Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Comment Re:Remote exploit? (Score 1) 53

If it is a passive signal, it seems like the only thing preventing that is a lack of transmit power, at least to within the limits of the curvature of the earth (or, depending on frequency, maybe not even beyond that limit).

It's 220 MHz. Not super fancy. 5-15 mile (7-25 km) range.

Unless it's straight down from overhead (satellites, drones, etc.), in which case the curvature of the earth goes away as a factor, and you're just left with attenuation.

And it's hard to overestimate the potential for financial loss if someone remotely cracked into a SpaceX satellite and manipulated its SDR to send such a signal from space.

No, that ain't gonna happen. You'd need a huge amount of signal (kilowatts for many minutes?) delivered from low-earth orbit to overcome a fairly high-power signal generated only a few miles/km away.

Wait, overpower another signal? That's a new detail.

First, I would assume that such a signaling mechanism would use some sort of spread spectrum or frequency hopping approach to allow multiple senders, or else you'd kind of have a signal-shaped mess on your hands, unless the wattage is *really* small, because presumably a train would "see" more than one signal/switch point at any given time. And if it is really small, that makes it easier to overcome.

Second, if this is PTC we're talking about here, I don't think there are PTC signals on every mile of track all across the country. They put that stuff where it is needed, e.g. near curves with slow speeds. Anywhere else, there would presumably be no signal to overcome, making the threshold for detection way lower.

From a quick Google search (which might not be accurate, given that I didn't dig into the results deeply), PTC receivers on a train can detect signals as small as -95 dBm. A SpaceX satellite can push 34.47 dBm (though whether it can do it at that frequency or not, I couldn't say). You'd have about 5.5 dB of atmospheric attenuation at that frequency and about 92 dB of free space path loss. So given line-of-sight from space through open air, I think getting the signal to be detected by a train should be feasible in the absence of an interfering signal from the ground, with a fairly sizable noise margin, but I could be understanding the math wrong.

That said, even if you had to overwhelm a multi-watt signal, such that a satellite was infeasible because of the signal loss, that would still leave drones, balloons, things left by the side of the track, things hanging from bridges, etc. After all, sending out a few watts from the ground is really no big deal. I've seen handheld CB radios with that much output (different frequency, but you get the point).

So I think you're overestimating how hard this would be to exploit. But I could be wrong. I'm not an RF engineer, and I don't really have the desire to spend a lot of time researching this. Again, my gut says if nobody has exploited this to cause chaos, it means nobody cares enough to bother, which is probably good, because it means there are way fewer terrorists, etc. than we've been led to believe.

Even if the attack requires two-way communication, the attacker still wouldn't need to be close to the train; the signal generator would. Nothing prevents someone from maliciously dangling a battery-powered or solar-powered, cellular-capable pod off the edge of a highway bridge that crosses a railroad track and being half a continent away when actually triggering it.

Give me a break. An evil-doer would have to dangle a lot of battery-operated jammers everywhere along the line, and then all it'd do is slow the darned train down, safely.

Can PTC not completely stop a train? I thought it could. If so, then there's no reason you couldn't completely stop the train. It isn't hard to transmit a signal for a couple of miles in that frequency band. A watt or two should be adequate, plus whatever you need to overcome any other signals if there are any at that particular spot.

This feels like it would be a great Bond movie plot. Someone stops a train and robs it using a drone with a fake PTC signal.

Comment Re: Remote exploit? (Score 1) 53

Nothing prevents someone from maliciously dangling a battery-powered or solar-powered, cellular-capable pod off the edge of a highway bridge that crosses a railroad track and being half a continent away when actually triggering it.

Except that as the train passes under bridge, it will momentarily interrupt the brake signal, yes, but as the train slows down it will go away from the transmitter and likely get far enough away to restore the signal and the train brake signal will be restored, so the train keeps going...

(Train brakes aren't like throwing an anchor from a ship, they take time to stop the train.)

Yes, you could attach the transmitter to the train, but, really, what's the point?

You're assuming you can't transmit the signal for at least half the stopping distance of a train. If you can, then you start transmitting at half the stopping distance, and it will stop before it leaves the signal range.

