Monthly Archives: October 2019

Remember Sure-Fi? Lostik is open standards Lora you can play with

Source: Ars Technica

Article note: I'm very curious about the potential of LoRa both for single user applications (area-wide pagers, connected devices of the reasonable basestation design rather than the "every goddamn lightbulb connects directly to the Internet" IoT bullshit), and for making decentralized WANs. The stuff I've seen is always not-quite-there, and this kind of continues the trend, but it does appear to be steadily polishing.
Lostik is plugged in to the left USB port of this Samsung Chromebook running GalliumOS Linux. It's currently transmitting packets, using the sample sender.py utility, from a basement about 15 feet underground.

Enlarge / Lostik is plugged in to the left USB port of this Samsung Chromebook running GalliumOS Linux. It's currently transmitting packets, using the sample sender.py utility, from a basement about 15 feet underground. (credit: Jim Salter)

A lot of readers commented on our earlier report on Sure-Fi long-range, low-bandwidth RF chirp communicators that we should test generic Lora gear. Lora is the open standard that Sure-Fi began with and built on top of, and it's available in a variety of inexpensive kits. Most of those kits are aimed at low-level maker-style integration with Internet-of-Things gear like Arduino, but I found a couple of preassembled kits with generic USB interfaces suitable for use with regular x86 computers. One of those, Lostik, had consistently better user reviews and glowingly boasted of its "extensive documentation," so we picked a pair up for $46 apiece and got to testing.

We should be clear about one thing up front—nobody should claim that any Lora device has "extensive documentation" with a straight face. Lostik seems to have more documentation than any of its competitors, but figuring out exactly what it would do felt like learning to play pirated video games in the 1980s. What we eventually discovered was that Lora devices are sort of like dial-up modems all connected to a single party line—they run on serial interfaces over which they can be issued commands and can send or receive data.

It's possible to use a generic terminal emulator (at 57,600bps, 8 data bits, 1 stop bit, and no parity) to communicate directly with Lostik, but you'll need to understand its commands—analogous to the Hayes AT modem commands of yore—if you do. That was a bridge too far for us, so we said "the heck with it" and just lightly modified the ./sender.py and ./receiver.py sample scripts from Lostik's Github repository and used them for some simple range testing. These scripts don't require (or offer) any kind of authentication or pairing; any Lora device running receiver.py will successfully receive data from any Lora device running sender.py within its effective range.

Read 8 remaining paragraphs | Comments

Posted in News | Leave a comment

Compiling my own SPARC CPU inside a cheap FPGA

Source: Hacker News

Article note: Neat! Old FPGA-Based thin clients seem like a great target for emulated computers, all the IO of a computer pre-tied to a decent-size FPGA. Shame the available boards are Spartans on ISE, because ISE is a ghastly, accreted disaster of a development environment that even Xilinx has abandoned.
Comments
Posted in News | Leave a comment

Google exec: Nest owners should warn guests that conversations are recorded

Source: Hacker News

Article note: Google's Cheif of devices, when asked about obtaining consent of people visiting spaces with always-on listening devices: "Gosh, I haven't thought about this before in quite this way," Osterloh said. "It's quite important for all these technologies to think about all users... we have to consider all stakeholders that might be in proximity." - That's a solid "We don't even consider privacy when churning these things out."
Comments
Posted in News | Leave a comment

Netflix is turning the classic comic book ‘Bone’ into a series

Source: Engadget

Article note: Oooh. That has the potential to be amazing, Bone was brilliant, and in a way that would adapt well to TV.
One of the comic book world's best-known series is finally coming to screens. Netflix has secured the rights to Jeff Smith's classic Bone, and intends to create an animated kids' series that covers the Bone cousins' trek through the desert. Smith t...
Posted in News | Leave a comment

Yahoo Groups Is Winding Down and All Content Will Be Permanently Removed

Source: Slashdot

Article note: There are several niche communities who jealously guarded silos of hard-won information in their yahoo groups. All the ones I know of have transitioned to more modern, more open platforms, but actually valuable information could disappear into this step of Yahoo's ongoing collapse.

Yahoo announced on Wednesday that it is winding down its long-running Yahoo Groups site. From a report: As of October 21, users will no longer be able to post new content to the site, and on December 14 Yahoo will permanently delete all previously posted content. "You'll have until that date to save anything you've uploaded," an announcement post reads. Yahoo Groups, launched in 2001, is a cross between a platform for mailing lists and internet forums. Groups can be interacted with on the Yahoo Groups site itself, or via email. In the 18 years that it existed, numerous niche communities made a home on the platform. Now, with the site's planned obsolescence, users are looking for ways to save their Groups history.

Share on Google+

Read more of this story at Slashdot.

Posted in News | Leave a comment

UK porn blacklist is dead after government abandons age verification

Source: Ars Technica

Article note: Well, at least they abandoned the impossible and invasive plan after being confronted with it being impossible and invasive, rather than just forging ahead and trying to alter reality by legislative fiat.
Nicky Morgan, UK Secretary of State for Digital, Culture, Media, and Sport.

Enlarge / Nicky Morgan, UK Secretary of State for Digital, Culture, Media, and Sport. (credit: Leon Neal/Getty Images)

The United Kingdom is abandoning plans to try to force pornography websites to age-verify UK Internet users. Digital Secretary Nicky Morgan announced the shift in a Wednesday statement.

Morgan claimed that "the government's commitment to protecting children online is unwavering." However, she said, the government will now accomplish that goal "through our proposed online harms regulatory regime." She didn't elaborate on what those regulations would look like.

The age verification requirement was part of the Digital Economy Act that the UK parliament passed in 2017. It was supposed to go into effect last year but was delayed multiple times. Most recently, the government announced in April that the new requirement would go into effect on July 15.

Read 5 remaining paragraphs | Comments

Posted in News | Leave a comment

Ploopy: An Open-Source Trackball

Source: Hacker News

Article note: Neat! I like trackballs, especially to break up my flavors of hand strain, but MX570s are a little unreliable (mostly cheap switches; replaceable), I have had no end of driver problems with the Elecom I got to try as an alternative, Saiteks are stupid expensive, and Microsoft killed their line, so its been hard to find nice ones. Especially ones that fit well which matters a _lot_ for comfort.
Comments
Posted in News | Leave a comment

Potential bypass of Runas user restrictions in sudo

Source: Hacker News

Article note: It requires a rather atypical configuration, but... damn, that's a big edge condition oops. Basically, in some versions of sudo, if configured with an (ALL, !root) case, trying to run something as an invalid but representable UID (-1, 4294967295) will have the underlying syscalls reject _after_ the tests, and it will then run the command as... the sudo binary's SUID 0.
Comments
Posted in News | Leave a comment

Faculty:Student Ratio

Source: xkcd.com

Article note: Metric gaming! Its eating society!
They managed to briefly hit the top of the rankings when they rejected everyone except one applicant, published 5 billion research papers that just said "Hi," and hired one of their graduates for $50 trillion/year (then fired them after 10 microseconds.)
Posted in News | Leave a comment

Planting tiny spy chips in hardware can cost as little as $200

Source: Ars Technica

Article note: The ongoing game of there being no evidence for that high profile Bloomberg implant article, but it being obviously not-that-hard for such a thing to happen makes for interesting theorizing and reading. I expect we'll eventually find an example in the wild, but probably not where they claimed.
Planting tiny spy chips in hardware can cost as little as $200

Enlarge (credit: Carl Drougge)

More than a year has passed since Bloomberg Businessweek grabbed the lapels of the cybersecurity world with a bombshell claim: that Supermicro motherboards in servers used by major tech firms, including Apple and Amazon, had been stealthily implanted with a chip the size of a rice grain that allowed Chinese hackers to spy deep into those networks. Apple, Amazon, and Supermicro all vehemently denied the report. The National Security Agency dismissed it as a false alarm. The Defcon hacker conference awarded it two Pwnie Awards, for "most overhyped bug" and "most epic fail." And no follow-up reporting has yet affirmed its central premise.

But even as the facts of that story remain unconfirmed, the security community has warned that the possibility of the supply chain attacks it describes is all too real. The NSA, after all, has been doing something like it for years, according to the leaks of whistle-blower Edward Snowden. Now researchers have gone further, showing just how easily and cheaply a tiny, tough-to-detect spy chip could be planted in a company's hardware supply chain. And one of them has demonstrated that it doesn't even require a state-sponsored spy agency to pull it off—just a motivated hardware hacker with the right access and as little as $200 worth of equipment.

Read 14 remaining paragraphs | Comments

Posted in News | Leave a comment