Uwe Hermann @uwehermann@fosstodon.org

a new set of side-channel attacks that allow microarchitecture data sampling Intel CPUs
https://www.theregister.co.uk/2019/05/14/intel_sidechannel_vulnerability/

seriously, Mifare classic in 2019? That's ~12 years after it has been broken? How clueless can a manufacturer of keys/locks be? #ABUS fail https://www.golem.de/news/abus-alarmanlage-rfid-schluessel-lassen-sich-klonen-1905-141061.html

Die Gesellschaft für Informatik #GI schliesst ihr offizielle #Facebook Präsenz. Als Begründung wird angeführt:
1. Facebook ist ein Feind des Datenschutzes.
2. Facebook vernachlässigt die Datensicherheit.
3. Facebook bedroht Demokratie und Marktwirtschaft.
Ausführlicher:
https://gi.de/meldung/gi-zentrale-verlaesst-facebook/
Hoffentlich werden weitere Organisationen dem Beispiel folgen!

"A Conspiracy to Kill IE6", in which some rogue YouTube developers helped push a bunch of users to switch to literally anything else.

http://blog.chriszacharias.com/a-conspiracy-to-kill-ie6

Really good talk by @tnt full of details about the ice40up5k FPGA and a bunch of very interesting usescases of that chip. Thanks for the iCEBreaker shoutout @tnt ! :D https://media.ccc.de/v/osmodevcon2019-98-the-ice40-fpga

Sigh: "A peer-to-peer (P2P) communications technology built into millions of security cameras and other consumer electronics includes several critical security flaws that expose the devices to eavesdropping, credential theft and remote compromise, new research has found."
https://krebsonsecurity.com/2019/04/p2p-weakness-exposes-millions-of-iot-devices/ #KrebsOnSecurity

RT @jwcarroll@twitter.com

Alternative Big O notation:

O(1) = O(yeah)
O(log n) = O(nice)
O(n) = O(ok)
O(n²) = O(my)
O(2ⁿ) = O(no)
O(n!) = O(mg!)

It appears that Joseph Prusa is going to compete with Thingiverse with his own 3D model repository. Good news. Joseph truly believes in open source while Makerbot, the owner of Thingiverse, betrayed the open source community in the past.

https://hackaday.com/2019/04/24/prusa-launches-their-own-3d-model-repository/

#3dprint #prusa #Makerbot

#libsigrokdecode now supports 100 different protocol decoders!

The latest addition was a TI CC1101 decoder, stacking upon the SPI PD.

Looking forward to your contributions so we can get to 200 decoders next 😉

https://www.sigrok.org/blog/100th-supported-sigrok-protocol-decoder-cc1101

HTML5 ping tracking – Firefox will enable it by default:

https://www.bleepingcomputer.com/news/software/mozilla-firefox-to-enable-hyperlink-ping-tracking-by-default/

– HTML5 ping attributes can be used to track people if they click a link (<a href=… ping=…>) by sending POST requests to an arbitrary amount of hosts
– tracking is possible without any JavaScript, or Cookies
– Steve Gibson talked about it in Security Now 709: https://mastodon.at/@infosechandbook/101899819296611698
– ping is enabled in Chrome, Opera, Edge, Safari by default

#html5 #ping #tracking #firefox #mozilla

Six Stages of Debugging

Step 1 : That can’t happen.

Step 2 : That doesn’t happen on my machine.

Step 3 : That shouldn’t happen.

Step 4 : Why does that happen?

Step 5 : Oh, I see.

Step 6 : how did that ever work?

"Why don't browsers allocate bigger stack?"
Because shitty online games which rely on stack overflows for obfuscation are breaking then, that's why. For reals.
https://bugzilla.mozilla.org/show_bug.cgi?id=1537609

Finally, somebody decided it had to be done... #DeleteFacebook #DeleteInsagram #deleteGoogle #privacy
https://dayssincelastfacebookscandal.com/

Interested in learning about KiCad but don't want to sit down to an hour long video? Check this series out! https://hackaday.com/2019/04/18/byte-sized-pieces-help-the-kicad-go-down/

Original tweet: https://twitter.com/hackaday/status/1119058247787384832

"Can I fully control my Android phone?": No, you can't.

– in our tests, AFWall+ leaked DNS queries of all apps on the device (including blocked apps), making it easy to determine apps installed on the phone
– updating Android doesn't imply that firmware vulnerabilities get fixed
– apps from F-Droid/Play Store etc. can still leak personal data as shown in our /e/ article
– besides, your proprietary baseband processor, GPS, sensors etc. remain out of control

#android #security #privacy #infosec

"Is LineageOS without Google apps 100% Google-free?": No, it isn't.

– some LOS services like NetworkMonitor still connect to Google (https://github.com/LineageOS/android_frameworks_base/blob/lineage-16.0/services/core/java/com/android/server/connectivity/NetworkMonitor.java)
– some settings like the phone's DNS server can still send data to Google
– besides, LOS, many apps, and the whole internet heavily rely on libraries, protocols, and standards (e.g. HTTP/2, Certificate Transparency) developed by Google, so there will never be a "100% Google-free something" for average users

Calibrating feeder pickup positions.

#pv (Pipe Viewer) is an essential utility for the terminal.

pv tracks how much data goes through it, and can estimate the time until completion.

This is a great help when performing tasks like tarring a directory. tar -xzf out.tgz dir/ will tar and compress dir but it doesn't give a progress meter. tar -xzf - dir/ | pv > out.tgz does the same and shows a detailed progress meter with pv.

Website 🔗: https://www.ivarch.com/programs/pv.shtml

apt 📦: pv

#free #opensource #foss #fossmendations #sysadmin