In practice, one mile of range would likely be enough for even the heaviest trains.

Comment Re:These Companies Are Fucked (Score 4, Insightful) 32

Yup. But this wasn't ever about protecting children. These laws are about shaming people, and asserting dominance over those who like things that they don't, and about compiling an easily subpoenaed list of people whom they consider deviants.

If the laws were really about protecting children, they would have passed a law requiring browser vendors to provide age check support in a privacy-protecting way.

Comment Remote exploit? (Score 1) 53

"The physical aspect really only means that you could not exploit this over the internet from another country, you would need to be some physical distance from the train [so] that your signal is still received."

If it is a passive signal, it seems like the only thing preventing that is a lack of transmit power, at least to within the limits of the curvature of the earth (or, depending on frequency, maybe not even beyond that limit). And it's hard to overestimate the potential for financial loss if someone remotely cracked into a SpaceX satellite and manipulated its SDR to send such a signal from space.

Even if the attack requires two-way communication, the attacker still wouldn't need to be close to the train; the signal generator would. Nothing prevents someone from maliciously dangling a battery-powered or solar-powered, cellular-capable pod off the edge of a highway bridge that crosses a railroad track and being half a continent away when actually triggering it.

On the flip side, the fact that this hasn't been exploited yet is a pretty strong indication that nobody is trying to attack us, making it likely a pretty low risk. :-)

Comment Re: effective? (Score 1) 122

You are talking about experts. Experts are always wrong and Republicans are always right!

Oh, silly me. How could I make that mistake. You are of course correct. Let me fix that for you.

Listing it is the right thing to do. That doesn't make it the proximate cause of death if the person dies, though. The folks who crunch the numbers know how to tell the difference between dying with COVID and dying from COVID. That's how we know that COVID caused a huge surge in strokes and heart attacks that, if we were using your approach, would not have been counted, because they don't look like deaths from COVID, and yet the statistics on their timing show that the excess clotting that caused them is, in fact, caused by (or at least triggered by) COVID or other viral diseases.

Did that address your concern?

:-D

Comment Re:Traffic Signals (Score 1) 71

Can it manage reduce gridlock and improve traffic flow by improving signal coordination during rush hour?

I think that is totally doable, but I'm not holding my breath for it to actually happen. If it worked, traffic would flow a few percent more smoothly, and only the traffic engineers would notice the difference. If it went wrong, anyone involved with the project would be mercilessly mocked, and their careers curtailed. Given that (combined with AIs' well-known penchant for occasionally going wrong), there's not a whole lot of motivation to implement such a system. Traffic engineers would prefer a system that works just okay 100% of the time, over a system that works optimally 99.9% of the time and does something crazy 0.1% of the time.

Comment Re:effective? (Score 1) 122

And Covid killed over 1 million Americans and many more world-wide.

Unfortunately, we don't know how many people COVID-19 killed. Because of political bullshit and an effort to obtain as much government gravy funding as possible, almost everybody was swabbed for COVID-19. So we have a decent idea of how many people were positive for it, but not of the result. I went in for an emergent heart cath and it was delayed for over an hour and a half because some asshole was waiting for the results of a COVID-19 swab. I was working in an ER and we would have car accident victims come in, and it was policy to test for COVID-19. If positive, COVID-19 was listed as a diagnosis, even though the cause of the injury wasn't COVID-19, it was "rapid unscheduled disassembly of vehicle and ejection of driver through windshield at 75mph."

Posted anonymously for obvious reasons.

Listing it is the right thing to do. That doesn't make it the proximate cause of death if the person dies, though. The folks who crunch the numbers know how to tell the difference between dying with COVID and dying from COVID. That's how we know that COVID caused a huge surge in heart attacks and strokes that, if we were using your approach, would not have been counted, because they don't look like deaths from COVID, and yet the statistics on their timing show that the excess clotting that caused them is, in fact, caused by (or at least triggered by) COVID.

Comment Re: effective? (Score 1) 122

but many people don't realise (or refuse to realise) the most popular vaccine given in America wasn't created by Americans.

I assume you mean that the Pfizer vaccine was developed by BioNTech, which is a German company; Pfizer (a U.S. company) just did the clinical trials, logistics, and manufacturing. Development of that vaccine was largely funded by the German government, and got no funding from Operation Warp Speed at all, though, so I wouldn't say that this is ultimately what happened. They developed it in spite of U.S. funding for a rival. :-)

Comment Re:Creating FUD (Score 1) 84

The user did not use any game enhancement or copier device.

The user by proxy through their device is accused of using a game enhancement or copier device and banned from the service. The device is not defective - it is blocked from access to Nintendo's online service which is separate with its own agreement and not part of the actual device or product purchased.

If you had said "The user's account is blocked", you would maybe have a point, though arguing that someone did something by proxy opens you up to all sorts of legal risk. A sane company would ban people who install a hundred pirated titles, not someone who installs one or two.

But as long as the ban is tied to the physical device, and a major part of the device's functionality no longer works, no reasonable person could argue that the device is working correctly, and if the device is not working correctly and cannot be made to work correctly by the user, that constitutes a defect, by definition. So unless your definition of "defective" doesn't agree with the dictionary's definition, the device is defective, and arguably by design.

That's enough to give Nintendo justification to refuse the return and send it back to the customer. In reality you are not going to hire a lawyer to file a $500 claim over the Switch, because it would cost you much more in attorneys fees which are not recovered, and you are forced to use arbitration (by the Mandatory arbitration and class action waivers) which are stacked against the customer.

Not necessarily. See my comment earlier about contracts of adhesion and unconscionability. Given a large enough class suing for class action status, there's a very good chance that the arbitration clause would get thrown out. Alternatively, given a large enough number of individual members all demanding arbitration at once, Nintendo could very well do the math and conclude that waiving the clause is in their best interest because of the cost of defending so many arbitration cases. The deck is only stacked against you if you don't band together.

Amazon's vendor contracts determine whether or not Nintendo has to take the return, not any agreement between the customer and Nintendo.

It's doubtful Amazon has any kind of active contract. Even if they do; you bet Nintendo would be dictating the terms of that contract, because they definitely would.

Amazon has a standard vendor contract. Take it or leave it. And they're a big enough player that there's really no negotiating with them, even for relatively big players like Nintendo, because Amazon could quite literally buy a ~86% supermajority interest in Nintendo with cash on hand.

It is entirely possible that third-party resellers would be the ones stuck with the useless hardware, rather than Nintendo, if the sales are happening through third-party Amazon vendors rather than directly. But if those resellers end up losing their shirts and going under, Nintendo won't have sales, so it isn't in Nintendo's best interests to screw them.

Amazon was an authorized reseller of Nintendo but lost status at some point. Both Amazon and Nintendo are going to know about consoles that have been restricted due to user behavior, and that in itself is not a defect in the product. It's like trying to return an "iPad with Verizon SIM" because you broke Verizon's rules and got banned from having an account with them.

You absolutely can return such a device, at least within the return period, because Verizon doesn't ban devices; it bans users. A different user obtaining that device would still be able to use the device. That's a key difference between what Nintendo did and what other companies do. By banning the device, rather than the account, Nintendo is effectively reducing the value of the hardware by hundreds of dollars. That's fraud, and there's really no grey area here.

Under some circumstances you may be allowed an exchange, but it's not a warranty return, and you probably get to pay a big restocking fee.

You keep using the word "warranty". A warranty is an agreement between you and the manufacturer. It has nothing to do with the reseller accepting a return. And yes, with Amazon, "It doesn't work" is a valid reason to return something. In fact, that's true with almost any company. Whether you can return it for a refund or just a replacement is another question, and if *you* are banned, then a replacement won't help.

But again, that's not what Nintendo is doing, at least according to the summary, so "it doesn't work" not only is a valid reason for a return, but also is likely to solve the problem.

then Nintendo generally speaking will be hard pressed to prove that their terms of service (being a contract of adhesion) are not unconscionable.

It is unlikely a court is going to find Nintendo doesn't have the right to ban whoever they want from their online service. We have yet to see a court do so to another online service provider.

