>The narrative that has played out online is exactly what's wrong with this trashcan fire of a world.
>Everyone is an armchair expert. Everyone thought the worst. You've seen that I've been called a dick, idiot, and everything in between. Because sensationalised news sells. If the narrative was 'I added a sandbox to A Dark Room that lets you mod the game and provide a medium for kids to code (and technical parents to show their kids what they do),' it would have gone unnoticed.
This is just desperate. Nintendo are notoriously protective of their platforms and their IP. It has been an essential part of their business model for over 30 years, going back to the NES10 chip. Expecting Nintendo to disregard their own Terms of Service because this specific breach is well-intentioned is utterly naive.
Rajan says: "I snuck it in assuming that plugging in a USB keyboard and pressing the "~" key wasn't part of the test plan". He intentionally deceived Nintendo as to the nature of his app by including a hidden feature that allows for arbitrary code execution. He announced the existence of that feature on social media. What else did he expect to happen?
The fact that Nintendo were always like this does not mean it is okay. If there's anything wrong with this story it's how everyone seems to silently accept it is okay for a company to tell you what you can run on the hardware that you "buy" but not really own.
That's not the story at all. Rajan entered a voluntary agreement with Nintendo, through which his game would be distributed on their platform. He deliberately deceived them about the presence of a potentially security-critical feature, thereby breaching that agreement; Nintendo took the perfectly reasonable decision to remove his game from their platform.
There is a perfectly reasonable debate to be had about bootloader unlocking, sideloading and consumer choice, but this is not that debate. The issue here is fundamentally about someone intentionally deceiving a business partner.
Sidebar: There are no shortage of tablet-ish computers that will run arbitrary code. The Joy-Con controllers are class-compliant and will work with any Bluetooth host. There are open alternatives, but a lot of people buy the Switch specifically because it offers a curated experience with clear age ratings and effective parental controls.
To meaningfully contribute to the debate on walled gardens, it is first necessary to acknowledge their relative popularity compared to open platforms. If walled gardens were universally and unconditionally bad, it is implausible that they would have such broad market acceptance. In the case of Nintendo, this issue is particularly acute - many informed observers credit the NES10 chip and the Nintendo Seal of Quality with saving the video games industry.
I think that a legal fudge I would be satisfied with is where a manufacturer wants a branded store and some lock-in, that they nevertheless must allow secondary marketplaces, with the legal protection provided for both users and the original manufacturer that any secondary marketplaces can be contractually required to be clearly labelled as such.
Apparently, getting a Nintendo developer account is pretty difficult. You have to pitch a specific game to them and follow a bunch of rules to make your game and code secure. That's also why Nintendo treated this incident as such a big deal - they are very strict about access to the platform, and this blatantly broke their rules.
... and buy separate devkit hardware (relatively cheap compared to Wii U days, but still), make an actual game (devkit does not play retail games, and retail console cannot install dev-signed apps), get it through TRC/lotcheck, pay the fees to publish the game, give trailers/launch material to Nintendo, never once mention its secret purpose as a jailbreak, and then secretly share it with all your friends without any bit of the hacker community finding it out. Extremely easy.
> The switch is completely thoroughly irreversibly jailbroken at the hardware level already.
This has been fixed in hardware revisions since about a year ago. Getting a unit that is vulnerable to the so-called RCM exploit has become increasingly difficult.
(The boot9strap exploit against the 3DS, on the other hand, was never fixed. One wonders why.)
Consumers own their devices. You can't just assume everything a company puts into an agreement is legal, moral or enforceable. They're always trying to put one over their partners and consumers.
It's easy to continue the line of thought to absurdity, so I leave that as an exercise to the reader.
There's a few lines here that need to be drawn somewhere. Nintendo sells access to a platform to developers. It's not unreasonable that they aren't allowed free reign to control what's run; at some point one developers free reign would conflict with anothers.
Should the consumer have free control over what's running on their hardware? Perhaps. Let's for the sake of argument assume yes.
Then how should Nintendo and third party developers deal with hackers? Completely cut their access to Nintendo/game services? Now they have a brick.
The lines drawn for developers and consumers with respect to game consoles make sense and generally work for all involved.
I think your point has legs in other contexts (i.e. Apple products, right to repair, etc) just not here. If people feel differently they should vote with their dollars, but managed walled gardens will always be greener in some aspects.
Why is it reasonable to be given free reign to control what is run on their platform? this is why Apple gets away with anti-competitive practices like pulling apps that compete with newly released features, even though the apps weren't a problem before.
These are truly walled gardens. Worse, these walled gardens are monopolies that can and are abused by large companies.
Continuity. Standards and limitations keep the platform usable which makes it valuable to all involved. For walled gardens to be successful, both consumers and developers must both buy into them.
So, either people are painfully stupid or a managed platform has some appeal over free ones.
Continuity, ease of use, various warranties/guarantees make walled gardens attractive. If consumers have free reign and brick their device, it's hard to expect the manufacturer to have/honor any warranty. If developers have free reign there's no guarantee another application won't break theirs or that they won't break someone else's... or that it'll work with whatever the consumer is doing.
Yes, an obvious counter point is *nix systems, but there is some authority in that ecosystem which keeps most things working. It's still not painless to setup/use which prevents it from effectively competing with windows/Mac OS.
Simply put, the price of admission into a walled garden comes with some perks/guarantees/warranties which aren't readily available elsewhere.
Windows and Mac OS are not walled gardens in this way, although both Apple and Microsoft have shown signs of wanting to make them more so. Despite Windows not being a walled garden it has better continuity than any platform Nintendo has ever made, and ironically not only for Windows (and DOS) software but for most Nintendo platforms too via emulators.
Fair point, that was a poor example/counter example on my part.
What I had in mind was more a long the lines that windows/Mac OS isn't transparent and the consumer has limited control over what it's doing and how to implement things. Furthermore their official app stores are a walled garden of sorts.
Consumers/developers have a good deal of freedom on these platforms and with that comes breakage in various forms. Malware, instability, etc. And to deal with that you have repair shops/programs. System resets, fresh installs etc. Maintenance becomes a responsiblity of the consumer.
Like I said, the lines can move based on context. Moving the needle further towards freedom for developers/consumers gets you *nix systems - which is harder for your average consumer to maintain/use. Moving away gets you iphones/consoles, etc which "just work" and flaws in software/hardware handled by the manufacturer.
But since "free reign" has been about since 1834, there's about a 40/60 split between "reign" and "rein", and both make the same sense, I don't think anyone except daft old prescriptivists would care now, do you?
I'm not sure I buy that argument - according to the article it's a 20/80 split between "take the reigns"/"take the reins" with about the same number of samples. In that case, "take the reigns" seems egregiously wrong, and I question either the statistics or the sampled population.
> In that case, "take the reigns" seems egregiously wrong
But still understandable with the kind of context - "take the reins" and "take the reigns" would be imply "take control", no? (Sure, it's clunky, but that's English for you.)
You, the customer, are allowed to do anything with your device. What they are doing is blocking a developer that makes money on their marketplace for not following rules. They wouldn't allow anyone to sell pornography, malware, defective/broken software etc. either.
It is okay, just don't buy anything made by Nintendo unless you're ok with Nintendo's restrictive 'nanny console' TOS. You can run Linux and play GTA and Mortal Kombat on other consoles. Nintendo is geared towards people who like Nintendo.
I think the "Just don't buy it" mantra has been applied too broadly. It implies that people have no right to complain about a company, which I completely reject.
The ability to complain about companies is a fundamental right, although it's I important to understand that no one at Nintendo is listening. I personally hate Nintendo and despise the way they prevent young people from modding/hacking their consoles and playing GTA games. Those are the two things I want out of a gaming console, so I don't buy anything Nintendo makes.
Sony removed the ability to run Linux many years ago, after it was determined that it was impossible to prevent a jailbreak as long as the second OS feature existed. I’m not aware of Xbox ever supporting this.
Two comments on that A) its impossible to prevent jailbreaks no matter if a second OS option exists or not and B) the Linux option was removed since it was seen as an unneeded expense. Its function for Sony was to keep the people motivated to jailbreak a console from doing so. After the removal of the Linux option the PlayStation was jailbroken.
OtherOS was officially removed due to security concerns. I'm not sure how to find this offhand but my recollection is that OtherOS was used to facilitate jailbreaking the system. Its function wasn't to prevent jailbreaks but to get people interested in programming for the Cell processor.
A news article talking about George Hotz's original PS3 hack was released January 25, 2010. The PS3 software update that removed OtherOS was released April 1, 2010.
As I recall, ultimately Hotz managed to compromise the device's root key, and Sony determined that it was impossible to protect the key (after replacing it) as long as OtherOS continued to exist.
Sony did technically 'remove it', although it's still something that can be done if you're really interested in doing it. Nintendo seems to prioritize jailbreaking above everything else and for most of their consoles there's literally nothing interesting that can be done outside of using them to play Nintendo games.
Small nit - you probably mean "outside of using them to play Nintendo-approved games" since there's only 2 Nintendo games on the Switch here and 6 non-Nintendo games.
He means that if you don't like Nintendo's restrictive policies, you're more than welcome to play the vast majority of the games on the other consoles/platforms they're available on.
Nintendo gets a pass on a lot of crap other companies would get torched for by the internet community, DRM, DCMA take downs, etc. Nostalgia is powerful
Nintendo keeps providing excellent gaming experience that no one else does. Super Mario Odyssey is awesome not because it's the same old Mario guy from NES, but because it is just a great game.
Nintendo games are not polluted by the games-as-service and free-to-play monetization mindsets as badly as other platforms.
I don't like a lot of their rigidity, such as takedowns or still not getting rid of having stuff segregated by regions, but I appreciate what they contribute to the world of video games.
The fact that they are so strict in a very real way keeps a lot of crapware and annoyances (that I do see on other platforms, more or less linearly following the openness) off of the marketplace. I go from liking it to hating it more or less on a yearly cycle, but I have never hated it enough to stop owning their devices.
When I want something with solid gameplay that doesn't just sell because the graphics are so good (or whatever marketing flavour of the month is in vogue at the moment), a Nintendo console is what I go to.
The quality of software available on the nintendo store has nothing to do with how locked down the hardware is! Of course nintendo (or any other platform holder) would like you to believe otherwise, because by controlling the platform, they are able to maximize the profit extraction. Hardware lockdown and quality of the curated store has nothing to do with each other. Nintendo can (and should) continue to curate their store.
But if i want to produce homebrew for my own machine, I'd have to get permission from nintendo. I also have to pay for that priviledge, when the hardware is something i have purchased.
> The quality of software available on the nintendo store has nothing to do with how locked down the hardware is!
You say this and there was certainly a time when I would have agreed with you. Sadly, the reality doesn't match that belief so I no longer think that is the case.
My Mario history is SMB2, then Super Mario Odyssey. If you think I like SMO because of some nostalgia for SMB2, you might want to take another look at both games because there's an astonishing world of difference and very little in common apart from the name "Mario".
That's a bit of a silly argument. A games console is specifically sold as a device upon which you can play games, and nothing else. If you want to be able to perform other computing tasks and/or write your own programs you buy a general purpose computer not a games console. Your argument is a bit like saying "why can't I fry burgers with my fridge?"
Uh...not at all similar. Refrigerators don’t have the capability to fry burgers, and if someone came along and figured out a way to do that, the refrigerator manufacturer couldn’t say “your banned from making any modifications to our refrigerators”.
Switch piracy is massively easier than on PC. You just have to hack the console once and now you have access to every game. Also the games are signed by nintendo and the piracy installers verify that no one has modified the game since nintendo verified it so there is no risk of malware
Developers who make games for Windows PCs tend to fill them with so many "DRM" and "anti-cheat" measures that they might as well just sell them as a prebaked rootkit.
They are prebaked rootkits. They're marketed as such and I think they never pretend otherwise. The truly sad thing is the amount of people that still send money to people who knowingly compromise their entire machine. Then they are thankful for it.
That is how a lot of exploits start, though. Certain PSP games used to be valuable because you could present them with crafted save files to root devices.
Although, you could also buy special batteries that would let you root a PSP...what a weird handheld.
The point is, who knows, the game's scripting language could have shipped with an undocumented 'write word to memory' function.
The narrative in the article also misses the following point, which I've seen many times over the years, in both game dev and non-game dev shops:
It is massively unprofessional to ship an Easter Egg without broad consent to do so. Planning a fun "secret" for your users? Great! Surprising people involved in the publishing pipeline, esp. in a "will I get caught" way? Not so great. That's where Rajan went off the rails.
Indeed. Although this isn't sexually explicit, it reminds me of the trouble Rockstar got in after the Hot Coffee fiasco. Their publisher had to pay out hundreds of millions of dollars.
(Edit: pkroll is correct, the final penalties were $21 million.)
Everything about that scandal was stupid. In an M rated game (recommended for 17 and older), the protagonist could date women, be invited into their homes, and then the player would hear the sounds of the characters having sex. Fine, whatever. The game also allowed the player to sleep with prostitutes on the street to regain health, which would either cost them money or, if the player completed missions to become their pimp, earn them money.
The revelation that, in addition to those kinds of sex, a crude sex minigame could be revealed, if one made a bit flip to a config file with the help of third party software or hardware, led to:
* $21 million in penalties.
* The city of Los Angeles suing the company.
* A class action lawsuit whose initial plaintiff was a lady who bought the game for her 14 year old grandson, which would end with 2700 claimants being compensated.
* Hillary Clinton calling on the FTC to "take immediate action."
* Senator Lieberman, working with Clinton, proposed a law making the sale of violent games to children a federal crime.
But such an Easter egg could put Nintendo in a similar situation, and I can see why they can't let developers get away with hidden content like this. It would set a bad precedent.
I wasn't able to find their developer policy, but I'd assume this is a pretty cut and dry case of violating the policies he agreed to when he submitted the game for review.
Nintendo is very protective of running pirated or unofficial games, ever since the late 80's, when knock-off games were rampant and leading up to today with DRM. I'm sure it's against their policies to sell a game where users are allowed to write arbitrary games/code without Nintendo approval.
It would be different if the game was sold as a Ruby interpreter, because then they could at least verify it's capabilities and make an informed judgement about whether they should allow it.
To get an account there, you must agree to a few things, one being an NDA, and to get a Switch dev kit you must agree to a few more things, as well as go through a case-by-case evaluation of your game idea, if you are not an established game developer.
We won't be seeing the agreement(s) that were likely broken, and if you can see them, you are under NDA.
> The apps would be tied to the game itself, and would only be able to run when loading up that game, but you can see why Nintendo would take issue with its implementation.
I have a few guesses, but no, I don't see why Nintendo took issue with this. Is it because users could damage their devices with access to something like this? Is it because this could somehow be used to undermine Nintendo's DRM or cheat in online games?
There’s definitely an argument to be made about how this dev should only be shipping to hundreds, thousands, or millions of personal devices via Nintendo’s infra only what’s printed on the tin.
My hacker nerd side is all giggly.
My security and consumer conscious sides bristle at the idea some dev thought it was a great little in-joke to ship this to unsuspecting users.
> dev should only be shipping to hundreds, thousands, or millions of personal devices via Nintendo’s infra only what’s printed on the tin
That's a very long-winded way of saying, "He should only sell what was advertised."
> unsuspecting users
Nobody is forcing anyone to find or access Easter Eggs. It wasn't malicious nor annoying, it wasn't even accessible unless you attached a keyboard. I haven't seen any backlash from "unsuspecting" buyers, only Nintendo.
I see the potential worries from a security perspective, but as an "unsuspecting" consumer, why would you care?
The implementation is based on mruby, which is riddled with bugs. I spent some time reversing A Dark Room before it got removed. I am confident that there are bugs allowing ROP, from which point getting CFW is a matter of privesc. We have privesc to bootrom on every firmware version up to 7.x (inclusive).
I haven't seen any exploits from application level getting access to the OS. There is basically one exploit being used on the switch which uses a bug in the nvidia chip at boot which gives you a higher level of access than the OS and all of the security checks. Its such a powerful exploit that can only be fixed by a hardware change that no other exploit is needed.
You didn’t look too hard then. Deja vu got released recently. It’s a chain from unprivileged to bootrom. Got fixed in 8.0.0, the very latest firmwares. Look it up at https://switchbrew.org/wiki/Switch_System_Flaws
It’s currently the only known chain, and might be the only one in existence. And yet it’s a big threat. In practice, A Dark Room isn’t a particularly interesting entrypoint due to requiring an usb keyboard (web browser is easier to open). But it's understandable that Nintendo would want to keep those entrypoint to an absolute minimum. Especially since newer hardware revision exist which fixed Fusee-Gelee, the BootROM bug you talked about.
Just because you haven't seen them doesn't mean they don't exist.
And, there has been one pure "software" kernel access released (for 1.0.0), as well as a handful of later kernel exploits that haven't been.
