<sorear>
i'm torn between my disgust with security theatre and being Very Excited that we've finally developed mm-wave tech and closed the last gap in the usable electromagnetic spectrum
<qu1j0t3>
i *think* the only full body scanner i've had to use was at CN Tower, so far been able to avoid at airports afaicr
<qu1j0t3>
sorear: right, shame it's all wasted on theatre.but then we could think about the abuse of technology for ever fancier weapons. the waste is beyond comprehension
<sorear>
qu1j0t3: we also have mm-wave telescopes now
<zkms>
the full body scanners are annoying IMO because they dont interoperate well with trans people for obvious reasons lol
<qu1j0t3>
what are they used for sorear ?
<zkms>
also they don't directly detect energetic materials which is super frustrating
<qu1j0t3>
zkms: yeah. just more abuse for them
<zkms>
like i get why security for civil aviation is important i'm just frustrated at how much effort has gone towards promoting/deploying this trivially-bypassable technology rather than things that can actually like...detect explosives
<q3k>
my two main issues are a) stop using porn scanners b) stop understaffing security checkpoints
<q3k>
both points are generally met in europe
<q3k>
on flights from the US though, ugh
<q3k>
or from PEK last time I was there
<rqou>
I've in general had good experiences in Europe
<TD-Linux>
london now has those crazy iris scanners
<rqou>
I've never had problems in China either, but i usually don't fly in
<zkms>
TD-Linux: oh yah i was at gatwick and i saw those iris-at-a-distance cameras
<qu1j0t3>
oh, is that what they are?
<q3k>
zkms: they don't even interoperate with me putting my hair up as a guy
<q3k>
zkms: don't remember where it was, but I didn't opt out and someone had to pat down my man bun
<q3k>
zkms: these things are fucking stupid
<sorear>
can we like, balance "security" with "make flying attractive enough to the general population that they don't make vastly more dangerous 12 hour road trips"
<qu1j0t3>
they're the ones with the intimidating-dystopia circling leds pattern?
<TD-Linux>
yes, the led pattern is to get you to look straight into them
<zkms>
the spinning white LEDs around the camera aperture (meant to literally trick you into looking at the camera) are legit fucking dystopian
<q3k>
sorear: i can't wait to move to a country that has rail connectivity
<q3k>
sorear: just 5 more days
<rqou>
iirc HK/SZ have been deploying new biometric stuff recently
<rqou>
the existing fingerprint/face recognition seems to work correctly for me
<q3k>
yeah i've also gotten face recognition stuff in PEK
<rqou>
but then I'm Chinese so maybe the algorithm works better :P
<q3k>
on arrival you have these kiosks where you plop your passport in, look at the thing
<q3k>
and then you get a piece of receipt paper saying 'OK'
<q3k>
(no authenticating marks or anything)
<zkms>
i wonder if theres ways to use nonconventional stuff like low-field NMR to do energetic material detection
<sorear>
pretty sure post-9/11 excess road deaths from marginal travelers exceed the death toll of the actual incident
<q3k>
sorear: not to mention the casualties on, you know, the war in afghanistan and iraq
<q3k>
and syria now, too.
