If you're wondering how things are going with the famous #DRM'd Polish trains, well, their manufacturer – #Newag – sued the hackers who had un-blocked them:
https://rys.io/en/175.html

But weirdly, after months of implying and suggesting that the locking code was added to the software by the hackers themselves, in the lawsuit the company now insists they did not in fact modify the software installed on the trains.

Why? Because that would not mesh well with the copyright infringement claim. 🤡

1/🧵

A lawyer from Stefan Batory Foundation told me what he thinks of Newag's lawsuit:

> "Based on the media description of the case it seems that we might be talking about a so-called SLAPP"

> "It is in public interest interest that journalists and civil society watch this case closely and verify if it indeed is a case of SLAPP and an attempt to curtail freedom of expression"

During the first hearing, Newag requested that the whole trial be made non-public. The judge rejected that request.

2/🧵

Newag does not offer any convincing explanation of how the locking functionality found its way into Impuls trains used by several different train companies all around Poland – and why only these trains seem to be affected.

“We have 23 different vehicle types and we have only experienced this with these particular trains” – said Piotr Wakuła, director of operations and technical bureau at Koleje Mazowieckie train company, while speaking at a parliamentary meeting in February this year.

3/🧵/end

@rysiek The last Polish train I took was Katowice to Kolobrzeg. The train hacked me and made me drunk. That is my excuse and I am sticking to it

@sullybiker that is known to happen, yes.

@rysiek this is still a really bizarre story and I want to thank you for taking the time to make updates available to people who can't read Polish

@KHoos my pleasure, I appreciate you saying that!

@rysiek Something I've not seen mentioned explicitly in this case but maybe you, having taken more interest, might know: did the original contract the train operating company signed for these trains specify any obligation to get the maintenance work done by Newag?

I assume not as it should have been mentioned but most of what I've read has been anti-Newag so I'm not sure.

@edavies in the specific case of the trains that were being maintained by SPS and which were the reason to hire the Dragon Sector guys to figure it out, the contract explicitly specified that maintenance *can* be provided by third party yards, and that Newag is supposed to provide all necessary documentation for that.

Newag seems to claim that "software is not documentation" when asked in public hearings about why the documentation provided by them was clearly not enough.

@rysiek I was in a carriage full of students, I think it's safe to say they tricked me.

@sullybiker how thoughtful of them!

@rysiek cc: @jon for visibility

@filiplachert Now added @rysiek to my Transport list so as I am more likely to see these posts 🙂

@jon haha, what an honor!

I have to be honest though, I very rarely post about public transport, and I do post often. I would really not want to end up spamming your transport list!

Not saying you should not keep me on it, of course, just making sure it's clear what to expect. 😉

@filiplachert

@jon oh, and fun fact, I quoted from your blogpost in my December piece on this in OKO.press (in Polish):
https://oko.press/kto-unieruchamia-pociagi-impuls-sledztwo-hakerow

Look for the word "sabotaż".

(I probably won't be able to publish an English version of that piece as that was before I negotiated a CC By-SA licensing of my pieces to myself from OKO.press, sadly)

@filiplachert

@emilion yeah, it's very popcorn-worthy. I just wish the Dragon Sector guys did not have to deal with this.

@rysiek Oh your posts about Newag are enough to justify keeping you there. And I think a “Trains-IT" list might be a little too niche 🙂

Meanwhile there was a big Newag presence at Innotrans in Berlin, and they aim to get this new electric locomotive approved in Germany. On the IT side that is going to be fun!

@filiplachert

@jon hah, yeah.

The utter tragedy of all this for me is that I *want* train manufacturers to succeed, and I *want* Polish companies to succeed. And for a long while Newag was an example of a success story. I loved taking their trains.

Sigh.

@filiplachert

@rysiek Yep. Totally with you on that. And - from a customer perspective - even these Impuls EMUs are not bad. And given the headaches Talgo/CAF/Alstom/Škoda have currently, having genuine alternatives from Poland would be very welcome! @filiplachert

@stripey that's an excellent question that I don't know the answer to.

But @q3k probably does!

@emilion

@rysiek So the gist of #Newag 's copyright claim is that the #DRM, which didn't exist, was there by design, and the trains that wouldn't move were in fact fully functional, and therefore making them move was not repair?

@trantion pretty much, yes.

