Fiddling bits in the controller, or replacing it, isn't going to make magic ponies fly out of the exhaust. The only reason the narrow performance that the user cares about is going up is because emissions controls are going down.

The additional OBD-II reader is exactly the right approach for learning what is being flashed, and lots of people are already using an additional diagnostics system that connects to the OBD port internally. I do think you missed my main point there though. It wouldn't take "more than that," because what I described would end up with a better passive diagnostics system than the dealer has. Reading the codes for the active tests would be very useful; that is the only missing functionality right now. But if you spend any amount of time in the factory service manual for an ECU, you'll realize that almost everything the fancy tools (CONSULT-II/III, etc) can test actively, the GST (Generic Scan Tool) can also test passively in combination with a multimeter. You could have that whole diagnostics process built into the car with an open tool, and a shared database of code and repair history could be designed to uncover correlations programmatically. Using just the known GST techniques, open tools would have a best-case scenario of being able to far exceed the predictive power of the proprietary tools, because the proprietary tools don't try to correlate very much; they're mostly an expert system based on existing shop methods and practices.

The GST is the one most shops have, that they "only" paid a few thousand for. The CONSULT is the one that dealers have.

Re:Open source ECM?

[drinkypoo]

And the reason that nobody is replacing their "PCM" for emissions is that vehicles don't generally have a separate PCM and ECU, they have an ECU and the PCM is only discussed separately because that functionality has a separate harness going into the ECU.

No. PCM is legally mandated terminology used in the OBD-II specification, so the use of that term is commonly associated with OBD-II vehicles. Before that the dominant term for the same thing was ECU. Even before OBD-II, it was not unheard of for the ECU and other modules (e.g. the TCU/TCM, which is just different names for the same thing as well) to communicate. For example, the 1989 240SX and 1993 Impreza shared an automatic transmission, ECU, and TCU which would perform automatic rev-matching downshifts. (It probably also appeared in other vehicles.) My lady's 2000 Astro can't manage that with its 4.3l V6 and 4L60E transmission, sigh. If I can ever get the cam timing correct on my 1997 A8, it does the even better trick of slip-shifting between gears in its 5-speed slush box, which requires moderating engine torque output and precise control over TC lockup. Still planning for a six speed swap sometime.

Re: Open source ECM?

Such as this? http://speeduino.com

Re:Open source ECM?

[adhdengineer]

as an owner of three Rpi and four arduinos and two PIC board (one with an FPGA as well) plus three FX2LP 8051 High speed USB micro boards, i can safely say none is better. It depends on the application.

Re:Open source ECM?

Wouldn't it be nice to be able to make your own ecm with a arduino

Something like this? http://speeduino.com/

Who Exactly Gets To View a Company's Code?

Why should "researchers" get to view the code? Here in Silicon Valley I cannot think of any instances where any outsiders routinely get access to a company's code.

Re:Who Exactly Gets To View a Company's Code?

[Locke2005]

Because they are not selling software, and having the emissions control firmware for a Volkswagen doesn't really help anyone insane enough to try to create their own Volkswagen. Whereas with most software, once you've got the code, that's all you need to recreate your competitor's product.

Re:Who Exactly Gets To View a Company's Code?

[0123456]

Why should "researchers" get to view the code? Here in Silicon Valley I cannot think of any instances where any outsiders routinely get access to a company's code.

Because people die when the programmers screw up.

Read the court documents on Toyota's ECU software sometime, to see what 'researchers' found when they were allowed to look at it.

Re:Who Exactly Gets To View a Company's Code?

[Aighearach]

While I do think the code should be available for third-party review for safety reasons, I want to disagree with the claim that they don't sell software. They do not sell the hardware without the software, and the products always have the software. To put it another way, they distribute software, and the only way to receive it is to buy the controller with it. Saying they're not selling the software makes as little sense as saying they're not selling the hardware, they just give it away free when they sell the software. But no, they sell the software and hardware together.

The funny part of this whole story is that the linked PDF letter from EPA counsels against a DMCA exception for automobile enthusiasts specifically because they're concerned the main purpose it would be used for would be to reduce emission controls. And they're probably right about that point. The speculation here that this VW cheating will cause things to open up is exactly backwards. It will just create pressure to have the testing and validation process include a code review. But that won't actually happen, because road tests already solves the whole problem more cheaply.

Re:Who Exactly Gets To View a Company's Code?

[thegarbz]

Because people die when the programmers screw up.

Read the court documents on Toyota's ECU software sometime, to see what 'researchers' found when they were allowed to look at it.

Oh please. Because a few people died in a car? I could think of countless far more critical applications such as industrial safety systems where there's no open source code review. Much the same could be said for an operating system too.

Re:Who Exactly Gets To View a Company's Code?

You are probably trying to make some point but you are failing miserably at it.

Re:Who Exactly Gets To View a Company's Code?

Why should "researchers" get to view the code?

Am I the first conspiracy theorist to say that the VW emissions fiasco could be a false flag op to force all car makers to reveal their software, just like 9/11 gave the govt a lot of powers? I mean, how long did VW think they could get away with cheating the emissions test? It was a matter of time they would get caught, so getting caught was probably part of the plan.

BTW, the emissions test could be done by attaching a device to the tailpipe and asking the driver drive a few circles around an empty track. There's no easy way any software or hardware can detect that a emissions test is being done in this case.

Re:Who Exactly Gets To View a Company's Code?

Building codes are coming! Look out for the code inspectors at your work place in the future! For a real example you only have to look what a large company in Seattle had to do in this regard, and the others as well. Every time there are a sufficient interest the governments tend to involve themselves.

Re:Who Exactly Gets To View a Company's Code?

[drinkypoo]

While you're technically correct, the software in a car doesn't really give a competitive advantage because it's all broadly the same. In fact, mostly the cars have the same PCMs; you'll find the same Bosch PCMs used between Audis and Jaguars and BMWs, just as you find the same ZF transmission in Audis and Jaguars and BMWs (and with no dipstick in any of these applications, the bastards.) For example, my 1997 A8Q has a Bosch ME7.1 PCM which was literally also used in Jags and BMWs. And that PCM is broadly the same as a Bosch Motorsport PCM; you can use the motorsport software to create new fuel maps etc., which can then be manually inserted into your ME7.1 flash image. No code is actually written for different vehicles; you just configure the settings in the PCM differently. It does actually output a new code blob with your settings, and you flash the whole thing, AFAIK. But it's just a program reading your maps and config options.

Re:Who Exactly Gets To View a Company's Code?

[Euler]

I'd like to make sure there is professionalism and safety is a priority in BOTH places. Code review is just one aspect.
Industry is probably further ahead than you imagine, look up SIL.

Open-source just isn't going to happen in auto or industry. The only people who will spend time looking at it will be the competition (who would love to see your product fail), or students who have spare time but no frame of reference. Neither is a comprehensive means of reviewing code in the proper context.

An independent (and closed-source) code review should be a part of some industries. But it has to be conducted according to those specific industry norms and testing specifications. That takes years of experience and typically a committee of professionals from that industry to define.

Re:Who Exactly Gets To View a Company's Code?

[Mal-2]

If getting caught was part of their plan, then was the next step crashing this company with no survivors?

Re:Who Exactly Gets To View a Company's Code?

[cliffjumper222]

Read the court documents on Toyota's ECU software sometime, to see what 'researchers' found when they were allowed to look at it.

Summary:
Mirroring (where key data is written to redundant variables) was not always done. This gains extra significance in light of
Stack overflow. Toyota claimed only 41% of the allocated stack space was being used. Barr's investigation showed that 94% was closer to the truth. On top of that, stack-killing, MISRA-C rule-violating recursion was found in the code, and the CPU doesn't incorporate memory protection to guard against stack overflow.
Two key items were not mirrored: The RTOS' critical internal data structures; and—the most important bytes of all, the final result of all this firmware—the TargetThrottleAngle global variable.
Although Toyota had performed a stack analysis, Barr concluded the automaker had completely botched it. Toyota missed some of the calls made via pointer, missed stack usage by library and assembly functions (about 350 in total), and missed RTOS use during task switching. They also failed to perform run-time stack monitoring.
Toyota's ETCS used a version of OSEK, which is an automotive standard RTOS API. For some reason, though, the CPU vendor-supplied version was not certified compliant.
Unintentional RTOS task shutdown was heavily investigated as a potential source of the UA. As single bits in memory control each task, corruption due to HW or SW faults will suspend needed tasks or start unwanted ones. Vehicle tests confirmed that one particular dead task would result in loss of throttle control, and that the driver might have to fully remove their foot from the brake during an unintended acceleration event before being able to end the unwanted acceleration.
A litany of other faults were found in the code, including buffer overflow, unsafe casting, and race conditions between tasks.

Source Link: http://www.edn.com/design/auto...

Re:Who Exactly Gets To View a Company's Code?

[Aighearach]

As a software guy I generally agree, but the idea that the software code and the configuration code are different is rather hair-splitting here, though obvious and important from system design and implementation perspectives.

That the code doesn't change just means that the formulas needed to manage that type of machine don't change from model to model. But the constants do. While it is normal and good for a software guy to think about data and code as being different, in this case it really doesn't matter. If they compile the constants into the code, or store them in some sort of separate memory, that doesn't actually change what they're building or how it interacts with the users. I know for a fact that some are using Harvard Architecture with physically separate storage for code and data, and in that case it is just the data portion that most people want access to. But still, both are probably stored on a single chip. So for the purposes of the DMCA, where it is the protection device rule that is at issue, they are the same. You can't access any of it without defeating the protections. If we had the exception for auto electronics, then the exact architecture used would affect the details of the Fair Use evaluation, but not by very much; once you get past the anti-access provision, whatever you need to interoperate is already Fair Use.

That said, I also know for a fact many ECUs do not use Harvard Architecture, do mix the code and data in the same storage, and people modify them by flipping bits in the binary to change the stored values. In that case the original value is literally compiled in. Sure, if you actually have access to the code it is just a different header file with those values. But just because software engineering practices encourage thinking about code and data as being different, in the actual implementation that is often an arbitrary distinction.

The real fear of the auto makers is that third-party ECUs could start to displace the vehicle brand, and people might start treating the body and engine as generic, and the ECU as the part that gives the vehicle its identity and performance tradeoffs. Instead of a "Ford Foo," maybe somebody is buying an aftermarket "Joe's FreedomCar (custom Foo model)" and then for their next car, they might get a "Joe's FeedomCar (custom Bar model)" based on a Honda. If they are also replacing driver instrumentation, they might really manage to change the driving experience enough to hijack the consumer association.

It is going to get much, much harder to stop all this when things go electric, because an electric ECU (MCU?) doesn't even need to be designed for a similar model motor; each feature can controlled entirely by sensor feedback, and the differences between ideal and actual parts can be detected by sensing voltage and current in different places. Existing third-party controllers already work easily with fairly random collections of home-brew parts. There is no complicated emissions technology to manage or worry about. If they want to lock us out, fine, in that case you can replace the whole controller.

The same thing is happening in the wifi world

But it's even worse with the FCC taking shots at free software (ie sources are available). They want devices locked down and it isn't (despite the implication by some) exclusive to wireless routers as some articles make out. Any device with a 5Ghz wireless radio is going to be locked down because manufacturer have no incentives or real good means of complying short of locking everything down. When market pressure is to go lower on price and core pieces are designed by only a handful of companies (like Qualcomm, Intel, AMD, Broadcom, and similar) the actual produce becomes cheap as market pressured push pressure on price resulting in expensive fixes only a niche audience will care/understand unlikely.

ThinkPenguin is the *only* company directly participating in the Save Wifi campaign selling and working on a *truly* freedom respecting router and embedded distribution (libreCMC). The rest are upstream (Qualcomm) and/or organizations within the privacy, free software, or open source communities. In fact the core brands (Linksys, D-Link, Netgear, and Asus) haven't even been willing to comment on the problem. They've got incentives to even deny there is an issue because the *rest* of the rules are going to make things cheaper/easier for them. They're likely willing to sacrifice your freedom for those other benefits.

Re:The same thing is happening in the wifi world

[spire3661]

You don't have to buy a router/AP combo.... I get what you are saying but this is an absolutely trivial problem to solve, separate your router and Wifi AP into discrete devices and tell the FCC to suck it.

Re:The same thing is happening in the wifi world

[Lennie]

The same thing has been going on with the FCC and WiFi for many, many years.

The EPA isn't any different, see the quote from the article below.

"A group of automobile manufacturers said that opening the code to scrutiny could create “serious threats to safety and security.” And two months ago, the E.P.A. said it, too, opposed such a move because people might try to reprogram their cars to beat emission rules."

The EPA or FCC won't be the ones that will fix this.

There is only one solution, start creating the open source code, it will take many, many years but eventually it will be as good or even better than the original manufacturers.

Re: The same thing is happening in the wifi world

Try http://orp1.com/

Re:The same thing is happening in the wifi world

[drinkypoo]

You don't have to buy a router/AP combo.... I get what you are saying but this is an absolutely trivial problem to solve, separate your router and Wifi AP into discrete devices and tell the FCC to suck it.

it's not even that. just separate your router from your wifi Radio. And router firmwares often already have different regions or even files for system and firmware flash (even more common in cellphones) so there's no problem letting you update the system firmware but not the radio firmware. just write-protect the radio portion of the firmware.

Re:The same thing is happening in the wifi world

[suutar]

It seems like there should be a way to build into the hardware something to prevent the power used for broadcast from being over the limit. After that the firmware can do whatever it wants, no?

Spelling pet peeve

may have lead companies

The past tense of "lead" is "led".

Captcha: mislead

Re:Spelling pet peeve

[Locke2005]

Oh, so it's "Led Zeppelin" because nobody's leading them anymore? Now I understand...

Re:Spelling pet peeve

They were originally going to call themselves "Guided Zeppelin." True story!

Re:Spelling pet peeve

[penguinoid]

Maybe "lead companies like Volkswagen" is a reference to their stock prices.

Re:Spelling pet peeve

Actually it's LED Zeppelin.

Re:Spelling pet peeve

In addition, "may" is used for permission and possibility. "Might" excludes permission.

Re:Spelling pet peeve

[Hognoxious]

Under article 27.b subsection iv of the slashdot meme regulations that pun is only allowed when discussing wifi/3G blimps.

At the risk of getting whooshed, the band changed the spelling because people didn't know whether to pronounce it as the metal or as t rhythm.

No idea what Def Leppard's excuse is.

Re:Spelling pet peeve

[KGIII]

I'm going to wait for it to bottom out and just as it starts to rise again, I'm going to buy a whole shit ton of shares. Literally, thousands. So, do me a favor, keep complaining about VW anywhere and everywhere. This is a huge gamble on my part but I have every reason to believe they'll weather this storm and come back to their regular price.

This, folks, is why I actually *do* base my investing strategy on the comments made on sites like this. It has been lucrative. Technically, I have more money now than I had after selling my business. They're not really liquid asset but, still, they're trivially liquefied. My 'major' score was based on the comments here at this site, the goobers at Fark, and the likes. They were all interested in this EV known as Tesla. I bought 2000 shares.

I'm actually kind of surprised that it has been as lucrative as it has been. Honestly, I don't have the foggiest idea of what I'm doing which is why I keep a separate "play" portfolio that I manage myself though an online vendor (I don't suppose I'll shill for them). I mean, yeah, I now understand the general idea and probably understand the ins-and-outs more than many folks but I still don't really know what I'm doing except for just observing trends and acting on those.

Strangely enough, good investments seem to also be in food stuffs. Go and look at which company is selling the most breakfast cereal. They're usually under a mature parent company and make good returns on your investment though they are less volatile and the potential gambling winnings are less but the odds are better. Many (most?) even pay a dividend. It's like free money just from reading and commenting to ask questions on Slashdot.

I've been told (usually by people who profess to work in this industry) that my investment strategy is borderline retarded. I've been told this time and time again. They're probably right but my average is ~18% if I include the first few years where I failed miserably (buying low and selling even lower is not a good investment strategy). I regularly beat my investment manager but, to be honest, they are tasked with keeping my money protected and are after entirely different goals. I'd be kind of pissed if they took the risks I took.

One of the added benefits is that I often get to do things that encourage the more ethical businesses. In addition to being able to donate the profits, sometimes I get to invest in smaller companies or the likes. I could lie and say that this is altruism but, honestly, it's only partially so. There's the altruistic aspect but there's also the financial motivation. I try to find businesses that are 'trendy' and invest in those. I also look for things that are a near certainty - like VW's stock bouncing back. I am 100% certain that their stocks will return to normal, I'm not certain of the time-frame. However, the time-frame is fairly close to irrelevant because I know that frame will be short enough to ensure a decent yearly growth when averaged out - it will be higher than I'd get in a bank or in bonds. At the very least it will not be negative.

So... Thank you. I appreciate this. Crash the ever living hell out of the VW stocks - they're doing it on their own so you might as well help them. I can play the long-game (and always do, short term or day trades are too labor intensive for me and this is just a hobby) and wait it out. Bottom the hell out of VW, please. I even do nice things with the profits, such as donate to various causes - one of which is EFF. So, the more this stock drops the more potential benefit to EFF. There's some potential benefit to one of the organizations that we value here.

Re:Spelling pet peeve

[nanter]

If you're going to be a grammar nazi, you should at least have a good command of grammar.

It's not the "past tense." It's the present perfect, and 'led' is the past participle.

is that "code" for something?

[turkeydance]

like: fraud?

