frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

Open in hackernews

Turns out you can just hack any train in the USA

https://twitter.com/midwestneil/status/1943708133421101446
15•lyu07282•6h ago

Comments

DanAtC•6h ago
https://threadreaderapp.com/thread/1943708133421101446.html
linusg789•2h ago
https://nitter.net/stneil/status/1943708133421101446
railfan•5h ago
This is FUD spread by the auto industry to make people afraid of public transportation options like high-speed rail. If the rail industry is ignoring this CVE, then it must be because it's either not practically exploitable or not as severe as the author claims. Publishing an "exploit" on a major piece of industrial equipment is great for the resume, but testing it would be a federal offense, so we can assume that the author has no real idea whether it works or not. People who work for the railroad are smart, and have a lot more experience with trains than your average Lambda School grad, so I'll defer to their judgemental rather than enthusiastic headlines like this. Do better.
mikeodds•5h ago
eh I worked around this and other operational technology and industrial control system security testing previously - lots of it isn’t built with security in mind

test wise you’d be amazed at what old controllers end up at surplus places or on eBay.

harvey9•5h ago
Is Ethan Supplee in Unstoppable (2010) also auto industry propaganda, portraying some railroad workers as less than smart?
railfan•5h ago
Is a fictional character in an action movie a realistic or relevant point in relation to real life?
dns_snek•5h ago
> If the rail industry is ignoring this CVE, then it must be because it's either not practically exploitable or not as severe as the author claims.

> People who work for the railroad are smart, and have a lot more experience with trains than your average Lambda School grad, so I'll defer to their judgemental

That's a very idealistic view of the world, I don't think reality would agree. Ego, indifference, and plain incompetence are extremely common in every industry, then add onto that the fact that hardware companies are already notoriously bad at software, and then you can double the risk for entrenched companies that have little pressure to be proactive about these things.

This is exactly the kind of lax response I would intuitively expect from a company of this nature. I say that as I glance over at Boeing.

longfingers•5h ago
It would be very short sighted of the auto industry to criticize an insecure car to car protocol when that is a thing they want to implement with exactly the same security budget.

It needs local proximity RF which was probably considered an out of scope risk in the initial design but is more and more likely to be available by accident as newer RF devices have more defined by software.

MartijnBraam•3h ago
Maybe the CVE is being ignored because it's not such a big issue at all? It's already possible to cause a train to brake and make a disruption by pulling any of the emergency breaks inside it.
persolb•1h ago
I work on trains. This is FUD.

Except for 1 train in the US, no passenger trains use this function. It is only for long freight trains.

If you block it, the train still brakes…. Just the propagation is at the speed of sound instead of speed of light. Functionally, it doesn’t matter.

You can theoretically cause the brakes to apply, but then this system just gets cut out anyway. It’s not really required.

Gaming Cancer: How Citizen Science Games Could Help Cure Disease

https://thereader.mitpress.mit.edu/how-citizen-science-games-could-help-cure-disease/
40•pseudolus•3h ago•18 comments

Let Me Pay for Firefox

https://discourse.mozilla.org/t/let-me-pay-for-firefox/141297
369•csmantle•5h ago•300 comments

Bypassing Google's big anti-adblock update

https://0x44.xyz/blog/web-request-blocking/
764•deryilz•18h ago•659 comments

Notes on Graham's ANSI Common Lisp

https://courses.cs.northwestern.edu/325/readings/graham/graham-notes.html
22•oumua_don17•3d ago•2 comments

The upcoming GPT-3 moment for RL

https://www.mechanize.work/blog/the-upcoming-gpt-3-moment-for-rl/
55•jxmorris12•3d ago•16 comments

Axon's Draft One AI Police Report Generator Is Designed to Defy Transparency

https://www.eff.org/deeplinks/2025/07/axons-draft-one-designed-defy-transparency
49•zdw•2d ago•6 comments

Mysterious pre-Islamic script from Oman finally deciphered

https://www.science.org/content/article/mysterious-pre-islamic-script-oman-finally-deciphered
16•pseudolus•3h ago•4 comments

