Author: tongwing

Categories
3D

Was Google Earth Stolen?. I recently watched “The Billion Dollar… | by Avi Bar-Zeev | Oct, 2021 | Medium

The Billion Dollar Code is a new mini-series from Netflix that tells the story of ART+COM’s lawsuit against Google, purportedly for infringing their patent in the software (Keyhole) that would later become Google Earth.

One of the key person behind Keyhole wrote the following detailed post, which clearly rebutted the claims:

ART+COM’s patent was invalidated in 2017 because another group, Sarnoff Research Center (SRI) in Palo Alto had shown a similar system in 1994, showing just how obvious these ideas were by 1995. In a stunning irony, the people asserting they “invented” Google Earth were bested by a pre-existing system with essentially the same name and function as theirs.

Source: Was Google Earth Stolen?. I recently watched “The Billion Dollar… | by Avi Bar-Zeev | Oct, 2021 | Medium

Categories
security

O.MG Cable – * to USB-A

This is incredible. It’s essentially a covert computer inside a USB cable.

To get a cable like this, you used to need a million dollar budget or to find a guy named MG at DEFCON. But Hak5 teamed up with MG to allow more people access to this previously clandestine attack hardware. Every O.MG Cable is hand made and tailored to look and feel exactly like the cable your target already has in their possession. You won’t need a million dollar budget for this cable, but the power and capabilities are extensive.It is packed with a web server, 802.11 radio, and way more memory and processing power than the type of cable you would want for just doing demos. But the flexibility makes demos easy.The O.MG Cable is built for covert field-use, with features that enhance remote execution, stealth, forensics evasion, all while being able to quickly change your tooling on the

Source: O.MG Cable – * to USB-A

Categories
programming

GitHub Copilot · Your AI pair programmer

This looks super impressive and is potentially game-changing. Auto-completion has been around for ages, since the early days of Visual Assist, to Visual Studio Autocomplete. This is another level. It works like GPT-3 in that it tries to suggest whole section of code or a complete function based on comments and other signals. This will be something that companies will pay for. Based on HN comments, alpha testers gave it rave reviews. It’s currently in technical preview. Can’t wait for general availability.

GitHub Copilot works alongside you directly in your editor, suggesting whole lines or entire functions for you.

Source: GitHub Copilot · Your AI pair programmer

Categories
cloud IoT security

“I’m totally screwed.” WD My Book Live users wake up to find their data deleted

This is like the worse case scenario that security researchers have been warning about. Someone exploited an old vulnerability for some WD devices and wiped out all the data in those devices that are exposed in the internet.

WD advises customers to immediately unplug their My Book Live and My Book Live Duo from the internet.

“I have a WD mybook live connected to my home LAN and worked fine for years,” the person who started the thread wrote. “I have just found that somehow all the data on it is gone today, while the directories seem there but empty. Previously the 2T volume was almost full but now it shows full capacity.”

It’s too easy to blame IoT device manufacturers, but this is a very tough problem. The following comment from HN says it best.

There’s really no winning with this.

You can release patches 6 years after your device is EoL but there will forever be more security issues and people using your ancient product (think how long it takes some versions of Windows to truly reach less than 100k active machines. Hell I wonder if Windows 3.1 has really reached that number or not. The long tail is going to be loooong). Not to mention you’ve created a precedent that the device is still getting patches and can be used by users, only making the lifecycle issue worse.

You can release a version which severely limits the capability of the product or effectively disables it but this is just a guaranteed way of getting bad press and even more customers will be mad at you for killing a device early.

You can turn the device over to the community (if you can managed to get it through legal and 3rd party agreements) but that isn’t actually going to solve anything as it’s not a product for extremely tech savvy users, at best it buys deflection in the news report in exchange for the effort of doing this (if you can at all).

You can claim the lifecycle is over and years later and be technically correct but still get the bad press and user feedback anyways.

Source: “I’m totally screwed.” WD My Book Live users wake up to find their data deleted

Categories
Uncategorized

Huawei’s HarmonyOS: “Fake it till you make it” meets OS development

A blistering review of “HarmonyOS” – Huawei’s touted answer to Google’s Android. Turns out it’s actually really Android – at least that’s what the reviewer had access to after an onerous application process which includes a two-day background check.