Nintendo is right to be paranoid about ANY code execution, because that is the first step to reducing the pool of end users who can then "root" their consoles.
This is worth nothing to Nintendo and should be worth nothing to other people. This should've been done as a collaboration with Nintendo in order to actually bring Ruby to the Switch, not snuck in.
So wait, he did "an immense amount of pen testing", while at the same time this was something he snuck in at the last minute on a whim? Something doesn't add up here.
NGL I am not huge on Ruby (dont hate it just do more with Python) but I would buy that game just to code in Ruby in the game as weird as that sounds. I love out of the box easter eggs.
I love the amount of control we are using over our devices. It is not like people can do anything malicious with it.
Anyway; so like Apple (less and less luckily), Nintendo forbids editable code to run on their devices? Or is it allowed if there is a gaming aspect involved? Or just not at all?
It seems a full coding platform is being launched for the Switch[1], so that's likely not the problem. My guess is that they want to approve it first, which seems sensible if it's being published on their store (even if we wish there were alternatives to their store).
You can purchase a BASIC interpreter on the 3DS eShop. It's called SmileBASIC, and it's pretty full featured. http://smilebasic.com/en/
It doesn't make intuitive sense to me why a BASIC interpreter would be allowed, but not a Ruby interpreter. The difference is likely that Nintendo was never informed about the Ruby interpreter.
While I wish everything was user-modifiable, I'm generally okay with game consoles being locked down, because they don't bill themselves as general-purpose computing devices. I can't run my own software on my BluRay player either.
It was the deception by the developer. He chose to hide it from all reviews and gave a false description of what the product to sell on the platform was.
Was Excel 97 submitted to a separate authority for testing and validation prior to release? It was, don't you think the authority should have been informed of any hidden functionality or easter eggs?
It was submitted to a lot of stores with harsh requirements for shelf space, acting partly on testing and partly on trust. I'd say the authority there is comparable, and no they didn't need to be informed as long as the program admirably performed its job with no malicious code.
Which was then used to enable privilege escalation in an exploit.
https://mrnbayoh.github.io/basicsploit/
Nintendo is doing far more to prevent piracy and homebrew than they ever have before. It's no surprise to anybody who's familiar with this stuff that they aren't okay with arbitrary code execution, especially if none of the interpreter code was vetted/audited by anybody security conscious. I'm even surprised so many people here aren't getting it.
I will point out that the Switch already supports untrusted and unvetted code execution—it's called Javascript. The Nintendo Switch may appear to not have a web browser, but it pops up when you try to log into a captive portal. Without it, no one would be able to use public wifi hotspots.
I will also note that Nintendo hasn't exactly done a great job at preventing piracy or homebrew on the Switch—both are available provided you have a somewhat older model, and on the latest firmware even.
They did make efforts to hide the browser and I assume they were constrained by the need to enable users to access captive portals. A random Ruby interpreter by some developer not part of Nintendo is not in any way necessary for them, so there's no reason for them not to take the game down. Which they did. The reason why should be obvious.
As for their efforts: They've made far more effort than they ever have before. Using homebrew or custom firmware effectively means you can't ever use that device online again (which wasn't the case for earlier consoles).
Are you suggesting that just because they've made mistakes that they would be in any way inclined to let the Ruby thing go?
> Are you suggesting that just because they've made mistakes that they would be in any way inclined to let the Ruby thing go?
I didn't mean to suggest that! Sneaking a Ruby interpreter into a game without telling Nintendo was stupid, and Nintendo's response was entirely logical and acceptable.
However, if Nintendo had known about the Ruby interpreter and had reviewed it beforehand, but denied it anyway... well, I still wouldn't find that particularly scandalous, but I would say it's a bit of a dumb precaution on a device with a Javascript engine.
And if Nintendo is hiding the web browser on security grounds, that's dumb too! Who cares if the browser is hidden—as long as it's accessible, the people who'd use it to hack their consoles will jump through whatever hoops are necessary. Making the browser hard to open only hurts regular users.
I find it more likely that the browser is hidden because it's too buggy and unstable for widespread use. I've played with it, and it likes to crash. A lot.
Show me a captive portal that exploits a hole in the security of the Switch, and I'll show you a whole line of captive portals that will very soon no longer load on a patched Switch. Also, I don't think JavaScript is required by most captive portals. Form tags don't require JavaScript.
Recovery Mode was the fault of Nvidia, not Nintendo. Soon after that was discovered, the silicon for the Switch was iterated and now you need a signed binary, even in recovery mode.
They plug holes as soon as they find them. I don't think it's fair to compare the relatively limited number of people that work at Nintendo to the literal army of people that work to break Nintendo's work every day.
Edit: Oh, the particular article I linked has you use a public, specially-crafted DNS server, instead of setting one up on your home network as I've done in the past. Oh well, same principle.
Plenty of captive portals do indeed require Javascript, which is why the Switch's web browser supports Javascript.
A major issue (for me) with SmileBASIC is they removed (presumably at Nintendo's request) any way to export or import code except for their walled garden. Previous versions of SmileBASIC (for the regular DS, under the name Petite Computer) allowed one to (iirc) scan a QR code to input files. Someone has made a modem for SmileBASIC, but it's a lot of typing to get it loaded (presumably Nintendo would quickly pull it from the curated list of programs if someone tried to upload a copy of that).
The QR Codes were likely removed because they were cumbersome. I'm not convinced Nintendo was involved.
There's a Megaman clone for the DSi version which requires you to scan more than 100 (!) QR codes. That's not fun, and even as an edge case, it's not an experience you want anyone to have with your product. Better to push them to the central server.
I wonder how far you could go with a language game Zachtronics - style before Nintendo would shut you down.
I'm betting it would probably be all good until you allowed interfacing with some more basic underlying systems to the language (such as network for example) to the language. They can't be against custom map making for example right? How Turing complete are you allowed to make your custom map editor?
The requirement would probably be sandboxing without access to the rest of the machine, since that's what they've allowed for previous "programming toy" releases. SmileBASIC has full programming capability aside from direct hardware and network access, including comprehensive control of rendering and importing/exporting programs (http://smilebasic.com/en/).
See: Human Resource Machine on Switch. It's a game about programming in assembly where you actually program in "assembly". It's not real assembly, but at the same time, it kind of is.
Could you make a video game for these platforms, Nintendo or iOS, where there is a fully... is endogenous the word? virtual machine in the game world that you could program on? Like, the registers and compute cycles weren't real ticks, they actually happen within the game loop?
Like, if I made a space sim¹, and the flight computer ran on PICO-8², and there were actual transistors in the spaceship model, and there was a terminal with actual wires that go to them, would that get banned from the app stores?
Nintendo does tend to allow things that let users "code" their own games, as long as it's well-checked and the devs are upfront about it. See SmileBasic(http://smilebasic.com/en/), a commercial BASIC interpreter for 3DS that let's you make simple games, condoned by Nintendo and sold on the eShop. Coincidentally, it led to 2 separate exploit chains that allow for native code execution - Nintendo doesn't want any of that and it's understandable that they want to avoid any possibility of it happening, especially if the groundwork for such an exploit is getting snuck in as a legitimate game without even telling them about it. People will always find their way around sandboxes and limitations, especially on a highly targeted system like the switch.
What about people who already bought it? Does it stay installed on their consoles? And if they uninstall it, can they download it again?
It's probably moot because I'd expect Nintendo to demand a patched version of the game with Ruby removed to replace the existing version for those who bought it even if Nintendo decides not to allow it up on the store again.
I can't remember them pulling games off consoles - when people discovered games allowing code execution on the 3DS, Nintendo either marked patches as mandatory as soon as they were ready (so you couldn't play without updating) or attempted to block the exploit on the OS side (as they did with Cubic Ninja, since the studio behind it shuttered)
In what way was that code editor malicious? Did it allow i.e. creating your own games, modifying other games etc? I don't think so, since I'd expect apps on such platforms to be totally sandboxed. If you could only enter data into it via a keyboard, you couldn't even use it to download programs off the internet, except doing it the 80s "let's retype those ten pages of code into my computer" style.
Many of the console jailbreaks historically were done in a "sandboxed" game environment (e.g. buffer overflow exploits in save file names for Zelda: Twilight Princess on the Wii and Lumines for the PSP).
Even if there are newer, "safer" sandboxed environments, sandboxes are meant to be broken.
> I'd expect apps on such platforms to be totally sandboxed.
This hasn’t been the case for any previous Nintendo console. Xbox does use HyperV to silo games from apps, but we’ve never heard anything about Nintendo doing something similar.
If it's a full implementation with OS-level access, a USB device that fakes keyboard input could do all kinds of spyware-like stuff with only brief access to the hardware, and without most users even knowing it's possible.
The 3DS has a sandboxed BASIC implementation available complete with exporting and loading programs (http://smilebasic.com/en/), so other programming-in-a-VM games would probably be fine, presuming the developer was actually upfront about that at the time so proper security and content-rating testing could be done.
Feel free to port to a Switch emulator. I realize that the point of porting Core War is lost on an emulator. Even when the OS shell crashes, it starts right back up, anyway.
Isn't that a bug though and not a feature? Also running the inputs to generate compileable code isn't feasible on the original console because of the required precision of the inputs and only possible on emulators?
Nintendo did not intentionally build a way to create and execute arbitrary code in Super Mario World. It happens as a consequence of various unintentional bugs.
The existence of this phenomenon does not tell us anything about what Nintendo is "okay" with on their platforms, because it wasn't created purposefully.
If Super Mario World contained a "code editor", that would be a very different story. You can't very well create a code editor by accident.
Nintendo doesn't write code, people do; we can't say for sure this wasn't intentional. We don't know whether a developer left a trail of backdoors as a protest against Nintendo's well-known policy of tight editorial control of game developers, for example.
However, given the existence of this editorial policy, it's reasonable that they did not intend to include these backdoors in Super Mario World. Perhaps they didn't claw back this title because these backdoors were not known until recently.
This is fair, too. However, if you read about how these particular glitches worked, I find it extremely hard to believe that they would be implemented on purpose.
They're a consequence of a series of run-of-the-mill memory errors across the game's code. There would have needed to be a group of developers conspiring to make this possible... and for what? So a very dedicated player can spend hours painstakingly inputting a flappy bird game that will be lost when the system is turned off?
Another recent post here on HN is from the app developer himself. Only hours ago, he told detractors "not to worry" about Nintendo's response. And now this.
I will never understand why people buy consoles. By doing so, rather than getting some kind of pc, you are doing nothing but paying a lot more in order to greatly restrict your options and make all your gaming utterly beholden to some corp.
It used to be the case that consoles were more convenient and faster to play games on. Now the opposite is true. To run a console game you have to make and sign into an account, be online, it will need to update its OS, then update the game, and loading times are enormous.
For me at least, the appeal is that the Switch is capable of being handheld on things like the commute and flights. PC gaming is not as convenient or portable, and mobile gaming is not nearly as pleasant of an experience.
You don't have to be online to run a Switch. And the Switch uses solid state memory so loading times are pretty good.
I read every word of the post (including quotations) and watched every second of the video. I've played on a Switch (owned by someone else).
Can someone ELI5 what the issue is here or why there's any reason for remorse? Since it's a text adventure game, what's the difference between the game as allowed (text adventure) and the sandboxed bundled ruby? What's the difference between those 2 things? (A sandboxed ruby seems strictly equivalent to a text adventure game to me.) Not trying to be obtuse, just don't get it.
One issue that can easily crop up - the sandbox has bugs that allow access outside the game. This makes the game suddenly more than just an adventure game, and could be exploited. This is what Nintendo is trying to prevent here.
Oh okay. That's surprising to me because Ruby is a web language, so you would think that no, it wouldn't really have any known bugs like that. And again, if you're talking about potential bugs I'd think the text adventure game (or any game) might have bugs too. I still don't get it though because isn't it the user's hardware?
Is there some more context here? I'm still confused.
And this is what happens when people don't own the hardware they buy. Instead, they get awful DRM'ed bullshit, with a monopolistic store 'owner' digitally forcing whatever they say on their fiefdom.
The first computer I had access to had BASIC built in. Having control of a computer of what runs and not is an absolute basic right of ownership.
And from these computers called "game consoles", you the purchaser have none of that.
Well, there's two separate issues at play, and then how they combine.
There's whether you should be able to run your own code on your own device, which I think most people here are on board with.
Then there's whether you should be able to misrepresent what you've agreed to ship through someone's network when you've presumably signed contracts and made statements about that end up being untrue. I think most people would agree that Nintendo should have the ability to control what they allow in their store.
Finally, there's how these interact, because you can only really run stuff on the switch that Nintendo allows in their store, which makes the issue much more complicated.
Which part of the issue someone focuses on will likely inform how their comment is formed, but also how they interpret other people's comments, whether they are really focusing on the same aspect of the issue or not.
My sentiments exactly. To branch a little bit, Nintendo has been historically focused on preventing piracy. It makes sense given their consoles tend to be the easiest to hack of the big 3.
If you remember what happened on the 3DS with Cubic Ninja [0], that game’s level editor allowed the console to run homebrew code. That was inevitably another vector for piracy at a time where Nintendo was already grappling with the for-profit piracy enabler that was Gateway.
Based on this I can’t personally say if Nintendo is against homebrew running on their consoles or if they’re trying their hardest to prevent piracy, at the expense of homebrew. I do think that the feature included in A Dark Room would have had better chances of staying if the dev hadn’t kept it a secret through the publishing process, though.
As other commenters have pointed out, there is actually a BASIC interpreter available from the 3DS store, so interpreters aren't forbidden. And Nintendo has never been to friendly to software use outside what they explicitly allow.
I haven't seen anyone defending Nintendo's use of proprietary platform lock-in, but only that Nintendo should have been notified about it as part of publishing the game.
Nintendo is the video game equivalent of Lincoln Logs. There are people who find freedom in the constraint provided by the lack of configuration possibilities offered by a pile of Lincoln Logs. LEGOs are infinitely more complicated and full of possibilities, but they're going to frustrate the hell out of a Lincoln Log enthusiast.
> As for microwave ovens and other appliances, if updating software is not a normal part of use of the device, then it is not a computer. In that case, I think the user need not take cognizance of whether the device contains a processor and software, or is built some other way. However, if it has an "update firmware" button, that means installing different software is a normal part of use, so it is a computer.
The Switch does have an "update firmware" function, in addition to being able to install software (games) from the internet or from physical media, so it definitely counts as a computer under this definition.
I agree with you. On the other hand, what if someone wants an awful DRM'ed bullshit? Seems like poor form to purposefully bait-and-switch them. If, say, my Yubikey had some secret dance move that allowed people to read the private key from it, I'd be pretty miffed.
Not on the point of access to personal information- my phone, and I would guess thousands of others, have and use a banking app, have contacts, etc. YubiKeys are similarly not constrained to one use case, and I, too, would be pretty irritated if someone bypassed my laptop's encryption by pressing tilde.
That's not to say that jailbreaking, or any other gaining of execution is inherently bad, it just depends on the use-case- as a teenager, programming on a Switch sounds great, while as a parent, the possibility of my kid gaining access to unlimited blood and gore, Konami code style, might turn me off the platform.
People do own it, and when we bought the hardware, we were sold a game console that plays games specifically designed for it.
That's it.
If you expected more, you've been lied to. It does exactly what it's supposed to do, exactly what it was sold to do, and it does this very well.
If you want development hardware, then buy development hardware. There's no shortage of it; it's everywhere. Go nuts.
If you buy commercial hardware meant for use by end users, made by a company that fights hard against piracy, you get hardware that is anywhere between "annoyingly difficult" all the way to "virtually impossible" to use in your own way. This should not come as a surprise.
The Switch is sold as a game console, and nothing more. Certainly not a development platform. If you can squeeze a development platform out of an off-the-shelf Switch, you are lucky. If you can't, then you got exactly what you were sold, and you have (in my eyes) very little room to complain about the lack of development capability. You knew what you were buying when you bought it.
Looks like this new platform is getting flooded, and Nintendo's quality control is not keeping up. A game like this should have never been allowed a release - just from the poor visual quality alone.
>Everyone is an armchair expert. Everyone thought the worst. You've seen that I've been called a dick, idiot, and everything in between. Because sensationalised news sells. If the narrative was 'I added a sandbox to A Dark Room that lets you mod the game and provide a medium for kids to code (and technical parents to show their kids what they do),' it would have gone unnoticed.
This is just desperate. Nintendo are notoriously protective of their platforms and their IP. It has been an essential part of their business model for over 30 years, going back to the NES10 chip. Expecting Nintendo to disregard their own Terms of Service because this specific breach is well-intentioned is utterly naive.
Rajan says: "I snuck it in assuming that plugging in a USB keyboard and pressing the "~" key wasn't part of the test plan". He intentionally deceived Nintendo as to the nature of his app by including a hidden feature that allows for arbitrary code execution. He announced the existence of that feature on social media. What else did he expect to happen?