<sorear>
i'm also waiting for what US trains exist to become security hell
<sorear>
*that* is a well-documented 6 digit number
* sorear
isn't quite sure where they'd *put* a checkpoint at south station, but they'll find a way
<zkms>
in LA they are pointing mm-wave scanners (idk if passive or active, i think they may be the former) at random people in some metro stations welp
<zkms>
i remember one day in the early 10's (i think it was like 2013) when i walked through KDEN and they were running a super similar mm-wave thingie just pointed at people in the security line from like, an upper level of the airport lol
<sorear>
meanwhile Boston is still running rolling stock from *1945* on one line
xdeller_ has joined ##openfpga
xdeller__ has quit [Ping timeout: 246 seconds]
<sorear>
qu1j0t3: [what are they used for] stuff that neither FIR nor microwave is quite right for? http://www.almaobservatory.org/en/home/ is the most famous one
<azonenberg_work>
sorear: i prefer trains to airplanes for exactly that reason
<azonenberg_work>
although, if you have precheck then it's normally pretty fast since you just go through a metal detector instead of the scanner
<azonenberg_work>
throughput is way higher
<azonenberg_work>
and you dont have to drop shoes or do other time-consuming things
<qu1j0t3>
zkms: Ugh, well now i know
<qu1j0t3>
zkms: wouldn't it be nice to have lawmakers who'd nip that in the bud
<sorear>
tricky interaction with name changes etc though
<sorear>
lawmakers love this shit. i have no idea why
<qu1j0t3>
they do
<azonenberg_work>
campaign contributions from scanner companies
<azonenberg_work>
and of course, think of the children :p
<azonenberg_work>
Removing BS from airport security is probably political suicide in the US right now
<qu1j0t3>
yeah, but UK is no different, that's the long range iris scanners we were dsicussing
<azonenberg_work>
qu1j0t3: at least that is a "passive" technology that doesn't impede people getting to where they're going
<sorear>
i interpreted qu1j0t3's comment as being about the LA Metro
<azonenberg_work>
as opposed to things that actively slow you down
<sorear>
which I've never actually been on
<sorear>
personally I'm anxious enough about proof-of-payment
<sorear>
don't need more things I can be randomly arrested for while trying to commute
<azonenberg_work>
at least around here, transit cards are normally pretty simple to use
<azonenberg_work>
havent had any problems with fare cops
<sorear>
I don't like the idea of being one ripped pocket in the paid area away from being in very deep shit
<azonenberg_work>
Yeah thats the point of the card
<azonenberg_work>
you can keep it safely inside a wallet or something
<azonenberg_work>
never even take it out, just hip-bump the reader
<sorear>
where do you think I keep my wallet
<qu1j0t3>
azonenberg_work: ok, so what do they do with the data?
<azonenberg_work>
are your pockets so flimsy that losing your wallet from a rip is a serious risk?
<azonenberg_work>
qu1j0t3: My point is, i have less of an objection to surveillance than physical interference
<azonenberg_work>
i.e. you can watch me all you want in a public place as long as i get to do my thing
<sorear>
the probability isn't great, but when the consequences are potentially life-altering even small risks need to be considered
<azonenberg_work>
But once you start dumping out my water bottles and making me wait in long lines
<sorear>
like falling off the platform
<qu1j0t3>
i'm not a fan of either
<azonenberg_work>
Then i complain :p
<qu1j0t3>
but the point is , why are we forced to have it.
<qu1j0t3>
we should have lawmakers preventing this, not implementing it.
<azonenberg_work>
sorear: well whats the viable alternative? you have to pay for the ticket somehow
<sorear>
non-criminal sanctions (UK), gates
<qu1j0t3>
if they can do this for irises, they'll do it for faces. and a false positive is indeed going to inconvenience your flight
<rqou>
hmm I've never seen anybody have problems with proof-of-payment systems
<azonenberg_work>
If someone accused me of not paying for the ticket i'd just tell them to check the security footage of the scanner area
<azonenberg_work>
and/or look at my account logs
<azonenberg_work>
Even without the physical card, if my card was scanned at the entrance to that station 15 minutes ago
<azonenberg_work>
and i'm on video passing through
<azonenberg_work>
i doubt any prosecutor would fail to drop the case
<sorear>
you have the "talk to cops" skill, I don't
<rqou>
at least in Leipzig the ticket inspectors just looked very annoyed and made people buy tickets for all of the confused tourists who didn't speak German :P
<azonenberg_work>
qu1j0t3: well, what they do with the data is another question indeed
<azonenberg_work>
But if I have multiple IDs with my actual name on them, plus fingerprints on file with DHS that they can use to confirm i'm not the guy they want
<azonenberg_work>
it wouldn't take long to clear things up
<rqou>
you're also a cis white male gun owner :P
<rqou>
apparently people like that are gods or something
<sorear>
with a cis white name, too
<sorear>
i had an Ayyad in my high school who claimed to be on the no-fly list (and wasn't generally a braggart)
<qu1j0t3>
azonenberg_work | it wouldn't take long to clear things up // This is basically the nothing to hide argument, though.
<qu1j0t3>
azonenberg_work: Also, trends for "i'll just show them my passport" are not loking good
<azonenberg_work>
qu1j0t3: honestly i'd trust a facial recognition scanner more than an underpaid TSA agent with a set of photos in front of him
<azonenberg_work>
in terms of lower rate of false positives
<azonenberg_work>
Judging by how good they are at reading x-rays :p
<qu1j0t3>
azonenberg_work: so you'll let that in. ok. but what next? what about the principle of surveillance?
<azonenberg_work>
I have no objection to being watched in public
<qu1j0t3>
others do.
<azonenberg_work>
Or having all internet traffic logged, etc
<qu1j0t3>
because you have nothing to hide?
<azonenberg_work>
No, because all my internet traffic is either encrypted or of little value to an adversary
emeb has quit [Quit: Leaving.]
<azonenberg_work>
If i wanted to hide it, i'd have done so
<azonenberg_work>
If i didnt hide it, that is prima facie evidence that i did not care about the whole world seeing it
<azonenberg_work>
Where I draw the line is active measures like MITMing TLS connections
<qu1j0t3>
this may be mixing issues. why should we ALL be surveilled in public?
<qu1j0t3>
what's the payoff?
<azonenberg_work>
or popping shells on clients to let them read session keys, etc
<azonenberg_work>
It's not that "we should be surveilled"
<qu1j0t3>
and where were we asked to consent
<rqou>
so what happens if i sniff your TLS SNIs to try to guess what pr0n you watch? :P
<azonenberg_work>
it's "we should assume the bad guys are surveilling us and take appropriate precautions"
<azonenberg_work>
"therefore if the good guys surveil us too, we lose nothing"
<qu1j0t3>
well, i agree with that, but ultimately we need to do something about the bad guys.
<qu1j0t3>
cuz they don't have boundaries.
<azonenberg_work>
Exactly my point, though
<qu1j0t3>
for example, i just learned my irises wer e scanned at heathrow.
<qu1j0t3>
and yeah, DHS used to take my portrait and prints every time i crossed that cursed border.
<sorear>
for the 99% of the population who can't tell the difference between a Diffie-Hellman key exchange protocol and a hole in the ground, should their failure to secure their data be taken as prima facie evidence that they have no interest in securing it?
<azonenberg_work>
If you assume the russian mafia is logging all of your internet traffic with the goal of blackmailing you into doing nasty things
<azonenberg_work>
and act accordingly
<qu1j0t3>
the bad guys i am talking about ar e obviously our governments.
<azonenberg_work>
then having NSA log all your traffic exposes you to no additional risk
<azonenberg_work>
See, thats a different perspective
<qu1j0t3>
russian mafia isn't taking my prints, portrait, and irsises at borders.
<rqou>
> so what happens if i sniff your TLS SNIs to try to guess what pr0n you watch? :P
<azonenberg_work>
I worry about the people who don't have to follow the laws
<sorear>
ftr I also oppose the russian mafia logging all of your traffic
<Bike>
i don't want to have to assume that i'm being blackmailed by the russian mafia :(
<qu1j0t3>
and yeah, NSA is storing all my communications, not the russian mafia.
<azonenberg_work>
rqou: a) good luck getting data of real value from that
<qu1j0t3>
the russian mafia don't even (exist) or enter into it.
<azonenberg_work>
b) what would you do with the resulting data?
<rqou>
idk blackmail?
<azonenberg_work>
qu1j0t3: I am more worried about a foreign criminal organization, who doesnt even have to pay lip service to US law
<rqou>
although given the current administration such blackmail may no longer be effective
<azonenberg_work>
than my own government, who at least on paper is supposed to be acting in the country's best interest
<rqou>
at least not against cis white males :P
<qu1j0t3>
yeah, but THEY'RE not the ones collecting a ll this data. so why is it wrong to worry about the ones who ARE?
<azonenberg_work>
If you defend against the greater enemy, the lesser is not a risk
<sorear>
foreign criminal organizations have to pay lip service to the UDHR
<azonenberg_work>
rqou: you overestimate how much i care about such things :p
<Bike>
what if i want a government that spends more time investigating local illegal taps than taking pictures of me at the train station
<azonenberg_work>
example: If somebody tried to blackmail me with a video of me and $wife in bed, my response would be to throw it on pornhub and monetize it
<azonenberg_work>
Then send them the URL along with an ascii art middle finger
<azonenberg_work>
Your leverage is gone, what now?
<qu1j0t3>
how can you blackmail somebody over sex with his wife?
<qu1j0t3>
it's usually not his wife, just a thought
<azonenberg_work>
qu1j0t3: i was wondering the same
<Bike>
that just says you have less to hide than some people might, no?
<azonenberg_work>
qu1j0t3: if you're worried about being blackmailed don't cheat? :p
<qu1j0t3>
well, nothing-to-hide has been dismantled as a fallacy many times
<sorear>
you hold on to that in case he ever visits bizarro world where 95% of the population is gay
<rqou>
what about something like the recent al*x j*nes pr0n story?