We need software engineers

[reg]

Professional engineers, not self proclaimed ones. Ones that sign on the dotted line taking personal responsibility for the code they write. With self driving cars, robots, drones, etc. we need to be able to hold coders responsible, the same way we hold held civil and mechanical engineers responsible.

Re:We need software engineers

Who says they won't be? There's no special law that protects software engineers, even in a negligence suit. This particular scheme was fraud, and probably criminal fraud, and there may be other federal criminal charges that could be brought up as well.

The reason why you don't see many negligence suits against software engineers is because you have to show that the engineer (like any other defendant) knew or should have known what his software was going to be used for. If I write an open source library that miscalculates 2+2, why should I be held responsible if it blows up a space shuttle, _unless_ I knew it was going to be put into the space shuttle?

Of course, the legal rules and tests involved are much more complex than I let on here, but my point being that software engineers aren't held to any kind of a different standard. It's just that civil and mechanical engineers are more likely to work in environment where they'll have more knowledge about the particular environments their work product will be used, and so it's easier to show negligence. In particular, it's more common for those engineers to sell their services and expertise directly to a client, whereas most software engineers deliver something more like a product. Also, it's much easier to show a particular standard of care, and thus a breach of that standard of care. What standard of care is there for writing a JSON parser? Did you fail to meet that standard if there's an off-by-one error in the Unicode surrogate pair processing?

Companies selling software are often suited directly in situations where the software engineer who wrote the code wouldn't be, simply because the sales person had knowledge of the intended use (which is imputed to the company) but the engineer didn't at the time he wrote the code.

The problem isn't the law, especially in this case, where liability is exceptionally clear. It's not even a negligence issue, which is the issue you seem to be alluding to.

Re:We need software engineers

> Ones that sign on the dotted line taking personal responsibility for the code they write. With self driving cars, robots, drones, etc. we need to be able to hold coders responsible, the same way we hold held civil and mechanical engineers responsible.

Okay. Are you willing to pay for that?

I thought not.

Re:We need software engineers

Nobody is going to take that role for $50k-$80k per year. And in case you haven't noticed, companies are desperate to lower wages of software developers

Re:We need software engineers

Hahahaha. So you're going to pay at least 10x as much for all software and support?

Re: We need software engineers

[517714]

H1B visas solve a multitude of problems.

Re:We need software engineers

[CanadianMacFan]

While I agree that there needs to be that professionalism it will be hard to achieve. With the engineering practices (civil, mechanical, aerospace, etc) you can't easily substitute another person to do the work. A software engineer can be easily replace by someone who did a computer science degree or even someone who was self taught (there are some good self taught people out there just like there are some bad software engineers). In many positions the background is interchangeable.

Plus there are laws and regulations in place that require sign off on projects of a certified engineer in those disciplines. There is no easy way you could force a new designated professional software engineer to sign off on every piece of software. Does the person that writes apps for mobile phones which utilizes GPS have to find an engineer to sign off on the project in order to sell it?

What we really need is for people to stand up for the right thing and for them to have an outlet to do so. Unfortunately too many people just don't care and the few that do usually can't. I spent some time working in the government and I came across things that were just wrong. Decisions that were made so that managers would look good for the most part.

For example, there was a project to build a custom photo voting app that was so bad that every day it had to be redeployed with the latest submissions. They should should have spent half a day to find an open source, free project to do the job, test it out, and deploy it. But they had a "We have to build it here in Java" mentality and they built bad software. The developer was spending about a 1/4 day repackaging the program with the new photos every day to get it ready for the next day's deployment. And the kicker was that they developer got a bonus and a write-up because they spent so much over-time on the app. There was also the $25k on a server that nobody used but had to be rushed into production and the $100k a year on licensing data from the US which was freely available on their website in order for the manager to boost the website traffic. I would have loved to go somewhere to get this waste stopped but everyone up my chain of management wasn't interested. I tried on other things. So I just concentrated on the stuff that I could change and did that.

Re:We need software engineers

I don't know of any engineers that hand code for ECMs like this any more.

It's all model based control done by engineers.

Re:We need software engineers

[thegarbz]

Does the person that writes apps for mobile phones which utilizes GPS have to find an engineer to sign off on the project in order to sell it?

You say all of this because you don't understand the certification requirements for many professional engineers. I am an electrical engineer but if someone asked me to sign off the design of a high-voltage substation and I signed I could be stripped from my registration. We define areas of competence. They are loosely defined but it basically says that an engineer is not able to sign of on something he doesn't truly understand and doing so opens him up to not only direct litigation but stripping of his rights to act as an engineer (distinctly opposed to just screwing something up which doesn't strip you of your right to engineer but could still drag you through the courts).

So no I wouldn't expect an engineer in your example to sign off the project. Fortunately there's lots of people out there and most of them are competent in many areas.

Re:We need software engineers

[thegarbz]

Morning coffee hasn't kicked in, but I just re-read what you said. Ignore me and mod me to oblivion. You're right in some cases there's no harm or impact so there should be no need to sign off on something. In many ways that's consistent with the other industries though. Technically I can't type a V=IR equation into a calculator without potentially being liable if I'm not a registered engineer or working directly under one. In practice it doesn't work that way.

Typically it works more like certain professional jobs require certified engineers. Certain jobs imply certification is required. The ones that imply it are typically the ones where if someone goes wrong and someone is badly affected they go back and see if the engineer was a registered professional engineer and competent to do the job. The example in this month's Engineering newsletter was of someone who designed house footings incorrectly . No one batted an eye until someone said it didn't look right and another engineer said it was all wrong, then they went back and checked on the original guy.

There's black and shades of grey, no white. Does someone playing with your GPS mobile phone app suddenly die if GPS is lost due to a bug in the code? If so, even if unforeseen, you should be held accountable.

