Have you heard about the Polish Train company, Newag, and the bullshit it turns out they got up to?
So, the regional rail operator Koleje Dolnośląskie bought some Newag Impuls back in 2016 . In late 2021, some of them need to have major maintenance done, as they've been in service a while. So the company SPS (Serwis Pojazdów Szynowych) gets the contract to fix them. They basically take the train apart, replace a bunch of it, following all the rules in the documentation Newag gave them, and... it won't move. The train says everything is fine, the brakes are off, there's plenty of power, but you push the throttle up and it won't move.
SPS spends a while trying to figure out what the fuck is wrong, with no luck. So they hire some hackers from the Polish security group Dragon Sector. Dragon Sector figures out how to get into the code of the computer system that runs the train, and OH MY GOD.
So it turns out there's a secret train-lock system. If it's on, the train won't move. This will be triggered in some situations you might think are normal: the clocks are wrong, the serial numbers of the various parts have changed, and a firmware mismatch between the main computer and the power system. Now, the fact that it makes sense to not run the train in these situations until someone can check it? that doesn't extend to the fact the train uses a SECRET lock system, rather than just popping up an error message telling you what's wrong. There's also the problem that while these are all potential error problems, they can't be cleared by anyone with the technical manuals, which are supposed to cover everything about how to run these trains. Only Newag themselves can reset this system.
Which, you know, keeps SPS from properly fixing them. Only Newag can fix them now, but not because SPS lacks any technical ability, but because Newag sabotaged their own trains. But don't worry: it gets worse.
So now that Dragon Sector knows what's happening, they get to look at other trains. It turns out the trains aren't all running the same software, and there are other tricks in there.
One of them is a "how long has the train been stopped?" check. If the train hasn't hit 60 km/h in 10 days, the train locks itself and won't move until Newag can clear it. So, like, if a train is ever out of service, like it's going to a repair place... it'll break itself. Unless the repair place is owned by Newag.
But two of the trains go further: See, these trains have GPS built in, right? You may be able to guess where this is going...
THEY JUST MAKE THE TRAIN CHECK IF IT IS PARKED AT THEIR COMPETITORS' REPAIR YARD AND BREAK ITSELF IF IT WAS.
The sheer audacity of this move. This is frighteningly bullshit anti-competition self-sabotage.
This has, obviously, made some parts of the Polish government to start investigating this. Newag may be (and hopefully will be) in a lot of trouble.
For more info, there's a great video of a presentation by the three people from Dragon Sector who did the hacking, which was presented at the 37th Chaos Communication Congress in Germany.
Ars Technica also has an article on it, but it predates the presentation so it doesn't have some of the later details.
Anyway, the good news is that in the end the hackers at Dragon Sector were able to unlock most of the trains: A few had additional trickery that they didn't want to hack around, because it might break the train's certification. For the others, they discovered undocumented "cheat codes" in the software that they could use to bypass the secret lockouts... presumably the same ones that Newag would have used when they "repaired" trains.
Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.
✓ Live Streaming✓ Interactive Chat✓ Private Shows✓ HD Quality
Anya is LIVE right now
FREE
Free to watch • No registration required • HD streaming
Picks and Shovels is a new, standalone technothriller starring Marty Hench, my two-fisted, hard-fighting, tech-scam-busting forensic accountant. You can pre-order it on my latest Kickstarter, which features a brilliant audiobook read by Wil Wheaton.
During the Napster wars, the record labels seriously pissed off millions of internet users when they sued over 19,000 music fans, mostly kids, but also grannies, old people, and dead people.
It's hard to overstate how badly the labels behaved. Like, there was the Swarthmore student who was the maintainer of a free/open source search engine that indexed files available in public sharepoints on the LAN. The labels sued him for millions and millions (the statutory damages for digital copyright infringement runs to $150,000 per file) and, when he begged for a settlement, said that they would accept his life's savings, but only if he changed majors and stopped studying Computer Science.
No, really.
What's more, none of the money the labels extracted from teenagers, grandparents (and the dead) went to artists. The labels just kept it all, while continuing to insist that they were doing all this because they wanted to "protect artists."
One thing everyone agreed on was how disgusted we all were with the labels. What we didn't agree on was what to do about it. A lot of us wanted to reform copyright – say, by creating a blanket license for internet music so that artists could get paid directly. This was the systemic approach.
Another group – call them the "individualists" – wanted a boycott. Just stop buying and listening to music from the major labels. Every dollar you spend with a label is being used to fund a campaign of legal terror. Merely enjoying popular music makes you part of the problem.
You can probably guess which group I was in. Leaving aside the futility of "voting with your wallet" (a rigged ballot that's always won by the people with the thickest wallet), I just thought this was bad tactics.
Here's what I would say when people told me we should all stop listening to popular music: "If members of your popular movement are not allowed to listen to popular music, your movement won't be very popular."
We weren't going to make political change by creating an impossible purity test ("Ew, you listen to music from a major label? God, what's wrong with you?"). I mean, for one thing, a lot of popular music is legitimately fantastic and makes peoples' lives better. Popular movements should strive to increase their members' joy, not demand their deprivation. Again, not merely because this is a nice thing to do for people, but also because it's good tactics to make participation in the thing you're trying to do as joyous as possible.
Which brings me to social media. The problem with social media is that the people we love and want to interact with are being held prisoner in walled gardens. The mechanism of their imprisonment is the "switching costs" of leaving. Our friends and communities are on bad social media networks because they love each other more than they hate Musk or Zuck. Leaving a social platform can cost you contact with family members in the country you emigrated from, a support group of people who share your rare disease, the customers or audience you rely on for your livelihood, or just the other parents organizing your kid's little league game.
Hypothetically, you could organize all these people to leave at once, go somewhere else, and re-establish all your social connections. Practically, the "collective action problem" of doing so is nearly insurmountable. This is what platform owners depend on – it's why they know they can enshittify their services without losing users. So long as the pain of using the service is lower than the pain of leaving it, the companies can turn the screws on users to make their lives worse in order to extract more profit from them. This is why Musk killed the block button and why Zuck fired all his moderators. Why bear the expense of doing something nice for users if they'll still stick around even if you cut a ton of headcount and/or expensive compute?
There's a way out of this, thankfully. When social media is federated, then you can leave a server without leaving your friends. Think of it as being similar to changing cell-phone companies. When you switch from Verizon to T-Mobile, you keep your number, you keep your address book and you keep your friends, who won't even know you switched networks unless you tell them:
There's no reason social media couldn't work this way. You should be able to leave Facebook or Twitter for Mastodon, Bluesky, or any other service and still talk with the people you left behind, provided they still want to talk with you:
https://www.eff.org/interoperablefacebook
That's how the Fediverse – which Mastodon is part of – works already. You can switch from one Mastodon server to another, and all the people you follow and who follow you will just move over to that new server. That means that if the person or company or group running your server goes sour, you aren't stuck making a choice between the people you love who connect to you on that server, and the pain of dealing with whatever bullshit the management is throwing off:
We could make that stronger! Data protection laws like the EU's GDPR and California's CCPA create a legal duty for online services to hand over your data on demand. Arguably, these laws already require your Mastodon server's management to give you the files you need to switch from one server to another, but that could be clarified. Handing these files over to users on demand is really straightforward – even a volunteer running a small server for a few friends will have no trouble living up to this obligation. It's literally just a minute's work for each user.
Another way to make this stronger is through governance. Many of the great services that defined the old, good internet were run by "benevolent dictators for life." This worked well, but failed so badly. Even if the dictator for life stayed benevolent, that didn't make them infallible. The problem of a dictatorship isn't just malice – it's also human frailty. For a service to remain good over long timescales, it needs accountable, responsive governance. That's why all the most successful BDFL services (like Wikipedia) transitioned to community-managed systems:
There, too, Mastodon shines. Mastodon's founder Eugen Rochko has just explicitly abjured his role as "ultimate decision-maker" and handed management over to a nonprofit:
I love using Mastodon and I have a lot of hope for its future. I wish I was as happy with Bluesky, which was founded with the promise of federation, and which uses a clever naming scheme that makes it even harder for server owners to usurp your identity. But while Bluesky has added many, many technically impressive features, they haven't delivered on the long-promised federation:
Bluesky sure seems like a lot of fun! They've pulled tens of millions of users over from other systems, and by all accounts, they've all having a great time. The problem is that without federation, all those users are vulnerable to bad decisions by management (perhaps under pressure from the company's investors) or by a change in management (perhaps instigated by investors if the current management refuses to institute extractive measures that are good for the investors but bad for the users). Federation is to social media what fire-exits are to nightclubs: a way for people to escape if the party turns deadly:
So what's the answer? Well, around Mastodon, you'll hear a refrain that reminds me a lot of the Napster wars: "People who are enjoying themselves on Bluesky are wrong to do so, because it's not federated and the only server you can use is run by a VC-backed for-profit. They should all leave that great party – there's no fire exits!"
This is the social media version of "To be in our movement, you have to stop listening to popular music." Sure, those people shouldn't be crammed into a nightclub that has no fire exits. But thankfully, there is an alternative to being the kind of scold who demands that people leave a great party, and being the kind of callous person who lets tens of millions of people continue to risk their lives by being stuck in a fire-trap.
We can install our own fire-exits in Bluesky.
Yesterday, an initiative called "Free Our Feeds" launched, with a set of goals for "billionaire-proofing" social media. One of those goals is to add the long-delayed federation to Bluesky. I'm one of the inaugural endorsers for this, because installing fire exits for Bluesky isn't just the right thing to do, it's also good tactics:
https://freeourfeeds.com/
Here's why: if a body independent of the Bluesky corporation implements its federation services, then we ensure that its fire exits are beyond the control of its VCs. That means that if they are ever tempted in future to brick up the fire-exits, they won't be able to. This isn't a hypothetical risk. When businesses start to enshittify their services, they fully commit themselves to blocking anything that makes it easy to leave those services.
That's why Apple went so hard after Beeper Plus, a service that enhanced iMessage's security by making conversations between Apple and Android users as private as chats that were confined to Apple users:
Once upon a time, we had a solid way of overcoming the problem of lock-in. We'd reverse-engineer a proprietary system and make a free, open alternative. We've been hacking fire exits into walled gardens since the Usenet days, with the creation of the alt.* hierarchy:
When the corporate owners of Unix started getting all weird about source-code access and user-modifiability, we didn't insist that Unix users were bad people for sticking with a corporate OS. We reverse-engineered Unix and set all those users free:
https://en.wikipedia.org/wiki/GNU_Project
The answer to Microsoft's proprietary SMB network protocol wasn't a campaign to shame people for having SMB running on their LANs. It was reverse-engineering SMB and making SAMBA, which is now in every single device in your home and office, and it's gloriously free as in speech and free as in beer:
In the years since, a thicket of laws we colloquially call "IP" has grown up around services and products, and people have literally forgotten that there is an alternative to wheedling people to endure the pain of leaving a proprietary system for a free one. IP has put the imaginations of people who dream of a free internet in chains.
We can do better than begging people to leave a party they're enjoying; we can install our own fucking fire exits. Sure, maybe that means that a lot of those users will stay on the proprietary platform, but at least we'll have given them a way to leave if things go horribly wrong.
After all, there's no virtue in software freedom. The only thing worth caring about is human freedom. The only reason to value software freedom is if it sets humans free.
If I had my way, all those people enjoying themselves on Bluesky would come and enjoy themselves in the Fediverse. But I'm not a purist. If there's a way to use Bluesky without locking myself to the platform, I will join the party there in a hot second. And if there's a way to join the Bluesky party from the Fediverse, then goddamn I will party my ass off.
Check out my Kickstarter to pre-order copies of my next novel, Picks and Shovels!
If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
okay so, definitely the most interesting thing i found in the dead souls text files (and honestly the one thing i'd been looking for) is what this line was in japanese
the original line is:
フッ……
わしは天涯孤独の身やさかい、
こないな体験は新鮮でええわ。
the phrase they translated as "not having a family" is 天涯孤独
so yknow. make of that what i you will i suppose. i get the sense he wouldnt say that if he was *rejecting* living relatives as family, so i do think he really doesnt have any living relatives. and i think it's been that way for a loooong time, because the context for this conversation is dads taking baths with their kids when they're little, and he's saying that bathing with someone is a novelty to him, so i have to assume he hasn't experienced that for himself as a kid *because* he didn't have parents growing up
edit: this is also the exact same phrase he uses in y4 during the '85 flashback scene, where he says he won't be "leaving anyone behind"
i got too silly. another carpet ficlet for the fiddauthor archive. I SWAPPED BODIES WITH MY RESEARCH ASSISTANT AND ALL I GOT WAS THIS FUGLY CARPET! NOT CLICKBAIT! don't take it or me seriously ever
Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.
✓ Live Streaming✓ Interactive Chat✓ Private Shows✓ HD Quality
Anya is LIVE right now
FREE
Free to watch • No registration required • HD streaming
The latest major release of HarvesterHarvester (HH) is finally here!!
For those who don't know: HH is a tool for "harvesting" data from the dat files of DigiFX Interactive's 1996 game, Harvester. In short, it gives you access to all of the game's files, restoring approximately 2.1 GiB worth of data in total.
HH was created as the first piece in a toolchain that I'm developing as I reverse engineer Harvester, with the ultimate goal being to eventually port the game to a more modern graphics library or game engine. No real reason why, I'm kinda doing this just because.
As of writing, the output from HH can be used in conjunction with another utility of mine, BMtoBMP (GitHub), to convert all of Harvester's static images into standard bitmap images. All the images above were created using this!
Coming soon will be a similar utility for converting the CMP music/voice files into some standard music file for easier viewing.
New in v2.0.0 is the ability to apply these same processes to other, similar games and file systems! This functionality is still experimental and a work in progress, but I hope to slowly add support for more, different varieties of ISO 9660 file systems as time goes on.
Additionally, I rewrote the entire program from scratch, increasing its execution speed by roughly 94%! There's a long story as to why this was necessary to begin with, but I'll leave that for a future devlog. In short, this rewrite not only cleaned up the project (and uncovered a handful of files that I somehow missed the first time around), it also made HH much easier to reason about and maintain.
