Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 27

Thread: Kernel Developers Look At QR Codes For Error Messages

  1. #11
    Join Date
    Nov 2013
    Posts
    145

    Default

    Quote Originally Posted by pouar View Post
    Actually the QRcode displayed on the article is just damaged. QRcodes work best when they're just 2 colors (black and white), but this image has a bunch of shades of gray in it in several areas making it unrecognizable by the QRcode reader. This becomes obvious when you copy the image into GIMP then zoom in.
    Maybe try with this one: http://levex.fedorapeople.org/kernel...de_600x600.png
    The one in the article is compressed (funny: the original one is smaller ) and has a watermark.

    By the way, I don't have anything with a camera and a QR scanner right now, but I tried it with an online decoder and it worked.

  2. #12
    Join Date
    Jul 2012
    Posts
    797

    Default

    It didn't actually read the QR code ^^ Realized that now.

  3. #13

    Default

    Quote Originally Posted by pouar View Post
    Actually the QRcode displayed on the article is just damaged. QRcodes work best when they're just 2 colors (black and white), but this image has a bunch of shades of gray in it in several areas making it unrecognizable by the QRcode reader. This becomes obvious when you copy the image into GIMP then zoom in.
    Ok, zbarimg was able to read it, maybe my camera is just crap, although my camera read this one just fine
    http://levex.fedorapeople.org/kernel...de_600x600.png

  4. #14
    Join Date
    Sep 2011
    Posts
    703

    Default

    My Experia Z struggled a bit but was able to get it.

    I would be nice if the Kernel displayed the error using KMS on a clean screen.

  5. #15
    Join Date
    May 2013
    Posts
    570

    Default How did google know? They own your phone

    Quote Originally Posted by blackout23 View Post
    [CODE]
    Also how the actual fuck does Google know which website I was taking a photo off? Damn Google you scary!
    http://imgur.com/NmBSATQ
    Are you using a smartphone with a Google-provided or a carrier-provided operating system? If so, that's
    how Google knows. Countermeasure is to only run an OS you control, and to block Google outright in
    /etc/hosts (on a Linux-based OS) if you still get that kind of crap.

    It is very easy for Google or a phone company to drop a tracking binary with an innocuous-sounding
    name into any OS they install. CarrierIQ is a notorious example, revealed by a whistleblower from it's
    own develoment team. Carriers could even opt to use it as a keylogger.

    Remember, any operating system or hardware provided by a cellular carrier works for and is
    effectively owned by them-it is their servant, not yours.

  6. #16
    Join Date
    May 2013
    Posts
    570

    Default Automated kernel reporting must be opt-in

    Any form of automated bug reporting can be dangerous if not done on an opt-in basis. You might be on an IP address you can't admit to using or have your hardware tied to when such a bug is triggered and the report sent. Just imagine the result of a kernel crash report containing encryption keys that gete intercepted by NSA and forwarded to police. For me, that could trigger a raid (raid #2) in an attempt to beat my re-keying process. How about one sent while running TAILS to post dissident material under a military dictatorship like Egypt (where 529 protesters were just sentenced to death). People trust things like TAILS with their lives, and these are based on Linux.

    Automatic reporting by default has to be regarded as a "phone home" security hazard. That's why I go through both operating systems and browsers and disable all software that engages in network activity without an explicit request to do so on my part, automatic update checking included.

  7. #17
    Join Date
    Sep 2011
    Posts
    703

    Default

    Quote Originally Posted by Luke View Post
    Are you using a smartphone with a Google-provided or a carrier-provided operating system? If so, that's
    how Google knows. Countermeasure is to only run an OS you control, and to block Google outright in
    /etc/hosts (on a Linux-based OS) if you still get that kind of crap.

    It is very easy for Google or a phone company to drop a tracking binary with an innocuous-sounding
    name into any OS they install. CarrierIQ is a notorious example, revealed by a whistleblower from it's
    own develoment team. Carriers could even opt to use it as a keylogger.

    Remember, any operating system or hardware provided by a cellular carrier works for and is
    effectively owned by them-it is their servant, not yours.
    You completely missed the point, he never went to that website on his phone

  8. #18
    Join Date
    May 2013
    Posts
    570

    Default Did the QR code contain anything from Google?

    Quote Originally Posted by AJenbo View Post
    You completely missed the point, he never went to that website on his phone

    Did the QR code or anything in the website that was photographed contain something from Google?

    In fact, I would not trust a networked device with a QR code at all for security reasons, they are
    rather like blind, non-human readable hyperlinks. One more part of the smartphone, Facebooked
    world I have avoided.

    Also-I cannot read German, might have missed something in that image
    Last edited by Luke; 04-05-2014 at 10:23 PM.

  9. #19
    Join Date
    Sep 2011
    Posts
    703

    Default

    Quote Originally Posted by Luke View Post
    Did the QR code or anything in the website that was photographed contain something from Google?

    In fact, I would not trust a networked device with a QR code at all for security reasons, they are
    rather like blind, non-human readable hyperlinks. One more part of the smartphone, Facebooked
    world I have avoided.

    Also-I cannot read German, might have missed something in that image
    The reader shows you the human readable version and asks you if you want to proceed.

  10. #20
    Join Date
    Jun 2011
    Posts
    1,032

    Default

    Quote Originally Posted by blackout23 View Post
    Also how the actual fuck does Google know which website I was taking a photo off? Damn Google you scary!
    http://imgur.com/NmBSATQ
    My guess would be that it ran an OCR algorithm on the text and then did a search on the result it may also have scanned the QR code itself and indexed it as part of it's web crawling process, and matched it up when you scanned the code. There's honestly no reason that they wouldn't do that at this point if they detected one.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •