I agree, it absolutely is interesting research, and I appreciate the detailed explanation that was published.
Although the proximity requirement severely limits the possible impact, it does make us think again about the security of our Wi-Fi networks, and as a result we may identify areas to improve, which is a benefit.
I agree with the industry response here. KRACK was the same thing. The author finds a vulnerability that is absolutely valid (no denying here), easy to exploit in a lab but very hard to exploit in practice. Back in the day, we did test our equipment for KRACK. We concluded that someone had to circumvent all our physical security barriers (challenging, but theoretically possible) to get close enough to an AP that would see sensitive stuff, had to know WHEN to do that, or at least plant a device that could easily be noticed, and they would still fail because we didn't have 802.11r enabled on those AP's.
Is it a concern? It depends on what you're doing. It is absolutely a concern if your corporation is handling ultra-sensitive information. However, you should also question your physical barriers in that case and whether you should use Wi-Fi at all for some aspects of your operation. Is it a concern for the vast majority of office workers or someone at home? Probably not; there would be easier ways to find a valid credit card number that don't involve the time and effort for a hacker to travel to your place where they could be discovered. There's no need to replace all your AP's with new hardware, although the Wi-Fi Alliance would love for you to do that.
Does this exploit warrant its own fancy name and domain name? As was the case for KRACK, I don't believe so. That should be reserved for vulnerabilities that have a severe impact AND are extremely trivial to exploit with no proximity requirements. If not, the fancy-name-vulns risk being deprived of their ability to get the attention that is required.
Oh, we can fulfill them. We'll resort to TLS inspection and force you to trust our CA on your device if you want to continue accessing our corporate network. And now we get to see (almost) everything again, like in the "good old days," not just your DNS queries.
Clear text DNS is the ultimate compromise, a gentleman's agreement if you want, that benefits everyone. We can see just enough to filter what we are required to by law on a best-effort basis, but we never see what you are actually doing thanks to the prevalence of TLS. DoH just broke that agreement.
It's a sad example of how a privacy solution like DoH will eventually result in less privacy, at least in some environments. And I'm not even considering how DoH will be the excuse for totalitarian regimes to up their surveillance antics.
I agree. For several years I have been looking on and off for a layman way to locate a source of a sound, but haven't found anything.
A solution like this could resolve many of the lingering "hum" cases. Often they are only heard by a few people, and those in charge of environmental control don't tend to take it seriously because "they don't hear it", or because they or the higher-ups are hiding something.
Acoustic consultants are extremely expensive, may require many hours if the sound is only apparent during random hours, and even then may come up with nothing.
An app that would at least be able to give a good estimate of the direction from where a sound is coming would be extremely helpful.
Here's hoping it also reduces the exorbitant amount of false positives we've been seeing with Stripe's fraud prevention services, which cost us a lot in lost legitimate sales.
I had a Little Printer, and I believe the article is slightly over-romanticizing the device. It was slow, not only the printing itself but there would also be a considerable delay before it would start printing as everything had to go through the cloud.
The printing paper had very uncommon dimensions and was hard to find. You could buy them from Berg, but they charged a lot for the rolls. There would also be a lot of paper waste due to the "face" that needed to be printed after every job. Cute, but no practical use.
In the end, however, it did what it advertised, and it did so with remarkably few of the hiccups that were (and are still) common for the IoT devices of the time; it was a good "version 1" for an IoT device. It's unfortunate that they never got to make a second version.
After the project was shuttered I bought an Epson TM-T20II. It prints from the LAN, it prints extremely quick, and the standard paper dimensions that it uses are easy to find on Amazon. It doesn't print a cute face after every job, though, but you can buy a buzzer add-on to make it beep after every job if you want.
If the item you're ordering is out of stock or unavailable to ship immediately, the shipping method time starts when the item ships. For example, it will take two business days after an item ships to reach you with Two-Day Shipping.
Amazon could easily make the case that even though the item you ordered was "in stock," it was still unavailable to ship immediately due to warehouse backlog or other operational reasons.
They did, but they also wasted a lot of time in January, allowing the virus to travel the world. But as you mentioned, other nations made similar mistakes, and they had the benefit of being warned.
However, when it comes to the question of responsibility for preventing a third SARS outbreak originating from China, the answer lies with the CCP.
I agree, demonizing the Chinese people is the worst thing anyone can do. They didn't want this virus either, but they taught us how we can contain it, and they paid the price with countless human lives.
The CCP is the one that needs to be made responsible. However, they will label any attempt from the west as racism towards the Chinese, to avoid having to take up that responsibility.
Change will only happen when it doesn't look like the CCP is losing face by listening to what the west is dictating. Economic sanctions are the alternative, but that would threaten the supply of cheap Chinese labor.
I also appreciate the open nature of Reddit. No account is required if you just want to read, and you don't need to be first "approved" to most subreddits to be able to contribute. No "real-name" policies that often do more harm than good either.
While Facebook by default erects walls around content, Reddit by default promotes the free sharing and equal access to information, which resonates much more with the original promise and mission of the internet.
It's encouraging to see Reddit overtaking Facebook in popularity at a time when the freedoms of the internet are often under attack. Yes, Reddit has its flaws, but in the end, it is one of the best defenses that we have.
Although the proximity requirement severely limits the possible impact, it does make us think again about the security of our Wi-Fi networks, and as a result we may identify areas to improve, which is a benefit.