|
| miohtama wrote:
| All mentioned projects look to be web focused? I would assume
| most of Porsche's software value-add is in embedded systems. Can
| open source make a dent in the car components themselves?
| jacquesm wrote:
| I like the basic idea, but unless Porsche moves away from
| manufacturer lock-in for all of the software on board of the
| vehicles, including the inability to inspect and/or repair the
| underlying hardware not much of use will come of efforts like
| this. It's like so many other brands that claim to love Open
| Source Software for marketing purposes but that continue to
| refuse to open up the key components of the software that they
| ship.
|
| Porsche could make some _real_ headlines by opening up their ECU
| code and the code that drives their infotainment systems, would
| be nice if it was accompanied by schematics and the tools
| required to read-out and re-program the hardware.
|
| Fat chance that will ever happen because 'safety', 'environment'
| and a bunch of other fig-leaf excuses.
| bri3d wrote:
| The biggest excuse is much more reasonable (albeit annoying,
| the same reason why most board support firmware isn't open
| source): ECUs are built using code generation from models
| (ASCET, LabView/Simulink, etc.) on top of 10 layers of
| proprietary middleware and compilers, using components supplied
| by hundreds of consulting firms, so an open-source effort would
| have to be a paradigm shift in the industry from the ground up.
| It's not something Porsche could decide to do on their own.
| jacquesm wrote:
| Well, they could dedicate a team to it if they were serious
| about it and work with open source advocates to make it all
| work.
|
| I'd rather have a tarball with hard to parse code and weird
| tooling than nothing at all. But - as I said - I have no
| illusions about this and see it as a marketing effort.
| AlotOfReading wrote:
| In my experience it's fairly common even for the
| manufacturer to not have full access to the code, let alone
| permission to open source it. I don't think it makes it
| merely a "marketing effort" if they avoid that.
| jacquesm wrote:
| Yes, I'm aware of that. Which is why my assumption that
| this would be a red herring was born out. As long as
| Freescale and Bosch are in control I don't see any of
| this changing.
| thot_experiment wrote:
| Honestly just documenting the APIs the different components
| use to talk to one another would be incredibly helpful.
| There are so many things that could be done in the pursuit
| of openness that absolutely won't be.
| posguy wrote:
| Volkswagen (Porsche's parent company) certainly has the scale
| to make this happen. Seems like its entirely a corporate
| culture issue, same as what plagues Volkswagen's EVs and
| newer cars with terrible infotainment systems.
| FirmwareBurner wrote:
| _> Volkswagen (Porsche's parent company) certainly has the
| scale to make this happen. _
|
| Yeah, but VW and Porsche are into selling cars not OSS so
| their priorities are aligned with that.
|
| Think of it from the bean-counter's perspective, which run
| these companies: why would they invest resources into
| sharing your SW as OSS if that's not gonna sell more cars?
| AaronM wrote:
| I think you can make that same argument for many large
| companies that contribute to OSS though.
| FirmwareBurner wrote:
| Contributing to OSS is one thing. Open sourcing your
| existing closed source internal SW is another and is
| hugely risky legally as that could have many faults and
| bugs that could get them sued if discovered.
|
| Toyota had the unintended acceleration lawsuit during
| which an external audit discovered several bugs and
| deficiencies with their SW, testing, and dev process.
|
| Knowing this, why would any car manufacturer air their
| dirty laundry in public for the sake of OSS? Their
| lawyers would definitely advise them to never OSS
| anything internal out of the kindness of their hearts as
| that could backfire spectacularly.
| Kim_Bruning wrote:
| Hiding safety flaws? That doesn't sound like a very
| healthy safety culture.
|
| This sounds like a good reason to have a little
| government regulation to align incentives with safety
| interests.
| FirmwareBurner wrote:
| _> Hiding safety flaws? That doesn't sound like a very
| healthy safety culture._
|
| Welcome to the real world of corporate profit making. You
| must be new here.
| jacquesm wrote:
| It'll never happen because regulators don't get involved
| except on the most abstract level (say: a recall with a
| proposed fix).
| bri3d wrote:
| I strongly doubt this is the main reason. I think it's
| simpler and just like most hardware: there's no
| perception that open source adds value, and re-
| negotiating IP agreements with hundreds of sub-vendors
| would be unreasonably expensive in and of itself even if
| the vendors were amenable to open source. We see the same
| thing in plenty of non-safety critical hardware areas:
| board support packages, device drivers, graphics stacks,
| and so on. There's no perception that open source adds
| value in the hardware industry at large.
| jacquesm wrote:
| This probably strikes a lot closer to the real story.
| dongping wrote:
| To commoditize your complements, so that you don't have
| to pay license fee to your suppliers.
|
| In a way, the German OEMs have been trying to do so, but
| mostly via different standardization efforts
| (OpenSCENARIO for example) so that they can easily change
| suppliers.
| therealcamino wrote:
| Sure, but is the owner's experience really a complement?
| I don't think it is. It's a huge part of what they are
| selling.
| thistoowontpass wrote:
| Curious, who are the main consulting firms active here?
| dongping wrote:
| Bertrandt, IAV, EDAG, to name a few (link in German):
|
| https://de.wikipedia.org/wiki/Entwicklungsdienstleister#Top
| _...
| ryeights wrote:
| PIWIS for the people!
|
| I got briefly excited that Porsche was going to make this
| happen.
| svorakang wrote:
| Neither safety now environment is something you can easily wave
| at like that. Also, you're completely missing security concerns
| and legislative.
|
| I have worked in the automotive embedded software industry
| since 2009 and I have got caught in the safety track in my
| career. It's a strange place to be, because the basics are
| extremely simple, yet it takes hundreds if not thousands of
| man-years to get a modern vehicle reasonable safe just in terms
| of the electrical system (this includes the software in
| automotive terms). There are so many ways to make a mistake
| that could easily result in an accident. Even the window
| regulators have non-trivial implementation concerns for anti-
| pinch. Allowing a random hacker to override this is a terrible
| idea. Now imagine what kind of mess you could do with brakes
| and steering...
|
| Designing a vehicle to be hackable will very likely lead to an
| unsafe vehicle.
|
| I believe what I just wrote applies similarly for security too.
|
| Furthermore releasing software for the market, extensive
| testing is carried out by an independent body to ensure that
| legislation is followed. Even conceivably simple things such as
| lighting or headbeam alignment is a pretty large problem domain
| by itself. Also, so is just the communication standards for
| diagnostics.
|
| I would say that large changes would be required to transform
| this industry. In some, protected domains there is use of open
| source, such as Qt/Linux for HMI, but opening the HMI to be
| fully hackable is unlikely to happen. There is quite some
| liability to make the HMI non-distracting.
| frenchie4111 wrote:
| I think their point / the general FOSS argument is that those
| 1000 of man-years would be turned into 10000 man-years if
| these things were open sourced. A similar security concern
| could be waived at things like openssl, but it seems pretty
| inarguable that openssl is a net-positive for security.
| svorakang wrote:
| I'm all for open access to the code for the sake of safety.
| On the other hand, I'm completely against hobbyists
| accidently bypassing a safety mechanism.
|
| Open access, but secure access to software download could
| make sense, at least for commodity parts.
|
| When it comes to features with competitive advantage,
| though, I don't see that OEMs or its suppliers have
| anything to gain.
| jacquesm wrote:
| > On the other hand, I'm completely against hobbyists
| accidently bypassing a safety mechanism.
|
| Accidentally.
|
| Besides that: it should be fairly obvious that hobbyists
| are not going to 'accidentally bypass a safety
| mechanism', they can cut their brake lines as well and
| they don't generally do this. What you'd see is that the
| aftermarket would finally be able to produce stuff
| without dealers in between and people with the 'right'
| kind of tooling (authorized by the manufacturer) to get
| your replacement to be recognized by the firmware.
| Because of course absolutely none of this would ever be
| used to protect the bottom line. Right?
|
| Also: if anything open sourcing this stuff would likely
| result in _more_ rather than less safe vehicles, maybe at
| the expense of a couple of embarrassments. Because I have
| absolutely no illusion about the people working on these
| systems professionally to be somehow magically better
| than the ones that work on them for themselves, after
| all, they have a pretty big stake in the outcome.
|
| Imagine that, working on your car in a safety related
| way... replacing brakes, steering housing components,
| linkages, suspension components tires and so on is all at
| least - if not more - risky than working on software.
|
| FWIW one of those 'safety features' tried to kill me
| twice and caused me to let go of my recent car and switch
| to a 1997 issue vehicle that has behaved quite
| predictable compared to that modern one. Whose 'safety
| features' could not be disabled.
| jacquesm wrote:
| Oh dear, I wonder how I'll ever be able to use the code I
| wrote over the years that controls uncounted lathes, mills,
| plasmacutters, lasers and a whole raft of other industrial
| tools.
|
| Obviously the only people that can be trusted with our safety
| are the manufacturers, because the people whose lives are on
| the line are irresponsible madmen.
|
| > Designing a vehicle to be hackable will very likely lead to
| an unsafe vehicle.
|
| Vehicles _are_ hackable, but they 're not documented which
| makes them more dangerous, not less dangerous. Witness
| comma.ai and others.
| adhesive_wombat wrote:
| I'm all for open things, but that's a false equivalence.
| You don't use those tools on a public road around
| unsuspecting others.
|
| In the same way you can't just merrily hack about with a
| plane. The FAA don't really care that much if you die in
| your experiment. They do care if the burning wreckage falls
| on someone minding their own business.
| jacquesm wrote:
| And what makes you think that the current crop of
| automotive software written in either asm or unsafe C is
| going to be any better than what you or I would produce?
| I've had a very recent model Mercedes C-class nearly kill
| me twice on account of buggy software. So much for that
| 'stellar' (pun intended) reputation. My current car is as
| dumb as it possibly could be.
|
| I'd expect that if any ECU software was to be released
| that we'd finally realize how bad things really are and
| that there would be a massive amount of work done on
| making sure these pieces of critical software would be as
| safe as they could possibly be.
|
| Note that the norm is 'a subset of C deemed to be safe'
| but that what I've seen of such development would not
| pass my personal threshold for quality work. In fact,
| rather the opposite. On the plus side, the hardware
| people usually know their stuff and realize what is
| dangerous to pass to the software people so with some
| luck your vehicle will use an FPGA for any kind of really
| safety critical stuff (or processors embedded with the
| relevant hardware, such as ABS and so on).
| thomastjeffery wrote:
| Hackable does not mean _crackable_. The best security
| implementations in the world are free software.
|
| I'm not even a tiny bit convinced that making cars hackable
| would be a detriment to safety. Give me one example of that
| happening in literally any other sector.
| svorakang wrote:
| You might have a point there, but I struggle to find any
| completely hackable product that is also safety-critical.
| Some airplane, nuclear reactor or some train, perhaps?
| jacquesm wrote:
| Any old car will do.
| bboygravity wrote:
| Why would it (legally) be on the car manufacturer if someone
| hacks his own car and causes an accident because of
| modifications to the ECU (firmware)?
|
| This doesn't intuitively make sense to me. At the very least
| there are probably huge differences between countries when it
| comes to this?
|
| Aside from the fact that some people would likely love to
| modify their car in every way possible to use it on the
| racetrack or whatever private property?
| jacquesm wrote:
| Or maybe to make it _safer_.
| debatem1 wrote:
| > I believe what I just wrote applies similarly for security
| too.
|
| Automotive security is nearly an oxymoron. The reasons for
| that are simple: the difficulty and expense of attacking a
| vehicle exceeds the bored grad student/curious tinkerer
| threshold, and the automotive industry has collectively the
| worst attitude towards security I've ever encountered.
|
| The depressingly predictable result is that third party
| automotive security testing is a sport reserved for people
| who are extremely disinterested in disclosing their methods
| to you, aka the actual attackers.
| lo_zamoyski wrote:
| And someone could respond "Okay, fine, tampering with the
| onboard software voids the warranty and shifts responsibility
| to the tinkerer." But that's a liability issue. The safety
| concern is still there regardless of who is held responsible.
| A change that seems innocuous may, in fact, be breaking
| safety regulations. This is a big deal and a matter of public
| concern.
| yjftsjthsd-h wrote:
| Okay, so for the moment leave aside the safety critical bits
| (only for a moment) - what's the excuse for not opening up
| the center console? That generally is already segregated and
| only handles non critical functions.
| jacquesm wrote:
| Center consoles have been used quite successfully as
| beachheads by hackers to be able to get into more important
| systems because car manufacturers are typically utterly
| clueless when it comes to security. So obscurity is a very
| large part of their security. Of course that doesn't really
| work with the most motivated parties (car thieves and their
| captive techies) having a field day with this.
|
| Hyundai and Kia are reportedly so bad that they ended up
| paying out a large amount of money to compensate owners.
|
| https://www.reuters.com/legal/hyundai-kia-
| agree-200-million-...
|
| But don't worry, it's been fixed now. Probably.
| matheusmoreira wrote:
| > Allowing a random hacker to override this is a terrible
| idea.
|
| It should be a basic right no matter how "terrible" a idea it
| is. We hought it, we should have full control. Void the
| warranty or something.
| PaulWaldman wrote:
| >It's like so many other brands that claim to love Open Source
| Software for marketing purposes but that continue to refuse to
| open up the key components of the software that they ship.
|
| Nobody is buying a car based on the manufacturer's love of open
| source software above other factors. "I really liked the size
| of the X3, but went with a Macan because Porsche loves open
| source software." Said no one ever.
| layer8 wrote:
| RMS might. ;)
|
| https://www.reddit.com/r/linuxmemes/comments/jx6fz1/stallman.
| ..
| sampli wrote:
| Big headline, small impact
| globular-toast wrote:
| So does hashtag mean something sort of like a mini proper noun
| now?
| elzbardico wrote:
| By the way, is there any open ECU/Sensor/Inject solution that
| someone could buy to retrofit old engines?
| sokoloff wrote:
| https://megasquirt.info/ is one (and one of the most well-
| known).
|
| I've considered doing a retrofit on a classic Mustang V8, but
| the old-school carb works well enough that it's not been a
| priority.
|
| Edit: sibling comment correctly identifies the code as not
| open-source. (I could have sworn it was; perhaps it started
| that way, or perhaps the amount of open it was when I last
| looked in detail was sufficient for my plans.)
| tadfisher wrote:
| Speeduino is the open-source (as in hardware and software)
| solution. Megasquirt is most definitely not open.
| djaychela wrote:
| As mentioned in another answer, megasquirt. I used the first
| generation one to retrofit injection to my carburated rally car
| with home made manifold and repuposed injection throttle bodies
| from a gpz 1100. Even badly self tuned it worked better than
| the carb did.
| jacquesm wrote:
| Yes, several actually with a more or less drop-in replacement
| for anything from 3 to 12 cylinders, it mostly depends on how
| much work you want to do adapting a particular piece of
| hardware to the sensors on your car's engine. That's the hard
| part, once you have reliable sensor data it's mostly
| configuration work and you're good to go.
|
| Off the top of my head, non-free licenses:
|
| - AEM
|
| - Haltec
|
| - MegaSquirt
|
| - Motec
|
| - Profec
|
| Free licenses:
|
| - Speeduino
|
| - RusEFI
|
| And probably many others.
|
| There are also special units designed for the race track folks.
| aktenlage wrote:
| Even if this just a small step and essentially nothing, when
| compared to software giants like google, I consider it a good
| sign that such traditional manufacturers do their first humble
| steps into a good direction.
| maelito wrote:
| Looks like a Vercel, probably Nextjs error ?
| Hydraulix989 wrote:
| Porsche is just VW. Why can't VW spearhead this for a much
| greater impact?
| broodbucket wrote:
| The VW group is _weird_. From the outside it looks like they
| must have the most mental internal politics, unlikely that they
| 'd push an initiative like that through all their brands that
| operate almost as distinct companies
| mathverse wrote:
| It took german automakers a decade to be international and they
| still hire just "german" speakers to some teams. Hard pass.
| leonheld wrote:
| Germany companies are so weird in this aspect, and I honestly
| believe it's why they kinda lost the tech race. The US is very
| much different in this diversity aspect, which honestly seems
| like a success factor.
| avar wrote:
| There's US tech companies hiring people that don't speak
| English?
| yurishimo wrote:
| No, but I think it's different when you consider that 90%+
| of the Germans on these software teams also speak pretty
| good English. I'm not saying that employees don't need to
| learn German, but you can give them a few years to catch up
| rather than leave willing talent on the table.
|
| The Netherlands has done a much better job in this regard
| and is why they are booming as a headquarters for EU
| fintech companies. Sure, speaking Dutch will always open
| more doors for you as an employee, but most companies will
| not outright dismiss your CV because you can't speak the
| language on day 1.
| jacquesm wrote:
| In NL in IT it isn't rare at all to find people who don't
| speak Dutch, even in management (all the way up to
| C-level) positions.
| leonheld wrote:
| You know it's not a fair comparison due to how widespread
| English is and German is not.
| radiator wrote:
| Why did you put the word german in quotes?
| awill wrote:
| They're using Android?
|
| I think they'd be much better off using something like Automotive
| Grade Linux. Google's car ambitions have been pretty disastrous,
| including the newer Volvos. Reviews of the Volvo Android
| Automotive infotainment are just awful. And I don't trust Google
| to not abandon it.
| leke wrote:
| Application error: a client-side exception has occurred (see the
| browser console for more information).
|
| Did we kill it already?
| super_linear wrote:
| Potentially vaguely related, the Eclipse foundation project GM is
| backing to establish an open source protocol for vehicle app /
| service communication:
| https://projects.eclipse.org/projects/automotive.uprotocol
| blt wrote:
| Hey Porsche execs: The actual recipe to attract better developers
| is to raise your salaries.
| actionfromafar wrote:
| "Application error: a client-side exception has occurred (see the
| browser console for more information)."
| jancsika wrote:
| From the history of FOSS phones, I feel like we need to start
| much smaller here.
|
| How many lines of code would it take to build a FOSS golf cart?
| choppaface wrote:
| Does Porsche even know how to software?
|
| When the Taycan was new, it had horrible software and the system
| would crash on the freeway. A Googler dug in a bit with the
| dealer and found it was running docker / docker compose and a
| bunch of the containers would just die sometimes. He banded some
| other Google Taycan owners (there's probably a group ..) and they
| got their own NHSTA recall. Here's an example of one of the many
| recalls:
| https://www.taycanforum.com/forum/threads/wnj8-wnk1-ana6-sof...
| bryancoxwell wrote:
| I love the idea but boy the use of hashtags is nauseating.
| ChrisArchitect wrote:
| Blog post announcing it from (2021). How's it been going since?
|
| https://news.ycombinator.com/item?id=28627902
___________________________________________________________________
(page generated 2023-11-12 23:00 UTC) |