Originally posted by Luke
View Post
Announcement
Collapse
No announcement yet.
Kernel Developers Look At QR Codes For Error Messages
Collapse
X
-
Automated kernel reporting must be opt-in
Any form of automated bug reporting can be dangerous if not done on an opt-in basis. You might be on an IP address you can't admit to using or have your hardware tied to when such a bug is triggered and the report sent. Just imagine the result of a kernel crash report containing encryption keys that gete intercepted by NSA and forwarded to police. For me, that could trigger a raid (raid #2) in an attempt to beat my re-keying process. How about one sent while running TAILS to post dissident material under a military dictatorship like Egypt (where 529 protesters were just sentenced to death). People trust things like TAILS with their lives, and these are based on Linux.
Automatic reporting by default has to be regarded as a "phone home" security hazard. That's why I go through both operating systems and browsers and disable all software that engages in network activity without an explicit request to do so on my part, automatic update checking included.
Leave a comment:
-
How did google know? They own your phone
Originally posted by blackout23 View Post[CODE]
Also how the actual fuck does Google know which website I was taking a photo off? Damn Google you scary!
http://imgur.com/NmBSATQ
how Google knows. Countermeasure is to only run an OS you control, and to block Google outright in
/etc/hosts (on a Linux-based OS) if you still get that kind of crap.
It is very easy for Google or a phone company to drop a tracking binary with an innocuous-sounding
name into any OS they install. CarrierIQ is a notorious example, revealed by a whistleblower from it's
own develoment team. Carriers could even opt to use it as a keylogger.
Remember, any operating system or hardware provided by a cellular carrier works for and is
effectively owned by them-it is their servant, not yours.
Leave a comment:
-
My Experia Z struggled a bit but was able to get it.
I would be nice if the Kernel displayed the error using KMS on a clean screen.
Leave a comment:
-
Originally posted by pouar View PostActually the QRcode displayed on the article is just damaged. QRcodes work best when they're just 2 colors (black and white), but this image has a bunch of shades of gray in it in several areas making it unrecognizable by the QRcode reader. This becomes obvious when you copy the image into GIMP then zoom in.
Leave a comment:
-
Originally posted by pouar View PostActually the QRcode displayed on the article is just damaged. QRcodes work best when they're just 2 colors (black and white), but this image has a bunch of shades of gray in it in several areas making it unrecognizable by the QRcode reader. This becomes obvious when you copy the image into GIMP then zoom in.
The one in the article is compressed (funny: the original one is smaller ) and has a watermark.
By the way, I don't have anything with a camera and a QR scanner right now, but I tried it with an online decoder and it worked.
Leave a comment:
-
Code:see this capability as well and would speed up some processes. Right now it looks like the de se OR-packaged errors are currently getting the OR support into order. e interested in finding more about this tentative work to package Linux kernel oops panic messag ings tread obviously this work is already out the immf
Also how the actual fuck does Google know which website I was taking a photo off? Damn Google you scary!
Leave a comment:
-
Originally posted by baracca View PostIt is indeed a great idea but it will need to add something to enable/disable/test it.
Example: my cellphone was not able to acquire the QRcode in the Phoronix article (too much screen flickering). I also tried every possible zoom, without success.
Thanks to Haiku OS for its "prior art". Any good idea always sees a bunch of patent trolls trying to monetize it.
Leave a comment:
-
Originally posted by asdfblah View PostHuh, I remember thinking about this when reading the systemd stuff. It's interesting, but... there are many QR readers running vulnerable libraries, so it looks like a good way to lure unsuspecting users into installing malware in their phones... so, no, thanks :/
That's a Goldberg-tier way of distributing some malware. Attacking the huge intersection of smartphone-using Linux users who report kernel bugs using their phone.
1. Create a kernel patch that forms such malware in the QR output and causes a kernel oops.
2. Get said patch upstream, or atleast in Ubuntu.
3. ???
4. Profit
Leave a comment:
Leave a comment: