Monthly Archives: August 2023

Texas law requiring age verification on porn sites ruled unconstitutional [Updated]

Source: Ars Technica

Article note: TWO stupid censorious internet laws, rife with terrible privacy/security implications, motivated by "Think of the children!1!" in stupid censorious western municipalities knocked down in one week.
Texas law requiring age verification on porn sites ruled unconstitutional [Updated]

Enlarge (credit: Aurich Lawson | Getty Images)

The day before a Texas antiporn law that requires age verification to access adult websites was set to take effect, the state's attorney general, Angela Colmenero, has been at least temporarily blocked from enforcing the law.

US District Judge David Alan Ezra granted a preliminary injunction temporarily blocking enforcement after the Free Speech Coalition (FSC) joined adult performers and sites like Pornhub in a lawsuit opposing the law. Today, they convinced Ezra that Texas' law violates the First Amendment and would have "a chilling effect on legally-protected speech," FSC said in a press release.

“This is a huge and important victory against the rising tide of censorship online,” Alison Boden, FSC's executive director, said. “From the beginning, we have argued that the Texas law, and those like it, are both dangerous and unconstitutional. We’re pleased that the court agreed with our view that [the law's] true purpose is not to protect young people, but to prevent Texans from enjoying First Amendment protected expression. The state’s defense of the law was not based in science or technology, but ideology and politics.”

Read 13 remaining paragraphs | Comments

Posted in News | Leave a comment

Hacked Chromebook Thoughts

Several years ago I picked up a used Dell Chromebook 11 3189 (model code “Kefka”) to play with. At the time it was still receiving ChromeOS updates, had a sticky hinge that required some lubrication and manipulation to get working, and cost around $100 including the separately purchased power adapter. I’ve hacked on it in a wide variety of ways over the years, and the main interesting result is that I’m starting to think a hacked out-of-support x86 Chromebook is, in many ways, now better and cheaper than a Raspberry Pi in that role as a modern accessible extra computer to enable fearless play the Pi was intended to fill. I’ve been taking notes, so way too much detail below.

Continue reading
Posted in Computers, DIY, General, Objects | Leave a comment

Australia will not force age verification due to privacy and security concerns

Source: Hacker News

Article note: Holy crap, common sense prevailed, a western country is backing away from overbearing internet legislation motivated by "Think of the children!"
Comments
Posted in News | Leave a comment

Two years unmasking a well-funded Silicon Valley ‘apocalypse cult’

Source: Hacker News

Article note: There is, as always, a problem of extremes. Thinking about long-term ramifications is _generally_ a good thing, but you run into camps of true believers who spend too much time huffing their own farts and get to some weird places. Long-term: "Perhaps we should accept some short-term economic contraction in order to head off the effects of increasing climate instability" - I'm totally on board. Long-term: "We should let billions of the poor die horribly to accelerate the possibility that our progeny's progeny might live forever in pleasure domes floating through space" - Go fuck yourself. Long-term: "We should think about sustainable, humane ways to distribute material goods a society in which automation performs most of the actual labor." - Yup, that's a thing to think about before it becomes any more of a problem. Long-term: "BRO DID YOU SEE TERMINATOR AND THE MATRIX? OUR SHITTY CHATTERBOTS ARE TOTALLY ON THE CUSP OF AGI AND WILL KILL US ALL!1!" - no. touch grass.
Comments
Posted in News | Leave a comment

Multiplix, operating system kernel for RISC-V and AArch64 SBCs

Source: Hacker News

Article note: Oooh, from the guy who wrote the excellent Micro editor, which I use on a daily basis. In D with no runtime (they call it "betterC" mode, in the vein of Rusts' #![no_std] or -nostdlib in C++), something that many of the modern "systems languages" are struggling with handling well. This should be instructive to watch.
Comments
Posted in News | Leave a comment

I’m so sorry for psychology’s loss, whatever it is

Source: Hacker News

Article note: Gettin' ready to spend a chunk of my day tomorrow in a mandatory RCR ("Responsible Conduct of Research") training session. ...Meanwhile, the median paper I've looked deeply at in the last 5 years is "fraud-adjacent" (usually via hand-waives like "we model $EFFECT_IN_TITLE as $VASTLY_EASIER_UNRELATED_PROBLEM" or "Using voodoo amplification, we boost signals with the desired property right through the noise floor"), and ... you know. This. Most papers are noise, and according to the structural incentives of academia, it _literally doesn't matter if they're fake_ because no one reads, much less believes, them anyway.
Comments
Posted in News | Leave a comment

Deal crucial to building Kentucky’s largest cryptomine rejected by state regulators 

Source: Latest News

Article note: Good. That giant waste of valuable resources can fuck right off.