Re:We need software engineers

That is what liability insurance is for. Actual engineers, architects and such have those. So do doctors and the result may be a similar cost structure to the medical industry eventually. :(

Re:We need software engineers

[KGIII]

You're wrong. Yes, yes I am willing to pay for that. I could buy my clothing from a department store. Instead, I buy from L.L. Bean or the likes. (Yes, their flagship store is as awesome as you might imagine.) I already pay more for a better automobile where my daily driver is concerned. I pay more for my hardware. I pay more for building supplies. I pay more for food.

No, not all of us are looking for the lowest possible cost. We're also not looking for the most expensive. We're looking for the best returns on our investments and the highest quality goods at the most reasonable prices. I don't mind spending $200 extra on a phone because I'm going to be able to use that phone for several years. Amortization over all those years makes the additional expense trivial and the benefits are such that it is worth it to me.

In short, math is a thing and you're mistaken if you think that the world is solely populated by those who are incapable of doing simple algebra in their heads. Yes, yes I will pay more for stability, function, durability, and accountability. I already do.

Re:We need software engineers

[KGIII]

I am not sure why that is. I'll try to explain but, please, understand that I'm tired and not the most articulate.

I owned my own company. I've spoken with many others who have been in the same position. I have crunched my own numbers and have spoken, extensively, with others who have done the same. In almost every field (I'm unable to think of many that do not fit this pattern) the cost of labor is trivial when compared to other expenses.

To give an example, I paid some employees more than I was actually paid. (I did have the benefit of being the owner of the cookie jar, however.) Now, I paid very well - some had salaries that exceeded six figures. Add to that the various expenses associated with hiring, insuring, and providing other benefits... Add all that up, including space occupied, parking provisions, and the likes...

I still paid FAR more to Xerox for printers than I paid some employees. There were plenty of times that I spent more on licensing software and buying hardware (we were a Sun shop, mostly) than I spent on employee salaries and benefits. Rent, prior to ownership, was a greater expense than some of the labor. We gave some people more in bonuses than some other employees made in a year. (We gave decent bonuses and some staff was simply secretarial or similar.)

Chances are, at least according to my own experiences and my questions aimed at others, labor is a trivial expense. I don't recall ever, not even once, turning down a request for a raise. Aside: If you pay them well in the first place, chances are they won't come in asking for a raise and will go much longer before they do need an increase in their wages. Imagine that?

Anyhow, if someone tells you they can't afford to give you a raise because of financial difficulties - go grab a copy machine and set it on fire. They're paying the copy machine more than they're paying you. Hell, just replace their lighting with energy efficient lights and enforce a policy of turning lights off in unoccupied rooms. After six months they can afford your damned raise.

They might be paying more, depending on their size, for managed and supplied coffee machines than they are paying you. Labor is a trivial expense though it's a higher percentage when the company is in its early stages. Cutting the cost of labor is obscene and the margins so slim that they'd do better just having a few less copy machines and hiring dedicated staff to manage the queue.

There are exceptions to this, some industries where there is a great deal of manpower or the likes. However, those are few and far between from what I've seen. If one things pisses me off more than anything else then failure to properly compensate the people who make your business possible is pretty damned high on the list. It's unfortunate that more people do not understand this. Greed is fine so long as it is not excessive - the goal is, usually, to make money if we ignore those who are altruistic. However, there's a point where it simply becomes degeneration and harmful.

Sorry if I didn't explain it well. I re-read it and it seems to make sense in my head but, as I mentioned, I'm not the most articulate of people. I am, however, verbose.

TL;DR: Pay your damned employees what they're worth and then enough on top of that to keep them happy. You'd be surprised at how that impacts your bottom line. The impact of doing so is almost certainly a greater percentage than you'd achieve by lowering salaries or paying less. (That's a generic you, not you specifically.)

Re:We need software engineers

[Impy+the+Impiuos+Imp]

Auto companies thought long and hard before including GNU and other copyleft type stuff in their products, because normally all suppliers are required to support the cost of a recall if their product is at fault (one reason for massive testing when a supplier supplies something.)

But the major software companies, i.e. Microsoft, refused to cover the cost of a recall, either, so to hell with it. Might as well use some small RTOS with public tools and utilities out of sourceforge or someplace.

Re:We need software engineers

[Impy+the+Impiuos+Imp]

Thank god no professional software engineer idiocy. The industry still moves way too fast, and this would just slow things down.

What does this have to do with DMCA, which would still obfuscate?

Re:We need software engineers

[gnupun]

Ones that sign on the dotted line taking personal responsibility for the code they write.

LOL, and what percent of VW's $14 billion annual profit do these engineers receive? Nothing. I just love how management and the company take credit for the excellent work of their underlings. But when the product fails, it's the engineer's head on the guillotine block.

Not just cars

[Tokolosh]

A myriad of consumer goods now depend on code. And if that code has problems there may be safety, environmental or cost consequences. I'm talking about all kinds of computer and networking devices of course, but also phones, industrial control systems, medical devices, smart meters, aircraft, ships and household appliances.

If the code cannot be scrutinized, there is no way to check its quality. Plus, as others have noted, no way to maintain or improve it. The only exceptions I can think of offhand are some routers (FCC is trying to plug that), and PCs (Microsoft is trying to plug that). But these exceptions entail a complete replacement, as the original code is secret.

Not so

The person or company who own the requirements owns all responsibility.

Their requirements, their testing criteria.

The coder will produce code to fit a requirement but they are not responsible for the requirement.

rgds

Re:Not so

[SirAudioMan]

Actually, in some countries/states/provinces, there are laws that protect AND also can prosecute engineers who are guilty of such offenses. For example, here in Canada, to use the term engineer, means a professional engineer (a P. Eng). It's a protected professional designation bound by various laws and regulations. A large portion of the profession is ethics and the legal requirement to whistle-blow, REGARDLESS of who pays your salary. If you want proof of this, and why this is a good thing, here is an example:

In Ontario, Canada, there was a mechanical or structural engineer (can't remember which) who signed off that a mall parking garage (was built on the roof of the mall, oddly), was in fact structurally safe. Even though there was numerous concerns by tenants and visitors about the safety of the structure, weeks after the engineers last 'pass' inspection, the roof collapsed killing two people. (see story: http://www.cbc.ca/news/canada/...).

