This week Jonathan Bennett and Katherine Druckman chat with Steve Seguin about VDO.Ninja and Social Stream Ninja, tools for doing live WebRTC video calls, recording audio and video, wrangling comments on a bunch of platforms, and more!
Continue reading “FLOSS Weekly Episode 787: VDO Ninja — It’s A Little Bit Hacky”
Microsoft is racing to get into the AI game as part of Windows 11 on ARM, calling it Copilot+. It’s an odd decision, but clearly aimed at competing with the Apple M series of MacBooks. Our focus of interest today is Recall, a Copilot+ feature that not only has some security problems, but also triggers a sort of visceral response from regular people: My computer is spying on me? Eww.
Yes, it really sort of is. Recall is a scheme to take screen shots of the computer display every few seconds, run them through character recognition, and store the screenshots and results in a database on the local machine hard drive. There are ways this could be useful. Can’t remember what website had that recipe you saw? Want to revisit a now-deleted tweet? Is your Google-fu failing you to find a news story you read last week? Recall saw it, and Recall remembers. But what else did Recall see? Every video you watched, ever website you visited, and probably some passwords and usernames you typed in.
Continue reading “This Week In Security: Recall, Modem Mysteries, And Flipping Pages”
[Xander Naumenko] is back with another bonkers project. This is the same creator that built a working 32-bit computer inside a Terraria world. This time it’s a bit more physical of a creation: a self-playing foosball table.
We’re not sure of the impetus for this idea, but we’re delighted to see the engineering it took to make it work. It sounds so simple. It’s just servos mounted on linear actuators, right? Oh, and some computer vision to determine where the ball actually is on the table. And the software to actually control the motors, pass the ball around, and play offense and defense. So maybe not so simple. All the code and some other resources are available under the MIT license.
As to while the claim of “best” foosball robot has an asterisk? That’s because, although we’ve seen a few potential competitors over the years, there isn’t yet a world foosball competition. We’re hoping that changes, as a tournament of robots playing foosball sounds like a sports event we’d show up for!
Continue reading “Foosbar: The World’s Best* Foosball Robot From Scratch”
This week Jonathan Bennett and Rob Campbell chat with Brodie Robertson about Linux, Wayland, YouTube, Microsoft’s Windows Recall and more. Is Linux ready for new users? Is Recall going to kick off a migration? All this and more!
Continue reading “FLOSS Weekly Episode 786: What Easy Install Script?”
This week saw an impressive pair of takedowns pulled off by law enforcement agencies around the world. The first was the 911 S5 botnet, Which the FBI is calling “likely the world’s largest botnet ever”. Spreading via fake free VPN services, 911 was actually a massive proxy service for crooks. Most lately, this service was operating under the name “Cloud Router”. As of this week, the service is down, the web domain has been seized, and the alleged mastermind, YunHe Wang, is in custody.
The other takedown is interesting in its own right. Operation Endgame seems to be psychological warfare as well as actual arrests and seizures. The website features animated shorts, a big red countdown clock, and a promise that more is coming. The actual target was the ring that manage malware droppers — sort of middlemen between initial shellcode, and doing something useful with a compromised machine. This initial volley includes four arrests, 100+ servers disrupted, and 2,000+ domains seized.
The arrests happened in Armenia and Ukraine. The messaging around this really seems to be aimed at the rest of the gang that’s out of reach of law enforcement for now. Those criminals may still be anonymous, or operating in places like Russia and China. The unmistakable message is that this operation is coming for the rest of them sooner or later. Continue reading “This Week In Security: Operation Endgame, Appliance Carnage, And Router Genocide”
This week Jonathan Bennett chats with Dennis and Goran about EEZ, the series of projects that started with an Open Source programmable power supply, continued with the BB3 modular test bench tool, and continues with EEZ Studio, a GUI design tool for embedded devices.
Continue reading “FLOSS Weekly Episode 785: Designing GUIs And Building Instruments With EEZ”
There was something of a mystery this week, with the c.root-servers.net root DNS server falling out of sync with it’s 12 siblings. That’s odd in itself, as these are the 13 servers that keep DNS working for the whole Internet. And yes, that’s a bit of a simplification, it’s not a single server for any of the 13 entities — the C “server” is actually 12 different machines. The intent is for all those hundreds of servers around the world to serve the same DNS information, but over several days this week, the “C” servers just stopped pulling updates.
The most amusing/worrying part of this story is how long it took for the problem to be discovered and addressed. One researcher cracked a ha-ha-only-serious sort of joke, that he had reported the problem to Cogent, the owners of the “C” servers, but they didn’t “seem to understand that they manage a root server”. The problem first started on Saturday, and wasn’t noticed til Tuesday, when the servers were behind by three days. Updates started trickling late Tuesday or early Wednesday, and by the end of Wednesday, the servers were back in sync.
Cogent gave a statement that an “unrelated routing policy change” both affected the zone updates, and the system that should have alerted them to the problem. It seems there might room for an independent organization, monitoring some of this critical Internet Infrastructure.
Continue reading “This Week In Security: Drama At The C-Level, Escape Injection, And Audits”
