Sebastian Krzyszkowiak @dos@librem.one

@pocketvj Just some basic lens corrections, de-noising etc. gets you 90% there.

See https://social.librem.one/@dos/112408330992738904, https://social.librem.one/@dos/112988326413463557 and lots of my other photos here tagged as #shotonlibrem5

@mkljczk @janeq @m0bi @dzokero ...i Twitter, i Blip, i identi.ca... (w trochę inny sposób, ale miały)

@janeq @m0bi @dzokero Facebook miał kiedyś bramkę pozwalającą zalogować się do niego klientem XMPP, ale nie było tam nigdy żadnej federacji. Nazywanie tego serwerem XMPP to jednak trochę semantyczne nadużycie; to zupełnie inny przypadek niż Google Talk.

@bananarama @hacks4pancakes @simonmicro It can make things worse if you expose HCI over UART and don't expect it to effectively give access to device's memory.
That seems like a very niche case though.

@rolenthedeep @millihertz Not even over Bluetooth, but over Bluetooth's HCI - so actually over UART and only if you happen to expose HCI there...

@nelson If you use these to exploit other devices, then sure - just like you can with monitor mode and packet injection on a Wi-Fi card that allows you to do it.

Of course you could always use other tools to do the same thing, but probably not as cheap as ESP32.

@nelson Worth adding that the same thing could have been achieved by writing a free replacement for the blob, like it's already happening for ESP32's Wi-Fi: https://esp32-open-mac.be/

@nelson Define "against".

The binary blob has features that let you do more than the official API does.

If your code exposes these capabilities outside, you're in for a nasty surprise, as you may have not factored these capabilities into your threat model. Otherwise - nothing changes; there are features there that you never used cause you didn't know about them, and they still remain unused in your code.

But now that you know about them, you may want to use them creatively in your projects :)

@nelson There's a news story about "undocumented backdoor found in Bluetooth chip used by a billion devices" which turns out to be bunch of undocumented debugging commands accessible over HCI interface as implemented by the binary blob that's used to interface with ESP32's Bluetooth peripheral.

Which is a bad news for you if you exposed that HCI interface into untrusted contexts for some reason, I guess? Otherwise this development is actually empowering the users.

Today we can observe who reads the news with comprehension and who passes stuff forward without second thoughts 😜 #esp32