From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from nm13-vm9.access.bullet.mail.gq1.yahoo.com (nm13-vm9.access.bullet.mail.gq1.yahoo.com [216.39.63.251]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client did not present a certificate) by huchra.bufferbloat.net (Postfix) with ESMTPS id 041C021FBBA for ; Fri, 25 Sep 2015 05:20:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rogers.com; s=s2048; t=1443183651; bh=lfgEpbXadN2GFUOMMEWMXwYVY3vaC0VmRF7CUpDB1jk=; h=Reply-To:Subject:References:To:Cc:From:Date:In-Reply-To:From:Subject; b=U7aMJwhteTiORKVvdzLfKu/K8KyYGOYaTd2Vyfgs1RSjsPwRl+uH2gkHn5V8Rq2miZM3nZo9esGU1PZIhmH9LW/ZJfg+ZZUYHujqo5Fl02OZNWZ7ZqSdCa/0AIea266hNBLP+i3smsQvHx+ujC5KFlwIkkp8zGyU0jTg95PhtqvUyCx/HiBf8sRh28vDvk7YVIsmpbC+3b8ZO+euTaa2okyvAsUjfOdfltoNQbPUMbq7VVEZYZHPfJ3KYepF7epyRgTORr4OxlylIs8+0WCWH6NUZTh+rhjqoKK1L1T/nxUHxrvJTPqH/udQn3agmPwfHnTwwsGOlz18LcTe7Y/bDA== Received: from [216.39.60.166] by nm13.access.bullet.mail.gq1.yahoo.com with NNFMP; 25 Sep 2015 12:20:51 -0000 Received: from [98.138.226.240] by tm2.access.bullet.mail.gq1.yahoo.com with NNFMP; 25 Sep 2015 12:20:50 -0000 Received: from [127.0.0.1] by smtp111.sbc.mail.ne1.yahoo.com with NNFMP; 25 Sep 2015 12:20:50 -0000 X-Yahoo-Newman-Id: 320826.82298.bm@smtp111.sbc.mail.ne1.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: DS7jYBEVM1kDPS2Y1_1RejSE_UmNRcuLgokpAiEqVTOG_1I WnwhZ3C38PHU2JdTpcqFJWM5Cn4Ipfm5lPW9jxOmfBgcft82UK.iYKNDX.aE CyTuOQNUhYYnjl6jbkFtAfSaxhRvoonNXIPtf0eeU0qVPwO88L_FBtGkgwmu rnzWURIj9mif9Yb9wBK2j_xGew3lbc6liV7Cn0k.PL1hxeIgPTMTDxD4ORBC oaVzUpNRKN5EWvL_jVElYH52Xh2hKi.McOyjWe2fuvOkt6umw8eOjpz56DdL dE4Jp7SwK6G9TD.ZH2LYBfgW6bNui3jTAHWLO9wH0xTJivSTjincKdWKe5nt emzkqVk6U_wK0i.k5uz.YMZn78Qmj6m3haBqP.eMqc2iRLIhhXM3RSxW7POc f9a0SXvlTOThWnD24PeW_SgRnI2Hg_gffMBPNku.VHpG2ikOHi_JpCPuJZDf 0xCXSZqt_m.0EvLex_rW1jpCymIvHEu5t7FZf_4o9bVgOXQNxpW9rq4k29Ci 1arhCsLtJKVDbURLrEOuUZqsk1F3rOI21Gmmb9uzwiiGTvHzc3xo8GTE2Kji tXWlHy5M- X-Yahoo-SMTP: sltvjZWswBCRD.ElTuB1l9j6s9wRYPpuyTNWOE5oEg-- References: <5603E202.5060606@rogers.com> <613994C4-0B20-4673-97DD-9690AA53F67F@gmail.com> To: Rich Brown , davecb@spamcop.net From: David Collier-Brown Message-ID: <56053C20.6080800@rogers.com> Date: Fri, 25 Sep 2015 08:20:48 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.1.0 MIME-Version: 1.0 In-Reply-To: <613994C4-0B20-4673-97DD-9690AA53F67F@gmail.com> Content-Type: multipart/alternative; boundary="------------060002070604040507040402" Cc: bloat Subject: Re: [Bloat] LWN article discussing the FCC blunder, as well a VW's (The Internet of criminal things) X-BeenThere: bloat@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list Reply-To: davecb@spamcop.net List-Id: General list for discussing Bufferbloat List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Sep 2015 12:21:15 -0000 This is a multi-part message in MIME format. --------------060002070604040507040402 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit That's supposed to be a free link! I tried it with an incognito browser and saw "The following subscription-only content has been made available to you by an LWN subscriber..." Full text below (:-() --dave On 24/09/15 02:30 PM, Rich Brown wrote: > Would you provide a link to the FCC article (for those of us who don't > have a LWN subscription)? Thanks. > >> On Sep 24, 2015, at 7:44 AM, David Collier-Brown > > wrote: >> >> * http://lwn.net/SubscriberLink/658198/233be09044fdb1e5/ >> -- >> David Collier-Brown, | Always do right. This will gratify >> System Programmer and Author | some people and astonish the rest >> davecb@spamcop.net | -- Mark Twain >> >> _______________________________________________ >> Bloat mailing list >> Bloat@lists.bufferbloat.net >> https://lists.bufferbloat.net/listinfo/bloat > The Internet of criminal things [LWN subscriber-only content] Welcome to LWN.net The following subscription-only content has been made available to you by an LWN subscriber. Thousands of subscribers depend on LWN for the best news from the Linux and free software communities. If you enjoy this article, please consider accepting the trial offer on the right. Thank you for visiting LWN.net! Free trial subscription Try LWN for free for 1 month: no payment or credit card required. Activate your trial subscription now and see why thousands of readers subscribe to LWN.net. By Jonathan Corbet September 23, 2015 We live in an increasingly software-defined world, a trend which has both good and bad aspects. The recent revelation [PDF] that Volkswagen has been selling cars that have been explicitly built to defeat emissions tests highlights one of the bad ones: software control makes the incorporation (and hiding) of antifeatures easy. We are, unfortunately, going to see many other incidents like this one, even though we have long had a vision of what at least a partial solution to this problem would look like. Cars, at this point, can be thought of as a rolling network of computers with some interesting peripheral devices, some of which may involve internal combustion technology. The details of an engine's operation have been under software control for a long time, and replacement ROMs changing a car's performance characteristics have been commonplace for nearly as long. Modern "trusted execution" technology makes the creation of such ROMs more difficult, but that turns out not to be an obstacle if the company wanting to subvert an engine's control software is the manufacturer itself. Volkswagen's hack must have been easily done: one could, for example, have the engine-control software apply a different set of parameters when a connection to the on-board diagnostic port is detected. No need for the attachment of a separate "defeat device" (as the press seems to like to call it) and no need for an elaborate company-wide conspiracy. A single commit by a single engineer at the behest of a single manager would suffice. In retrospect, the surprising part of this story is not that somebody at Volkswagen gave in to the temptation to engage in a bit of benchmark cheating; the surprise is that far more incidents of this nature have not yet come to light. The consequences of this cheating are severe. Emissions testing is a key part of a strategy that has significantly improved air quality in American cities over the last several decades. Subverting that testing means more poison in the air, more health problems, and more environmental degradation. It is a criminal act on a massive scale. The consequences for Volkswagen are likely to be severe — but probably not severe enough. As many others have pointed out, VW was certainly helped by the ease with which antifeatures can be hidden in software shipped to others. When we get into a car, we trust our lives and health to a large body of proprietary control software; the source is unavailable, so we cannot inspect it for bugs, vulnerabilities, or explicit evil. Legal regimes in much of the world make a crime out of reverse-engineering this software, so we cannot try to figure out how it operates even without the source. Digital rights management (DRM) mechanisms built into the hardware make that reverse engineering even harder; this DRM may even be mandated by government agencies fearful of individuals modifying their own engine-control software. Those in favor of such DRM requirements should bear in mind that, by some counts, VW has shipped over 11 million cars with corrupt engine-control software in it. DRM has, in the end, enabled the crime it was meant to prevent, and on a far wider scale that would have otherwise been possible. Cars are not the only vehicle (so to speak) for software that can hide user-hostile antifeatures. In the US, the Federal Communications Commission is currently pondering changes that would make it far harder to put free software onto WiFi devices. One need not even consider the damage such rules may do to free-software development, which has been the primary source of innovation and improvement in this area, to see where such rules could lead. We cannot expect corporations, many of which show levels of restraint inferior to that of a typical toddler, to resist the temptation to put spyware or malware into their widely distributed devices sitting in privileged positions on thousands of networks. We cannot really even trust them to adhere to the spectrum rules that are the motivation for the proposed restrictions; VW's lack of respect for emissions rules has made that clear. Similar problems exist with voting machines, Internet-connected appliances, phone handsets, fitness monitors, set-top boxes, and more. Each of these devices is, at a minimum, in a position to spy on us. Keeping governmental fingers out of these devices is a challenge in its own right, but companies will often find a strong incentive to play games of their own. Companies that are struggling, or even those that fear a downturn in the next quarter's numbers, will often give in to that incentive; when all it takes is an easily hidden patch, why not? This will not be the first time that somebody points out that it is hard to see a solution that doesn't involve making those patches harder to hide. That, of course, means moving toward something that looks a lot like free software. If VW's engine-control software were open (with reproducible builds so that the software running in a specific car could be verified), it would have been far harder for the company to get away with violating the rules for as long as it did. Source availability is far from a guarantee that the code will be reviewed or that any reviewers will actually find deliberately introduced antifeatures, but it improves the odds considerably. Many a company might find the backbone to resist temptation if it knew that its code would be reviewed by sharp-eyed outsiders. Said companies might just find the wherewithal to clean up the code and fix some of their bugs as well. A free-software mandate for safety-critical (and privacy-critical) software seems unlikely to happen anytime soon, alas. Decriminalizing research into how these systems operate might be a more achievable goal, but there are challenges there too; the Electronic Frontier Foundation has run into significant opposition in its efforts to get a ruling that investigating automotive software is not a violation of the anti-circumvention provisions of the US Digital Millennium Copyright Act, for example. Hidden, proprietary software gives a lot of power to those who control it; they will not give it up willingly. As a result, we can, unfortunately, expect to continue to be subjected to surveillance and criminal behavior from the devices that we think we own. We can't say we weren't warned. *Did you like this article?*Please accept ourtrial subscription offer to be able to see more content like it and to participate in the discussion. -- David Collier-Brown, | Always do right. This will gratify System Programmer and Author | some people and astonish the rest davecb@spamcop.net | -- Mark Twain --------------060002070604040507040402 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit
That's supposed to be a free link!  I tried it with an incognito browser and saw "The following subscription-only content has been made available to you by an LWN subscriber..."

Full text below (:-()

--dave


On 24/09/15 02:30 PM, Rich Brown wrote:
Would you provide a link to the FCC article (for those of us who don't have a LWN subscription)? Thanks.

On Sep 24, 2015, at 7:44 AM, David Collier-Brown <davec-b@rogers.com> wrote:

_______________________________________________
Bloat mailing list
Bloat@lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/bloat

The Internet of criminal things

[LWN subscriber-only content]



Welcome to LWN.net
The following subscription-only content has been made available to you by an LWN subscriber. Thousands of subscribers depend on LWN for the best news from the Linux and free software communities. If you enjoy this article, please consider accepting the trial offer on the right. Thank you for visiting LWN.net!

Free trial subscription
Try LWN for free for 1 month: no payment or credit card required. Activate your trial subscription now and see why thousands of readers subscribe to LWN.net.

By Jonathan Corbet
September 23, 2015 We live in an increasingly software-defined world, a trend which has both good and bad aspects. The recent revelation [PDF] that Volkswagen has been selling cars that have been explicitly built to defeat emissions tests highlights one of the bad ones: software control makes the incorporation (and hiding) of antifeatures easy. We are, unfortunately, going to see many other incidents like this one, even though we have long had a vision of what at least a partial solution to this problem would look like.

Cars, at this point, can be thought of as a rolling network of computers with some interesting peripheral devices, some of which may involve internal combustion technology. The details of an engine's operation have been under software control for a long time, and replacement ROMs changing a car's performance characteristics have been commonplace for nearly as long. Modern "trusted execution" technology makes the creation of such ROMs more difficult, but that turns out not to be an obstacle if the company wanting to subvert an engine's control software is the manufacturer itself.

Volkswagen's hack must have been easily done: one could, for example, have the engine-control software apply a different set of parameters when a connection to the on-board diagnostic port is detected. No need for the attachment of a separate "defeat device" (as the press seems to like to call it) and no need for an elaborate company-wide conspiracy. A single commit by a single engineer at the behest of a single manager would suffice. In retrospect, the surprising part of this story is not that somebody at Volkswagen gave in to the temptation to engage in a bit of benchmark cheating; the surprise is that far more incidents of this nature have not yet come to light.

The consequences of this cheating are severe. Emissions testing is a key part of a strategy that has significantly improved air quality in American cities over the last several decades. Subverting that testing means more poison in the air, more health problems, and more environmental degradation. It is a criminal act on a massive scale. The consequences for Volkswagen are likely to be severe — but probably not severe enough.

As many others have pointed out, VW was certainly helped by the ease with which antifeatures can be hidden in software shipped to others. When we get into a car, we trust our lives and health to a large body of proprietary control software; the source is unavailable, so we cannot inspect it for bugs, vulnerabilities, or explicit evil. Legal regimes in much of the world make a crime out of reverse-engineering this software, so we cannot try to figure out how it operates even without the source. Digital rights management (DRM) mechanisms built into the hardware make that reverse engineering even harder; this DRM may even be mandated by government agencies fearful of individuals modifying their own engine-control software.

Those in favor of such DRM requirements should bear in mind that, by some counts, VW has shipped over 11 million cars with corrupt engine-control software in it. DRM has, in the end, enabled the crime it was meant to prevent, and on a far wider scale that would have otherwise been possible.

Cars are not the only vehicle (so to speak) for software that can hide user-hostile antifeatures. In the US, the Federal Communications Commission is currently pondering changes that would make it far harder to put free software onto WiFi devices. One need not even consider the damage such rules may do to free-software development, which has been the primary source of innovation and improvement in this area, to see where such rules could lead. We cannot expect corporations, many of which show levels of restraint inferior to that of a typical toddler, to resist the temptation to put spyware or malware into their widely distributed devices sitting in privileged positions on thousands of networks. We cannot really even trust them to adhere to the spectrum rules that are the motivation for the proposed restrictions; VW's lack of respect for emissions rules has made that clear.

Similar problems exist with voting machines, Internet-connected appliances, phone handsets, fitness monitors, set-top boxes, and more. Each of these devices is, at a minimum, in a position to spy on us. Keeping governmental fingers out of these devices is a challenge in its own right, but companies will often find a strong incentive to play games of their own. Companies that are struggling, or even those that fear a downturn in the next quarter's numbers, will often give in to that incentive; when all it takes is an easily hidden patch, why not?

This will not be the first time that somebody points out that it is hard to see a solution that doesn't involve making those patches harder to hide. That, of course, means moving toward something that looks a lot like free software. If VW's engine-control software were open (with reproducible builds so that the software running in a specific car could be verified), it would have been far harder for the company to get away with violating the rules for as long as it did. Source availability is far from a guarantee that the code will be reviewed or that any reviewers will actually find deliberately introduced antifeatures, but it improves the odds considerably. Many a company might find the backbone to resist temptation if it knew that its code would be reviewed by sharp-eyed outsiders. Said companies might just find the wherewithal to clean up the code and fix some of their bugs as well.
A free-software mandate for safety-critical (and privacy-critical) software seems unlikely to happen anytime soon, alas. Decriminalizing research into how these systems operate might be a more achievable goal, but there are challenges there too; the Electronic Frontier Foundation has run into significant opposition in its efforts to get a ruling that investigating automotive software is not a violation of the anti-circumvention provisions of the US Digital Millennium Copyright Act, for example. Hidden, proprietary software gives a lot of power to those who control it; they will not give it up willingly. As a result, we can, unfortunately, expect to continue to be subjected to surveillance and criminal behavior from the devices that we think we own. We can't say we weren't warned.


Did you like this article? Please accept our trial subscription offer to be able to see more content like it and to participate in the discussion. 





-- 
David Collier-Brown,         | Always do right. This will gratify
System Programmer and Author | some people and astonish the rest
davecb@spamcop.net           |                      -- Mark Twain
--------------060002070604040507040402--