Comment by jrochkind1
3 years ago
Code review by a _third party_? Does that usually happen?
It's clear this was intended by the manufacturer of the trains, who directed the writing of the code, it's not like a hacker put this in without their manager knowing, right?
What kind of code review are you thinking of by whom?
[Wait, reading other comments, I'm thinking HN switched the article at the top, and some of these comments were written when the article at the top had much less information? That may explain why these comments are so confusing!]
In aerospace it definitely does happen. For example, NASA, as a customer, has the right to independently review flight software implemented by contractors.
I can neither confirm nor deny that independent review of software, especially of components involved in chain-of-trust and firmware loading, also happens for some of the largest-scale communication devices available on the global market, as required by multiple governments before allowing heads of state and other critically important persons to use them unmodified. ;-)
I have no idea how software for trains is (or should be) created.
So I meant a regular code review you would do for anything else.
I can see two scenarios at play:
1. either it's "free for all" and someone (anyone?) can put arbitrary shady stuff in the code
2. or there's a process for adding shady stuff to the codebase (some "stakeholder" creates a ticket, someone creates a PR, and the it's reviewed, etc.)
OK, I think someone's manager _told_ them to add this to the codebase. After the manager's boss told _them_ to make it so. And then it maybe got code reviewed, sure, and the code reviewer confirmed that it was bug-free and did what was intended. It is doing what the manufacturer wanted it to do.
I'm wondering if you read the same posts at the top, or if maybe HN has switched the link since you read it and commented? Or if you just reached different conclusions!
My conclusion was that it doesn't appear there is any reason to think this was a "rogue" employee. What motivation would they have to do this? The motivation belonged to the train company that made the trains and owned the the software, the company did it on purpose to try and make other repair facilities look bad and make their train repair facilities look like a better value.
I'm surprised that you seem to be considering that, maybe, like a programmer just put this in there without being told to. For fun? Just out of their own individual motivation to secretly help the company's profits?
> I'm surprised that you seem to be considering that, maybe, like a programmer just put this in there without being told to. For fun? Just out of their own individual motivation to secretly help the company's profits?
Considering this isn't a some random webshit SaaS, but a piece of critical national infrastructure, such a rogue programmer would - in my books - be committing treason.
(Keep in mind that functioning rail system is of military importance, and there's a literal war being fought just over our eastern border.)
2 replies →
Ah OK! No, the top link seems to be the same as before.
My Scenario 1. wasn't about some rogue employee, only about unstructured development process, possibly even with no version control.
So there's this one developer that adds the shady code, asked by a higher-up, but other developers don't even know about it if they don't look into those files. And so no-one has a chance to analyze if it's safe to add the code.
Or maybe there's version control, but anyone can commit to `develop`. And so you see a weird commit from someone else, but that's it.
The only _maybe_ non-criminal but still very shady and unethical way to do it that I can quickly come up with, is if there was a formal process for adding those "hacks" would be to implement it as any other feature, perform a full safety analysis, etc., just as I can imagine it's done for regular stuff.
But then I cannot really imagine how I would answer the question about deliberately messing with train subsystems, in a train that could be running >100km/h, full of passengers...
A day has passed and today my comments about code reviews don't really make sense to me anymore. I think I lost forest for the trees :).
So now it makes perfect sense to me that you thought it was about a 3rd party review, or about a rogue developer.
That should be a basic requirement for any purchase where public funds are involved in any manner. If something is not open source then third party audit should be a bare minimum.
I’m sure it was the work of a rogue engineer.