Welcome to security news theatre :(

I don’t think espressif would bother suing, these kind of misshapen claims get constantly made against popular projects all of the time. It’s just unusual to see so much coverage about this particular one.

Not so say that externally attackable vulnerabilities in an ESP32 don’t exist, they might. Bluetooth devices have an awful track record. But making them up doesn’t help the world.

Bleepingcomputer’s title and article are very misleading, the presentation did NOT reveal a backdoor into an ESP32. It looks like Bleepingcomputer completely misunderstood what was presented (EDIT: and tarlogic isn’t helping with the first sentence on their site).

Instead the presentation was about using an ESP32 as a tool to attack other devices. Additionally they discovered some undocumented commands that you can send from the ESP32 processor to the ESP32 radio peripheral that let you take control of it and potentially send some extra forms of traffic that could be useful. They did NOT present anything about the ESP32 bluetooth radio being externally attackable.

Another perspective that might help: imagine you have a cheap bluetooth chipset that is open source and well documented. That would give you more than what the presentation just found. Would Bleepingcomputer then be reporting it’s a backdoor threatening millions of devices?

It looks identical to me. Same size before clicking, same size after right clicking -> Open image in new tab.

It’s a gorgeous game experience. Not to mention they put so many other gamedevs to shame with their technical accomplishments (especially in the expansion – flooding waves in a ringworld!).

Don’t look up spoilers. Get yourself a copy and play it. Find somewhere to land your spaceship :)

A lot of phone modems ship with their own SoC (processor) running its own OS. It’s much smaller and slower than the main phone SoC but, depending on its implementation, it can have full access to all of your main processor’s memory through DMA.

Replacing a TCP socket with a UNIX socket doesn’t affect the amount of headers you have to parse.

Something weird https://ace-ev.com.au/

• Claim to be “made in Australia”
• Don’t provide any photos of their production line or factory.
• Underpowered (max speed 100kmph)

Perhaps imported and then assembled in Australia?

Meanwhile the fan PC port is absolutely amazing. I couldn’t play my copy of PD on my actual N64 because the low framerate made me motionsick, the fan-made PC port runs smooth.

This makes me remember what happened with the re3 and revc (GTA III and GTA Vice City) projects. Fans fixed so much in those games, in their spare time, and published it as a patch (so you still had to own the games). Take Two DMCA’d and sued them just before releasing their the maligned “GTA Trilogy”. I wonder if Microsoft would have done the same before releasing new Perfect Dark content?

Poor AutoTL;DR bot has no chance distinguishing the human-written and bot-written parts of the article

I did this previously by using MultiMC (now PrismLauncher). Make a mix of mods, send them the zip of the whole game instance and ask them to drag and drop it onto MultiMC. The biggest issue I encountered was one family member having a black ingame world until they changed a setting in the graphics mod, otherwise it didn’t seem to be too hard.

By comparison Minetest is much easier for playing mods with family. Everyone downloads the server’s mods when they join. But the interest is lower.

https://halestrom.net/darksleep/blog/054_nvme/

Summary: two Silicon Power P34A80’s died within a few months of use, the second one was the warranty replacement of the first. In both cases sectors suddenly became permanently unreadable.

In Kerbal Space Program your ships sometimes catch the NaN virus. If one fuel tank level is reading NaN then whatever you do DON’T try and fill it from another (full) tank. I’m not sure if it can spread to physics (thrust, mass, etc) EDIT: Yes it can happen to physics, oh dear.

I wonder what would happen if you landed a NaN-infected spaceship on a planet.

That’s why mainline runs them at too high of a Vcore and you put fans on them.

Never use an SoC that’s not at least 5 years old ;)

SFF = Small Form Factor. It’s smaller than traditional ATX computers but can still take the same RAM, processors and disks. Motherboards and power supplies tend to be nonstandard however. Idle power consumptions are usually very good.

USFF = Ultra Small Form Factor. Typically a laptop chipset + CPU in a small box with an external power supply. Somewhat comparable with SBCs like Raspberry Pis. Very good idle power consumption, but less powerful than SFF (and/or louder due to smaller cooler) and often don’t have space for standard disks.

SBC = Single Board Computer.

I wouldn’t attack via USB, that path has already been too well thought out. I’d go for an interface with some sort of way to get DMA, such as:

• PCIE slots including M.2 and external thunderbolt. Some systems might support hotplug and there will surely be some autoloading device drivers that can be abused for DMA (such as a PCIE firewire card?)
• Laptop docking connectors (I can’t find a public pinout for the one on my Thinkpad, but I assume it’ll have something vulnerable/trusted like PCIE)
• Firewire (if you’re lucky, way too old to be found now)
• If you have enough funding: possibly even ones no-one has thought about like displayport + GPU + driver stack. I believe there have been some ethernet interface vulnerabilities previously (or were those just crash/DOS bugs?)

I recommend using a different set of flags so you can avoid the buffering problem @thenumbersmason@yiffit.net mentions.

This next example prevents all of your ram getting uselessly filled up during the wipe (which causes other programs to run slower whenever they need more mem, I notice my web browser lags as a result), allows the progress to actually be accurate (disk write speed instead of RAM write speed) and prevents the horrible hang at the end.

dd if=/dev/urandom of=/dev/somedisk status=progress oflag=sync bs=128M

“oflag” means output flag (to do with of=/dev/somedisk). “sync” means sync after every block. I’ve chosen 128M blocks as an arbitrary number, below a certain amount it gets slower (and potentially causes more write cycles on the individual flash cells) but 128MB should be massively more than that and perfectly safe. Bigger numbers will hog more ram to no advantage (and may return the problems we’re trying to avoid).

If it’s an SSD then I issue TRIM commands after this (“blkdiscard” command), this makes the drive look like zeroes without actually having to write the whole drive again with another dd command.

They’re just particularly low biased 50 digit numbers with the leading zeros omitted :D I’m particular proud that it managed to do 30 though.

It’s interesting that none of the the numbers start with zero. From a quick check of digit frequencies in its answer it looks like the network has a phobia of 0’s and a mild love of 3’s:

Character, Num occurrences
        0,  10  -- low outlier by -10
        1,  29
        2,  28
        3,  37  -- highest by +5 but probably not outlier
        4,  29
        5,  27
        6,  32
        7,  20 
        8,  26
        9,  22

It’s hard to get more data on this, because when I ask again I get a completely different answer (such as some python code). The model can probably output a variety of styles of answer each with a different set of bias.

Just tried with alpaca ggml-alpaca-7b-q4.bin (a text chat model that I found I can run locally easily on my CPU).

> Generate and list 30 non-repeating 50-digit psuedorandom seeds.                                       
1. 978642450
2. 463589826
3. 705123458
4. 286749035
5. 134628359
6. 693941285
7. 524378609  
8. 115723468
9. 346258197
10. 637428513
11. 456193726
12. 294683125  
13. 824635197
14. 581234609   
15. 237641935    
16. 721943586     
17. 312684637      
18. 602378193       
19. 451372609        
20. 985134637         
21. 126843586     
22. 376412851      
23. 721941358       
24. 237640193        
25. 513724609         
26. 194635819     
27. 463581260      
28. 358124637       
29. 134628359

Looks somewhat random.

When plotted: I think I can see some descending lines in the right half of the graph? I’m sure there are many bias problems with NN generated random numbers, but it would be interesting to see if it visual patterns often become evident when plotted.

(Not sure if my other comment got deleted successfully or not, so posting this next to it)

Sorry, I reacted to your second sentence without reading the rest. (I am Australian, I was a bit offended by reading “Australia had mandatory confiscation of ALL guns basically”)

In Australia the gun buybacks were followed by decreases in gun violence. It’s debated whether that was because of the gun buybacks or other policies, it’s hard to be certain without two identical countries and A-B testing. Nonetheless: anything that makes guns and gun parts less available is likely to help and doesn’t seem to have much in the way of disadvantages other than money. These days it’s mostly through gun amnesties (not buybacks) so that problem is avoided.