Monthly Archives: February 2021

Article note: The whole story of DMR's thesis (non-submission, typesetting, etc.) is a wonderfully weird thing.

Article note: Ooh, that's really nice. The "web stack" is a brittle piece of shit, but at least that makes it easy to mock out unwanted functionality to remove it without breaking the desirable remainder of the programs-that-should-have-just-been-markup.

Article note: Oh that's bad. Remotely-usable hard-coded admin credential. PLCs were doing shitty IoT behavior before IoT was a thing. At least most of them are jailed on isolated control networks because everyone _knows_ they're chickenshit, but it still makes a hell of an escalation path.

Enlarge (credit: Rockwell Automation)

Hardware that is widely used to control equipment in factories and other industrial settings can be remotely commandeered by exploiting a newly disclosed vulnerability that has a severity score of 10 out of 10.

The vulnerability is found in programmable logic controllers from Rockwell Automation that are marketed under the Logix brand. These devices, which range from the size of a small toaster to a large bread box or even bigger, help control equipment and processes on assembly lines and in other manufacturing environments. Engineers program the PLCs using Rockwell software called Studio 5000 Logix Designer.

On Thursday, the US Cybersecurity & Infrastructure Security Administration warned of a critical vulnerability that could allow hackers to remotely connect to Logix controllers and from there alter their configuration or application code. The vulnerability requires a low skill level to be exploited, CISA said.

Article note: Well, that's pretty much exactly what everyone expected. The "Premire Bundle" or whatever I got free with my ...YouTube subscription that I had as a side-effect of my Play Music subscription which is also now a dead product... was neat hardware, and the technical accomplishment of making the whole convoluted thing work is impressive... but I used it for maybe 4 hours the week I got it and haven't touched it since. It's not compelling on it's own, and it's _especially_ not compelling knowing Google's erratic tendencies with their consumer facing products.

Enlarge / As we learn more about Stadia's inner workings, we've begun adding some "flair" to this Stadia-branded PUBG parachute. (credit: PUBG / Getty Images / Aurich Lawson)

In the wake of Google shutting down its Stadia Games & Entertainment (SG&E) group, leaks about the underwhelming game-streaming service have started to emerge. A Friday Bloomberg report, citing unnamed Stadia sources, attaches a new number to the failures: "hundreds of thousands" fewer controllers sold and "monthly active users" (MAU) logging in than Google had anticipated.

The controller sales figure is central to the story told Friday by Bloomberg's Jason Schreier: that internally, Google was of two minds about how Stadia should launch. One idea looked back at some of the company's biggest successes, particularly Gmail, which launched softly in a public, momentum-building beta while watching how it was received over time. The other, championed by Stadia lead Phil Harrison, was to treat Stadia like a console, complete with some form of hardware that could be hyped and pre-sold. In Stadia's case, the latter won out, with Harrison bullishly selling a Stadia Founder's Bundle—and this worked out to be a $129.99 gate to the service. Without it, you couldn't access Stadia for its first few months.

As Schreier reports, Harrison and the Stadia leadership team "had come from the world of traditional console development and wanted to follow the route they knew."

Article note: I've been interested in unobtrusive distraction-minimizing and tactile interfaces and opposed to the level of penetration touchscreens have made for a good 15 years now. Cars are _the most_ egregious.

Article note: Oh no... Nintendo is getting good at open world games, this might represent a major threat to my productivity next year.

Article note: Dumb TVs really don't need defending except from vendors who are now bundling crapware and spyware for "alternative income streams" like PC vendors in the early 2000s and Android vendors...now...actually that's mostly the same companies. We'd all prefer a high quality dumb panel and some HDMI-attached gadgets to be replaced at will to obsolescent-before-it-shipped dog-slow "smart" TVs.

Article note: It's a pleasing idea. I suspect, like most modular consumer electronics (see: Project Ara) that it won't actually pan out because the requirements will change too much generation-to-generation for the modules to actually be interchangeable, but it is very appealing.

Article note: Hyyyyyype.