Re: The role of FOSS in preventing a recurrence of vehicle emissions scandals
On Tue, 2023-05-09 at 17:32 -0400, John Sullivan wrote: > > One way may be to have the software in question be a fully > reproducible > build. The state (or whoever) maintains a list of approved hashes > from > known reproducible builds that people can install on their own cars, > and > there is a mechanism by which people can submit modified builds > "upstream" for approval. > > Then cars in order to be street legal have a single "proprietary" box > (possibly this function could be performed with no modifiable > software > at all) with a single responsibility of reporting the hashes of > software > installed elsewhere in the car. This enables spot checks. > > -john If manufacturers would implement this, it would be amazing. This seems completely feasible on the technical level but what avenue would we take to get a manufacturer to actually do it. We could try the legal route...but we don't have the resources of lobbyists. Do you think there is a company out there that is willing to do things outside the box and experiment with something like this? It would be great to see this kind of thing go beyond just ECMs too. There are many computers controlling every aspect of our cars. It would be great to be able to interface to the Body Control Module (BCM) and be able to control the windows, locks etc. using a custom solution. It would open the doors to many many more options for after market stereo / infotainment systems as well. The transparency issue becomes very important when it comes to being able to control what our car is doing. Buying a car and being forced to subscribe with a monthly fee to use features that are already mechanically available on the car is wrong. If we had this transparency then we'd be able to avoid worrying about this sort of thing being possible. Privacy issues are another factor. We need to know the data the car is collecting and who it is being sent to as well as what and how long it is storing data. Most of these problems persist no matter what the powertrain is, be it electric or combustion. If we can make forward momentum on one thing we should aim to do it with all of it. Regards, Matt -- "Under the sky, under the heavens there is but one family." --Bruce Lee signature.asc Description: This is a digitally signed message part ___ libreplanet-discuss mailing list libreplanet-discuss@libreplanet.org https://lists.libreplanet.org/mailman/listinfo/libreplanet-discuss
Re: The role of FOSS in preventing a recurrence of vehicle emissions scandals
On 5/9/23 07:32, J.B. Nicholson wrote: [snip] The punishment for this fraud did not include mandating free software. As far as I know, none of the victimized customers ended up with free software car firmware and the means to update applicable cars to a libre version of that software (no TiVOization allowed). I'm not interested in how many anyone thinks would have used it, as that's a side issue and pure speculation. I'm interested in what the public should have demanded and what the public should still receive. Demanding software freedom is eminent sense if we are genuinely trying to "[prevent] a recurrence of vehicle emissions scandals" as is the subject of this thread. One should want the car owners to be free to run their cars as they wish and to also let publishers know that their illegal collusion will be punished by losing that proprietary control. [snip] My guess would be that one or both of these committees would be the right ones to contact: "Committee on Transport and Tourism" https://www.europarl.europa.eu/committees/en/tran/home/highlights "Committee on the Environment, Public Health and Food Safety" https://www.europarl.europa.eu/committees/en/envi/home/highlights Sure, individuals can write but there can be merit in having a professional organization (or several) make the contact and work towards software freedom in vehicle ECMs. /Lars ___ libreplanet-discuss mailing list libreplanet-discuss@libreplanet.org https://lists.libreplanet.org/mailman/listinfo/libreplanet-discuss
Re: The role of FOSS in preventing a recurrence of vehicle emissions scandals
On Mon, May 08, 2023 at 08:57:22AM -0700, Matt Ivie wrote: > On Sat, 2023-05-06 at 16:58 +0300, Lars Noodén wrote: > > Recent news¹ reminds us that back in 2015 a whistleblower exposed the > > VW/Audi emissions scandal, which I guess had been going on since > > 1999. > > The companies executives used closed source, proprietary software in > > the > > vehicles to hide the fact that the vehicles were emitting 40 times > > the > > allowed NOx when actually out on the roads and not in the testing > > centers. Even with fines and prison sentences, there is no way to be > > sure the companies are not working on more of the same -- unless the > > development is done out in the open. > > > > Clearly we see both physical and economic harm from neglecting to > > require FOSS even in embedded computers, such as the 100+ now found > > in > > each new car. because these companies have already shown that the > > closed source model *cannot* be trusted such style of development > > should > > not be allowed any more in regards to vehicles. Surely a FOSS-based > > workflow can be figured out. > > > > Perhaps it is a timely and appropriate topic for institutions like > > FSF, > > OSI, EFFI, and so on to address that publicly? Even a short > > statement > > in passing would at least raise awareness and provide an opportunity > > to > > ratchet things forward in regard to Software Freedom. > > > > /Lars > > > > remember this scandal very well. There is a large incentive for car > companies not to use Free Software on their embedded controllers. The > emissions problem you highlight actually has a reverse effect if ANYONE > can change or modify those programs. The intention of using Free > Software on the controller to allow everyone to see what the code is > telling the vehicle to do is good but given the ability for anyone to > change the code and install their changes opens the door for those that > don't care about emissions to tune their engine for performance instead > of emissions. It could be argued that there are ways to avoid that, and > I'm sure there are but how complex does that become? > One way may be to have the software in question be a fully reproducible build. The state (or whoever) maintains a list of approved hashes from known reproducible builds that people can install on their own cars, and there is a mechanism by which people can submit modified builds "upstream" for approval. Then cars in order to be street legal have a single "proprietary" box (possibly this function could be performed with no modifiable software at all) with a single responsibility of reporting the hashes of software installed elsewhere in the car. This enables spot checks. -john ___ libreplanet-discuss mailing list libreplanet-discuss@libreplanet.org https://lists.libreplanet.org/mailman/listinfo/libreplanet-discuss
Re: The role of FOSS in preventing a recurrence of vehicle emissions scandals
Very good initiative Lars. It is possible (but very difficult in practice) to create a device, as "simple" as a open source open hardware counter, as "simple" as that, embedded in every sensor or controller, that counts how many times it was re-configured. Again, proprietary controllers modified through a backdoor (defective by design concept), could circumvent that counter. Emission control should be done for a certain representative sample of a certain model year or generation, not for all, nor for one. The representative sample should be taken from the geography of the world and from the year/month. And then, emission control should be done randomly on the street ... And then there could be more "job" for some corrupt policeman from certain cities of some countries stopping people and asking for money because they "do not comply with emissions". Other policeman will sell that info to a law firm that sues the car manufacturer and get some money from them in in a out-of-court settlement or ... exposes the manufacturer to the public opinion. On Mon, 8 May 2023 at 11:24, Matt Ivie <[1]m0dese...@mykolab.com> wrote: On Sat, 2023-05-06 at 16:58 +0300, Lars Noodén wrote: > Recent news¹ reminds us that back in 2015 a whistleblower exposed the > VW/Audi emissions scandal, which I guess had been going on since > 1999. > The companies executives used closed source, proprietary software in > the > vehicles to hide the fact that the vehicles were emitting 40 times > the > allowed NOx when actually out on the roads and not in the testing > centers. Even with fines and prison sentences, there is no way to be > sure the companies are not working on more of the same -- unless the > development is done out in the open. > > Clearly we see both physical and economic harm from neglecting to > require FOSS even in embedded computers, such as the 100+ now found > in > each new car. because these companies have already shown that the > closed source model *cannot* be trusted such style of development > should > not be allowed any more in regards to vehicles. Surely a FOSS-based > workflow can be figured out. > > Perhaps it is a timely and appropriate topic for institutions like > FSF, > OSI, EFFI, and so on to address that publicly? Even a short > statement > in passing would at least raise awareness and provide an opportunity > to > ratchet things forward in regard to Software Freedom. > > /Lars > remember this scandal very well. There is a large incentive for car companies not to use Free Software on their embedded controllers. The emissions problem you highlight actually has a reverse effect if ANYONE can change or modify those programs. The intention of using Free Software on the controller to allow everyone to see what the code is telling the vehicle to do is good but given the ability for anyone to change the code and install their changes opens the door for those that don't care about emissions to tune their engine for performance instead of emissions. It could be argued that there are ways to avoid that, and I'm sure there are but how complex does that become? The car manufacturers also have a business model setup for repair of vehicles so allowing just anyone to tinker with the way their ECM works destroys their "control". While Free Software advocates realize the benefits of having Free Software, it will take a lot of effort to get a corporation to give up one of their revenue streams. Look at John Deere ( [2]https://stallman.org/archives/2022-nov-feb.html#18_January_2023_( Right_to_repair,_John_Deere) ) for example. Back in the day, before ECMs and computer control, one could tune their engine any way they chose. If you needed to pass an emissions test you would make sure your engine was setup to do just that, but then you could change it back after the test was passed. The inaccurate fuel and air metering that allowed that just isn't efficient enough to even make a car reliable without constant tuning let alone allow accurate emissions controls. Computer control was really the only way to get the job done. If we want control of those computers through Free Software we have a long battle ahead. I think there are solutions to be talked about. The next frontier though, is electric. With Electric has come the concept of "subscription features" and self driving. I think we need to address those issues every bit as much as we would need to regulate the management of software on ICE (Internal Combustion Engine) vehicle
Re: The role of FOSS in preventing a recurrence of vehicle emissions scandals
A very effective argument is to look back at what happened under software non-freedom. The entirety of https://www.gnu.org/proprietary/ is replete with examples of this, often from establishment-serving media which passes muster in the computer field. In fact https://www.gnu.org/proprietary/malware-cars.html#M201904150 covers the Volkswagen emissions scandal and succinctly captures how free software would have helped: Using free software would not have stopped Volkswagen from programming it this way, but would have made it harder to conceal, and given the users the possibility of correcting the deception. Multiple large automakers coordinated their actions to exploit the vulnerable resulting in "about 11 million cars worldwide"[1] emitting more pollutants than is legally allowed in real-world driving. The punishment for this fraud did not include mandating free software. As far as I know, none of the victimized customers ended up with free software car firmware and the means to update applicable cars to a libre version of that software (no TiVOization allowed). I'm not interested in how many anyone thinks would have used it, as that's a side issue and pure speculation. I'm interested in what the public should have demanded and what the public should still receive. Demanding software freedom is eminent sense if we are genuinely trying to "[prevent] a recurrence of vehicle emissions scandals" as is the subject of this thread. One should want the car owners to be free to run their cars as they wish and to also let publishers know that their illegal collusion will be punished by losing that proprietary control. Matt Ivie wrote: Back in the day, before ECMs and computer control, one could tune their engine any way they chose. If you needed to pass an emissions test you would make sure your engine was setup to do just that, but then you could change it back after the test was passed. We can examine history to see what occurred; we can ask "did anyone cheat?". I know of no car enthusiasts doing anything comparable to what Volkswagen Group did in anywhere near comparable numbers. If there is some other group that pulled that off, I'd like to know the specifics including how many millions of cars they modified to run in violation of emissions law in real-world driving. [1] https://en.wikipedia.org/wiki/Volkswagen_scandal ___ libreplanet-discuss mailing list libreplanet-discuss@libreplanet.org https://lists.libreplanet.org/mailman/listinfo/libreplanet-discuss
Re: The role of FOSS in preventing a recurrence of vehicle emissions scandals