The gist is, the engineer knew there was deficiencies and signed off on it anyway. Needless to say, he is facing criminal charges, and likely has had his licence revoked, and his career is over! If you are an engineer in Canada, you can't pull the 'my boss told me to' excuse. I know this because my father worked 35+ years as a licensed electrical engineer in Canada. You tend to pick up on things like this growing up. However, I can't speak about engineering in other countries but I would hope this is the case in the US.

Re: Not so

It is the case in the US for most engineering, but will never be the case for software engineering.

Re: Not so

[KGIII]

I think there should be such a thing for certain types of software. Let's call them mission critical applications for the sake of brevity and ease. Now, for example, such would be a good thing for software contained withing medical devices, power plants, controllers used in managing the electrical grid, etc... They will always have flaws but they should do so with a failsafe and with recovery as well as security baked in and not tacked on.

I am not, nor do I profess to be, a programmer but I have written many lines of code. I would have no business acting on this sort of thing and should not be allowed to work anywhere near it. I can't say, with any certainty, that I'm a good judge but I think we could do something like this idea. Would it mean greater expense and a longer time to roll out? Probably, at least at first. Would we need special languages? Maybe - though I understand it *might* be easier with languages such as ADA. However, again, I'm not a programmer in the truest sense of the word (or even a pretty loose definition, honestly) so I'm not qualified to opine.

Will this mean fewer features? Probably. If computing is so damned difficult then why the hell are we basing so many things on it? It's like designing software for the lowest common denominator and those who advocate for 'user friendly.' Umm... If you can't operate a computer then, just maybe, you should consider either learning how to or not basing your fucking livelihood on it.

The idea of a computer on every desktop was crazy from the outset and still is - that we carry massive amounts of compute power in our pockets (often by folks who have no idea how to effectively use it and designed to be easy enough for a child to basically operate) is absurd from the word. If you don't know how to operate a hammer you don't base your career on working in the construction industry. (Not the most perfect analogy but it's what I've got.) If you can't operate a computer then you probably shouldn't base your livelihood on it - seemingly off topic but tangentially related and hopefully fills out the point I'm trying to express. I'm not that articulate, unfortunately.

We need good software (and we have plenty of it, to be honest). We've rushed the industry and, sure, the benefits have been phenomenal. However, with all that growth has been some equally phenomenal failures. There are certain industries, mission critical application types, where there should have been accountability from the beginning. I doubt that it's too late to start with it now, it will just be time consuming, expensive, and difficult. Oh well. You don't really get to decide "needs." You only get to decide "wants."

Separate fields of programming should, indeed, be populated by professionals who are willing to put their name on their work and to accept accountability for the flaws within it. Automobiles are one such sector and would probably be better for it. You programmers should have unionized a long time ago and formed the professional engineering group yourselves and the failure to do so means that some government is going to come along and do it for you.

If you're going to get screwed you might as well get to pick the position. Additionally, think of some of the benefits to belonging to this protected group. There could even be multiple layers of certification - such as classes in boiler room engineering. Accountability is key and, again, you should do this before the government forces you and you have little or no input into the decision making process.

Someone smarter and more familiar with this than I am should act on this - making a governing body as well as formalization of a working group to establish standards (this could so be open source and collaborative) should do this. It is, eventually, going to happen in certain sectors - wait until a power plant melts down because of a bug in the code or because of improperly implemented security.

Hmm... As an aside, this might be a good thing and approved of by that AJT fellow who advocates micr

Re: Not so

We have in Canada sure, but Open Source does not care about professional engineering titles and liability and never will. You cannot regulate software for engineering.

There maybe some peng people doing open source, but code patches to projects do not and will never require it.

Re: Not so

[Impy+the+Impiuos+Imp]

Software in the auto industry is very heavily tested. Entire test teams that don't even exist in the desktop or phone world exist and beat the hell out of products.

A test team is far cheaper than a single recall.

And still some problems slip through (to say nothing of fraud like the recent emissions test scandal, which is exploding. Wait for it to tag the US companies) but that is next to nothing compared to any other software domain. It matters because of the potential for deaths, but to think they are taking things lightly currently is pure ignorance.

please

Please define mobility scooters as vehicles also :///

20 unique controllers that all do exactly the same thing :(

Moive idea.

[Joe_Dragon]

An auto drive messes up and kills someone and due to EULA / DMCA / Etc no logs can be used in court / you can't have your own lab look at them.

So the owner / driver goes to prison for some years learns how be good a real crime and when they get out after a run of mc jobs they set out get revenge on google / the court system and us gov.

The ISP's will force you to rent there hardware

[Joe_Dragon]

The ISP's will force you to rent there hardware and they say no routers / your own wifi unless you buy our $200+ mo business plan.

BS. DMCA is a Clintonion Bridbe Not of the World

For those in the US and all its terrortories but for the free world not at all. Or is it the position of these boring missionaries that only those from the land of the tamed can bear strange fruit from the poplar trees?

yes, this post

n/t

But... it's less important than gambling

[dbc]

Whenever the topic of allowing government or public access to review source code comes up (like with, oh, say, voting machines) I always think of these guys:
http://gaming.nv.gov/index.asp...
and I realize that not of this is as important as gambling (and the collection of taxes thereon).

At least if you judge by how seriously we take access to the code. Just try to deploy a slot machine in Reno without letting someone at the Nevada State Gaming Control Board review your code. Won't happen.

Government oversight

[NVW55V]

Government oversight is not "third party". Compliance verification of manufacturer's emissions performance should extend to software design validation. Why doesn't it? It's not like it's difficult.

Re:Government oversight

Because it would be a very effective way to conduct economic espionage. If there is one thing we have learnt from the past fifteen years, governments are not to be trusted and the U.S. government least of all.

Re:Government oversight

Other industries have some pretty tight rules about software development. Critical software for aviation and medical devices needs to be inspected by named and licensed third parties, for instance. Also, the whole process needs to adhere to a set of quite tight criteria, effectively imposing a very traditional and formal engineering process.

Model driven development

Do remember that the car software for critical areas like engine management are mostly developed using models rather than raw code. The majority of the logic is thus in configuration (of preprogrammed blocks of code), next to configuration of the parameters. So changing that optimized code would not be very smart. And reconfiguring it could jeopardize the safety critical behaviour in worst case, or create more emissions/be less efficient in some driving conditions in best case (for engine management sw).
Viewing it should be allowed, but you probably want the original model for eg Matlab.

VW opened up pandora box

This thing is as a former automotive tech. I have known for years that the "box" as many of us call it or the brains of engine management was the computer. With different programs you can make one engine work differently for many applications. From more torque in a truck to better horsepower for a car. The end result was less hardware changes and more through software. VW simply took that step in the direction on controlling emissions. I was never focused much on diesel but I do know diesel was kind of lagging in technology of gasoline engines. It had some inherent qualities built in such as better energy per volume of gas, and was always thought of as the dirty hard working fuel. Trucks, land movers, trains, and anything big in transportation used diesel. Frankly I have never thought any environmental agency was fond of diesel. But with VW now its probably been a death sentence for diesel in auto's. Its also going to mean even tighter and more regulations for automakers and thus more complicated certifications too. What is obvious is that manufactures like VW have simply given up on legally meeting these emission regulations and now are facing the fact they have to cheat in order to maintain a sense of driver satisfaction with their vehicles. I would not be surprised if other manufactures are doing similar software tweaks as VW has to make things work better. A lot of engineers are most likely sleeping bad at night after the VW discovery.

Re:VW opened up pandora box

[ledow]

In the EU, the controls you are saying will ruin cars/drivers are already in place.

Although things are being looked at in light of the VW scandal, the tests here are much stricter and all this will do is make them stricter still. The problem is not that the manufacturers NEED to break emission levels in order to achieve what the driver wants, it's that drivers are all expecting unnecessary road performance that wasn't present even 30-40 years ago. We're ALL driving cars that could bear Formula-One cars from certain eras. Do we need to be? No.

That emission control also gives fuel economy for the sacrifice of raw speed is not a bad thing. Every car in your country can do the speed limit - and more. They can all do 0-60 in under 12-15 seconds - and more. They don't need to be able to do that.

Suggesting that VW can't sell a car just because it doesn't go much faster than the speed limit misses out entire sections of the population (those that don't want that, those that have kids, etc.) in an era when people are voluntarily speed-limiting their vehicles (e.g. company cars), having the insurance companies track them, and the most road surveillance there's ever been (I contest that if you're learning to drive today, you're a prick to think that getting into the habit of speeding as a matter of course will serve you well in the future).

In the EU the limits are stricter, the testing more rigorous and - well, who cares? My 15-year-old car can still do 0-60 in under 10, can provably do 130-140 mph without any special preparation, etc. We don't need that. We need fuel economy and to stop them churning out crap.

"Being found out" will lead to the same speeds of cars, the same looks of cars, the same desirability of cars, but without all the crap in the air. The ENTIRE PURPOSE of car ECUs is to conform to emissions controls. They now - and always have - only slow the potential of the engine to stop it getting into bad burning that pollutes unnecessarily. Eliminating that does not destroy the market, the EU prove that - but being found to cheat the tests and maybe having all your customers cars recalled? That fucks you up big-time.

Nobody will care. The stricter standards already in the EU will come in. Old polluters will die out almost entirely within 10 years or so. And nobody will know any different because ALL the cars will have to pass the same tests. Diesel won't go away, cars will still be able to speed, pricks will still burn off at the lights, but we won't be giving kids asthma for the next 60 years either.

Re:VW opened up pandora box

[bkmoore]

...In the EU the limits are stricter, the testing more rigorous ....

I'm not so sure about that. The standards might be more rigorous on paper, but the EU testing methodology seems to have more industry-sponsored loopholes that are designed to make cars look much more efficient than they actually are.

Re:VW opened up pandora box

[will_die]

You can easily import a USA certified emissions vehicle into Europe but a vehicle built for the European emissions market generally will not make it into the USA. The reason is different gas are tested and rated differently.
This may all change in 2020 when tougher rules in most parts of Europe go into affect.
Also VM and some other companies are starting to get in trouble in Europe for the same issue that is causing all the news in the USA.

P.E. same in US

Actually, in some countries/states/provinces, there are laws that protect AND also can prosecute engineers who are guilty of such offenses. For example, here in Canada, to use the term engineer, means a professional engineer (a P. Eng). It's a protected professional designation bound by various laws and regulations. A large portion of the profession is ethics and the legal requirement to whistle-blow, REGARDLESS of who pays your salary. If.

My wife is an Environmental P.E. in the US and has the same professional responisbilities as Canadian P.E.s, if not more so - she is required to refuse employer's directives if the vilotate her professional judgement. Yes, this has caused her grief... We need the same standards for programmers of embedded code.

Sloppy work ... need to protect the data too

[golodh]

Yes, the Volkswagen affair starkly highlights the fact that data from consumer products is insufficiently protected, leaving a window of vulnerability.

Protecting e.g. the code of the motor management system is a good first step. Leaving it at that however is sloppy work, as evidenced by the Volkswagen affair.

A more comprehensive protection would entail protecting the actual data with copyright safeguards too. Especially emission data. This data is, after all, proprietary and commercially sensitive data. Such data merits a high level of protection.

With adequate legal protection on the data itself, irresponsible and needlessly alarmist publication of unconfirmed, undigested and potentially misleading data can be prevented.

Of course there would be adequate means of raising questions and concerns with the manufacturer, on a full disclosure basis of course.

