Nintendo Switch Ships With Unpatched 6-Month-Old WebKit Vulnerabilities (arstechnica.com)

← Back to Stories (view on slashdot.org)

Nintendo Switch Ships With Unpatched 6-Month-Old WebKit Vulnerabilities (arstechnica.com)

Posted by BeauHD on Monday March 13, 2017 @10:00PM from the buyer-beware dept.

An anonymous reader quotes a report from Ars Technica: Nintendo's Switch has been out for almost two weeks, which of course means that efforts to hack it are well underway. One developer, who goes by qwertyoruiop on Twitter, has demonstrated that the console ships with months-old bugs in its WebKit browser engine. These bugs allow for arbitrary code execution within the browser. A proof-of-concept explainer video was posted here. The potential impact of these vulnerabilities for Switch users is low. A Switch isn't going to have the same amount of sensitive data on it that an iPhone or iPad can, and there are way fewer Switches out there than iDevices. Right now, the Switch also doesn't include a standalone Internet browser, though WebKit is present on the system for logging into public Wi-Fi hotspots, and, with some cajoling, you can use it to browse your Facebook feed. The exploit could potentially open the door for jailbreaking and running homebrew software on the Switch, but, as of this writing, the exploit doesn't look like it provides kernel access. The developer who discovered the exploit himself says that the vulnerability is just a "starting point."

89 comments

Min score:

Reason:

Sort:

You say vulnerability, I say opportunity by Opportunist · 2017-03-13 22:03 · Score: 5, Insightful

You see, on consoles such things get fixed incredibly quickly. Not because console makers are security conscious, but because such holes allow people to actually own the consoles they paid for.

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
1. Re:You say vulnerability, I say opportunity by Anonymous Coward · 2017-03-13 22:20 · Score: 0
  
  Yah, I was waiting until some of the hardware glitches (dead pixels, etc.) were resolved. Of course, if they end up fixing/breaking the software issues by making it harder for end users to tweak their experience, I think I'd rather have an early product.
2. Re:You say vulnerability, I say opportunity by Anonymous Coward · 2017-03-13 23:58 · Score: 0
  
  such holes allow people to actually own the consoles they paid for.
  What is the point of a console anyway? Less powerful than a good PC, much less versatile, and not necessarily any cheaper...
3. Re: You say vulnerability, I say opportunity by Anonymous Coward · 2017-03-14 00:26 · Score: 1
  
  Well, you sure convinced me. Now time to go track down a copy of the new Zelda game on PC...
4. Re:You say vulnerability, I say opportunity by Anonymous Coward · 2017-03-14 00:33 · Score: 0
  
  Here Here.
  Let's just hope these aren't the only userland exploits that get published, the system just came out and most people don't even have one yet. (Myself included.)
  Expecting the scalpers will probably increase the price again though.....
5. Re:You say vulnerability, I say opportunity by Anonymous Coward · 2017-03-14 00:36 · Score: 0
  
  Isn't it "hear hear"? Because "here here" doesn't make any sense.
6. Re: You say vulnerability, I say opportunity by Anonymous Coward · 2017-03-14 00:46 · Score: 0
  
  Languages evolve. Get over it. Herp derpy derp, shit-o shit-o frito doritto!
7. Re:You say vulnerability, I say opportunity by Anonymous Coward · 2017-03-14 01:02 · Score: 0
  
  The hardware issues are largely overblown. It's just a combination of hype around the release, a lot of press coverage, and a shortage of replacement stock. The vast majority have no problems with their hardware. They sold 2 million pre-orders, and you're hearing maybe a couple of thousand vocal complainers, the true failure rate is well under 1%.
8. Re:You say vulnerability, I say opportunity by The+MAZZTer · 2017-03-14 01:35 · Score: 2
  
  I am quite understanding of console makers' desire to protect their consoles from running pirated games. I am less understanding when their anti-piracy measures go as far as to block backups of saved games, which means if you have to send your console in for repair all your saved games may very well get wiped. There are already horror stories about the Switch in this regard. I fully support homebrew on the Switch if only to fix this intentional flaw. If it enables piracy in the process, too bad for Nintendo. They should have learned their lessons like Valve did when they created Steam and totally owned the PC gaming market.
9. Re: You say vulnerability, I say opportunity by Anonymous Coward · 2017-03-14 01:47 · Score: 0
  
  That's what emulators are for.
10. Re: You say vulnerability, I say opportunity by Anonymous Coward · 2017-03-14 02:05 · Score: 0
  
