[HN Gopher] Dieselgate, but for trains - some heavyweight hardwa...
___________________________________________________________________
Dieselgate, but for trains - some heavyweight hardware hacking
Author : GruHe
Score : 617 points
Date : 2023-12-08 11:20 UTC (11 hours ago)
(HTM) web link (badcyber.com)
(TXT) w3m dump (badcyber.com)
| GruHe wrote:
| A train manufactured by a Polish company suddenly broke down
| during maintenance. The experts were helpless - the train was
| fine, it just wouldn't run. In a desperate last gasp, the Dragon
| Sector team was called in to help, and its members found wonders
| the train engineers had never dreamed of.
| ale42 wrote:
| See also the discussion/comments of the previous post of a
| related article: https://news.ycombinator.com/item?id=38530885
| greesil wrote:
| But was this sabotage by an insider at the manufacturer, or
| something deliberate by the manufacturer?
| HPsquared wrote:
| If the manufacturer did it, doesn't it still fit the
| definition? It's something like "deliberately causing something
| to fail", regardless of who does it.
| mannykannot wrote:
| The higher-up the decision went, the worse it is.
| 93po wrote:
| While I believe intentions were malicious, it's very easy to
| argue that
|
| 1. it's not failing, it's disabling
|
| 2. it's a safety feature - "SPS can't safely maintain these
| trains, so we have a safety lock out if they attempt it"
|
| 3. there is a ton of stuff that works this way - even Harley
| Davidson motorcycles require authorized maintenance and the
| bike's computer won't accept repairs unless a proprietary
| tool is used
| yetihehe wrote:
| Newag was required by contract to provide accurate service
| manuals so that competitors could safely maintain the
| trains. This was not a "just take your car to dave, he
| knows some stuff". For SPS and other competitors this was
| like "you need to show every certification that exists and
| certify all your tools to prove that indeed you can service
| those cars, or you will be foreclosed due to fines". Plus,
| they were provided ALL service manuals, like 20k pages to
| follow to the letter.
| 93po wrote:
| i wouldnt be surprised if this info _was_ somewhere in
| those 20k pages, and perhaps if the procedures were
| actually followed, stuff like GPS based lockouts wouldn
| 't happen
| rcxdude wrote:
| Ah yes, on appendix 35 of section C, "do not store the
| train in your service yard specifically or it will stop
| working"
| metadat wrote:
| The article covers this, and says the information about
| the lockouts was not in the manufacturer provided
| manuals.
| 93po wrote:
| According to who?
| metadat wrote:
| Directly in TFA, matey: > Newag explains
| that the train were > blocked by a "safety system"
| - but in > the 20,000 pages of instructions, it
| > is in vain to find even a mention > of it.
|
| No mention whatsoever in the maintenance documents. It
| then becomes prudent to question the intentions and
| fitness of the company behind such a product.
|
| This episode puts even John Deere to shame. I'm imagine
| JD are enjoying themselves right now on this Friday
| afternoon.
| marcosdumay wrote:
| On #2, that's sabotage. Also, on #3, that's sabotage too.
| korhojoa wrote:
| There wasn't just one manufactured failure, but multiple
| different ones. Refusing to help would also point towards
| intentional malice. Why would you sell a product, then refuse
| to assist, unless you've intentionally designed the product to
| fail so only you would know how to make it work again?
| greesil wrote:
| To what end? So they can sell more trains? That makes no
| sense.
| snthd wrote:
| >The train manufacturer, Newag, also competed in the tender
| to carry out the maintenance, but the manufacturer's bid
| was about 750k USD higher and the tender was eventually won
| by SPS, which offered to carry out the maintenance of 11
| trains for around 5.5 mln USD.
| Crosseye_Jack wrote:
| Just thinking outloud. But if you made it so your
| competitor couldn't fulfill their servicing contract,
| then the entity taking out the contract might just very
| well come to you to solve the problem. You might not win
| the contract on price, but win it by default because you
| made it impossible for anyone else to complete it.
|
| That is until your scheme is uncovered because you left
| the GPS coordinates of your competitors workshops in your
| code.
| bluGill wrote:
| More sanely (not to be confused with likely!) the courts
| will decide that since this is something only the OEM can
| do, it must done at no charge as part of normal warranty
| work.
| josefx wrote:
| These trains will be used for decades. Normal warranty
| wont cover anything of note.
| bluGill wrote:
| Warranty should cover this - if the manufacture won't let
| it be fixed by someone else than in should be free.
| InCityDreams wrote:
| Every once in a while there comes a point where the
| discussion of high-currency-shorthand pops up:
|
| >5.5 mln USD. U$5.5m? Not saying I'm more correct than
| anyone else, but the former seems outlandishly long.
| HPsquared wrote:
| 5.5 millidollars?
| snthd wrote:
| mln is from the Polish original.
| smolder wrote:
| They wanted to prevent third party repair services from
| being able to repair their trains, so that they could keep
| those maintenance contracts for themselves.
| virgildotcodes wrote:
| It seems like the trains were programmed to cease
| functioning if they spent more than 10 days at the GPS
| coordinates of maintenance shops not owned by the original
| manufacturer.
|
| This would force the government to rely exclusively on that
| manufacturer to then fix these trains and perform all
| future maintenance.
| rakoo wrote:
| How does that make no sense ? That's the whole point of a
| business.
| mannykannot wrote:
| The idea that does not make sense is that this would
| increase train sales, not the idea that selling more
| trains would be good for business.
| drucik wrote:
| After sales support, as in spare parts and maintenance, is
| a big part of income for manufacturers of heavy equipment,
| as such machines run for a loong time given parts and
| maintenance. To me they really did not want to lose on
| 'subscription money' in the form of service contracts they
| missed out on. It came close to the operator coming back to
| them to fix the trains 3rd party seemingly couldn't.
| tensility wrote:
| Vendor lock-in for maintenance has massive financial
| incentive, as was relatively clear in the article, even
| going so far as to cite some explicit numbers that are
| relatively big money when projected across the scale of an
| entire fleet.
| albumen wrote:
| The manufacturer lost the bidding process, so quite
| reasonably (if you look at it in a limited fashion) said
| "Fine, let SLS do the work, you're on your own".
|
| Arsehole-ish, but not illegal. All the hidden lockouts on the
| other hand....
| dalore wrote:
| They knew that SLS would not be able to do it.
| 93po wrote:
| I don't think it's assholeish for someone who's not getting
| compensated in any way to not help out. It's a business.
| They have an active incentive to NOT help.
| yetihehe wrote:
| It's not about "not wanting to help". It's about placing
| logic bombs of "if vehicle is at this gps coordinates of
| a competitor, engage self-destruct". Hackers actually did
| extract such coordinates from train firmware.
| 93po wrote:
| unless we have the entirety of the context for this code
| and the 20,000 pages of service manuals, i do not accept
| at face value that it's this simple
| jacquesm wrote:
| Any kind of GPS coordinates, especially those of
| competitor facilities in the firmware of a train is proof
| positive that something really bad is going on.
|
| Context and manuals are just so much smoke and fail to
| obscure the facts.
| korhojoa wrote:
| Considering that the situation this was named after had
| _very_ specific timing, state and sensor values coded in
| a defeat device, I'd say that having the mapped the gps
| coordinates of your competitors im the firmware of your
| product is pretty damning.
|
| Nevermind the poorly executed "if day => 21, month => 11,
| year => 2021", which was conveniently setting a failure
| which wasn't actually present.
|
| It'a probably not that simple, but it's not that
| complicated either. If you make something engineered to
| fail without there being a failure present, that's clear
| malice.
|
| Imagine buying a car, you own it until the warranty runs
| out and the the manufacturer's workshop moves (say there
| was a fire/flood/sinkhole/industrial disaster, and they
| had to) and the car would refuse to move since it's not
| being serviced at the official location anymore.
| 93po wrote:
| There's literally a hundred reasons why code like that
| could exist. My point is there is probably another
| hundred thousand lines of code and we have no idea how
| the few lines we see are being used.