We have yet to see a case where a company massively reduced the resale value of hardware permanently.

Of course Nintendo's user agreement also contains Forced Arbitration and a Class action waiver, and you have notice of these agreements on the retail package before you ever purchase your switch and open it up. It's a Clickwrap software license, and clickwrap software licenses are generally enforceable with respect to the software, no matter how restrictive the terms get about your usage of the software.

There's actually a pretty long list of those sorts of licenses by major companies that have been found unconscionable. The devil's in the details.

Nintendo has incentive to make used copies of games scary for consumers because they will make more money selling directly to the consumers, and this starts to rapidly fall into the "attempt to monopolize" section of the Sherman Act, which makes the behavior legally actionable federally.

It is not shown to be a violation of the Sherman act for a copyright holder to prevent the resale of their own licenses. Antitrust laws are great for promoting competition and all, but they don't require a company to allow a used market in their own intellectual property. You won't find resale of developers' games where the package shipped a printed steam code, or other one-time key, for example.

True, but that is a decision made by the game publisher. When it is a hardware vendor, which qualifies as a gatekeeper, it becomes a very different matter. We're on the verge of seeing Apple seriously beaten down by the courts over locking down iOS devices to only allow purchases from their store. And making it scary to buy games that are sold on physical media is a substantive step towards doing the same thing on Nintendo's game platform. From an antitrust perspective, going down that path would be highly inadvisable in the current legal climate.

To the extent that the game publisher and the gatekeeper are the same company, the antitrust concerns actually become more of a concern, rather than less, because you could argue that the game publisher Nintendo is colluding with the hardware vendor Nintendo to increase the value of their online store by discouraging third-party sales in ways that drive the industry towards a gatekeeper store monopoly. And now you have an even bigger mess, and you might even have problems with the DMA in Europe as well.

Comment Re:Your messages today will be read tomorrow (Score 1) 35

Given the rate of "progress" with QC doing prime factorization of arbitrary compound numbers, not only will I be dead by then, everyone who will have known me in my life will be dead. And if you add the criterion that QC must be cheap enough to make it worthwhile to crack my secret messages, there's a fair chance that everyone who would have known anyone who knew me in life in life will also be dead by then.

And no, I do not believe in doomsday prophesies.

Comment Re:Creating FUD (Score 1) 84

DOA returns don't work that way. As a vendor, Nintendo has two choices: refund the money and pay for return shipping back to Nintendo or refund the money and let Amazon scrap the product

Nintendo can refuse the DOA as fraudulent after identifying serial numbers. These are working units which are not refundable, even if the customer caused a problem with them.

There is nothing that would require Nintendo to compensate the retailer for accepting a return from the customer which does not qualify under the manufacturer's warranty. Goods are working at the time of sale, and the customer commits a Terms of Service violation causing their unit to be restricted. There is no defect in the unit, and any return as such is a fraud no different than a customer accidentally dropping their unit and attempting to claim warranty.

Actually, there's a huge difference. It's called the "reasonable person test". In law, that means that if a reasonable person would not expect a hardware purchase to suddenly get massively reduced in functionality for buying a used game, then Nintendo generally speaking will be hard pressed to prove that their terms of service (being a contract of adhesion) are not unconscionable. In the absence of such determination, Nintendo disabling the device at least arguably has no legitimate basis in the law, and could be considered fraudulent.

Add to that the presumption that Nintendo has incentive to make used copies of games scary for consumers because they will make more money selling directly to the consumers, and this starts to rapidly fall into the "attempt to monopolize" section of the Sherman Act, which makes the behavior legally actionable federally.

I could go on, but it suffices to say that this is highly questionable on Nintendo's part from a legal perspective, and is a really great way to get their company nailed to the wall on multiple federal charges.

That said, none of the questionable legality of their behavior, their terms of service, or their warranty policy negates the fact that Amazon's vendor contracts determine whether or not Nintendo has to take the return, not any agreement between the customer and Nintendo.

I have a colleague who ordered a thousand dollar CPU and other parts, then when the shipment came from Amazon it was just an empty CPU package. Someone opened the manufacturer's package, removed the actual CPU, and shipped them an empty package that had the number of the part they ordered on it. Amazon absolutely refused to help them. That would be the first time they needed a return with Amazon. Amazon would not take the return or make it good for them in any way whatsoever.

That's where you go to your credit card company and issue a chargeback. Amazon really doesn't have a choice in the matter unless you give them one. As someone who has used this process successfully, it is absolutely better than getting screwed by a sleazy vendor.

I understand your view that playing with copied games doesn't fit the criteria, but Nintendo obviously disagrees.

Nintendo's perspective is moot. What matters is whether a contract of adhesion is so draconian that it would be held unconscionable by the courts. I would argue that it almost certainly would be held unconscionable under those circumstances or anything remotely similar to those circumstances.

Nintendo does not even give room to argue against them on this, however. The Warranty terms on their product specifically cite "Unreasonable" use as a condition that will disqualify the unit from warranty coverage and specifically includes "usage with game copier devices".

THIS WARRANTY SHALL NOT APPLY TO DAMAGES TO THE PRODUCT CAUSED BY PARTS OR REPAIRS THAT ARE NOT AFFILIATED WITH OR AUTHORIZED BY NINTENDO (INCLUDING, BUT NOT LIMITED TO, ADAPTERS, SOFTWARE, AND POWER SUPPLIES).

And again, you're still talking about warranties. None of that matters. The return policy is dictated by a standard Amazon vendor contract, not by whatever pile of legal vomit Nintendo wants to put down on paper.

That said, installing a game presumptively manufactured by Nintendo or one of its licensees does not, at least to a reasonable person standard, meet the criteria you're mentioning here, which means installing a game that to the best of your knowledge is a legitimate copy of the game resulting in Nintendo choosing to brick your online access is fraud, and absolutely is grounds for warranty service, were you not returning the product through the original retail channel, which makes the warranty moot.

WARRANTY SHALL NOT APPLY IF THIS PRODUCT (a) IS USED FOR COMMERCIAL PURPOSES (INCLUDING RENTAL); (b) IS DAMAGED BY ANY UNAUTHORIZED MODIFICATIONS OR TAMPERING; (c) IS DAMAGED BY NEGLIGENCE, ACCIDENT, UNREASONABLE USE, OR BY OTHER CAUSES UNRELATED TO DEFECTIVE MATERIALS OR WORKMANSHIP (INCLUDING USE WITH GAME ENHANCEMENT AND COPIER DEVICES)

Nor does installing a game appear to meet the criteria here. The user did not use any game enhancement or copier device. The possibility that someone else may have sold a game that was so copied is moot. Nintendo still doesn't have any legal right to brick the device, even under a strict reading of those warranty terms.

And the fact that Nintendo has to do something to make the Switch 2 not work — that it is not the fault of the enhancement/copying device actually breaking the Switch 2, but rather Nintendo deliberately doing something in response to someone having used such a device — means that this warranty, if interpreted the way you interpret it, is likely not legally a warranty under Magnusson Moss, and therefore, sale of the product with such a fraudulent warranty would be per se illegal in the United States.

You can't just write a bunch of contract terms down on a piece of paper and claim that because someone appears to have violated them, that person has no rights. The law doesn't work that way. A company can disclaim a warranty only for things that were actually damaged by the use of third-party hardware, software, etc., not merely because of the use of third-party hardware, software, etc. The law is very clear on this. Their warranty terms do not give Nintendo any right to disable a device, nor to return a device so disabled, merely because Nintendo *knows* that someone has done so, much less merely because Nintendo *thinks* someone has done so. The legal bar is far higher than that.

Comment Re:Fully autonomous (Score 1) 242

Just wait until these little bastards have on-board AI that visually identifies targets and kills them autonomously. [...] This is not good.

Agreed, that is a scenario straight out of a Terminator movie.

That said, it won't happen (much) until they get the energy budget of all that AI down to something that can be powered by a drone battery for a sufficient period of time.

Slashdot Top Deals

The way to make a small fortune in the commodities market is to start with a large fortune.

Working...