Tuesday, August 06

Geek

Daily News Stuff 6 August 2019

Ooflets Everywhere Edition

Tech News


Retrocomputing and Makery Stuff Journal


Looking for an Arm single-board computer to run Linux?  Unfortunately there's not really all that much on the market right now, with only twenty or thirty new boards coming out each week.



Want to screen capture your little SBC?  Well, you could loop the digital video output back into the microcontroller's camera interface.  Or if you have HDMI out, you can just shove it into an Orange Pi.


Or...  Maybe not.  That board looks pretty annoying actually.  It does have a lot of different ports, the problem is getting them to work reliably.  But if you want to record HDMI, the alternative is a full-scale PC with a separate HDMI capture card.


Video of the Day



Irresistible life with monster girls.


Picture of the Day

http://ai.mee.nu/images/CureFrootloop.jpg?size=720x&q=95

Via Brickmuppet, it's Cure White, Cure Black, and Cure Frootloop.



Disclaimer: There's no telling where the money went.

Posted by: Pixy Misa at 10:33 PM | Comments (13) | Add Comment | Trackbacks (Suck)
Post contains 515 words, total size 6 kb.

1 "If you click on a malicious file it can run code without your confirmation."
This sounds like one of Raymond Chen's "other side of the airlock" issues.
"If you click on a malicious .desktop file."  How did that file get where you could click it?
...probably some other security hole, heh.

Posted by: Rick C at Wednesday, August 07 2019 12:39 AM (Iwkd4)

2 Oops! I forgot to include the source for the pic, It's Ueyama Michero.

Posted by: The Brickmuppet at Wednesday, August 07 2019 01:23 AM (YUAc9)

3 Blank spaces are associated with Super Happy Fun America?

Voids are associated with Super Happy Fun America?

Fog is associated with Super Happy Fun America?

Ah! People who sniff white-out!

Well that explains everything.

Posted by: The Brickmuppet at Wednesday, August 07 2019 01:30 AM (YUAc9)

4 Their reason was ' ' because it's the coded symbol for whitespace, and everyone knows that white spaces are unacceptable in a diverse character set. From now on, you have to use Unicode U+E0020, 'tag space'. The motion to use U+2420 as a symbolic protest was killed in committee.

-j

Posted by: J Greely at Wednesday, August 07 2019 01:46 AM (ZlYZd)

5 HDMI in board? But there's so little HDMI that doesn't have an anti-copy code in it these days. (And the DMCA makes it illegal to possess devices, or even tell people how to defeat copy protection on Hollywood's stuff.

Which is why were back to pointing cameras at TVs these days.

Posted by: Mauser at Wednesday, August 07 2019 01:53 PM (Ix1l6)

6 It's great for hobby projects, where you control the source of the HDMI as well as the capture system.  But in general, yeah, you'd have to hack the HDCP first.  (Which is quite possible - a number of HDCP master keys have leaked - but still a nuisance.)

Posted by: Pixy Misa at Wednesday, August 07 2019 05:16 PM (PiXy!)

7 @Rick, the vulnerability is worse than that—a bit more digging suggests that just viewing a directory containing a .desktop or .directory file is sufficient. Visit ~/Desktop in the KDE file explorer and you could be hosed.

Posted by: Jay at Wednesday, August 07 2019 10:59 PM (mrlXS)

8 Jay, I get that.  But Raymond's "other side of the airlock" meme asks "how did a malicious .desktop file get on your desktop?"  Generally speaking, you'd have to either have done it yourself[1] or been victimized by another vulnerability.  If the latter, a smart black hat would've just pwned your system directly instead of putting a file on your desktop and hoping you'd click it so he could pwn your system.
[1] admittedly, this could be some kind of malicious app installer...but then see the next sentence.

Posted by: Rick C at Thursday, August 08 2019 12:32 AM (Iwkd4)

9 Say the email you the file as an attachment.  You're smart enough not to click on it, but just viewing the directory it's in could run it.  There have been similar vulnerabilities in Outlook in the past, where viewing the email without clicking anything would trigger the exploit.

Posted by: Pixy Misa at Thursday, August 08 2019 12:43 AM (PiXy!)

10 Ok.  (If I were feeling quarrelsome I'd suggest that an email client that automatically saves attachments is probably a bad thing, but I guess that seems a legit potential vector.)

Posted by: Rick C at Thursday, August 08 2019 12:57 AM (Iwkd4)

11 Yeah, it's not a good idea, but I'm certain such a thing exists.  Probably dozens of them.

Posted by: Pixy Misa at Thursday, August 08 2019 12:59 AM (PiXy!)

12 I don't remember what Unix email client I was using in the late Nineties, but it processed attachments on incoming email and saved them all in a single cache folder; you didn't have to open or even select the message. Worse, it wasn't very good at cleaning out the cache when messages were deleted.

I had to scrub my drive very thoroughly when I discovered this, because I was on the "abuse" mailing list at WebTV, and customers often emailed us anything offensive they found on the Internet. Including images of the sort that attract attention from federal law enforcement...

I just tested Apple's Mail.app, and it unpacks attachments when a message arrives, then runs the Spotlight indexing tools on the text and all attachments in recognized formats. What could go wrong?

-j

Posted by: J Greely at Thursday, August 08 2019 06:20 AM (ZlYZd)

13 "What could go wrong?"
Nothing.  Apple computers don't get malware.

Posted by: Rick C at Thursday, August 08 2019 07:30 AM (Iwkd4)

Hide Comments | Add Comment




Apple pies are delicious. But never mind apple pies. What colour is a green orange?




55kb generated in CPU 0.03, elapsed 0.1674 seconds.
54 queries taking 0.143 seconds, 296 records returned.
Powered by Minx 1.1.6c-pink.