| tensility wrote:
| The hidden lockouts containing GPS coordinates of
| competitors' repair facilities should be more than enough
| to establish criminal intent (in my armchair non-lawyer
| opinion).
| NoMoreNicksLeft wrote:
| Considering that the "sabotage" was intended to bring the
| company extra revenue by having non-faulty parts replaced and
| by requiring maintenance to be carried out by them and never
| third parties, it aligns with the company's own interests too
| much so to say "some employee did this without authorization".
|
| "Deliberate by manufacturer" 100%.
|
| The scarier part is that had this happened in the United
| States, DMCA would likely have protected them from prosecution,
| and the government might be liable for damages.
| formerly_proven wrote:
| Dieselgate isn't a good comparison because in Dieselgate the
| equipment functioned normally from the user's point of view.
| sgt101 wrote:
| I think it is because the equipment changed dependent on
| context. In Dieselgate the cars changed their engine management
| when they got into a test cycle...
| yetihehe wrote:
| Dieselgate was about cheating environment sensors. This is
| more like DeereGate, locking out external service shops but
| even when you are supposed by law to allow them service (and
| even after providing them 20k page service manuals which they
| are supposed to follow to make appropriate service, but you
| lock them out anyway).
| ZeroGravitas wrote:
| From my reading, they also seem to have seeded apparently
| random failures into the product, with a hidden reset key
| combo, even for those using them as support. Possibly to
| make themselves look good (our products may break randomly,
| but at least we fixed the "problem" quickly) going into the
| tendering process for support.
| bauble wrote:
| I thought it was a good reference. In both cases, the
| manufacturer placed illicit, hidden code that that could (and
| probably should) get it in trouble with the law.
| steve1977 wrote:
| And under test it even performed "too well"
| goodpoint wrote:
| functioned normally? Intoxicating people with fumes is hardly
| what the user wants.
| yetihehe wrote:
| Some car users even do special modifications for "rolling
| coal", so that they can intoxicate _other_ people with fumes.
| codewiz wrote:
| Dupe: https://news.ycombinator.com/item?id=38558120
| Tomte wrote:
| No, it isn't. Six points with no comments don't count as
| already discussed.
| codewiz wrote:
| But why wasn't the new submission merged with the existing
| one? The urls are identical.
| HackerThemAll wrote:
| In a properly functioning country the responsible persons should
| already be imprisoned. Some governmental agencies were aware of
| that for at least half a year, but failed to act. The fact that
| source code was not immediately dumped and analyzed is the
| evidence of malevolence, corruption and intentionally putting
| people's lives at risk.
|
| Welcome to the dark side of Poland - where citizens don't matter.
| yard2010 wrote:
| Corruption is not just the dark side of Poland, but the entire
| west IMHO
| xbar wrote:
| The other 3 directions are corruption-free?
| gattilorenz wrote:
| can't speak for the other continents but there is very
| little corruption in Antarctica, so I guess if you go South
| enough, it is actually better
| konschubert wrote:
| The west is the least corrupt part of the world.
|
| https://en.wikipedia.org/wiki/Corruption_Perceptions_Index#/.
| ..
| ddoice wrote:
| perception != reality
| hk__2 wrote:
| Perception is a proxy for reality, given that you can't
| measure the latter.
| bmacho wrote:
| There are reasons for why we can assume that the west is
| the least corrupt area of the whole world.
| H8crilA wrote:
| It baffles me that people don't realize just how bad it is
| in non democratic countries. Russia has FSB extorting shop
| owners for protection money, and even an occasional
| assassination is nothing particularly interesting there.
| Chinese companies have party cells in management. Venezuela
| or many African countries need to hire foreign contractors
| (sometimes Western :) ) so that their heads of state and
| other VIPs do not get killed by their coworkers. The Red
| Sea has actual pirates. Lebanon failed to remove kilotons
| of explosive ammonia nitrate for years, until it eventually
| blew up the capital. I could go on and on, but you can see
| how this compares to "train company bricked a train and
| it's a major scandal".
| waffleiron wrote:
| Note from that wikipedia article
|
| >The Index only measures public sector corruption, ignoring
| the private sector. This, for instance, means the well-
| publicized Libor scandal, Odebrecht case and the VW
| emissions scandal are not counted as corrupt actions.
| konschubert wrote:
| Because corruption is when state power is abused. When
| private companies do illegal shit it's just a crime.
| waffleiron wrote:
| There is no requirement for it to be "state" power,
| please look up the definition.
| konschubert wrote:
| Okay, whatever. Pretty sure they private sector
| corruption isn't worse in the west than in other parts of
| the world but if you want to disagree I won't be able to
| change your mind
| master-lincoln wrote:
| I wanted to get numbers on this, but naturally it's not
| feasible to get accurate numbers on corruption happening. I
| found the Corruption Perceptions Index which seems to be the
| closest we have in quantization. By measuring perceptions of
| corruption, as opposed to corruption itself, the Index may
| simply be reinforcing existing stereotypes and cliches
| though.
|
| But according to their results the "west" has the least
| perceived corruption.
|
| https://en.wikipedia.org/wiki/Corruption_Perceptions_Index
| gpvos wrote:
| Yes, the west is corrupt. The rest is worse though, and less
| ashamed of it.
| h2odragon wrote:
| "the responsible persons" ... hmmm. Who would that be?
|
| The programmer who implemented the code? Do you think they
| thunk these tricks up? They was just following orders.
|
| The manager of the programming team, who set these tricks as
| things that needed to be implemented? Again, just following
| orders.
|
| The "Cxx" Title people who directed that there be "some
| protection" in some way that got implemented as what we see?
| Did they specify these measures? Did they say "it should break
| if serviced by a competitor?" Unlikely. Thye wouldn't know
| _how_ to be that specific, probably.
|
| Some middle manager, maybe a committee meeting, sketched out a
| "DRM" scheme with the specifics? What do you imagine that
| meeting looked like? "We've got a directive to secure the
| systems from outside tampering, what does that mean in terms of
| how the machine behaves?" Or does that bring us back down to
| the engineers again?
|
| ... the responsible part here isn't a person, its the company
| as a whole. Just as it took the collective efforts of everyone
| to make the train, it took their collective efforts to make it
| _wrong_.
|
| Corporate Death Penalty; perhaps. make it plain that we will no
| longer tolerate sill shenanigans like this.
| hk__2 wrote:
| > They was just following orders.
|
| In itself that's not enough to be considered innocent.
| ponector wrote:
| Everyone in FTX except SBF should be innocents then. They was
| just following orders.
| robryk wrote:
| That would be at least everyone knowingly involved with who
| is a professional engineer.
| machiaweliczny wrote:
| IMO responsible is enginer and everyone up management chain +
| possibly peers if engineer part of a team. And those people
| should have a trial.
| krisoft wrote:
| > "the responsible persons" ... hmmm. Who would that be?
|
| But that is the thing. We do not know who is responsible
| without an investigation.
|
| We don't need to guess. The local responsible agency should
| get a warrant and take a copy of their code repo and their
| internal comms. And then they need to spend the time (call in
| experts if needed) to figure out what happened and who was
| involved.
|
| If it is normal code development you can find all the
| paperwork which documents the change. If they tried to
| disguise it, (which they might have, or might not) then that
| is some maffioso stuff and you take the tools police use to
| break up organised crime groups. You take a low level person
| who you can incriminate and you flip them. You show them that
| you have enough to send them to a prison for years and offer
| them the opportunity to cooperate.
| lainga wrote:
| > Again, just following orders.
|
| I seem to recall there was a trial in the forties of some
| relevance to Poland about this sort of thing.
| jakozaur wrote:
| Well, justice takes time and this is a complex novel case. I
| would rather have a system that is right than prematurely put
| innocent behind bars. However, if the allegations turn out to
| be true, which seems to have a decent probability, they could
| charge them with a criminal offence.
|
| There is Article 254a in the Polish Penal Code. If you obstruct
| critical elements of infrastructure such as trains, you can
| face between 6 months to 8 years in prison.
| lqet wrote:
| My impression is that the quality of train firmware is generally
| not very good, and I hope that this scandal will lead to greater
| scrutiny. 3 years ago, Deutsche Bahn publicly complained of
| "grotesque" software problems with newly delivered Bombardier
| trains. For example, when train drivers changed the direction of
| travel, the train software would crash. It then took 1 hour to
| boot the train up again [0]. Switzerland had similar problems in
| 2018 [1].
|
| As a computer scientist, I find this embarrassing. Just compare
| these modern trains to the old trains built in East Germany [2]
| during the 80ies that were pulling old West German carriages [3]
| from the 50ies here until recently. Minimal or no usage of
| digital electronics. No "boot times". They just worked. And if
| they didn't, the train driver usually knew where to hit the
| engine with a hammer to fix it. You cannot expect a train driver
| to hack into the train firmware and fire up gdb to find out why
| it doesn't move.
|
| [0] https://www.sueddeutsche.de/wirtschaft/deutsche-bahn-
| ic-1.47...
|
| [1] https://bahnblogstelle.com/33872/twindexx-swiss-express-
| soft...
|
| [2] https://de.wikipedia.org/wiki/DR-Baureihe_243
|
| [3] https://de.wikipedia.org/wiki/N-Wagen
| twisteriffic wrote:
| Bad software is a symptom, not the cause.
| martijnvds wrote:
| What is the cause then?
| chongli wrote:
| Bad culture that views software as a necessary evil or
| afterthought rather than an important part of the product.
| flir wrote:
| Same as industrial design then. You get the occasional
| Braun, Herman Miller or Apple, and a vast number of
| nondescript silver/beige/black boxes.
|
| It's probably true of lots of aspects of product design -
| if it's not driven from the top, it's mediocre.
| chongli wrote:
| Yeah, unless the engineers are using the product
| themselves. People in general seem to take care of their
| own tools. Much harder to get them to look after a
| product they don't use themselves.
| TeMPOraL wrote:
| Here it's more like the software - _any software_ - is a
| _problem_. I agree with GP, and my experience confirms that
| adding software to something that used to work without it
| almost universally makes it worse in every aspect,
| understandability and repairability being just two major
| ones. On top of that, taking anything that run on old-school
| industrial /embedded firmware and replacing that with
| _software using modern practices and stacks_ of the software
| industry, _100% makes the product go to shit_.
| twisteriffic wrote:
| That again is a problem of leadership and not of software.
| hulitu wrote:
| > That again is a problem of leadership and not of
| software.
|
| SW has an input problem and a testability problem. On one
| hand, the inputs to the SW are not limited (iMessage
| happily accepts any image file) and testing is limited to
| some known inputs. Software vulnerability assesment
| (worst case analysis) is usually performed outside of the
| development process at very high costs and limited
| outcome.
| Nasrudith wrote:
| The conversion is pretty much fundamentally corner-cutting
| of some sort or another. The digital equivalent is usually
| a micro-controller worth a few cents replacing dollars of
| bespoke-by-comparison (due to smaller economies of scale)
| hardware cost. The goal for the exercise is almost always
| "good enough" instead of trying to best the existing State
| Of The Art. Power usage I think tends to be one of the few
| aspects usually improved via digitization.
| galangalalgol wrote:
| I think the compensation given to software developers by
| companies that view software as their product has drawn many of
| the skilled software developers away from jobs that would have
| once grabbed them because of the fun factor. Companies that
| make things that _contain_ software are not in markets prepared
| to pay 2 and 3 times what they were for software. What you are
| left with is people who are willing to accept that fun factor
| as the difference in TC, and people who couldn 't get jobs that
| paid more. These are the people we have making most of our
| safety critical systems. Go look at software developer
| compensation at X vs spaceX. That is the market at work. Fun
| does count as TC, but you also end up with people who aren't
| good developers pivoting to engineer new processes and tools in
| these domains. They latch on to whatever fad full stack is just
| getting over a case of, and try to apply it to train firmware.
| It wouldn't surprise me to find out they are all about
| scrumfall and have 10x more text in jira than git. And they
| have restful apis, or service oriented architecture in a safety
| critical embedded system.
| ponector wrote:
| That is true. You can get few times more money as regular
| Spring Java developer making CRUD in some bodyshop than
| writing industrial software for local Polish company.
| goodpoint wrote:
| Facebook, Amazon, Netflix, Google, Twitter are not selling
| software but they are able to attract a lot of skilled
| developers
| ponector wrote:
| They all are selling software, with SaaS model.
|
| You can compare this situation with Boeing. And issues they
| had with software of 737max.
| notyofriend wrote:
| I think you are correct. Because the pay is so miserable the
| talent pool is mostly vba developing engineers from inside
| the company. Because of that they can't hire good technical
| leads that know or can enforce good practices or design good
| architecture. The result is a giant mess of software in
| trains planes and automobiles
| hulitu wrote:
| > Companies that make things that contain software are not in
| markets prepared to pay 2 and 3 times what they were for
| software
|
| The quality of SW has nothing to do with the pay. Notice that
| FAANG SW developers do not deliver safety critical SW.
|
| There are more things to SW development than writing code.
| tensility wrote:
| Some of the problems here might have been logic problems by
| inept coders; however, the underlying theme of this scandal
| is corrupt management. Even the erroneous code was an
| explicit piece of fraud that almost certainly was done under
| order by someone in the management chain.
| sheepshear wrote:
| Speaking from experience in vehicle firmware, the controller
| component belongs to a separate profession.
| soco wrote:
| You could say that about most software where the fresher the
| framework the more glaring the holes - here's a recent post
| about it: "Software disenchantment"
| https://tonsky.me/blog/disenchantment/
| Log_out_ wrote:
| Because this software is not made by software engineers, it's
| made by plc programmers, electric circuit designers and whoever
| did drift into the field.
|
| Except for beckhoff to tc3 they haven't made it to object
| orientation yet, so the field is stuck as a whole in the blue
| screen mines of yore. Managing complexity with thin standard
| docs, no version control while the machines grow ever more
| complex sensor and actuator wise..
|
| You can not treat modern machines like small embedded hobby
| devices - but the industry does.
|
| Some outside-programmers make good money coming in and solving
| these yesterday's problems with proper software architecture
| and good c development practices. But the industries doesn't
| learn from this. Making software will forever not be a
| profession for them.
| wsc981 wrote:
| _> ... they haven 't made it to object orientation yet, ..._
|
| Not always a blessing and I've actually recently been
| thinking (e.g. in context of Lua) if object orientation is in
| most situations not better to avoid.
| danhor wrote:
| I'm not sure if you've ever used modern software. It's
| sometimes amazing just how unreliable it is. Web browsers
| crash every few weeks, windows is known for regularly needing
| a reboot, evince regularly crashes on me, you can't call 911
| with some of cell phones, ... . This reminds me of
| https://danluu.com/everything-is-broken/ .
|
| The clearest example of the difference of reliability is
| looking at public digital signage (on transit and elsewhere).
| If it's based on LED segments or something similarly basic
| (with old-school embedded software development) it will
| basically always work. New LCD Screens inside trains/busses
| and outside working with a modern software setup (using an
| OS, often with a pc architecture, quite often just displaying
| a website) are broken ~10%-20% of the time. Looking at (for
| example) busses, a large portion of the time the screen will
| either be blank, not display anything, old information or
| just wrong information. Going inside fast food restaurants
| with large LCDs for the menu, often something is broken,
| frozen or something else.
|
| It is of course possible to make modern software more
| reliable. It's just much, much harder than making embedded
| software or PLC programming reliable. Software can be easily
| made more complex, but it's hard to make it non-complex or to
| wrap the complexity so it isn't an issue anymore. The
| ecosystem isn't set up for non-complexity.
| trealira wrote:
| I think to make software more reliable, you'd have to go
| back to the "waterfall" method of development.
|
| If we went back to Dijkstra's notion of correctness by
| construction, then a specification for the program would be
| made, and then a programmer would prove their part of the
| code correct to the specification. They would write the
| precondition and postcondition of every effectful
| statement, document the invariant of every loop, and prove
| by induction that each loop does what it's supposed to do.
| Basically, annotate your program with Hiare triples. (There
| are books about how to do this). Then, extensive tests
| should be run for as much of rhe program as possible.
|
| Nowadays, we have tools for this so that we don't actually
| have to write a proof by induction for every loop; instead,
| we have bounded model checkers. In theory, the manual proof
| writing could be isolated to the parts of the program whose
| properties a bounded model checker cannot verify.
|
| However, it seems like this whole plan is infeasible unless
| regulations are written that enforce this onto the
| industry. It would make them a lot less productive, and
| therefore less profitable. The only benefit would be that
| software is more reliable. By necessity, it would _have_ to
| become simpler, too. For instance, there 's absolutely no
| way that web browsers like Chromium, with 38 million lines
| of code, will ever be verified, because they're too large
| and complex.
| SoftTalker wrote:
| Such regulations exist for avionics and aerospace. They
| were written in blood.
| SoftTalker wrote:
| Yep, I don't eat fast food nearly as much as I used to but
| whenever I go in to a place with self-service ordering
| "kiosks" one or more of the kiosks is often out of service
| or frozen up, sometimes with a Windows error screen, or
| just stuck in a reboot loop, or it randomly resets in the
| middle of entering an order.
| miki123211 wrote:
| There are trains (Polish ones, funnily enough) that will
| happily show you the "choose the location of this network"
| dialog from Windows7 on their passenger information screen.
| mr337 wrote:
| 100% agree with this. IMO there are a few efforts to
| modernize PLC programming but I feel like they are still
| stuck in the 1990s software development. Take a look at
| Codesys, got Git support few years ago and in very bad shape.
| How do you test your code, in the field or buy another
| Codesys testing plugin....which is in rough shape.
|
| The issue is as machines get way more complex this issue gets
| worse. Also there are generations of PLC devs that still want
| to stick with ladder logic. Huge fragmentation.
| hulitu wrote:
| > Because this software is not made by software engineers,
| it's made by plc programmers, electric circuit designers and
| whoever did drift into the field.
|
| There are more "engineers" writing software for your car or a
| train than "engineers" at Microsoft, Google, Apple or
| Facebook.
|
| I don't think that someone will be happy when driving with
| 100 km/h on a highway, the car will suddenly decide to
| restart itself. There are bugs everywhere where profits are
| put before engineering but calling those people names is not
| constructive. Especially when they use SW created by
| "engineers" which crash with no apparent reason when they are
| doing their work.
| ewweezdsd wrote:
| Sometimes low-tech is just better. Here in Finland we got Sr1
| electric trains from the Soviet Union in the 70's, and after
| some renovations the model is likely to stay in use at least
| until 2030.
| notyofriend wrote:
| Simply of old designs is often a blessing as long as the
| drawing and documentation is readable and good. It can be
| hard to get replacement electronics for 1970s designs so
| sometimes you have to design new components but the
| functionality was relatively simple back then so it's
| possible to build a 1:1 replacement
| korhojoa wrote:
| They've actually been modernized with newer power
| electronics and some of the soviet oversights have been
| addressed. They're still very reliable, and now somewhat
| more efficient.
| notyofriend wrote:
| Old electronics of that era could be drawn by a simple
| schematic and usually only performed one or 2 functions.
| That makes designing a drop in replacement very easy.
| leemailll wrote:
| I don't think fixing the software failure will improve DB's
| punctuality
| foobarian wrote:
| > No "boot times". They just worked
|
| Haha wait until you find out how TVs worked in the 70s and how
| fast it was to change the channel *sob*
| TeMPOraL wrote:
| Even in the 90s, you could just _power it on_ and it would
| _show image_ near-instantly. Warm-up time and channel switch
| time were all firmly under one second. With the exception of
| cable TV set-top boxes, which were separate devices and first
| to include the ridiculous boot times and delays, that _still_
| would seem blazingly fast compared to what we have today...
| SoftTalker wrote:
| Go back in time a little more and there was definitely
| "warm up" time for electonics. Tubes had to get up to
| operating temp, etc. When I was a kid I remember turning on
| the TV about ten minutes before my dad got home so it would
| be warmed up and ready for him to watch the evening news.
| berniedurfee wrote:
| The immediacy of analog is so nice compared to the constant
| lag of software.
|
| Audio effects and synthesizers all have software driven
| versions that sound effectively identical to analog and are
| typically cheaper. Yet, analog has been hanging on due to the
| simplicity and immediacy.
| danhor wrote:
| That is also my impression as well. The softwareization of
| trains has led to deep regressions in both basic reliability
| and interoperability/flexilibity. Many modern trains suffer
| from software issues for basic driving [0] and delays when
| getting the software approved [1]. But the loss of
| compatability is in my opinion the worst regression. Modern
| EMUs basically only work together with other EMUs of the same
| batch. Even the same model ordered by two different companies
| often don't work together and basically forget about trying to
| use EMUs of different companies or ordered over a decade apart
| together. Meanwhile pre-digital everything it was common to use
| e.g. trams of different generations together and rewire them to
| work with each other. Older train cars work together without
| issues, good luck trying to use an IC2 and a Railjet together
| (or a RailJet and ICE-L). Even certain locomotives and train
| cars would often only work with each other.
|
| It is way harder for different computerized systems to work
| together due to the higher complexity and more obfuscation (a
| traditional logic circuitboard is often easily reverse
| engineered. Reverse engineering software is a very specialized
| task). This is also very noticeable in other sectors, where
| interoperability has become much worse due to moving to
| proprietary digital protocols.
|
| This is in part due to the difficulty in getting software
| approved as compared to previous tech (due to software being so
| intransparent) but also because of truly lacking quality. One
| of the reasons Bombardier was so deep in trouble was bad
| software, even leading to a contract of over 40 ordered trains
| just being cancelled ([2]).
|
| In my opinion building reliable (and understandable) software
| is way harder than building logic or even mechanical systems. I
| don't know what the solution is, but it's been a problem for a
| long time.
|
| [0]:
| https://www.vrt.be/vrtnws/de/2013/02/12/belgische_bahn_storn...
| [1]: https://www.augsburger-allgemeine.de/augsburg/Neue-Zuege-
| auf... [2]:
| https://de.wikipedia.org/wiki/Bombardier_Talent_3#%C3%96BB
| tensility wrote:
| Except that this isn't really a story about poorly written
| software; it's a story about corrupt management. Further, if
| we look at Boeing's recent issues with the 737Max, it's the
| same thing. In both of these cases, the bad software was
| almost certainly ordered to be written by management acting
| fraudulently for profit. The one error that has been
| discussed in the article was a stupid mistake, quite possibly
| due to the logic conditions being made overly complicated in
| order to enable the fraud, but the recurrent theme of all of
| the real underlying issues found was intentional design
| malfeasance, not incompetence.
| hnthrowaway0315 wrote:
| In the case of Bombardier, I suspect contracting also
| contributes to the problem. The same for financial
| institutions.
| sofixa wrote:
| > Minimal or no usage of digital electronics
|
| Everyone in this thread seems to be forgetting that those might
| be useful and not just fancy toys. I prefer trains that have
| digital signage indicating their location, and connections at
| the next station. Higher level of automation in trains (e.g.
| Communications-based train control) also _drastically_
| increases efficiencies in speed and scheduling, allowing more
| trains on the same tracks, and minimises time wasted waiting or
| accelerating /decelerating needlessly.
|
| The problem is poorly implemented software, not the existence
| of software.
| ZeroGravitas wrote:
| Great advert for free and open source software.
|
| As with dieselgate, this suggests you basically cannot trust
| anything containing software. Can't trust it to follow
| regulations. Can't trust it to do its job.
|
| Can't trust the software. Can't trust the institutions that write
| the software.
|
| All very "late stage capitalist software development".
| kibwen wrote:
| Hell, even if governments are squeamish about requiring code to
| be fully open and public, they can still require the
| manufacturers to privately submit to the government all code
| that powers public infrastructure (like trains), to be made
| available to any relevant party upon request.