  Ahh I see. Where did you get your Nintendo Switch emulator?
11. Re:You say vulnerability, I say opportunity by Opportunist · 2017-03-14 02:06 · Score: 1
  
  If you can manipulate save games, it may well open up an exploit that can trigger a flaw that allows you to compromise the system.
  Game makers are notorious for forgoing sanity checks on save games.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
12. Re:You say vulnerability, I say opportunity by Anonymous Coward · 2017-03-14 02:17 · Score: 0
  
  It may have originated as "hear hear", but "here here" here does make perfect sense. It just changes from "hey everyone hear what this person has to say" to "hey everyone look here at what this person is saying". Hell, I'd say it makes even more sense to say "here here", since this is a visual medium and not an audio medium.
13. Re:You say vulnerability, I say opportunity by Anonymous Coward · 2017-03-14 02:32 · Score: 0
  
  Your strawman arguments are as ridiculous as you are.
  Alterations to a game console are changes to private property. All of your examples are of things that are either physically impossible, will damage the item (although you can still do it), or intrudes on someone else's property, public property, or personal safety.
  I realize you're probably paid by someone to make ridiculous posts like that and/or have some other short-sighted vested interest, and haven't thought (or can't be bothered to think) a few years in advance when you have to lease everything, but I'm sure you can construct a somewhat better argument than that. Or maybe you can't. Probably not, really.
14. Re: You say vulnerability, I say opportunity by Anonymous Coward · 2017-03-14 03:06 · Score: 0
  
  Cemu already runs (partly) the new Zelda for the WiiU.
15. Re: You say vulnerability, I say opportunity by Zero__Kelvin · 2017-03-14 03:34 · Score: 1
  
  Of course you can. When you try to do so as the car literally won't let you get back to us.
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
16. Re: You say vulnerability, I say opportunity by Anonymous Coward · 2017-03-14 03:46 · Score: 0
  
  And you need Windows 10 with all the spying to run Cemu.
17. Re:You say vulnerability, I say opportunity by Anonymous Coward · 2017-03-14 03:53 · Score: 0
  
  I wouldn't know. I'm not a little boy anymore. I no longer play video games.
  I guess that's what happens when you grow up.
18. Re: You say vulnerability, I say opportunity by Anonymous Coward · 2017-03-14 04:02 · Score: 0
  
  It wouldn't if people used it correctly.
  It begs the question: Why do you think your mama always used to tell you, "Stupid is as stupid does"?
19. Re:You say vulnerability, I say opportunity by BronsCon · 2017-03-14 04:43 · Score: 1
  
  2 million units, 2 (a couple) thousand vocal complainers, that's a 0.1% defect rate. One in one thousand. And that's just the vocal complainers; now, factor in that they're the minority. In what world is a 0.1% defect rate acceptable outside of dollar stores and clearance centers? A 0.1% defect rate is what destines a product for those places. Hopefully, Nintendo will fix these issues in short order, support the Switch for a reasonable time, then exit the console market entirely.
  
  Don't get me wrong, I love Nintendo, I grew up on Nintendo, and I would love to see Nintendo keep making games. I would just like to play those games with current-gen quality graphics, on systems built by people who have a clue how to build decent hardware or, at least, who have the ability to own their mistakes and make them right. That could include consoles and/or PC.
  
  Nintendo has a history of not owning their mistakes and only begrudgingly making them right when enough people have made a loud enough public outcry over it. They do not belong in the hardware market anymore; at least, not making consoles. Joycons, or some more ergonomic incarnation of them, could be a compelling controller for other platforms. Hell, they'd be a great VR controller, but not at the Switch's 720p.
  
  Between their IP (Mario, Zelda, DK, and Splatoon, just for starters) and their creative thinking toward control systems, they have the potential to do so much more for the world of gaming (and make so much more money licensing their IP) than they'll ever be able to do hamstrung by their own slower-than-2-generations-ago consoles.
  
  Casual gaming is not a viable market to design and build hardware for, because casual gamers already have libraries of games on their phones. Nintendo needs need to be cutting edge, again, like they were in the 80's and 90's; but they don't want to do that. That's why I'm saying they just need to exit the console market; or, at least, produce something more current and with the level of quality (and quality control) they used to have.
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
20. Re:You say vulnerability, I say opportunity by tlhIngan · 2017-03-14 04:55 · Score: 1
  
  I am quite understanding of console makers' desire to protect their consoles from running pirated games. I am less understanding when their anti-piracy measures go as far as to block backups of saved games, which means if you have to send your console in for repair all your saved games may very well get wiped. There are already horror stories about the Switch in this regard. I fully support homebrew on the Switch if only to fix this intentional flaw. If it enables piracy in the process, too bad for Nintendo. They should have learned their lessons like Valve did when they created Steam and totally owned the PC gaming market.
  Well, the flash memory of the Switch is actually on a separate removable board. You almost never do this unless you intend for the memory to be moved between units - especially in a console where cost is king. The fact that the eMMC is deliberately on a separate board (with separate costs in production, connectors, reduced reliability, etc) instead of soldered to the main board like every other eMMC chip out there implies that it was designed to be moved.
  And a lot of hacks have come by way of save games - so much so that Microsoft started signing xbox360 saves so they couldn't be edited (this too after people started moving saves around to get achievements).
21. Re:You say vulnerability, I say opportunity by DrXym · 2017-03-14 05:05 · Score: 1
  
  And by "actually own" you mean "pirate stuff". Consoles are closed platforms because the billions in profits come from making you pay to play stuff on the thing. This should not come as a shock to any prospective owner.
  Owners who bought it on the basis of being a closed system should be glad its kept closed because it means more premium titles for them to play and a platform which isn't dead before its time. Exploited systems rapidly descend into a cesspit of shovelware and an early grave.
22. Re:You say vulnerability, I say opportunity by erapert · 2017-03-14 06:14 · Score: 1
  
  Do you use Windows? More to the point, do you use Windows 10?
23. Re: You say vulnerability, I say opportunity by Anonymous Coward · 2017-03-14 06:53 · Score: 1
  
  Well, I hope I never grow up.
24. Re: You say vulnerability, I say opportunity by geminidomino · 2017-03-14 07:50 · Score: 1
  
  It wouldn't if people used it correctly.
  It begs the question:
  
  Are you being intentionally ironic?
25. Re:You say vulnerability, I say opportunity by adolf · 2017-03-14 09:09 · Score: 1
  
  So every hacked console, ever (which is just about all of them except the current gen), was a dismal failure?
  
  --
  Kid-proof tablet..
26. Re:You say vulnerability, I say opportunity by Anonymous Coward · 2017-03-14 09:10 · Score: 0
  
  The flash memory is on a separate board because of what happened at the Wii U launch. They offered two models of Wii U, and almost everyone bought the one with more flash memory. They had to recall the smaller models from stores because people only wanted the larger sized model. They eventually sold them off by adding games into the package.
  Switch has the flash storage removable so that they can change their offerings much more easily in the future. If they decide the market wants a different amount of built in storage, they can swap out the flash memory very easily. They can change the manufacturing lines very easily, or they can recall systems and swap out the storage if needed.
27. Re: You say vulnerability, I say opportunity by wonkey_monkey · 2017-03-14 10:29 · Score: 1
  
  It begs the question:
  Hoo. I'd like to think you did that deliberately, but...
  
  --
  systemd is Roko's Basilisk.
28. Re:You say vulnerability, I say opportunity by wonkey_monkey · 2017-03-14 10:29 · Score: 1
  
  It makes as much sense as "this!"
  
  --
  systemd is Roko's Basilisk.
29. Re:You say vulnerability, I say opportunity by Anonymous Coward · 2017-03-14 10:54 · Score: 0
  
  I am quite understanding of console makers' desire to protect their consoles from running pirated games. I am less understanding when their anti-piracy measures go as far as to block backups of saved games,
  The best exploit, that still works to this day, for the Nintendo 3DS involves a legend of zelda game cart and a usb game save backup tool.
  With it you load a special 'corrupted' save into the cart, run the game, and interact with anything that opens a dialog box (like reading a sign in the intro)
  This results in a buffer overrun exploit and gives you full unfettered access to the consoles memory, running a boot loader installer you put on the SD card.
  Once run, your 3DS can now boot that loader and run any homebrew 'homescreen' program, which hasn't been signed by Nintendo.
  Obviously that homescreen program will also run other unsigned by Nintendo executables.
  In this way you can load up emulators and other homebrew apps, with full access to the SD card, the consoles memory, and all other hardware.
  It's apparently only one additional step to then load a '.3dx' unwrapper program, which can then launch any 3ds game you've downloaded from a pirate site.
  Browser exploits and any exploits in downloadable games can be patched, and a system update pushed and forced such that you must apply the patch to use the console online.
  But they can't patch the ROM in a cartridge that was sold in stores and already long end-of-lifed.
  There is really nothing Nintendo can do to fix the game-save exploit and that's why it's the only one that has survived in working condition to this day when all others are patched.
  So long as your save data is stored on their servers, or encrypted on your console, you can't exploit any buffer overflows in existing games. The fact this prevents backups is coincidental to them.
  (Technically there is no harm in allowing a backup be made, it's the restore of that backup they can't allow, making the concept of having a backup pretty pointless)
30. Re:You say vulnerability, I say opportunity by DrXym · 2017-03-14 10:56 · Score: 1
  
  Yes by the measure of what it could have been without those hacks. Platforms that don't or can't be fixed (e.g. DS, Wii) get blackballed or 3rd parties churn out shovelware because there is no profit from aiming any higher.
31. Re:You say vulnerability, I say opportunity by Anonymous Coward · 2017-03-14 15:15 · Score: 0
  
  what it could
  So, I take it you're one of those "Sue you for my expected future profits" types.
  Just a heads up, "what if" does not guarantee success / profit / gain / etc. Those systems could have just as easily gone unhacked, and still failed.
  Btw, Here's a rundown of the last few systems:
  The Wii and DS were commercial successes.
  The PSP less so (they had more hardware sales), but it was hackable from Day 1 due to the original 1.00 firmware not performing signature checks / enforcement.
  The WiiU was DoA, hacking it did nothing to hurt it's sales.
  PSVita was also DoA, and was only recently hacked, but it's still far from easy plug and play piracy. (Many games still can't be dumped properly.)
  The 3DS is hacked wide open (Early boot chain exploit, and the newly found bootrom exploit.) and still sells well even today.
  The PS3 was killed off by Sony once the private signing key was able to be recalculated. But was still doing well prior to that. (It even had a few more releases after the fact.)
  The PS4 has an old exploit but it's not been hacked for the general public yet. (That "we can run linux on it, but you can't" BS is probably why.) So it's still too early to call.
  The XBox has some good security, and as far as I know hasn't been hacked to the point of an usable and public exploit release.
  So to recap:
  - Most of the current systems have an exploit available.
  - The current exploited systems that have failed were dead before the exploits were made. (So piracy was NOT a factor in their demise.)
  - One current and exploited system has not been hacked to the point of widespread piracy yet.
  - The remaining current and exploited systems have widespread piracy and are doing just fine regardless.
  - One older exploited system may have had a problem due to piracy, but like the Switch, was exploitable from Day 1.
  - The remaining older exploited systems were retired years ago, but had large commercial successes.
  So being generous: You have 1 out of 8 systems that may have done better without the hacking done to them.
  Given that data, I don't think Nintendo needs to come up with the Switch 2 just yet. Especially Nintendo, since they own most of those hacked systems and still making a profit off of them.
32. Re:You say vulnerability, I say opportunity by ArmoredDragon · 2017-03-14 16:27 · Score: 1
  
  The hardware issues are largely overblown. It's just a combination of hype around the release, a lot of press coverage, and a shortage of replacement stock. The vast majority have no problems with their hardware. They sold 2 million pre-orders, and you're hearing maybe a couple of thousand vocal complainers, the true failure rate is well under 1%.
  I kind of doubt that. While I'm not interested in owning one of these (or any console for that matter) a complaint that seems universal at this point is that they use a plastic touchscreen with a plastic dock that has no means of buffering the display against scratches. That invariably means a high number of these are going to have scratched/scuffed screens just because of normal use. That is by definition a defect, and basically 100% of them are affected.
  Also, as a universal rule in quality control for any industry, a defect is anything that causes customer dissatisfaction. Nintendo can argue all they want about what is and isn't a defect, but if a customer complains about it, then it is to be considered a defect, unless their quality control department just plain sucks, which it likely does with what I've seen of this tablet.
33. Re: You say vulnerability, I say opportunity by Anonymous Coward · 2017-03-14 21:09 · Score: 0
  
  WiiU != Nintendo Switch
34. Re:You say vulnerability, I say opportunity by Opportunist · 2017-03-14 23:11 · Score: 1
  
  I have to use Win7, what's your point?
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
35. Re:You say vulnerability, I say opportunity by DrXym · 2017-03-14 23:30 · Score: 1
  
  Don't be absurd. Billions are lost from cracked consoles. This is quite evident by observing the roaring trade in DS revolution style cartridges that allowed people to play "backups" (i.e. pirate copies). It can also be observed by the quality of titles on platforms that get pirated. Quality falls off a cliff and all that sells is shovelware and a few 1st party titles. Honest owners suffer as much as the platform does from this drop in quality.
  If the Switch is irrevocably hacked this early in its life it will prove fatal to the platform. Nintendo presumably have taken measures in depth to stop this and anyone who owns a Switch better hope they have.
36. Re:You say vulnerability, I say opportunity by Anonymous Coward · 2017-03-15 01:38 · Score: 0
  