<Bike>
i mean you could take video of me and my husband in bed and spread it around and then suddenly my car is on fire
<qu1j0t3>
Bike: indeed.
<sorear>
alex jones or kurt eichenwald: who did it better?
<azonenberg_work>
qu1j0t3: the other thing is, as someone who actually knows folks who have worked for TLAs and military etc
<qu1j0t3>
...yes?
<azonenberg_work>
They have much bigger fish to fry than harassing random people at border crossings
<qu1j0t3>
well, that's not what i'm hearing.
<qu1j0t3>
in fact border harrassment has been a thing for most of the past 20 years
<azonenberg_work>
you're missing the point
<qu1j0t3>
i've experienced it myself. it's also politically (and racially) motivated.
<sorear>
well *somebody* is harassing random people at border crossings
<azonenberg_work>
i'm talking about the analysts at NSA, not a random police academy dropout with a power trip that signed up for TSA
<azonenberg_work>
The two are not the same
<qu1j0t3>
and other dimensions.
<azonenberg_work>
I'm not saying TSA/CBP arent full of a-holes
<qu1j0t3>
azonenberg_work: You've seen what ICE has been up to right? and imagine how keen they are to share more data.
<qu1j0t3>
azonenberg_work: this isn't a bad apples problem. it's a bad policy problem.
<Bike>
or get data shared with them from other agencies that may themselves be full of non horrible people.
<qu1j0t3>
(both, but the latter is getting significantly worse)
<sorear>
d'aw, nobody took my bait
<qu1j0t3>
sorear: It was good bait
<awygle>
"I worry about the people who don't have to follow the laws" - right, the NSA.
<awygle>
or DHS or whoever
<awygle>
this doubles back nicely to my "who has the energy to care about computer security" thing
<awygle>
a belief system which says "i don't care about massive government and corporate surveillance of everything i do" and also "you shouldn't have a roku tv" is incomprehensible to me
<azonenberg_work>
awygle: what it boils down to in my threat model is, I'm not a national security threat and put a fair amount of effort into not looking like one
Ekho has quit [*.net *.split]
<azonenberg_work>
Therefore my own government is very low on my list of adversaries i'm concerned about
<awygle>
that is deeply not the point. if somebody who happens to work at the NSA decides they don't like you for whatever reason, you are fucked. governments are made of people.
<awygle>
and maybe you don't look like a national security threat, but lots of people don't look like you.
<azonenberg_work>
awygle: And if someone at the local police department decides to ambush me as I leave for work, shoot me, then unlock my safe and put one of my guns in my hand and claim i pointed it at them
<azonenberg_work>
i'm equally screwed
<awygle>
azonenberg_work: ... i mean, yes.
<azonenberg_work>
At some point you have to just trust that most people don't have murderous intentions
<awygle>
do you see me being pro cop here? lol
<azonenberg_work>
and hope you dont run into those that do :p
<Bike>
I think "how can i defend myself, assuming everything is maximally terrible" and "how can i make things less terrible" are kind of separate questions.
<awygle>
yes
<Bike>
like there are steps that can be taken to prevent cops from acting that out. those steps might not dissuade an assassin, but i still kind of want them to happen.
<azonenberg_work>
awygle: also what do you envision "someone who works for NSA" doing?
<azonenberg_work>
We're a long way from US citizens getting blown up by drone strikes on I-90
<awygle>
azonenberg_work: the NSA is a complex and possibly bad example, both TSA and DHS are much more straightforward (even ignoring ICE). NSA would frame you for <thing>, obviously.
<azonenberg_work>
a lone analyst could maybe put false information in a report but he'd need to get other people in on the conspiracy
<azonenberg_work>
More to the point, NSA intelligence is very unlikely to ever appear in court
<azonenberg_work>
They don't want to risk compromising sources and methods
<azonenberg_work>
So there's not actually THAT much they could do
<awygle>
i will cede the NSA
<azonenberg_work>
They could send a tip to the local cops to check me out, but that assumes there is something to find
Ekho has joined ##openfpga
<azonenberg_work>
and constructing sufficient evidence to fool a cop who isn't in on the conspiracy is a bit extreme
<awygle>
the next step in this argument would be trying to explain to you that everyone is doing something illegal, but the value add for doing so is zero, so i'm gonna go home and get some dinner.
<azonenberg_work>
awygle: but actually pressing charges for that involves convincing a prosecutor that you are worth it
<azonenberg_work>
and that all of the gang crime he's busy with needs to get dropped for a bit while he prepares the case
<azonenberg_work>
i remain skeptical that a random guy at a TLA could do that
<sorear>
"random guy at a TLA" is not part of my threat model
<azonenberg_work>
sorear: that was my point from the start
<sorear>
"future administration cabinet-level asks the NSA for a list of all queers" is
<azonenberg_work>
NSA would tell them to go pound san
<azonenberg_work>
sand*
<azonenberg_work>
because they are a foreign intelligence agency
<azonenberg_work>
FBI would be the ones you'd have to worry about
<azonenberg_work>
If they asked NSA for a list of all queers in another country, i could see that
<sorear>
so you don't think there's any possibility the NSA's dataset of domestic packet captures will ever be turned over to the FBI?
<azonenberg_work>
Pretty unlikely, they wouldn't trust FBI with them :p
<zkms>
they discard a lot of stuff
<azonenberg_work>
But honestly if a cabinet-level guy decides he doesnt like you you're screwed no matter what
<azonenberg_work>
And that too, yes
<zkms>
like the only way internet-based SIGINT works is by layers and layers of throwing shit away
<zkms>
the data rates are far too high
<azonenberg_work>
legally they arent supposed to keep data related to US people outside of an active investigation (like that us person talking to a target in another country)
<sorear>
also my morals don't factor other people's citizienship or country of residence into what natural rights I think they have
<azonenberg_work>
Does some stuff get missed? i'm sure
<zkms>
like they probably have buildings full of hard drives filled with ciphertext waiting for quantum computers that can break RSA or elliptic curve crypto but they can't store *everything*. they have to discard.
<azonenberg_work>
zkms: exactly
<awygle>
my threat model basically includes everyone in a position of authority over me. which I recognize is not the healthiest attitude but seems more and more justified every day
<azonenberg_work>
awygle: well my survival-oriented policy includes things like "not making enemies of people in positions of power" :p
<azonenberg_work>
Things like, don't join a political party
<azonenberg_work>
Don't go to protests or join controversial groups
<awygle>
I am not a member of any political party, nor do I go to protests or join controversial groups. I don't accept a world where those precautions are necessary as good or inevitable though.
<awygle>
I will now try for the second time to exit this conversation. I am not great at this lol
* awygle
talks too much
genii has quit [Remote host closed the connection]
unixb0y has quit [Ping timeout: 240 seconds]
unixb0y has joined ##openfpga
ayjay_t has quit [Read error: Connection reset by peer]
ayjay_t has joined ##openfpga
ayjay_t has quit [Read error: Connection reset by peer]
ayjay_t has joined ##openfpga
<pie_>
TIL chinese green lasers should have infrared filters and do not, fuq, the surprising part isnt that they dont have infrared filters, its that I didn't know they would need them
<rqou>
lool
<pie_>
wonder if I damaged my eyesight any with secondary reflections. I've only had "5mwW" stuff but apparently who knows that the IR emissions are
<rqou>
yet another victim of the chinese shitty dpss lasers :P
<zkms>
arent some green lasers made by IR diode pumping Nd:YAG and then freq-doubling?
<rqou>
yes exactly
<sorear>
doesn't one of you have relevant experience
<rqou>
i don't work much with lasers but i do have laser safety goggles specifically for these frequency-doubled Nd:YAG systems
azonenberg_work has quit [Ping timeout: 252 seconds]
rohitksingh_work has joined ##openfpga
futarisIRCcloud has joined ##openfpga
<whitequark>
wow, this conversation was a trainwreck
Bike has quit [Quit: Lost terminal]
azonenberg_work has joined ##openfpga
<azonenberg_work>
rqou: i've seen dpss tripled uv lasers too
<azonenberg_work>
3-mode 1064, 532, 354 nm
<azonenberg_work>
like the one ioa has on their microscope
azonenberg_work has quit [Ping timeout: 240 seconds]
azonenberg_work has joined ##openfpga
m4ssi has joined ##openfpga
ayjay_t has quit [Read error: Connection reset by peer]
ayjay_t has joined ##openfpga
futarisIRCcloud has quit [Quit: Connection closed for inactivity]
digshadow has quit [Ping timeout: 245 seconds]
ayjay_t has quit [Read error: Connection reset by peer]
<felix_>
does a footprint need to have a 3d model to be upstreamed? upstreaming the footprint would be much less work than also having to create a corresponding 3d model
<felix_>
oh, those packages have different suffixes
<whitequark>
felix_: no, you dont need a 3d model
<whitequark>
it is encouraged to submit one but not required
<felix_>
ok, sounds good
rohitksingh has joined ##openfpga
renze has quit [Read error: Connection reset by peer]
renze has joined ##openfpga
renze has quit [Read error: Connection reset by peer]
renze has joined ##openfpga
rohitksingh has quit [Quit: Leaving.]
rohitksingh has joined ##openfpga
GuzTech has quit [Quit: Leaving]
rohitksingh has quit [Quit: Leaving.]
<keesj>
I was playing with kicad and trying to add a ICE40UP5K-SG48ITR
<keesj>
the footprint is already in the kicad repository but when I look at it (the pinout) is really looks wrong / splitted
<cpresser>
my current solution is to make the box 2*n*100mil, so there is always an exact center on the 100mil grid
<awygle>
keesj: just for total clarity - I made that symbol, and whitequark and I use it for Glasgow. So it's correct, or at least close to it.
<keesj>
very nice
<awygle>
cpresser: but the script ignores the box and only uses pins. Except maybe it doesn't. Try running the script on Memory_Flash and see the results
ZipCPU|Laptop has joined ##openfpga
<awygle>
Admittedly there are multiple right things the script could be doing, but none of them explain the behavior on the flash library as far as I can tell
<cpresser>
awygle: I will take a look. perhaps I can improve that as well. a similar approach as i did with footprints might be possible
<awygle>
cpresser: I would be very happy if you did. If you can't get to it I'll eventually do so but it'll go to the bottom of a fairly long list :-/
CoffeeFlux has quit [Ping timeout: 276 seconds]
CoffeeFlux has joined ##openfpga
CoffeeFlux has quit [Changing host]
CoffeeFlux has joined ##openfpga
<cpresser>
i am currently looking at "SST39SF010". and the symbol is actually off the grid.
<cpresser>
or "29W040". its obviously not centered properly. so the script output for checking S3.1 is correct
<awygle>
cpresser: interesting. Is that also true for this symbol?
<awygle>
cpresser: none of them managed to make the component centered
<awygle>
it's just a warning, not an error tho
<cpresser>
ah, i see. "Center calculated @ (0, 87)"
<cpresser>
weird numbers. Ill check this tomorrow morning @work
<cpresser>
my boss allowed me to do a little bit of open-source stuff :)
m4ssi has quit [Remote host closed the connection]
<azonenberg_work>
awygle: btw re yesterday's discussion my main complaint about IoT TVs etc isnt the risk of it spying on what tv shows i watch
<azonenberg_work>
it's the fact that a) it's on my network and has an internet connection (and thus is a potential entry vector for an attacker)
<azonenberg_work>
and b) it has a microphone and possibly webcam and can be used to exfiltrate data
<azonenberg_work>
if my TV overhears a sensitive conversation i'm having with a client and I lose the customer as a result of it that's a direct financial loss to me
mumptai has joined ##openfpga
<awygle>
azonenberg_work: that's not unreasonable. my particular IoT TV has neither of those things, and i prefer it that way.
<azonenberg_work>
awygle: we had an iot tv "donated" to the lab at $DAYJOB after we did a pentest on it
<azonenberg_work>
client said to keep it since it wasnt fit for sale after our testing
<awygle>
"it's not fit for our lab either, based on the results!"
<azonenberg_work>
Lol
<azonenberg_work>
So we put it on the "dirty" network with no access to any corporate resources etc
<Prf_Jakob>
Hah
<azonenberg_work>
and neutered it by physically removing the PCBs with some of the sensors
<awygle>
yeah IOA is definitely someplace i'd be paranoid at
<azonenberg_work>
e.g. the mics
<whitequark>
lol "not fit for our lab either"
<azonenberg_work>
Yeah but i wfh often enough that i have to do the same at home
<azonenberg_work>
i cant take the risk of a random gizmo around the house leaking data
<awygle>
fair 'nough
<azonenberg_work>
My personal life is boring enough i am not really concerned about protecting it
<awygle>
you're a security professional, you have different constraints than i do
<awygle>
i respect that
<azonenberg_work>
But data i work with on a daily basis could, if leaked, basically end my career
<Prf_Jakob>
Can you even get a non-IoT TV nowadays at a reasonable price?
<awygle>
sure
<whitequark>
trivial: buy used
<azonenberg_work>
Prf_Jakob: ~2 years ago i bought a 1080p dumb TV for slightly more than a typical iot smart one
<azonenberg_work>
new
<azonenberg_work>
But its getting hard to find
<azonenberg_work>
honestly, TVs make less and less sense
<azonenberg_work>
i'd just buy a big LCD monitor and a rpi or similar
<azonenberg_work>
maybe with a usb optical drive for playing spinning disk media
<azonenberg_work>
you can even hook a sdr to it to watch over-the-air channels :p
<awygle>
LCD monitors are much more expensive
<Prf_Jakob>
Well walking around at any store that sells TVs they all seem to come with Netflix or some other.
<awygle>
over a certain size
<Prf_Jakob>
Even the super cheap ones.
<azonenberg_work>
awygle: Yes, at that point you buy a projector
<awygle>
i don't really know why
<azonenberg_work>
~40 inches seems to be about the cutoff
<azonenberg_work>
(my 40 inch 4K desktop monitor was something like... 700 USD in 2015?)
<awygle>
ew. if i wanted terrible quality and horrible inconsistent lighting i'd go back to 1997 and my parents' first big screen projection tv.
<azonenberg_work>
awygle: no i mean an actual projector
<azonenberg_work>
with a screen you pull down from the ceiling
<awygle>
azonenberg_work: i know. they're awful.
<awygle>
or at least, i've never had a non-awful experience with them
<awygle>
they're also by and large not cheap at all
prpplague has joined ##openfpga
Ultrasauce has quit [Read error: Connection reset by peer]
renze has quit [Read error: Connection reset by peer]
emeb has joined ##openfpga
renze has joined ##openfpga
<awygle>
tinyfpga: or we could look directly into the LED and then we won't need to worry about TVs anymore
<azonenberg_work>
"Do not look into laser with remaining eye"?
<prpplague>
tinyfpga: btw, just some kudos for you, super happy with -Bx
<prpplague>
tinyfpga: worked out great
emeb has quit [Ping timeout: 252 seconds]
emeb has joined ##openfpga
<sorear>
> Users should be cautioned not to stare at the light of this LED product.
<Miyu>
with remaining eye?
<sorear>
the datasheet doesn't have that qualifier
genii has joined ##openfpga
<tinyfpga>
prpplague: woohoo! Thanks! :D
prpplague has quit [Ping timeout: 264 seconds]
prpplague has joined ##openfpga
ayjay_t has quit [Read error: Connection reset by peer]
m_w has joined ##openfpga
ayjay_t has joined ##openfpga
ayjay_t has quit [Read error: Connection reset by peer]
ayjay_t has joined ##openfpga
xdeller_ has quit [Read error: Connection reset by peer]
xdeller_ has joined ##openfpga
thomaav has joined ##openfpga
ayjay_t has quit [Read error: Connection reset by peer]
ayjay_t has joined ##openfpga
<felix_>
whitequark: you're still interested in the trace of the cc line between the xps13 and the tb16 dock, right?
<kc8apf>
tinyfpga: thanks for shipping the A1 and programmer. I mainly want the programmer as a dev board for a different project but I figured I may as well get an A1 and poke at MachXO2
<tinyfpga>
kc8apf: XD
<tinyfpga>
kc8apf: no problem :)
<felix_>
whitequark: i probably have some opamps somewhere in the office. did you use those as amplifier or as comparator?
<kc8apf>
I'm getting very annoyed with FTDI drivers on old versions of windows
<tinyfpga>
kc8apf: the PIC is nice and simple, but program space constrained. I needed to use the official Microchip PICkit3 in order to program it
<tinyfpga>
kc8apf: I also had to pay for the optimizing compiler from microchip to make the firmware fit :|
<kc8apf>
I probably won't need to change much, if anything
<tinyfpga>
kc8apf: the programmer itself is generic...it can drive arbitrary serial data
<tinyfpga>
kc8apf: it has some optimized commands that work well for SPI and JTAG
<tinyfpga>
kc8apf: both accelerated serial data transfer with a clock as well as a special polling command
<kc8apf>
I want to replace the FTDI in my ECU dongle with something cheaper and more robust
<tinyfpga>
kc8apf: the polling command saves a ton of time when programming flash
<kc8apf>
Constraint is it needs to act like a serial port to the host
<kc8apf>
but I only need TTL output
<tinyfpga>
kc8apf: yeah, it looks like a USB serial port
<kc8apf>
figured a $9 board was a decent starting point
<tinyfpga>
kc8apf: take a look at the python code for the programmer
<kc8apf>
I'm trying to convince a DOS application to speak with these things
<tinyfpga>
kc8apf: ohhhhh
<tinyfpga>
kc8apf: I see...good luck! XD
<tinyfpga>
kc8apf: in that case the firmware will need changes
<kc8apf>
at least it's open source :)
<tinyfpga>
yup! :)
<TD-Linux>
I ended up using a ch341a for flashing my cbus board. might be fun to add tinyfpga programmer support to flashrom though
<kc8apf>
TD-Linux: I thought about that too
<rqou>
seriously why are some parts of the infosec community _obsessed_ with "responsible disclosure"?