| nielsole wrote:
| code escrow in general should be much more common.
| rlpb wrote:
| An organisation that is prepared to write "sabotage" software
| would have no problem deploying software that is different to
| the software they submit.
| bmacho wrote:
| Compile the code yourself?
| mordae wrote:
| Right. Mandate that the software is delivered with CI
| pipeline running in the client's environment with 100%
| reproducible builds and verify checksums.
| Ygg2 wrote:
| Implying that's an impossible obstacle. Reproducibility is
| a thing.
|
| Make it so code needs to be reproducibly buildable. Only
| reproducibly buildable artifacts can be deployed on
| hardware. Document the whole process.
| redman25 wrote:
| Doesn't mean it's not a step in the right direction. Any
| transparency is better than zero.
| gryn wrote:
| then you just need to bribe the code reviewer(s). open source
| is still the better answer, good luck bribing every member of
| the public who could potentially read public code.
| goodpoint wrote:
| That would work only on paper. The financial interests
| involved are huge.
| tremon wrote:
| All the more reason for governments to insist.
| landemva wrote:
| > can still require the manufacturers to privately submit to
| the government all code
|
| I wonder if companies purchasing trains could put code
| disclosure in the purchase contract? I wonder if, in
| aggregate, train purchasers or car purchasers could fund an
| independent code storage vault and pay a small premium to
| fund that code vault organization?
|
| In other words, if purchasers wanted this and valued this,
| they would demand it in purchase contracts and fund it.
| 2rsf wrote:
| I'm all for free and open source software, but what would you
| suggest here? That train operators will download code from the
| internet and install it on their trains?
| hgomersall wrote:
| Clearly not. A reasonable expectation might be though that if
| you want to sell your multi million pound products to a
| captive public sector, you have to publish all the source
| code and the means to build the binaries.
| mordae wrote:
| Yes. Once it's signed by somebody accredited to review it for
| safe train use.
| achileas wrote:
| Open source means just that - it doesn't imply one sort of
| distribution mechanism over others.
| goodpoint wrote:
| The same way technical diagrams for roads, bridges and other
| public infrastructure are public.
|
| In most OECD countries food needs to be labelled with a full
| list of ingredients.
|
| Your GP can read scientific papers about the efficacy and
| risks of a new treatment.
|
| (Yes, many papers are paywalled but that's irrelevant
| compared to secrecy)
| shpx wrote:
| It doesn't actually need to be open source. If they published
| binaries that would be enough to analyze.
| cedilla wrote:
| It's one thing to implement a secret handshake and underdocument
| some procedures to make your competitors look incompetent, but
| actively breaking your product when it's in your competitor's
| shop - that reqires some chutzpah.
| amelius wrote:
| https://news.ycombinator.com/item?id=38345858
| sertbdfgbnfgsd wrote:
| Exactly what I immediately thought of as well.
| chronicsonic wrote:
| That wasn't intentional though.
| gunapologist99 wrote:
| Totally unintentional, I'm sure.
| mavamaarten wrote:
| Ooooops! Somebody put this delay here tooooootally by
| accident and nobody noticed it when shipping to production!
| Silly devs!
| sertbdfgbnfgsd wrote:
| Exactly, like that time they slowed down only chrome and
| every other browser was still fast. Oh wait that never ever
| happened.
| Piskvorrr wrote:
| *provable, you mean
| KptMarchewa wrote:
| Google fucks up Firefox experience so often. For a company
| that large, both intentionally doing it and ignorance (eg.
| not testing on Firefox) is actually malice. Pretty much
| only company that has this problem.
|
| Go check out GCP web UI on Firefox and tell me it's not
| intentional.
| snvzz wrote:
| Nevermind malware, not using seL4 should already be a crime in
| this context.
| aneutron wrote:
| We have rovers on Mars and satellites and probably nuclear
| warheads using RTOS of all kinds and in cases even Linux, but
| sure seL4 is the only OS conceivable for those cases, obviously
| !
|
| This is a case of fraud, industrial malfeasance and just plain
| dishonesty. The software component of the story and its
| security measures are not even at play. Sure they are probably
| shit (given the date parsing ...) but even FreeRTOS would make
| an amazing OS *IF USED PROPERLY *.
| snvzz wrote:
| >using RTOS of all kinds and in cases even Linux
|
| Absolutely, and thus there's obvious room for improvement.
|
| >This is a case of fraud, industrial malfeasance and just
| plain dishonesty.
|
| In practice, this amounts to critical infrastructure
| sabotage, which fits into terrorism.
|
| If the train network experiences issues, the whole country is
| impacted.
| yjftsjthsd-h wrote:
| That seems totally orthogonal; seL4 can run a program that
| checks GPS and sabotages the system just like anything else.
| DrNosferatu wrote:
| Seems like deliberate sabotage via software to force the costumer
| to buy the manufacturer's services instead of 3rd party (cheaper)
| ones.
|
| Curious to see the court's decision.
| klabb3 wrote:
| There's no question that it's sabotage. The only thing left to
| prove is the culprit, which is with 99% the manufacturer
| (motive, means, opportunity) but obviously need to be
| established in a court who is responsible and criminally
| culpable.
|
| The fact that lawmakers, courts and the public are lost in the
| tech is a problem, but surely this crime can be fitted into
| existing criminal code against sabotage... although the methods
| are "new" the crime itself is classic.
| dexterdog wrote:
| "Lawlessness is the condition in which your adversary refers
| you to a law he made."
| jancsika wrote:
| It's almost like you found a lossy encoding for discussing
| governance.
|
| For example, both the NYC taxi medallion system and
| warlords controlling a city in a failed state would get
| input as "lawlessness" in your encoding.
|
| But then if I ask what is the quality of life in each
| instance, I can't get that answer because there aren't bits
| in your encoding for that.
| dzdt wrote:
| Its insane how brazen this is. Code that 'bricks' the train
| locomotive if its gps coordinates remain with bounds of a
| competing repair facility for more than ten days! This is way
| beyond putting information barriers to repair, like undocumented
| interfaces or even crypto-signed firmware. This is actively
| malicious destruction of property. I don't know anything about
| the legal system in Poland, but I can't imagine how this gets by.
| toomuchtodo wrote:
| If an individual did this, they'd go to prison.
| throwbadubadu wrote:
| And if it is a big or even state company we need to save and
| ensure workplaces, or "hello dear lobbyist with that big
| suitcase!" :D
| mcv wrote:
| Companies are made up of individuals. I'm all for holding
| everybody who contributed to this malware accountable.
| praptak wrote:
| I don't believe the Polish judicial systems has experience
| in dealing with corporate crime, especially of the tech-
| related kind. I'm a bit afraid of disappointment here.
| Piskvorrr wrote:
| Does it have experience in dealing with...sabotage?
| Specifically, a country that has a war on its eastern
| doorstep?
|
| I mean - how is "let's mess with something on purpose so
| that trains won't run" NOT sabotage, since such time as
| railways exist?
| matkoniecz wrote:
| No, we do not have. Sabotage is rare to nonexisting and
| cases in past were rare and of "teenager builds device to
| control switch on tram tracks, derails tram for fun"
| type.
| ARandomerDude wrote:
| Wait, what? You don't think a country with a population
| of 41M has experience with corporate crime?
| praptak wrote:
| 38M and no, not this kind of corporate crime. Plain
| financial fraud - sure. This case is much more
| complicated though.
| dexterdog wrote:
| Unfortunately that is why fall guys were invented. I never
| liked the idea of punishing a company based on their
| revenue, but in this kind of case that is the only way to
| get the actual owners of the company to listen and punish
| the people actually responsible.
| mhh__ wrote:
| You could very seriously start a war by doing things like
| this.
| hulitu wrote:
| It's funny how, in the western world, as a company, you can
| commit crimes and take a pat on the wrist, but, as an
| individual, you get to jail for the same crimes.
| bee_rider wrote:
| Sadly, the general populace didn't hire lobbyists to
| represent them. Our representatives were supposed to be
| built into the system, but that unfortunately made them
| part of the game, rather than some of the players.
| WesolyKubeczek wrote:
| Can't you create an NGO that will collectively represent
| and lobby on behalf of the group, hiring lobbyists from
| membership fees and other fundraisers? Holy hell, maybe
| create a political party?
| bee_rider wrote:
| Me personally? No, I don't think I have the connections,
| patience, or talent for that. If I did I'd probably do it
| for a big company instead, they pay better than "we the
| people," I think.
| vagrantJin wrote:
| or once you have enough money to not care about it as
| much , you can focus on "we the people" but I doubt thats
| likely .
| lostlogin wrote:
| It's simpler than that. A rich company or individual can
| often avoid jail. A poor company can just fold. It's the
| poor individuals who suffer.
| read_if_gay_ wrote:
| rules for thee but not for me is not a western invention
| db48x wrote:
| No, they would not. It would be entirely a civil matter that
| would be resolved in litigation.
| masfuerte wrote:
| A contractor in the UK put a time-lock in the software he
| was contracted to write because he was concerned about non-
| payment. He didn't get paid and the software duly stopped
| working. He was successfully prosecuted under the Computer
| Misuse Act. He had some justification (unlike the Polish
| train manufacturer) but it didn't help him avoid
| prosecution. I've no idea what the law in Poland says.
| jakozaur wrote:
| Article 254a of the Polish Penal Code addresses the
| obstruction of railway operations and other critical
| infrastructure. Violating this law can result in a prison
| sentence ranging from 6 months to 8 years.
|
| It doesn't matter whether the act was committed as part of a
| company's operations or as an individual's private endeavour.
|
| To all software engineers: please refrain from engaging in
| criminal activities. If you are instructed to do something
| illegal, it is important to report it to the relevant
| authorities.
| blowski wrote:
| > Dear software engineers, please do not commit a crime
|
| Yes, developers shouldn't knowingly write code to commit
| crime, but developers don't tend to receive instructions
| that directly. Unsurprisingly, the company doesn't mention
| to every employee that they are knowingly breaking the law.
|
| Instead, developers receive a request to build a feature,
| and it typically won't be at all obvious that the intended
| use of that feature is to commit a crime. There might even
| be a legitimate use of the feature, and then someone finds
| it can be abused to commit a crime.
| upwardbound wrote:
| Sometimes it may not be obvious but the feature still
| might seem super suspicious. For example, suppose that
| the malware discussed in this article was broken down
| into two sub-features assigned to different people:
| geofencing detection, and bricking the train. The person
| writing the "bricking the train" part should have
| realized that there is practically no legitimate reason
| for that code to be written, and if they ask their
| manager for a reason and are told "don't worry about why,
| just write the code", they should report this suspicious
| activity to law enforcement. There are many reasons that
| law enforcement would want to know, including that the
| engineer's manager might not even be acting in the
| company's own interests but might have taken a bribe from
| a hostile foreign power.
| blowski wrote:
| > The person writing the "bricking the train" part should
| have realized that there is practically no legitimate
| reason for that code to be written
|
| Hey Janusz, can you build a safety feature that prevents
| the train from operating under certain conditions. We
| don't know all the conditions yet, so leave it flexible.
| upwardbound wrote:
| Even so, wouldn't someone still have to write either an
| if-then statement, or a database entry, to connect the
| geofencing capability to the bricking capability? Even if
| that was only a single line of code or SQL, it seems like
| a smoking gun and whoever did it can't possibly plead
| ignorance. No one who can operate a keyboard is that
| dumb.
| TomaszZielinski wrote:
| OK, let's try how it goes:
|
| Hey Czeslaw, I cannot leave it flexible, because it's a
| train that can run over 100km/h with 500 passengers
| inside, so I need to know the details to perform the
| required safety analysis. All in all, my name will be in
| the commit log if someone runs... git blame.
| upwardbound wrote:
| I think jakozaur is correct, and don't know why they're
| being downvoted. Here is the legal statute they are
| referencing: Art. 254a. Disruption of a
| network; damage. Anyone who takes, destroys, damages or
| renders unfit for use an element of a water supply, sewage,
| heating, electricity, gas or telecommunications network, or
| a railway, tramway, trolley bus or metro line, thereby
| causing a disturbance in the operation of all or part of
| such network or line, is liable to imprisonment for six
| months to eight years.
|
| Source:
| https://supertrans2014.files.wordpress.com/2014/06/the-
| crimi... page 32
|
| I certainly think that this malware meets the criteria set
| forth in that law: "renders unfit for use an element of ...
| a railway ... , thereby causing a disturbance in the
| operation of all or part of such network or line".
|
| Seems pretty cut & dry to me. I hope some people face real
| jail time for this. As another comment mentioned, it will
| probably be a "fall guy" (perhaps a middle manager) but
| that will still deter future managers from authorizing such
| fraud, even if the orders come from above. Future managers
| might reject such orders since it's not worth jail time.
| mike_hock wrote:
| Deter middle managers from what? Implementing shady
| business practices that skirt the edge of legality?
| That's day-to-day business, the only way to avoid that
| would be to quit. Sure, no one would commit _this exact
| offense_ again, but (a) the practice will (would, if any
| conviction actually happens, big if) be changed just
| enough to make it legally ambiguous again, and (b) the
| law would probably be changed to _make_ it legal.
| upwardbound wrote:
| There's a third option, which is: to _not quit_ , but
| fight back against legal-but-immoral practices from
| within the corporation.
|
| Have you seen The Incredibles (pixar film). This scene is
| exactly what I'm talking about:
|
| https://www.youtube.com/watch?v=O_VMXa9k5KU
| mike_hock wrote:
| Yes, you might get the odd Schindler every now and then
| who tries to do just that, but most are probably in it
| for the money and not to fight some uphill battle.
| upwardbound wrote:
| https://en.wikipedia.org/wiki/Oskar_Schindler
| tensility wrote:
| Let's repeat this one for the parts of the peanut gallery
| harping on irrelevant issues such as whether object
| orientation was part of the design methodology or SEL4 part
| of the firmware runtime stack:
|
| "To all software engineers; please refrain from engaging in
| criminal activities. If you are instructed to do something
| illegal, it is important to report it to the relevant
| authorities."
| gorkish wrote:
| An individual did do this. Companies do not suddenly grow
| arms and brains and learn to code, at least not quite yet.
| Xelbair wrote:
| It will be stuck in legal hell due to conflicts of interests.
| Trains already exist, and they need to work - but
| maintenance/repair companies cannot legally modify software of
| them due to copyrights. It's a catch22 situation.
|
| I honestly hope that company will be fined to the oblivion, and
| for criminal charges for that, but i doubt it will happen.
| xg15 wrote:
| Supposedly tho the maintenance company would want to sue to
| at least dispute their contractual penalties?
|
| > _A day of train downtime in the workshop costs over 1000
| USD in contractual penalties, and there are several trains
| stuck, so the tension level in the SPS is rising._
|
| Also LSR, because evidently they were interested in holding a
| tender before and so likely don't want to be forced by Newag
| into overpriced maintenance contracts?
| db48x wrote:
| Of course laws vary, and Polish copyright law might be
| completely crazy, but around here copyright only covers
| distribution of copies. It does not make it illegal to modify
| software that you own. It only limits distribution of copies
| of that software, modified or otherwise. If the owner of the
| train wants to modify the software then there is probably
| nothing stopping them.
| krisoft wrote:
| > If the owner of the train wants to modify the software
| then there is probably nothing stopping them.
|
| This of assumes that the owner of the train company has the
| skills to do this. In reality they probably would need
| outside help and that company might fall foul of copyright
| issues. (when they are distributing the modified code back
| to the train company, for example)
|
| But the real problem of course is that all of this code is
| very likely safety critical. Can they modify it? Probably.
| Is it a good idea? Not really.
| o11c wrote:
| Performing a task for someone, whether directly or as a
| third party contract, generally doesn't invoke copyright.
| dn3500 wrote:
| I don't know anything about Polish law either, but in the
| US, copyright law (DMCA in particular) makes it illegal to
| modify the software in a device you own, if it requires
| circumventing protection code or devices. Which it probably
| would in this case.
| eastbound wrote:
| But could the authors be attacked for treason,
| destruction of property, or a simili-Patriot Act?
| Besides, have we learnt something about any public
| software being required to be delivered as open-source?
| magnat wrote:
| According to the Polish copyright law, by default one can
| reverse engineer and modify licensed software without
| author's permission to ensure interoperability with other
| software and for fixing bugs. Such right can be
| explicitly denied by the copyright owner, though.
| gorkish wrote:
| This is the kind of thing that will destroy a nation's
| manufacturing industry overnight.
|
| Who in their right mind would buy kind of equipment from a
| Polish company knowing that this kind of nonsense is both
| widespread and that their legal system has no solution?
|
| Hoestly, "Dieselgate" is not a fitting corollary for this
| travesty. This is considerably more sinister. Hopefully
| whatever happens from here will be an agent of change for the
| better.
| opliko wrote:
| Newag is actually trying to expand into Italy and a few
| years back they sold (and already delivered) 11 of their
| Impuls 2 trains (newer variant of the ones described in the
| article) to Ferrovie del Sud Est. I'm really wondering
| whether they got the same extortion software as the ones in
| Poland or did they maybe spare a new client on a new
| market.
| eastbound wrote:
| Aren't we all doing this when we buy software from the
| cloud?
| bornfreddy wrote:
| No? When using the cloud we are renting resources and can
| (in theory) switch providers as we wish. Here they bought
| a machine that vendor purposefully broke after some time
| or with purpose to disable competition from doing their
| job.
| dylan604 wrote:
| How does one become an train repair company if there are no
| trains that you are allowed to repair?
| justinclift wrote:
| > This is actively malicious destruction of property.
|
| Seems more like malicious denial of service, with the goal of
| enriching the malicious actor.
|
| A motivated legal team would likely be able to find Serious
| Charges that could apply. Especially if these specific trains /
| locomotives happen to be "Critical Infrastructure" (not
| guaranteed).
| Tade0 wrote:
| Newag issued a statement since, denying all allegations and
| saying that it was their competition which "hired hackers to
| slander them".
|
| I've met q3k because we used to work at the same company and
| briefly on a project together. Not the kind of person I would
| suspect of participating in a conspiracy of this sort and Newag's
| statement generally reads like "we didn't think we would get
| caught".
| aneutron wrote:
| While I haven't met the guys in this case, I am familiar with
| their work.
|
| Additionally, I am fairly certain they are not stupid enough to
| not have kept detailed, forensic-quality records of their
| actions and whatever they dumped. Sure it may not stand up in
| court as evidence but it will be more than enough to show that
| they didn't pull this out of nowhere
| senkora wrote:
| ^I think this is being downvoted because of poor reading
| comprehension skills. Please note that the parent comment is in
| favor of the hacking group.
| Tade0 wrote:
| Thank you for pointing this out - I reread the post and can
| imagine now how someone would read it differently than I
| intended.
| tensility wrote:
| Unfortunately for Newag, other than in the court of public
| opinion, firmware deliveries count as written evidence.
| Tade0 wrote:
| Part of their statement says(loosely translated):
|
| "No hacker can tell, based on the content of the digital
| record alone, who is the author of the digital record in
| question"
|
| Boy oh boy. Either they're not singing their firmware (which
| is a serious indictment in and of itself) or proving that it
| was them all along will be trivial, but the ones signing off
| this message are unaware of this.
|
| Overall they got caught with their pants down and handling it
| badly as evidenced by the fact that they don't even have a
| scapegoat prepared.
| RecycledEle wrote:
| I wonder if the solution to all these screwy engine controls
| (tampering with emissions testing, preventing 3rd party repairs,
| etc.) is to standardize the interfaces to these systems so they
| can be replaced.
|
| Standardizing the outputs of the sensors would let us swap in and
| out various components to ensure the system is not cheating the
| regulators.
| marcosdumay wrote:
| It's a bit more than standardizing, since you must also remove
| the barriers to changing the software. And you don't need full
| standardization, just publicity.
|
| But yes, it's basically it.
| magicalhippo wrote:
| F1 does this. All teams are required to run the same, approved,
| ECU[1]. They can change certain mapping tables and such but
| it's a sealed unit and they can't replace the firmware.
|
| [1]: https://wheelsports.co/formula-1s-standardised-ecu-
| explained...
| webel0 wrote:
| This is quite interesting because you can imagine that
| lobbyists would argue that standardization would "stymie
| innovation." If F1 does it why can't you?
| jtriangle wrote:
| One could easily argue that F1 hasn't innovated much in the
| last decade or so. The coolest stuff we get is clever aero
| and advantageous workarounds that get outlawed extremely
| fast.
| mrguyorama wrote:
| You are extremely downplaying the "clever" aero.
| Remember, simulation time and costs are regulated in F1.
| The innovation is producing extremely effective aero with
| minimal brute force simulation.
| jtriangle wrote:
| I'm aware that the tech to do so is really cool. It
| doesn't make the racing better though. It's not more
| exciting, the cars aren't really faster because of it
| because they're limited in other ways, and it's not
| really more competitive.
|
| What F1 needs is disruption, more options, like too many
| options that all of them won't be test-able, less
| standardization. Even the limited sim time is a problem,
| because there are certainly optimizations left on the
| table that can't really be found otherwise. What you wind
| up with is a A-team and a B-team of mostly the same
| designs. That's booring, and moreso because if the cars
| really were 100% standardized, at very least it'd be
| competitive in terms of driver skill.
|
| It's why these days, I don't watch much F1, I much prefer
| the more 'indie' racing leagues where, on any given
| raceday, anyone can win. The days of F1 being that way
| are long gone, and, it's not likely to change at-all.
| dghlsakjg wrote:
| Most of F1's "innovation" is around finding ways to beat
| the rules, not necessarily coming up with new technologies.
| magicalhippo wrote:
| Indeed. Standardizing certain components may reduce some
| potential innovation, however I've long thought that the
| public sector would be better off buying modular systems
| with well-defined interfaces rather than the behemoths do-
| it-all oh-so-often fail.
|
| At work we're a small team, providing a B2B application to
| perform a small, but very important task for our customers.
| We integrate with tons of other systems, at our largest
| customer we talk to 30 other systems. We're highly
| specialized and we rely on being good at exchanging data
| with other systems that are good at what they do.
|
| This allows us to innovate and provide great value for our
| niche, while the other systems can focus on getting better
| at what they do, rather than implementing a half-assed
| solution because it's not their core focus.
| InitialLastName wrote:
| F1 is an ecosystem in which the competitors agree to a set
| of rules as a prerequisite of participating. Among the
| guiding principles of the rules are "limit spending on
| aspects that don't meaningfully affect the competition" and
| "when possible, make it easy to enforce the other rules".
| Using a single, common ECU (which is both complicated to
| manufacture and doesn't directly influence performance [0])
| saves all the teams (bar McLaren) from having to go down a
| rabbit hole of doing semiconductor design and manufacturing
| and makes it easy for the governing body to enforce rules
| about how the ECU is configured.
|
| [0] How the ECU is configured does, but the ECU itself
| doesn't
| jtriangle wrote:
| There are devices for automobiles that intercept sensor data
| and feed back fake data to the ECU to bypass emissions
| controls. It's a fairly simple to do.
|
| I have a buddy with a WRX that absolutely should not pass smog,
| has no cats, big turbos, tune, etc, but it has no codes, passes
| every time without issue because the sensor data is synthetic
| that governs those things.
| vlovich123 wrote:
| Or even just requiring the manufacturer to provide all source
| code to the customer and the tools to update/replace the
| software. Would be nice to get rid of the black holes that is
| firmware and allow for auditing.
| aizyuval wrote:
| I'm solely consuming EN content. And if it's from another
| country, it's only whats leaked by big media. It make me wonder
| how much good content could be translated.
