[clug] October CLUG - Thursday Oct 22 - Lightning talks - short focused fun for all

Bob Edwards bob at cs.anu.edu.au
Mon Oct 12 00:26:23 UTC 2015

On 12/10/15 10:01, Paul Wayper wrote:
> It's worth keeping this in perspective, I feel.  VWs didn't belch smoke and
> flame when they weren't being monitored - so the increase in emissions for
> ordinary road users probably wasn't massive.

Wikipedia says "NOx emissions during driving were up to 35 times
higher." (https://en.wikipedia.org/wiki/Volkswagen_emissions_scandal)
which puts them well outside the regulatory requirements.
(Bob's comment: 35 times higher is "massive").

Wikipedia also cites various articles claiming, statistically based on
epidemiological studies, up to 100 people may have died in the U.S.
over some period of time due to the VW "defeat device"...

Whether or not they are actually worse than other diesel cars, I don't
know. But they were sold (and purchased) on the basis of having
compliant (or better than compliant) emissions, which they clearly
don't have.

>> When I worked in academia, teaching was the go. And there wasn't serious dough
>> applied to researching real stuff.
> Yes, car manufacturers, and governments, are powerful institutions.  But it
> was the US Environmental Protection Agency that discovered this hack, not some
> random hacker.  Government agencies do work for us as well.

Actually, it was a University that discovered the discrepancy (WVU), who
were getting "serious dough" to "research real stuff".

And the hack wasn't "discovered", as such, at all - it was reluctantly
admitted by VW in explaining the discrepancy to the EPA, so, clearly,
someone at VW did know about it...

> My "safe to tinker with" line is my own things.  I think we have a moral
> obligation to each other to look at the safety of things we own and use and
> tell people about what we consider to be dangerous, but we should neither
> manufacture fear nor use other people as our test subjects.  There are
> government and private organisations, as well as the press, to which we can
> report safety problems or concerns.
> And we also create new systems that are better.  I know a number of people
> that are making their own home automation systems rather than buy an
> off-the-shelf system that doesn't do what they want, costs too much or is of
> doubtful security.  The Debian reproducible build system tries to answer the
> same question in software: how do we know whether the software we use doesn't
> contain malicious code compiled in?  We as users and programmers and
> communicators can and do help make progress toward safety and security.

I guess there is a slight difference between home automation and vehicle
control. If my home-brew HA system fails, it could electrocute my
visitors, burn down my house and suffocate my family.

If my vehicle control system fails, at 110km/h on the freeway, it could
result in a multi-vehicle collision. Are you prepared to drive down the
same highway as my VW with "user-enhanced" stability control? (I don't
own a VW btw.).

I know that people do purchase "chips" for their high-performance cars
to "trick" (or "pimp") the Engine Management System. Do they know what
they are buying? Is "chipping" your EMS a relatively "safe" alternative
to full software builds for the entire vehicle control system? If I am
rebuilding the code on my diesel EMS, how do you know that my car is
not emitting non-compliant amounts of NOx?

> Have fun,
> Paul

More information about the linux mailing list