I just re-read the article and yes, you still need physical access.
The exploit is one that bypasses OS protections to writing to the firmware. In otherwords, you need to get the device to run a malicious piece of code or exploit a vulnerability in already running code that also interacts with the bluetooth stack.
The exploit, explicitly, is not one that can be carried out with a drive-by Bluetooth connection. You also need faulty software running on the device.
I think we are basically already there with ESPs :D.
Security wise, unless you are being specifically targeted by someone, you are almost certainly fine. And if you are being specifically targeted, I think someone hacking your ESPs is the least of your worries. A malicious attacker that knows your physical location can do a lot more scary things than just spying through ESPs.
You’re fine. This isn’t something that can be exploited over wifi. You literally need physical access to the device to exploit it as it’s commands over USB that allow flashing the chip.
This is a security firm making everything sound scary because they want you to buy their testing device.
if money had an expiration date.
That’d just lead into investment into non-monetary things. For example, buying precious metals or bonds or stocks or property and selling them as needed.
To actually fix problems with wealth disparity, you need a wealth or property tax.
This is mythical thinking. Frankly, there’s just not that many products that need inventing, particularly that need a factory. We are past the era where a revolutionary bread slicer will change society. Most of the actual advancements we are seeing come from grants into general scientific research. Not from some lone Einstein with a vision.
What actually is happening is some of these discoveries are very good and they ultimately get scooped up and patented by some corporate entity that thought the research was marketable.
Recognizing that reality, that innovation basically never comes from the founders of a company, should really lead you to understand what’s broken about the US economy.
They do not have the votes. There’s still the filibuster in the senate and unless they are willing to blow that up (they likely aren’t) this bill will be dead in the senate.
Yeah, the problem (imo) isn’t lossy v lossless. It’s that the supported codecs are part of the Bluetooth standard and they were developed in like the 90s.
There are far better codecs out there and we can’t use them without incompatible extensions on Bluetooth.
This is what kills the ADFs and Israeli whining on antisemitism.
They’ll call any statement saying Palestinians aren’t disposable refuse antisemitic. Yet, when a guy they like does literal Nazi salutes while quote tweeting shit from the protocols of the elders of Zion “oh he’s just having fun”.
These are the most antisemitic organizations on the planet. They don’t care about protecting Jews, they care about protecting Israel and will gladly allow an antisemite propagandist in their ranks if it furthers that cause.
Wysiwygs were all the rage in the late 90s early 00s with a promise that the hard part of development was actually just doing the layout.
Tools like frontpage have been tricking incredulous entrepreneurs that programming is easy since at least then.
The amount of power AI and Crypto require is orders of magnitude the amount of power required by pretty much any regular application. The company I work at uses somewhere around 2000 CPU cores worth of compute at AWS (and we have ~100 microservices. We are a fairly complex org that way).
Generally speaking, an 80CPU core system takes up ~200W worth of power. That means my companies entire fleet operating eats about 5kW of power when running full bore (it isn’t doing that all the time). My company is not a small company.
Compare that to what a single nvidia A100 eats up. Those GPUs take up to 400W of power. When doing AI/crypto stuff you are running them as hard as possible (meaning you are eating the full 400W). That means just 12 AI or crypto apps will eat all the same amount of power that my company with 100 different applications eats while running full bore. Now imagine that with the model training of someone like chatgpt which can eat pretty much as many GPUs as you can throw at it.
To put all of this in perspective. 5kW is roughly what a minisplit system will consume.
Frankly, I’m way more concerned about my companies travel budget in terms of CO2 emissions than I am our datacenter usage.
And I’ll bet roughly 50->90% of that usage is idiots doing crypto/ai garbage.
It’s racist.
They are literally only doing this because it’s protests for Palestinians. When you put negative attributes on an entire group of people based solely on their race, we call that racism.
These CNN bigots are every bit as bad as the lynch mobs killing black people because a white woman said they raped her.
usr does mean user. It was the place for user managed stuff originally. The home directory used to be a sub directory of the usr directory.
The meaning and purpose of unix directories has very organically evolved. Heck, it’s still evolving. For example, the new .config directory in the home directory.
Why so many? Its resolution is 16000 x 16000 which is a lot but also not that much. Is it doing more than just video output?
It does not work like that.
The problem with such statements is the energy costs are nowhere near fixed. The amount of energy needed to play a song on my iPod shuffle through a wired headset is wildly different from the power needed to play that same song on my TV through my home theater equipment.
The same is true on the backend. The amount of power Google spends serving up a wildly popular band is way less than what they burn serving up an unknown Indy band’s video. That’s because the popular band’s music will have been pre-optimized by Google to save on bandwidth and computing resources. When something is popular, it’s in their best interests to reduce the computational costs (ie power consumption) associated with serving that content.
I’d rather an easy to manipulate person in office than an explicitly corrupt suit.
But beyond that, wealth and prestige isn’t granted to people based on intelligence or capability. There are plenty of smart capable people that have had lives far more relatable to the average person.
We have more than a few examples of idiot million and billionaires.
Anyone who’s name ends with “the third” should not be allowed to run for office.
Also anyone that calls themselves The X king should be banned from office… Heck, anyone that’s ever owned a business of any sort should be banned from office. These are people not representative of the general public.
This, btw, is why CVE scores are insane at times.
The vulnerability is that when spawning a new process which is a bat file you need special treatment of the arguments to avoid spawning a second process.
So you need a rust program setup to spawn other processes which also somehow forwards unparsed user input into those processes and is executing a bat file.
There’s a reason nobody has fixed this, it’s because it’s an insane setup that affects basically no rust programs.
Just reread it and no, it’s not a BT vulnerability. The “erase flash” command is something that has to be done by software running outside the BT stack. You can even see that inside the slides. The
UsbBluetoothsoftware is connected to the device with the flawed bluetooth chipset.The vulnerability is that if you have this chipset and compromised software, someone can flash the chipset with compromised flash. They even say that it’s not an easy attack to pull off in the article.
In otherwords, the attack is something that can only be pulled off if there’s also a security vulnerability within other parts of the hardware stack.