Or when Pinsiders tell us exactly what Stern has planned for online connectivity and how it will fundamentally change the Stern/Operator relationship and the game of pinball itself.

I get it, change is very scary because things might "get worse" but things can change for the better too.

Cater to the 10% of current market at the potential cost of the other 90%? Genius.

I agree with you that expanding for inclusion of future generations is important; so we have agreeance there. But trust in the passion of what interests the current collector and that passion shall be handed down.

90’s pins are not just relevant but hugely collectible today more than ever. Zero thought was given back then to 2021.

This is clearly the dawn of a new age in Pinball. Monthly fees are the norm in almost every other form of entertainment, so it makes perfect sense to launch this feature now. It'll take a few years of trial and error to get it right, but I'm certain it will develop into a platform that most Pinball owners will love.

This is a significant milestone in Pinball's evolution....but if you don't like progress, simply disconnect.

The thing is, they are adding functionality, not fundamentally modifying the existing experience. If you like what Insider Connected (and All-Access) adds to the current experience, then use it. If not, then don't.

There's lots of speculation about potentially negative implemenation of this technology but personally I'm gonna wait to see what Stern actually does before complaining and really worrying about implementation. It's not like my opinion will change their direction anyway. I just hope that Stern is clear and upfront about implemenation and it sounds like we'll know a lot more after Chicago Expo.

There’s all kinds of potential for crap. Game on route and don’t want to pay monthly fees? Stern could allow you to opt in to a program that sells advertising space on the LCD screen. Would they do this? If it’s profitable then yeah probably. Everything you hate about every online platform is an option on your pinball machine now. Unfortunately.

The side discussion about security is sort of silly. Most of us have so many IOT devices in our homes, your pinball machine is the least of your concerns. Common devices like home security cameras, HVAC controls, and video doorbells that are in millions of homes are a much more attractive and more lucrative use of a hackers time than a pinball machine. That said, I certainly wouldn’t trust Stern to secure their games 100%. With all this connected junk nowadays, the only way to be secure is to be unplugged.

Time to install Ad-block on all our pins!

All this fear mongering and doom sayers over something has zero impact on anyone that isn’t interested. If you don’t want this don’t connect your pin to the net or sign up. It’s really not that difficult to do nothing and enjoy your pins as you always have.

Im not sure that pinball is likely to follow "other forms of entertainment." With video games the cost of entry is so incredibly lower so pay-to-play is much more viable. From a location play perspective it could actually work quite well except for the way operators are the ones running it and Stern (or any manufacturer) doesn't really have a role there.

Stern can't replace operators so if their looking to make money directly from players, they're going to need operators on board.

Yes, except for pay-to-play content like special game modes that are not enabled unless you subscribe. Other than that, who cares.

Now perhaps that special mode would never have been developed if it were not going to be sold, but that’s not how people will perceive it. They will see it as content excluded from their $12k man toy. That’s how I would feel.

Agreed. For the money being tossed at these ‘LE’s’ I’d lose my shit if modes were PTP. Just fucking insulting. And this isn’t how collectors should perceive their top of the line ( supposedly) purchase.

Minor modes? (IE goat mode in JP) not serious. But Keeping in mind the track record of Stern’s penny pinching. This has the potential for excessive future conflicts of interest and I’m not going to approach this with an open mind rather a tenuous interest.

Captain Obvious.
I have feared this for years, ever since people first started bringing it up I have been against it. Why? Because I feared them digging into my pocket, as an operator.
But as it is being revealed, I actually have hope! I’m kinda stoked to see what is going to be offered! Mostly because I think they are going to make it free for Ops to connect a machine, at the lowest level. I would do that to offer more to players.
Very smart of Stern to go after the millions of player, rather than the relatively few operators, genius!
I also see the added features not really drawing from the “core game”, I see them adding Escape Nublar type mode shortcuts, co-op play, impossible play, that kind of thing, along with tracking and prizes, achievements, , personal stats. Plenty to offer while leaving games complete.
Although some will bitch that co-op, Nublar, etc,. Were free before and now not included, I can live with it.
As an OP they would NOT have gotten anything from me, ever,…now, I’m ready to pay my player IC fee and get rolling!

It would make sense for Stern just include future modes in the cost of an LE. The wouldn’t lose anything financially and it would keep the whole LE illusion going.

I think it is poor form that Stern has been developing this for years, then launches it in a game (Godzilla) and starts taking sales without explaining the costs involved to run it.

No shit. Expecting a pinball company to do this securely is ludicrous. Sitting ducks.

If there’s an app running on the pin and it’s connected to the Internet it’s hackable. Stop talking nonsense.

This.

And this is why CISO’s shouldn’t report to CIOs.

Ransomware? And this is why CISO’s shouldn’t report to CIOs.

There’s. Nothing. To. Ransom.

Pay us for… your high scores?

Give me one actual technical concern for the pin; pick your attack vector, any one. What’s your worst case?