The Big Sandy Power Plant near Louisa, Ky., Tuesday May 1, 2012.

Posted in News | Leave a comment

Sipeed unveils RISC-V tablet, portable Linux console, and cluster

Source: Hacker News

Article note: The tablet and mini-laptop formfactors are cute and appealing. The fact that the RISC-V ecosystem is _already_ having problems with "the TH1520 in these parts shipped pre-standard extensions so you'll be stuck with a weird GCC fork" while still insisting that cobbling an instruction set that way wasn't dumb.
Comments
Posted in News | Leave a comment

GTA 6 Hacker Found to Be Teen With Amazon Fire Stick In Small Town Hotel Room

Source: Hack a Day

Article note: This is the most cyberpunk shit. No computer because you got caught hacking a telecom company and are in protective custody? Fine, hack this media consumption appliance with a computer in it to use as a computer, then use it as a base of operations to hack a major game studio. The criming is dumb (and ...announcing to everyone that you're criming... is even dumber), but I respect the ingenuity.

International cybercrime, as portrayed by the movies and mass media, is a high-stakes game of shadowy government agencies and state-sponsored hacking groups. Hollywood casting will wheel out a character in a black hoodie and shades, probably carrying a metallic briefcase as they board an executive jet.

These things aren’t supposed to happen in a cheap hotel room in your insignificant hometown, but the story of a British teen being nabbed leaking the closely guarded details of Grand Theft Auto 6 in a Travelodge room in Bicester, Oxfordshire brings the action from the global into the local for a Hackaday scribe. Bicester is a small town best known for a tacky outlet mall and as a commuter dormitory stop on the line to London Marylebone, it’s not exactly Vice City.

The teen in question is one [Arion Kurtaj], breathlessly reported by the BBC as part of the Lapsus$ gang, which is a sensationalist way of talking up a group of kids expert at computer infiltration but seemingly inept at being criminals. After compromising British telcos he was exposed by another group and nabbed by the authorities, before being moved to the hotel for his own safety.

Here the story becomes more interesting for Hackaday readers, because though denied access to a computer he purchased an Amazon Fire stick presumably at the Argos in the Sainsburys next door, and plugged it into the Travelodge TV. Using this he was able to access cloud services, we’re guessing a virtual Linux environment or similar, before continuing to compromise further organisations including Rockstar Games to leak that GTA 6 footage. He’s yet to be sentenced, but we’re guessing that he’ll continue to spend some time at His Majesty’s pleasure.

The moment of excitement in one’s hometown and the sensationalist reporting aside, we can’t help feeling sad that a teen with that level of talent evidently wasn’t given the support and encouragement by Oxfordshire’s education system necessary to put it to better use. Let’s hope when he’s older and wiser the teenage conviction won’t prevent him from having a useful career in the field.

Posted in News | Leave a comment

Bypassing Bitlocker using a cheap logic analyzer on a Lenovo laptop

Source: OSNews

Article note: Securing a machine an attacker has physical access to is _extremely fucking difficult_... but being able to sniff plaintext keys off an exposed SPI bus is some first decade of the 2000s "an attempt was made" shit. At least they (probably) couldn't just plug into the SPI device and ask for the key offline. Someone buy the person who did it BusPirate and/or a cheap MSO with LA pins, they're going places.

The BitLocker partition is encrypted using the Full Volume Encryption Key (FVEK). The FVEK itself is encrypted using the Volume Master Key (VMK) and stored on the disk, next to the encrypted data. This permits key rotations without re-encrypting the whole disk.

The VMK is stored in the TPM. Thus the disk can only be decrypted when booted from this computer (there is a recovery mechanism in Active Directory though).

In order to decrypt the disk, the CPU will ask that the TPM sends the VMK over the SPI bus.

The vulnerability should be obvious: at some point in the boot process, the VMK transits unencrypted between the TPM and the CPU. This means that it can be captured and used to decrypt the disk.

This seems like such an obvious design flaw, and yet, that’s exactly how it works – and yes, as this article notes, you can indeed capture the VMK in-transit and decrypt the disk.

Posted in News | Leave a comment