Monthly Archives: April 2020

Exploring Open-Toolchain FPGA HW Part 1

Source: Hacker News

Article note: This is a super useful guide that answers some questions I've had. I spend a lot of time with the (rather expensive and proprietary) Xilinx ecosystem, and would like to dip my toes in Lattice and/or FOSS worlds, but was having trouble figuring out what was working and suitable.
Comments
Posted in News | Leave a comment

What Happened to Lee

Source: Hacker News

Article note: This is a thoroughly upsetting read. Well-written story of the author of a bunch of the core infrastructure for Cloudflare and their frontotemporal dementia.
Comments
Posted in News | Leave a comment

Medical device “jailbreak” could help solve the dangerous shortage of ventilators

Source: Ars Technica

Article note: Always fun to see what Trammel is up to. This week: They've PoC'd a jailbreak that unlocks all the modes on cheap Airsense CPAP machines, because the only difference between Airsense CPAP, BiPAP, BiPAP-ST, and iVAPS units is firmware lock-outs, it's all the same hardware. The strong suggestion is you shouldn't use it until the vendor and FDA weigh in, but it's amazing how much of tech's margins are pure bullshit.
Medical device “jailbreak” could help solve the dangerous shortage of ventilators

Enlarge (credit: airbreak.dev)

As infections from the ongoing COVID-19 pandemic continue to climb, hospitals around the world are struggling with a potentially fatal shortage of ventilators, the bedside machines that help patients breathe when they’re unable to do so on their own. Meanwhile, hundreds of thousands of lower-grade breathing devices known as continuous positive airway pressure machines sit idle in closets or warehouses because their manufacturers say they can’t perform the same life-saving functions.

Security researcher Trammell Hudson analyzed the AirSense 10—the world’s most widely used CPAP—and made a startling discovery. Although its manufacturer says the AirSense 10 would require “significant rework to function as a ventilator,” many ventilator functions were already built into the device firmware.

Its manufacturer, ResMed, says the $700 device solely functions as a continuous positive airway pressure machine used to treat sleep apnea. It does this by funneling air into a mask. ResMed says the device can’t work as a bilevel positive airway pressure device, which is a more advanced machine that pushes air into a mask and then pulls it back out. With no ability to work in both directions or increase the output when needed, the AirSense 10 can’t be used as the type of ventilator that could help patients who are struggling to breathe. After reverse-engineering the firmware, Hudson says the ResMed claim is simply untrue.

Read 8 remaining paragraphs | Comments

Posted in News | Leave a comment

“Dad, I found this ‘Inspect Element’ thing in Chrome that lets me see what the answers to the quizzes are in Schoology and Google Classrooms! “There’s this ‘if true’ thing and only one answer has 1 and the others have 0.” So proud. But mebbe the devs cudda obfuscated more?

Source: Twitter / swiftonsecurity

Article note: Oh ed-tech carpetbaggers. You can always count on them to be incompetent regardless of scale. I'm sure they built a pile of obfuscating tooling, and someone just went ahead and serialized everything to send to the client... including which answer is correct.

“Dad, I found this ‘Inspect Element’ thing in Chrome that lets me see what the answers to the quizzes are in Schoology and Google Classrooms! “There’s this ‘if true’ thing and only one answer has 1 and the others have 0.” So proud. But mebbe the devs cudda obfuscated more?

Posted in News | Leave a comment

“Dad, I found this ‘Inspect Element’ thing in Chrome that lets me see what the answers to the quizzes are in Schoology and Google Classrooms! “There’s this ‘if true’ thing and only one answer has 1 and the others have 0.” So proud. But mebbe the devs cudda obfuscated more?

Source: Twitter / swiftonsecurity

Article note: Oh ed-tech carpetbaggers. You can always count on them to be incompetent regardless of scale. I'm sure they built a pile of obfuscating tooling, and someone just went ahead and serialized everything to send to the client... including which answer is correct.

“Dad, I found this ‘Inspect Element’ thing in Chrome that lets me see what the answers to the quizzes are in Schoology and Google Classrooms! “There’s this ‘if true’ thing and only one answer has 1 and the others have 0.” So proud. But mebbe the devs cudda obfuscated more?

Posted in News | Leave a comment

Riot Games newest title “Valorant” installs kernel driver to run anti-cheat

Source: Hacker News

Article note: Installing a kernel-mode rootkit to combat cheating in a game seems really excessive to me, and like an incentive for even-more-intrusive cheating mechanisms to propagate malware, but I've never really taken multiplayer anything seriously. Edit: Oh. https://twitter.com/lukeweston/status/1249901037160284161 They do. I'm surprised the cheat market hasn't moved on to hardware, an HDMI tap and USB HID device emulator on a little attached computer could do a lot, as could a carefully tampered network card.
Comments
Posted in News | Leave a comment

Computers Can Be Understood

Source: Hacker News

Article note: This is a very good attitude we need much more of.
Comments
Posted in News | Leave a comment

Computers Can Be Understood

Source: Hacker News

Article note: This is a very good attitude we need much more of.
Comments
Posted in News | Leave a comment

Apple and Google detail bold and ambitious plan to track COVID-19 at scale

Source: Ars Technica

Article note: They're just tipping their hand on shit they've already been selling as commercial surveillance tech, this is the same shit retail stores and universities keep getting caught using.
Apple and Google detail bold and ambitious plan to track COVID-19 at scale

Enlarge (credit: Google)

In a bold and ambitious collaboration, Apple and Google are developing a smartphone platform that tries to track the spread of the novel coronavirus at scale and at the same time preserve the privacy of iOS and Android users who opt in to it.

The cross-platform system will use the proximity capabilities built into Bluetooth Low Energy transmissions to track the physical contacts of participating phone users. If a user later tests positive for COVID-19, the disease caused by the coronavirus, she can choose to enter the result into a health department-approved app. The app will then contact all other participating phone users who have recently come within six or so feet of her.

The system, which Google and Apple described here and here respectively, applies a technological approach to what’s known as contact tracing, or the practice of figuring out everyone an infected individual has recently been in contact with. A recently published study by a group of Oxford researchers suggested that the novel coronavirus is too infectious for contact tracing to work well using traditional methods. The researchers proposed using smartphones, since they’re nearly ubiquitous, don’t rely on faulty memories of people who have been infected, and can track a nearly unlimited number of contacts of other participating users.

Read 24 remaining paragraphs | Comments

Posted in News | Leave a comment

Some shirts hide you from cameras—but will anyone wear them?

Source: Ars Technica

Article note: Harassing entities attempting surveilence is always a good sport. Some of the CV-Dazzle designs I'd wear just because they're neat. I also really like the suggestion in the comments to put a QR code containing the EICAR Test String (a dummy that triggers antivirus) on things to fuck with all the entities using off-the-shelf excessive image recognition tools in public, I might have to make some stickers or something...
Some shirts hide you from cameras—but will anyone wear them?

Enlarge (credit: Aurich Lawson / Getty)

Right now, you're more than likely spending the vast majority of your time at home. Someday, however, we will all be able to leave the house once again and emerge, blinking, into society to work, travel, eat, play, and congregate in all of humanity's many bustling crowds.

The world, when we eventually enter it again, is waiting for us with millions of digital eyes—cameras, everywhere, owned by governments and private entities alike. Pretty much every state out there has some entity collecting license plate data from millions of cars—parked or on the road—every day. Meanwhile all kinds of cameras—from police to airlines, retailers, and your neighbors' doorbells—are watching you every time you step outside, and unscrupulous parties are offering facial recognition services with any footage they get their hands on.

In short, it's not great out there if you're a person who cares about privacy, and it's likely to keep getting worse. In the long run, pressure on state and federal regulators to enact and enforce laws that can limit the collection and use of such data is likely to be the most efficient way to effect change. But in the shorter term, individuals have a conundrum before them: can you go out and exist in the world without being seen?

Read 32 remaining paragraphs | Comments

Posted in News | Leave a comment