404 Media neglected to link to her website, which is https://ada-ada-ada.art/

Funny that blog calls it a “failed attempt at a backdoor” while neglecting to mention that the grsec post (which it does link to and acknowledges is the source of the story) had been updated months prior to explicitly refute that characterization:

5/22/2020 Update: This kind of update should not have been necessary, but due to irresponsible journalists and the nature of social media, it is important to make some things perfectly clear:

Nowhere did we claim this was anything more than a trivially exploitable vulnerability. It is not a backdoor or an attempted backdoor, the term does not appear elsewhere in this blog at all; any suggestion of the sort was fabricated by irresponsible journalists who did not contact us and do not speak for us.

There is no chance this code would have passed review and be merged. No one can push or force code upstream.

This code is not characteristic of the quality of other code contributed upstream by Huawei. Contrary to baseless assertions from some journalists, this is not Huawei’s first attempt at contributing to the kernel, in fact they’ve been a frequent contributor for some time.

Wasn’t Huawei trying to put a Backdoor into linux?

as far as i know, that has not happened.

what makes you think it did?

fremdscham++ 😬

headline was more exciting before i read the last four words of it

Or you could just… learn to use the modern internet that 60% of internet traffic uses? Not everyone has a dedicated IPv4 anymore, we are in the days of mobile networks and CGNAT. IPv4 exhaustion is here today.

Where are you getting 60%? Google’s IPv6 Adoption page has it under 50% still:

(while other stats pages from big CDNs show even less)

If you have ::/0 in your AllowedIPs and v6 connections are bypassing your VPN, that is strange.

What does ip route get 2a00:1450:400f:801::200e (an IPv6 address for google) say?

I haven’t used wireguard with NetworkManager, but using wg-quick it certainly adds a default v6 route when you have ::/0 in AllowedIPs.

You could edit your configuration to change the wireguard connection’s AllowedIPs from 0.0.0.0/0 to 0.0.0.0/0,::/0 so that IPv6 traffic is routed over it. Regardless of if your wireguard endpoint actually supports it, this will at least stop IPv6 traffic from leaking.

ipv4 with an extra octet

that was proposed as “IPv4.1” on April 1, 2011: https://web.archive.org/web/20110404094446/http://packetlife.net/blog/2011/apr/1/alternative-ipv6-works/

Like… okay… I know this is me in the new brain, I’ll shut down the other one.

the other one: i’m pretty sure you’ve got it backwards, pal

I was referring to the “This is actually a good sign for self driving” part of their comment.

The captcha circumvention arms race has been going on for over two decades, and every new type of captcha has and will continue to be broken as soon as it’s widely deployed enough that someone is motivated to spend the time to.

So, the notion that an academic paper about breaking the current generation of traffic-related captchas (something which the captcha solving industry has been doing for years with a pretty high success rate already) is “good news” for the autonomous vehicle industry (who has also been able to identify such objects well enough to continue existing and getting more regulatory approval for years now) is…

i hope you’re joking. please, tell me you’re joking?

I wish we’d stop calling them “exploding batteries”. The battery isn’t the explosive, it’s the explosives that were hidden in the device.

Do you want to stop calling them exploding pagers too? How about other exploding things? And what should https://en.wikipedia.org/wiki/2024_Lebanon_pager_explosions be renamed to? Maybe 2024 Lebanon explosions of explosives inside of pagers? 🙄

Right, so why are you editorializing the title to say something that the article in fact does not say?

The title is a copy+paste of the first sentence of the third paragraph, and it is not misleading unless you infer “exploding batteries” to mean “exploding unmodified batteries”. But, the way the English language works, when you put explosives inside an XYZ, or do something else which causes an XYZ to explode, it becomes an “exploding XYZ”. For example:

• https://en.wikipedia.org/wiki/Exploding_animal
• https://en.wikipedia.org/wiki/Exploding_cigar
• https://en.wikipedia.org/wiki/Exploding_pagers
• https://en.wikipedia.org/wiki/Exploding_trousers
• https://en.wikipedia.org/wiki/Exploding_watermelon
• https://en.wikipedia.org/wiki/Exploding_whale

The fact that bombs are explosive is not revolutionary or all that interesting.

That fact also is not what the article is about.

sometimes a cigar is just a cigar

(@Ilovethebomb@lemm.ee:) Just to be clear, the pager thing wasn’t exploding batteries, they had apparently been modified at the production level to have explosives in them, which could be triggered by the pager system itself.

(me:) Did you read the article? It sounds like you didn’t.

(you:) The article literally talks about inserting an explosive layer inside the battery at production. Just like the comment said.

I am really curious: can you tell me, do you actually think the first commenter in fact read the article and was agreeing with its suggestion that the batteries could have been manufactured with explosives inside of them?

(you): It isn’t “any batteries can explode”.

Nobody claimed that, but in retrospect I guess I can see how, read alone, the pull quote I selected from the article to be the title of this post could be interpreted that way.

Of course not, what did you expect?

I encourage you to, it’s pretty interesting.

i encourage you to re-read the original comment in this thread after reading the article 😂

You are inferring what someone meant, and then applying some super pedantic reasoning.

I think I am inferring correctly, especially since the person you’re talking about replied “of course not” to my question about if they read the article.

Since apparently many people aren’t reading the article: It is about how cheap it actually is (eg $15,000) to buy a complete production line to be able to manufacture batteries with a layer of nearly-undetectable explosives inside of them, which can be triggered by off-the-shelf devices with only their firmware modified.