Tuesday, August 06
Daily News Stuff 6 August 2019
Ooflets Everywhere Edition
Want to screen capture your little SBC? Well, you could loop the digital video output back into the microcontroller's camera interface. Or if you have HDMI out, you can just shove it into an Orange Pi.
Or... Maybe not. That board looks pretty annoying actually. It does have a lot of different ports, the problem is getting them to work reliably. But if you want to record HDMI, the alternative is a full-scale PC with a separate HDMI capture card.
Irresistible life with monster girls.
Via Brickmuppet, it's Cure White, Cure Black, and Cure Frootloop.
Disclaimer: There's no telling where the money went.
Ooflets Everywhere Edition
Tech News
- The EU continues to be a shining counterexample to the world when it comes to freedom of speech. (TechDirt)
- Intel really wants you to put their incredibly expensive FPGAs in your servers. (Tom's Hardware)
- Because they know that you're not going to be buying Xeon CPUs much longer. (Tom's Hardware)
- It's not a Fourth Amendment violation if the public carry out surveillance on each other and forward it to the police. (Vice)
It's just East Germany.
- CafePress spilled the beans on 23 million users. (Bleeping Computer)
I have a CafePress account.
- There's an open exploit in the KDE desktop and file viewer. (ZDNet)
If you click on a malicious file it can run code without your confirmation.
The vulnerability was reported straight to Twitter without the usual disclosure to the developers, because the researcher wanted a conference presentation.
- Everyone hates Facebook. (ZDNet)
Particularly with their Libra cryptocurrency platform, where governments are simultaneously demanding impossible guarantees of user privacy and full disclosure and tracking of transactions on demand.
Which is a shame because Libra actually looks like it's competently designed and implemented, unlike Ethereum, where the best that can be said is that it works some of the time, or Stellar, which works most of the time but doesn't actually do very much.
- PayPal permabanned the Straight Pride Parade because . (One Angry Gamer)
Yes, the parade organisers received an email from PayPal notifying them that their account had been terminated with the reason given being a single space character.
- Fifth-rate hosting provider Voxility blocked services to a reseller hosting 8chan after the Twitter mob descended. (One Angry Gamer)
I've never visited 8chan and would probably regard it as a dumpster fire, but I have visited Twitter and that is definitely a dumpster fire.
I haven't posted about progress on the new blogging / social media platform for a few months because (a) I've been horribly busy at work, (b) I'm rewriting it in Crystal because it's lightning fast and good at catching bugs at compile time, and (c) I realised that it has to be a true distributed platform.
Later this year, with a little luck.
Retrocomputing and Makery Stuff Journal
Looking for an Arm single-board computer to run Linux? Unfortunately there's not really all that much on the market right now, with only twenty or thirty new boards coming out each week.
Want to screen capture your little SBC? Well, you could loop the digital video output back into the microcontroller's camera interface. Or if you have HDMI out, you can just shove it into an Orange Pi.
Or... Maybe not. That board looks pretty annoying actually. It does have a lot of different ports, the problem is getting them to work reliably. But if you want to record HDMI, the alternative is a full-scale PC with a separate HDMI capture card.
Video of the Day
Irresistible life with monster girls.
Picture of the Day
Via Brickmuppet, it's Cure White, Cure Black, and Cure Frootloop.
Disclaimer: There's no telling where the money went.
Posted by: Pixy Misa at
10:33 PM
| Comments (13)
| Add Comment
| Trackbacks (Suck)
Post contains 515 words, total size 6 kb.
1
"If you click on a malicious file it can run code without your confirmation."
This sounds like one of Raymond Chen's "other side of the airlock" issues.
"If you click on a malicious .desktop file." How did that file get where you could click it?
...probably some other security hole, heh.
This sounds like one of Raymond Chen's "other side of the airlock" issues.
"If you click on a malicious .desktop file." How did that file get where you could click it?
...probably some other security hole, heh.
Posted by: Rick C at Wednesday, August 07 2019 12:39 AM (Iwkd4)
2
Oops! I forgot to include the source for the pic, It's Ueyama Michero.
Posted by: The Brickmuppet at Wednesday, August 07 2019 01:23 AM (YUAc9)
3
Blank spaces are associated with Super Happy Fun America?
Voids are associated with Super Happy Fun America?
Fog is associated with Super Happy Fun America?
Ah! People who sniff white-out!
Well that explains everything.
Voids are associated with Super Happy Fun America?
Fog is associated with Super Happy Fun America?
Ah! People who sniff white-out!
Well that explains everything.
Posted by: The Brickmuppet at Wednesday, August 07 2019 01:30 AM (YUAc9)
4
Their reason was ' ' because it's the coded symbol for whitespace, and everyone knows that white spaces are unacceptable in a diverse character set. From now on, you have to use Unicode U+E0020, 'tag space'. The motion to use U+2420 as a symbolic protest was killed in committee.
-j
-j
Posted by: J Greely at Wednesday, August 07 2019 01:46 AM (ZlYZd)
5
HDMI in board? But there's so little HDMI that doesn't have an anti-copy code in it these days. (And the DMCA makes it illegal to possess devices, or even tell people how to defeat copy protection on Hollywood's stuff.
Which is why were back to pointing cameras at TVs these days.
Which is why were back to pointing cameras at TVs these days.
Posted by: Mauser at Wednesday, August 07 2019 01:53 PM (Ix1l6)
6
It's great for hobby projects, where you control the source of the HDMI as well as the capture system. But in general, yeah, you'd have to hack the HDCP first. (Which is quite possible - a number of HDCP master keys have leaked - but still a nuisance.)
Posted by: Pixy Misa at Wednesday, August 07 2019 05:16 PM (PiXy!)
7
@Rick, the vulnerability is worse than that—a bit more digging suggests that just viewing a directory containing a .desktop or .directory file is sufficient. Visit ~/Desktop in the KDE file explorer and you could be hosed.
Posted by: Jay at Wednesday, August 07 2019 10:59 PM (mrlXS)
8
Jay, I get that. But Raymond's "other side of the airlock" meme asks "how did a malicious .desktop file get on your desktop?" Generally speaking, you'd have to either have done it yourself[1] or been victimized by another vulnerability. If the latter, a smart black hat would've just pwned your system directly instead of putting a file on your desktop and hoping you'd click it so he could pwn your system.
[1] admittedly, this could be some kind of malicious app installer...but then see the next sentence.
[1] admittedly, this could be some kind of malicious app installer...but then see the next sentence.
Posted by: Rick C at Thursday, August 08 2019 12:32 AM (Iwkd4)
9
Say the email you the file as an attachment. You're smart enough not to click on it, but just viewing the directory it's in could run it. There have been similar vulnerabilities in Outlook in the past, where viewing the email without clicking anything would trigger the exploit.
Posted by: Pixy Misa at Thursday, August 08 2019 12:43 AM (PiXy!)
10
Ok. (If I were feeling quarrelsome I'd suggest that an email client that automatically saves attachments is probably a bad thing, but I guess that seems a legit potential vector.)
Posted by: Rick C at Thursday, August 08 2019 12:57 AM (Iwkd4)
11
Yeah, it's not a good idea, but I'm certain such a thing exists. Probably dozens of them.
Posted by: Pixy Misa at Thursday, August 08 2019 12:59 AM (PiXy!)
12
I don't remember what Unix email client I was using in the late Nineties, but it processed attachments on incoming email and saved them all in a single cache folder; you didn't have to open or even select the message. Worse, it wasn't very good at cleaning out the cache when messages were deleted.
I had to scrub my drive very thoroughly when I discovered this, because I was on the "abuse" mailing list at WebTV, and customers often emailed us anything offensive they found on the Internet. Including images of the sort that attract attention from federal law enforcement...
I just tested Apple's Mail.app, and it unpacks attachments when a message arrives, then runs the Spotlight indexing tools on the text and all attachments in recognized formats. What could go wrong?
-j
I had to scrub my drive very thoroughly when I discovered this, because I was on the "abuse" mailing list at WebTV, and customers often emailed us anything offensive they found on the Internet. Including images of the sort that attract attention from federal law enforcement...
I just tested Apple's Mail.app, and it unpacks attachments when a message arrives, then runs the Spotlight indexing tools on the text and all attachments in recognized formats. What could go wrong?
-j
Posted by: J Greely at Thursday, August 08 2019 06:20 AM (ZlYZd)
Posted by: Rick C at Thursday, August 08 2019 07:30 AM (Iwkd4)
59kb generated in CPU 0.0149, elapsed 0.1043 seconds.
58 queries taking 0.0937 seconds, 352 records returned.
Powered by Minx 1.1.6c-pink.
58 queries taking 0.0937 seconds, 352 records returned.
Powered by Minx 1.1.6c-pink.