@rysiek Public money, public code!!!

the government should only pay for #freeSoftware . If the bill is footed by the taxpayer... the corporation should have no case to "hide" what they are doing in the software.

@rysiek Imagine the balls to try to persuade the court that
1. the hackers infringed copyright
2. the hackers did not modify the code
3. they know nothing about any blocking mechanism in their software even though the hackers just proved that it exists and even told them how to circumvent it.

There is no number high enough Newag NEEDS to pay for this WHEN they lose.

@Brokar it's worse: Newag's technicians were routinely able to unblock these trains in minutes on-site.

Dragon Sector guys found a kind of "Konami code", where pressing a specific sequence of buttons in on the driver's console would reset the block on a train.

When the word got out, the "Konami code" started disappearing from the code in trains.

@rysiek Watching this lawsuit very closely, I can't unsee the dirty toilet newag presented as evidence. Ever since then I consider peed-in toilet to be a part of newag's logo - or as I recently started to call them - pisswag

@elly @rysiek i wonder how a dirty toilet can be related to drm

@9lore @elly it was during a meeting at the parliament, and constituted a really low-blow attempt at smearing the train operators and independent maintenance yards, to try to make it seem like whoever is claiming the locking code was there is incompetent and should not be listened to.

It got shut down *hard* by the parliamentarians running the meeting. It was a thing to behold.

@nicemicro @rysiek

And by handing those fat government contracts to Free Software projects, they can have the projects evolve in directed ways more useful to everyone.

When I was at Tangent Animation, we used #Blender3d as our central animation app, and kicked money to their foundation, in return for which we got a say in what features were given developer time.

Worked great till Netflix murdered us.

@jon @rysiek @filiplachert
Impulses do get even better when your frame of comparison is any flavor of EN57. And the modern EMU market in Poland is pretty much Newag, Pesa and Stadler (and from what I've seen and heard, Pesa has been busy with orders from Czechia lately), making the Impuls a staple in places like Pomerania... And PKPIC has ordered hybrid ones to deal with its diesel loco shortage and expand services off the main routes... You can't overestimate how good of a legacy these things could have as *the* face of the new Polish railway.

@HaTetsu well said.

But the flipside is that once the Impuls trains started locking themselves up, *because* they are so widely used as basic workhorses by a lot of passenger railways, that immediately created a huge, huge problem for the railways, for passenger.s, and for municipalities and the like operating these railways.

I've listened to hours of parliamentary meetings on this with railway operators and passenger interest NGOs talking about this, it really hit hard.

@jon @filiplachert

@rysiek great write-up, thanks. Glory and a speedy resolution to Dragon Sector, give 'em hell.

@rysiek Is Newag going to be criminally prosecuted for this? They put logic-bomb into safety critical software, and lied about that.

@rysiek Meanwhile if you put your feet on the marks, are you never allowed to leave the spot again at the Newag stand at Innotrans? 🤔

https://www.railwaygazette.com/high-speed/high-speed-train-production-agreements-signed/67551.article

@HaTetsu @filiplachert

@richh they very actively tried to blame it on "hackers", i.e. Dragon Sector folks that figured out what's up.

And I would be surprised if the "hey we can just blame it on the hackers, everyone will buy it" thing was not at least a part of the reasons for the decision to not go the route you mentioned.

The stereotype is very strong in Polish media, and lends itself to that kind of crap. One reason why I am allergic to the abuse of the word "hacker" in mainstream reporting.

@rysiek @richh investigative engineers is a term we need to start introducing in PL

@RakowskiBartosz @richh no. Hackers is a term we need to reclaim.

We tried this "introduce new term, the old one got taken over" before, with "hacktivist". Got taken over as well.

The line must be drawn here.

@rysiek It's all very odd. They surely must know that absolutely noone is buying the "but hackers" story - especially after PCERT decided it was credible.

I don't have knowledge of Polish cultural norms or media portrayal of "hacking", but their audience isn't Poles - it's rail operators across Europe. They've massively misjudged this by not just blaming it on an error, apologising profusely, fixing it and putting it to bed. Instead they're going for an industry-wide "Streisand Effect".

@richh I do hope you're right.

But their stock price seems to indicate otherwise:
https://www.bankier.pl/inwestowanie/profile/quote.html?symbol=NEWAG (switch to 1y view)