OK, I think someone's manager _told_ them to add this to the codebase. After the manager's boss told _them_ to make it so. And then it maybe got code reviewed, sure, and the code reviewer confirmed that it was bug-free and did what was intended. It is doing what the manufacturer wanted it to do.
I'm wondering if you read the same posts at the top, or if maybe HN has switched the link since you read it and commented? Or if you just reached different conclusions!
My conclusion was that it doesn't appear there is any reason to think this was a "rogue" employee. What motivation would they have to do this? The motivation belonged to the train company that made the trains and owned the the software, the company did it on purpose to try and make other repair facilities look bad and make their train repair facilities look like a better value.
I'm surprised that you seem to be considering that, maybe, like a programmer just put this in there without being told to. For fun? Just out of their own individual motivation to secretly help the company's profits?
> I'm surprised that you seem to be considering that, maybe, like a programmer just put this in there without being told to. For fun? Just out of their own individual motivation to secretly help the company's profits?
Considering this isn't a some random webshit SaaS, but a piece of critical national infrastructure, such a rogue programmer would - in my books - be committing treason.
(Keep in mind that functioning rail system is of military importance, and there's a literal war being fought just over our eastern border.)
Indeed, a feature of hybrid warfare is targeting a country in various domains, including infrastructure. Poland is in the crosshairs of Russia, who has made very open and ridiculously malicious threats in the last two years toward the country, and we know Russia engages in such sabotage.
> such a rogue programmer would - in my books - be committing treason.
> Keep in mind that functioning rail system is of military importance
This sounds reasonable to me, and it made me curious how the US law of treason might apply to this scenario. (Obviously the US law is not relevant in Poland, but the American definition of treason is viewed as exceptionally strict, so it's interesting to consider.)
(American) treason has two elements:
I. You owe allegiance to the United States; and
II. You either:
(a) levy war against the United States; or
(b) give "aid and comfort" to the enemies of the United States.
A violation of criterion I might look like the Polish rail company hiring a Hungarian programmer who puts this code into the trains for whatever reason.
Making the trains stop running at predictable times seems like it could reasonably be read as "giving aid" to enemies of the state, if the information on how the trains work is communicated to them, or if a conflict actually occurs and the trains stop running during the conflict. If the enemy doesn't know about the issue and it never comes up during a conflict, it might be a challenge to argue that the enemy received "aid and comfort".
The other thing to note here is that the programmer would appear to be committing treason whether his boss told him to add the code or not.
Ah OK! No, the top link seems to be the same as before.
My Scenario 1. wasn't about some rogue employee, only about unstructured development process, possibly even with no version control.
So there's this one developer that adds the shady code, asked by a higher-up, but other developers don't even know about it if they don't look into those files. And so no-one has a chance to analyze if it's safe to add the code.
Or maybe there's version control, but anyone can commit to `develop`. And so you see a weird commit from someone else, but that's it.
The only _maybe_ non-criminal but still very shady and unethical way to do it that I can quickly come up with, is if there was a formal process for adding those "hacks" would be to implement it as any other feature, perform a full safety analysis, etc., just as I can imagine it's done for regular stuff.
But then I cannot really imagine how I would answer the question about deliberately messing with train subsystems, in a train that could be running >100km/h, full of passengers...
I'm wondering if you read the same posts at the top, or if maybe HN has switched the link since you read it and commented? Or if you just reached different conclusions!
My conclusion was that it doesn't appear there is any reason to think this was a "rogue" employee. What motivation would they have to do this? The motivation belonged to the train company that made the trains and owned the the software, the company did it on purpose to try and make other repair facilities look bad and make their train repair facilities look like a better value.
I'm surprised that you seem to be considering that, maybe, like a programmer just put this in there without being told to. For fun? Just out of their own individual motivation to secretly help the company's profits?