Hacker News new | past | comments | ask | show | jobs | submit login
Polish trains lock up when serviced in third-party workshops (social.hackerspace.pl)
1076 points by miki123211 on Dec 5, 2023 | hide | past | favorite | 360 comments



So these trains are exclusively used in Poland by quite a big number of regional train companies. There are 5 servicing levels starting from P1 up to most complex P5. It used to be that only these major companies would do P3+ but since a few years tenders were won by several smaller competitors at much lower prices all thanks to European Union Agency For Railways that opened that market.

It started with 4 trains that were serviced by SPS Mieczkowski and just wouldn't start. The company was forced to pay €0.5m in penalties and trains were sent back to Newag. At the same time several other trains from different companies that didn't even got to service but spent a bit too much time in one place became immobilized. This all led to SPS Mieczkowski hiring Dragon Sector to investigate and they found several separate routines to disable trains.

This case is investigated by Central Anti-Corruption Bureau in Poland but I doubt it'll do much harm to Newag. The Office of Rail Transport of Poland that would spam rail company with complaints and orders for a small mistake in train schedule washed it's hands from intervening in this case and train purchases have highly regulated tender process and very little wiggle room for rail companies.


>This case is investigated by Central Anti-Corruption Bureau in Poland but I doubt it'll do much harm to Newag. The Office of Rail Transport of Poland that would spam rail company with complaints and orders for a small mistake in train schedule washed it's hands from intervening in this case and train purchases have highly regulated tender process and very little wiggle room for rail companies.

It's clearly a crime of sabotage under Art. 254a kk. Tender process does not matter in this case. We just need a competent prosecutor.

https://sip.lex.pl/akty-prawne/dzu-dziennik-ustaw/kodeks-kar...


Being a 40+ year old Pole I am yet to see a single case of corruption in public sector be prosecuted.


Maciej Zalewski (a co-creator of Kaczyński's first party - Porozumienie Centrum) remains the only high-level politician I know of in Poland that was sentenced for corruption and actually went to jail.

https://pl.wikipedia.org/wiki/Maciej_Zalewski_(filolog)

He warned Bagsik and co. (who stole millions of public money through the famous Art-B company and escaped to Israel) that the police wants to imprison them - so they managed to escape. Bagsik later confirmed that they shared some of that money with Porozumienie Centrum's business named Telegraf. Somehow only the less important guy (Zalewski) went to jail, but Kaczyński brothers weren't prosecuted.

But there's a lot of low level corruption that is exposed, it's just usually ignored by country-wide media, because that corruption is local. For one example: https://samorzad.pap.pl/kategoria/prawo/prawomocny-wyrok-byl...


> but Kaczyński brothers weren't prosecuted.

Is there any indicator they should have been in this case?


Their company "Telegraf" got cheap credit from Bagsik just before.


I haven't seen any evidence of corruption here - just pure malice and monopolistic behavior.


There is corruption everywhere (though obviously not uniformly distributed). It requires active, dynamic efforts to counteract. If you don't see some evidence of successful prosecution, that itself is informative.


The corruption would be if this is not punished. By for example Newag getting a massive fine.


It's a criminal case. Money is not enough.


I think that there are two separate issues here:

1. train manufacturer bricking trains - malice and monopolism as you say

2. prosecutors failing to bring court cases and convictions for train manufacturers - incompetence or more likely corruption.


It might be different if you manage to get your competitor fined 500k


500k is fraction of train cost. Eventual fine, to work properly, would need to be in hundreds of millions.


I think the 500k was a reference to the fine the third-party service company (SPS Mieczkowski) had to pay due to the failure that it now turns out was intentionally caused by Newag.


Having read only that kk article, I'm not certain if trains are considered parts of the infrastructure?


It works for train vandalism - why wouldn't it work on industrial scale?

For example, someone stole active train parts: https://orzeczenia.gdansk-poludnie.sr.gov.pl/content/$N/1510...


I don't know, that's why I asked--for me "infrastructure" sounds like the immovable parts. Similarly to road infrastructure, which doesn't include cars. But it's just my armchair impression, I have no idea how the law works in this context.

I quickly scanned the sentence you linked to, and art. 254a seems to be applied only to the theft of wires from tracks? Or am I missing something?

I've tried googling "infrastruktura kolejowa", and it seems that Ustawa o transporcie kolejowym defines it in art. 4.1, referencing Appendix 1. And that Appendix only lists immovable stuff. But again, I'm not a lawyer and I'm aware that definitions from one act often don't apply to a different act, in different branch of law.


In the usage I'm familiar with (in the US), the entire rail network is considered "transportation infrastructure", from a national perspective.

But from the perspective of just the rail network, the track and other infrastructure is considered separate from the rolling stock.

I wonder: If the rolling stock becomes immobilized, does it now count as immovable stuff?


If that were true, Amtrak wouldn't be leasing railways as it's nationally run. Railroad companies like Union Pacific, Norfolk Southern, CSX, own their rails. They own their rolling stock. They own their locomotives. They lend you, the business person, a rolling stock to load and ship to where you need it to go. There it will be unloaded and sold/shipped by truck to final destination.

Rail companies own the right-of-way AND the rails. They control what runs on their rails, who runs on their rails, when they run, etc.

It's quite something to think that 97% of the rail tracks in the USA are privately owned.

https://public.railinc.com/about-railinc/blog/who-owns-railr...


What’s really interesting to me is how much of that 97% was built using public funds.


Yeah, it was a much more symbiotic relationship until the 1970s. During WW2, the rail companies would ship war goods and troops to and from, part of the deal to get those public funds for rail expansion. In the 1970s the rail companies were struggling due to interstate trucking and so they were deregulated in 1980 and privatized (reasoning: only the free market will determine if they should fall). The privatization of the US rail system then made it easier for companies such as Conrail at the time, to raise their rates and increase profits. [1]

[1] https://en.wikipedia.org/wiki/Staggers_Rail_Act


and sadly, if it was owned by the public, it would have cost 197% to obtain the same effect in society. Doesnt mean its okay though


Also sadly, some US commenters cannot (or don't want to) look over their fence to see how stuff can work in other countries. Of course this can still mean stuff can't work, but I'm positive many perspectives can get changed.


Ah, that's a very good distinction between the national perspective and the rail perspective!

> I wonder: If the rolling stock becomes immobilized, does it now count as immovable stuff?

Assuming it's a philosophical question, and not a legal one, how about: - A runner that's currently running is obviously a runner - A runner that finished running for today is still a runner - A runner with serious knee problems is a former runner ?


Also practical question: how much of the rolling stock has to become immobilized before the immovable parts of the infrastructure become useless? At which point you can start throwing the book at whoever's responsible?


Locking up (or causing possibility of doing so) a non-siding line sounds like Denial-of-Service on rail line.


We routinely call servers and such 'infrastructure' when they are in fact much easier to move (if not by themselves) than your average rail road car or locomotive. A kid could do it, all by themselves.


Yes, I agree, but AFAICT we have two questions in this subthread:

- about common usage of the word - and here it _seems to me_ it's context- and domain-specific, because for instance we don't call cars a road infrastructure

- whether Polish penal code treats trains as rail infrastructure - and here I don't know, but I found a railway transport bill that lists what's considered infrastructure, and trains are not there


In NL I know for a fact the locs wouldn't be infrastructure, the term used is 'rolling stock' and they are usually owned by different companies from the infra.


Reminds me of the recent Supreme Court case about whether a train is "in use" while parked at a railyard:

https://www.scotusblog.com/2022/03/justices-search-for-the-l...


Thanks for the link! It's fascinating for a laymen like me how they considered all those different angles.

And also:

> For Breyer, however, the prospect of a “tractive power” test

> confirmed that the concept of “use” is so inherently context-dependent

> that the court would be better off taking the “common law approach”

> of resolving just this particular case,

> rather than attempting to determine the word’s meaning for all time.


It is also investigated by the Agency of Internal Security and I really doubt they don't have huge problems out of this. This is taken extremely seriously internally.

There's a ton of evidence to prove what happened and they have no chance to somehow wiggle out of this. They're trying... by saying they were hacked. Yeah, the hackers somehow flashed firmware of trains services by competition, to brick the trains. GPS coordinates of competition rail segments were literally hardcoded.


Their newer variant, Impuls 2, is actually used outside of Poland too - Italian FSE operates 11 of them.

Though considering they were hoping to continue their expansion into Italy I imagine they might not have sabotaged these trains (but who knows, maybe they're fine with burning even new customers).


[flagged]


Hypotheticals be hypotheticals, but here we don't have a case of the lowest bidder screwing up maintenance of a potentially dangerous piece of infrastructure; instead, we have the incumbent breaking aforementioned hardware on purpose, and blaming it on the lowest bidder.

Honestly, I think China got this right. Business is business, but when you start screwing with critical infrastructure, a firing squad should be on the table. And in this case, at least months to years of prison.


In this case the lower offer was 22mln PLN, whereas the manufacturer's offer was 25mln.


And if the manufacturer could have justified the additional $3mln in cost besides "vendor lock in" maybe they wouldn't have to break the law to keep customers coming back.


It's 3mln PLN, so more like $750k... It must have been worth it, right?


It's also great to see others trusting a servicing shop that customers are forced to use no matter how sloppy or incompetent their work.


Buried in the comments are links to longer write-ups with additional details:

Polish:

https://zaufanatrzeciastrona.pl/post/o-trzech-takich-co-zhak...

https://wiadomosci.onet.pl/kraj/awarie-pociagow-newagu-haker...

English:

https://zaufanatrzeciastrona-pl.translate.goog/post/o-trzech...

https://wiadomosci-onet-pl.translate.goog/kraj/awarie-pociag...

For context: Poland is split into 16 voivodships, and after a reform from early 2000s, pretty much each of them has its own local railway company (which cooperate).

Basically "everyone knew" for over a year something was fishy with Newag trains, after a series of faults in trains owned by different companies which used a 3rd-party service company instead of servicing with Newag, so the service company hired the hacker guys, it took a while for the folks to reverse engineer things and understand what's precisely going on.


Awesome! I had to look the word "voivodship" up. I am Polish, so I knew what województwo meant. But I didn't know there was an English equivalent of that word other than governing state. An interesting read on Wikipedia:

https://en.wikipedia.org/wiki/Voivodeship


I think the best shot a modern Anglophone has at knowing the word is that it was used in Dracula for the title of Vlad the Impaler. [Voivode, that is, not voivodeship. But if you know the title voivode, the meaning of voivodeship is obvious.]

It is not immediately obvious why the word would have been adopted into English in more or less the native form as opposed to being translated into an equivalent title, the way we talk about German "dukes" and "duchies".


Knowing polish, russian, lithuanian and bits of other related languages, I find it interesting how the word directly assumes military leadership, the medieval feudal kind of way. It can be roughly translated as "led by a voivoda", with "voivoda" here meaning "military leader".

Probably comes from the original Commonwealth times..?


This brought to mind the AARD "crash" which Microsoft used to basically destroy competition from DR-DOS back in the day.

> The AARD code was a segment of code in a beta release of Microsoft Windows 3.1 that would determine whether Windows was running on MS-DOS or PC DOS, rather than a competing workalike such as DR-DOS, and would result in a cryptic error message in the latter case. This XOR-encrypted, self-modifying, and deliberately obfuscated machine code used a variety of undocumented DOS structures and functions to perform its work.

https://en.wikipedia.org/wiki/AARD_code

https://www.geoffchappell.com/notes/windows/archive/aard/drd...

https://news.ycombinator.com/item?id=36042213


This tracks for Microsoft. The very same company that told Compaq that if they sold any PCs with OS/2 Warp, they would never sell another one with Windows.

Humans are why we can't have nice things. OS/2 Warp was a great OS.


We really need to have much stronger anti trust legislation and enforcement. It is absolutely ridiculous to allow companies to behave this way.

