https://www.nytimes.com/2018/05/10/technology/alexa-siri-hidden-command-audio-attacks.html


Over the last two years, researchers in China and the United States have begun demonstrating that they can send hidden commands that are undetectable to the human ear to Apple’s Siri, Amazon’s Alexa and Google’s Assistant. Inside university labs, the researchers have been able to secretly activate the artificial intelligence systems on smartphones and smart speakers, making them dial phone numbers or open websites. In the wrong hands, the technology could be used to unlock doors, wire money or buy stuff online — simply with music playing over the radio.

A group of students from University of California, Berkeley, and Georgetown University showed in 2016 that they could hide commands in white noise played over loudspeakers and through YouTube videos to get smart devices to turn on airplane mode or open a website.

This month, some of those Berkeley researchers published a research paper that went further, saying they could embed commands directly into recordings of music or spoken text. So while a human listener hears someone talking or an orchestra playing, Amazon’s Echo speaker might hear an instruction to add something to your shopping list.

Not surprised. Keep your smart assistants mic off until u need them.

Sent from my SM-G950U1 using Tapatalk

The model for dealing with this is out there:


https://memegenerator.net/img/instances/63549607.jpg

Not surprised. Keep your smart assistants mic off until u need them.

Sent from my SM-G950U1 using Tapatalk

First, do you know they're really off or not?
Second, it's not always possible to definitively turn them off without turning off the device.

I only have one Alexa-powered device, an Amazon Tap, which requires a button push to enter voice mode. Because I don't use it often, I may bin it. I've also been considering a non-smartphone. There are "feature phones" available now that can act as a wifi hotspot, giving you the ability to use a tablet or some such if you need portable, internet-enabled computing. However, there's a huge loss of convenience involved, so I've not yet made that move. The more I read articles like this, the more compelled I am to make that move.

Maybe it's time for a butlerian jihad...

Chris

First, do you know they're really off or not?
Second, it's not always possible to definitively turn them off without turning off the device.

I only have one Alexa-powered device, an Amazon Tap, which requires a button push to enter voice mode. Because I don't use it often, I may bin it. I've also been considering a non-smartphone. There are "feature phones" available now that can act as a wifi hotspot, giving you the ability to use a tablet or some such if you need portable, internet-enabled computing. However, there's a huge loss of convenience involved, so I've not yet made that move. The more I read articles like this, the more compelled I am to make that move.

Maybe it's time for a butlerian jihad...

ChrisLike anything and everything you cant know for sure. Your phone is always listening as well. If you were really worried about being tracked and listened to then your smart phone is the first thing that should go.

The number one thing is to not connect amy critical devices to your assistant, like alarms and locks.

Sent from my SM-G950U1 using Tapatalk

Like anything and everything you cant know for sure. Your phone is always listening as well. If you were really worried about being tracked and listened to then your smart phone is the first thing that should go.
That's why I said I'm seriously considering the dumbphone. I don't have anything to hide and people are welcome to track my movements (virtual or otherwise) if they're bored, but what if that changes or what if the listening/tracking becomes more pervasive?


The number one thing is to not connect amy critical devices to your assistant, like alarms and locks.
Yup. The only device my Tap can access is a smart outlet attached to a lamp. I will NOT be using smart locks. Ever.

Chris

There are clean(er) smartphone or OS options out there. Off the shelf or DIY.

The pressure for timely personal data is unbelievable. I've shared before my exposure to companies like Bazaarvoice. If you add an anti-script browser extension such as NoScript you can see just how many entities are parsing your activity on the Internet.

On the flip side, we know TANSTAAFL whether it be Gmail, P-F or the NYT. I need to remember to search for reviews of the Euro GDPR effect on data peddlers.

Here's an interesting article on use of phone tracking data:

https://www.nytimes.com/2018/05/10/technology/cellphone-tracking-law-enforcement.html



Thousands of jails and prisons across the United States use a company called Securus Technologies to provide and monitor calls to inmates. But the former sheriff of Mississippi County, Mo., used a lesser-known Securus service to track people’s cellphones, including those of other officers, without court orders, according to charges filed against him in state and federal court.
...
Between 2014 and 2017, the sheriff, Cory Hutcheson, used the service at least 11 times, prosecutors said. His alleged targets included a judge and members of the State Highway Patrol. Mr. Hutcheson, who was dismissed last year in an unrelated matter, has pleaded not guilty in the surveillance cases.
...
“Securus is neither a judge nor a district attorney, and the responsibility of ensuring the legal adequacy of supporting documentation lies with our law enforcement customers and their counsel,” the spokesman said in a statement. Securus offers services only to law enforcement and corrections facilities, and not all officials at a given location have access to the system, the spokesman said.
...
Senator Ron Wyden, Democrat of Oregon, wrote in a letter this week to the Federal Communications Commission that Securus confirmed that it did not “conduct any review of surveillance requests.” The senator said relying on customers to provide documentation was inadequate. “Wireless carriers have an obligation to take affirmative steps to verify law enforcement requests,” he wrote, adding that Securus did not follow those procedures.
...
The service provided by Securus reveals a potential weakness in a system that is supposed to protect the private information of millions of cellphone users. With customers’ consent, carriers sell the ability to acquire location data for marketing purposes like providing coupons when someone is near a business, or services like roadside assistance or bank fraud protection. Companies that use the data generally sign contracts pledging to get people’s approval — through a response to a text message, for example, or the push of a button on a menu — or to otherwise use the data legally.
...

I fixed the Alexa we have..I pulled the plug on it about a year ago wrapped it up and and it's been sitting on the end table, unplugged ever since.. I'll never plug that thing in again, and if I thought I could get away with it, I'd take Alexa on a one way trip to the range with me...

I made my kids unplug them. One of my daughters Alexa starting saying "Sorry, I'm having trouble understanding you right now" one day while I was home alone and reading on the couch. Did it twice in like an hour.

Another time my little one came in our bedroom saying Alexa woke her up like at 2am. It was playing 24K Magic by Bruno Mars. At 2am.

P-F made me buy more 1911s.

And Glocks.

And bags and holsters and shit that goes in them; even little gates that go on Glocks.

FWIW, I was being sincere. If PF is doing something “bad” I’d like to know so I can at least consider trying to stop doing that. :)

Not speaking for schüler, but my guess is that he was referring to the simple act of going online involving a security risk.

I will post a positive experience my parents had with an Amazon Dot...

My dad is an amputee (only now in the process of getting his prosthesis) and a type 2 diabetic who has a lot of trouble controlling his sugar. He spends most of his day and night in a recliner in the den. Shortly after losing his leg below the knee, my brother gave him an Amazon Dot. One of the things you can do is program in an emergency contact that you can call, via the Dot, by calling out to it. Early one morning, my dad wakes up confused, weak, and in a bad way due to his blood sugar crashing (we found out later it was in the 60s). He was freaking out mentally and can't manage to operate his phone to call my mom who is asleep in the bedroom at the other end of the house. He was also too weak to yell out loud enough to wake her. He managed to remember how to use the Dot to reach out to his emergency contact (IIRC, it's something like "Call Person"). My mom gets the call and goes to his aid. Because of the time of day this transpired, had he not been able to reach her via Alexa, he may not have survived as my mom probably wouldn't have been awake for another 2-3 hours.

I don't know that it's a reason to start buying them, and there are other tools that would get the job done, but it certainly came in handy that time.

Chris

As far as I know, we only use session cookie to keep people logged in and other "make the forum work right" stuff -- nothing beyond whatever vBulletin sets for every other forum. There are some thridparty cookies set for our affiliate programs, Amazon Associates and Avantlink (which handles Brownells and a bunch of other retailers), and for Google Analytics (and who knows what they do). If I can find a decent analytics package that isn't Google, I'll switch.

I've been contacted multiple times to sell/use our membership email addresses for email marketing. I've always said no and I always will. I'm also approached a couple times a year by various outfits that want to buy PF (and I'm sure turn it into a marketing machine), but I've always declined their ridiculous lowball offers. I suspect I always will. PF is the only place I go on the internet and I'm in no hurry to ruin it -- and selling would almost certainly do that.

This type of character ^^^^^ is but one reason why PF gets all my attention. Thanks, Tom for being a class act.

This type of character ^^^^^ is but one reason why PF gets all my attention. Thanks, Tom for being a class act.

Seconded.

What am I doing wrong and how is PF in the data peddling business?

No negative inference intended. I apologize for provoking any concern with my wording-on-the-go.

On one hand we have the ad revenue data pimps.

The "flip side" is there are servers, bandwidth, software maintenance, etc. to be paid for. The ad money can help keep the lights on and for some sites the ad revenue is crucial to keeping the lights on.

Given the relationship between impetuou$ analytic$ and the cost of site hosting in its varying degrees... I'm interested in the unintended financial consequences of the GDPR. How has it affected the "free" services? How has it affected the "good guys" whose enthusiast forums are tenable because of normal ad revenue?

While we're on the subject of P-F and revenue. Would it be possible to add a monthly subscription option without too much hassle? Purely voluntary option in addition to the yearly subscription. I'd be down for it.

I will post a positive experience my parents had with an Amazon Dot.
...
I don't know that it's a reason to start buying them, and there are other tools that would get the job done, but it certainly came in handy that time.


That is great to read about, Chris. I'm glad the device was there for him. I am glad the network was online and working fine, too.

The wife of a good friend suffers from MS and she spends the day in a special bed or power chair. She has a panic button setup that triple reports (landline, Internet, text messages) to a contact list. One of those systems may be an option for your parents' situation as well. Part of my job is to install the commercial version of those kinds of systems. I would be more than happy to assist with any research and subsequent config if you like.

FWIW, I'm working to get us away from the data tracking ads (which pretty much all of the ones supplied via an ad network, like Google Adsense, are) and into simple locally hosted banner ads images -- no javascript, no cookies, no tracking (that's what's currently showing under the navabar). Of course, those "data-less" ads are less valuable to advertisers and therefore harder to sell. I've talked to Glock's marketing firm about running ads here and they use some serious tracking and conversion monitoring stuff. I'd love to run ads for them (assuming they'd be interested in little ol' PF), but I'm less keen on all the tracking so it's unlikely to happen.


I'm not bothered by the tracking ads here. There are ways around them if the principle or privacy is a concern to someone. HOWEVER I do not expect anyone's site and service to be free and am interested in an alternative method of contributing.



...
Or are you asking for a completely separate "PF Patron" sort of thing where people could make an automatic monthly contribution to the forum? I can easily set that up. I'm honestly hesitant to do anything that looks like I'm trying to nickel and dime you guys. But at the same time, I try to be customer focused, so if that's what you guys want I'm more than happy to set it up. :)

Yes, I am asking about the patron option. Perhaps as simple as additional monetary denominations in addition to the $25/yr in the Subscription pull-down menu. And/or, if not a hassle, a voluntary option for additional monthly contribution option.

The base $25/yr plan makes sense for the reasons you list. But I get a hell lot more value than that. I know most of the regulars here value this place like very few other places on the 'net.

I'd like to start a topic in GD for better visibility of this discussion. I could give a... molecular fk... about topic drift on this here thread. I just know there are a number of people that would like to sponsor more and I want it in front of their eyes. More than happy to continue hashing out basic thoughts here tho.

Couple of questions, please: Are there any financial deficits or cutting it close in the periodic billing cycles for the forum? Are there foreseeable future expenses or developmental costs you or the braintrust are interested in? Any other frank financial matters we can table? If there's a forum alter-ego to your conscientious, considerate persona I would love to have that input as well.

That is great to read about, Chris. I'm glad the device was there for him. I am glad the network was online and working fine, too.

The wife of a good friend suffers from MS and she spends the day in a special bed or power chair. She has a panic button setup that triple reports (landline, Internet, text messages) to a contact list. One of those systems may be an option for your parents' situation as well. Part of my job is to install the commercial version of those kinds of systems. I would be more than happy to assist with any research and subsequent config if you like.

Thanks, I appreciate the offer. The situation has improved significantly. He's stronger and healthier now and the docs have taken him off a number of the drugs he was taking. Once he's fully mobile on the prosthetic leg, I expect things to improve further as he'll be moving around more, helping to stabilize his blood sugar.

To be honest, and I don't know why it didn't occur to me sooner, he's probably a great candidate for one of those Life Alert systems you wear around your neck.

Chris

Thanks, I appreciate the offer. The situation has improved significantly. He's stronger and healthier now and the docs have taken him off a number of the drugs he was taking. Once he's fully mobile on the prosthetic leg, I expect things to improve further as he'll be moving around more, helping to stabilize his blood sugar.

To be honest, and I don't know why it didn't occur to me sooner, he's probably a great candidate for one of those Life Alert systems you wear around your neck.

Chris


My dad had one with a base unit in his kitchen. His dog got up on the table once and walked on the unit sending an alert. He heard them talking thru the unit and they could hear him from his bedroom down the hall.

Would a baby monitor intercom thing also be helpful for in the house communications such as he needed?

Would a baby monitor intercom thing also be helpful for in the house communications such as he needed?

Possibly. The biggest challenge would be having something that could wake my mom when necessary (she sleeps like the dead) but not disturb her otherwise. It's not unusual for my dad to wake up and 3 or 4am and watch TV for a bit, then go back to sleep, so if this thing continuously transmitted everything in the den to my mom's bedroom, it wouldn't be helpful.

Still, good idea and something I'll bring up. Ideally, I'd like to see him move back into the bedroom once he's more mobile. The delay has been getting his prosthetic (put on hold for a year due to healing issues in his stump).

This has been one hell of a thread drift. From privacy issues with near-AI devices to elder care. :)

Chris

Possibly. The biggest challenge would be having something that could wake my mom when necessary (she sleeps like the dead) but not disturb her otherwise. It's not unusual for my dad to wake up and 3 or 4am and watch TV for a bit, then go back to sleep, so if this thing continuously transmitted everything in the den to my mom's bedroom, it wouldn't be helpful.

Still, good idea and something I'll bring up. Ideally, I'd like to see him move back into the bedroom once he's more mobile. The delay has been getting his prosthetic (put on hold for a year due to healing issues in his stump).

This has been one hell of a thread drift. From privacy issues with near-AI devices to elder care. :)

Chris

Two-way radio (aka walkie-talkies)?

Some of them (many?) have 'emergency alert' buttons that you push on one and it sends an ear piercing screech to the other. We had those when I was a kid...nothing like locating your friend in the woods, by "screeching" them.

Two-way radio (aka walkie-talkies)?

Some of them (many?) have 'emergency alert' buttons that you push on one and it sends an ear piercing screech to the other. We had those when I was a kid...nothing like locating your friend in the woods, by "screeching" them.

I seem to recall those being discussed when this all started, but were rejected for some reason.

That said, I could easily run a wired panic button from his space to the bedroom where it would terminate in a large mechanical bell. That might wake my mom. :D

Chris

Would a baby monitor intercom thing also be helpful for in the house communications such as he needed?

Careful with these. Some baby monitors have been demonstrated to be highly hackable.

Careful with these. Some baby monitors have been demonstrated to be highly hackable.Oh man, given the first post in this thread - I'm in stitches!

Sent from my SAMSUNG-SM-N920A using Tapatalk

First, do you know they're really off or not?
Second, it's not always possible to definitively turn them off without turning off the device.

I only have one Alexa-powered device, an Amazon Tap, which requires a button push to enter voice mode. Because I don't use it often, I may bin it. I've also been considering a non-smartphone. There are "feature phones" available now that can act as a wifi hotspot, giving you the ability to use a tablet or some such if you need portable, internet-enabled computing. However, there's a huge loss of convenience involved, so I've not yet made that move. The more I read articles like this, the more compelled I am to make that move.

Maybe it's time for a butlerian jihad...

Chris

Thou shalt not make a machine in the image of a human mind.

https://www.nytimes.com/2018/05/10/technology/alexa-siri-hidden-command-audio-attacks.html

Undocumented "features"?

I fixed the Alexa we have..I pulled the plug on it about a year ago wrapped it up and and it's been sitting on the end table, unplugged ever since.. I'll never plug that thing in again, and if I thought I could get away with it, I'd take Alexa on a one way trip to the range with me...

Well, good news... My wife gave me the green light to take Alexa to the range.. I intend to shred every peice of that bitch..

Not surprised. Keep your smart assistants mic off until u need them.

Sent from my SM-G950U1 using TapatalkI agree, but then again walking over and pushing the button to turn the mic on negates the whole point of the device. I actually find the whole Alexa thing pointless. It is far faster and more accurate to nust use the phone that is never our of arms reach.

Sent from my SM-G930V using Tapatalk

Careful with these. Some baby monitors have been demonstrated to be highly hackable.

True (https://en.m.wikipedia.org/wiki/2016_Dyn_cyberattack), as are virtually all "Internet of Things" devices. IoT is a freaking catastrophe with regards to information security.

True (https://en.m.wikipedia.org/wiki/2016_Dyn_cyberattack), as are virtually all "Internet of Things" devices. IoT is a freaking catastrophe with regards to information security.


I'm not at all up to speed on baby monitor devices, are they all wifi or net connected? I was thinking the short range radio/walky-talky type thing where if theres a loud sound or whatever, its transmitted to the receiver in the other room, not broadcast to the net. Maybe they dont make that kind any more, but it seems there would be a useful market. Same for panic buttons worn on the wrist or on a cord around the neck, they shouldnt have to be world wide connected, just the other room, or send a pre-made alert msg to someones phone perhaps?

Well, good news... My wife gave me the green light to take Alexa to the range.. I intend to shred every peice of that bitch..

Phrasing, dude, phrasing.

I'm not at all up to speed on baby monitor devices, are they all wifi or net connected?

The latest trend in the gadget industry is to connect pretty much everything to the network, whether that makes any sense at all or not. I'm sure the old school type of baby monitors are still out there.

The latest trend in the gadget industry is to connect pretty much everything to the network, whether that makes any sense at all or not. I'm sure the old school type of baby monitors are still out there.

Yes, Ive heard of all sorts of things being net connected. I understand the perceived purpose, but the downsides seem obvious in many instances also. Im an outlier though, I dont even have a smart phone and have no desire for one. A laptop computer and texting on my antique cell phone is as connected as I need or want to be.

My Dell computer decided to have a stroke when Windows 10 updated most recently. This caused me to have to reinstall Windows, as it completely fuckered the original install to the point it couldn't roll back, etc. Fucking Cortana is a thing, now. Unless you're got a starship with holodecks ready for me, I'm not talking to the damn computer.

I'm not at all up to speed on baby monitor devices, are they all wifi or net connected? I was thinking the short range radio/walky-talky type thing where if theres a loud sound or whatever, its transmitted to the receiver in the other room, not broadcast to the net. Maybe they dont make that kind any more, but it seems there would be a useful market. Same for panic buttons worn on the wrist or on a cord around the neck, they shouldnt have to be world wide connected, just the other room, or send a pre-made alert msg to someones phone perhaps?

Depends. Ours are the simple radio type but that's becoming less and less common as "IOT" takes over. I truly don't understand the need for my refrigerator to be "smart". Its IQ needs to end at its ability to control temperature.

My Dell computer decided to have a stroke when Windows 10 updated most recently. This caused me to have to reinstall Windows, as it completely fuckered the original install to the point it couldn't roll back, etc. Fucking Cortana is a thing, now. Unless you're got a starship with holodecks ready for me, I'm not talking to the damn computer.

Had to google cortana. Thats the sort of thing I delete from computers when I get them. Same with the built in camera communication things they all come with. And be sure all the "connect with another computer or network to troubleshoot" or whatever is shut off or manual only. Gads I hate all the shit they cram in computers. I understand theres uses for much of it for many people, but I shut off or delete as much as i can and still allow it to function. Everything still gets black tape over the cameras and mics.

My Dell computer decided to have a stroke when Windows 10 updated most recently. This caused me to have to reinstall Windows, as it completely fuckered the original install to the point it couldn't roll back, etc. Fucking Cortana is a thing, now. Unless you're got a starship with holodecks ready for me, I'm not talking to the damn computer.

Yeah, after Win 10 SP1 the Cortana process cannot be disabled via Settings options. It can be disabled via registry edit. However Cortana will still show up in task menu.

If you want the nuclear option there is a way to rename or delete the Cortana file - but you also lose the ability to search at the Windows menu button.

Most people just use the registry edit option to disable Cortana or verify Cortana is disabled. And delete any history stored @ their Microsoft Live account.

My Dell computer decided to have a stroke when Windows 10 updated most recently. This caused me to have to reinstall Windows, as it completely fuckered the original install to the point it couldn't roll back, etc.

We have also been substantially less than pleased with regards to the Win10 update regimen. For many months, my SO did not have a working start menu; you'd click on the start menu, and the OS would politely prompt you to restart the computer. Once Microsoft fixed that, the version 1709 update (I have no idea if that's the actual number, but close) effectively bricked her machine, necessitating multiple re-installs. Microsoft also fixed that recently.

Things appear to be working correctly now, but I'm sure they'll be broken again before too long. None of that has anything to do with the present invasion-of-privacy-as-a-financial-paradigm trend, it's just Microsoft doing Microsoft-y things.

Everything still gets black tape over the cameras and mics.

I started doing that 10 years ago on a hunch. People laughed. A few years later my friends all had stickers over their cameras.

Well, good news... My wife gave me the green light to take Alexa to the range.. I intend to shred every peice of that bitch..

VIDEO. all was ask for is VIDEO. With lots of pixels, and lots of frame rates. :D

First, do you know they're really off or not?
Second, it's not always possible to definitively turn them off without turning off the device.

I only have one Alexa-powered device, an Amazon Tap, which requires a button push to enter voice mode. Because I don't use it often, I may bin it. I've also been considering a non-smartphone. There are "feature phones" available now that can act as a wifi hotspot, giving you the ability to use a tablet or some such if you need portable, internet-enabled computing. However, there's a huge loss of convenience involved, so I've not yet made that move. The more I read articles like this, the more compelled I am to make that move.

Maybe it's time for a butlerian jihad...

Chris

Thou shalt not make a machine in the likeness of a man's mind

Thou shalt not make a machine in the likeness of a man's mind

haha - check post #29.

Tower of Babel pls.

I started doing that 10 years ago on a hunch. People laughed. A few years later my friends all had stickers over their cameras.

The Purism laptops and their upcoming phone (all Linux-based) have hardware disable switches for mic/cam and wifi/bluetooth.

While looking at their phone (https://puri.sm/shop/librem-5/#wpneo-tab-update) updates I saw mention of phone CPU being separate from "baseband (https://attack.mitre.org/mobile/index.php/Technique/MOB-T1058)" and separate kill switch for the baseband section. Got me to looking. This article from 2013 seems to do the best job of explaining the baseband concern (https://www.extremetech.com/computing/170874-the-secret-second-operating-system-that-could-make-every-mobile-phone-insecure). Here are some more recent articles from 2016 (https://boingboing.net/2016/07/20/baseband-vulnerability-could-m.html), 2016 (https://arstechnica.com/information-technology/2016/07/software-flaw-puts-mobile-phones-and-networks-at-risk-of-complete-takeover/), 2017 (https://www.wired.com/story/broadpwn-wi-fi-vulnerability-ios-android/), 2017 (https://threatpost.com/baseband-zero-day-exposes-millions-of-mobile-phones-to-attack/124833/).

I don't know Linux but when I combine its scalable privacy, stability and its flexibility/support with some of my hobby stuff... it's looking worth the effort.

The Purism laptops and their upcoming phone (all Linux-based) have hardware disable switches for mic/cam and wifi/bluetooth.

While looking at their phone (https://puri.sm/shop/librem-5/#wpneo-tab-update) updates I saw mention of phone CPU being separate from "baseband (https://attack.mitre.org/mobile/index.php/Technique/MOB-T1058)" and separate kill switch for the baseband section. Got me to looking. This article from 2013 seems to do the best job of explaining the baseband concern (https://www.extremetech.com/computing/170874-the-secret-second-operating-system-that-could-make-every-mobile-phone-insecure). Here are some more recent articles from 2016 (https://boingboing.net/2016/07/20/baseband-vulnerability-could-m.html), 2016 (https://arstechnica.com/information-technology/2016/07/software-flaw-puts-mobile-phones-and-networks-at-risk-of-complete-takeover/), 2017 (https://www.wired.com/story/broadpwn-wi-fi-vulnerability-ios-android/), 2017 (https://threatpost.com/baseband-zero-day-exposes-millions-of-mobile-phones-to-attack/124833/).

I don't know Linux but when I combine its scalable privacy, stability and its flexibility/support with some of my hobby stuff... it's looking worth the effort.

Linux is totally worth learning, if you are comfortable with command line stuff. If you already work with a Unix type OS, Linux is a breeze. The most recent GUI is way better than it used to be, but command line is where it's at. I've been using Ubuntu, it was recommended to me by a friend who is a kernel hacker, and seems to be a pretty well maintained distribution.

haha - check post #29.

