I just donated 133,7€ and will gladly do it again if further legal costs arise. Please consider also making a generous donation and post about it in this thread.
What Newag is doing here is absolutely vile. They want to charge 20.000€ per train to “reactivate” them after they have been serviced at third party workshops. We must not let them win and set a precedent.
According to the schedule [1], there's a presentation from that team titled "We've not been trained for this: life after the Newag DRM disclosure" that will start at 23:00 local time (in about 30 minutes at the time of this writing) on this livestream [2].
The Luigi-related reference of the talk at 37:03 of the livestream, "Delay, Deflect, Derail" (referring to the response by the Newag train manufacturer representatives, including the president and vice-president of the company, at the parliamentary committee meetings) got a round of applause from the audience.
The "...Derail" portion of the slogan references Newag's handout shown a few seconds earlier in the presentation.
canucker2016 22 days ago [-]
One of the last slides:
Lessons learned?
Lawsuits are temporary, glory is forever.
Go public.
asciii 23 days ago [-]
Thank you! I have to say that my favorite in their latest update is the 60 day counter can be reset after closing the cabin door and hitting the SOS in the toilet. Now I want interview with the engineers sharing these product requirements...
lrasinen 22 days ago [-]
... so a version of the train unlock logic looks at door status and WC emergency button?
You do NOT fuck with the safety system.
Sure, it's not the mission critical safety system and you're only reading it, so what's the harm? Well, one of these days someone doing that is going to typo == into a =, or whatever the PLC version of one-character oopsie is.
anovikov 22 days ago [-]
Precedent isn't as big a concern as many might think, most of Europe does not operate under a precedent-based justice system: it doesn't matter what were the previous decisions of courts on similar cases, the law is the only thing that matters.
etruong42 20 days ago [-]
Can you elaborate? I'm not a lawyer, but my understanding of the value of precedent is to have courts rule on matters in a manner that is consistent with past rulings. Are you suggesting that courts can interpret the law completely differently from how past courts have ruled? Do you feel like that makes court decisions unpredictable?
To be clear, the law changes over time, so newer laws have less precedence, and I expect courts to respect new laws even though no courts have made ruling based on such a law before.
hmottestad 16 days ago [-]
Norway works on a precedent system.
When electric scooters were reclassified as «small electric vehicles» they suddenly came under the same drunk drive laws as motorbikes and cars. So the lower courts ruled a bunch of drunk driving of electric scooters as severely as they would drunk driving of a 2000 kg car that can go 200 km/h. Essentially they just followed the precedence of previous rulings on drunk driving without taking into consideration the intent of the law. People got huge fines and lost their car licenses for several months on the assumption that if they were careless enough to drink and drive an electric scooter they would be just as likely to drink and drive their car.
Eventually a case went all the way to the Supreme Court where they actually thought it through and and decided that there wasn’t any reason to assume that a person would drink and drive a car just because they did so with an electric scooter.
silexia 17 days ago [-]
We need to fight for the Right to Repair to be in legislation for ALL products! If we buy a product, we should have full access to all software and have the ability to fix it!
masklinn 23 days ago [-]
Was going to sling an even 100, but yours is funnier so did the same, thanks.
conartist6 23 days ago [-]
I couldn't figure out how to donate from their website. Where did you donate to?
jdiez17 23 days ago [-]
The payment information is a bit obfuscated, being only a parenthesized sequence of letters and numbers in the OP.
IBAN: DE41 2001 0020 0599 0902 01
BIC: PBNKDEFFXXX
Purpose: Lokomotive
Payee: CCC eV
boneitis 23 days ago [-]
I don't suppose they have any other published, easier methods?
I spent almost an hour trying to jump through the fiery, spinning hoops being dangled by my bank website only to finally at the end be given an "It looks like this part of our site isn't working. Please try again later."
Thank you, bank /s
For anyone else wanting to try their hand and weather the gauntlet, I found slightly more detail of their published bank acct info at: https://www.ccc.de/en/membership
I'd love all participants in this thread to provide their countries.
As a Belgian (EU), I love how I can pay them just by sending them money, without all these weird intermediate companies stealing your personal details and sometimes even your money.
To answer some contras:
In my experience, the process takes about 10 seconds before the payment confirmation appears in the destination bank. Outside business hours and for some bank combinations, the actual money might be in a reservation/underway/unspendable state until the next business day starts. You can not cancel the transfer once it's gone, so most businesses don't care about that delay.
Typing the IBAN is a tiny bit annoying. I see QR codes appearing, containing bic+iban+amount+message to autofill. You pay by scanning the QR code and pressing OK.
AFAIK bic+iban+amount+message is all you need to pay from anywhere in the world. The BIC can be derived from the IBAN if you have the right and up to date database, but outside the EU it is smart to know it, just to be sure.
Sometimes, reading HN, I wonder if I should write a loooong blog post about how Belgium does its money transfers(iban) and buys bread (Bancontact). I suspect most of the EU will answer: duh, boring! Meanwhile, the average USAian brain goes poof.
mszyndel 22 days ago [-]
10 seconds in a German bank? You must be joking, it still takes days.
immibis 23 days ago [-]
For Europeans, this is an extremely easy method and the normal way to send money electronically. The information provided is all that's needed.
If you're trying to send from America, it's still the normal way to send a payment to Europe so see how your bank sends international payments.
vsl 23 days ago [-]
> If you're trying to send from America, it's still the normal way to send a payment to Europe
It’s not; SWIFT is, and that requires additional information not shown there (although some of it is encoded in the IBAN if you know how to decode it).
RandomThoughts3 22 days ago [-]
SWIFT is not a payment system. It’s only a messaging system. It’s generally used to send initiating orders between financial institutions but they then have to be cleared or directly settled through something else.
immibis 20 days ago [-]
IBAN isn't a payment system either, but I'm talking about the end user experience: insert account number, insert amount, click send. Sometimes you also need the SWIFT code which specifies the receiving bank.
umanwizard 21 days ago [-]
I have to contradict this, as an American. Don’t attempt to send from your bank as it is likely to be difficult and complicated and involve huge fees. Use Wise instead.
fragmede 23 days ago [-]
The problem that I'm guessing GP had is that their bank blocked the wire transfer because it looked fraud-y.
MichaelBosworth 23 days ago [-]
“Extremely” is a bit extreme for something that takes 100,000 times longer than a Venmo payment. Or, intercontinentally, a stablecoin transfer
immibis 23 days ago [-]
It literally doesn't. And why would Europeans use venmo? That type of app arose in the USA specifically, to work around not having a convenient way to send money from one bank account to another - much like bulletproof school backpacks, it solves a uniquely American problem.
ikt 23 days ago [-]
As an Australian we have payid to transfer free and instantly between banks instead of needing a 3rd party app but I think he's right that if you are relying on IBAN and needing to do an individual bank transfer then it's not ideal.
It should be as easy as possible to donate, imo it would be better even setting up a basic kofi or buy me a coffee account, or I see the Ukrainians using paypal all the time.
It should be a 3 click payment not a bank transfer requiring copying and pasting IBAN numbers and bank account numbers etc
To poke fun at the Germans at least they are not requesting we fax a copy of the money in :P
masklinn 23 days ago [-]
> As an Australian we have payid to transfer free and instantly between banks
That... is what SEPA is, but built into the european banking system directly.
> I think he's right that if you are relying on IBAN and needing to do an individual bank transfer then it's not ideal.
It's not ideal that you can do a simple transfer by inputting the recipient's IBAN and an amount and be done with literally no third party involved? What?
> imo it would be better even setting up a basic kofi or buy me a coffee account, or I see the Ukrainians using paypal all the time.
You think it's easier to require setting up a third party account, adding your card to it, getting the card authorised, and doing the payment that way, with fees.
Than putting 20 digits in your own bank's application and pressing "send"?
> It should be a 3 click payment not a bank transfer requiring copying and pasting IBAN numbers and bank account numbers etc
It's a SEPA transfer, it's super common and nothing very complicated. There is no bank account number involved: the BIC is the bank's own identifier, and while it was commonly required 10 years ago it's been optional for a long time, my bank's application doesn't even have a field for that anymore.
> You think it's easier to require setting up a third party account, adding your card to it, getting the card authorised, and doing the payment that way, with fees.
- You don't have to setup an account
- You don't have to get the card authorised (I don't know what this means)
- Adding your card numbers in takes me 10 seconds, in the case of Paypal, it's already there so no time
- Fee's are minimal, not even worth wondering about
In terms of donation, entering in the amount to donate and clicking submit is yes, easier than going into my bank's website, bringing up the international transfer, and it's asking me for SMS confirmation that I want to do this, and I can't be bothered going further.
edit: I think maybe we are fighting the wrong battle.
You think IBAN is super easy, and maybe in Europe it is.
I'm not in Europe though and neither is the other chap, so maybe the donations are very easy in Europe but not so much out of it.
I've never done an IBAN payment in my life but I've donated thousands and thousands of dollars to loads of places all over the world without issue for years including Ukraine, this is the first time I've seen a place only accepting an IBAN donation, which feels like a friction that is not there for other places.
immibis 22 days ago [-]
You're donating to a European place. For Ukraine they let you send money directly to the US account of the entire country of Ukraine (an account held at JPMorgan Chase by the way!! That's right, having the world's reserve currency allows American private entities to fractional-reserve entire countries) and earmark it a certain way, and the National Bank of Ukraine would figure it out. That's a highly unusual way to do things. If you want to send a payment to a specific person inside Ukraine, normally you would give their Ukrainian account number to your bank and let your bank figure it out, just like you are doing here.
This feels like an "American discovering the outside world for the first time and discovering that American systems aren't very good" moment.
boneitis 23 days ago [-]
> You think it's easier to require setting up a third party account, adding your card to it, getting the card authorised, and doing the payment that way, with fees.
> Than putting 20 digits in your own bank's application and pressing "send"?
Posting from U.S. (and admittedly a very U.S.-centric response), but in the case of Venmo/Paypal/buymeacoffee/Patreon/gofundme, yes.
I spent another half-hour trying to go the route of Wise suggested by a sibling comment but got stuck in the KYC hurdles. I already sent them my I.D. several times, but the selfie-verification flow won't complete for me, and I'm drawing the line at choosing not to install their app. (And well, I bit the bullet and installed app. It refuses to take a clear selfie, no matter how clear the the preview is /shrug)
masklinn 23 days ago [-]
> Posting from U.S.
Yes if you're trying to use SEPA from the US I can see that, no issue there.
But from the perspective of a very euro/german centric CCC[0], SEPA is really not complicated, and almost certainly free (I understand that a few banks still charge for those but most don't, possibly to a limit). So that's likely a blind spot of theirs: SEPA is probably the cheapest and most straightforward method for 95% of their donations or more.
Even more so as this is the central organisation, but the CCC is mostly a network of local clubs[1], so revenue to the national CCC is I assume almost entirely from the clubs shunting some of their income up
[0] if you check their front page, 1/2 to 2/3 the posts are in german, so are several of the pages
You're trying to send money internationally. It sounds like your bank doesn't want you to send money internationally. This is your problem with your bank.
I don't see why you'd need Wise for a one-off payment. Just go to the international transfer page at your bank and enter the details? Do they not have one?
I believe this is par for the course for US banking and why so many alternate payment systems exist. And in all fairness, it does very much remind me of european banking 15-20 years ago, before the spread of smartphones and banks getting on with the program and making SEPA a (and later EPC) a baseline feature, undoubtedly prodded on by member states.
And I can understand having to translate from SEPA to SWIFT and then needing to deal with that to be less than ideal. When I had to send money to a friend outside the EU I had to go through the bank's website (not available at all from the mobile application) and to register & wait for validation of their account as beneficiary (24h delay IIRC).
At the same bank, SEPA transfers is a button on the home screen of the mobile application, and doesn't require any setup, just input the IBAN or scan the EPC and go (and god would I like more businesses to accept SEPA / use EPC instead of requiring inputting my credit card every time or going through third party payment providers)
lmz 23 days ago [-]
It's just an IBAN. Not "IBAN numbers and bank account numbers".
Kwpolska 22 days ago [-]
The most popular way to transfer money between friends in Poland is a BLIK-to-phone-number transfer. Those transfers are done from the banking app. I don’t need to know someone’s account number, I just need their phone number. BLIK transfers are instant, unlike regular bank transfers, which may take up to 1 business day (specifically, they are done via batch processing 3 times in a business day), and they are always free, unlike instant bank transfers (though that depends on your bank/account type).
seba_dos1 22 days ago [-]
BLIK payments are just an interface on top of regular bank payments.
Kwpolska 22 days ago [-]
They are an interface on top of Express Elixir, not Elixir.
seba_dos1 22 days ago [-]
Both are an option for regular transfers.
What I meant is that in BLIK, phone number gets resolved to a bank account number and a regular (express) transfer gets made, which can be seen in your account history.
rcbdev 22 days ago [-]
This is a registered European association using fee-less European payment standards to fund a lawsuit entirely in Europe involving only European parties.
Do you see the rest of the world complaining when no-one can send free uncomplicated transfers to fund a U.S. non-profit because the U.S.A. prefers to run a draconian consumer banking system?
The shier American arrogance in this comment thread gives me an aneurism. Fix your banking system, ours works.
boneitis 22 days ago [-]
i am doing little more than lamenting the hurdles placed in front of me that i couldn't figure out how to overcome (albeit with a dash of frustrated snark), after having spent north of three hours of my time today. i am not rich, nor well off by many reasonable measures. i rent a small room in a small town, hardly making ends meet, but i simply wanted to donate a couple bucks toward a cause i believe in, out of principle, as i'm not usually a donating type (see bit about renting a small room and barely making ends meet).
i wanted to leave some breadcrumbs for anyone else in a similar situation (that is, trying to donate from U.S., not the bit about wealth) trying to figure out how to make it work, because i sure expended some effort digging it up.
this specific discussion thread is a call to donate and to write here in solidarity in having done so. i may not have successfully donated cold, hard cash, but i'll dare say my pledge of most of my afternoon trying to move mountains in order to send some scratch their way fits in here. it may have barely registered as a drop in the bucket had i been successful, but i believe this is what the thread is about.
jdiez17 22 days ago [-]
Hey, thank you for trying to donate and sorry it was more difficult than it should be. I think even writing about the effort that you put into it helps. <3
boneitis 22 days ago [-]
Thank you for your generous donation <3
jdiez17 22 days ago [-]
> This is a registered European association using fee-less European payment standards to fund a lawsuit entirely in Europe involving only European parties
Okay, but surely you can appreciate that making it easier for Europeans and non-Europeans to contribute to this cause would achieve the goal of the donation campaign more efficiently?
My personal opinion is that it would be very much worth it to accept payments via PayPal, Stripe, or other global electronic payment methods[^1]. And show how much money has been received to date.