And before someone says that "free market is always good and government is bad", the optimum free market strategy if there is no government is to hire hitmen to assassinate the executives of competidor companies. A real competitive free market will always require the government to prohibit companies from forming artificial mottes around their monopolies.


> And before someone says that "free market is always good and government is bad"

I've never really understood that dichotomy myself. The free market IS good, that is for sure. But it won't exist unless the gov't uses its power to create it. Companies have to be kept small enough that there will always be a bunch of choices. And that won't happen by itself.


[flagged]


I generally agree, but I tend to turn the perspective around to this: truly "Free Markets" are basically the natural, unevolved state of affairs when you don't have a better system in place. The whole reason we invented those better systems is to improve the "consequences for the majority".


A true libertarian wouldn't support corporations at all. They are as bad as tyrannical governments. Proprietorships and partnerships would limit exposure to tyranny of the corporation. They focus the responsibility of the business on the owner and not some protected class of employee.


A true libertarian would ride in on their Unicorn, because those don't exist either. ;)


Your ad hominem arguments will never negate the arguments made against you and ultimately you know this at a deep level. Good day.


ROFL. Your casual dismissal doesn't make your ideas more valid.

Thanks, I needed a big laugh today.

Google "free town project" for an idea of how Ayn Rand's self-centered approach to community plays out IRL.


[flagged]


There's a special kind of delusion easily afflicted by successful people - that because they were so successful, it was because they are so much better. Therefore they will easily believe they will come out on top also in societal collapse. I think such reasoning is behind many super-expensive bug out plans with fortified villas and bunkers.


How many successful people are building bunkers? Isn't that just a pasttime of the very wealthy? There are a whole lot of regular successful people in this world that aren't building out doomsday scenarios in their spare time.

And I'd argue that for the most part these normal successful people are generally justified in thinking they are successful on the merits. Luck has a role, but so does grit.


Most aren’t building bunkers. I just took that as a colourful illustration of how success can skew your perception of reality. This is not even necessarily related to if the success is on their merits or not. I think one can fall into this trap regardless of how one got there.


Yeah those bunker wont belong to them if things go to shit at best they will belong to their now former bodyguard.


The optimal free market with no government is for corporations (collections of people) to use violent force to enforce their goals. A sufficiently powerful corporation is indistinguishable from a government.


A sufficiently powerful corporation is worse than a government, because the current government at least pretends to play by the rules and in a lot of cases, does. The issue is the rules themselves, which were crafted by? Corps.

Corps are entirely different. They push harder and harder and harder for PROFITS and will inevitably cross lines. When crossing those lines not only has no meaningful penalty, but actually turns a profit, after the fines are subtracted, they will not only continue to do it, but push even harder. After all, there's no real consequences, so why worry?


Authoritarian governments exist, and are more common than democratic ones.

Besides, democratic corporations exist too. They are just incredibly rare.


Mind providing an example of a democratic corp?

I've never known of one.


Cooperatives used to be more common than they are now. And used to be democratic.

Software consultancies is one of the markets where democratic consultancies were common enough for one to see them.

But now the world is property of a handful of corporations, so you won't see any contemporary example.


> A sufficiently powerful corporation is worse than a government, because the current government at least pretends to play by the rules

The most despotic and scary governments of history would probably like a word with you. Maintaining a believable pretense of following any rules is a luxury we take for granted in many countries today, but Mao and Stalin didn't worry about the appearance of propriety.

Not really arguing against your main point though, I think you're right. Just don't forget how bad totalitarian governments can be.


The most totalitarian where internally structured like one cooperation.


You are citing outliers. A majority of the countries in the world aren't run by people like Stalin, or Pol Pot.

Yes, in those instances nothing is worse than the government, but a majority of the world doesn't live in those places. For most people, it's the tyranny of corporations that affect our lives in outsized ways.


> For most people, it's the tyranny of corporations that affect our lives in outsized ways.

No, for most people it's corporations that enable our current best-in-history lifestyle. The hardest things we face are scarcities created by government policy.


Posted via that government internet project because the government finally forced the monopoly communications companies to allow 3rd party connections.


Indeed according to the big private businesses at the time the internet was stupid and a money losing idea.

It's a common thing in American history where the US government invests in ideas/concepts that are seen as losers by the for profit industry only for those industries to swoop in and profit off the results...

Stuff like that and the American national standards institute is why the USA was in the front of the technological evolution for so long. We spent money on "useless" crap that ended up paying massive dividends later and allowed for the USA to set the standards.


This massively obscures all the incredible efforts by people in those companies over the decades to bring us from unreliable, insecure, hyper slow, wired proof of concept to something so valuable everyone will pay for it.


Just take the L man. That's the case for every technology after it was invented


> A sufficiently powerful corporation is indistinguishable from a government.

Only if the government is a dictatorship. A sufficiently powerful corporation will never look like a functional democracy.


Boards appoint executives, boards are voted in by shareholders, shareholders are determined by $, the more money you have the more votes you can buy.

Companies are, in theory, dysfunctional representative republics.


Having to BUY a vote explicitly removes any consideration of it being any form of democracy. Democracy requires suffrage as a right, not a commodity.


> Democracy requires suffrage as a right, not a commodity

There are plenty of "democracies" where suffrage depends on one having the appropriate citizenship.

Full disclosure: I have permanent residency - and pay my taxes - in a country where I'm neither allowed to stand for election nor allowed to vote...


Indeed, Democracy originated in an environment where suffrage was highly limited.

https://education.nationalgeographic.org/resource/democracy-...


I did say "dysfunctional".

But yeah, historically voting rights in many places were tied to land ownership. (And also genital arrangement)


No, they're plutocracies, in the most literal sense. The involvement of votes doesn't factor into it. The "public" in "republic" refers to the public at large. A private corporation, being privately held, is necessarily not republican in any sense.


lol,this is basically dialog from the original Robocop movie


> A sufficiently powerful corporation will never look like a functional democracy.

True, but neither will a sufficiently powerful government.


looks around for an example of a functional democracy


How about the one that decided that a New York con man and money launderer was the right choice for president?

I'm concerned that democracy as a general concept has a showstopping bug with no obvious fix. A bug that's always been there but has recently become fatally easy to exploit. Essentially, giving stupid people the same political power as smart people is mandatory in a democracy, but problematic because the former are much easier for "smart" minorities on all sides to corral into blocs.

The whole system then devolves into a battle for control over the easily-led, which is equivalent to any other form of government by minority interests. Regardless of who is on top at any given time, they aren't there to represent the interests of the majority.


The system was designed around the idea that people take voting seriously. Sadly, we're not there. We're in a country where 1/3rd of the population thinks a rebellion against the government is needed. Not because they are being downtrodden, not because the government is taking their food, not because of mass slaughter by the military...nope. They want a world where only whites are allowed to own property, where there are strict rules for everyone except themselves, where other people's lives and choices are subject to their big magic beliefs, which are somehow better and more accurate than the 3000 other religions on the face of the Earth...somehow.

Voting is problematic when voters are either apathetic or worse, callous, like little children mad because they were denied 3rd dessert.


You seem to have a rather one-sided view of a rather large part of the population. That being commmon is a much bigger problem for a functioning democracy.


I base my view on their literal, factual behavior, past and present.

You however, seem to have a very rosy pair of glasses on.

According to your take, there were a lot of Nazis (pick any bad group) that shouldn't have been lumped in with the rest of the Nazis, because even though their actions were the very same horrific things, viewing them as a monolith is bad? We should look into their hearts and find the real motivation? lol

You my friend, are so badly mistaken, that I honestly don't know what to say.

If the literal, factual actions of 60 million people, attempting to destroy a way of life, because a clown told them to still isn't enough to view them as the enemies they are, then I'm not the one that's lost here, friend.

That's some take.. I hope it serves you well, despite my misgivings.


That bug has always been "fatally" easy to exploit.

Stupids having a vote isn't as misguided as it seems, as if we imagine instead the smarts simply stopped the stupids from having the vote, the smarts would neglect the needs of the stupids. The Trump election resulted on a bipartisan realignment on trade which was arguably tilted towards elite interest (access to markets, maximising GDP) over popular interest (Maximising domestic jobs and wages) before that realignment. The whole democratic vision from that time to ignore domestic low skill job losses and focus on retraining people to do new high skill jobs was something that sounded sensible to a smart person as it’s how smart people would personally react to such circumstances - but it lacked common sense and an understanding of the impact of such a plan on the common person.

Democracy almost intrinsically is going to give you middle-of-the-road quality leadership. You can do better and worse than a New York con man who at least had the marketing genius required to get so famous in the first place - many dictators are nothing more than thug lords or spoilt failsons. The promise of democracy is in setting good incentives and mitigating extreme worst case scenarios through elections and means to obstruct bad leaders.


Of course, viewing Mr. T as an anomaly is scapegoating, a way for people to quiet their nerves, to avoid having a naive article of faith undermined. There's emotional investment here. The case is similar with Harvey Weinstein. He is guilt, absolutely, and he should be punished, but Hollywood is full of exploitation. A scapegoat doesn't have to be innocent. In fact, it's more effective when the scapegoat is guilty himself in some manner. That makes it easier to accuse him and to deflect from the filth elsewhere.


Ideally we want a democracy to be representative (in the statistical sense) and resistant to regulatory capture and low-information voting. Maybe it wouldn't work in practice, but it seems like we already have a system that attempts to tackle precisely these however flawed it may be: jury duty. Perhaps it could be applied to things like voting.


No, if you remove either corporations or governments from the equation, the remaining thing will morph and split to recreate this. Corporations aren't fixed in stone - a sufficiently powerful one may be indistinguishable from a dictatorship, but it'll also evolve the same way.


That wouldn't be a free market. It would be some kind of oligarchic corporatism. Government is necessary to truly enable free markets. The key to understanding that is to understand what "free" truly means [0]. It isn't "do what thou wilt".

[0] https://news.ycombinator.com/item?id=38537665


A freely competitive market (as envisioned by Adam Smith) is very different from a free market (as the term is commonly used today, at least by many conservative political parties). I fully agree that without sufficient regulations markets cease to be freely competitive.


This reminds me of the East India Company: forcing China to buy opium even if it really harmed both its population and economy.

Indian may not be too happy with all the Marathas wars and colonization.

Anyway, is not a matter of which is the worse but of how can we get the best from both of them


The East India Company didn’t directly even ship opium to China, that was all done by private merchants.

And in any case initially it wasn’t so much about opium as about free trade in general. The British would’ve been fine with selling textiles, tools and other stuff to the Chinese people who wanted to buy them. Opium was just much easier to smuggle than anything else.


We simply need meaningful penalties that involve jail time and % fines, on top of the ill gotten gains. The current model is steal $1 million, get fined $250k, enjoy the profits.

Sadly, that'll never happen, because CU made bribery legal and who's congress going to listen to? The 100s of millions they allegedly govern or the guy that handed them $25k for a kitchen remodel.

Spoiler: It's not the citizens.


> Sadly, that'll never happen, because CU made bribery legal

Citizens United was a USSC ruling; TFA is about Poland.

Poland is in the EU; NEWAG seems to be a formerly state-owned company, that was fully privatized in 2003.

https://en.wikipedia.org/wiki/Newag

I'm awfully worried about both Poland and Hungary, and their place in the EU even though I'm a brit, and now out of the EU. I think both countries should have had their EU membership suspended years ago, for corruption; meddling with judicial appointments; and generally not allowing free media. I suspect Hungary is much worse, but for me, a major reason for supporting Brexit was that I didn't want to be in a political alliance with countries that didn't comply with international treaties, which the EU was so reluctant to enforce.


> and generally not allowing free media

To be fair not something Britain can be particularly proud of considering its libel laws.


Arguably free media is suppressed in most of Europe. In Sweden state press subsidies are not given to press considered extreme by those in power to give it. Of course, and no wonder, those in power is the opposition. The situation is similar in other European countries.


You're absolutely right. My bad.


> the optimum free market strategy if there is no government is to hire hitmen to assassinate the executives of competidor companies

There's a huge difference between opposing regulation and permitting murder. Equating the two is a strawman, given that there are a large number of people who oppose various regulations and very few who would want to legalize murder.


I mean.. I'm not up for outright legalizing murder, but as the world turns, I understand it more and more. Some people just need a killin.


As far as I understand the conditions of a free market are not met in this case:

According to the english Wikipedia: * A capitalist free-market economy is an economic system where prices for goods and services are set freely by the forces of supply and demand [...]

Here one can argue that the available services (i.e. maintaining a train) are not set freely by the forces of supply and demand, but by the constructor of the train; at least to some extend.

You said that "[a] real competitive free market will always require the government to prohibit companies from forming artificial mottes around their monopolies". I partially agree in this case. A free market that contains competitors that are able to fully satiate it will always require a government that hinders it from working towards a controlled market. By a controlled market I mean monopoles, oligopoles, cartels, or otherwise controlled environments(1). So if there's no competitor I can walk to in case I am unhappy with my trading partner the market isn't free by definition. I can hardly think of bakeries in town requiring governmental intervention (unless they form a cartel, that is).

Not every market should be free, however. I guess you've just met too many hard-liners arguing for shady business practices in the name of the free market. I'd argue that a shady business will cease to exist in a free market due to the customers running away.

PS: Funny enough, I am fully onboard with stronger anti-trust enforcement (legislation only if that proves to be insufficient), only that I am doing it as a proponent to regain market freedom.

(1) Intentionally left broad as I can't be bothered to come up with a definition that fits what I have in mind.


Funny that your optimum free market strategy is murder. A market where murder is a legitimate strategy is anything but free. In fact a good litmus test as to the freedom of a market (or any social structure) is the legitimacy of murder.

Comparing murder to antitrust therefore seems to be a pretty weak argument. Deontological libertarians would view the use of force required to enforce antitrust as authoritarian overreach. They would see no moral justification in the enforcement of arbitrary limitations on the voluntary transactions of consenting parties. They would see these as tyrannical.

This stems from a core disagreement about the nature of society. Some people see it a as a collective project for the good of all participants (the sticky points being the definition of "good", and the non-optionality of "collective"). Others see it as simply an agreement to coexist peacefully and cooperate only voluntarily, while embracing the Darwinian nature of said coexistence.

Each side is well meaning I'm sure, but I find it hard to reconcile these two worldviews.


Coexistence - peaceful - darwinian. A circle that's hard to square.


I don't see why. It's basically what happens in any free society - we (as individuals, organizations, social orders) compete over finite resources. Disputes are resolved via due process. Winners win and losers lose. The difference between civilized and uncivilized is only in which actions are available to the players, not in the nature of the game.


The problem is that competition for resources is taken as the essence of markets, which it is not. Competition exists in markets, sure, but it's not the point of the market per se. That's psychotic. This is the problem when decontextualized practicalities become enshrined as abstracted ideological and moral tenets of the highest order. According to your view, if I were starving, and you had a warehouse full of food, then I would be stealing if I were to break in and take some food to survive. Theft is always wrong by definition (you cannot say it is sometimes justified in ad hoc sense while remaining coherent; if the law just is competition for resources, full stop, then the starving man is just a loser, full stop), so I, the starving man, am morally obligated to accept my death outside the walls of that warehouse.

But as I said, this would be an incorrect view of markets, which occur within societies, to enable the good. Human beings are social animals, and so our good depends on society. The common good is also prior to private property. A scenario where people are starving, but where there are warehouses full of food, is one that demonstrates some degree of dysfunction.


> Competition exists in markets, sure, but it's not the point of the market per se. That's psychotic.

Competition is the point of every ecosystem, insofar as there is a point. The properties of an ecosystem are fundamentally emergent wherever living organisms interact, in markets or otherwise.

> so I, the starving man, am morally obligated to accept my death outside the walls of that warehouse

Why is this view so foreign? I don't expect you to adopt it per se, but surely you can see that yours is not the only perspective. There are many people who would prefer to commit suicide in dignity rather than live to seem themselves become a burden on others. There are even those who would rather die screaming in agony rather than pry greedily into the pockets of strangers.

> enable the good

Ah yes but then the you have to define "the good" which is notoriously challenging, and also be sufficiently comfortable in your definition to impose it by force on others who may disagree. I'm just not sufficiently comfortable with anyone's definition of "the good", my own included, to make that leap.

> A scenario where people are starving, but where there are warehouses full of food, is one that demonstrates some degree of dysfunction

I disagree, this scenario exists all over the natural world, and is fundamental to all ecosystems. In a competitive environment (which again, is inevitable), it's optimal to ruthlessly defend the maximum you are capable of, rather than the minimum you need to survive.


Your nickname seems appropriate to me.


> We really need to have much stronger anti trust legislation and enforcement. It is absolutely ridiculous to allow companies to behave this way.

You think? I have been wondering the same thing myself for years and i'm still flabbergasted that people don't treat this stuff more seriously.


No one literally says that.


> "free market is always good and government is bad"

This view seems especially American, but it is also a very liberal view (in the philosophical sense, not the somewhat weird partisan sense). Liberalism reconceives the common good, private property, and freedom dramatically. Whereas traditionally, the state is viewed as steward of the common good (that is its essential function), and private property as something instituted for the sake of the common good, liberalism conceives of private property as primary and the common good as something grudgingly ceded from the private good. Freedom is traditionally understood as the ability to do what one ought (the freedom to be what you are by nature, that is, a human being), but liberalism construes it as the ability to do whatever you please. (It's an odd idea. If I happen to want to gouge my eyes out and cut my arms off for no reason, doing so does not make me free. It makes me less free, because now I am less capable of functioning fully as a human being. I am confined and prevented from doing all sorts of good things. Human nature is the yardstick by which freedom is measured.)

What does this all mean? Well, it means government becomes construed as an artificial, even malicious construct that stands in the way of freedom. Certainly corruption exists, but this is not a valid argument against government as such. And besides, without government, something fills the vacuum. The absence of authority isn't freedom, but exposure to power that lacks authority.

So, yeah, free markets are good, as long as freedom (and thus the good) is construed in the traditional, not the liberal sense. That means that government, properly understood, is not an obstacle to free markets, but a sine qua non of truly free markets.


> We really need to have much stronger anti trust legislation and enforcement

The Microsoft disaster you are replying to could just as easily be blamed on the government in the first place. Why were they so slow to react? Why couldn't the FTC have seen that, or been alerted and acted immediately? There is no legitimate reason, other than the government is a socialist organization that has no incentive to actually get anything done. This is why USPS, VA, Amtrak, etc all suck. Throwing more government at the problem will have the opposite effect: less will get done!


Google forbids competing android TV OS for their hardware customers. Maybe this happens with every large company?


all this looks like points for open source. You can’t exactly stop someone from putting an open source OS on their hardware, and if the train software was open-source, then this “clawback code” nonsense would have been impossible to keep secret.

and you’re right, OS/2 Warp WAS a great OS. As soon as it started losing market viability, it should have gone open source as a defensive self-preservation tactic.

When LLaMa was released for free, it basically guaranteed it would never die a corporate death


> You can’t exactly stop someone from putting an open source OS on their hardware

Of course you can. Have secure boot requiring a signed bootloader. Currently Microsoft are good enough to sign a linux bootloader so you can run things like ubuntu.

Doesn't mean that in 73 years you'll have a situation where OSS is not only illegal, but you could not install one if you had one, without knowing your computer's root password. And neither the FBI nor Microsoft Support would tell you that [0]

[0] https://www.gnu.org/philosophy/right-to-read.en.html


Coreboot (which System76 and Framework use): Exists

Love the GNU mentality though, but you don't need FUD to promote your ideas. Lots of problems would just disappear if most things went open-source, and the value proposition might shift but would still be there. The most valuable part of code is the people that create, understand and maintain it; not the code itself. The code itself is ephemeral. (I hate to admit this. Us coders love our brain-babies.)

Note: I own a System76 Thelio Major and have a Framework laptop on order, so I am not just a non-participating bystander in my beliefs here


I agree. GNU rhetoric does not help their case. Much of it sounds very confrontational and whinny.

I am a supporter of free software and open hardware, but I would never try to forcibly try to convince people with half-truths.

BTW I don't think coreboot is really helpful in that it appears to me is more about controlling hardware access.


That page was written way before most people had ever heard of linux, a decade before things like secureboot became a thing, and way before the most common personal computing device in the world was a choice of two locked down devices.


> You can’t exactly stop someone from putting an open source OS on their hardware [...]

Of course you can. It's a train, not a PC. Its primary function is to *safely* get me from point A to point B. No safety certification for the whole thing (including software), means it doesn't go on tracks. The freedom of your fist ends where my nose begins, which means your freedom to mess up the train's software ends where I step on board.

Poland has had its share of railroad catastrophes, and I very narrowly avoided being a victim - I got late for this train: <https://www.bbc.com/news/world-europe-17248735>. I no longer live there - I like trains, but the trains in Poland are an unmitigated disaster every single time I visit.

> [...] and if the train software was open-source, then this “clawback code” nonsense would have been impossible to keep secret.

There's two problems with that:

1. Just because it's open source, doesn't mean you get to load your own modified version (see above); which means the software that's actually running on the train can trivially be made different from the sources you were delivered;

2. Just because it's open source, doesn't mean it can't have a hardware backdoor, or some sort of manufacturer-installed APT.

You can't even buy an Intel CPU that doesn't include an entire separate core, with its own Ethernet controller and OS - and that is the stuff that's actually documented and sold as an "enterprise" feature. Imagine an entire train of nooks and crannies to hide this sort of nonsense.


Good thing we have open-source hardware out there and open-source CPU's on deck. And makers like System76 and Framework that at least use Coreboot.

Wow re: train near-miss. Glad you're still here with us! That must have been terrifying to learn.


> Good thing we have open-source hardware out there and open-source CPU's on deck.

Read "Reflections on Trusting Trust" by Ken Thompson. It describes how even recompiling all the sources isn't enough.


Google has agreements with TV manufacturers that provent it.

https://www.techspot.com/news/84374-google-android-license-r...


Ha, wow. Good thing people can jailbreak these things!


OS/2 Warp is still used today, albeit in very limited situations.

I managed IT at hospitals for a large part of my career. At one of them, they had a "Lanier transcription cluster". It was 6 systems. One of them was an OS/2 Warp install that managed the modem cards.

It's apparently used to manage hardware, like those modem cards. Evidently, it does a great job of it.

I agree with you though. I think that Open Source would have made it much more of a competitor to Windows, today.

Then again, throw enough resources at anything and it could contend...ok.. not TempleOS, but everything else. ;)


Now we just need a a good open source OS made for lifelong windows/macOS users. Not one made for lifelong linux users.


IMHO, Apple should have open-sourced their OS a long time ago while offering "best" compatibility with their hardware. They would have expanded both markets tremendously.

I'm currently a "NixOS" guy, and it feels like the "last distro hop" for me. There's a learning curve but it's kind of like "you get ALL the customization, plus seat belts in case something screws up". I still like Macs but I don't really like the direction Apple's taken recently with regards to locking down macOS hardware and system software. I'm a fan of things like Asahi Linux but even that depends on Apple's permission to work


Timing would have been important here, if I recall correctly.

I believe the Apple II was a 6502 chipset, which was common then. They diverged into Moto 68k series, while the rest went towards 8088.

It's debatable, in my mind. Without Apple being unique, they wouldn't hold the niche they do today, but at the same time, had they made their OS Open Source, I suspect they would have had a great deal more Desktop Adoption, since for most, the barrier was/is price.

$1200 Macbook or $400 laptop? *I know the technical differences, but a large portion of the buying public doesnt

For me, I work in Windows a majority of the time, but being a career IT monkey, what I believe is the right tool for the right job, so it's not always Windows. :)

I have old macbook that I use to stay up on the OS, at least as far as it can upgrade. I have a home server, with some windows instances, a couple *nix instances, etc.