  Not the AC who you are replying to, but it is very strange indeed that you are very directly for the blatant violation of personal property rights on behalf of companies to enforce their property rights instead, ignoring the questionable nature of the current treatment of intellectual property in the first place.
37. Re:You say vulnerability, I say opportunity by DrXym · 2017-03-15 02:23 · Score: 1
  
  There is no "blatant violation" because there is no reasonable expectation when purchasing a console that you should be able crack the hardware/software, or that if you do that the manufacturer should still provide service to your device.
  Hack away but consoles manufacturers are totally in their rights to block your device, sue you under the right circumstances, ban you online, or patch the firmware so new games won't play.
38. Re: You say vulnerability, I say opportunity by Anonymous Coward · 2017-03-15 10:55 · Score: 0
  
  And with ring X broken we might get a "cheap" moddable simi portable platform soon.
39. Re: You say vulnerability, I say opportunity by endercase · 2017-03-15 10:56 · Score: 1
  
  Or an emulator or ton of time working with wine.
40. Re: You say vulnerability, I say opportunity by Anonymous Coward · 2017-03-15 10:59 · Score: 0
  
  ðYZðY'
41. Re:You say vulnerability, I say opportunity by adolf · 2017-03-16 07:48 · Score: 1
  
  We can't measure against what they could have been, because we cannot know how that road would have played out.
  You're presenting speculation and opinion as fact.
  Come back with a real argument, mmkay?
  
  --
  Kid-proof tablet..
42. Re:You say vulnerability, I say opportunity by erapert · 2017-03-16 08:40 · Score: 1
  
  Use an OS that allows you to actually own the computer you paid for instead of using Windows.
And then people blame.. by Anonymous Coward · 2017-03-13 22:03 · Score: 0

.. the CIA and NSA for stuff like this. Just be glad it is the CIA, and not someone who is more likely to use it against you.
1. Re:And then people blame.. by Anonymous Coward · 2017-03-14 00:12 · Score: 0
  
  go to sleep, my little sheep.
There's a shock. by fuzzyfuzzyfungus · 2017-03-13 22:06 · Score: 1, Troll

Has Nintendo ever done a decent job with software that isn't a game?
1. Re:There's a shock. by SpaghettiPattern · 2017-03-13 22:59 · Score: 1
  
  Has Nintendo ever done a decent job with software that isn't a game?
  Chill out buddy. Our whole life is a game. Enjoyment over finishing #1.
  
  --
  
  I hadn't the slightest objection to his spending his time planning massacres for the bourgeoisie... (P.G. Wodehouse)
2. Re:There's a shock. by Anonymous Coward · 2017-03-13 23:51 · Score: 0
  
  Nintendo doesn't write the web browser. NetFront does. Sony uses them too for PS4/PS3/PSP/Vita.
3. Re:There's a shock. by jonwil · 2017-03-14 00:06 · Score: 3, Interesting
  
  Sony has been bitten by browser bugs on PS4 as well (and in fact such bugs have been used by people looking to jailbreak the system)
4. Re:There's a shock. by Anonymous Coward · 2017-03-14 00:37 · Score: 0
  
  Especially since the universe is just an enormous simulation.
5. Re:There's a shock. by _merlin · 2017-03-14 00:47 · Score: 1
  
  Remember when NetFront actually wrote a browser, rather than wrapping WebKit? I had the NEC e606 and e616 phones that had the actual NetFront mobile browser. It made a decent effort to render pages on a tiny screen and make them usable with just the eight-way controller.
6. Re:There's a shock. by Anonymous Coward · 2017-03-14 02:05 · Score: 0
  
  Nintendo hasn't done a very good job with software that is a game. Sure, the game part is (usually) fantastic. But the software is usually pretty shoddy.
  Examples:
  - SMB with "frame perfect" collision bugs caused by testing collision before handling movement input and updating position (essentially, collision lag)
  - SMB3 with the ability to create a jump instruction in a place where it simply doesn't exist due to memory overflows caused by a poorly made sound program
  - SMW with the ability to easily cause timing bugs and controller buffer overflows that result in both invalid game state and arbitrary code execution
  - Pokemon Red/Blue with the ability to load a corrupted save file (nope, not even a basic checksum) and cause drastic game state corruption
  - Zelda:LTTP with unchecked, conflicting controller inputs causing inconsistent scrolling and loading of map data
  And that's just some of the more interesting stuff that the SDA and TAS communities have found. They've found countless ways to hard- and soft-lock games and systems. They've found numerous ways to get out-of-bounds (usually literally, bypassing collision) and get invalid memory addresses to load into something they don't belong in.
  Sure, these things are "under attack", and hindsight is always 20/20. But that's all the more reason for Nintendo's modern hardware and software to be made defensively respecting these issues, and evidence shows that it isn't. But, hey, at least we know we'll have homebrew on the Switch!
7. Re:There's a shock. by CronoCloud · 2017-03-14 02:10 · Score: 1
  
  I remember, pre-webkit Netfront was a piece of crap on the PSP and PS3.
8. Re:There's a shock. by drinkypoo · 2017-03-14 03:05 · Score: 1
  
  Has Nintendo ever done a decent job with software that isn't a game?
  What do you mean by 'decent job'? And what do you mean by 'Nintendo'? And for that matter, what do you mean by 'done'?
  If what you mean by 'decent job' is 'free from obvious security holes which could be utterly eliminated by following best practices' then no. No they have not. Everything they've ever done of any complexity has had holes in, and lots of. They patch it over and over as a result (at least, now we're in the era of the patch.) If what you mean is 'works well for users not trying to exploit it' then sure, they've done plenty. The original Wii is actually fairly impressive in that regard. And actually, if you just don't do IOS updates before you do HBC updates, it works pretty well for people who are trying to exploit it, as well.
  As for the 'Nintendo' and 'done' parts, if you go back in time and consider the NDS in its original context, the web browser was actually pretty good, but that in turn is because they didn't actually write the rendering engine in-house. It used Opera. It's fairly useless now (unless you're writing pages specifically for it) but it was notably capable in its day. Not great, but capable.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
IoT bots? by Anonymous Coward · 2017-03-13 22:38 · Score: 0

The blurb says the potential impact is low. But can this be mis-used to enroll the Switch into an IoT bot army? For example by enticing users to "visit" some website (e.g. some prepared login page for a public hotspot)?
1. Re: IoT bots? by Anonymous Coward · 2017-03-13 23:17 · Score: 2, Interesting
  
  Good thing Nintendo hasn't pushed the device as something you'd frequently take out in public and connect to random hotspots or anything.
Chill out by Anonymous Coward · 2017-03-14 00:11 · Score: 0

...and don't forget to lick the cartridges. Mmmm...
A non-issue, just update the device! by adosch · 2017-03-14 00:34 · Score: 2

That's great there's an announcement of using an outdated Webkit framework on the Nintendo Switch. Is this anything new? How's that any different if I got some IoT device to a smart phone (Android or iPhone) to installing any Windows/Linux OS to an Xbox/Playstation? Does what I had deployed out of the box already have packages that are already part of security updates that need to be updated?
Fun to report from a journalism perspective, but definitely not news or anything to debate. Just update the Nintendo Switch and stop the huge reach of trying to criticize the console or Nintendo feebly.
1. Re:A non-issue, just update the device! by mcfedr · 2017-03-14 00:46 · Score: 1
  
  Just because everyone does something crap doesn't make it ok - if Nintendo cared at all about their customers they wouldn't do this.
2. Re:A non-issue, just update the device! by Anonymous Coward · 2017-03-14 00:53 · Score: 0
  
  They are focusing on delivering any product at all. They could, I suppose, delay shipping until all bugs are found and fixed. No product would mean that they really care about their customers.
3. Re:A non-issue, just update the device! by Anonymous Coward · 2017-03-14 00:56 · Score: 0
  
  Clearly you didn't read the article and just scanned the headline. Typical Slashdot nerd.
4. Re:A non-issue, just update the device! by Anonymous Coward · 2017-03-14 03:23 · Score: 0
  
  Good to see someone calling this out, some people are REALLY trying hard to find any faults at all with the Switch, with the comment sections often turning into one gigantic Nintendo hater circlejerk. Fucking disgusting.
Re:Partij Voor de Vrijheid by Anonymous Coward · 2017-03-14 00:59 · Score: 0

Idiot.
The extremes *are* the best allies, as can be seen here. Geert helps Erdogan helps Geert.
Extreme Islamists are hateful, murderous &c. Extreme nationalists, identitarians (you name it) are hateful, murderous &c.
News at 11.
Console? by Anonymous Coward · 2017-03-14 01:01 · Score: 0

So, it's running webkit. Which means it can probably make use of an internet connection. That alone is not a problem (ignoring the bug). But now that the Switch is out, maybe someone here can answer a question...
For me, the reason for buying a console, is that things just work. Whether I'm in my living room (no ethernet) or on vacation far away from any network connection. No needing to buy a faster graphics card because the game I'm buying tomorrow doesn't support the card I bought yesterday.
And that's exactly how things worked on the Playstation 2.
From what I hear, the PS4 requires just as many updates as a PC with Steam, games may require logging into some network service, and there is now a PS4 PRO with beefier hardware. I.e. get all the disadvantages of a PC, with none of the advantages of a console.
So, not replacing my PS2 with a PS4 (or PS3). I considered a WII, but found the number of games outside of Wii Sports, Wii Tennis, Wii Bowling, Wii Snowboard... rather limited. So, is the Switch the console I'm looking for, or is it more of a competitor to a PC running Steam, with internet connection, logging in, downloading updates, etc?
If it's a viable replacement for my PS2, as long as it has games I'm interested in, I have the money. But if it's a Steam competitor, it loses on price (Steam is free), and most likely also game selection.
1. Re:Console? by nate_in_ME · 2017-03-14 01:50 · Score: 1
  I've had a Switch since day one, and I've had a total of 3 updates:
  
  "Day one" system update that enabled eShop and other features
  Update to enable SD card storage(maybe that was just because I put an SDXC in it, not sure)
  "Day one" update for Zelda (not sure what it did, but it was there)
  For what it's worth, none of these updates took more than 2-3 minutes to do. Would the system have been usable without them? Most likely (except for maybe the SD card one). So are there updates? Yes. Is it a "required" type of thing, where you basically always need a connection to be able to use it? No.
2. Re:Console? by Anonymous Coward · 2017-03-14 02:35 · Score: 0
  
  It may not have always-on DRM, but not supporting the builtin hardware out of the box is not giving a crap about the final product. SD card should work without an update. It's builtin to the case for crying out loud! Not to mention that they had to manually push an update to enable the eShop, one of their biggest (potential) money makers for the thing. You'd think if nothing else, the marketing department at Nintendo would have mandated a working eShop be shipped with the product at launch. They have a financial incentive to do so, yet they said "Ehh, who cares? Just push it as a Day 0 update."
  Given the horror stories I've heard so far, the dead pixels, joycons getting stuck if put together the wrong way, faulty hardware batches, DoA systems (on a product that Nintendo INTENTIONALLY made an artificial shortage of no less), horrible range with the controllers, etc, I'm not surprised at all that the system shipped with a known webkit exploit. If anything it's their reward for all of their QA department's slacking off. (Remember the "Nintendo Seal of Quality"? That means jack and shit.) Now, not only is it a race against time to patch the bugs before the consumer gets too disinterested in the product. It's also started the clock on "the countdown to kernel exploit" that will enable piracy for the system, and the system's just been released. Third party publishers must be looking for the exits by now. Hope they didn't invest too much for development on the system.
  So Nintendo has obviously not learned anything from the WiiU debacle, and they will suffer for it. I hope I'm wrong though. The Switch has some potential, and I'd hate to see it wasted because of it's creator's stupidity.
3. Re:Console? by EvilSS · 2017-03-14 03:12 · Score: 1
  
  Has anyone actually reported dead pixels? Everyone was spazing out over their dead pixel written policy (which is the same as just about every other LCD device manufacture's written policy) but I haven't seen any reports of people with actual dead pixels on their displays.
  
  --
  I browse on +1 so AC's need not respond, I won't see it.
4. Re:Console? by Anonymous Coward · 2017-03-14 03:31 · Score: 0
  
  which is the same as just about every other LCD device manufacture's written policy
  Not having read Nintendos written policy, I'm going to assume that your statement means they guarantee zero dead pixels, like Samsung started doing years ago, and other LCD manufacturers would have had to unless they were specifically aiming for the "piece of crap" market.
  Or did they skip the US when they introduced this zero pixel warranty?
5. Re:Console? by Anonymous Coward · 2017-03-14 05:51 · Score: 0
  
  Yes, they have. There are youtube videos all over the place. One in particular that is a montage of all of the issues of the switch (at the time the video was made), and even has the official policy in the video via a screencap that is read aloud. (I'd link the video I'm thinking of, but I'm at work.)
  Regardless the point is, Nintendo made a product that needed more QA testing, which they did not do. This is the result.
Early soft-mods? by wardrich86 · 2017-03-14 01:12 · Score: 3, Insightful

This sounds like good news to me... if it allows unauthorized code to be run, it could very well be the beginning of the homebrew scene!
No hacking involved by Anonymous Coward · 2017-03-14 01:22 · Score: 0

The Switch just has a whitelist of IP addresses it will use for things like updates. All you have to do is re-route one of those IP's on your network to a website that supports HTML5 or run your own webserver to feed it what you want. So easy a 5 year old can figure it out.
1. Re: No hacking involved by Zero__Kelvin · 2017-03-14 03:38 · Score: 1
  
  And like a 5 year old you will discover that your "easy" scheme doesn't actually work.
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Mission Critical? by DatbeDank · 2017-03-14 01:23 · Score: 2

While all holes and bugs should be fixed, this reads as FUD for me. Maybe those considering using their Nintendo Switches for accessing nuclear launch systems, banking software, and power infrastrucures should refrain from doing so.
1. Re:Mission Critical? by Shados · 2017-03-14 02:12 · Score: 1
  
  the main issues with consoles is that game publishers absolutely look at piracy numbers when picking what platforms to target.
  This is (if i remember well...who reads the article?) just a userland bug right now, but once you can run pirated games, it gets noticed, and sometimes publishers will chose to skip the console for their next big game if it gets too bad (the DS ease of piracy was totally one of the factors that kept the PSP on the map back then).
  So for a console that is already under heavy scrutiny from game developers, something like this happening this early (and for amateurish reasons) will absolutely make some think twice. And that's a shame for people like me who absolutely love the console's features (portable/dockable console is by far the most useful form factor for me)
2. Re: Mission Critical? by Anonymous Coward · 2017-03-14 02:39 · Score: 0
  
  I have ROM files for every single DS game ever released. It wasn't that big a download. I can't install them all in a single R4 card, though, even with a 128g microSD. DS games are pretty big.
3. Re:Mission Critical? by Anonymous Coward · 2017-03-14 02:59 · Score: 0
  
  I don't care what might happen to the nuclear reactor in your neck of the woods. But I seriously care your whatever-gadget taking part in a DDOS against my server.
4. Re:Mission Critical? by Anonymous Coward · 2017-03-14 03:17 · Score: 0
  
  Playstation and Playstation 2 each had more piracy than... pretty much any other platform that had ever existed, and yet publishers targetted them heavily. Maybe things have changed since then.
5. Re:Mission Critical? by Nethemas+the+Great · 2017-03-14 05:19 · Score: 1
  
  It is FUD. Do people think Nintendo built all these devices the day before shipping?
  
  --
  Two of my imaginary friends reproduced once ... with negative results.
6. Re:Mission Critical? by barc0001 · 2017-03-14 05:39 · Score: 1
  
  It's Ars Technica. They make a hobby of bashing Nintendo any way they can.
7. Re:Mission Critical? by geminidomino · 2017-03-14 08:09 · Score: 1
  
  No, things haven't changed much. The DS and 3DS also have very easy methods of piracy, and that didn't stop either of them from absolutely dominating the handheld market.
  I'm pretty sure GP's "piracy dooms systems to obscurity" meme is borne of the oversimplified copypasta about the failure of the Dreamcast.
8. Re:Mission Critical? by Anonymous Coward · 2017-03-14 16:01 · Score: 0
  
  After putting a review of how great the Nintendo Switch is.
9. Re:Mission Critical? by barc0001 · 2017-03-16 12:08 · Score: 1
  
  You mean this review?
  https://arstechnica.com/gaming/2017/03/nintendo-switch-review/
  Check the closing words:
  "Time to make the Switch?
  At this point, it looks like buying the Switch as your only game console means missing out on everything from Mass Effect and Call of Duty to The Witcher and Assassin's Creed to Tomb Raider and Destiny. That list can go on and on. Maybe those major franchises will eventually be forced to pay attention to a Switch that absolutely flies off the shelves. For now, though, relying on the Switch for all of your gaming means risking that you'll miss out on a huge array of the most popular and well-received current franchises. That's a big price to pay for access to fully portable Zelda and Mario games.
  Even as a secondary system, though, it's hard for me to recommend you go out and buy the Switch immediately unless you have a burning desire to play the latest Zelda literally anywhere. The system as it exists now feels a little like it was rushed to make it to store shelves before the end of Nintendo's fiscal year. After all, at launch there are some lingering hardware issues and extremely limited initial software support."
  Not really seeing how that's a review saying how great the Switch is. It is written by Kyle Orland though, so that tone was expected.
Nice title, dipshit. by Anonymous Coward · 2017-03-14 03:20 · Score: 0

Fuck off with your Switch hater hysteria.