I would rant about being content with “it works for us, people will donate if they really want to” but I’ve already done that too many times this year.
^1: yes there are some fees associated with this. But it’s also more convenient and probably more people would donate. But for some people the convenience argument does not compute.
consp 21 days ago [-]
Stripe is not free and neither is PayPal. Assume at least 5 to 10℅ gets lost on the way and for smaller transactions it is more. For small non profits sepa is the way to go.
fragmede 21 days ago [-]
it's 2.9 % and 0.30, not "at least 5-10"
Kwpolska 22 days ago [-]
This German association funds a lawsuit entirely in Poland involving only Polish parties. And sadly, we don’t use the Euro, but rather have our own trash currency, so at least a currency conversion will be involved.
seba_dos1 22 days ago [-]
SEPA transfers are generally as easy as it gets - a free direct transfer straight from your bank, avoiding unnecessary intermediaries. You paste the number, confirm and it's done. Sounds like you need to complain to your particular bank for its subpar service.
socksy 23 days ago [-]
I guess you can use something like https://wise.com to make the IBAN transfer locally, and pay them using a more convenient payment method for you, like ACH, PayPal, Credit Card, etc
umanwizard 21 days ago [-]
If you are American the easiest way to send money to a European bank account is Wise. If you’re European you should be able to do it through your bank.
sizzle 23 days ago [-]
Why not use Bitcoin, ethereum, or monero address to receive funds from the tech saavy viewership?
pcdoodle 22 days ago [-]
I was hoping to find something like that.
sfjailbird 21 days ago [-]
Those downvotes. The amount of bile on HN against crypto is a mark of shame on this community.
sizzle 20 days ago [-]
Yeah I don’t get it honestly. This is a tech enthusiast forum isn’t it?
SR2Z 23 days ago [-]
At 20k euros, would it not just be cheaper to hire some software people to jailbreak them?
If companies that did this got jailbroken and blacklisted by the government, pretty much nobody would try this bullshit.
None4U 23 days ago [-]
This ("software people to jailbreak them") is exactly the identity of the hackers who have been sued
datavirtue 23 days ago [-]
It takes a lot of resources, all rooted in a lot of uncertainty. Not an option for businesses that need equipment.
talldayo 23 days ago [-]
> Not an option for businesses that need equipment.
On the flip side, it can often be the only option for businesses that need equipment. The US has a longstanding trend of hacking John Deere tractors to accept third-party servicing since John Deere's first-party offerings are both expensive and often unavailable.
seba_dos1 22 days ago [-]
It not only was an option in this case, it was the path taken when all the other options were depleted.
atoav 23 days ago [-]
This isn't a software issue. This is a hackers-found-out-they-were-cheating-and-deactivated-their-train-DRM-and-now-these-hackers-are-getting-sued-issue.
And getting sued by a train manifacturer is typically a asymmetrical battle for a private person. Consider watching the original talk (very entertaining and insightful, probably one of the best hacking related videos I watched in 2024), and if you like them toss them a tenner or so.
trod1234 23 days ago [-]
Rather than Cheating, don't you mean tortuous interference, followed by vexatious litigation?
When you intentionally design systems with purpose to delay, but overall sabotage, you show malice and you defraud the purchaser (after-the-fact), you also interfere with their business with third-parties, and impose coercive costs that have never been acceptable.
Coercion is generally not accepted by any civilized society that still follow its original founding principles, and coercion and corruption tend to go hand-in-hand.
pantalaimon 23 days ago [-]
That’s pretty much what happened and how this story came about
kosma 23 days ago [-]
The company was a bit too much in bed with the government to begin with...
majke 23 days ago [-]
The firmware would need to be certified. They mentioned that in the q&a couple of minutes ago.
Apparently its a critical component.
mx20 23 days ago [-]
I remember they said in the last talk last year that there is a "cheat code" that resets the software locks, but almost every train also had slightly different software to obfuscate that they are sabotaging their competition.
psd1 23 days ago [-]
Yes, although i recall it was more lack of build automation meaning not every train had every patch
ryandrake 23 days ago [-]
Looks like train manufacturers are taking a page out of the playbooks of many other companies today. The practice of manufacturers remotely disabling products after the time of purchase (for whatever reason) is becoming a scourge in many other product areas. The device's manufacturer should have no say about how a product is used once money is handed over in exchange for it. This really has to stop. Regulatory agencies around the world are asleep to this problem.
junga 23 days ago [-]
> This really has to stop.
"We", the totally homogeneous group of software professionals could make this stop. "We" don't.
jasdi 23 days ago [-]
If you want to have a say in how software works, then you have to control how companies run.
If Technical folk are not on the Boards or have controlling share in an org, or don't know how to get into such positions then they have very little to no say in how anything works.
There are countless examples were technical people object and get replaced, sidelined or fired, cuz they are totally unprepared in how to win such age old political and financial fights. If Oppenheimer, Engelbart and the Google brainiacs who protested recently got pushed aside, then its beyond obvious how the story will end for anyone else.
The lesson from history for anyone serious about this stuff is - develop business+finance acumen, or develop alliances with business+finance power.
mcdeltat 23 days ago [-]
You speak like working at a company exists in a vacuum. It doesn't. You are (generally, in Western society) free to stop working for that company. If everyone refuses to write the code, then the company won't have that code. Easily said than done, of course, because life has many pressures. But I dislike this "oh can't do anything about it individually, let's give up and double down on unethical behaviour" attitude (meanwhile we are conveniently paid a high salary for it). We always have a choice.
philosopher1234 23 days ago [-]
Whose interests does it serve to place the blame on individual employees?
DirkH 22 days ago [-]
Sounds like a cop out response. Placing blame on individual employees is not mutually exclusive with placing blame on a company's board.
philosopher1234 20 days ago [-]
You dont have to either blame one set of people or another. You could put the blame in the right place instead, the design of the system which all but dictates the individuals choices.
immibis 23 days ago [-]
I am physically there at C3 right now and one of the prevalent themes this year is "being nice didn't work". You can see it in this year's tagline: "illegal instructions"
ryandrake 23 days ago [-]
Yea, every time I read one of these articles, I can’t help but think: “A software engineer sat down and wrote this remote kill switch." We, as a profession are responsible for this shit, or at the very least, complicit. Regulation is one thing, but also, software engineering as a profession is in dire need of ethical standards. Just because we can code something doesn’t mean we should.
zahlman 23 days ago [-]
I remember one of Asimov's stories involved a human defeating the Laws of Robotics by distributing work among multiple robots with imperfect information. I wonder if something analogous doesn't happen with software engineers nowadays.
When it comes to something like a "remote kill switch" for software, it's hard to imagine any alternate beneficial use. But generally I assign the blame to the users of software who put it to a malicious use, not to authors.
immibis 23 days ago [-]
There was an anecdote shared on HN of someone claiming to be ethically employed by the military to develop a system for planes to automatically land on unmarked runways without engine power.
They didn't tell her the planes were elongated spherical and filled with powerful explosives and the runways weren't flat - at least not before the plane landed on them.
akoboldfrying 23 days ago [-]
>When it comes to something like a "remote kill switch" for software, it's hard to imagine any alternate beneficial use.
The obvious alternate beneficial use is the ability to immediately disable the hardware in case a serious safety issue (the kind that triggers product recall) is discovered.
immibis 23 days ago [-]
It's become quite normal in malicious organizations of all types, such as most large businesses and governments.
GauntletWizard 23 days ago [-]
One of the great and terrible things about the software industry is that there's no certifying body, no professional ethics code to sign and adhere to, no government regulation around how you can sell your services.
This is one of the best parts: many software people have gotten in through circuitous routes, have no formal training, and have done great things despite that.
On the other hand, because of that, we don't have any consensus and ability to shun or disposess companies that act unethically.
Quite frankly, I don't think any board of ethics would step in here. I don't see anything in the IEEE code of ethics that would be clear here. I don't think that professional licensing or better professional organizations are the way to stop this behavior.
ocschwar 23 days ago [-]
I think disabling the firmware in circumstances that are clearly defined but not disclosed to the customer is very much outside existing IEEE ethical rules.
And making a Professional Engineer sign on to the software release before the release would be a good way to prevent shit like this.
Teever 22 days ago [-]
To have what you're asking for requires transparency.
It wasn't just a faceless and nameless software engineer it was a real human being with a name.
Until it is mandated that public infrastructure is developed in the open so we know precisely who attempts to add features to render a product defective by design we will not be able to fix this.
teeray 23 days ago [-]
“We” is an amorphous blob, not a guild. The company will just shop the job around until they find someone to do it.
notpushkin 23 days ago [-]
Copyright is the root of the problem. More regulation could be a solution, sure, but is it really what we want?
pkkm 23 days ago [-]
In this case, probably? I'm not a fan of excessive regulation, for this particular problem, I don't see how it could be solved without some kind of "right to repair" law, or at least a "right to be thoroughly informed about repairability before buying" law. Even if copyright was scaled back to 20 years and explicit registration, that still would be long enough to screw customers. In fact, even if copyright didn't exist, the problem would still exist for devices that are hard to reverse-engineer.
trod1234 23 days ago [-]
If businesses are unable to regulate themselves, it must be done by law.
If copyright is the root of the problem, it may be time to remove that protection; or at least revert it so it is more in-line with patent law expiration.
No more author's life + 75. Lets try 15-20 once again, and no derivative protection, unless significantly different, receive protection.
graemep 23 days ago [-]
Also, different terms for different works. Having the same rules for software, drugs, books, paintings etc. is ridiculous.
Software should require disclosure of details of what is protected (e.g. the source) so it can be public used post expiry - just as patents give you a monopoly only what is disclosed in the patent.
trod1234 23 days ago [-]
Agreed.
I'd add that functionally dependent software that is used for the items primary purpose, or its features, should also receive little to no protection, and be disclosed up-front.
You own the things that you buy.
anticensor 21 days ago [-]
They already have different rules (music and sculpture have very different rules from that of books). What kind of difference do you mean?
graemep 21 days ago [-]
AFAIK where I live (in the UK) recorded music has (or had?) a shorter term than books, but sheet music and lyrics did not.
Most things have the same (too long for anything) life + 70.
There is a bad edit in my comment. One item was supposed to go in a second para about the same regarding patents...
sixothree 23 days ago [-]
You say this as if regulation for companies is a bad thing. Your entire existence is governed by regulations. Why should theirs not be?
akoboldfrying 23 days ago [-]
It's not wholly a good or bad thing. It's a complex thing, with large secondary effects that people habitually overlook.
One typical effect of increasing any kind of regulation is that large incumbents tend to benefit disproportionately compared to small operators and newcomers, for several reasons: (1) larger operations can amortise compliance costs more easily; (2) larger operations legitimately contain people with useful expertise in helping government decide the shape of the regulations (and will propose kinds of regulation that correspond as far as possible to their own existing practices, and to practices that competitors would find costly to implement); (3) larger operations have the wherewithal to lobby for regulations that are to their benefit and to competitors' detriment, irrespective of how good those regulations are for other stakeholders. (2) and (3) together lead towards regulatory capture, at which point the regulations are almost purely a drain on all other participants with no upside.
sixothree 22 days ago [-]
Are you sure you replied to the correct comment?
akoboldfrying 22 days ago [-]
Yes. You implied that regulation for companies is inherently a good thing, and I disagree.
TheSpiffiest 23 days ago [-]
Yes? Unless we want to let manufacturers sell us a vehicle but license the code that makes it run.
devwastaken 23 days ago [-]
intellectual property law is regulation. regulators always get bought out because regulators career advance to the companies they worked with. remove intellectual property and the market fixes the problem.
realusername 23 days ago [-]
Talking about licensing is going their way, what we need is ownership, not licensing.
actionfromafar 23 days ago [-]
The device/train could be bricked with or without copyright.
f1shy 23 days ago [-]
But cannot be legally unbricked with Copyright
jdiez17 22 days ago [-]
It can be. There’s no copyright infringement here.
duxup 23 days ago [-]
I have no problem with some wide ranging law about right to repair.
If that's regulation, yes please.
jopsen 23 days ago [-]
> If that's regulation, yes please
It is, and as much as we all want to pretend this is always about rent seeking.
There can be other reasons.
Some systems are bought in manners that include service contracts and outs liability on manufacturers. In such scenarios one man's kill switch could be a safety feature.
You don't want unauthorized personel messing about a medical x-ray device. Because (a) you want it to work, (b) there might be 10k+ volts sitting in giant capacitors.
I'm guessing it's similar with airplanes.
---
In complex enterprise systems, right to repair might not always be simple.
But if it comes to your home appliances, a tractor, car, etc. I'd be a lot less worried.
mulmen 23 days ago [-]
This is simply solved through liability. If someone can provide the service and liability guarantees for less than the manufacturer then you hire them.
John Deere is proof that the manufacturer alone can't be trusted because they can't provide timely service in a time-critical industry.
immibis 23 days ago [-]
Such liability issues are usually solved with a warning label. "Warning: 10000 volts. No user-serviceable parts inside." If the customer chooses to unscrew the cover and carelessly electrocute themselves, that's on them. It's much cheaper, too, than making the train brick itself if it's detected in specific geographical areas.
timewizard 23 days ago [-]
> but is it really what we want?
What we want is results. Whatever mechanism is most efficient at producing those results should be used.
> Copyright is the root of the problem.
If you sell me a device that relies on copyrighted software for operation then you must also grant me a limited non-transferable license tied to that specific device to modify that software however I please. Perhaps DMCAs anti tampering provisions are really the issue here.
notpushkin 23 days ago [-]
> Perhaps DMCAs anti tampering provisions are really the issue here.
I think so, yeah. But IMO even copyright as a whole brings more problems than it solves nowadays.
tempodox 23 days ago [-]
The bottomless pits of greed that opened up in the software industry with subscription models are also attracting hardware manufacturers. Effectively, you don't buy their stuff any more, you only rent it. If “the market” accepts this BS, regulatory agencies will do nothing.
charlieyu1 22 days ago [-]
Today? My first PC had a “do not open or lose warranty” seal.
niepiekm 23 days ago [-]
Newag is also after the Chairwoman of the Parliamentary Team for Combating Transport Exclusion, MP Paulina Matysiak and filed for revoking her immunity. She's been looking into the matter since the news broke last year.
I remember this story of “hackers” discovering that the train company disabled trains being serviced by competitors.
It’s a shame they are being sued.
Hopefully, they raise enough to do painful and invasive discovery.
scotty79 23 days ago [-]
It's a shame that the company wasn't charged with sabotage and possibly treason.
Attacking trains, even the ones you manufactured is an attack on nationally crucial infrastructure.
pmarreck 23 days ago [-]
What happened to the old moral rule of "if you explain to your mom what you are doing and she is dismayed, you are doing things wrong"?
Because what Newag is doing very clearly violates it.
joe_the_user 23 days ago [-]
That rule is essentially about "what will get you in trouble politically". But today you have a fair number of large and monopolistic operations that just ignore such effects - the press is underfunded and corrupt and politicians are simply corrupt (in a broad sense).
shermantanktop 23 days ago [-]
Presumably that rule isn’t profitable to follow, and so the prime directive (maximize money in any legal or quasi legal way possible) takes precedence.
the_gipsy 23 days ago [-]
"to have a fiscal obligation (to your shareholders)" or something like that.
charlieyu1 22 days ago [-]
People seldom tell the truth to their families and there is always some way to distort a bit to convince yourself
I have to say, I didn't expect to discover an established Lisp dialect implemented in JavaScript. But I guess it shouldn't be surprising.
magicalhippo 23 days ago [-]
Aha, thanks for the explanation. Bit tedious to do manually, but helpful. Perhaps one day I'll sit down and attempt to make a greasemonkey script for that.
aeontech 23 days ago [-]
Ah! My search-fu failed me, I was looking for company name and for train hacking mentions, but didn't find all these! Thank you!
Can someone please summarize (for those of us who don't know the full story) why the government(s) that bought these trojaned trains isn't ripping the train vendor a new orifice, and pinning medals on the hackers who exposed this?
immibis 23 days ago [-]
The governments are very capitalist and believe big companies should be allowed to do whatever they want.
datavirtue 23 days ago [-]
This is almost universal. If manufacturers are not already doing this they are planning it.
There is a lot of anxiety around the business model because a lot of the world is advancing and manufacturers are popping up everywhere with cheaper machines on offer. The moats are disappearing and durable goods manufacturers are clamoring for the next wave in the business model: subscription services for maintenance and support.
Ford has a connected fleet service offering that is picking up steam and could prove very lucrative in the commercial vehicle space.
A lot of this is rooted in an eroding labor pool that is lacking in bodies, training and experience.
This train fiasco is definitely bordering on criminal but it isn't far off from the wave of "progress" that is taking place.
userbinator 23 days ago [-]
Sadly, I suspect discoveries like this will only cause other companies to learn from it --- by making it even more difficult to discover their "plausible-deniability" tricks, and hiding them under the guise of "security". Big Tech has been playing that game for a while:
Newag is acting like the mafia here: "Wouldn't it be a shame if your trains stopped working..?"
Not that I want to tell the Polish how to do things (I don't), but a satisfying outcome would be one where they found out precisely who gave the order to program Newag trains like that and then jail them. Add to their jailtime for each train that is found running the software and force Newag to do free maintenance on those trains.
If Poland wants to show a hard stance on how to deal with people trying to fuck over the public to earn money that's as good as its gonna get. If Poland wants to tell everybody that fucking the polish public pays off even if there is overwhelming evidence that you did it — ok.
trod1234 23 days ago [-]
NewAg is clearly acting with malice and sabotage in mind (as well as extortion), and when it comes to trains and railways this is not just a business matter, it becomes a strategic national security issue.
"Wouldn't it be a shame if the trains filled with perishable food stuffs stopped working in route..., and the harvests rot"
Do you know of any country where food security doesn't impact the government's ability to keep order?
If any non-service operator, did this, like a third-party, they would reasonably be considered a terrorist organization, and the members of such a cohort should be treated as such.
Even if the claim is made its only for small specific things which you had to agree to, its an inserted vulnerability into the supply chain that is both non-essential for regular function, which has been designed to be essential.
At a bare minimum, they pave the way for such groups even if they don't act on it themselves.
lupire 23 days ago [-]
Is no one suing the manufacturer for vandalizing the trains?
terramex 23 days ago [-]
> It was also revealed that the Polish Internal Security Agency (ABW) had, in October 2022, submitted a case against Newag regarding the abovementioned software manipulation incidents to the prosecutor's office in Nowy Sącz, which initially downplayed the incident until said findings publicly came to light, after which, the investigation was taken over by the regional prosecutor's office in Kraków on suspicion of crimes committed under Article 269 §1 and Article 286 §1 of the Polish Penal Code.
> The Sejm's [Sejm is "the lower house of the bicameral parliament of Poland"] Parliamentary Committee for Combating Transport Exclusion subsequently convened three hearings regarding the abovementioned allegations on 17 January, 27 February and 26 March 2024, whose participants included representatives of the Dragon Sector team, Newag, railway operators and members of the Sejm.[19]
They are being investigated, the Polish government is just slow.
1oooqooq 23 days ago [-]
instead of a defense fund for the hackers, they should start an ETF to sue the manufacturer for profits:)
intunderflow 23 days ago [-]
No, and frankly if the Polish government won't do anything with this overwhelming evidence then they've got the train manufacturer they deserve.
You can lead a horse to water...
nicce 23 days ago [-]
If that will happen, maybe it is time to start following that money.
immibis 23 days ago [-]
What can you do after you find where the money is flowing?
nicce 23 days ago [-]
I am not familiar with Polish law about corruption or lobbying but if some politicians are getting money, that is a starting point.
misiek08 23 days ago [-]
They are. Both sides that are interchangeably leading the country. Nothing really changed since at least 50+ years. Same names, same stories.
Both groups did some PR moves showing police, CBA and ABW being successful catching some poor guys fighting with the system.
hazn 22 days ago [-]
I am an outisder to polish politics. Isn’t it the case that polish democracy is a good success story the last decade(s)?
Genuine question.
josefritzishere 23 days ago [-]
The CCC are heroes and should be celebrated as such.
immibis 23 days ago [-]
Note that the CCC is more-or-less just a container organization for people who actually do stuff individually. These particular hackers are heroes. Even things like the Congress are run by some people who more-or-less decided to run the Congress each year. There substantial inertia in how things like that are done, of course.
DaSHacka 23 days ago [-]
Not sure I'd go that far, though their efforts on matters like these are certainly appreciated.
Dkuku 23 days ago [-]
I wonder why there are no lawsuits from the companies that had to pay to unlock the trains and did not get any documentation what was fixed/replaced to get it running (in 10min) especially that it was not a single train that had to be unlocked. It's like having ransomware on the plc.
23 days ago [-]
devwastaken 23 days ago [-]
we live in a post intellectual property age. its about manufacturing and resources now. it is overwhelmingly used to suppress upstarts and remove diverse competition in the market before they can get their legs. regulators go on to work for the companies they regulated. The conflicts of interest create an oligopoly that is more about lawyers than about engineering.
its time we repealed it all. no one gets to own an idea of the universe. especially not a faceless org created for tax purposes.
sizzle 23 days ago [-]
Is there a reason they aren’t slapping up a Bitcoin or ethereum or even monero wallet address for crypto donations?!
Seems like they are taking a stance against crypto? Why else not use this perfect new decentralized medium for financial support?
21 days ago [-]
752963e64 23 days ago [-]
[dead]
randunel 23 days ago [-]
> If more than the € 30,000 required to date is donated, if the legal costs are lower or if court costs are repaid, all payments received in excess will be used for the statutory purposes of the Chaos Computer Club e.V.. Please note that the CCC e.V. is not formally recognised as a non-profit organisation.
That is one sure way to make people not donate to the cause. I want to support the people, but I don't want my money to go elsewhere, and there is no way of knowing how much has been raised to date or guarantees to get the funds back when the legal costs eventually get covered by Newag. The only guarantee stated is that they will definitely use money for something else. Not OK.
mschuster91 23 days ago [-]
The "Please note that the CCC e.V. is not formally recognised as a non-profit organisation" part is a bad translation - this one is related to the German tax code.