Let this be a warning for all of us: with the coming "Internet of Things" we must have DMCA protection for the data produced by devices too or risk a deluge of unauthorised, unconfirmed, and possibly alarmist data publication. We need legislative action today! Vote pro-business!

separation costs money

It's cheaper and easier to protect everything. If you segregate it, then you have to have Interface documentation, you have to have a way to program each of them separately, one public, one not. You'll have to test and demonstrate that this can't be trivially compromised (no "with Jumper 32 in place, you can program the radio"). It's all running on the same chip in any case: it's not like they have one prom for the radio and another for the router. The radio part, if it's separate at all, is a generic device with a I2C or SPI interface that configures it, so you're back to the "everything is in one CPU" world again.

Nope, all that costs money, and is subject to compromise. Easier to lock down the whole thing.

Re:separation costs money

[spire3661]

Dont cellphones run on this exact method you are describing? The cell radio is walled off from the OS.

"industrial exemption"

In the US, there's what's known as the "industrial exemption" which essentially says that if you are building a product, the engineering work does not require licensure. That is, one can "practice" Engineering without having the license. If you are building a single "thing", then you need the license.

There are also rules (in most states) about the use of the title engineer. In California (where I'm licensed), you can't call yourself a "Petroleum Engineer" (as in list yourself in the phone book, hang up a sign, etc.) unless you have the license. Engineer titles on business cards within a large firm is a lost cause.

In California, there is no "practice" or "title" requirement for software engineering (although there are software questions on the PE exam). One might, as an Electrical Engineer, be responsible for doing something in which there is a software component, and one would be expected to exercise good engineering judgement on its design, testing, etc.

However, a engine controller is something that is part of a "product" and, as such, any work that goes into it is covered under the industrial exemption.

Law idea: Force free software in cars

[Meneth]

Here's an idea: pass a law saying that every car sold must include access to the source code for all the software in the car, and the ability to replace the pre-installed binaries (preventing tivoization).

I'll play devil's advocate

[rsilvergun]

Cars have a variety of sensors to warn you when you breaks don't work, emergency breaks, and improperly installed breaks usually just screw up your rotors, not prevent the car from stopping. A seat belt is hard to install wrong, and you're not going to hurt yourself installing it unless you're really dumb. And I suppose Honda might have cut corners somewhere on safety to get weight down or some such and be afraid of lawsuits.

But yeah, you're probably right and it's bullshit.

Re:I'll play devil's advocate

If only I hadn't already modded this one. Seatbelts hard to install wrong? Honda had a large series of death related lawsuits regarding malfunctioning seat belts in the 80s (click here and scroll up just a touch)

Re:I'll play devil's advocate

[adolf]

You may have sensors to warn you that a brake (not "break") pad is thin. Brake rotors themselves can break (I'd not be surprised if Honda offers OEM cross-drilled rotors), which is an ugly situation. Rubber brake lines left uninspected for long periods can fail suddenly -- including the aftermarket rubber lines that are wrapped in stainless steel mesh. You may also have sensors that tell you that the brake fluid level is low.

My own car has all of these, though it only watches for thin pads on one wheel per axle.

None of this will help with an internal blowout in the brake master cylinder.

Meanwhile, I myself have (re-)installed hundreds of seat belts. It's easy to get it right, but that doesn't mean that it's hard to get wrong.

We need powerful unions then, too...

[Uberbah]

Ones that sign on the dotted line taking personal responsibility for the code they write. With self driving cars, robots, drones, etc. we need to be able to hold coders responsible, the same way we hold held civil and mechanical engineers responsible.

...so there is effective pushback when the company says "make X happy for Y dollars or you're fired", if it can't be made safely. No doubt that would inspired umbrage from some of the resident Randians on Slashdot, but....go fuck yourselves, guys. Seriously.

No employee should ever have to choose between getting fired or getting prosecuted when that bridge falls down. No, that's not made ok by finding employment elsewhere. Nor by having to wait months or years, and spending thousands to tens of thousands of dollars on a wrongful termination suit that has no guarantee of success.

neurotic science and poor governance are the issue

[paul+mafinga]

Back to reality -- innocent until proven guilty.

California is the only state with it's own EPA. It's only legal because of the federal EPA creation timeline.

Actual, approved smog tests are nothing like the tests being used to persecute VW and other diesel manufacturers in the press. But it gets better -- the approval levels are negotiated in secret. There is no actual "NOx" limit that applies to all vehicles. It's often based on the make, model, and vin.

When you look at the legal, approved system used to test the cars, for example, some counties in California, it's often a set of rollers and the vehicle is tested at a few different RPMs over a span matter of several minutes. It's intended to help clean the air, not monitor drivers or vehicles on a 24/7 basis.

Granted, an eco-terrorist, green weenie with a rolling lab isn't going to like a short, simple test. They don't like a lot of things. The system being described in the press, and sites like citylab, the systems being used to persecute VW in the press, are laboratory grade systems mounted in the vehicles. The cars are being driven over hill and dale for many miles under many conditions. That's not what the law requires, and it's not a violation of a smog test.

It would be useful to see one of the suspect vehicles placed on an actual, approved test bed and "defeat" the "defeat device" somehow. Let interested parties see the actual, approved test failure document, not some neurotic geekfest that could be nothing more than sensationalized eco-terrorism.

Reform the entire smog testing process to some sort of standardized limits, based on reasonable numbers. Dissolve politicized organizations like CARB, CAL-EPA, and get back to the original intent -- lowering emissions.

http://www.scientificamerican....

This article above is a small start at describing the massive political hurdles required for carmakers to even begin to pass the tests. It shouldn't be this way.

That's before anyone considers the tax issue in California. They suddenly dropped the NOx limits circa 2009, and they also charge around $1 more per gallon in taxes on gasoline. Diesel fuel is exempt from much of the taxation. That's a huge political incentive to screw diesel power, even though (with a properly designed urea system) the modern diesel engines are often cleaner and more powerful than their gasoline counterparts.

If the goal is clean air, we might be trying to get rid of the wrong engines. It's another damn good reason to stop sensationalizing science.