In the last months, I've got access to a Qidi X-Max FDM 3D printer. Since this is the first 3D printer to which I have direct access, I've spend some time in figuring out how it works and which problems it might have - and then trying to solve some of them.
Recovering eQ-3 CC-RT-BLE 1.44 Update
The eQ-3 CC-RT-BLE is a decent electronic thermostat with bluetooth low energy support. But everyone who ever used python-eq3bt should have noticed that the devices don't need any kind of pairing. It was therefore possible to talk to them (when in range) without any kind of authorization. The pairing PIN used in the calor BT app was only verified inside the app itself - most likely as an additional check to avoid adding the wrong device.
Steganography in svenomenal's steganoV2
There are many different tools and algorithms used to hide secrets in other documents. Unfortunately, not all of them are open and documented. But this doesn't seem to harm the reputation of Windows only tools like Stegano.Net in the context of recreational activities like Geocaching. The overview about the principle of this specific software should allow the user to extract its previously stored data without depending on closed software and make it possible for the interested reader to decide whether this is really such a good "privacy" tool.
Domain based proxy selection on NAT-routers
IntroductionΒΆ
It seems to become normal for service providers in the world wide web to reduce their functionality when the user is not accessing the service through the "right" IP range. This usually reflects the license agreements the service provider has with the actual content producers or copyright holders in this specific region. There are many well known users of GeoIP based restrictions, e.g. YouTube, Netflix or Hulu.
- YouTube
The (currently) monopolistic collecting society in Germany and Google don't seem to be able to find acceptable conditions for both parties to correctly license the music in YouTube videos. This is especially problematic because GEMA can currently just assume that it has to receive royalties even without proving that the music is covered by the GEMA catalogue. Google started to block music videos in Germany as countermeasure against possible copyright claims (and maybe to create awareness of the problem).
- Netflix
Netflix seems to be the biggest Video-on-Demand service at the moment. There are even rumors about Netflix planning to expand to more european states in the near future. But the UK version of Netflix already showed that it doesn't have world-wide streaming rights for its complete portfolio.
- Hulu
Hulu is a free (ad-supported) streaming service with many content partners. Interestingly, it tries to provide access to person in foreign countries. These are for example U.S. military bases outside the U.S. or Japan. It easily shows that these IP restrictions not only work on large entities like countries and they are not necessarily limitations of the infrastructure.
There are many other reasons for a IP based block/restriction by a service provider. I will concentrate here on a very specific case: increasing security by reducing the attack vector. (I will not discuss whether this is a good strategy by the service provider)
Many projects were started to provide easy one-click solutions to avoid such IP restrictions on every kind of device. Unfortunately, these products are often extreme limited to a specific service (the ones mentioned above). Also the servers used as proxy are not the ones I would trust with sensible data. This makes them useless for my actual problem.
Signed upstream tarballs in Debian
In the past numerous file distribution servers were attacked and the attacker replaced a release tarball/zip with a modificated version including a backdoor. Usually the distributions use some kind of signatures to avoid such an attack against their own infrastructure but this doesn't include the initial retrieval of the source code from upstream (usually done through the tarballs).