Zig's New Async I/O

https://kristoff.it/blog/zig-new-async-io/
239•afirium•14h ago•186 comments

You have a fake North Korean IT worker problem

https://www.theregister.com/2025/07/13/fake_it_worker_problem/
20•rntn•1h ago•4 comments

Chrome's hidden X-Browser-Validation header reverse engineered

https://github.com/dsekz/chrome-x-browser-validation-header
250•dsekz•2d ago•69 comments

Aeron: Efficient reliable UDP unicast, UDP multicast, and IPC message transport

https://github.com/aeron-io/aeron
48•todsacerdoti•17h ago•21 comments

Understanding Tool Calling in LLMs – Step-by-Step with REST and Spring AI

https://muthuishere.medium.com/understanding-tool-function-calling-in-llms-step-by-step-examples-in-rest-and-spring-ai-2149ecd6b18b
11•muthuishere•3h ago•0 comments

Hacking Coroutines into C

https://wiomoc.de/misc/posts/hacking_coroutines_into_c.html
108•jmillikin•12h ago•29 comments

Parse, Don't Validate (For C)

https://www.lelanthran.com/chap13/content.html
83•lelanthran•4d ago•39 comments

C++: Maps on Chains

http://bannalia.blogspot.com/2025/07/maps-on-chains.html
27•signa11•2d ago•10 comments

Why Lua Beats MicroPython for Serious Embedded Devs

https://www.embedded.com/why-lua-beats-micropython-for-serious-embedded-devs
13•willhschmid•5h ago•2 comments

Monitoring My Homelab, Simply

https://b.tuxes.uk/simple-homelab-monitoring.html
9•Bogdanp•3d ago•1 comments

Switching to Claude Code and VSCode Inside Docker

https://timsh.org/claude-inside-docker/
181•timsh•1d ago•107 comments

Experimental imperative-style music sequence generator engine

https://github.com/renoise/pattrns
34•bwidlar•4d ago•4 comments

Lost Chapter of Automate the Boring Stuff: Audio, Video, and Webcams in Python

https://inventwithpython.com/blog/lost-av-chapter.html
176•AlSweigart•20h ago•11 comments

Capturing the International Space Station (2022)

https://cosmicbackground.io/blogs/learn-about-how-these-are-captured/capturing-the-international-space-station
18•LorenDB•3d ago•1 comments

Edward Burtynsky's monumental chronicle of the human impact on the planet

https://www.newyorker.com/culture/photo-booth/earths-poet-of-scale
61•pseudolus•10h ago•9 comments

Reading Neuromancer for the first time in 2025

https://mbh4h.substack.com/p/neuromancer-2025-review-william-gibson
108•keiferski•5h ago•104 comments

MacPaint Art from the Mid-80s Still Looks Great Today

https://blog.decryption.net.au/posts/macpaint.html
930•decryption•1d ago•185 comments

Kimi K2 is a state-of-the-art mixture-of-experts (MoE) language model

https://twitter.com/Kimi_Moonshot/status/1943687594560332025
237•c4pt0r•1d ago•146 comments

The fish kick may be the fastest subsurface swim stroke yet (2015)

https://nautil.us/is-this-new-swim-stroke-the-fastest-yet-235511/
230•bookofjoe•1d ago•157 comments

Two-step system makes plastic from carbon dioxide, water and electricity

https://phys.org/news/2025-06-plastic-carbon-dioxide-electricity.html
71•PaulHoule•3d ago•30 comments

HNSW as abstract data structure: video intro to Redis vector sets

https://www.youtube.com/watch?v=kVApsFUeuEA
41•antirez•3d ago•0 comments

New Date("wtf") – How well do you know JavaScript's Date class?

https://jsdate.wtf
357•OuterVale•1d ago•208 comments

A better Ghidra MCP server – GhidrAssistMCP

https://github.com/jtang613/GhidrAssistMCP
93•jtang613•19h ago•15 comments