| gunapologist99 wrote:
| I think you're saying, how much other good content is out there
| that I'm missing out on because I only read English, and it's a
| good point.
|
| However, English has become the (now ironically named) _lingua
| franca_ of, at least, the more educated parts of the world, and
| many people who are most comfortable in their native languages
| are still often translating their best work into English in
| order to see it more widely read. This is often the case with
| scientific papers, for example.
|
| Perhaps England's biggest gift to the world was its language.
| tensility wrote:
| Worldwide colonialism wasn't exactly a "gift", but I must
| admit it has been advantageous to me, personally, for English
| to be as relatively universal as it has become as a result.
| ;-)
| wejick wrote:
| This kind of thing reminds me of 737 max debacle.
| croes wrote:
| >it is hard to find an institution in Poland that has done
| anything beyond kindly expressing interest in the matter. We are
| not aware of any action taken either by the Office of Consumer
| and Competition Protection or by the Railway Transport Office,
|
| That the worst part of all that.
| gambiting wrote:
| The government anti-corruption office is formally investigating
| this now, which means almost certainly people will end up going
| to jail. The office of consumer protection doesn't have
| anywhere near the power these guys have.
| droopyEyelids wrote:
| When the companies see that this behavior is not punished,
| they'll basically need to implement their own versions of it to
| stay competitive!
| voakbasda wrote:
| It's cute that you think they haven't done that already...
| p0w3n3d wrote:
| Title is a bit misleading, because this *gate is not about faking
| ecology, and trying to pass certification in artificial
| conditions, as dieselgate was, but simulating fake failures
| instead. The company hardcoded algorithms that would report
| failures of parts that work correctly (like a compressor), if it
| detected that train has been repaired by another company (based
| on location readings), and stop the train from running
| nightpool wrote:
| It's an example of fraudulent / malicious behavior found by
| decompiling industrial logic controllers, with incontrovertible
| evidence of illegality. Obviously no two situations are ever
| going to be the exact same, but I think it's clear why the
| analogy was made.
| samtho wrote:
| Yes, but "Dieselgate" is not appropriate here because that
| term has "cheating" loaded onto it, which represents a
| different struggle for companies than vendor lock-in. What
| this company is doing is related to DRM and arguably closer
| to what John Deere does with its products.
| kps wrote:
| The example here includes faking a compressor failure,
| which is a bit beyond 'vendor lock-in'.
| fcsp wrote:
| > The company hardcoded algorithms that would report failures
| of parts that work correctly (like a compressor), if it
| detected that train has been repaired by another company (based
| on location readings), and stop the train from running
|
| This isn't correct by my understanding - there's actually two
| separate things here:
|
| - The company made their trains stop functioning after spending
| 10 days at competing maintenance locations, based on GPS
|
| - In one firmware, they hardcoded to pretend a compressor
| failure a few days after the next scheduled maintenance for the
| train
| h1fra wrote:
| Outside the obvious issue in this article I found the following
| statement horrendous:
|
| > it has to be taken apart, the parts sent to the various
| manufacturers, checked, sent back, the train put back together
| again and tested
|
| Instead of having one public company mastering the art in its
| entirety everything is split with contractors. A good example of
| a successful way to do that (but slowly dying thanks to
| capitalism) is SNCF operating everything in a massive warehouse
| https://www.youtube.com/watch?v=SeRH2M2Z-ms
| freedomben wrote:
| How is this different from companies like Apple or John Deere
| that DRM components and brick the device if repaired by
| "unauthorized" technicians?
|
| (I think both are equally egregious personally, but I know
| there's a lot of support here for Apple, so I'm curious how
| people reconcile these. I don't want to make this a religious war
| about Apple, but those practices in general regardless of which
| company is doing it).
|
| Is it the secrecy that makes it different? i.e. if the train
| company were honest about it then it would be ok?
|
| Or is it the scale that matters? Trains are big and expensive,
| while phones are small and cheap, so it's ok? (that wouldn't work
| for John Deere but would for Apple)
| cstross wrote:
| An angle you may not have considered is passenger safety.
|
| Imagine if this happened to an airliner in flight: there'd be
| criminal charges for sure, not to mention huge damages and
| lawsuits from the families of the dead if some of the control
| systems locked up in mid-air.
|
| Trains are not quite as susceptible to disaster arising in the
| course of operations as airliners, but a Newag Impuls 45WE runs
| at up to 160km/h in service with up to 218 people on board.
| (Their speed record is considerably higher.) A sudden breakdown
| in service is at a minimum going to cause timetable havoc and
| knock-on delays for other trains and at worse could lead to a
| mass casualty accident.
|
| (John Deere tractors don't usually carry 200+ passengers and
| Apple computers don't usually get deployed in safety critical
| situations. So, different!)
| johncalvinyoung wrote:
| I'm not a fan of Apple's practices, but there's some
| aggravating elements to this. Apple doesn't brick your device
| if it it spends time at a repair location, for instance. Apple
| also doesn't simulate failures on synthetic dates to force
| repair.
| lrhegeba wrote:
| I wouldnt be so sure, one can think of
| https://en.wikipedia.org/wiki/Batterygate as an example of a
| little bit of "bricking"
| labcomputer wrote:
| While I don't think Apple handled that well, the intent is
| clearly different. In fact, the situations are so
| different, that I have to wonder if you are a troll.
|
| In battery gate, 1-2 year old devices were starting to
| reboot at low state-of-charge (typically <30% battery).
| Apple issued a software update that fixed the reboot
| problem... hmm, how does software fix what smells like a
| hardware issue? Well, the underlying cause was that aged
| batteries could not supply enough current and would
| brownout the CPU (which caused the reboots). The fix was to
| throttle the CPU a low SoC, which avoided the brownout--so
| they "fixed" a real problem that I experienced.
|
| My feeling is that Apple owed customers like me some
| compensation. But, it is clear that the performance
| throttling was not just an arbitrary "fuck you". Rather, it
| was a misguided attempt to save the cost of warranty
| battery replacements in a way they thought customers
| wouldn't notice.
|
| The current situation couldn't be more different. Here, the
| manufacturer has added software from the factory to create
| fake error codes. The hardware is working perfectly fine,
| but when the train sits in _certain_ locations for too many
| days, it will pretend to have a hardware failure. During
| certain months of the year, the train will fake a hardware
| error. There is no possible explanation for this, except as
| a "fuck you" to the customer who wants to use 3rd party
| service.
| ffgjgf1 wrote:
| > Is it the secrecy that makes it different? i.e. if the train
| company were honest about it then it would be ok?
|
| IMHO mainly that and clearly those trains are required to be
| designed in such a way that they could be repaired by a third
| party (either by law or by contract based on how the situation
| is described).
|
| Apple provides (nor is required) no such guarantees. Also it
| has more or less legitimate reasons for its design decision
| (making it harder to reuse stolen parts).
|
| > equally egregious
|
| I certainly disagree almost completely. With Ape you know what
| you're getting and can make an inform choice. Also it's a
| completely different type of product. Trains have various
| regulatory, safety and maintenance requirements which are
| irrelevant for consumers devices. Screwing with the software
| controlling trains can literally kill people..
| freedomben wrote:
| You make some pretty good points. Especially the "you know
| what you're getting" is very strong. Basically the difference
| between fraud vs not fraud. Thanks!
| oersted wrote:
| Functionally it is similar, but trains are very critical civil
| infrastructure. In the case of John Deere such fraud can also
| have a serious impact, but it does not affect the public in the
| same way.
|
| If they want to explicitly claim exclusivity on maintenance or
| a certain enforced product lifetime, fine, it is a nasty
| practice but fair enough. But not making the operators aware of
| these conditions, when they knew months beforehand what would
| happen when they lost the tender, and while it was seriously
| affecting the public later on, that is criminal in a way that
| is not comparable to Apple's practices for instance.
| dang wrote:
| Recent and related: _Polish trains lock up when serviced in
| third-party workshops_ -
| https://news.ycombinator.com/item?id=38530885 - Dec 2023 (347
| comments)
___________________________________________________________________
(page generated 2023-12-08 23:01 UTC)