Article note: Fuck Yeah.
No one has hacked the signing so new firmware isn't on the menu, but I was starting at the update process when I was doing mine thinking "this should be hacked."
Ever since the demise of Google’s Stadia game streaming service, the associated Stadia controllers have found themselves in limbo, with the only way to switch them from the proprietary WiFi mode to Bluetooth by connecting to a special Google website. Yet as [Gary] found out, all this website does is flash a firmware file via WebUSB and WebHID over the original Stadia firmware with a generic Bluetooth controller firmware image. This is the reason why it’s a one-way process, but this wasn’t to [Gary]’s liking, so he figured out how to flash the controller himself, with the option to flash the original Stadia firmware or something else on it later, too.
[Gary]’s stadiatool follows the same procedure as the Google Stadia website, just implemented in Python and outside the control of Google. Although Google has recently announced that it will keep the Bluetooth switching website online one year longer – until December 31st 2024 – at some point this service will go away and only projects like [Gary]’s together with squirreled away firmware images can still save any stray Stadia controllers that will inevitably discovered in the back of a warehouse in the future.
Although we reported on the demise of Stadia when it happened in January of 2023, as Ars Technica notes it was common in 2022 to buy into Stadia and get a controller manufactured in the 2019 launch year, suggesting massive overproduction.
Article note: This feels like a solid "We should regulate the shit out of the equipment and working conditions" situation, not a "ban the material" situation, there are an _awful_ lot of silicosis (and other fine airborne material) risks in manufacturing environments, and engineered stone products are very safe when not being cut.
We know how to filter even for nastier materials, inadequate tooling and PPE for working with silica-bearing materials is an employers and employees not taking proper precautions problem. Most engineered stone work should probably be being done with automated machinery run wet, not untrained immigrants wearing bandannas anyway.
Engineered stone, also known as artificial stone or composite stone, has become a popular material in the construction and design industries due to its aesthetic appeal and durability. It’s become the go-to solution for benchtops in particular, with modern kitchens and bathrooms heavily featuring engineered stone in this way.
However, this seemingly innocuous material harbors a dark side, posing significant health risks to workers involved in its manufacturing and installation. The hazards associated with engineered stone have gone unnoticed for some time, but the toll is adding up, and calls for action grow louder. Let’s examine why engineered stone is so harmful, and explore the measures being taken across the world to curtail or even ban its use.
Hidden Dangers
Engineered stone for benchtops is primarily made from quartz, one of the hardest minerals on Earth. The manufacturing process involves grinding quartz into dust and then combining it with resins and pigments. This creates a product that replicates the beauty of natural stone. Finding natural stone in large, uniform, aesthetically-perfect pieces suitable for benchtops is difficult. Thus, if you want a big natural stone benchtop, it comes at a very high price. Engineered stone benchtops can be had far more cheaply, as the material can be fabricated to any size or shape desired. It can also offer enhanced durability and stain resistance thanks to being non-porous, making it an ideal choice for countertops. Many engineered stone countertop products include a very high amount of silica, often up to 95%. It was first developed in the 1960s, and began to gain in popularity in following decades. It’s now highly popular for use in kitchens and bathrooms.
The material doesn’t pose a risk once installed and used as a benchtop. The danger of engineered stone lies in the dust generated during the cutting, grinding, and polishing processes, which are typically undertaken during manufacturing or installation. By virtue of being made from quartz, dust from engineered stone contains high levels of crystalline silica.
When inhaled, silica dust can penetrate deep into the lungs. The most severe health consequence is silicosis, a debilitating and often fatal lung disease. The dust particles itself in the aveolar sacs in the lungs causing irreversible damage. Over time, the dust particles are ingested by macrophages—immune system cells charged with destroying pathogens. They in turn stimulate the production of collagen around the tiny particles, which in time creates fibrotic nodules in the lungs that coalesce together in patients with higher exposure levels, which inhibits lung function. Those with the disease suffer most particularly from shortness of breath, rapid breathing, persistent coughs, and fatigue. Chest pain, weight loss, and loss of appetite are also common. Patients with silicosis are also much more susceptible to tuberculosis infection, lung cancer, and chronic obstructive pulmonary disease (COPD).
The rise in the use of engineered stone has been mirrored by an alarming increase in cases of silicosis. This has been particularly evident among young workers in the stonecutting industry, many of whom have developed the advanced stages of the disease after only a few years of exposure. The aggressive form of silicosis seen in these workers is often referred to as “accelerated silicosis,” which can develop much more rapidly than traditional forms of the disease. Due to the similar causative factor of inhaling dust and the symptoms of lung disease, engineered stone has at times been colloquially referred to as “the new asbestos.”
In Australia, a case of silicosis linked to engineered stone was first identified in 2015, in a worker from the engineered stone industry. 570 cases have since been identified. The matter was quite unlike some traditional industrial hazards, which can take decades to reveal their harms. In many cases, silicosis from engineered stone was striking down workers in their prime, with many under 35 years of age.
Australia's young tradies who've been given a death sentence.
The rapid count of cases, especially among young workers, quickly prompted a nationwide outcry for action. In October this year, the Construction, Forestry, Mining, and Energy Union (CFMEU) voted in favor of a ban on the material. The broader union movement in Australia voted to support the ban, meaning no union workers would allow the importation, manufacturing, or use of the material in the country from the middle of 2024. In turn, major hardware retailers agreed to drop the material by the end of the year, and furniture giant Ikea similarly agreed to phase out the material from its kitchen range.
Australian authorities acted in turn, announcing a world-first prohibition on engineered stone to commence on July 1, 2024. The measures include a customs prohibition on the importation of the material. The ban also prohibits the manufacturing, supply, processing, or installation of engineered stone. Reports from government authorities noted that there was ” no scientific evidence for a safe threshold of crystalline silica content in engineered stone, or that lower silica content engineered stone is safer to work with.” Personal protective equipment has also proven to be inadequate to reduce the risk of harm.
In the interim period before the ban takes place, Australian authorities have mandated safer working procedures to limit the possible harm from the material. Water suppression “wet cutting” systems are required, or alternatively, the use of dust extraction and/or ventilation systems. Workers are also required to use appropriate respiratory protective equipment.
These regulations include mandatory health monitoring for workers, improved ventilation and dust extraction systems, and the requirement for wet cutting methods to reduce dust generation. Additionally, there has been an increase in awareness campaigns aimed at educating workers and employers about the risks of silica dust and the importance of protective measures.
The actions taken by Australia serve as a model for other countries grappling with similar issues. The ban on engineered stone, while a bold move, underscores the seriousness of the health risks associated with silica dust exposure. It also highlights the need for a global reevaluation of the use of materials that pose significant health risks to workers. The material has already made headlines in California, where even workers in their 20s as are struggling with silicosis from cutting engineered stone benchtops. Australia’s ban has proven of great interest to those fighting for emergency rules to be placed on the use of the material.
Of course, a ban in one nation is no guarantee that workers elsewhere will be protected. Indeed, asbestos once again proves a useful example. Countries like Norway, Kuwait, and Australia banned the material for its deleterious health effects. The EU followed, as did most nations of the OECD. And yet, the United States continues to allow its use, as do countries like India, Russia, China. The latter two still mine it, as do Kazahkstan and Brazil. All forms of asbestos are carcinogenic to humans, and yet the mining and production goes on. International industry groups still exist to lobby for the use of the material because where there’s potential to make money, someone will have a go.
While engineered stone offers many desirable qualities, the health risks it poses to workers cannot be ignored. The steps taken by Australia to combat the dangers of silica dust exposure set an important precedent, emphasizing the need for vigilant regulation and a commitment to worker safety in industries worldwide. As we move forward, it is crucial to continue prioritizing the health and well-being of those who labor to bring these products to market.
Article note: It's a really interesting attack.
The attacker is basically manipulating the sequence numbers during the handshake with IGNORE packets, allowing them to cancel parts of the handshake.
Also interesting that it was an attack vector that was considered and deemed theoretically impossible.
Sometime around the start of 1995, an unknown person planted a password sniffer on the network backbone of Finland’s Helsinki University of Technology (now known as Aalto University). Once in place, this piece of dedicated hardware surreptitiously inhaled thousands of user names and passwords before it was finally discovered. Some of the credentials belonged to employees of a company run by Tatu Ylönen, who was also a database researcher at the university.
The event proved to be seminal, not just for Ylönen's company but for the entire world. Until that point, people like Ylönen connected to networks using tools which implemented protocols such as Telnet, rlogin, rcp, and rsh. All of these transmitted passwords (and all other data) as plaintext, providing an endless stream of valuable information to sniffers. Ylönen, who at the time knew little about implementing strong cryptography in code, set out to develop the Secure Shell Protocol (SSH) in early 1995, about three months after the discovery of the password sniffer.
As one of the first network tools to route traffic through an impregnable tunnel fortified with a still-esoteric feature known as "public key encryption," SSH quickly caught on around the world. Besides its unprecedented security guarantees, SSH was easy to install on a wide array of operating systems, including the myriad ones that powered the devices administrators used—and the servers those devices connected to remotely. SSH also supported X11 forwarding, which allowed users to run graphical applications on a remote server.
When I am weaker than you, I ask you for freedom because that is according to your principles; when I am stronger than you, I take away your freedom because that is according to my principles.
— [apparently not actually]Louis Veuillot, but attributed to him a century before Frank Herbert did so