Hacker News new | past | comments | ask | show | jobs | submit | iou's comments login

Timely post with the vulnerability research this week? https://www.tarlogic.com/news/backdoor-esp32-chip-infect-ot-...


This outfit has changed the term "backdoor" to mean "any undocumented feature". The findings reported are absolutely not a backdoor in any conventional usage of the term. One would need to flash their own code to the micro to make use of these features, which is the normal operating mode for any micro device.

This is nothing other than a security research team trying to get some attention by crying wolf.


That was related to Bluetooth. Interesting undocumented low level commands but it's a bit of a stretch to call it a vulnerability IMHO.

But having the whole stack open would just be better in general.


Correct. HN thread https://news.ycombinator.com/item?id=43301369

Not a vulnerability in the way that Tarlogic makes it sound. Disingenuous and misleading article for sure.


A good bunch of "security" articles that make the news look more like scareware to me in the past years.


This isn't a backdoor, it's just an undocumented debugger in the HCI stack. You still need a physical UART connection to the device AFAIK. The exact same type of connection you use to program and debug the device normally.


> I'm gonna need you to go ahead and RTO.


This is the one worth watching, it’s a total scam and PayPal is fine with it apparently.


As other commenters have said, a better solution needs to be something that is prohibitively difficult for bots to mint.

I’m sure there are a few contenders in the space but one I’m aware of is [worldcoin](https://world.org/)


Worldcoin has always creeped me out since this:

https://d1sr9z1pdl3mb7.cloudfront.net/wp-content/uploads/202...


Saruman's vacation pics?


Giving biometric data to Sam Altman has to be one of the worst ideas we could pursue. Not only is Worldcoin a know scam, rightfully being banned in several countries, Sam and OpenAI are one of the major reasons realistic-looking misinformation became easier to proliferate.

He’s done enough damage, let’s not make the creator of the problem in charge of the “solution” that benefits him too.

https://www.buzzfeednews.com/article/richardnieva/worldcoin-...

https://www.technologyreview.com/2022/04/06/1048981/worldcoi...


I kinda like Safari…


If you like this blog post I think you’d like this book https://www.artofunittesting.com/

Test naming convention defined there of

[UnitOfWork_StateUnderTest_ExpectedBehavior]

Always resonated with me as from that you could also discern bugs in test code from developer’s intent.


It’s truly terrible, this is the right thing.


There was some writeup from a few years back https://e-estonia.com/estonian-e-state-has-experienced-sever...

It’s not going into granularity you may want though.


lol, the picture in the post is of a macaron, not a macaroon

https://www.foodnetwork.com/recipes/packages/baking-guide/ma...


Why the word Pro so many times!


Macprovich, Macprovich, Macprovich! https://youtu.be/c2fVfIejbfM?feature=shared&t=230


Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: