Sebastian Krzyszkowiak @dos@librem.one

@janeq @m0bi @dzokero Facebook miał kiedyś bramkę pozwalającą zalogować się do niego klientem XMPP, ale nie było tam nigdy żadnej federacji. Nazywanie tego serwerem XMPP to jednak trochę semantyczne nadużycie; to zupełnie inny przypadek niż Google Talk.

@bananarama @hacks4pancakes @simonmicro It can make things worse if you expose HCI over UART and don't expect it to effectively give access to device's memory.
That seems like a very niche case though.

@rolenthedeep @millihertz Not even over Bluetooth, but over Bluetooth's HCI - so actually over UART and only if you happen to expose HCI there...

@nelson If you use these to exploit other devices, then sure - just like you can with monitor mode and packet injection on a Wi-Fi card that allows you to do it.

Of course you could always use other tools to do the same thing, but probably not as cheap as ESP32.

@nelson Worth adding that the same thing could have been achieved by writing a free replacement for the blob, like it's already happening for ESP32's Wi-Fi: https://esp32-open-mac.be/

@nelson Define "against".

The binary blob has features that let you do more than the official API does.

If your code exposes these capabilities outside, you're in for a nasty surprise, as you may have not factored these capabilities into your threat model. Otherwise - nothing changes; there are features there that you never used cause you didn't know about them, and they still remain unused in your code.

But now that you know about them, you may want to use them creatively in your projects :)

@nelson There's a news story about "undocumented backdoor found in Bluetooth chip used by a billion devices" which turns out to be bunch of undocumented debugging commands accessible over HCI interface as implemented by the binary blob that's used to interface with ESP32's Bluetooth peripheral.

Which is a bad news for you if you exposed that HCI interface into untrusted contexts for some reason, I guess? Otherwise this development is actually empowering the users.

Today we can observe who reads the news with comprehension and who passes stuff forward without second thoughts 😜 #esp32

@dzwiedziu @m0bi I jeszcze Stary Sącz... znaczy, Ojcze Pij Powoli: @gmina

@dzwiedziu @m0bi My mamy gminę @brwinow :) I @fedigov próbujące bardziej zakropkować tę mapę.

@wariat @dzwiedziu @m0bi Nie dziwi - Niemcy od dawna mają bardzo silnie rozwiniętą sieć hackerspace'ów i największy w Europie klub hakerski, co nie pozostaje bez wpływu na instytucje publiczne, zwłaszcza na szczeblach lokalnych. To efekt dekad działania.

For those interested, I’ve pushed the firmware that implements the necessary alt-mode dance to get UART out of the #Librem5's USB-C port to #Debubo’s repository.

It wasn’t pushed before because it was very crude and I wanted to clean it up before pushing. It still is, but I decided to actually get it out regardless rather than risk having it sit and wait for even more months 😛

@alexadeswift @agturcz Actually, they all do seem to be somewhat connected to vitamin D at least 😉

@alvaro Yeah, that depends on the device's design. The one that prompted me to make this board uses TPS65982 which handles muxing autonomously, so that would work; but with something like FUSB302 - not really.

@alvaro One more spec-compliant option that may be worth mentioning that doesn't require an on-board plug as DAM does is PD Alternate Mode - at least in case you already do PD on the target, otherwise it may be overkill 😁

I made an STM32G0-based board to trigger custom alt-modes with power and USB passthrough some time ago; instead of JTAG it breaks UART out, but the principle is the same: https://gitlab.com/dos1/debubo

@hspoz Gratki! Dawno nie byłem; czy wciąż siedzą tam pyrkonowcy? 😁

@confluency I've been using Tab Center Reborn with a bit of custom CSS for ages. Native vertical tabs still feel somewhat clunky to me. Could probably live with them after some restyling, but this still works well so I don't bother 🤷