Some of these machines must be located in parts of buildings with poor or no GPS signal. If you intend to install it in the sub basement of a large building what does the manufacturer say: “Nope you have to put in on the roof”?
Ooooh, nice.
GPS seems like an odd technology to use here, since it works so poorly in your typical concrete and steel industrial building. Does the machine need several minutes to get a GPS lock when you turn it on before it will accept a new job?
I’m more interested on whether this is a Warranty feature, as opposed to a Security feature. A GPS and Gyroscope sounds equally plausible if the manufacturer has a generous warranty for service.
Everyone seems to focus on the GPS for noticing the move, but I’m going to guess… it is not. The GPS would already give an error if it had trouble initializing in the morning. My guess is that the GPS is used to determine whether the thing has not been exported. It is the gyros that determine smaller movement.
OK, here’s an interesting concept: what happens if you tamper with the GPS signal itself? Could you trick every one of these devices in a given area into shutting down? Or just a competitor’s CNC? If this were to happen, how much liability would the manufacturer have?
There is an ongoing erosion of the concept of “ownership” in our culture. Most modern machine tools come with dozens to hundreds of “options” which you can unlock, not unlike a video game, the machine is already capable of doing the thing, but you can give them extra money to unlock the feature.
As for the idea of hacking your machine tool, or jail-breaking it… At a half a million or more dollars or more, and given that it was probably bought with a specific use in mind, it’s a pretty daunting task to start screwing around with something like this. If you wreck a computer or consumer electronic device you can reset it and start over, if you wreck a high precision high speed machine tool, you can easily be looking at tens of thousands of dollars to repair the thing.
I have had the misfortune of using many different CNC machines during my time as a machinist - one feature defines them all, and that’s shitty software.
Invariably built on DOS or embedded Windows CE with no automatic updating, they’re wide open to stuxnet style attacks.
One VERY popular German CNC machine ships with an open telnet port that you can log into with the option to upload firmware.
It’s a cliché to say that it’s a time bomb waiting to happen, but it’s bloody true.
Am I the only one who’s noticing more and more of these “OHMYGODOHMYGOD THESE EVIL COMPANIES ARE CONSPIRING AGAINST US!!!” posts every day? Five seconds of reflection ought to lead you to the completely reasonable explanation presented here. I mean, I’m not an engineer… but it’s pretty obvious to me that you can’t just move a piece of precision equipment like this around and not risk causing all kinds of damage.
I assume the on-site tech can override the GPS in such cases, which is why it has the gyro to fall back upon.
The GPS receivers typically use modules with NMEA output. This can be faked by a simple microcontroller.
The gyro (accelerometer?) chips are the same. Some are analog, some are I2C. Like in the previous case, an Arduino can be used for faking the chip’s output.
Voila, we end up with replacement chips that can be placed on the board’s buses and fake the business-as-usual output to the “brain” of the machine. (As a bonus, assuming no high-end crypto handshake is used, we can also add a chip for logging the interface communication, and intercept the unlock codes when the factory tech comes in.)
In both cases, attach a logic analyzer (e.g. a $10 clone of the Saleae one - a priceless thing to have around), record the data stream, decode it, write simple software to fake it.
This assumes no fancy crypto stuff happens in the interfacing, which at this moment I assume to be low-probable.
The US govt, in their capriciousness, is more dangerous to the world than all the “evil” countries combined, and nonsense like this should be clamped on hard and fast, with technical countermeasures rendering it irrelevant. Let stuff this ITAR crap to the appropriate body orifices of those who came up with it.
A better, more systemic way to deal with it would be democratization of high-end mechanical measurement methods (e.g. laser interferometers). Accuracy of a “below-limits” machine can be then greatly enhanced with a good closed-loop control.
High-tech tooling is more important than any other area of the patent/closed-source issue. The rents extracted from “owners” of tools by manufacturers and maintenance contractors slam the door shut on small companies who rely on the widely-varying expertise and abilities of small staffs. Tinkerers, to be blunt, are locked out of the entrepreneurial game when a product is moved from modeling to small-scale production. And for large companies like HP or Boeing this kind of licensing garbage makes them even more ponderously slow to advance the state of the art, making them even more vicious in defending the control they wield over their own markets. It’s a mutually-supporting hierarchy that has nothing to do with business and everything to do with feudal control in the private sector.
I’m the one who originally Tweeted about the Practical Machinists thread last night, the one that evidently inspired Cory to write this post.
I find his take on it extremely sensationalistic however.
1- There is zero evidence that DMG/Mori Seiki uses the ITAR interlocks as some sort of a “business opportunity.” In fact, they don’t even install the interlocks on their US built CNC machines destined for use in the US marketplace. Only the Japanese and German built machines have the ITAR interlock.
2- I’ve yet to see a single report of the ITAR interlock being used to enforce the terms of a financing deal. In fact, since the interlock requires machine movement to trip, I don’t see how it would be an effective tool to that end. Furthermore, DMG/Mori is not in the financing business; that’s between the bank and the machine owner. Given that I’m in the market (eventual) for a nice CNC mill that will be financed, I would love to see a link to Cory’s evidence of such!
3- The notion that the CNC mill interlock is somehow indicative of the machine being “closed” and “obscured” to the point where it could somehow be infected with a virus to make defective parts is patently absurd. Such a virus would need to know the details of the G-code program being used to cut the part well enough to know what functions could be fudged without obvious detection. Furthermore, any life-safety or mission-critical component ever made goes through numerous inspections after it comes off a CNC mill. Nobody, and I mean absolutely nobody, is taking parts spit fresh out of a CNC center and slapping them into life-safety stuff without numerous and highly documented quality inspections performed off the machine.
More importantly, CNC machines on par with something from DMG/Mori are not purchased by clueless consumers. While DMG/Mori machine are at the top of the class in precision, repeatability and speed, the market isn’t graded on a bell curve. There is significant competition in this class of tool from the likes of Makino, Okuma, Fanuc, Brother, Citizen, Tornos… Technology has even allowed some of the second tier machine makers to start reliably churning out extremely high precision levels that once required buying super high-end gear (Mazak, Haas VM-SS class mills). Machinists are damn near OSS/Linux levels of crotchety and paranoid; if DMG/Mori was using the ITAR interlock to push people around, they would lose marketshare near instantly.
In the end, I think the ITAR interlocks are an interesting feature. It is absolutely something worthy of chewing on with discussion. The amount of unsubstantiated sensationalism Cory presents in this post though, really strains credulity. In fact, it makes me question just how accurate and reasoned the rest of his body of work is now that I’ve squared his hyperbole up with a subject I know something about.
If not this, what’s your better solution from keeping one of these out of the hands of a rogue state?
On the other hand, whats to keep a rogue state from buying one of these (through a cut-out) setting up a fake environment that will make the machine think it is in omaha, set up a fake in omaha and get the code for your omaha machine?
Hell, why bother to go to that trouble, just set up a tool shop here in the US, build your parts and smuggle the “tractor engine components” back to RogueState?
Nah. We drag ours around on giant forklifts. We’ve moved locations twice and we’re always changing our layout, and all we’ve suffered is one cracked coolant tank.
Given my experiences with the issue, I’ve often thought that, at least, all academic and government investment in fancy instruments should include a stipulation that the software not be copy protected, so that you can still use your million dollar machine ten years later when the company that made it is defunct.
How about a virus that adds variation to the servo controllers? That wouldn’t require intimate knowledge of the program being run. But yeah, final inspection would catch an out of tolerance part. The machine could still be part of a thoroughly annoying botnet though.
So, if CNC ever goes out of business, all its machines are unusable if moved, effectively unsellable.
There may be good reasons for having machines that lock up like this, but at the very least, they should unlock via network connection/wifi. Requiring a human being to visit the machine is ridiculous.
… they’ll throw a couple of grands for a web app to automate the request/respond cycle.
Control is power. Nobody gives away control once it’s been acquired.
maybe that’s the problem, you know about CNC machines, and I can guess that Cory doesn’t. I think that he lets his desire for a radically open world (even though I agree with the premise) cloud his judgement sometimes, but I’m not sure that’s reason enough to dismiss the rest of his work.