To put it short: there are two different kinds of NPOs, first "regular" e.V. and then those e.V. that fulfill exclusively "aims for the common good" ("gemeinnützige Zwecke", the full list is in §52 AO [1]) - they carry a special benefit: donations can be deducted from your income for tax purposes.
The CCC is a non-profit organization, but since it (among other things) engages in taking political stances while at the same time not being a political party, it is not seen as a "gemeinnützig" organization - a fate that hit quite a few organizations in the last years [2] or is looming over their head [3].
I kind of envy Germany's large array of possible corporate charters for non-profits, for-profits and kinda-sorta-nonprofits. I wish America had the same menu to pick fro.
mschuster91 22 days ago [-]
I'll add some more confusion to your mental list: the "gemeinnützige GmbH" aka "common-good LLC" - it is allowed to undertake commercial (income-generating) activities as its main activity (unlike the e.V. which may only do commercial activities like selling stuff on a very limited basis, stuff like selling swag for example), but the proceedings must be used only for activities in the list in §52 AO as well.
saaaaaam 23 days ago [-]
I’m assuming they have to say this from a legal perspective. In reality what they are saying is “we don’t know how much the legal fees will come to, could be less, could be more. However, once we have proper accounting, if there is money left over this will support CCC”
I’m not familiar with German governance for quasi not for profits, but I suspect the idea that funds are conditional for one specific purpose probably breaches governance, and returning funds to donors if certain conditions are/are not met could be problematic from a tax point of view. I know this would be the case in other European jurisdictions with which I am more familiar.
an e.V. is by its very nature very non-profit-y. I am not an expert, so I encourage you to look up e.V. aka "eingetragener Verein", but basically, its similar to a nonprofit and a lot of rules and laws apply. Its not formally a non-profit in any country because e.V. is a specific German thing. You can, however, rely on that being very rock solid and not for-profit.
immibis 23 days ago [-]
The CCC is a good organization to support anyway.
jdiez17 23 days ago [-]
That’s a fair point and I had to re-read that sentence multiple times to understand what they are saying. They should indeed say how much money towards this cause has been received.
What Newag is doing here is absolutely vile. They want to charge 20.000€ per train to “reactivate” them after they have been serviced at third party workshops. We must not let them win and set a precedent.
I highly encourage everyone to watch the previous presentation: https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_tra...
According to the schedule [1], there's a presentation from that team titled "We've not been trained for this: life after the Newag DRM disclosure" that will start at 23:00 local time (in about 30 minutes at the time of this writing) on this livestream [2].
Edit: presentation's over and it was outstanding.
[1] https://events.ccc.de/congress/2024/hub/en/event/we-ve-not-b...
[2] https://streaming.media.ccc.de/38c3/eins/hls
The "...Derail" portion of the slogan references Newag's handout shown a few seconds earlier in the presentation.
You do NOT fuck with the safety system.
Sure, it's not the mission critical safety system and you're only reading it, so what's the harm? Well, one of these days someone doing that is going to typo == into a =, or whatever the PLC version of one-character oopsie is.
To be clear, the law changes over time, so newer laws have less precedence, and I expect courts to respect new laws even though no courts have made ruling based on such a law before.
When electric scooters were reclassified as «small electric vehicles» they suddenly came under the same drunk drive laws as motorbikes and cars. So the lower courts ruled a bunch of drunk driving of electric scooters as severely as they would drunk driving of a 2000 kg car that can go 200 km/h. Essentially they just followed the precedence of previous rulings on drunk driving without taking into consideration the intent of the law. People got huge fines and lost their car licenses for several months on the assumption that if they were careless enough to drink and drive an electric scooter they would be just as likely to drink and drive their car.
Eventually a case went all the way to the Supreme Court where they actually thought it through and and decided that there wasn’t any reason to assume that a person would drink and drive a car just because they did so with an electric scooter.
IBAN: DE41 2001 0020 0599 0902 01
BIC: PBNKDEFFXXX
Purpose: Lokomotive
Payee: CCC eV
I spent almost an hour trying to jump through the fiery, spinning hoops being dangled by my bank website only to finally at the end be given an "It looks like this part of our site isn't working. Please try again later."
Thank you, bank /s
For anyone else wanting to try their hand and weather the gauntlet, I found slightly more detail of their published bank acct info at: https://www.ccc.de/en/membership
and an official, physical address over at: https://www.ccc.de/en/imprint
As a Belgian (EU), I love how I can pay them just by sending them money, without all these weird intermediate companies stealing your personal details and sometimes even your money.
To answer some contras:
In my experience, the process takes about 10 seconds before the payment confirmation appears in the destination bank. Outside business hours and for some bank combinations, the actual money might be in a reservation/underway/unspendable state until the next business day starts. You can not cancel the transfer once it's gone, so most businesses don't care about that delay.
Typing the IBAN is a tiny bit annoying. I see QR codes appearing, containing bic+iban+amount+message to autofill. You pay by scanning the QR code and pressing OK.
AFAIK bic+iban+amount+message is all you need to pay from anywhere in the world. The BIC can be derived from the IBAN if you have the right and up to date database, but outside the EU it is smart to know it, just to be sure.
Sometimes, reading HN, I wonder if I should write a loooong blog post about how Belgium does its money transfers(iban) and buys bread (Bancontact). I suspect most of the EU will answer: duh, boring! Meanwhile, the average USAian brain goes poof.
If you're trying to send from America, it's still the normal way to send a payment to Europe so see how your bank sends international payments.
It’s not; SWIFT is, and that requires additional information not shown there (although some of it is encoded in the IBAN if you know how to decode it).
It should be as easy as possible to donate, imo it would be better even setting up a basic kofi or buy me a coffee account, or I see the Ukrainians using paypal all the time.
It should be a 3 click payment not a bank transfer requiring copying and pasting IBAN numbers and bank account numbers etc
To poke fun at the Germans at least they are not requesting we fax a copy of the money in :P
That... is what SEPA is, but built into the european banking system directly.
> I think he's right that if you are relying on IBAN and needing to do an individual bank transfer then it's not ideal.
It's not ideal that you can do a simple transfer by inputting the recipient's IBAN and an amount and be done with literally no third party involved? What?
> imo it would be better even setting up a basic kofi or buy me a coffee account, or I see the Ukrainians using paypal all the time.
You think it's easier to require setting up a third party account, adding your card to it, getting the card authorised, and doing the payment that way, with fees.
Than putting 20 digits in your own bank's application and pressing "send"?
> It should be a 3 click payment not a bank transfer requiring copying and pasting IBAN numbers and bank account numbers etc
It's a SEPA transfer, it's super common and nothing very complicated. There is no bank account number involved: the BIC is the bank's own identifier, and while it was commonly required 10 years ago it's been optional for a long time, my bank's application doesn't even have a field for that anymore.
There's a standard format for qrcode SEPA called EPC (https://en.wikipedia.org/wiki/EPC_QR_code), however the amount is fixed which is not always desirable e.g.
- qrcode for a 133.70€ donation https://epc-qr.eu/?bname=CCC%20eV&iban=DE41%202001%200020%20...
- qrcode for a 13.30€ donation https://epc-qr.eu/?bname=CCC%20eV&iban=DE41%202001%200020%20...
- You don't have to setup an account
- You don't have to get the card authorised (I don't know what this means)
- Adding your card numbers in takes me 10 seconds, in the case of Paypal, it's already there so no time
- Fee's are minimal, not even worth wondering about
In terms of donation, entering in the amount to donate and clicking submit is yes, easier than going into my bank's website, bringing up the international transfer, and it's asking me for SMS confirmation that I want to do this, and I can't be bothered going further.
edit: I think maybe we are fighting the wrong battle.
You think IBAN is super easy, and maybe in Europe it is.
I'm not in Europe though and neither is the other chap, so maybe the donations are very easy in Europe but not so much out of it.
I've never done an IBAN payment in my life but I've donated thousands and thousands of dollars to loads of places all over the world without issue for years including Ukraine, this is the first time I've seen a place only accepting an IBAN donation, which feels like a friction that is not there for other places.
This feels like an "American discovering the outside world for the first time and discovering that American systems aren't very good" moment.
> Than putting 20 digits in your own bank's application and pressing "send"?
Posting from U.S. (and admittedly a very U.S.-centric response), but in the case of Venmo/Paypal/buymeacoffee/Patreon/gofundme, yes.
I spent another half-hour trying to go the route of Wise suggested by a sibling comment but got stuck in the KYC hurdles. I already sent them my I.D. several times, but the selfie-verification flow won't complete for me, and I'm drawing the line at choosing not to install their app. (And well, I bit the bullet and installed app. It refuses to take a clear selfie, no matter how clear the the preview is /shrug)
Yes if you're trying to use SEPA from the US I can see that, no issue there.
But from the perspective of a very euro/german centric CCC[0], SEPA is really not complicated, and almost certainly free (I understand that a few banks still charge for those but most don't, possibly to a limit). So that's likely a blind spot of theirs: SEPA is probably the cheapest and most straightforward method for 95% of their donations or more.
Even more so as this is the central organisation, but the CCC is mostly a network of local clubs[1], so revenue to the national CCC is I assume almost entirely from the clubs shunting some of their income up
[0] if you check their front page, 1/2 to 2/3 the posts are in german, so are several of the pages
[1] https://www.ccc.de/en/regional
I don't see why you'd need Wise for a one-off payment. Just go to the international transfer page at your bank and enter the details? Do they not have one?
I believe this is par for the course for US banking and why so many alternate payment systems exist. And in all fairness, it does very much remind me of european banking 15-20 years ago, before the spread of smartphones and banks getting on with the program and making SEPA a (and later EPC) a baseline feature, undoubtedly prodded on by member states.
And I can understand having to translate from SEPA to SWIFT and then needing to deal with that to be less than ideal. When I had to send money to a friend outside the EU I had to go through the bank's website (not available at all from the mobile application) and to register & wait for validation of their account as beneficiary (24h delay IIRC).
At the same bank, SEPA transfers is a button on the home screen of the mobile application, and doesn't require any setup, just input the IBAN or scan the EPC and go (and god would I like more businesses to accept SEPA / use EPC instead of requiring inputting my credit card every time or going through third party payment providers)
What I meant is that in BLIK, phone number gets resolved to a bank account number and a regular (express) transfer gets made, which can be seen in your account history.
Do you see the rest of the world complaining when no-one can send free uncomplicated transfers to fund a U.S. non-profit because the U.S.A. prefers to run a draconian consumer banking system?
The shier American arrogance in this comment thread gives me an aneurism. Fix your banking system, ours works.
i wanted to leave some breadcrumbs for anyone else in a similar situation (that is, trying to donate from U.S., not the bit about wealth) trying to figure out how to make it work, because i sure expended some effort digging it up.
this specific discussion thread is a call to donate and to write here in solidarity in having done so. i may not have successfully donated cold, hard cash, but i'll dare say my pledge of most of my afternoon trying to move mountains in order to send some scratch their way fits in here. it may have barely registered as a drop in the bucket had i been successful, but i believe this is what the thread is about.
Okay, but surely you can appreciate that making it easier for Europeans and non-Europeans to contribute to this cause would achieve the goal of the donation campaign more efficiently?
My personal opinion is that it would be very much worth it to accept payments via PayPal, Stripe, or other global electronic payment methods[^1]. And show how much money has been received to date.
I would rant about being content with “it works for us, people will donate if they really want to” but I’ve already done that too many times this year.
^1: yes there are some fees associated with this. But it’s also more convenient and probably more people would donate. But for some people the convenience argument does not compute.
If companies that did this got jailbroken and blacklisted by the government, pretty much nobody would try this bullshit.
On the flip side, it can often be the only option for businesses that need equipment. The US has a longstanding trend of hacking John Deere tractors to accept third-party servicing since John Deere's first-party offerings are both expensive and often unavailable.
And getting sued by a train manifacturer is typically a asymmetrical battle for a private person. Consider watching the original talk (very entertaining and insightful, probably one of the best hacking related videos I watched in 2024), and if you like them toss them a tenner or so.
When you intentionally design systems with purpose to delay, but overall sabotage, you show malice and you defraud the purchaser (after-the-fact), you also interfere with their business with third-parties, and impose coercive costs that have never been acceptable.
Coercion is generally not accepted by any civilized society that still follow its original founding principles, and coercion and corruption tend to go hand-in-hand.
Apparently its a critical component.
"We", the totally homogeneous group of software professionals could make this stop. "We" don't.
If Technical folk are not on the Boards or have controlling share in an org, or don't know how to get into such positions then they have very little to no say in how anything works.
There are countless examples were technical people object and get replaced, sidelined or fired, cuz they are totally unprepared in how to win such age old political and financial fights. If Oppenheimer, Engelbart and the Google brainiacs who protested recently got pushed aside, then its beyond obvious how the story will end for anyone else.
The lesson from history for anyone serious about this stuff is - develop business+finance acumen, or develop alliances with business+finance power.
When it comes to something like a "remote kill switch" for software, it's hard to imagine any alternate beneficial use. But generally I assign the blame to the users of software who put it to a malicious use, not to authors.
They didn't tell her the planes were elongated spherical and filled with powerful explosives and the runways weren't flat - at least not before the plane landed on them.
The obvious alternate beneficial use is the ability to immediately disable the hardware in case a serious safety issue (the kind that triggers product recall) is discovered.
This is one of the best parts: many software people have gotten in through circuitous routes, have no formal training, and have done great things despite that.
On the other hand, because of that, we don't have any consensus and ability to shun or disposess companies that act unethically.
Quite frankly, I don't think any board of ethics would step in here. I don't see anything in the IEEE code of ethics that would be clear here. I don't think that professional licensing or better professional organizations are the way to stop this behavior.
And making a Professional Engineer sign on to the software release before the release would be a good way to prevent shit like this.
It wasn't just a faceless and nameless software engineer it was a real human being with a name.
Until it is mandated that public infrastructure is developed in the open so we know precisely who attempts to add features to render a product defective by design we will not be able to fix this.
If copyright is the root of the problem, it may be time to remove that protection; or at least revert it so it is more in-line with patent law expiration.
No more author's life + 75. Lets try 15-20 once again, and no derivative protection, unless significantly different, receive protection.
Software should require disclosure of details of what is protected (e.g. the source) so it can be public used post expiry - just as patents give you a monopoly only what is disclosed in the patent.
I'd add that functionally dependent software that is used for the items primary purpose, or its features, should also receive little to no protection, and be disclosed up-front.
You own the things that you buy.
Most things have the same (too long for anything) life + 70.
