1. 2

    I guess I should be thankful that my circuit breaker just cuts off electricity when there is too much load so it is like a forced reboot at least once a month.

    The FBI recommends any owner of small office and home office routers reboot the devices to temporarily disrupt the malware and aid the potential identification of infected devices. Owners are advised to consider disabling remote management settings on devices and secure with strong passwords and encryption when enabled. Network devices should be upgraded to the latest available versions of firmware.

    I would like to learn more about this. I am pretty sure Verizon has a backdoor to my WiFi router FiOS-G1100. Does anyone else have this router? What do you see when you go to http://myfiosgateway.com/#/monitoring ? I see

    UI Version: v1.0.294 Firmware Version Model Name: FiOS-G1100 Hardware Version: 1.03

    1. 2

      Access to your router is likely not publicly routed. I can’t access that web page (connection failed).

      1. 1

        Ah, I should have mentioned you need to be at home behind your FiOS F1100 router, log in and click on system monitoring on the top right corner.

        Here’s the router/modem in question: https://www.verizon.com/home/accessories/fios-quantum-gateway/

      2. 1

        Why do you think Verizon has a backdoor?

        1. 2

          They along with other ISP’s took tens to hundreds of millions to backdoor their networks for NSA. That was in leaks. You should assume they might backdoor anything else.

          1. 1

            Got a link to the specific leaks?

            1. 1

              Forbes article.

          2. 2

            Once man’s backdoor is another man’s mass provisioning service.

            1. 1

              Maybe I used an incorrect technical word. I meant to say I think they can remotely access and configure the modem / router.

              1. 1

                ISP’s backdooring home routers isn’t unknown, where here I use ‘backdooring’ to mean “ISP can log in and make changes even though most home users don’t know they can do this”. Some use it to push out router firmware updates (for their preferred models).

              1. 1

                Thank you so much! This video and the sources in it is exactly what I need to start understanding this.

              1. 6

                If you study Chinese, you use Pleco. If you don’t study Chinese, then you probably have never heard of Pleco.

                1. 4

                  I’ve never found a better app for another language period. Every serious Chinese learner will download this app after a year. No ads, extensive dictionary, writing input, long form text reader, powerful flash card engine, all for free. It’s so popular here in China among waiguoren that we even use Pleco as a verb.

                  Not just for iOS though, the Android version is the same.

                1. 1

                  This is very exciting! I hope that it isn’t too hard to develop external modules that would slip right into the PCI slot.

                  1. 9

                    Articles from Motherboard are usually sensationalistic and thin on details. Let’s maybe not give them space here? HN is better for tech news.

                    1. 8

                      I’d agree that Motherboard and other Vice publications are usually sensationalistic, but this article in particular compiles information that can’t be found elsewhere, including an interview with the involved parties. But I agree also that this is “pop tech news” and HN is a better space for it. There could be some tag for articles like it and a corresponding hotness tweak, but maybe it’s better as an unwritten rule here.

                    1. 15

                      Part of the struggle for us adopting something like rust internally is the syntax is too complex.

                      Even the “hello world” example:

                      fn main() {
                          println!("hello world")

                      Involves understanding what a macro is vs. a normal function call. The cognitive overhead of the language is a huge barrier and something we’ve eschewed for golang.

                      1. 20

                        I hear you; we strive to not make Rust more complex than it has to be; unfortunately, the job it’s attempting to do is inherently complicated. A big focus of this year was on lowering the learning curve; it hasn’t all landed yet though.

                        That said, I’d hope that this particular example isn’t the biggest barrier, it boils down to “macros have a ! at the end.” In my ~five years with Rust, I’ve written exactly two macros, and they were less than 5 lines, and I mostly copy/paste/tweak’d them. They’re so minor we are even putting them in an appendix of the book, rather than giving them their own chapter.

                        That said, use the tools that work for you! Rust isn’t for everyone, and that’s 100% okay.

                        1. 4

                          As I said above I think really good libraries will help a lot with this, but in a sense @bigdubs is saying what I was trying to say but more eloquently. I look forward to seeing the results of all the awesome work the Rust community is doing to ease the onboarding experience and smooth out the learning curve.

                        2. 4

                          Sorry to be kinda pendantic, but it’s wrong to say that for the hello world example, rust is more complicated than other languages such as golang which you mentioned. Compare the two:

                          package main // What's a package?
                          import "fmt" // Why do I need to import something to print to the screen?
                          func main() {
                              fmt.Println("hello world") // Why do I need to prefix this with fmt? Why is Println capitalized?

                          To be fair I’ve never coded in rust and absolutely love coding in go for its simplicity and functionality, but your example doesn’t make a good comparison

                          1. 2

                            you can use println in golang w/o the prefix / package name.

                            in action here: https://play.golang.org/p/y5XX4RDTW5

                            further what you’re nitting is “what is a package” which is a feature of the language you will have to explore countless times, vs. macros which as steve said are a niche feature of the rust language.

                            there is still plenty of magic with golang though. the thing that tripped me up personally at first was lower case letters on structs == package private, which is a weird isolation level to begin with but even then the only thing that governs the protection is the first letter of a name.

                            1. 1

                              As an aside, according to the golang spec, one should not rely on println. “These functions are documented for completeness but are not guaranteed to stay in the language”

                        1. 9

                          Just a useful tip – You can run it in an ssh session by setting PRINT_MODE:TEXT in the init.txt. Since dwarf fortress is so poorly optimized, it’s nice to be able to put it on a beefy server in a tmux session so your laptop won’t overheat.

                          1. 4

                            Personally I don’t think this post has relevance to this site. It’s important news, but this isn’t a general news website. Any links to tech are secondary and the tags are a stretch.

                            It would be more appropriate if this was a secondary article discussing specifically the security factors of the event, about how they used neo4j to graph relationships, a specific focus on tech company tax avoidance or Russia’s effects on Twitter/Facebook, the ethical aspects of online anonymity and leaks, or something more in-depth with a focus on technology. Until content like that is created this generally news and discussion can be found on other sites.

                            1. 2

                              That’s a fair criticism. As noted in my text about the news, I wanted to discuss the part related to tech companies. If people don’t want to discuss it, they can downvote this article and we can move on.

                            1. 4

                              Sounds good so far! It would be better if you had some reading material that you could include in the podcast description.

                              1. 2

                                Noted, will be sure to include some links to reading material in future episodes :)

                              1. 3

                                As a new Mastodon user: Does anyone have users that they enjoy following?