> Apple should have open-sourced their OS a long time ago while offering "best" compatibility with their hardware

That would’ve been a horrible idea considering that they make money selling hardware and macOS is one of their main selling points?

> They would have expanded both markets tremendously.

What would they ever gain from this? How does Google benefit from Android? Thankfully Apple is not an Ad company (and therefore their interests are still somewhat aligned to those of their users) like Google. Open sourcing macOS would only incentive them to pivot to user tracking, ads etc.


I'm thinking of it economically.

The broadening of the MacOS market would more than make up for the initial loss in hardware sales. At the end of the day, Apple would be selling more Macs, because at least some of the hardware platforms not from Apple would have more problems than on Apple's hardware.

This is the exact same thing that would have happened back when PowerComputing was making better Apples than Apple was. They were in the middle of expanding the Mac market, but because Apple itself was losing money, the news kept reporting on that, which in turn had the compound effect of affecting all Mac sales. (This was the first case of "fakenews" I had ever experienced, btw... "Why isn't the news reporting on the expanding Mac market instead of the temporarily-contracting Apple market? Ohhhh because bad news gets the eyeballs!!") So Steve Jobs came back, shut the clone program down (which, again, would have succeeded for Apple AND other players in the end, IMHO), and the rest is history.

I discussed the idea with ChatGPT and here's how that went:

https://chat.openai.com/share/db5f1ef7-82ac-4f4a-ac56-390f6b...


> The broadening of the MacOS market would more than make up for the initial loss in hardware sales.

Why? I mean Android has a much bigger market share than iOS yet Google isn’t making any money (after costs) from it if we exclude ad revenue.

> At the end of the day, Apple would be selling more Macs

I really don’t think that would be the case unless Apple significantly reduced its profit margins to remain competitive. They would be making way less money. So again, why?

> So Steve Jobs came back, shut the clone program down (which, again, would have succeeded for Apple AND other players in the end, IMHO), and the rest is history.

Which was one of the smartest things he did (if we’re prioritizing Apple’s longterm financial success). Apple can only charge excessive premiums for its products compared to everyone else because there is no other way to use their software.. which is why they are a multi trillion dollar company it’s that simple.

> I discussed the idea with ChatGPT and here's how that went:

I’m sorry but that discussion seems to be worthless (also what’s wrong with it? Why is it using such a weird style?).

Apple would have to throw away their entire business model to do this which is a massive risk on it’s own. Considering that Apple has been the most successful consumer hardware/software company in history in large part because of their current business model throwing that away to try and do something that many companies (including Apple) have tried and failed would be an extremely bizarre thing to do.


In 100 years from now, there's going to be only 2 ways to run any piece of software:

1) If it was DRM-secured, via a hack, which effectively "opens" at least the compiled binary form of the code.

2) If it was open source, via some Nix-like tool running on some virtualization of the hardware platform of the time.

Everything else will essentially be "lost", including (probably) every piece of iOS software ever (for example). I already have no more access to many games that originally ran on earlier iOS devices, and it's been years since and no one's stepped up to emulate or jailbreak those somehow, probably because it's still too hard. They will ONLY run on my first generation iOS devices (some of which I retained), to this day.

> I really don’t think that would be the case unless Apple significantly reduced its profit margins to remain competitive

I think they'd be able to retain premium branding and sales with only a moderate reduction in such. Look at any other product market that doesn't have "lock-in" with regards to closed ecosystems; there's usually a range of players and price points.

I'll give you that they have been successful with their current model, but remember that they also very nearly died with their current model (1997 with 2008 followup: https://www.wired.com/2008/03/bz-apple-ourbad/) and it was only the introduction of the iPhone that saved them. macOS has basically been having a long slow death for 15 years since. The reason why this model was successful may thus have more to do with market entrance timing and market creation timing and nothing to do with the model characteristics itself.


Qubes OS guy here. Will probably stick to the hypervisor OS/virtualized components desktop computer model. Sure there's a performance hit, but honestly I haven't felt this comfortable and secure that my data at rest WILL STAY AT REST and not sprout wings to flutter away with...


ReactOS is the best we've got.


I think the issue with ReactOS is that it has to compete with similar (but possibly lesser or greater depending on use-case) solutions on 2 fronts:

1) Plain old virtual machines

2) Linux/Mac running Wine/Proton

3) Linux running equivalent software but skinned with a Windows-like UI


Sorry, best I can do is a Elementry OS Linux.


Or not.


Bill Gates and Steve Ballmer probably can't be classified as humans.


> Humans are why we can't have nice things

MBAs are why we can't have nice things

FTFY


Don't attribute to humans, malice that can be adequately explained by Microsoft.


The AARD code (which was a non-fatal warning that didn't stop you from using Windows) never actually shipped. It was patched to be non-reachable in the final release, probably a binary patch to avoid a regression and long build times (including a large packing problem: optimizing floppy disk layout)

FWIW DR-DOS was a dead end product at launch. It was abundantly clear to anyone with two brain cells to rub together that people/OEMs were not going to buy two operating systems: a GUI OS and a DOS that also acted like a bootloader for the GUI OS.

The idea that there would exist, for any significant length of time, a market for a standalone text-only 16-bit DOS was complete and utter fantasy. DR-DOS was never significant in terms of sales. Even if the AARD code had actually shipped in the final Windows 3.x release it wouldn't have mattered.


DR-DOS was a viable product for many years.

It first appeared as a product to compete with MS/PC-DOS 3.x releases in the late 1980s. XT-class machines were still on the market, and Windows was far from unchallenged dominance. If you asked in 1989 what computing would look like by 1995, "OS/2", "Unix", or "something we haven't even imagined yet" were viable guesses, probably even more so than "That clunky Windows/386 shell will subsume almost all drivers and functionality, but you'll still need a glorified version of DOS 3.3 as a bootloader."

Aside from whether DR-DOS was a compelling retail product, it served an important market purpose: it forced a price ceiling for MS-DOS. This probably spurred Microsoft's questionably-legal bundling and pricing strategy, but the end result is that OEMs weren't paying $150 for a copy of DOS through the 1990s.


You make some fair points. My main point is this:

Stop posting the AARD code thing as some kind of "gotcha!". AARD is irrelevant. If you want to point at anti-competitive or problematic things Microsoft did then point at things that actually mattered.


It's not really the same, in this case.

The AARD crash was an intentional break in compatibility, while this is more like planned obsoleteness.

Leaving a train stationary for "too long" would disable it? Microsoft would have loved to control the platform to that level :D


Obsolescence*


> This brought to mind the AARD "crash" which Microsoft used to basically destroy competition from DR-DOS back in the day.

Given that, according to the article, the functionality was never enabled, how did it get used to destroy competition from DR-DOS?


$280 million settlement for securing global OS domination for a few years. Pretty cheap.


William Gates was The World's Richest Man for what, twenty years without fail?


> William Gates was The World's Richest Man for what, twenty years without fail?

Longer.

For some reason, when he endowed the Bill and Melinda Gates Foundation, its assets stopped being counted as part of his wealth, despite being completely controlled by him.


DR-DOS must have already been on the brink if some code in a 'beta release of Microsoft Windows 3.1' finished them off.


Why go back so far into history when weeks suffice:

https://news.ycombinator.com/item?id=37897428


You can't eradicate malaria without breaking a few eggs.


Newag stock price falling quite a bit after the post, is that the first Mastodon induced price correction?

https://g.co/kgs/WVku4C


They are still at +10% over 1 month and +25% over 3 months.


This was also reported by the media in Poland, so it's not Mastodon-induced.


> A rather amusing situation was encountered with another train set that refused to work on November 21, 2022, despite not being in service at the time. The computer reported a compressor failure, although the mechanics determined that there was nothing wrong with the compressor. Unfortunately, the train still did not raise its pantographs. The analysis of the computer code revealed a condition enforcing the failure, which read as follows:

> if the day is greater than or equal to 21, and

> if the month is greater than or equal to 11, and

> if the year is greater than or equal to 2021

> then report a compressor failure.


I guess a charitable interpretation is that the compressor manufacturer set an 'expiry date' to ensure replacement of a vital component.

(but it's probably just shady business.)


Also the wrong way to implement an expiry data, since it'd work fine again when the day goes below 21 or month below 11, even if the year is 2021 or greater - which seems to be what happened if they only noticed it in November 2022 rather than 2021.


It might lead to a fault that appears more realistic - it'll go away for a bit in December before coming back again... if the engineers say the compressor's good but the computer fails it intermittently, that seems like a good point to get the manufacturer involved which is what they wanted to force


Very charitable. The "expiry date" was set to the next servicing date and there was no way for competition to fix this hardcoded date and this was not documented in the official documents. Clearly a way to force buyers to use the "official" service.


Reminds me of those work arounds for share ware in the 2000s,when I you had to say the system time back


Yeah, that's not a component expiry date. This reads more like "fire a warning shot in November, and then fuck the operator over during Christmas". It feels like trying to maximize damage, as 21-31 December is exactly where a huge chunk of population travels to visit their family homes, and many of them do so via trains.


Nah... I just bet that this is some dev, that doesn't know how to deal with dates.

I had a recently "senior" dev give me a SQL query with similar where clause, when asked to query data after Sept 1, 2022 (where moy >= 9 and dom => 1 and year => 2022)


In case anyone is confused, the problem is that dates loop, such that moy=1, dom=1, year=2023 will not match despite being greater than Sept 1, 2022. Technically, then, if you wanted this logic to work you would have to add a second “or” clause that handles the edges missed, e.g. (moy >= 9 AND year = 2022) OR (year > 2022) though you would need a different edge case if your dom wasn’t 1. The easier approach, of course, is to just compare dates or timestamps directly.


What good reason is there for hard coding dates that shutdown trains?


That's when the compressor's going to fail, obviously. ;D


Right. How did that famous adage go? "The best way to predict the future is to invent it."


The best way to predict a crime is to commit it.

(with apologies to Alan Kay who coined the original saying)


Orginally, this train was schedulded to go to depot for maintenance on 21.11.2021, but it broke down a few days earlier and was sent to this bigger maintenance until after New Year. But because of this ifs structure, it stopped out of depot a year later, unintentionally.


broke: the lifespan of this moving part is measured in operational hours

woke: this part will be reported as broken during the last week of november and december, 2022 ONLY.


The real crime is not using a standard date time library and a simple > 2021-11-21


Even being evil requires a certain level of competence. It's how we actually catch any of them.


Can be often problematic on PLCs and the programming environment exposed to programmer.


This was programmed into a PLC, not traditional code.

PLCs are basically environments designed for mere technicians being able to adjust code in very clear concise fashion. It can be way more verbose, but the logic is clear and solid for decades of operation.

It doesn't require reading an api documentation on version X of a library downloaded from NPM 15 years ago nor rebuilding an entire project to the latest dependencies.


This is a reason why it was detected a year later - the train service was delayed and it spent late November and whole December in service. So the "expiration" intended for 2021 only manifested in 2022.


Personally I prefer measuring time as seconds that have passed since January 1st, 1970.


And then your train is 32bits and stops working in 2038 ;-)


A reason to code it like this is to avoid that specific date to appear in the compiled code.


I’d speculate it’s more likely incompetence than intentional obfuscation


Technically it's a lot of specific dates Nov 21-30 2021, Dec 21-31 2021, Nov 21-30 2022, Dec 21-31 2022, etc...


So these manufacturers literally ransomed Poland by crippling critical infrastructure?

This is an incredibly brazen crime and I’m not so confident they will get away with it.


Manufacturer, not repair workshops - the repair workshops just won the bid and vendor decided to retaliate.


any bridges in Philly available for comparison?


The world is such a small place--I open HN and read a movie-grade story about trains that I took many times. In fact, it's even possible I was going by one of those grounded trains..

In any case, either there was no code review, or the reviewers accepted that for one reason or another. Not sure which case is more scary..


Code review by a _third party_? Does that usually happen?

It's clear this was intended by the manufacturer of the trains, who directed the writing of the code, it's not like a hacker put this in without their manager knowing, right?

What kind of code review are you thinking of by whom?

[Wait, reading other comments, I'm thinking HN switched the article at the top, and some of these comments were written when the article at the top had much less information? That may explain why these comments are so confusing!]


In aerospace it definitely does happen. For example, NASA, as a customer, has the right to independently review flight software implemented by contractors.


I can neither confirm nor deny that independent review of software, especially of components involved in chain-of-trust and firmware loading, also happens for some of the largest-scale communication devices available on the global market, as required by multiple governments before allowing heads of state and other critically important persons to use them unmodified. ;-)


I have no idea how software for trains is (or should be) created.

So I meant a regular code review you would do for anything else.

I can see two scenarios at play:

1. either it's "free for all" and someone (anyone?) can put arbitrary shady stuff in the code

2. or there's a process for adding shady stuff to the codebase (some "stakeholder" creates a ticket, someone creates a PR, and the it's reviewed, etc.)


OK, I think someone's manager _told_ them to add this to the codebase. After the manager's boss told _them_ to make it so. And then it maybe got code reviewed, sure, and the code reviewer confirmed that it was bug-free and did what was intended. It is doing what the manufacturer wanted it to do.

I'm wondering if you read the same posts at the top, or if maybe HN has switched the link since you read it and commented? Or if you just reached different conclusions!

My conclusion was that it doesn't appear there is any reason to think this was a "rogue" employee. What motivation would they have to do this? The motivation belonged to the train company that made the trains and owned the the software, the company did it on purpose to try and make other repair facilities look bad and make their train repair facilities look like a better value.

I'm surprised that you seem to be considering that, maybe, like a programmer just put this in there without being told to. For fun? Just out of their own individual motivation to secretly help the company's profits?


> I'm surprised that you seem to be considering that, maybe, like a programmer just put this in there without being told to. For fun? Just out of their own individual motivation to secretly help the company's profits?

Considering this isn't a some random webshit SaaS, but a piece of critical national infrastructure, such a rogue programmer would - in my books - be committing treason.

(Keep in mind that functioning rail system is of military importance, and there's a literal war being fought just over our eastern border.)


Indeed, a feature of hybrid warfare is targeting a country in various domains, including infrastructure. Poland is in the crosshairs of Russia, who has made very open and ridiculously malicious threats in the last two years toward the country, and we know Russia engages in such sabotage.


> such a rogue programmer would - in my books - be committing treason.

> Keep in mind that functioning rail system is of military importance

This sounds reasonable to me, and it made me curious how the US law of treason might apply to this scenario. (Obviously the US law is not relevant in Poland, but the American definition of treason is viewed as exceptionally strict, so it's interesting to consider.)

(American) treason has two elements:

     I. You owe allegiance to the United States; and

    II. You either:
        (a) levy war against the United States; or
        (b) give "aid and comfort" to the enemies of the United States.
A violation of criterion I might look like the Polish rail company hiring a Hungarian programmer who puts this code into the trains for whatever reason.

Making the trains stop running at predictable times seems like it could reasonably be read as "giving aid" to enemies of the state, if the information on how the trains work is communicated to them, or if a conflict actually occurs and the trains stop running during the conflict. If the enemy doesn't know about the issue and it never comes up during a conflict, it might be a challenge to argue that the enemy received "aid and comfort".

The other thing to note here is that the programmer would appear to be committing treason whether his boss told him to add the code or not.


Ah OK! No, the top link seems to be the same as before.

My Scenario 1. wasn't about some rogue employee, only about unstructured development process, possibly even with no version control.

So there's this one developer that adds the shady code, asked by a higher-up, but other developers don't even know about it if they don't look into those files. And so no-one has a chance to analyze if it's safe to add the code.

Or maybe there's version control, but anyone can commit to `develop`. And so you see a weird commit from someone else, but that's it.

The only _maybe_ non-criminal but still very shady and unethical way to do it that I can quickly come up with, is if there was a formal process for adding those "hacks" would be to implement it as any other feature, perform a full safety analysis, etc., just as I can imagine it's done for regular stuff.

But then I cannot really imagine how I would answer the question about deliberately messing with train subsystems, in a train that could be running >100km/h, full of passengers...


A day has passed and today my comments about code reviews don't really make sense to me anymore. I think I lost forest for the trees :).

So now it makes perfect sense to me that you thought it was about a 3rd party review, or about a rogue developer.


That should be a basic requirement for any purchase where public funds are involved in any manner. If something is not open source then third party audit should be a bare minimum.


I’m sure it was the work of a rogue engineer.


Oh, I bet that code was well reviewed and put through some serious testing. You can guess that from the presence of the geofence with additional trigger condition ;)


It's quite unfortunate as Newag trains are rather higher quality than Pesa (other Polish manufacturer). I suppose so reliable, they needed to generate artificial faults :D


I wonder who coded the malware clauses and who knew about them. Didn't anyone think of whistleblowing?

Btw, here's the page with anonymous opinions about the company from (unvetted) employees https://www.gowork.pl/opinie_czytaj,19587

They seem to have a pretty toxic work environment.


When asked to do this sort of a thing as a software developer, make sure to ask the directions in writing.


Will be interesting to see the impact of this situation on the contract with European railroad services Akiem - they signed a 164 million euro contract with Newag for services and trains for France. [1]

[1] https://biznes.pap.pl/pl/news/all/info/3509606,newag-inks-eu...


i think the remote lock makes it a backdoor and probably criminal?


Only, if you can provide a proof for the train not being a printer or that it cant be used as such. /s


[flagged]


Depends on country's laws and contracts between parties. If the contract does not mandate service by the manufacturer, only suggests it, this sounds illegal. Not because of hacking, because of not documenting behavior and disturbing state entity hence the people.


Oh, yes. I agree that this sounds like actual fraud if it is undocumented. I disagree that disabling the machines would count as "hacking."

I am cynical about the latter because I personally would like this sort of malicious shit to qualify as hacking. I'd also like the telemetry and recording in all modern cars to be considered hacking.


One practical solution is to make certain clauses unenforceable in end user license agreements and all non-negotiated contracts.

For starters clauses allowing the vendor to upload any user specific data (anonymized or not) and prohibitions against specific uses of the software would be unenforceable.

The former ensures privacy, and the latter would make the behavior of the train manufacturer illegal (in the US), since it’d fall under the CFAA:

https://en.m.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act

(Sections a.5 and a.7 in the section “Criminal offenses under the Act”)


Various contract provisions are illegal in Poland as well, for example a contract can't prevent you from disassembling and reverse engineering any software or hardware, including building a compatible device so long as you do not literally copy the results over.

In this case, NEWAG violated contract, because they did NOT win the bid to do servicing, and didn't write anything down about being the only party able to service the machines.


If the contract mandated it, then the manufacturer could simply have filed a lawsuit. The fact that they didn't and did something in secret instead shows otherwise.


How can somebody even attempt to find faults like these without being a magician? Are people reading tons of assembly code in the process?


Reading decompiled (reverse-engineered) code is not as insanely hard as it sounds. You can usually find functions, and then it's a matter of finding _what_ a function does.

If you can somehow attach a debugger or get breakpoints, it's even easier.


In some cases, oddly, the intent of a function can actually become clearer when the logic gets stripped of all the bad naming protocols and names for the moving pieces have to be reconstructed from only its actions and contexts.

In a perfect world, this shouldn't be true and the content embedded within those symbols in the source code should be an easy lever towards relatively perfect understanding of both intent and implementation; however, software is a relatively young discipline and this is actually a difficult linguistic problem.


On an open source architecture, many eyes hypothetically leave few places for malicious action to hide. This is not always 100% foolproof, but it seems to work out pretty well most of the time.

On a closed source architecture, this sort of thing is generally safeguarded by contract and law. Company can get away with it once, but if the law and contracts were properly crafted there will be fines and jail time that discourages them from doing it again.


Same guys cracked Toshiba password mechanism hidden inside EC/KBC (Renesas M16C) https://q3k.org/slides-recon-2018.pdf couple of years ago.


q3k was one of the guys involved in this hacking.


Yes, that's exactly what happened. The reference in the article to the tool named Ghidra is the confirmation to your hunch.


This is probably perfect for some EU anti-monopoly lawsuit, am I right?


This should be a standard consumer protection law (right to repair), not a monopoly thing :/


EU consumer protection laws generally do not apply to B2B contracts (although member states can gold-plate them to extend their scope).


Sure, but that just means it needs to be adjusted to cover outright sabotage after sale like this.


More like highly criminal behaviour like fraud and extortion.


I don't see how it isn't literal fraud if the behavior isn't documented in the purchasing contracts.


If I understand correctly apart from hardcoded `ifs` there was a backdoor as well.

Russian agencies could use it to slow down transit of military aid to Ukraine.

In my book you could argue a criminal case.


Someone’s definitely going to jail for this. I can’t even think of what the defense’s argument could be.


Maybe “I am friends with the Law and Justice party”?


Most people in Poland don't even understand how rail has been privatized and shattered into half a million companies. To a regular person, if it's a train, it's "PKP" (Polish National Railways) - therefore something the government is responsible for.

I don't think Law and Justice will be happy about some corp screwing with infrastructure and having the voters blame the government for it.


I hope you are right. I'm maybe too cynical, thinking something along the tune of:

"If only more of OUR judges were in place, you wouldn't see such corruption, dear people."


Why not both? What better way to underline the point than pressuring to make an example out of Newag?

EDIT:

PiS has been at the core of political turmoil for the past decade or more, but rail transportation has been an issue for much longer. It's legendary at this point, it transcends politics, and portals you straight into the 1990s. So I feel it would be in the self-interest of everyone in the government to throw the book at Newag right now.


This is true! It would depend on if there actually was a corruption link worthy of protection. I.e., bluster and results, or only bluster.

Edit:

I didn't know the train situation had been bad so consistently long! My sympathies to railgoers. It definitely sounds like all politicians could score by getting Newag some well deserved justice.


After the recent elections that might not be the safest thing to say if you wanted to avoid litigation. PiS didn't do so well and lost their majority and is likely to end up in the opposition.


It seems like some mix of vandalism and fraud too.


I would reach for other laws like sabotage and extortion and something that probably exists specifically for the protection of public infrastructure and charge them criminally and raid the offices and take out the executives in cuffs.

They screwed with the rich and powerful here why not throw the book at them?


Who is the rich? The richest man in the picture is Z. Jakubas, who controls Newag. Forbes estimated his net worth for 1.9 mld PLN in 2021.


Help us, European Union. You're our only hope.


Why does about half the country keep voting for a party that is clearly against the EU then? Is it because of their unwavering love of ransomware and other frauds?


It's not a monopoly, so no. Would make just as much sense to ask for a DMCA takedown of the trains.


Do you think anti monopoly legislation only applies when some company controls some market outright?


Seems like the trains were manufactured by a European corporation so probably not lol.


Do you think European regulations don't apply to European companies? They do, it just gets less publicity when e.g. Criteo get fined for abusive tracking than when Google do.


They do, just less so. It's harder to poke around big industrial players of member states.


Size might let you escape with a slap on the wrist but it’s hard to imagine Poland doesn’t get its pound of flesh over this.


I've honestly wondered for a while how many devices (from phones to cars) have features like this that haven't been documented yet.

Also how many engineers have worked on features like this without whistle-blowing over behavior like this.


I can’t change the 12V lead acid battery in my EV without using a reverse engineered OBD-II dongle. If you don’t use the dongle to reset the charge circuit, it fries the new battery in about a month.

Here are incorrect directions explaining how to do it:

https://www.mybmwi3.com/forum/viewtopic.php?t=17838

Step 14 requires the magic dongle.

Note that they are not disconnecting the main battery, so they are risking electrocution from the >> 100V DC batteries.

There are some comments about not letting the old battery get into a low voltage state.

That’s tricking the charger into not overcharging the new battery to death.


This is actually not specific to the EVs but something all German car brands started doing. They made their alternators/chargers of the 12V battery overtly complicated and you have to use a dongle to tell the car you replaced the battery and with what kind of battery.

My friend once replaced her battery, exact same one in a BMW X3. The car immediately went into a limp mode and would refuse to go faster than 5mph until we connected a dongle and told it that the battery was replaced with the exact model that was already in there.

There's an argument they did it for "battery lifespan optimization" which there is a semblance of truth, because there are different kinds of lead acids. The reality is they found a new way to force the majority of people into dealerships.


Registering batteries has been a thing for BMWs for at least a decade. The dance around keeping windows open etc is a little more annoying, but nothing out of the ordinary.


another reason not to buy BMW added to the list


My two main complaints are the battery thing, and that it eats tires. The on-board computer is far superior to anything else I've used (jog wheel, not touch screen), and BMW is at the very top of the list of car manufacturers that respect end-user privacy.

Also, it's ridiculously fun to drive (coming from a manual transmission sports car).


What a jackass thing to do to vehicle owners. Changing the battery is a normal maintenance action you can do on any competently designed vehicle in less than 20 minutes.

Does anyone know of a sort of "buyer beware" website where these sorts of gotchas are catalogued by users? I don't fully trust any vehicle manufacturers to be beyond pulling this sort of thing.


>any competently designed vehicle

I guess you skimmed over the name of the manufacturer. ;)


> I can’t change the 12V lead acid battery in my EV

Aside from that not having anything to do with it being an EV, it's worth mentioning that many newer EVs (most of the ones sold, perhaps) use a lithium 12V battery now, not lead acid. So in general they ought to last longer anyway. Plus Tesla, at least, doesn't 'register' batteries the way BMW does.


What is the story here exactly? Is there an official way to replace the battery that doesn't require a dongle? What does the dongle do exactly? Why does a new battery get drained if you don't follow this process carefully?


The charger learns how worn the old battery is, and overvolts old ones to get a bit more useful life out of them. When you disconnect and reconnect the battery it doesn’t reset the training algorithm, so it overvolts the new battery, reducing its lifespan to roughly 30 days.

There’s no official way to reset the charge algorithm without a dealer-only dongle, so you take it to the dealership to replace the battery (~$400 labor, $100 parts).

They could solve the problem by adding a “register 12V battery” option to the service menu, or by having it prompt the next time you start the car after 12V power is interrupted.


That makes sense. Manufacturers keep proving to us they don't value making maintainable products so it seems obvious they need to be forced to do that one way or another.


.... just imagine how many instructions you can hide in a 64-bit address space (I'm thinking of you intel hacker magic)


It would be so easy to get away with this kind of extortion at my work. Nobody reads my code that carefully, or cares if I don't get it reviewed and just merge it. Only one other person could understand it if he tried, and he has no interest or involvement in it. It could easily look like just a bit of incompetence on my part that requires some additional consulting from me after I have moved on.

That's not how I roll ... or sleep well, so my employer is in no danger from me. But there are many short-term devs who come through here, and I don't have the time to police them in detail.

But conceivably an LLM could do it. It could be just another step in a build pipeline. But, when LLMs can do this well, they can also write most of the code going into the pipeline.


This doesn't sound like the sort of thing some rogue developer secretly slips into the codebase.


Exactly. This is a company initiative to increase company profits. It's smart business, as long as it's not illegal or the fine is insufficiently high.


Is it smart business though? Once disclosed it provides future purchasers with a strong reason to avoid your products. Who wants to spend millions on trainsets that could become unserviceable in the event that the seller goes out of business or makes some mistake in authorizing service centres or gets into a dispute with us over another matter?


It can be smart business if the probability of it being disclosed is low enough. Using fake numbers as an example, if you can make an extra $1 million on repairs and will suffer $100 million in fines / lost business if it becomes known, as long as the probability of it becoming known is less than 1%, it's a net positive expected value.


it's just tight-rope walking at that point. If your company has sufficient leverage within the market they can get away with murder.

see: John Deere


Ahem... Boeing 737 MAX, which was literal murder.


I would guess this is also why the code was found: it's parallel construction.

Somebody was told to take a closer look.

Otherwise it would be very weird to have 3rd party developers disassembling firmware code. I've never heard of that happening because a train didn't want to start.


When the trains your company serviced start experiencing failures, you look at your workers. When the trains your company was supposed to service, but didn't manage to touch yet start experiencing failures, you might begin wondering about alternative explanations.

I imagine someone in the company was someone who knew (or was a parent of someone who knew) someone in Warsaw Hackerspace, and introductions were made.


Yup that is how I read it as well. Product decision.


It's kind of amazing how blatant it was, they weren't even really trying to hide it much.

Similar to the VW emissions thing; if they'd been intentional about it they could have made it look much more like a mistake.


> But conceivably an LLM could do it.

It'd be kind of funny if an LLM did that "unintentionally", and wasn't able to unlock the code it wrote... ;)


The EN50128 safety standard for the European safety critical rail software places great importance on the development process.

Every change to the software has to be based on a defined requirement, and in order to validate the software you have to prevent evidence that every change was approved by a reviewer that is competent for that area of the software. The validation report contains the signature of this person.

If your code passes every test, but it wasn't developed in accordance with the process, it might as well not exist.

Of course I can't say how well this process was followed in NEWAG, but in theory rogue changes shouldn't be possible.


But how would you profit off of it? In the case here the company profits by forcing trains to use first-party workshops.


"Last time this failed, Bob was the only one who could fix it."

"Bob resigned a few months ago."

"See if he is willing to do some consulting. We'll pay whatever rate he demands."

I still occasionally have past employers call about things years after I left, and if I'd have been immoral enough to pull something like this, those systems could have been full of time bombs.


This mindset reminds me of the policies we use in the dev team at work. Any policy access that I suggest starts with the thought "If future me were to go rogue one day, how would present me stop me?"


But this is about a physical train that's in a first-party repair shop. How will the people who work in the repair shop know to call you, the software developer?


Who are these hackers and how did they get their hands on a train, among all things?


The truth is almost stranger than fiction. They are members of a group called Dragon Sector and were brought in by the train operator after 6 of their 12 largest trains became unresponsive after having inspections done at a rail yard owned by not-the-manufacturer of the trains. The manufacturer said the trains became unresponsive because of malpractice at the train repair shop and mentioned some condition that didn't appear to be in the maintenance manual. The train operator made contact with Dragon Sector and asked for their help.

It's a wild read: https://zaufanatrzeciastrona.pl/post/o-trzech-takich-co-zhak...

It appears to be malicious code included by the manufacturer to prevent third party repair that at one point included geolocation for triggering. Given that the train operator had to reduce train schedules for this which impacted service and income, it might end up as evidence in a lawsuit against the manufacturer at some point.


I would love to know if the checks were as brazen as presented in that post, or if the coordinate checks were obfuscated in some way. It sounds like they just assumed the operator would fold long before even getting at the code and couldn't even be bothered trying to make it look accidental.


The main obfuscation was the way IEC 61131-3 constructs get first compiled to C and then to assembly.

There's a lot of indirection and zero strings in the resulting code, meaning it's very difficult to actually find whatever logic you're looking for. But once you see it, it is obvious and seems like it was built like any other logic.


That's amazing. If I was going to pull a stunt like this, I'd like to think I'd find some way of trying to make it look like a bug.

Must be very satisfying to find something like this.

I guess this is going to provide plenty of billable hours for lawyers at this point...


> if the day is greater than or equal to 21st and

> if the month is greater than or equal to 11 and

> if the year is greater than or equal to 2021

> then report a compressor failure.

> [...] It was probably the software author's inability to construct IFs that made it necessary to wait until November 21, 2022 for the planned failure.

Oops!


And it magically starts working again on the 1st December.


And then breaks again just in time to catch Christmas travelers by surprise.


Well the error message claims that they are infringing copyright. It very well could be that they are within their rights if the initial license/contract stipulated that they would only service the trains in their authorised locations. This should be illegal, but very well might be.


Excerpt from an Onet article[1] about this:

>Until a few years ago, rolling stock manufacturers such as Newag from Nowy Sącz and PESA from Bydgoszcz were able to dominate the maintenance market. It was mainly them who entered tenders for compulsory maintenance of their vehicles, because other companies knew they were at a disadvantage. At the time, the dominant narrative of the manufacturers was that the "Maintenance System Documentation," a kind of manual for a given vehicle, was the manufacturer's secret, its intellectual property, and under no circumstances could this be passed on to other service companies. This led to a situation in which railroad companies across the country were forced to use the manufacturer's expensive service. And the latter, having a monopoly on repairing its trains, dictated outlandish prices, even tens of percent higher than another company would have given, the rail safety expert points out.

>Our source adds that later, thanks to the European Union Agency for Railways, the interpretation of regulations changed, allowing other companies access to service trains. This led to the opening of the market to other companies in the industry.

[1] - https://wiadomosci.onet.pl/kraj/awarie-pociagow-newagu-haker...



They didn't win the contract for servicing, and the law required opening up service in the first place.


How would copyright be in-scope at all? At worst this infringes EULA.


The most poetic part is how the train maker are merely looking out for their own profit margins.....

Economic theory(?) would suggest that if they don't do this, their competition eats their lunch and drives them out of business.

heck, Volkswagen did something much shadier to get their vehicle's emissions to comply


This is much shadier than what VW did. VW was working around unrealistic emissions standards -- illegal, sure, but they didn't cause big ticket items to stop working. The train manufacturer here appears to have done something much worse.


Here a comprehensive write-up in Polish in a somewhat sensationalized - but rightly so - tone: https://zaufanatrzeciastrona.pl/post/o-trzech-takich-co-zhak...


https://translate.google.com/?sl=auto&tl=en&text=https%3A%2F...

for those of you who like me can't quite understand literally anything otherwise


As explained by the linked article in Polish, the workshop reached out to them and asked of they could figure out why the train isn't working.


You wouldn’t download a train, would you?


tldr hackers are from DragonSector (one of the top CTF teams) - https://dragonsector.pl/

They were contacted by workshop which was doing maintenance of those trains and had no idea why they stopped working


This answers the question, How can I define corporate level malicious protectionism?


Well, it gives you an example, not quite a definition.


Generally I'm not part of the crowd that wants to send CEO's and management to jail for what are ultimately just bad business decisions.

But this should absolutely result in jail time. This is literally no different from if the managers of the company physically snuck into trainyards and snipped wires and removed valves or whatever.

It's literally just sabotage. It's a crime that should result in years of jail time for everyone in management who participated in this decision.


Yup. And this isn't sabotaging some random webshit SaaS. This is sabotaging critical national infrastructure - infrastructure that's of military relevance, and need I remind anyone, there's a hot war being waged over our eastern border right now.

I feel a good enough prosecutor could pin charges of treason here.


As much as I like to rake the executives over the coal for this, I'm disturbed by the trend of calling anything vaguely against the national interest as "treason". Nowadays if I hear someone is accused of treason absent any context, it could mean anywhere between "knowingly selling nukes to iran" to "lobbied for/against a policy that the accuser thinks is bad". In this case they're arguably scamming the government out of money, but that can hardly be compared to the crime knowingly aiding a known adversary.


> In this case they're arguably scamming the government out of money, but that can hardly be compared to the crime knowingly aiding a known adversary.

If you're crippling infrastructure then you are inherently then you're most certainly aiding adversaries. You cannot fight an adversary if you cannot get goods moved.

If you're scamming the government out of money then you are inherently aiding adversaries. You cannot fight an adversary if you are penniless.

It sounds very comparable to me.


>If you're crippling infrastructure then you are inherently then you're most certainly aiding adversaries. You cannot fight an adversary if you cannot get goods moved.

>If you're scamming the government out of money then you are inherently aiding adversaries. You cannot fight an adversary if you are penniless.

But if you apply this argument it quickly becomes a slippery slope. Running a fraud ring? You're depriving the security services of resources that could have been spent catching spies. Treason. Tax evasion? You're depriving the state of resources. Treason. Jaywalking? Believe it or not, treason. M̶a̶k̶i̶n̶g̶ ̶m̶o̶n̶e̶y̶ profiteering as a government contractor? Dunno man, sounds like you're a c̶o̶u̶n̶t̶e̶r̶r̶e̶v̶o̶l̶u̶t̶i̶o̶n̶a̶r̶y̶ traitor by making the government "penniless".


They're not aiding an adversary, they are the adversary.


People are tired and demand better. It's a spectrum for sure, but crossing the line is crossing the line.


You can "demand better" without resorting to hyperboles as crutch to paint your enemies as being extra bad.


> In this case they're arguably scamming the government out of money, but that can hardly be compared to the crime knowingly aiding a known adversary.

I don't really get your argument. In this case they're intentionally crippling a capability of the Polish state. There does not appear to be any particular intended beneficiary (other than themselves), but any and all enemies of the Polish state foreseeably benefit when the Polish state's abilities are curtailed.

Furthermore, the general understanding of treason does not require aiding a known adversary - it requires attacking, injuring, or otherwise betraying whoever has authority over you.

> I'm disturbed by the trend of calling anything vaguely against the national interest as "treason".

I guess what I'm saying here is that this involves something that is contrary to the national interest in very specific ways. The connection is not vague.

If I'm an American and I arrange to kidnap Joe Biden and hold him for ransom, does that sound like "treason" to you? All I want is money. But someone might think there's an important difference between the effect I'm trying to produce and the effect I actually do produce.


>If I'm an American and I arrange to kidnap Joe Biden and hold him for ransom, does that sound like "treason" to you? All I want is money. But someone might think there's an important difference between the effect I'm trying to produce and the effect I actually do produce.

No, because those crimes typically get prosecuted as terrorism, not treason. Even leaking state secrets rarely get prosecuted as espionage rather than treason.


But an ideological belief that nothing must ever be called treason, regardless of what happened, does not make for a compelling argument that particular actions do not constitute treason. To make that argument, you'd need to have a definition of treason that included something.


>But an ideological belief that nothing must ever be called treason, regardless of what happened, does not make for a compelling argument that particular actions do not constitute treason.

I'm not sure how you read what I wrote, and rounded that off to "an ideological belief that nothing must ever be called treason, regardless of what happened". I don't have a ready definition for you to examine, but based on the examples it's pretty clear that executive and/or judiciary don't share such an expansive definition of treason as you. Moreover, aren't you engaging in the opposite? Is any crime that's vaguely against the state "treason"? [see my comment: https://news.ycombinator.com/item?id=38540252]


I'm not the one arguing that scamming money from the government is treason. I'm arguing that this is a very direct harm to the state. A very close analogy would be if I somehow contrived to break every interstate highway in the US so that planes could no longer use them as runways. Here I've specifically defeated what the government has (credibly!) identified as a crucial logistical military capability. If you believe that treason exists at all, you should also believe that this is close to the core of the concept.

If another state did exactly the same thing, it would be an act of war. Is that not enough to make it treason when done by a subject of the state?

> I'm not sure how you read what I wrote, and rounded that off to "an ideological belief that nothing must ever be called treason, regardless of what happened".

Because what you wrote was "this can't be treason, because even things that are definitely treason still aren't treason". Take a look:

>>> those crimes typically get prosecuted as terrorism, not treason. Even leaking state secrets rarely get prosecuted as espionage rather than treason.

[I assume you meant to say "treason rather than espionage".]


It's passenger train. No more "critical national infrastructure" than city bus.


It's not like you couldn't transport troops on a passenger train, so I'd say may they never see the light of day again ¯\_(ツ)_/¯. In reality though, I doubt this will result in any serious repercussions for whoever called the shots.


While passenger trains nor city buses are not likely to be used for troops transports, passenger trains and city buses would most definitely be used in the transportation of civilians to places of safety – both modes of transport could be considered critical national infrastructure in a time of crisis.


Here's an article about about a NEWAG train that got derailed while evacuating Ukrainian refugees. There were 250 people onboard. It's the same Impuls model. https://esanok.pl/2022/ustjanowa-wykoleil-sie-pociag-z-uchod...


It's some two dozen passenger trains.


There are update logs of the train software. Because of them it is known that workers of the company literally snuck into waiting trains and updated the software without the owners knowing. So really, but far from that.


Oooh, now that's fascinating. What you say is known because of update logs wasn't in the article that I recall. Could you kindly provide a reference to where you learned this part of the story? Thanks!


> Generally I'm not part of the crowd that wants to send CEO's and management to jail for what are ultimately just bad business decisions.

This attitude is rare. Much more common is wanting to send them to jail for deliberately breaking the law -- or presiding over widespread flouting of the law by other management. E.g. The Wells Fargo cross selling scandal created literally millions of fraudulent accounts, and nobody went to jail.


>or presiding over widespread flouting of the law by other management. E.g. The Wells Fargo cross selling scandal created literally millions of fraudulent accounts, and nobody went to jail.

"presiding over widespread flouting of the law" isn't a crime though, and it's difficult to make that a crime without running into due process issues (eg. https://en.wikipedia.org/wiki/Mens_rea)


I think calling it gross negligence and making it criminal is fine.

The implication of running a company is that you're charge. Obviously you can't control every employee so one offs are fine, but at a certain level of widespreadness it becomes a matter of, well, gross negligence.


Another example for firmware manipulation: the Volkswagen emissions scandal (Dieselgate). Some firmware was changed, so that emissions were lower during emission tests.

That was a big scandal some eight years ago, who remembers?

https://en.wikipedia.org/wiki/Volkswagen_emissions_scandal

Maybe firmware fudging is more frequent than one would assume...


Ugh, please do not give car manufacturers any ideas!

...or Boeing.


> "The manufacturer argued that this was because of malpractice by these workshops"

Is this intended to say:

    - The manufacturer says the locks are caused by malpractice of the 3rd party workshops
or

    - The manufacturer says they lock the trains because of past malpractice of the 3rd party workshops
The poster also states

> "One version of the controller actually contained GPS coordinates to contain the behaviour to third party workshops."

This seems oddly specific, there are better ways to determine if the train has been serviced by the manufacturer or not, such as using PKI.

I can imagine a scenario where this isn't for greed of servicing fees, perhaps the brakes need replacing every x miles and if this isn't performed the train locks for safety. If the 3rd party workshops specified thought

    "there's more life left in these pads, I'll just reset the counter and make the train think the pads are new" 
The manufacturer would have significant backlash should the train then crash and kill people, regardless if the 3rd party workshop was at fault.

I'm all for right to repair for most things, however commercial public transport isn't one of them unless there's some vetting/accreditation process.


The workshops were already accredited and vetted, and followed official documentation that was supposed to cover the maintenance.

And the intended meaning of the sentence was that NEWAG implied that the workshops "did something wrong" and that's why the train didn't run.


I think you're putting very little weight into the ability of government organizations like the NTSB or equivalent to determine root cause of a crash. Just think of the situation with aircraft crashes. They have to deal with something that smeared into the ground at 400 miles an hour. And they're often still able to root cause with a high degree of confidence. I have a feeling train crashes are trivial in comparison to root cause (with rare exception).

You either require (and train) your NTSB to be able to independently diagnose accidents (in which case they would be able to tell who fudged the records about the fake brake overhaul) or you rely on the manufacturer for the diagnosis. Which to me is a concerning conflict of interest, since they will invariably want to shift the blame to the operator of the vehicle. I'm sure they could in the most honest case, point to excursions outside of recommended operating conditions during the life of the train and say "see? Your operator has been consistently taking this turn ed 10 mph faster than recommended by the manufacturer. Warranty void".. worst case they fudge the records and you have no competent independent examiner to dispute that.


I think your point is fine, but I don't think we should say a root cause analysis of a rail accident is "trivial".

For example, the most recent serious report from the UK has 113 pages, and detail on technical (friction, braking etc) and organizational issues just like an aircraft accident report:

https://www.gov.uk/government/news/report-122023-collision-b...


> I think you're putting very little weight into the ability of government organizations like the NTSB or equivalent to determine root cause of a crash

Not at all, I expect they will know every detail/fault/liability. In the meantime though, 'backlash'

  - Manufacture's name is in the headlines

  - That model of train may be 'grounded' or receive negative publicity
(We see this often in Air accidents (737 MAX, Ospreys in Japan)

Even if the manufacturer is determined to not be at fault, bad tastes linger..

  - greater scrutiny

  - % will hear of initial reports but miss later reports exonerating Manufacture


It's certainly reasonable for governments to require some sort of licensing or accreditation to work on safety-critical public infrastructure. It is not reasonable for another service provider to have the final say over that, especially through the use of undisclosed software locks.


I disagree. The owner should be able to get them repaired without needing the manufacturer to approve.


If the Manufacturer doesn't put security systems in place, situations like this are more likely

https://news.sky.com/story/fraud-officers-arrest-one-in-dawn...

> "The company supplies engine parts to several major airlines in the UK and abroad.

> In August. the Civil Aviation Authority announced it was investigating the same company for the "supply of a large number of suspect unapproved parts"."


This wasn't a security system it was a straight up fiddle. The fact it was undocumented is the real tell.


It was a Security System, they were even told the trains are blocked because of a security system...

  > "Newag explains that the trains were blocked by a "security system" - but there is no mention of it in the 20,000 pages of the manual."
In my experience, It's more common for Security Systems to be un-documented than it is for them to be documented...


Any of those reasons should then have been documented in public, which the poster said it was not.


> I'm all for right to repair for most things, however commercial public transport isn't one of them unless there's some vetting/accreditation process.

That is where you literally have a contract written up, stating this. In some cases that contract is ratified by the parliament (making it effectively the law)


That didn't prevent lots of commercial airliners from flying with potentially dangerous parts but a software restriction would have.

> "In August. the Civil Aviation Authority announced it was investigating the same company for the "supply of a large number of suspect unapproved parts"."

https://news.sky.com/story/fraud-officers-arrest-one-in-dawn...


Holy shit those aren't some random ass hackers

They are members of top CTF team of last decade - Dragon Sector

Also, the story is wild as fuck!


I think the way to fix this is to make sure manufacturers follow certain standards so that the products can be serviced by anyone who holds certificates in those standards.

This is mostly to break the liability/insurance barrier.


That's approximately what the EU forced to happen - third party repair shops were approved and allowed access to the service documentation. But that means nothing when the manufacturer decides to sabotage the trains in firmware and even install an Internet-connected hardware backdoor.


How many similar practices actually get discovered? In a way this is the "right" thing to do in a capitalist society. We are incentivising this behaviour by making it profitable. An honest company cannot compete with a company doing this, unless very rigorous regulations and enforcement of them. This gets harder and harder as tech gets more opaque. Adding more regulation, auditing, hoping that _all_ entrepreneurs are honest, are crutches trying to patch a fundamentally broken economical system.

If capitalism were a software, we would call practices like this code smell. We can try patching it up with some specific legislation and (costly) enforcement by e.g. code auditing in this case. But the real issue is that our economy is not optimizing for global (national) utility, it is optimizing for profits of individual business owners.


For B2B contracts of this kind of size a solution is to insist on clauses with very steep damages in the event of evidence of specific measures to prevent third party service or similar, coupled with never again dealing with a manufacturer like this.

The bigger problem is when manufacturers pull stunts like this on customers who can't afford and/or don't have sufficient financial incentive to figure out the underlying problem.


Steep damages is in many cases not enough because the likelihood of being found out is so low. The damages then have to be extremely steep for this behavior to not be incentivised. Basically to bring the expectation value negative, the damages has to be larger than the profit gain by this behavior, divided by the probability to be caught. Often this will be more than the value of the company, and then the damages do not matter as they simply bankrupt. In that case, the rational business practice is to go for it and hope to not get caught. Any other behavior will eventually lead to bankruptcy in a competetive market.


Which is why it's only really helpful for B2B contracts where there's reasonable power parity to the point where you can realistically 1) refuse to sign a contract unless the damages are significant enough, 2) any resistance to doing so is a strong signal they're up to no good, and 3) you as the buyer can actually afford to do what the operator did in this case and put significant effort into identifying the cause.

I don't think there are many actual cases of manufacturers pulling this without ensuring it's covered in their contract, because being caught out even once will trigger a lot of 1,2 and 3 from future buyers if they still consider you an option at all.

And remember in this case the maximum potential gain is only maintenance contracts from that subset of operators that opt to have other companies do the service.


The fact that an entity can sometimes benefit from deceit has nothing to do with capitalism, specifically, and capitalism is not the simple proposition that profit justifies anything, even if some people sometimes suggest that it is, in order to advance their agenda - in a rather deceitful manner, I might add!


The pressure to benefit from deceit because outperforming competition is the only way to stay alive is unique to capitalism, though.

"capitalism is not the simple proposition that profit justifies anything" - of course, but it naturally leads to an environment where profit justifies anything. No business leaders avoid money-making immoral behavior unless it is overall unprofitable due to market conditions (a specific well-informed customer base, for example) or regulation.


do you have a counter-argument? because what I’m reading here is “you’re wrong and lying or lied to because of an ‘agenda’” and that’s it

what do you think GP or someone who has lied to GP really thinks?

why are they lying?

what’s their agenda?

do you agree that we (in the West) currently broadly live under Friedman’s version of capitalism, and, if so, do you agree that it broadly follows the mantra of “profit/shareholder value above all else”?

if you don’t think we live under that system, what system do you think we live under, and what differs it from the mantra of “profit/shareholder value above all else”?


You have presented a preposterous and completely unjustifiable reading of what I actually wrote, and then demand me to justify it? That's not going to happen, of course.


you don’t have to justify your assertions to me or anyone else, but make sure you can justify them to yourself. have a think about what you said and see how deeply you can support it. you don’t have to reply. you don’t even have to bluster and make accusations. just try and think about it slowly and unemotionally in your own head.

what agenda were you referring to?

who is being deceitful?

what are they trying to hide?

what were the primary tenets of Friedman’s capitalist philosophy?

don’t answer to me, just make sure you have solid answers for yourself


I don't have to justify them to myself or anyone else, because they are figments of your imagination that have no basis in anything at all. In all the articles and comments I have written anywhere, I have never before received any response so unhinged from what I actually wrote.


some people learn to justify their opinions. some people learn to bluster and accuse and talk about how many articles they’ve written

are you denying that you claimed this form of capitalism doesn’t prioritise profit above all else?

are you denying that you made the accusation that some people who disagree with that are lying? you’re aware of what the word deceitful means, I’m sure

are you denying you claimed those people are lying to serve some agenda?

if you want to check your answers, those are all things you said in your comment


> if you want to check your answers, those are all things you said in your comment.

This is utter nonsense, as is obvious to anyone who can read. It is telling that you have not explained how you arrived at these ridiculous conclusions.


my friend, anyone can come to these conclusions by reading your literal words:

>capitalism is not the simple proposition that profit justifies anything, even if some people sometimes suggest that it is

>in order to advance their agenda

>in a rather deceitful manner

so by very clear implication:

>capitalism doesn’t prioritise profit over everything else

>people say otherwise because they have an agenda

>those same people push their agenda with lies (deceit)

just a stab in the dark, but is all this very dramatic bluster and outrage simply because you levelled your accusation at people GP agrees with rather than at GP directly? did you expect a level of plausible deniability because of that? is that why you’re so angry?

if you’re so unable to say what that deceit or agenda is, why did you say it at all? were you trying to sound “in the know” or smart?


So now you have finally come to realize that you need to explain how you arrived at your allegation, and let's recall what that was:

> What I’m reading here is “you’re wrong and lying or lied to because of an ‘agenda’” and that’s it.

Where "you're" means GP, i.e. Bermion, the person to whom I was replying. So where did you get the notion that I was saying these things about Bermion? From your latest post, it appears that you think that in the statement "capitalism is not the simple proposition that profit justifies anything, even if some people sometimes suggest that it is...", the "some people" must refer to Bermion, but that does not follow, and Bermion is not even a particularly good fit, having not said anything so simplistic.

In fact, it is referring to a group of people tacitly referred to in Bermion's comment - those who go along with the view that "in a way, this is the 'right' thing to do in a capitalist society", a group in which Bermion clearly does not belong. It is not uncommon to find people implying, and even saying outright, that capitalism is just the proposition that profit justifies anything (sometimes, for example, in the guise of the claim that a board's only duty is to maximize profits by whatever works), and when it is being claimed by someone who knows better, in the hope of influencing other people in a way that benefits the claimant in some way, then that is duplicitous (which is not a synonym for lying, even though it may involve it.)

Next time you are thinking of making a wild allegation, do yourself a favor and check beforehand whether you have grabbed the wrong end of the stick.


whether or not your accusation directly refers to GP is irrelevant

if you read your own quote, it says “lying or lied to”. I included the “lied to” because I knew you would try and sneak out of it like this, and yet you did it anyway because you appear to emotionally struggle with light criticism and questions, never mind justifying your thoughts

normal people, people who aren’t embarrassed and afraid to defend their thoughts, don’t get angry and bluster and start on about unhingedness and ‘I’ve written so many articles’ and all these quite amusing attempts at condescension and outrage. they just defend their thoughts. they say what agenda they’re referring to. they say who is lying. they don’t get angry that a person asking them questions didn’t accept their pre-emptive excuse

you’re still accusing people who disagree with you of dishonestly pushing an agenda. you’re still accusing people of lying. and you still refuse to justify those accusations. just because you made who you were accusing slightly fuzzy doesn’t mean you automatically get away with anything


> Whether or not your accusation directly refers to GP is irrelevant.

On the contrary, it is of the essence, as you posed your accusation explicitly as me accusing GP of being wrong and lying or being lied to ("what I’m reading here is “you’re wrong and lying or lied to because of an ‘agenda’” and that’s it") - which raises the question of what position you think GP holds, and how you came about that knowledge.

> I included the “lied to” because I knew you would try and sneak out of it like this...

As you wrote this in the first line of your first post, in the middle of your accusation, this just demonstrates that you have been acting in bad faith from the beginning, uninterested in finding out what my actual position is. This will be of little surprise to anyone who has followed the conversation, or just picked up on the tone of your first reply.

It is also completely unclear what you think you are proving here. As I explained in my previous post, your accusation is not wrong on a technicality; it is fundamentally mistaken about where, and about what, I think someone would be lying (hint - it's not GP, as far as I know - but you should know that already from my previous post.)

> Normal people...

Normal people do not like wild, personal and unjustified accusations followed by badgering questions predicated on the false propositions of the accusation, and they are not keen on the people who make them, either.

Your final paragraph shows that you have not learned anything from my previous post, which is probably not surprising, now that you have revealed your intent to trap me on a technicality rather than find out what I am actually saying.


Despite your plethora of deeply hypocritical accusations, I’m going to cut this down to the central tenet

Who are you accusing?

What are you accusing them of?

Why do you think they’re being dishonest?

Next time you say something, remember to be confident it makes sense, or you’ll have to go through your politician’s poor-faith smugly-avoiding-the-question-manual all over again when someone asks you to—shock of all preposterously unhinged shocks—actually explain yourself when you make a controversial claim


So, having nothing to say in response [1], you fall back on badgering again. That isn't going to work any better than it did before, except to reinforce the impression you have already made.

[1] Except for a presumably unintended but rather accurate self-portrait.


one day you’ll have to deal with a person like you, and you’ll remember this and have to sit down and ask yourself some difficult questions


Here, I have met a person who immediately attacks with a personal allegation ("what I’m reading here is “you’re wrong and lying or lied to because of an ‘agenda’” and that’s it"), does so in bad faith ("I included the “lied to” because I knew you would try and sneak out of it like this"), and who repeatedly resorts to badgering me with questions. If this sort of behavior was directed towards someone unprepared for it, it would count as bullying, and I have no difficult questions arising from my responses.


this is all true, but what is the better system? Communism has its merits, but it’s extremely reliant on competent, benevolent leadership and struggles to be economically viable in an American-dominated world.

I think that a Keynesian, well-unionised economy with strong regulation is the solution. I’m sure they exist, but I struggle to think of many examples in history of over-regulation leading to a fault, but I can think of many, many examples of under-regulation managing it, and yet largely due to the capitalist-controlled media, over-regulation is the more feared of the two. This isn’t to say that over-regulation isn’t possible, of course it is, but I don’t think it is in tech.

To go on a tangent, I personally don’t believe in the untrammelled progress of tech. I can understand why people are so vehemently against that idea, of course it’s frustrating to restrict human ingenuity, and there’s a lot of money to be made, but tech is quantifiably making people’s lives worse. Smartphones are a fucking travesty. IQ scores are down something like 10% from the 90s. The internet isn’t great, but at least when you had to be at home logged into a desktop there was some friction. Now an entire generation is plugged into it permanently. An entire generation that doesn’t really read books, rarely thinks alone and in many ways hasn’t had to learn organisational or navigational skills.

AI doesn’t look like it’s going to make any of this much better. Even if we don’t achieve AGI, which I hope, neural networks are only going to get better and better, the best and most powerful ones in the hands of the richest people, who will simply use them to worsen inequality even more.

What else is next? Neuralink? Human genetic engineering? You would hope regulation would stand up to them, especially aesthetic genetic engineering, but who knows?

What we need is a nice big solar flare EMP. Something like the Carrington event


What's next is AI operated lethal weapons. You best believe all the elites are racing for those as fast as they can. As soon as those are a reality, all revolution against economic inequality becomes impossible.

The U.S. army wouldn't fire on civilian protestors, regardless of what a general ordered. An AI army would have no such restrictions or be vulnerable to appeals to morality and ethics.


>The U.S. army wouldn't fire on civilian protestors, regardless of what a general ordered.

World doesn't work like this. You'd think human sanity would prevail if given an order like that as some sort of built it "safety", but people who want to give orders like this can do it in a way that ensures they are complied with. Imagine the soldiers are told there are people with hidden guns in the crowd. Then you get few snipers to take out few soldiers from the crowd's direction and vice versa. The crowd starts shooting back as well as the soldiers.

Do you think this scenario is far fetched? That's exactly what happened during the EuroMaidan protests in Ukraine some years ago except instead of soldiers there was police. https://www.researchgate.net/publication/266855828_The_Snipe...

People are fully capable of killing each other with no help from AI.


> What's next is AI operated lethal weapons. You best believe all the elites are racing for those as fast as they can. As soon as those are a reality, all revolution against economic inequality becomes impossible.

Except for revolution by the AIs. AIs may not like selfish rich jerks any better than biological intelligences do.


biological intelligences seem to tolerate them


Yes - up to a point.


"What's next is AI operated lethal weapons."

Already here, kind of, according to reports on how the IDF selects bombing targets in Gaza.


"They are not civilian protestors. They are terrorists." presto! problem solved!


In this case, they probably got the trains cheaper by agreeing to have them services only at official service stations.

Still a shady practice but not worse than having expiring license keys for unlocking features or similar things


Nope, there was separate tender for just trains, and for the servicing. NEWAG (manufacturer) won the train contract, but lost the servicing contract tender.

Under current rules they had to provide as part of the first contract complete documentation for servicing that any legitimate (vetted & certified) 3rd party company could then use. By servicing I mean literally taking the train apart and handling individual assemblies to original manufacturers at times.

So it is very shady, unethical, and illegal.


Oh you want brakes with that? Sorry you forgot to renew your license.


Tender process does not matter when you do crimes - just like you can't sell yourself to slavery or allow someone to kill you.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: