• 19 Posts
  • 71 Comments
Joined 1 year ago
cake
Cake day: June 13th, 2023

help-circle
  • Apple has a long history of working against right to repair and third party repair shops. This includes making it difficult for third parties to source the parts needed and changing the designs to requiring part pairing in the name of security. It got to the point where repair shops were buying broken Apple products so they could hopefully source the parts needed.

    Looking through what they provided now, it’s basic stuff any third party repair shop could do if they could source the parts. It’s useful. However good electronic technicians can go beyond that and do board level repairs. But that requires schematics and diagrams. A lot of times they would have to get those through other parties who in turn got them through less than official means or violated NDAs.

    Guess what Apple isn’t providing? Board level information. This is just doing the minimum the law requires them to do.

    Bonus: Louis Rossmann talks about Apple’s history of right to repair [10 minute video]








  • That depends. Are you looking at preserving the music without loss of information? Then you need to use a lossless format like flac. Formats like aac, mp3, opus can throw away information you’re less likely to hear to achieve better compression ratios. Flac can’t, so it needs more storage space to preserve the exact waveform.

    You can use a lossy format if you want. On most consumer level equipment, you probably won’t notice a difference. However, if you start to notice artifacting in songs, you’ll need to go back to the originals to re-rip and encode.




  • Bluetooth has one of the largest network stacks. It’s bigger than Wifi. This means some parts of the stack probably aren’t tested and may have bugs or vulnerabilities. It has duplicate functionality in it. This opens up the possibility that flaws in how different parts interact could lead to vulnerabilities or exploits.

    A number of years ago some security researchers did an analysis of the Windows and Linux stacks. They found multiple exploitable vulnerabilities in both stacks. They called their attack blue borne, but it was really a series of attacks that could be used depending on which OS you wanted to target. Some what ironically, Linux was more vulnerable because the Linux kernel implemented more of the protocol than Windows.


  • There’s talk on the Linux kernel mailing list. The same person made recent contributions there.

    Andrew (and anyone else), please do not take this code right now.

    Until the backdooring of upstream xz[1] is fully understood, we should not accept any code from Jia Tan, Lasse Collin, or any other folks associated with tukaani.org. It appears the domain, or at least credentials associated with Jia Tan, have been used to create an obfuscated ssh server backdoor via the xz upstream releases since at least 5.6.0. Without extensive analysis, we should not take any associated code. It may be worth doing some retrospective analysis of past contributions as well…









  • Tom’s Guide has shit reporting. This was the same site that repeated the bogus DDoS smart toothbrushes story. And they’re at it again with more sensationalism.

    From something more reputable:

    The use of the victims’ faces for bank fraud is an assumption by Group-IB, also corroborated by the Thai police, based on the fact that many financial institutes added biometric checks last year for transactions above a certain amount.

    It is essential to clarify that while GoldPickaxe can steal images from iOS and Android phones showing the victim’s face and trick the users into disclosing their face on video through social engineering, the malware does not hijack Face ID data or exploit any vulnerability on the two mobile OSes.

    More from bleeping computer:

    A new iOS and Android trojan named ‘GoldPickaxe’ employs a social engineering scheme to trick victims into scanning their faces and ID documents, which are believed to be used to generate deepfakes for unauthorized banking access.

    Now, don’t get me wrong, you should take malware and social engineering attacks seriously. But get your information from sites that do real security journalism.