Tower of Babel pls.

IKR? I got the notification of his quote and did a doubletake because I knew I had seen that before. :D

Chris

Linux is totally worth learning, if you are comfortable with command line stuff. If you already work with a Unix type OS, Linux is a breeze. The most recent GUI is way better than it used to be, but command line is where it's at. I've been using Ubuntu, it was recommended to me by a friend who is a kernel hacker, and seems to be a pretty well maintained distribution.

I've been using Linux privately and professionally for 20 years now. I've deployed global commercial services using Linux and have developed products that rely on Linux. I'm as comfortable with Linux as I am with Windows.

I still use Windows at home. I'm aware of the limitations and risks, but with a family of non-tech-types and a need for apps or hardware not supported by Linux, I am better served by Windows.

I'm dubious about the Purism phone. It looks nice on paper, but I'll wait for the phone to hit the market and get in the hands of a few folks before I part with my money.

Chris

haha - check post #29.

Tower of Babel pls.

And his word shall carry death eternal to those who stand against his righteousness

I've been using Linux privately and professionally for 20 years now.
...

Thanks for the input, Tabasco and mtnbkr. I cut my teeth on a freebie 8088/DOS 2.1, assembled my own computers and did command line programming in Pascal and ANSI C when I was a teen. But my Unix experience is limited to basically copycatting and handful of commands to get me past a configuration issue. Not scared but I do want to get started on the right foot. Any recommendations on starting out?

Linux will not replace Windows. But it sure as heck will be the personal use primary wherever it can be. I am glad there is support for my favorite hobby devices and personal productivity software.

Yeah, I won't be upgrading my phone until my current one fails or I break it.

Question for you two: Let's say I'm seriously interested in the Debian-based Purism OS. Are there any glaring differences between Ubu and Debian-based systems? I need to do a survey of what flavor is most common with my hobby and productivity stuff.

VIDEO. all was ask for is VIDEO. With lots of pixels, and lots of frame rates. :D

You don't know, but that's a very tall order..I'm 63, and, unlike many of you younger members here, that were literally raised with a computer , I basically taught myself, and there's sooo much I don't know how to do.. best I can offer is to text cell phone pics to somebody here who could put them up...(I'm serious) I'm debating what I should use on Alexa...hmmm, some 5.56? Or maybe a .44mag, I know, 30-06M1 ball out of a M1 that'll work.. of course we should use some 9mm just to be sure she'll never laugh at anyone again..

You don't know, but that's a very tall order..I'm 63, and, unlike many of you younger members here, that were literally raised with a computer , I basically taught myself, and there's sooo much I don't know how to do.. best I can offer is to text cell phone pics to somebody here who could put them up...(I'm serious) I'm debating what I should use on Alexa...hmmm, some 5.56? Or maybe a .44mag, I know, 30-06M1 ball out of a M1 that'll work.. of course we should use some 9mm just to be sure she'll never laugh at anyone again..

Customary to give a last request in executions.

Flip the script - plug her in one more time and make that request.

Question for you two: Let's say I'm seriously interested in the Debian-based Purism OS. Are there any glaring differences between Ubu and Debian-based systems? I need to do a survey of what flavor is most common with my hobby and productivity stuff.

There are differences*, however nothing that should completely preclude you leveraging knowledge gained via one distro with another on. I've mostly used CentOS (Redhat) for the past 8 years, but needed to work with Debian quite a bit a few years ago. The main differences were more due to how the vendor of the Debian-based systems set things up for their own need rather than the differences in the two flavors. You'll run into more challenges moving between a SystemD-based install vs a BSD-style init. I personally have no experience with SystemD, but based on the guys who worked for me and were tasked with taking up SystemD, it can be frustrating (to be fair, they're a bit set in their ways).

*Whether or not they are significant depends on how you use the system and your background.

Chris

Customary to give a last request in executions.

Flip the script - plug her in one more time and make that request.

Oh crap that would be funny. I may ask my Tap that question just to see what the answer is. :D

Chris

Thanks for the input, Tabasco and mtnbkr. I cut my teeth on a freebie 8088/DOS 2.1, assembled my own computers and did command line programming in Pascal and ANSI C when I was a teen. But my Unix experience is limited to basically copycatting and handful of commands to get me past a configuration issue. Not scared but I do want to get started on the right foot. Any recommendations on starting out?

Linux will not replace Windows. But it sure as heck will be the personal use primary wherever it can be. I am glad there is support for my favorite hobby devices and personal productivity software.

Yeah, I won't be upgrading my phone until my current one fails or I break it.

