[userbinator]

If she truly wanted to make it free, why secretly tell Nintendo and nVidia first?

It's a cat-and-mouse game, and this mouse wants to tell the cat how to catch the other mice. In the old scene, you'd be branded a traitor for doing that.

[Jonnax]

"Why disclose this at all? Why not hold onto this in order to increase the number of affected Switch consoles?

Unfortunately, this bug affects a significant number of Tegra devices beyond the Switch, and beyond even the X1 included in the Switch. I can tell you, it wasn't fun to find a bug with such a broad impact; it significantly complicated the ethics involved.

In the end, given the potential for a lot of bad to be done by any parties who independently discover these vulnerabilities, I thought it best to disclose this immediately and under terms that ensured that the vulnerability reached the public quickly."

At the end of the day Tegra is used in a lot of places. Even cars. If there's a risk that someone could conduct a crime through through a firmware hack then that presents an ethical dilemma.

10 years ago there were few portables that you could run your own code on. Now there's things like the GPD Win.

All this homebrew stuff is a bit of fun and games at the end of the day. Calling someone a traitor because they decided to responsibly disclose a vulnerability is just childish.

[userbinator]

Even cars. If there's a risk that someone could conduct a crime through through a firmware hack then that presents an ethical dilemma.

If it was a remote exploit, I'd certainly agree about the ethical dilemma, but everything I've read suggests that this requires physical access.

As for being used in cars... don't get me started on what manufacturers are doing these days to stop repairs and modifications... just search "John Deere tractor hacking" to get a taste of what I mean (some articles and good discussion here on HN too.)

Calling someone a traitor because they decided to responsibly disclose a vulnerability is just childish.

It shows they cannot be trusted, and that they support the actions of companies who want to lock out users from the devices they own.

[Jonnax]

Sure. But at the end of the day Nintendo aren't some bad actor company that's forcing people to spend thousands in repair fees.

They make video games.

------

Trusted by whom? Essentially it's a group of internet hackers that are doing it for internet fame. Or in the case of others to make money off selling any hardware tools required.

"actions of companies who want to lock out users from the devices they own."

This doesn't really matter. When someone buys a Nintendo Switch they are aware that you can only use software from an official channel from the manufacturer.

It's not a sneaky action by them nobody is forced to use a Switch and its primary functionality is consuming entertainment products.

It's not like a router or tv set top box that you are forced to use.

Open hardware (in the sense of OS/software) is cheap and available today. If you don't want to be locked out of doing what you want to a device, then don't buy a locked down device.

[monocasa]

I mean, it's unpatchable in current systems, and the vendor would have it figured out quickly anyway. There's no reason not to go through responsible disclosure.

[DanBC]

For Nintendo to fix this they need to replace the IC.

They'd need to recall all the sold switches and replace the IC. And they need to specify a new IC for all future production, with some cost implication for new drawings and getting rid of stock.

[khedoros1]

Because the plan wasn't to make it free until she saw that someone else was planning to profit from it. I doubt she wanted it free; she wanted to spite the other group.

[fjsolwmv]

You can't be a traitor to someone you have no allegiance to.