<prpplague>
TD-Linux: tinyfpga support in flashrom would be awesome
* prpplague
uses flashrom a lot
<tinyfpga>
prpplague: that’s how the TinyFPGA SoC example works
<tinyfpga>
prpplague: it executed directly out of SPI flash using Clifford’s XIP SPI IP
<tinyfpga>
prpplague: the TinyFPGA BX SoC in litex will do the same but with different IPs
<tinyfpga>
prpplague: hmm...I think that went over my head XD
<qu1j0t3>
rqou: why are some doctors obsessed with, "First, do no harm"?
<rqou>
i don't see these as equivalent?
Bike has quit [Ping timeout: 256 seconds]
prpplague has quit [Quit: Leaving]
<felix_>
giving a company 90 days to fix a critical RCE bug before you publish it does make quite some sense to me; minimizes the risk that the systems of random users get pwned, but still pushes the company into fixing the critical bug. for non-RCE bugs i don't really see the need for responsible disclosure though
<gruetzkopf>
DoS?
<felix_>
publishing an easily weapinizeable exploit before there's some patch will definitely end up with people trying to use that for financial gain (or just want to see the world burn ;P ). but yeah, there are still enough people not installing updates
<felix_>
hmm, yeah, bugs that crash a system without being able to execute external code is also bad, but imho still much less severe than getting code execution
<rqou>
meh, I don't feel the discover of exploits has any obligation to care about any of this
<rqou>
and yet some segments of the community seem to love to criticize people for this
Prf_Jakob has quit [Ping timeout: 246 seconds]
Prf_Jakob has joined ##openfpga
<awygle>
my opinion is, it's arguably not an obligation, it's just the right thing to do. yes, the company screwed up, but that doesn't mean their users deserve to get burned.
<qu1j0t3>
rqou: You're saying just release whateve,r, whenever, however?
<rqou>
sure, i would do that
<qu1j0t3>
well, i think that was previously the SOP
<qu1j0t3>
responsible disclosure feels like a fairly recent thing to me
<qu1j0t3>
but given the hoarding of zero-days and production of zero days by various bad actors, maybe it doesn't mean much any more *shrug*
<awygle>
gonna guess rqou is against the "big company sues security researcher" phenomenon. if the two groups don't work together (i.e. responsible disclosure), i don't see why that would ever stop.
<rqou>
meh, I don't really care about "working together," and other than f0f it doesn't seem all that common to get sued
<rqou>
basically I'm just here to *) wreck things *) learn more techniques for wrecking things *) protect my own (and my employer's) things from being wrecked
<qu1j0t3>
rugged individualism :)
<qu1j0t3>
similar to what azonenberg_work expressed about total surveillance
<balrog>
I'm not opposed to responsible disclosure if timelines remain within reason
<awygle>
sure, it can be and has been abused
<rqou>
i mostly oppose it only because so many people seem to moralize about it
<qu1j0t3>
that seems like a good reason
<felix_>
yep, the 90 days are a reasonable amount of time; shouldn't be much more, but also not much less. i'd guess though that anonymously uploading an exploit somewhere probably protects better against being sued than doing responsible disclosure
<felix_>
but yeah, imho going full disclosure is still much better than selling the exploit to some entity that isn't interested in the bug being fixed any time soon
<azonenberg_work>
felix_: depends on if you support the agenda of such entity
<felix_>
hm, i want bugs being fixed instead of being weaponized
Miyu has quit [Ping timeout: 245 seconds]
m_w has quit [Quit: Leaving]
ayjay_t has quit [Read error: Connection reset by peer]