On Sat, 2023-05-06 at 16:58 +0300, Lars Noodén wrote: > Recent news¹ reminds us that back in 2015 a whistleblower exposed the > VW/Audi emissions scandal, which I guess had been going on since > 1999. > The companies executives used closed source, proprietary software in > the > vehicles to hide the fact that the vehicles were emitting 40 times > the > allowed NOx when actually out on the roads and not in the testing > centers. Even with fines and prison sentences, there is no way to be > sure the companies are not working on more of the same -- unless the > development is done out in the open. > > Clearly we see both physical and economic harm from neglecting to > require FOSS even in embedded computers, such as the 100+ now found > in > each new car. because these companies have already shown that the > closed source model *cannot* be trusted such style of development > should > not be allowed any more in regards to vehicles. Surely a FOSS-based > workflow can be figured out. > > Perhaps it is a timely and appropriate topic for institutions like > FSF, > OSI, EFFI, and so on to address that publicly? Even a short > statement > in passing would at least raise awareness and provide an opportunity > to > ratchet things forward in regard to Software Freedom. > > /Lars > remember this scandal very well. There is a large incentive for car companies not to use Free Software on their embedded controllers. The emissions problem you highlight actually has a reverse effect if ANYONE can change or modify those programs. The intention of using Free Software on the controller to allow everyone to see what the code is telling the vehicle to do is good but given the ability for anyone to change the code and install their changes opens the door for those that don't care about emissions to tune their engine for performance instead of emissions. It could be argued that there are ways to avoid that, and I'm sure there are but how complex does that become? The car manufacturers also have a business model setup for repair of vehicles so allowing just anyone to tinker with the way their ECM works destroys their "control". While Free Software advocates realize the benefits of having Free Software, it will take a lot of effort to get a corporation to give up one of their revenue streams. Look at John Deere ( https://stallman.org/archives/2022-nov-feb.html#18_January_2023_(Right_to_repair,_John_Deere) ) for example. Back in the day, before ECMs and computer control, one could tune their engine any way they chose. If you needed to pass an emissions test you would make sure your engine was setup to do just that, but then you could change it back after the test was passed. The inaccurate fuel and air metering that allowed that just isn't efficient enough to even make a car reliable without constant tuning let alone allow accurate emissions controls. Computer control was really the only way to get the job done. If we want control of those computers through Free Software we have a long battle ahead. I think there are solutions to be talked about. The next frontier though, is electric. With Electric has come the concept of "subscription features" and self driving. I think we need to address those issues every bit as much as we would need to regulate the management of software on ICE (Internal Combustion Engine) vehicles. This is a good discussion and one worth having. I hope this thread continues and some good ideas are born from it. Regards Matt -- "Under the sky, under the heavens there is but one family." --Bruce Lee ___ libreplanet-discuss mailing list libreplanet-discuss@libreplanet.org https://lists.libreplanet.org/mailman/listinfo/libreplanet-discuss
The role of FOSS in preventing a recurrence of vehicle emissions scandals
Recent news¹ reminds us that back in 2015 a whistleblower exposed the VW/Audi emissions scandal, which I guess had been going on since 1999. The companies executives used closed source, proprietary software in the vehicles to hide the fact that the vehicles were emitting 40 times the allowed NOx when actually out on the roads and not in the testing centers. Even with fines and prison sentences, there is no way to be sure the companies are not working on more of the same -- unless the development is done out in the open. Clearly we see both physical and economic harm from neglecting to require FOSS even in embedded computers, such as the 100+ now found in each new car. because these companies have already shown that the closed source model *cannot* be trusted such style of development should not be allowed any more in regards to vehicles. Surely a FOSS-based workflow can be figured out. Perhaps it is a timely and appropriate topic for institutions like FSF, OSI, EFFI, and so on to address that publicly? Even a short statement in passing would at least raise awareness and provide an opportunity to ratchet things forward in regard to Software Freedom. /Lars ¹ Many sites on this topic, too, here is a small sample of three: "Former Audi Chief to Plead Guilty in Emissions Scandal" https://www.nytimes.com/2023/05/03/business/diesel-emissions-scandal-audi-rupert-stadler.html "Ex-Audi CEO to Plead Guilty Over 'Dieselgate' Scandal " https://www.voanews.com/a/ex-audi-ceo-to-plead-guilty-over-dieselgate-scandal-/7076658.html "Former head of Audi to confess in 'dieselgate' fraud trial| https://www.dw.com/en/former-head-of-audi-to-confess-in-dieselgate-fraud-trial/a-65084639 ___ libreplanet-discuss mailing list libreplanet-discuss@libreplanet.org https://lists.libreplanet.org/mailman/listinfo/libreplanet-discuss