Question for you two: Let's say I'm seriously interested in the Debian-based Purism OS. Are there any glaring differences between Ubu and Debian-based systems? I need to do a survey of what flavor is most common with my hobby and productivity stuff.

mtnbkr can probably better answer your last question. I started with Slackware, then Redhat, and now Ubuntu. My primary use for Linux was repurposing old PC hardware. My main concern was the ability to download and compile source for apps and servers without it being a PITA. That, and it's similarity to the Unix systems I was working with (AIX, Solaris). Never really had to do much low level stuff. All three ran on pretty much any old PC hardware I had, sometimes (especially with Slackware), the older the better. One thing to note is the new adoption 'systemd' over the old style 'initd':

https://en.wikipedia.org/wiki/Systemd

I like initd as the startup scripts were in one place, and they were text files that were easy to edit and configure in a hurry. I value simplicity with my firearms, cars and computers. Systemd is a step in the other direction. At least with Ubuntu, you can switch back to initd.

What I love about the 'nix type systems is that they have't really changed that much, vs. Windows. Think Windows NT as opposed to Windows Server today. I was able to take a 9 year break from 'nix, and be back up to speed in a few months when I had my last 'nix sysadmin job. Now I lust use Linux for a dedicated computer that I pay bills with online, but in the past I ran Apache, Dovecot, OSSEC, Nagios, etc. on crappy old PC's and they worked great.

Another thing (while I'm on my Linux love fest), is it's highly customizable and scripting is easy. You can create background processes (daemons) with PERL, as PERL compiles before it's run so you have the efficiency of compiled code without having to deal with C programming. The default shell, BASH, supports simple data arrays, so the only I would use PERL is for background processes.

That's my story and I'm sticking to it.

I started with Slackware, then Redhat, and now Ubuntu.
I started with Slackware too. It was the only distro I could get to work properly with the old laptops I was using back in the 90s.


What I love about the 'nix type systems is that they have't really changed that much, vs. Windows. Think Windows NT as opposed to Windows Server today. I was able to take a 9 year break from 'nix, and be back up to speed in a few months when I had my last 'nix sysadmin job.
That's a very valid point. I started my IT career in the mid 90s with Windows, ultimately running a Windows-based LAN comprised of NT 4.0 server (5 of various sizes and roles), Citrix Winframe for the remote guys, and roughly 300 Win95 and WinNT 4.0 laptops and workstations. At the time, I was more knowledgeable than the typical MCSE of the time (back then, it was very much a paper tiger cert at the time, I understand they're better these days). Fast forward to now and I can barely get around in a Wintel server. It might as well be OSX. :)

Chris

I started with Slackware too. It was the only distro I could get to work properly with the old laptops I was using back in the 90s.


That's a very valid point. I started my IT career in the mid 90s with Windows, ultimately running a Windows-based LAN comprised of NT 4.0 server (5 of various sizes and roles), Citrix Winframe for the remote guys, and roughly 300 Win95 and WinNT 4.0 laptops and workstations. At the time, I was more knowledgeable than the typical MCSE of the time (back then, it was very much a paper tiger cert at the time, I understand they're better these days). Fast forward to now and I can barely get around in a Wintel server. It might as well be OSX. :)

Chris

OSX. Don't get me started. A bad freeware implementation from top to bottom. OSX server was the worst. There were websites dedicated to providing instructions and utilities to make it run correctly, I used them all. I remember a quote on a forum:

"Yeah, you can integrate Apple Open Directory and Active Directory. With a lot of patience and a strong drink"

All that and they made you pay $500.00 for it.

I must say, their consumer stuff looked nice and seemed to run well. The ability to clone disks with Carbon Copy Cloner and boot off of them was great. And booting in firewire mode allowed you to access a corrupted HD on another computer, that was nice too.

Linux is totally worth learning, if you are comfortable with command line stuff. If you already work with a Unix type OS, Linux is a breeze. The most recent GUI is way better than it used to be, but command line is where it's at. I've been using Ubuntu, it was recommended to me by a friend who is a kernel hacker, and seems to be a pretty well maintained distribution.


Which GUI/Window manager/desktop? Gnome, KDE, Enlightenment, XFCE, etc. etc. etc.?

I have been wanting to learn Slackware for some time, but that seems to be better on older systems, then trying to install it on a brand new system, in my limited experience. I generally use something like Lubuntu/Kubuntu, Suse, etc. for newer systems. When I started learning Linux a long time ago, there was more command line. Doesn't really have to be for most of my uses now. (basic computer needs)
That is why I want to go back to Slackware. I miss the old command line days and do feel skills slipping away as a lack of time grows.

Which GUI/Window manager/desktop? Gnome, KDE, Enlightenment, XFCE, etc. etc. etc.?

I have been wanting to learn Slackware for some time, but that seems to be better on older systems, then trying to install it on a brand new system, in my limited experience. I generally use something like Lubuntu/Kubuntu, Suse, etc. for newer systems. When I started learning Linux a long time ago, there was more command line. Doesn't really have to be for most of my uses now. (basic computer needs)
That is why I want to go back to Slackware. I miss the old command line days and do feel skills slipping away as a lack of time grows.

When I used a window manager, I liked Blackbox (on Slackware actually). However, even at home, my Linux usage is pretty much all command line via SSH. I don't even bother installing the X subsystem and a window manager.

Slackware is fine, but you don't need it just to get more command line time. You can always open a terminal window and do what you need to do there rather than using the GUI equivalents.

