Yeah, looks like I was gonna respond to the other guy too, but ended up rolling both replies into the same post for some reason. lol oops.
The first part of my post is just backing up what you had said, and the second half was for the guy you were also replying to, to point out how crazy he was.
https://openwrt.org/docs/guide-user/network/wifi/relay_configuration
Major thing is to enable AP mode and that can only be enabled when you have DHCP disabled on your AP node with an IP range that doesn’t conflict with your main router. So if your main router has 192.168.1.0/24 you should choose the 192.168.2.0/24 range. Next AP should be 192.168.3.0/24, etc.
I’m not saying its contentious. I’m saying if you’re gonna be mad, be mad at the right people. And in this specific case, the retailer is probably not the only issue, so switching to another retailer really won’t help you.
I might sound like a dick, but I’m trying to help you out–telling you that even if you switch retailers, if whomever is delivering your mail is a dick, you’re not going to experience a better situation.
No way they’re on the same level. Heartbleed allowed for remote memory reads.
I professionally studied HeartBleed as a security researcher and wrote a peer reviewed opinion piece which was published. I won’t say where or the title because it would give you my full name, so deal with it. Not trying to humble-brag, just trying to say, I’ve done the research myself here.
HeartBleed was an oversight which sent out enabled by default (!) a TLS heartbeat read overrun error in OpenSSL v1.0.1 to 1.0.2-beta which allowed any third party with an internet connection the ability to request information, 64kb at a time, stored in an affected servers memory. Anything. Private keys, encryption keys, TLS private keys (imagine SSL verified MITM attacks), decrypted sensitive files (which are HDD encrypted and decrypted in memory), passwords, anything.
All’s you had to do was know how to request the information, and the server you wanted to attack. It went undiscovered for a number of months before it was found. The extension was enabled by default, and came bundled with software used on literally billions of private computing devices, servers, IoT devices, and even interstitial devices used over network connection.
Here’s an excerpt from some other security researchers on the subject, in case you don’t want to take my word for it;
We have tested some of our own services from attacker’s perspective. We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication. 1
You’re correct that they’re not on the same level, but completely backwards in thinking that an undocumented bluetooth backdoor is worse than the worst vulnerability found since the invention of the internet. HeartBleed affected hundreds of millions of critical servers. Literally billions of devices in total. How many consumer devices do you think have this exact bluetooth chip? 10,000? 100,000? 10 million? Still small peanuts in comparison.
I owned my own tech firm for 10 years or so. I setup any number of backup solutions with enterprise level HDDs. I’ve seen HDDs packaged impeccably. I’ve seen them come in a cardboard box with absolutely no protection and it’s an absolute crap shoot no matter what. As a matter of fact, there’s a HDD connected to a NAS attached to the computer I’m typing this out on that’s been working for over 8 years non-stop and it was one that just came direct in a cardboard box. Didn’t have a lick of paper or bubble-warp in it.
I’m not telling you not to be critical of retailers who don’t properly protect the things you buy. I’m telling you to measure your response because at the end of the day they’re incredibly fragile no matter how they’re packaged. Properly packaging doesn’t mean you’re going to get a 100% success rate. If you’re that worried about it, then find a local retailer and don’t buy them online.
I have a robust system to package those orders correctly
This is my point. You can package your electronics as good as you want, but when it comes to hard drives, if the middle man decides to play ice hockey with your package it doesn’t matter. If you want to blame something blame Newton’s second and third Laws of Motion. 🤷♂️
This isn’t the fault of retailers. Shipping things is hard. It entirely depends on the people in transit willing to do their jobs, and sometimes you just don’t get lucky.
HeartBleed level.
You better not try and take over Korea, or we’ll put you in prison for 2 weeks! /s
Does that run on top of next cloud or can I run it independently of next cloud?
So anyways, that’s the impact one of these “pointless” boycott posts had on me.
I didn’t say they were pointless. I say they don’t do anything. What does do something is this;
I ended up cancelling my Prime subscription
That’s it. You “buying a ton” on amazon is small peanuts in the grand scheme. Even if you buy a lot amazon is only making a percentage of whatever you spend. Something like 30%. So even if you spend $10k in a year, they make $3,000 net and have to deduct for the cost of getting those items to you. When all the financials are worked out, it’s next to nothing.
The price of their subscription service is their e-penis. They get to say “500 million people pay for Amazon Prime!” @ $139/yr is $69.5 billion. You can buy nothing and they can still survive… But if you stop paying for Prime they lose their e-penis, which affects their stock price, which loses them bargaining rights with their suppliers and ultimately can affect the price of Prime itself.
It’s the surest way to kill them.
Boycotts like this do nothing because the people most willing to “participate” are people who already don’t purchase from Amazon. Even if you were able to get a critical mass of people to participate for even 3 months. So what? Amazon will post 1 bad quarter and then things go back to business as usual. Nothing happens. They don’t even really lose any money. At least none out of pocket, of which they have plenty for things such as this.
Amazon is a subscription model. You want to hurt them, then hurt their subscriptions. Don’t boycott them, cancel Prime.
The problem with boycotts like this, is they do essentially nothing… A single day, week, or even a full month of boycotts can only be successful if a critical mass of people do it at once. And frankly, they’re not going to get that.
The people most likely to boycott Amazon and the like are people whom already don’t purchase things from Amazon, or lightly do it. Amazon if fine with that, because eventually people go back to buying. So what, they’re gonna post one bad quarter? Small price to pay for doing business.
You can’t boycott evil businesses. You have to stop using them entirely. Forever. And most people simply aren’t willing to.
I dumped Google photos for self hosted immich and it’s been great.
I went to install immich but it was very heavy… I don’t need AI in a selfhosted Google Photo’s replacement.
Ultimately won’t matter. Even if he’s impeached (again) he has too many bootlickers/supporters/fear mongers in the Senate to convict him. It simply won’t happen.
Bulgaria, Hong Kong, Luxembourg, Malaysia, Netherlands, Russia, Cyprus, Moldova, Romania, Ukraine, Singapore, and Sweden. They all spit in the eye of DMCA.
VPS in any of these countries, or just find a provider that doesn’t care about torrenting. If you go the VPS option, run your own VPN and just look for a VPS that allows considerable traffic. A quick example, Ultahost (Netherlands) offers a VPS with unlimited bandwidth for $7/mo if you pay for 3 years in advance. Like sure, now you’re paying to torrent, but I would rather pay $7/mo to protect myself with a VPN that I control vs worrying about port forwarding and getting DMCA’s in the mail. 🤷♂️ I guess it depends on how much skin you want in the game.
Then definitely don’t follow my advice. lol I have no idea what french law is.
HelloRoot is correct. You should not have deleted anything. You should have simply shutdown the server and contacted the FBI (not the police). Child porn is a serious federal offense and because they committed the offense across state lines (or aren’t in the US at all), FBI wold have jurisdiction. Because you deleted the evidence (a crime, by the way) there’s nothing for them to go on now.
If this ever happens again, shut down the server so no one can connect, and contact the FBI Criminal Division who has their own child crimes division that specifically deals with child pornography.
WE’RE SAVING HUNDREDS OF MILLIONS BY CUTTING SOCIAL PROGRAMS TO THROW THE WORKING POOR TO THE WOLVES TO REDO STUDIES THAT HAVE BEEN DONE HUNDREDS OF TIMES BECAUSE THEY DON’T COME TO THE CONCLUSIONS WE WANT!
It’s only this specific chip that is affected. It’s not all bluetooth chips. The article doesn’t even specify which of their tens of chips is affected; ESP32-D0WD-V3, ESP32-D0WDR2-V3, ESP32-U4WDH, ESP32-PICO-V3, ESP32-PICO-V3-02, or the ESP32-PICO-D4.
Even if it were all of them, and even if it were hundreds of millions of devices it would still pale in comparison to HeartBleed in all aspects. It’s an interesting but sophisticated attack vector which severely limits its usage. But lets say you execute a MITM attack from one of these ESP32 chips. What are you feasibly able to do? A MITM attack? Considering these are all low power devices its extremely unlikely that they would be able to output enough power to overtake your home AP. Without doing more research on it, the actual attack surface is opaque. I mean, I guess a guy in China can remotely turn on your sprinklers or get your WiFi password… Lot of good that’s gonna do him from China.