There is a bad edit in my comment. One item was supposed to go in a second para about the same regarding patents...
One typical effect of increasing any kind of regulation is that large incumbents tend to benefit disproportionately compared to small operators and newcomers, for several reasons: (1) larger operations can amortise compliance costs more easily; (2) larger operations legitimately contain people with useful expertise in helping government decide the shape of the regulations (and will propose kinds of regulation that correspond as far as possible to their own existing practices, and to practices that competitors would find costly to implement); (3) larger operations have the wherewithal to lobby for regulations that are to their benefit and to competitors' detriment, irrespective of how good those regulations are for other stakeholders. (2) and (3) together lead towards regulatory capture, at which point the regulations are almost purely a drain on all other participants with no upside.
If that's regulation, yes please.
It is, and as much as we all want to pretend this is always about rent seeking.
There can be other reasons.
Some systems are bought in manners that include service contracts and outs liability on manufacturers. In such scenarios one man's kill switch could be a safety feature.
You don't want unauthorized personel messing about a medical x-ray device. Because (a) you want it to work, (b) there might be 10k+ volts sitting in giant capacitors.
I'm guessing it's similar with airplanes.
---
In complex enterprise systems, right to repair might not always be simple.
But if it comes to your home appliances, a tractor, car, etc. I'd be a lot less worried.
John Deere is proof that the manufacturer alone can't be trusted because they can't provide timely service in a time-critical industry.
What we want is results. Whatever mechanism is most efficient at producing those results should be used.
> Copyright is the root of the problem.
If you sell me a device that relies on copyrighted software for operation then you must also grant me a limited non-transferable license tied to that specific device to modify that software however I please. Perhaps DMCAs anti tampering provisions are really the issue here.
I think so, yeah. But IMO even copyright as a whole brings more problems than it solves nowadays.
https://transinfo-pl.translate.goog/inforail/jest-wniosek-o-...
It’s a shame they are being sued.
Hopefully, they raise enough to do painful and invasive discovery.
Attacking trains, even the ones you manufactured is an attack on nationally crucial infrastructure.
Because what Newag is doing very clearly violates it.
https://news.ycombinator.com/item?id=38530885
https://news.ycombinator.com/item?id=38567687
https://news.ycombinator.com/item?id=38628635
https://news.ycombinator.com/item?id=38788360
& more
Manufacturer's Repair DRM Killed Train's Power, Broke Compressor - https://news.ycombinator.com/item?id=38893116 - Jan 2024 (2 comments)
Breaking "DRM" in Polish trains [video] - https://news.ycombinator.com/item?id=38788360 - Dec 2023 (51 comments)
Polish DRMed trains stop as predicted due to date-based logic-bomb - https://news.ycombinator.com/item?id=38729035 - Dec 2023 (103 comments)
Trains were designed to break down after third-party repairs, hackers find - https://news.ycombinator.com/item?id=38638865 - Dec 2023 (233 comments)
Polish Hackers that repaired DRM trains threatened by train company - https://news.ycombinator.com/item?id=38628635 - Dec 2023 (142 comments)
Polish train maker denies claims its software bricked competitor rolling stock - https://news.ycombinator.com/item?id=38570654 - Dec 2023 (2 comments)
Dieselgate, but for trains – some heavyweight hardware hacking - https://news.ycombinator.com/item?id=38567687 - Dec 2023 (293 comments)
Polish trains lock up when serviced in third-party workshops - https://news.ycombinator.com/item?id=38530885 - Dec 2023 (360 comments)
Unrelated but is this macro available to others, or just mods? I tried searching the webs for it but found nothing.
here's more of an explanation if curious: https://news.ycombinator.com/item?id=40564558
https://news.ycombinator.com/item?id=38788360
There is a lot of anxiety around the business model because a lot of the world is advancing and manufacturers are popping up everywhere with cheaper machines on offer. The moats are disappearing and durable goods manufacturers are clamoring for the next wave in the business model: subscription services for maintenance and support.
Ford has a connected fleet service offering that is picking up steam and could prove very lucrative in the commercial vehicle space.
A lot of this is rooted in an eroding labor pool that is lacking in bodies, training and experience.
This train fiasco is definitely bordering on criminal but it isn't far off from the wave of "progress" that is taking place.
https://news.ycombinator.com/item?id=36926276
https://news.ycombinator.com/item?id=24955071
Not that I want to tell the Polish how to do things (I don't), but a satisfying outcome would be one where they found out precisely who gave the order to program Newag trains like that and then jail them. Add to their jailtime for each train that is found running the software and force Newag to do free maintenance on those trains.
If Poland wants to show a hard stance on how to deal with people trying to fuck over the public to earn money that's as good as its gonna get. If Poland wants to tell everybody that fucking the polish public pays off even if there is overwhelming evidence that you did it — ok.
"Wouldn't it be a shame if the trains filled with perishable food stuffs stopped working in route..., and the harvests rot"
Do you know of any country where food security doesn't impact the government's ability to keep order?
If any non-service operator, did this, like a third-party, they would reasonably be considered a terrorist organization, and the members of such a cohort should be treated as such.
Even if the claim is made its only for small specific things which you had to agree to, its an inserted vulnerability into the supply chain that is both non-essential for regular function, which has been designed to be essential.
At a bare minimum, they pave the way for such groups even if they don't act on it themselves.
> The Sejm's [Sejm is "the lower house of the bicameral parliament of Poland"] Parliamentary Committee for Combating Transport Exclusion subsequently convened three hearings regarding the abovementioned allegations on 17 January, 27 February and 26 March 2024, whose participants included representatives of the Dragon Sector team, Newag, railway operators and members of the Sejm.[19]
https://en.wikipedia.org/wiki/Newag#2023_revelation_of_softw...
I could not find any later updates in polish media.
https://kolejowyportal.pl/dragon-sector-newag-wprowadza-opin...
You can lead a horse to water...
Genuine question.
its time we repealed it all. no one gets to own an idea of the universe. especially not a faceless org created for tax purposes.
Seems like they are taking a stance against crypto? Why else not use this perfect new decentralized medium for financial support?
That is one sure way to make people not donate to the cause. I want to support the people, but I don't want my money to go elsewhere, and there is no way of knowing how much has been raised to date or guarantees to get the funds back when the legal costs eventually get covered by Newag. The only guarantee stated is that they will definitely use money for something else. Not OK.
To put it short: there are two different kinds of NPOs, first "regular" e.V. and then those e.V. that fulfill exclusively "aims for the common good" ("gemeinnützige Zwecke", the full list is in §52 AO [1]) - they carry a special benefit: donations can be deducted from your income for tax purposes.
The CCC is a non-profit organization, but since it (among other things) engages in taking political stances while at the same time not being a political party, it is not seen as a "gemeinnützig" organization - a fate that hit quite a few organizations in the last years [2] or is looming over their head [3].
[1] https://www.gesetze-im-internet.de/ao_1977/__52.html
[2] https://www.campact.de/ueber-campact/der-verein/
[3] https://www.mdr.de/nachrichten/deutschland/politik/brandbrie...
I’m not familiar with German governance for quasi not for profits, but I suspect the idea that funds are conditional for one specific purpose probably breaches governance, and returning funds to donors if certain conditions are/are not met could be problematic from a tax point of view. I know this would be the case in other European jurisdictions with which I am more familiar.
And here (from another HN link I just browsed) is other work CCC is doing, his time exposing a major security flaw in VW Audi Group security policies: https://cyberinsider.com/vw-suffers-major-breach-exposing-lo...