●● IRC: #techbytes @ Techrights IRC Network: Friday, December 02, 2022 ●● ● Dec 02 [01:06] *u-amarsh04 has quit (Quit: Konversation terminated!) [01:40] *u-amarsh04 (~amarsh04@3f4eq2qd8h8ka.irc) has joined #techbytes [01:59] *psydruid (~psydruid@jevhxkzmtrbww.irc) has left #techbytes ● Dec 02 [02:01] *psydruid (~psydruid@jevhxkzmtrbww.irc) has joined #techbytes ● Dec 02 [05:40] *psydruid (~psydruid@jevhxkzmtrbww.irc) has left #techbytes [05:41] *psydruid (~psydruid@jevhxkzmtrbww.irc) has joined #techbytes ● Dec 02 [07:07] *psydruid (~psydruid@jevhxkzmtrbww.irc) has left #techbytes [07:07] *psydruid (~psydruid@jevhxkzmtrbww.irc) has joined #techbytes [07:08] *u-amarsh04 has quit (Quit: Konversation terminated!) [07:14] *u-amarsh04 (~amarsh04@3f4eq2qd8h8ka.irc) has joined #techbytes ● Dec 02 [08:00] *geert has quit (connection closed) [08:15] schestowitz
[08:15] schestowitz[08:15] schestowitzSeveral weeks ago, I wrote an article that provided a basic overview of the AppArmor hardening tool, explained how it works, and showed you a practical example on how to confine and harden the Firefox browser. But wait, not just any which Firefox, but specifically the tarball version that you can download from Mozilla. I'm talking about the tar archive. Grab, extract, run.
[08:15] schestowitzSo far so good. Using the AppArmor profile (template) from my Kubuntu installation, I was able, with small modifications, to create a custom ruleset for the Firefox tar version running from my home directory. Things are fine, but there be one problem. By default, it cannot update. We shall fix that now.
[08:15] schestowitz
[08:20] schestowitz[08:20] schestowitzUpon learning that the internal dictionary of offensive words is not listed anywhere in the manual, Ben Eater had the idea to extract it himself. After a quick teardown, he discovered a single 93LC86 EEPROM chip functioning in 8-bit mode for a total of 2,048 8-bit words. He then connected an Arduino Uno to the EEPROMs SPI bus and read 16-byte chunks before dumping the contents to the serial monitor for [08:20] schestowitz further investigation.
[08:20] schestowitz
[08:21] schestowitz[08:21] schestowitzNow that we have things running properly in part 3, I figured I should work on the casing a bit. Especially since the current postal strikes in the UK mean that parts I have ordered are getting heavily delayed.
[08:21] schestowitz
[08:23] schestowitz[08:23] schestowitzSoftware is still the same mess it was when I started writing and working, or perhaps even worse. You cant overcome perverse incentives. As Cantrill once famously noted, the lawnmower cant have empathy. The truth he did not speak is that we all have some Oracle in our hearts, and the lawnmower is the size of the entire industry.
[08:23] schestowitz
[09:09] schestowitz[09:09] schestowitzThis health belt has a variety of sensors to monitor key physiological indicators, including thoracic impedance, heart rate, electrocardiogram activity, and motion activity. None of those alone would reliably correspond to upcoming heart failure without many false positives and negatives, but together they provide a clear picture. The sensor array, which is wearable and resembles a cumberbund, communicates [09:09] schestowitz via Bluetooth with the users phone. When the signs of heart failure appear, their phone can either notify them to seek medical attention or notify a third party, like a family member or doctor.
[09:09] schestowitz
[09:09] schestowitz[09:09] schestowitzCars are just computers with four wheels and an engine. Its no surprise that the software is vulnerable, and that everything is connected.
[09:09] schestowitz
[09:09] schestowitz[09:09] schestowitzA group of security researchers discovered the bug while hunting for issues involving major car manufacturers. One of the researchers, 22-year-old cyber professional Sam Curry, said that he and his friends were curious about the kinds of problems that might crop up if they investigated providers of what are known as telematic services for carmakers.
[09:09] schestowitz
[09:32] schestowitz[09:32] schestowitzPotter was a child prodigy who began a US Navy internship when he was fifteen or sixteen. At the same time, Novare, Inc was hosting some Debian infrastructure on their company servers.
[09:32] schestowitzPotter claims his software was being deployed to the USS Theodore Roosevelt (Secure Tactical Access Terminal) while at the same time, Debian records show that he was stashing WaReZ on master.debian.org, a server operated by Novare.
The case of a navy intern committing piracy is interesting for a wide range of reasons that have a lot more to do with Debian than the navy. Debian WaReZ expulsion
[09:32] schestowitz
[09:35] schestowitz[09:35] schestowitzSideloading is the act of installing software, whatever software you want, on a real computer (which includes pocket computers, like smartphones).
[09:35] schestowitzSeems simple and obvious, right? If you own a computer (or a smartphone), you should be able to install software on it.
Apple and Google both (strongly) disagree with that. While Google has allowed sideloading on Android since the beginning, they have recently begun taking steps to limit that in the future.
[09:35] schestowitz