THAT is the most open-ended nonsensical thing I’ve ever heard. I never said there were no attack vectors, shit if you could read I listed some in my original post. My point is that there are no attack vectors that matter, on a pin, and 95% listed in this thread by others makes NO SENSE as there’s no money in it - no one is going to do it. You have Stern being compromised, or any service the pin talks to, but shit… who cares. There’s nothing to lose on a pin. Are your family pics on there, your finances, your life’s work? Jesus, I know everyone from Pinside I wouldn’t hire on my team

Yes you're wrong.

All IoT devices have a port, that's part of the TCP stack and allows a client to be able to connect to it.
Let's hope stern don't use the easy way out and connect via port 80 or the biggest risk for iot devices is a brute force of ssh. I'm sure stern wouldn't use passwd Godzilla

OMG… I may be done here. So many smart sounding people that are just incorrect. What does this even mean? There are 65K some ports, doesn’t mean any need to be open. If you’re a client, like a pin, you don’t need any god damned open port. When it initiates a connection to Stern, a dynamic port will open and be mapped in a translation table, but that’s not an “open port” that’s listening for any incoming connection. This is 101 stuff boys. The pin is not a server, it doesn’t need to first respond to a request by another client. There need not be any open ports actively listening for a connection.

I’ve experienced Bitcoin miners on internet connected scales (yes the kind people weigh themselves on every day). If it has a network connection it can have flaws to be exposed but what are you really worried about?? A pin that’s “hacked” could be easily fixed by a reflash. It’s funny people think this is the first pin or arcade game to be online… half of this thread must wear tin hats.

That’s interesting. There’s really no surface area if you don’t expose any ports. There has to be something to interact with at the client. Unless the company dumbly left some ports open, and yes Stern could do this, and if they do, then that’s a definite attack vector, but that’s on them and dumb as shit.

Otherwise, the only way to get a miner on a scale with no open ports is a compromise upstream, whether they be MitM or the servers themselves. But… lmao, what kind of power is a damned scale going to have to mine Bitcoin haha - you’ve needed ASICS for shit… half a decade now? It just doesn’t make any sense.

Would you mind sharing which scale this is? Would enjoy looking into.

But in the end, and the tying-crux of the entire conversation - who gives a shit. It’s a pinball machine yo - reformat the SD <mic drop emoji>

I’m out on further actual technical explanations… arguing IT on a pinball forum is like arguing artisan baking nuances on a Harley forum. All further replies, if any, will be to give the piss and have fun.

Bottom line: If you think you will be getting something special 'in perpetually' for free, good luck with that thought.

No thank you.

It was awhile ago and can’t remember the details but #1 reason why we don’t trust any device like that on our network. IoT devices are exploited all the time. It was an accident of how it was on the network the first place (before we had network access policies). Bitcoin hackers / script kiddies don’t care of what the end compute capability is. They mass script and exploit whatever they can. Just one example. 100% agree those afraid to put a pinball machine on the internet are afraid for no reason.

Why couldn't the pin be an IoT too? It's possible unless you have access to the devs and/or SA's? Do you? Have you seen the architecture?

Sure, it needs to go out to stern, so what you say is correct. 101 as you say.
I may be done here too - to much like work where the BAs dont give you all the requirements...

I'm not even an IoT engineer and I know IoT devices are a prime candidate for hacking. DLink cameras come to mind since I had some back then. Even my more recent cameras have had issues, and they are from a well known company that issued critical security updates due to a possible hack.

Definitely not my area of expertise (you likely know a far more than me), but how many times have even 'secure' systems (i.e. SolarWinds, Target, Home Depot, schools, hospitals, etc.) been broken into? Even an oil company went offline not long ago due to a hack until the ransomware was paid.

I'm fine with just downloading a code update to a SD card. I'd even rather pay $5-10 for a code update at home than have a pin online.

Would a VPN (at the router) would help alleviate possible issues?

LOL

$7k - $10.5k and now some modes will be locked behind a pay wall.

Alright, one more serious reply, but last, seriously last - cause some are actually trying. I’m a sucker for rational thought. But done talking “tech” unless someone knows what the hell they are actually talking about. Only rational thought that countered me was Slipstreaming 2.0, but that too is moot if no open ports exist on the pin, as it should be.

On the IoT point - Agreed. But we just don’t know until we have it and know. IoT device has no firm definition in the security arena. It doesn’t mean “dumb device listen on port 80 and 22 waiting for port forwarded http and ssh connections from the rest of the world.” Every device is unique… it’s the most gregarious example of misplaced doom I can think of. There’s so many nuances; writing 17 sentences on Pinside with 3/4 understood jargon isn’t going to tell the proper tale, unless it’s a fools tale.

My og response was just countering the rampant fear-mongering speculation of doomsday. It’s less likely than more that something occurs, but yes, Stern could fuck this up. But again… the totality of it is reformatting your SD card. Ultimately a lot of hoopla over absolutely nothing.

Thanks to anyone for not taking the discussion back to level 1 of the debate pyramid: not attacking the character of your opponent - means a lot.

All the best sirs - let’s see what Stern offers and then debate. Cheers

I think you can sign up for them - then print out the QRC code on card-stock, laminate it and attach it to lanyard.

Wouldn't the real issue be just getting into an individual's network, not so much the pin?

Always the main issue, just don’t see how the pin helps that in any way more than any interconnected device. Do you have specific thoughts in mind?

See above reply on Slipstreaming 2.0 and how you can expose devices within a VLAN

Again, the pin can’t be the vector for a SSv2 attack as you’re not browsing the web with your pin. So it would be another device on your network that would expose your internal hosts. And if that’s the case, that’s not the pins fault (and you have much larger problems), nor would the pin be any more exposed if it has no listening ports, as it shouldn’t have any.

I absolutely have zero knowledge about this, that's just the first thing that comes mind based on some issues due to IoT my cameras. Not stirring the pot, just not an IT guy...

Guys, why in hell would hackers attack pinball machines, something sold in the thousands, when they can attack other internet connected items like door bells, cameras, servers, laptops, etc which are sold in the millions? From a hackers perspective pinball machines are a low value target.

That’s all cool my man! Thanks for contributing, asking questions and being honest. So much better than the IT posers that get defensive, throw insults and try to sound smart cause they’re the smartest person in their family that fixes ma’s computer every month. I… have about zero energy for furthering those discussions. It’s like talking to Trump supporters… impossible and exhausting (sorry to get pol, but is an apt analogy - crucify me)

Ding ding ding

I think I'll wait for the Pen Test report first before declaring the system secure or not (nothing connected is ever 100% secure). Typical know-it-all CIOs work on assumptions not specifics, can never wait to learn the information from domain experts.

The number of connected Pinball machines wouldn't make for a prime pivot point target but it will get polled by reconnaissance activity for potential "value", even when/if it is an outbound initiated connection.

Fair enough, but what an assumption - lmao! Many CIOs <cough > come from being a CISO first, and pivot, like… any career tree.

I look at it this way, and I want EVERYONE, including Stern to understand this. If it's able to connect to the internet, it can be hacked. Now, this is even an issue with things that are updated constantly, and now you want to do this to a machine who's code is lucky to get updated after a few years. While as someone said, the reality of it is unlikely anyone would bother, but just wait until you piss someone off on the forums, or a flipper, etc etc, if they are interacting with internet to unlock or distribute code, then yes, it could potentially end badly. Never say never, if there's a will there's a way, especially on stuff that isn't kept updated with the latest security patches. There's a lot very smart people out there with lots of time on their hands. All they need is the motivation to brick your 10k toy. I'll add though, that this is most likely a minor issue that is easy to fix. I guess we'll see.

/FUD

Let's lighten up all the serious discussions for a bit...

pasted_image (resized).png

lots of assumptions there mr cio.

I mean… it’s literally facts

But, I’m open to learning, what were the assumptions there and where can I learn?

Brilliant sir - I like your style

OK ill try, can't guarantee everything in life
you cant categorically tell me there will be no web service or other admin service available such as ssh in this software produced by Stern unless you have access to a dev on the team or other tech person. You seem to know alot about the business requirements for the stern project team. Do you know someone on the team or something? otherwise you're simply making things up..like me
To be compromised, It needs a victim in the internal network on a PC that can fire off the malicious javascript to create a new port forwarding rule for ALL clients on that vlan - including the pin. Cant be initiated by the pin..yes

Again we're just hypothesizing what's under the hood. Yes agree re trumpster

Better make everyone check their computers at the door of the arcade!
Golden Tee, TouchTunes and other connected apps and games don’t seem to have any hacking issues, I really doubt pinball machines will either.
Now where’s my QR code, I want to play a Super Mode on Godzilla!

This really isn’t at you peely… I’m just done… so

Nah, I’m the not making things up lmao

SSH.. ok cool; Stern dumbly leaves a an open SSH port open (OMFG why lol) that… they absolutely can’t connect to cause you the customer never logged into your router and port forwarded it from the WAN.

Ok your port forwarding by JS example… again, doesn’t matter if Stern doesn’t have any open listening ports, and there’s no reason to think they would. It would be dumb, there’s no reason; so to think they would is nonsensical until they do the dumb, and anything at this point is a stupid conspiracy theory, not the other way around. If they do, they do, and we address their incompetence then; but we don’t assume the lowest probability play now.

So you have LAN attacks left - ok.
Slipsream 2.0 - ok

That’s fair game, that’s an argument, but A LOT of assumptions,
; mainly again… Stern leaving 22 open.
This entire debate by all involved is so non-sensical… not you peely, well maybe not at times lol, but all the “IT hats” coming from woodworks… shit, it’s so basically incorrect and misleading, I’m done.

Especially because none of y’all can even understand how to properly debate; y’all keep throwing personal attacks in. Here… here’s my freebie infographic attached.

I should have stopped before when I said when, and now I’m finally done arguing IT on a fucking pinball forum; god, am I a sucker for trolls.

Much love
AA75BA62-7A88-4071-86F6-623B36CFA277 (resized).jpeg