𝒍𝒆𝒎𝒂𝒏𝒏

Hey 👋 I’m Lemann

I like tech, bicycles, and nature.

Dancing Parrot wearing sunglasses

  • 2 Posts
  • 459 Comments
Joined 1 year ago
cake
Cake day: June 6th, 2023

help-circle




  • It kinda depends on the setup I think, especially when vlans and firewalls are involved, you’d likely need additional payloads to make further progress in that kind of environment IMO. Something granting persistent remote access to the compromised machine would be the most ideal option.

    As always physical access is pretty much game over though lol.

    My cams are only accessible via an authenticated endpoint hosted on a dedicated machine, which acts as a “bridge” between the VLAN that the cameras are on (no internet access), and another VLAN hosting internal services, like home assistant, plex etc.

    Aside from physical access, the only way to access the cams (that I can think of) would be via some exploit in Home Assistant, or by brute forcing the password to (any of) my network switches to access the management VLAN, changing the VLAN the cameras are set on to something else (bypassing the routing, firewall setup, and auth “bridge” entirely). Or maybe just exploiting the bridge machine directly and dropping a payload to forward the cams out to the net via the services VLAN

    With physical access, you could chop up the PoE for an external camera and using that as an ingress point - but you’d only have access to the cameras and the bridge machine unless you exploited that too. At this point the zabbix client on the bridge machine would have notified me that a camera’s dropped off the network, unless you dropped a payload to force it to return a good status lol

    Does sound like a very fun exercise though tbh







  • With the fake parts scandal for airplanes I wonder if this should be mandatory for parts that impact public safety for public transport like trains, buses, planes and so on.

    Airplanes are vastly more complex though. Four engines, flying at extremely high altitudes at hundreds of km/h, fully airtight, powerful onboard generators, food prep areas, bathroom etc, extensive ethernet networking for the small IFE units and WiFi access points, list goes on…

    Whereas a train doesn’t have anything close to that, even the high speed ones with all the bells and whistles, so I think it would be a bit unreasonable to expect them to be held to the same standards as an airplane.

    The only train I’d suggest an exception for would be a maglev though - OEM parts only there please, especially for traction and em equipment 😳

    Dont get me wrong, I want a full right to repair enshrined in law and using a system like this just to prevent it is clearly wrong, but if it could be adapted to allow for critical parts to be made under license by third parties and helped prevent fake parts then may be a small amount of good can come from this shitty practice.

    Some independent validation of the manufacturing materials, their grade and assembly quality could work well here, since I’m not too sure if blindly trusting the parts manufacturers would be a great idea as long as they have profits in mind




  • If MIT AppInventor is still kicking around, you should be able to use it for this… although sadly you won’t have access to the source code since it’s a Scratch-like way to create apps.

    By default the Android voice assistant uses Google tech AFAIK, if you’re after a truly source-available solution then there’s ”Futo voice input" to handle STT, and “RHVoice” to handle TTS - though these would still need a HTTP API bridge to do what you want



  • Honestly I think developers should just use push notifications to tell the app to directly fetch the notification contents from their server, rather than sending the contents of the notification using push, where it is stored by Apple/Google.

    Or do what Element and Syncthing do, which is bypass that entire Google push infrastructure (FCM, formerly GCM?) and connect directly to their own ones instead - at the expense of some additional battery consumption, particularly when there’s poor cell service. Due to iOS restrictions on background apps, this probably isn’t possible on that platform?

    Edit: add clarification


  • In the rural areas near where I am, gigabit fiber in underfunded areas is being installed, but sadly a vocal minority of residents keep burning up and sawing down the new fiber internet poles.

    Of course we don’t hear about the good news from areas where it’s installed drama free, but the bad news where something goes terribly wrong is the one that sticks, and affects the general public’s impressions of a particular area or stereotype 😒

    Admittedly the pole installation method for this is quite odd though, maybe a cost saving measure as usually it’s done underground


  • This only really happens when fuckcars posts show up on /all IMO, where some of the more extreme opinion holders are more vocal.

    Fuck cars means fuck car dependency, i.e. places designed specifically for cars: no sidewalks, no bus, no train, no safe bicycle or light motorized assistive vehicle infrastructure available - you need a car for everything, or stay trapped at home.

    It doesn’t mean fuck cars literally.

    It’s pretty well known that rural areas, by design, require cars and motorbikes to travel out of them - a train is ideal, but good luck convincing anyone to finance that kind of project. A bicycle could work well for moving around town though depending on how safe it is, saving some wear and tear from your vehicle



  • One would think that by now, these companies would have built up enough training data to no longer require human intervention?

    Is their existing “AI” tech just your usual old chatbot, except with a STT and TTS so it’s usable at a drive thru? The article only mentions that they started recently using ChatGPT to assist with speech recognition… so unless I missed it, there’s no mention of their current tech using LLMs at all - just another company trying to climb on board the AI hype train 🤦‍♂️

    Presto said that off-site workers based in places like the Philippines that assist the chatbots will becoming [sic] increasingly expensive, Bloomberg reported.

    Good. People in countries who aren’t so well off shouldn’t be exploited as cheap & disposable call center labor IMO.