Hacker News new | past | comments | ask | show | jobs | submit login

Why is it illegal infringement if one modifies embedded software locally (as opposed to selling it). Is that not the equivalent of writing a note within a book? “assure that the intellectual property of Manufacturer, including copyrighted software, is fully protected from illegal infringement through the modification of Embedded Software; …”



You can have right of repair in 1 day the free market way - no copyright protection, patents or damages awarded for chip firmware or repair manuals.

This is the great fraud of our time - Right to Repair is portrayed as government intervention in the free market and excersise in socialism

When actually it is the Government that grants John Deer artifical monopoly on bits and bites and doesn't just fine, but imprisons anyone who doesnt agree.

Copyright, itself a fraudulent name, is a privilidge, awarded to advance sciences and arts. Where it does not advance anything, it should not apply.


I agree that copyright sucks, but I don't see, in copyright-free world, what would prevent a hardware manufacturer from making the firmware impossible to modify for example by using hardcoded signature verification.


If the tractor is my property, I don't understand what gives John Derr the right to prevent me from modifying it how I see fit.

Imagine they did this with a physical object, broke into your house and stopped you from opening the engine - that would be tresspass and a dozen other crimes. Why is it legal just because it's digital?

This is why people are calling it Neo-feudalism or digital feudalism, the relationship is lile between me the serf and john deer the medieval Lord

Also I am not against copyright, but it was created for books 200 years ago, not control software that determines if you go bancrupt, or live or die.


> I don't understand what gives John Derr the right to prevent me from modifying it

OP described exactly what prevents you from modifying hardware you own how you see fit:

> hardware manufacturer from making the firmware impossible to modify for example by using hardcoded signature verification.

If you don't understand this entirely technical mechanism, then you should read into it to find out what we're really up against. Basically, the chip running the software is set up to only run software that has been cryptographically signed by the manufacturer. If you modify the software, the chip refuses to run it.

If you painstakingly opened the chip and managed to change a few of the right bits, you might be able to convince that one chip to run different software. But you wouldn't get any information that would help you run software on other, unmodified, chips - the private signing key stays with the manufacturer, the chips themselves only contain the public verification key. Of course manufacturers employ techniques to prevent such physical attacks, so you wouldn't have an easy time of it either.

The straightforward path to overcome would be to completely swap out the chip for another without such a restriction, and completely rewrite the software, but then you're up against the churn of the market - the model (and hardware revision) you've specifically designed a replacement for will be a tiny fraction of the market.


I think we are sort of in agreement, that if John Deer is allowed to encrypt firmware such that the user cannot access it, then we are stuck.

I was trying to point out that securing the chip against the owner of the tractor should not be legal - in the same way that taking away a wheel from your tractor would not be allowed -it now your property


We're definitely in agreement for how the world ought to work. My larger point is that this isn't merely a problem created by the government through the legal system - for which statements of "ought" would have straightforward implications of getting rid of the oppressive laws. Rather it seems to be a problem due to informational complexity, and will take positive government action to reign companies in, similar to the privacy issue.

On the technical side, the difficult bit is coming up with ways that discern the owner of a computer from a mere possessor of a computer. There are many legitimate cases for protecting against a mere possessor (evil maid, datacenter, theft prevention), to the point that blanket outlawing processors with built in code signing isn't going to happen. The only way I've thought of is through some sort of time delay where if you put the processor in a debug mode and let it sit there for a period of time (say a week), you'd then be treated as the owner and could reflash signing keys etc.

The simple legislative approach would be to make it so that a manufacturer has to create an automated process of signing code hashes supplied by legitimate owners, that would allow the code to run on the owner's hardware. But this would just be constraining the centralized power that manufacturers have and hoping the law would be strong enough to enforce it (and keep enforcing it), rather than reforming the capability to begin with.


>On the technical side, the difficult bit is coming up with ways that discern the owner of a computer from a mere possessor of a computer. There are many legitimate cases for protecting against a mere possessor (evil maid, datacenter, theft prevention), to the point that blanket outlawing processors with built in code signing isn't going to happen.

That idea is so easy to abuse (e.g. are you sure you become the owner when you buy a computer?) that IMO there really should be no distinction between owner and possessor. If you have physical access to the device you should be able to do whatever you want with it. Physical security is easy for people to understand, unlike public-key cryptography. I'd much rather have maids steal my encrypted bits due to my carelessness if it means I have full control over my hardware.


The ownership vs possesion is definately tricky, as the history of crypto is littered with lost or stolen keys, etc.

I'd like to see the keys to the kingdom being unique for each machine and being handed over to the owner when the purchase is made.

As for positive government action- I think government plays 'neutral' action when it sets the rules of the game, and current rules of the game are, you could be consodered owner of a vehicle even though you don't have keys to the software.

Those rules are wrong and need changing - because we have never explicitly set the rules for what does it mean to own an object with firmware.

I am trying to frame it in such a way, as to make it clear that we arent asking manufacturers for concession, we are correcting illigitimate market behaviour, sort of like selling snake oil.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: