to use this method of scraping, logging in with a premium account is required.
so either they found a way around that lock, but not the quality lock, or they just decided 160k is good enough (it generally is), and decided to stick with that for filesize & bandwidth savings
I assume they didn't intend to put a mic on the KVM product, but they wanted to make a KVM product, already had this SBC product, which reusing their existing stock of helped keep cost low.
Should they have been more up front about it it? Sure, and it's not great that they had a bunch of security issues in the FW anyway, so not exactly great, but "hidden microphone in a Chinese KVM" lets the mind wander
Given it's history I suspect there is nothing malicious going on here, just a Chinesium approach to building something. Security isn't documented so it's made of tissue paper.
It doesn't strike me as that useful to have a hidden microphone in a KVM product as most of the time, they're going to be stuck in server rooms with just lots of fan noise to record.
Far more of an issue would be any kind of keylogger built into the software, which is why it's best to go for devices that support open source software.
You can exfiltrate data from a machine which is not connected to the KVM. A high-security machine may be even air-gapped most of the time, but be physically nearby.
I don’t think too many of these devices will end up in server rooms as opposed to home labs. And the ones that do end up in a datacenter are very unlikely to be allowed to ever reach the internet.
If the microphone was used for exfiltrating data, it would work against random targets that happened to let the KVM connect to the internet, and who have a nearby machine infected with some malware. That kind of non-targeted attack can be damaging but is semi-useless to the attacker.
The KVM just uses a devboard that's also sold separately and just happens to have a microphone, given how cheap the mics are having one extra SKU would probably just cost them more than savings.
Also I wouldn't really consider it "server room" product. Pretty much any new server has KVM, this is more "a hobbyist needing KVM for their home server"
I can't recall seeing any server that includes KVM-over-IP, but instead they have some shitty remote access controller (e.g. Dell iDRAC) that is buggy as hell and requires a subscription to even get working.
A long time ago (maybe in the mid-90s) I knew an elderly radio amateur who could not just "copy" CW by ear, but also RTTY. He could also pretty much tell what a teleprinter was printing just by listening to the noises it made, like he'd be facing away from it on the other side of the room reading out entire words from what was coming through.
Apparently in the 50s when he did his National Service he'd been in the Signals but "not in the regiment that's on his papers", make of that what you will.
I have noticed that with PSK modes and particularly PSK31 you can hear "CQ CQ CQ" as a distinctive pattern much in the same way as it is with CW.
IBM spent a fortune developing ATM keypads that - when correctly mounted - had keys that made the exact same noise no matter how you pressed them or how worn they were.
So I don't doubt that someone suitably clever could extract audio from a room and work out what was being typed.
One really-cool way to solve that problem is to embed a 7-segment LED under each keycap. You walk up to the keypad and the 0-9 digits appear in random order. No one can shoulder-surf, look for wear or IR emission from the buttons, or train on the click sounds.
Dell had those on every lab door in the building back in the early 90s. You felt like 007 every time you punched in your access code. I've never seen them anywhere since.
And now days I can't put in my card's pin without 10 overhead cameras aimed at the register area. All the cameras of which are network-connected, video stored persistently, and high res/fidelity enough to here the little beeps as I press the keys, and to know that I've hit the enter because the screen indicates it immediately. But then Dell cared about its own security, and the grocery store doesn't give a single shit about whether my life is ruined by identity theft.
That's why I always cover the pin pad with my other hand (probably also holding my wallet) when putting in a pin. However, I think the more likely scenario to defend against is shoulder surfers - the pin by itself is useless until combined with the card, so physical presence is needed to lift the card from me.
The Austin airport has, or used to have, such keypads in places. (Doors from the baggage carousel area through to the airside ground staff areas, for example.)
Maybe. They were necessarily very cagey about it back then, but I might have some documentation kicking about in storage. I tended to keep copies of every service manual I could get my hands on back then.
It would take an especially perverse mind to keylog using audio on a KVM, though. The KVM basically has access to everything, any secondary spying using a microphone or a camera would provide very little added value.
They mean the K in KVM could trivially have a keylogger. For the computers attached to that KVM. Audio is for logging for computers not attached to the device in question. Which could be up to and including a whole server room save a couple machines.
Ultrawideband never caught on because it turns out that the speed of light and sound in air is frequency dependent, so you have to know the distance to the target pretty accurately and then skew the signal to send or receive. (Imagine a phased array antenna but also with a frequency domain to work out as well).
But that doesn’t mean you can’t make it function in a loud server room. The whole point of it is working in and around noise.
Depends on what part of the hardware or software stack you're talking about. In general, yes there Chinese software and hardware components. This BSP looks like it was an international effort.
You might be right but I think we cannot assume malice when it could be laziness.
It might be that the exact same board has multiple target audiences and they just rebrand it for different purposes with different pricing.
That said, the microphone is so weirdly positioned that it gets suspicious indeed.
Microphones and LEDs have been used famously for side channel attacks and also to circumvent air gaps. From a Least Power point of view this is troubling.
I'm completely fine with there being a microphone in the thing. It's literally a remote eyes/hands interface, so it being an eyes/ears/hands interface is perfectly acceptable.
not sure, but i'm getting the sense that they're annoyed that someone is expressing themself on their own personal blog and not being Professional enough
> That's why there is such a thing as a React compiler - a good sign that you're not writing JS, which doesn't have compilers.
You say that like it's a bad thing - but it didn't stop Babel or TypeScript from being popular, both of which need a compiler. And being honest, I don't like extra tools in my chain, which is probably why I don't use React proper, but that proves you don't need anything React specific for anything other than optimisation
The only syntax you really want for React is JSX. Which is just because writing React.createElement("div" ...) every time is unergomomic. JSX isn't specific to React. It could easily be a language feature, in fact it is an OOTB language feature of TypeScript.
> React is full of magic syntax that looks like functions, but e.g. you can't call them inside an if statement
They look like function calls, because they are. They're not "magic syntax", and in fact, those rules are explicitly because theres no way around that without implementing special syntax
afaik the app isn't open source, i'm required to login with Google/Apple, and theres very little information in the app about security, and plus, running models like DeepSeekR1 and Llama70B aren't cheap, so you've gotta be getting money from somewhere, right?
> A single .ico file can contain multiple icons with different dimensions.
and as far as I know, no browser will download partial ico files. So the bytes saved by not including a link tag is immediately reversed by the browser having to download your 16x, 32x, 64x, 128x and 256x ico when it only wants the 16x
Cool, sure, good, probably not. I've never played Halo so I didn't entirely know what I was doing (do I shoot the blue guys too? it's not letting me through so I guess I do), and I don't doubt people couldn't even get what it meant by shoot. And god forbid anyone with disabilities that affects their mouse accuracy, or needs a screen reader tries to use it
Haven't looked at the devconsole but it'd probably be easily bypassed by someone dedicated.
Agree on the first part, but for the second... I think it depends on what your threat model is.
If you want to stop a dedicated attacker ready to spend time to attack your site, it won't work, but nothing will. If you want to stop a generic bot going over the internet and submitting all forms it finds with spam, this will work, and might even work better than wide-spread solution for which the bot has a countermeasure.
It has the advantage of being novel for the user rather than doing the same Google/Cloudflare/... CAPTCHA for the 10th time that day.
Apple Music have an API, by technicality. It's mostly read only, only really works in client side JS, uses their own proprietary authentication rather than OAuth, mostly readonly with the only exception of being able to create playlists for a user, and then add songs to a playlist
so either they found a way around that lock, but not the quality lock, or they just decided 160k is good enough (it generally is), and decided to stick with that for filesize & bandwidth savings