Mastodawn

Ellis Pritchard

@ellispritchard@cyberplace.social

23 Followers

98 Following

149 Posts

A green geek, condemned to code software in a cluttered attic for evermore.

Show thread

Ellis Pritchard Jan 6, 2024

Pascal was the first language taught on my undergraduate course in 1990, and I ended up using it for a couple of years 'for real' in the form of Turbo Pascal in my first post-graduate job, for Radar configuration and maintenance software. A few years later. the course switched to Modula-2...

Ellis Pritchard Jan 6, 2024

"Remembering Niklaus Wirth: father of Pascal and inspiration to many": https://hackaday.com/2024/01/05/remembering-niklaus-wirth-father-of-pascal-and-inspiration-to-many/

(includes a great programming language joke)

Remembering Niklaus Wirth: Father Of Pascal And Inspiration To Many

Although perhaps not as much of a household name as other pioneers of last century’s rapid evolution of computer hardware and the software running on them, Niklaus Wirth’s contributions…

Hackaday

Ellis Pritchard Dec 31, 2023

Richard Murphy Dec 31, 2023

Tackling the nonsense talked about the national debt, and its cost https://www.taxresearch.org.uk/Blog/2023/12/31/tackling-the-nonsense-talked-about-the-national-debt-and-its-cost/. Politicians are ending the year talking total nonsense about the national debt and its implications. Let me shatter a few myths about both its size and cost, both of which are being dramatically overstated right now.

The government of Israel has to go: peace requires it

It is rare that a newspaper like the Financial Times will think that there is only one real headline news story, but that is the case today. This comes from one of its emails this morning: Every one of those stories relates to the conflict between Israel and Iran, and the...

Funding the Future

Ellis Pritchard Dec 22, 2023

pulsar Dec 22, 2023

In case you intended to get some work done today:

https://c64.krissz.hu/online-playable-games/

I grew up playing many of those games. Also nice job on the CRT emulation.

#c64 #emulation

Online playable Commodore 64 games

Play with your favorite Commodore 64 games online! Enjoy the greatest classics of your childhood!

Commodore64 retro

Ellis Pritchard Dec 5, 2023

Emeritus Prof Christopher May Dec 5, 2023

Michelle Donelan was in Brussels yesterday to formally sign-up to the UK re-entering the EU's #Horizon research programme.

Now, the Govt. is going to spend up to £10k per organisation to help them (re)attract #scientists & prepare bids for the rest of the programme's duration.

So essentially, we've held out for a better deal (which we didn't get), but due to #RishiSunak's dithering, we now have to 'pump prime' appplicants who are out of the habit of applying and/or have lost key staff

idiocy!

Ellis Pritchard Dec 5, 2023

q3k

Dec 5, 2023

I can finally reveal some research I've been involved with over the past year or so.

We (@redford, @mrtick and I) have reverse engineered the PLC code of NEWAG Impuls EMUs. These trains were locking up for arbitrary reasons after being serviced at third-party workshops. The manufacturer argued that this was because of malpractice by these workshops, and that they should be serviced by them instead of third parties.

1/4

Ellis Pritchard Nov 27, 2023

Jesse Nov 21, 2023

I don’t know if any time of my life has blurred together more than the last four years

Ellis Pritchard Nov 8, 2023

Ivan Enderlin 🦀Nov 7, 2023

Carbon Bombs, https://www.carbonbombs.org/.

Transparent data and visualization about the world's biggest fossil fuel extraction projects, and their links with companies and banks.

Example with TotalEnergies, https://www.carbonbombs.org/companies?name=TotalEnergies+SE

- 17 carbon bombs
- 43.6 GtCO₂ emissions
- 55.7 $B financed since Paris agreement

Top banks financing TotalEnergies:

- Crédit Agricole
- BNP Paribas
- Société Générale

And so on.

Pretty useful. Banks have a gigantic impact. Choose a better bank.

#carbon #ecology

CarbonBombs.org

CarbonBombs.org is a tool to follow the evolution of carbon bombs in the world.

CarbonBombs.org

Ellis Pritchard Jul 8, 2023

Peter Gleick Jul 8, 2023

What the hell is happening in the Antarctic?
#climatechange
#climatecrisis

Ellis Pritchard Jul 8, 2023

Amiga Love ❤Jul 7, 2023

Can we all just sit here and gaze upon this mastery by Rick Parks in 16 colors? No scanning, done by hand in Deluxe Paint on an Amiga. It's almost photographic in its perfection.

Rick worked at Westwood Studios and worked on Eye of the Beholder I & 2, Dune 2, Kyrandia and other classics.

Rick died in 1996. His incredible creativity lives on.

#pixelart #commodore #amiga #80s #90s #retrocomputing

Show thread

q3k

Dec 5, 2023

The key unlock was deleted in newer PLC software versions, but the lock logic remained.

After a certain update by NEWAG, the cabin controls would also display scary messages about copyright violations if the HMI detected a subset of conditions that should've engaged the lock but the train was still operational.

The trains also had a GSM telemetry unit that was broadcasting lock conditions, and in some cases appeared to be able to lock the train remotely.

3/4

Show thread

q3k

Dec 5, 2023

@redford and @mrtick held an unrecorded talk a bout this at OhMyHack in Warsaw - I unfortunately couldn't make it because of Munich snow.

For now this is making the rounds in Polish-speaking sources, but we do have a talk scheduled about this at 37C3, in which we plan to do a deep dive into this and actually publish our findings.

@zaufanatrzeciastrona 's article about this: https://zaufanatrzeciastrona.pl/post/o-trzech-takich-co-zhakowali-prawdziwy-pociag-a-nawet-30-pociagow/

O trzech takich, co zhakowali prawdziwy pociąg – a nawet 30 pociągów | Zaufana Trzecia Strona

Pociąg produkcji polskiej firmy nagle zepsuł się w trakcie serwisu. Fachowcy byli bezradni - pociąg był w porządku, tylko nie chciał jechać. W ostatnim odruchu…

Zaufana Trzecia Strona

Show thread

ifrauding Dec 5, 2023

@q3k @redford @mrtick @zaufanatrzeciastrona

A talk which takes the #37c3 motto "unlocked" literally. 🤯

Show thread

Cato [MOVED]Dec 5, 2023

@q3k @redford @mrtick @zaufanatrzeciastrona ohhh, that is one talk i CANNOT miss!!

Show thread

jomo Dec 5, 2023

@q3k @redford @mrtick @zaufanatrzeciastrona nice research, really looking forward to this!

Show thread

Dreit Dec 6, 2023

@jomo @q3k @redford @mrtick @zaufanatrzeciastrona If not, I hope EU will focus on it during this decade

Show thread

John Burns Dec 5, 2023

@q3k @redford @mrtick @zaufanatrzeciastrona

Is that a hack... or something put in place by company or its contractors?

Your post said 3rd party? Is that to mean they were using cheaper service providers?

---
I can only imagine what riders experienced.

Show thread

wikiyu Dec 5, 2023

@JohnJBurnsIII "3rd party repair" it means mostly - independent from manufacturer but doing all stuff provided by law and using certified materials, parts and so on...

Show thread

John Burns Dec 5, 2023

@wikiyu

Thank you.

Still feels like it should not have been part of operational code in the system.

To easy to abuse.

Show thread

Raven667 Dec 6, 2023

@JohnJBurnsIII @wikiyu I don't think there is any scenario where the described functionality isn't abuse, the only purpose for that code is abuse and I hope it's illegal, against the contract, and the purchaser can throw the law book at them and get real consequences including jail time for the executives who ordered this or knew about it.

I'm probably going to be disappointed in the outcome, but jeez that is some shit behavior when you already sold a fricken *train* at a profit

Show thread

sean corncob Dec 5, 2023

@JohnJBurnsIII @q3k it reads to me as "DRM to ensure that orgs who bought the trains were only using maintenance contractors authorised by the manufacturer" and I'm pretty sure that there's regulation against that kind of thing in other vehicles (cars, say)

Show thread

Adam Williamson

Dec 5, 2023

@outie @JohnJBurnsIII @q3k yeah, I think you're missing the story here, John. It's the train manufacturer doing very sketchy stuff to try and prevent operators from having them maintained anywhere but their shops. Like if your car maker slipped some bogus code in that made your car refuse to start if you had it serviced at the local garage. Or your phone manufacturer doing the same, ahem, Apple.

Show thread

John Burns Dec 5, 2023

@adamw @outie @q3k

OH. OK. Yes... I did not pick up it was OEM code.

This sounds like HP locking down their printers to only use ORM replacement cartridges. Or Keurig doing similar for coffee pods.

Show thread

M.S. Bellows, Jr.Dec 5, 2023

@JohnJBurnsIII @adamw @outie @q3k Except this is like HP printers *pretending* they're out of ink when they're not, while warning you that only HP cartridges will work.

Show thread

John Burns Dec 5, 2023

@msbellows @adamw @outie @q3k

🤔

And given you can't really see into those cartridges - I think I would not be surprised that is not the case.

I dumped my not quite 2 year old OfficeJet in 2012 - for repeated error codes no matter how many OEM new cartridges I stuck in there. In the end... >$100 in unused cartridges.

Happily using Epson since then... so 11 years of use and no repairs needed. Does what I need (rarely print, but need it when I need it).

#NevermoreHP

Show thread

just adrienne Dec 5, 2023

@JohnJBurnsIII @adamw @outie @q3k Both of which are also terrible and should be illegal, but definitely not on the same scale of badness as being able to REMOTELY DISABLE A PASSENGER VEHICLE!

Show thread

Matěj Cepl 🇪🇺 🇨🇿 🇺🇦Dec 5, 2023

@adamw @outie @JohnJBurnsIII @q3k And now let's see what @EU_Commission will do about that. It's good to mention, that for the anticompetitive behaviour (and worse) they can fine the manufacturer up to 10% of their worldwide turnover (not profit, turnover).

Show thread

Pepita Pepito Dec 6, 2023

@adamw @outie @JohnJBurnsIII @q3k checking against a blacklist of the GPS coordinates of third party repair shops is really out there compared to previously known hardware DRM shenanigans. what were the managers who authorised that thinking?! let's hope such examples lead to vigorous change in legislation. never thought we'd need "right to repair" for effing trains!

Show thread

Al Dec 5, 2023

@outie @JohnJBurnsIII @q3k
I wouldn't be too sure about that. When your car phones home for update the corp can put anything they want in it. Just wait till you get a speeding ticket based on the recorded speeds of your car.

Show thread

Dazzling Urbanite Dec 6, 2023

@mral @outie @JohnJBurnsIII @q3k

Hold yer horses there buckaroo.

Don't try to threaten me with the one GOOD outcome scenario...

Show thread

Al Dec 6, 2023

@apressler @outie @JohnJBurnsIII @q3k
I'm not sure what I said that was good. do you really want a ticket everytime you speed up to safely pass another car. There are a lot of times when your doing 55 and the guy ahead is doing 54 so you speed up to pass without taking a mile.

Show thread

Till O'Rly

Dec 6, 2023

@mral @apressler @outie @JohnJBurnsIII @q3k I'm sure there are ways to detect if you was just passing somebody or if you were speeding.

Show thread

Dazzling Urbanite Dec 6, 2023

@mral @outie @JohnJBurnsIII @q3k

Such a method as proposed is frankly stupid since it only punishes after the fact and preventing speeding is the desirable goal. A mandatory geo-gated speed limiter on all motor vehicles would be much more efficient and effective solution. But if fines after the fact are all that are on offer, then yes. Give it to me.

But not for you, of course. You are special and deserve to be treated as such. I think you should be given lights and a siren.

Show thread

Al Dec 6, 2023

@apressler @outie @JohnJBurnsIII @q3k
and so end productive discussion.

Show thread

SuperMoosie Dec 6, 2023

@outie
There might also be good reasons why its there.

Contract of purchase that maintenance has to be proformed by train manufacturer. Ie they might have paid less upfront as the profit is from the later maintenance over x years of contract.

Critical safety systems such as Automatic Train Control that should only be touched by suitably qualified staff. Mess with this and the safety certification goes, which might mean the train isn't allowed to run on the network, not have insurance or mass fatalities.

@SuperMoosie
This makes no sense. If this is put in place because of contract violations, the manufacturer can simply sue.

If the 3rd party workshop is unequipped to deal with the safety systems, which might mean loosing safety certification, then that is for actual authorities to decide and enforce

Show thread

Raglan Niall

Dec 6, 2023

@SuperMoosie @outie @JohnJBurnsIII @q3k this not some random dude servicing the train. It's a train service yard with huge infrastructure and a huge contract. In this story they describe going through the huge maintenance manual and finding no mention of these things. If it's a certification thing then it should clearly state this.
https://badcyber.com/dieselgate-but-for-trains-some-heavyweight-hardware-hacking

Dieselgate, but for trains – some heavyweight hardware hacking – BadCyber

Show thread

SuperMoosie Dec 6, 2023

@Niall
Thanks for the translated article. Yeah, agree
@outie @JohnJBurnsIII @q3k

Show thread

paru Montgomery-Gator-svn Dec 7, 2023

@outie @JohnJBurnsIII @q3k These trains are owned by governments right?

Ohhh I think there will be laws against this soon.

Show thread

Cats Who Draw

Dec 5, 2023

@q3k That's terrifying! Thank you for sharing (once it was declassified!) 🙀 @redford @mrtick @zaufanatrzeciastrona

Show thread

Phil M0OFX Dec 5, 2023

@q3k @redford @mrtick @zaufanatrzeciastrona Wow. That's a talk I'll be looking out for on media.c3! Sounds like they were taking a leaves out of John Deere and Apple's books. Hopefully it leads to a harsh lesson for NEWAG.

Show thread

GreenSkyOverMe (Monika)Dec 5, 2023

@q3k O.M.G.

Show thread

qwertyoruiopz Dec 5, 2023

@q3k @redford @mrtick @zaufanatrzeciastrona At what point do people call this kind of stuff a protection racket?

Show thread

Rocketman Dec 5, 2023

@q3k @redford @mrtick @zaufanatrzeciastrona Very impressive work. Congratulations!

I understand there´s no write-up of this available in English at this point? That would be great...

Show thread

q3k

Dec 5, 2023

@slothrop @redford @mrtick @zaufanatrzeciastrona

We'll release a full writeup as part of our 37C3 talk. It's a lot of work to gather all the data :).

Show thread

GDR!Dec 5, 2023

@q3k @slothrop @redford @mrtick @zaufanatrzeciastrona Respect!

Show thread

AURonline 🏡Dec 5, 2023

@slothrop @q3k @redford @mrtick @zaufanatrzeciastrona I let Edge translate the Polish article to English and it was very readable (machine translation has come a long way...). DeepL or Google Translate will most likely also work very well.

Show thread

rugk Dec 5, 2023

@AUROnline sidenote: Firefox translations has a privacy-first local translation feature which works in your browser and works quite good, so you can use that too.

Show thread

Isocat now → @isocat@tiggi.es Dec 5, 2023

Ugh. This gross, abusive violation of social contract brings Unauthorized Bread to mind:
https://raw.githubusercontent.com/wandyezj/reference/master/unauthorized-bread.pdf

@q3k @redford @mrtick @zaufanatrzeciastrona @kkarhan @raulinbonn @yacc143 @muiiio

Show thread

Graham Sutherland / Polynomial Dec 5, 2023

@q3k @redford @mrtick @zaufanatrzeciastrona fascinating work! looking forward to the talk

Show thread

gudenau Dec 5, 2023

@q3k @redford @mrtick @zaufanatrzeciastrona Dang, that really should be straight up illegal...

Show thread

noodlejetski

Dec 5, 2023

@q3k @redford @mrtick @zaufanatrzeciastrona

> Niestety pociąg, którym badacz podąża do serwisu, spóźnia się.

Show thread

virkon Dec 5, 2023

@q3k @redford @mrtick @zaufanatrzeciastrona Looking forward to this talk.

Show thread

Luke Dec 5, 2023

@q3k @redford @mrtick @zaufanatrzeciastrona Holymoly! 😮 I am really looking forward to this talk now! 🚃🔒

Show thread

Phillipp Dec 5, 2023

@q3k @redford @mrtick @zaufanatrzeciastrona looking forward to the talk!

Show thread

Felix B. Ohmann Dec 5, 2023

@q3k

well done. companies should not be able to get away with this.

Show thread

Marc-Oliver Schaake Dec 5, 2023

@q3k @redford @mrtick @zaufanatrzeciastrona OMG.

Show thread

stansobczyk Dec 5, 2023

@q3k did you update the software to rerun the train on your own or Newag was forced to do it ?

Show thread

Michał Kowalczyk Dec 5, 2023

@stansobczyk @q3k No, we found a way to reset the locks without modifying the software :)

Show thread

Irenes (many)Dec 5, 2023

@q3k @redford @mrtick @zaufanatrzeciastrona wow!!!! amazing to have caught them doing this. GOOD JOB on the research.

Show thread

rugk Dec 5, 2023

@q3k @redford @mrtick @zaufanatrzeciastrona wow cool, is not that anti-competitive behaviour somehow and likely illegal? I hope it is…

I mean did you somehow report it or so?

Show thread

Michał Kowalczyk Dec 5, 2023

@rugk @q3k @mrtick @zaufanatrzeciastrona
Yes, but not much happened so far...

Show thread

Dr. Heather Etchevers Dec 20, 2023

@redford @rugk @q3k @mrtick @zaufanatrzeciastrona "We are not aware of any action taken either by the Office of Consumer and Competition Protection or by the Railway Transport Office, which would seem to be competent to eliminate from the market practices that are damaging to local government organisations that are incurring considerable losses and to passengers who are forced to travel in crowds or use substitute transport for months."

Show thread