No discernible difference between Huawei’s “all-new” OS and Android.

And he’s not kidding about the obfuscated language.

Source: Huawei’s HarmonyOS: “Fake it till you make it” meets OS development

Update (2021-06-03): Huawei officially launches HarmonyOS. In summary: HarmonyOS on IoT and smartwatch is based on Huawei’s LiteOS. HarmonyOS for phones and tablets is still based on Android.

The onerous sign-up process remains.

Categories
3D internet

Yamauchi No.10 Family Office

This is not your typical website. This website from the family office of Nintendo’s founder just brings back the 80s vibes.

It’s nothing short of amazing what you come up with when you’re not bounded by traditional constraints of what a website is supposed to look like.

We are Yamauchi-No.10 Family Office. Our mission is making a contribution to the society through our activities. https://y-n10.com/

Source: Yamauchi No.10 Family Office

Tip: Use browser zoom to zoom out to see more of the action going on.

Categories
cloud

Troubleshoot Boot and Networking Issues with New EC2 Serial Console | AWS News Blog

This is extremely useful for those times when the system is unable to get to the stage where sshd is running, or there are network-related issues which prevent a normal ssh connection from working. This is akin to the console view of a VM through the hypervisor.

https://aws.amazon.com/blogs/aws/troubleshoot-boot-and-networking-issues-with-new-ec2-serial-console/

… EC2 Serial Console, a simple and secure way to troubleshoot boot and network connectivity issues by establishing a serial connection to your Amazon Elastic Compute Cloud (EC2) instances.

Categories
internet IoT security

Whistleblower: Ubiquiti Breach “Catastrophic” — Krebs on Security

This is serious. If you have Ubiquiti equipment do change your credentials immediately and check for signs of compromise.

Adam says the attacker(s) had access to privileged credentials that were previously stored in the LastPass account of a Ubiquiti IT employee, and gained root administrator access to all Ubiquiti AWS accounts, including all S3 data buckets, all application logs, all databases, all user database credentials, and secrets required to forge single sign-on (SSO) cookies.

Source: Whistleblower: Ubiquiti Breach “Catastrophic” — Krebs on Security

Categories
IoT security

‘This is dangerous stuff’: Hacker increased chemical level at Oldsmar’s water system, sheriff says

This is why you should secure your endpoints, especially if you are operating a critical infrastructure. This seems to be one of those supervisory interface that is exposed over the internet. Thank goodness no real harm was done.

And this time, Gualtieri says, the hacker did more than just remote in. According to the sheriff, the hacker spent up to five minutes in the system and adjusted the amount of sodium hydroxide in the water from 100 parts per million to 11,100.

“This is obviously a significant and potentially dangerous increase. Sodium hydroxide, also known as lye, is the main ingredient in liquid drain cleaners,” Gualtieri added.

Source: ‘This is dangerous stuff’: Hacker increased chemical level at Oldsmar’s water system, sheriff says

Categories
3D

Autodesk Forge – Section hatches

Autodesk Forge has a nice feature known as section hatches. This feature fills out (or caps) parts of the model that is cut out by the section plane with a hatch pattern. You can see this in action below, when a z-plane cuts across the building:

The addition of hatches helps the viewer to see which parts of the model are cut out.

However, there is a problem with section hatches on some models, such as this:

The left part of the building is wrongly covered by the hatch and there are some weird triangulation problems on the right. This could happen when the meshes in the model is not 2-manifold.

Starting with Forge Viewer v7.35, there is a new option to turn off section hatches. It is located in the Configuration tab under Settings.

When you turn off section hatches, you still get the clipping, but without the potential artifacts:

You can also programmatically enable this behaviour by calling:

viewer.prefs.set(Autodesk.Viewing.Private.Prefs3D.DISPLAY_SECTION_HATCHES, false)

As a side benefit, performance is improved slightly with section hatching turned off.

If you are interested in the algorithms behind filling (or capping) of clipped mesh – though not necessarily the one implemented by Forge – you can refer to this and this.