Chris

Oh crap that would be funny. I may ask my Tap that question just to see what the answer is. :D

Chris

Siri was a whore to the last. “Let’s check out the iTunes Store.”

Which GUI/Window manager/desktop? Gnome, KDE, Enlightenment, XFCE, etc. etc. etc.?

I have been wanting to learn Slackware for some time, but that seems to be better on older systems, then trying to install it on a brand new system, in my limited experience. I generally use something like Lubuntu/Kubuntu, Suse, etc. for newer systems. When I started learning Linux a long time ago, there was more command line. Doesn't really have to be for most of my uses now. (basic computer needs)
That is why I want to go back to Slackware. I miss the old command line days and do feel skills slipping away as a lack of time grows.

Gnome comes with Ubuntu by default, I think. On servers I only install X-Windows if I need someone else who is not command line friendly to be able to manage it. X-Windows is one more attack vector from a security standpoint. The GUI really doesn't matter for me, as long as it's stable and fairly intuitive.

True (https://en.m.wikipedia.org/wiki/2016_Dyn_cyberattack), as are virtually all "Internet of Things" devices. IoT is a freaking catastrophe with regards to information security.

This, and the smart home concept is even worse.

I've worked for companies who are deep in the AI/machine learning/IoT space. Those technologies can be useful in areas like manufacturing, but the people who create them tend to ignore unintended uses. They don’t identify a problem and solve it. They identify what a technology can do easily and cheaply, market that as a problem users need to solve, then position their product as providing that benefit to the user. Security gets thrown overboard early and often to keep costs low, so it doesn’t take a genius to weaponize these things.

As a result, the IoT and smart homes contain literally billions of unsecure devices that can be used for all manner of nefarious shit. This example https://www.wired.com/2016/10/internet-outage-ddos-dns-dyn/ concerns an attack launched from cameras, baby monitors, and home routers that took down much of the internet https://www.nytimes.com/2016/10/22/business/internet-problems-attack.html.

As we’ve seen in the wake of the 2016 election, the tech industry has a long history of ducking responsibility for collateral damage stemming from its negligence. It creates things that it doesn’t understand and cannot control, and it cranks out more of the same every day.

You don’t want the IoT or any smart home device anywhere near your personal life.


Okie John

Phone "baseband" activity shows up in a recent news segment regarding 40 wireless phone "potential spy devices (https://www.nbcwashington.com/investigations/Potential-Spy-Devices-Which-Track-Cellphones-Intercept-Calls-Found-All-Over-DC-Md-Va-482970231.html)" found in the DC area.


The device, sometimes referred to by the brand name StingRay, is designed to mimic a cell tower and can trick your phone into connecting to it instead.

The News4 I-Team asked Turner to ride around the capital region with special software loaded onto three cell phones, with three different carriers, to detect the devices operating in various locations.

"So when you see these red bars, those are very high-suspicion events," said Turner.
...
The I-Team's test phones detected 40 potential locations where the spy devices could be operating, while driving around for just a few hours.

And the recent article posted about Securus selling cell phone data... there's a new twist on the site's insecure portal (https://www.zdnet.com/article/cell-phone-tracking-firm-exposed-millions-of-americans-real-time-locations/) (that is now offline):


"Due to a very elementary bug in the website, you can just skip that consent part and go straight to the location," said Robert Xiao, a PhD student at the Human-Computer Interaction Institute at Carnegie Mellon University, in a phone call.

"The implication of this is that LocationSmart never required consent in the first place," he said. "There seems to be no security oversight here."

The "try" website was pulled offline after Xiao privately disclosed the bug to the company, with help from CERT, a public vulnerability database, also at Carnegie Mellon.

In a statement, spokesperson Brenda Schafer said the company has "confirmed that the vulnerability was not exploited prior to May 16, and did not result in any customer information being obtained without their permission," but provided no evidence to support that claim.

Xiao said the bug may have exposed nearly every cell phone customer in the US and Canada, some 200 million customers.

http://www.foxnews.com/tech/2018/05/24/amazon-alexa-records-and-shares-womans-private-conversation.html


A woman in Portland, Ore. claims that her family's Amazon Alexa smart speaker recorded a private conversation and sent it to someone on her contact list

....

She claims that after calling Amazon, an engineer on the Alexa team investigated and concurred that this indeed happened.

Are there any glaring differences between Ubu and Debian-based systems?

Since Ubuntu is Debian-based itself, I'd imagine not.

You don't know, but that's a very tall order..I'm 63, and, unlike many of you younger members here, that were literally raised with a computer , I basically taught myself, and there's sooo much I don't know how to do.. best I can offer is to text cell phone pics to somebody here who could put them up...(I'm serious) I'm debating what I should use on Alexa...hmmm, some 5.56? Or maybe a .44mag, I know, 30-06M1 ball out of a M1 that'll work.. of course we should use some 9mm just to be sure she'll never laugh at anyone again..

How about getting 5-6 good friends together, each armed with a fast-cycling semiauto 12 gauge, and launching Alexa from a skeet launcher and having all shooters engage the target with #4 buck?

With multiple video cameras recording the ensuing hilarity, of course.