1x52: Immensely Deft

Jeremy Garcia, Jono Bacon, Bryan Lunduke, and Stuart Langridge bring you Bad Voltage, in which the legitimacy of colleges are called into question, nobody has a big enough backpack, and:

• 00:01:52 Volkswagen was recently revealed to have written custom software for their diesel cars to make them cheat on government emissions tests: when the car is being tested it runs in a low-power mode to cut its emissions and so pass the test. What does this mean for a world controlled by software, and how have the company handled the reveal in public?
• 00:18:42 Bryan reviews the System76 Serval Workstation, a beast of a "desktop-class laptop" with an alarming 6GB of video memory and weighing 8lb. We examine the use cases for this sort of and size of laptop, and whether the Serval is a good example
• 00:35:35 The idea of a "Delayed Public Licence": release your code under a proprietary licence now but it automatically becomes open source after a year. Useful, potentially, for people releasing mobile games for money but who also want to contribute to the commons? We see whether we think this idea would work and how useful it might be.
• 00:51:45 Hack Voltage: email to SMS gateways provided by your phone carrier, so you can send an email and have it be a text message. Mostly outside the US these are all gone, but they're perhaps very useful to US customers!

Download the show now!

Hi,

Ben here from the Linux Voice team. We use something very similar to the Delayed Public Licence. We produce a magazine (Linux Voice) that we print and sell just like a normal mag. Nine months after the mag goes on sale, we release it under a creative commons (CC-BY-SA) (you can see all the released mags here: http://www.linuxvoice.com/creative-commons-issues/. Obviously there are quite a few differences between magazines and software, but the basic principal is the same: a product goes from being closed to proprietary at a certain point in time.

There are of course tradeoffs, but it works well for us. I don’t think that we’d have a viable business if we released it under a free licence from day one, yet at the same point, I really like that we can give something back as well. From a cold-headed economics principal, I’m actually pretty sure we make money by releasing it for free as it encourages people to try out the mag who wouldn’t otherwise (i.e. people who don’t go to newsagents).

In the podcast, you talked about creating a new licence for delaying the release. I really don’t see the need for this – we just use a regular CC licence, but put a note in the mag saying that you can use it under this licence on a certain date. There’s nothing stopping you doing the same in the code, and that means you can use a standard licence and avoid any compatibility issues.

You do, and I thought we’d explicitly drawn the comparison to LV in the discussion, but it seems that that was in our pre-discussion about the topic; certainly the LV model is exactly the “DPL” and we were conscious of the comparison! It matches nicely onto the underlying assumptions that the “DPL” makes: that the released product is a single artifact, it’s closed while you’re getting paid for it, and then it’s open and a contribution to the commons so it doesn’t get lost, but the creators aren’t going to go back and continue to maintain it. It’s actually a better model for LV and other magazines/books/etc than it is for software… so you could think of this segment as “does the Linux Voice model apply well to software?”

The issue with the “the magazine/product becomes entirely open on date XYZ” approach, which LV can take, is that once an LV issue is released, I don’t think you make many changes to it; there’s no potential for ongoing revenue, perhaps? Whereas if a game or app is successful, you can imagine the “closed paid-for” version continuing to sell even after the date is reached, and it being 6 months ahead with new features, or you can get the 6-month-old version for free (and as Free). So there’s a difference between “changes I made on day 1” and “changes I made on day 179”… but a magazine doesn’t have that (as much, anyway) because they’re basically all “changes made on day 1”. If I’m explaining that correctly…

There is some potential for ongoing revenue in mag content by filling a website with adverts and using it to sell eyeballs. If you’re willing to create a website with those popup ads that are killing the internet, then you can make some ongoing revenue. If you’re a normal human who hates that excessive level of advertising, you’re right, there’s not much money left to make. The majority of the money we’re ever going to make on content is in the first month or two. And yes, we make very few (if any) changes later on.

Let us consider a ,DPL project - if this is going to work then it would need to get rapid bug fixes and security patches. This would require that the entire project switches to open source on a particular date, at least as far as point releases are concerned.

To illustrate my point let’s say @sil has an idea for a great game to release as an Ubuntu phone app. He writes it in total secrecy, perhaps with the help of a few others chosen by Stuart but closed to the rest of us until he is convinced it is ready to release.

He now releases it under a DPL. The source code is stored on a publicly accessible server and Stuart has complete control of who can have access to the source and who can commit changes. He may choose to keep It to himself or to work with selected individuals to maintain the code. Any bug fixes and security patches must be included in the publicly available source code once the source becomes public even if the patch was only released days before the code becomes public.

Once the source becomes public I am free to fork Stuart’s code or work with Stuart assuming he is happy to work with me.

Stuart now wants to produce a new version of his game with extra levels. He is free to release this as a new DPL project and generate more income. I am also able to release a new version with different levels but whether I am able to release this as a DPL and hence generate an income for myself or I have to release source code immediately will depend on Stuart’s original licence.

That depends on what the “DPL” actually says… and it’s probably that the “DPL” is not in itself a new licence, it’s just a statement saying “proprietary until YYYY-MM-DD, MIT licence afterwards” or something… and whether you can then take the code proprietary yourself depends on what the “(XXX) afterwards” is.

Dcma stopped VW getting found out

Yeah cos 'murica’s laws are valid in all countries or no one outside the USA does car hacking!

What VW did is what most companies do when publishing benchmarks of their software. Tune theirs to hell and use in a non-real-world scenario and compare with untuned versions of their competitors.

It happens in many other industries too.

On the system76 with portable workstation it makes me think of my parents old compaq portable III that was more luggable and not a laptop. Of cousre the sevral worsktation performs so much better but how is it that different if not a formfactor. I could see something like this being awesome for a teenager who has divorced parents and has to move between their two houses once a week and like put it in the car when being picked up while moving a whole desktop would be impracticle. Also this ends up costing more than some desktop systems Like the one I use for running vms of iso images that cost much less than what the serval costs and still has an i5 and 16 GB of ram an ssd and a spinny disk for large amounds of storage. Sometimes even when shopping for the parts themeselves things like what network chipset are stupidly hard to find which is one thing you don’t have to worry about with system76.

I found your VW discussion quite weird. Discussing whether they acted maliciously intentionally as a company seems redundant/obsolete to me at this point. And honestly, I don’t give a shit about whether an executive can tell a story that absolves him [because they are men], and don’t see how they could either.

And then you finally mentioned the actual issue but didn’t get around to talking about them.
Regarding what @maxsec said, American law propbably would be quite important even to researchers elsewhere.
But mor fundamentally, there just should not be any proprietary software in a car on a public street. Especially since you (as of yet) actually can’t ‘download a car’, there is even less of a competitive edge argument against such a restriction here than in the case of developing some mobile apps, as you discussed.
I don’t like any proprietary code, but in cases, the stakes seem particularly high with cars, both security wise and with regard to effective regulation as in the VW case.

I think the Linux Voice comparison is very apt here. Software like phone apps and videogames tend to (or perhaps should be) “complete” on release day in a way other software is not. Subsequent releases are either entirely new products, like a game sequel based on the same engine or new levels for the original, in practice just an anemic sequel.

However I see two flaws

1. Your project becomes android, where every few months you throw new code over the wall. This means outside Google the android developer community has no engagement with the project leaders. You can develop your own project based on the source (as indeed many have), but core android features will never be submitted by members of the Replicant community and Cyanogen devs have a huge overhead of work making a Rom based off new Android versions. To revisit the game analogy, what you have here is not a open source project, rather it’s a mod community.

2. Beating the drum of the LV & game comparison, the USP of both is your content. The software delivering it is almost irrelevant. Software features in games tend to be gimmicks quickly reproduced by the competition anyway (although I do love the LV epubs). Bullet time cinematography pioneered in The Matrix was on tv ads 18 months later, what holds up is content. This being the case, I foresee a no score win for game studios if the law mandated that all their code be open source. You cant re-compile and re-release Bioshock Infinite for the same reason you cant sell copied DVD movies.Ultimately the money is in the trademark and copyright, so the license of the software is irrelevent… unless you have a pro-free software opinion, in which case it should be open source.

I hate to have to admit this, but my first post here is in agreement with Lunduke, so now I’m off to bed to weep and drink whiskey.

Has anyone found word from “covin” in or relating to this episode?

There were no obvious things to check, unlike the previous times, but there may be more subtle differences.

I used to be involved in writing software and running a test cell for performing the US Federal Transient Protocol diesel emissions test (which was the one specifically referenced in the EPA’s official letter). The FTP test itself is a very sophisticated piece of engineering, and the requirements to run it are equally rigorous. But it would, in fact, be trivial to write some code to detect when the engine had been placed on the cycle for testing, and change the entirety of the emissions system’s actions in response. The test is EXACTLY prescribed, and MUST be performed to within a 92% statistical accuracy to count, and, for reasons I won’t try to delve into here, would be impossible to experience on an actual road. It’s a perfect setup to detect, and changing the behavior would never interfere with real-world driving. When the story first broke, I thought, “Clever.” It’s a perfect system to game. The point is this: it wouldn’t need a great conspiracy, as you chaps went on about at length. Just one guy could write a little bit of extra code to detect the load and throttle positions of the test, then put all of the proper emission system’s response in a big ELSE statement that would only apply on-test. Maybe there’s a manager who should be reviewing code commits to check it, but this could be done with very little effort.

Very useful actual information! Thank you. I think my question there, which I tried to bring up in the show discussion but I think not very clearly, is: why would that one engineer do that? It’s very obviously not her job to reduce emissions: that’s the job of the engineers who make the actual engine. The software people just report what the sensors say. Certainly the engine people might say: it is really hard to make our emissions low while still being performant and it would be dead handy if we could just lie on the benchmarks, so let’s get one of the software engineers to add some code that does the lying… but that is a conspiracy at that point, no?

On the VW side, to my understanding it was hardware as well as software. A freind of mine’s car is on the list and they’ve requested to change engine parts (not just software). This definitely means a wide spectrum were aware and am inclined to believe that streched to the top.

It reminds me very much of the New of the World case in the UK where the Cheif Editor of the paper denied any knowledge of the phone hacking taking place (utter bullshit imo). Fortunately, for her, she has friends at the top, so got away with it, VW won’t be so fortunate.

I also believe all car companies do this, it’s very apparent on the MPG tests, for example.

Another soul has been corrupted. Eeeexcellent…

The segment on the System76 luggable caught my interest. I’ve been looking for a new heavy lifting laptop for awhile. While I have a desktop, it’s something I haven’t upgraded since 2009, and it’s seriously showing it’s age. On the other hand, I have a monster 17 inch Lenovo Ideapad that I acquired during a short surge in LanParty attendance a few years back. It’s got switchable graphics, and horrible Linux support. The low end mobile Nvidia card in the machine performs relatively OK in Windows, but framerates in games are almost unusable in every distro I’ve tried. (Ubuntu, Debian, Arch/Antergos thus far.)

Thanks to the way I live right now, a desktop doesn’t fit into my life all that well. I mostly stay in hotels to be close to work, and prior to me ditching it for financial reasons, my “home” was a single, rented bedroom in someone else’s house. I have a general use laptop that serves most of my needs - a ThinkPad ultraportable from the first gen I7 days. However, there is the rare occasion that I need a heavy lifting machine. Not necessarily for games, although that’s a nice perk, but more for building testing and lab environments that I can use for tinkering with new technology. My job is an unusual hybrid of technical writer and systems admin, and a homelab is a must with this line of work. No home = no homelab. Unless it fits in the trunk of my car.

I’ve been evaluating Lenovo’s ThinkPad Mobile Workstation line recently, since they added Xeons to the lineup. The draw of something like the Serval with full Linux compatibility guaranteed out of the box is attractive to me. It definitely has the horsepower that I’m looking for, and the praise that System76 has received from Bad Voltage presenters regarding build quality has calmed some of my fears. That said, the pending Lenovo ThinkPad P70 is still topping my list because of one major factor. I hate to be this guy, but 1080p is limiting at 15/17 inches, especially with the amount of power that’s packed into the Serval. Both Lenovo’s 15 inch P50 and 17 inch P70 are available with 3840x2160 displays. That extra screen real estate comes in handy when I’m spinning up a dozen VMs to do some form of automation testing, or on the rare occasion that I have to use my laptop as an impromptu DR site for a customer while I bring their server hardware back online (this nightmare has only happened to me once, thankfully). If System76 can crank that screen resolution up just a notch on their 17 inch model by the end of this year, especially after the headaches I’ve experienced with my current Lenovo desktop replacement rig, the Serval will jump to the top of my purchase list for this December.

Im not sure if it l like the delayed licence for everything but for a short time project which you dont want hanging around your neck then the get money back then freedom method is better then “well im not fixing it, you remake it instead”.

I suggest we call it “the SLOW Licence”, Stuart Langridge Lobs it Over the Wall Licence.

Regrettably there’s more than one app I’ve paid for, used happily for a while, then suggested a new feature or bug fix to the author, and received oh, I don’t use that app any more so I’ve stopped maintaining as a response - but it’s still available in the app store in-case anyone wants to throw money at it.

Perhaps the app stores should require publishers to use their code hosting, and if there’s no update after six months the repository goes public? Of course a build system would also need to be provided to make sure the code in the repository is actually what is being published. And perhaps they would want to ignore code changes that are insignificant (like comments and blank spaces).

Obviously some big name publishers wouldn’t go for this. It could be a two tier system - small developers pay a bit but are subject to this system; big developers pay a bit more but have longer escrow periods or are totally exempt.

This is much more feasible where the ecosystem is very narrowly defined (mobile operating systems, Chrome OS, etc.) as opposed to general computing.