Ask Noah Show

Ask Noah Show 432

Listen

Cast

Steve OvensSteve OvensNoah J. ChelliahNoah J. Chelliah

Description

This week the news of an "ESP backdroor" spread around the internet like wildfire. We dig into the technical details as to what happened, and what if any, the risk is.
-- During The Show --
00:52 Intro
Thank you for visiting at Scale
Weather
Cutting Silicon Wafers
YouTube Video (https://m.youtube.com/watch?v=WHmRj2mZ-dk)
Sleuth - Live
Ham Radio Liscnse Address requirement
ARRL Privacy (https://www.arrl.org/fcc-licensee-privacy)
Private Mail Box
Nomads With a Purpose (https://www.nomadswithapurpose.com/south-dakota-residency-full-time-rv/)
Dakota Post (https://www.dakotapost.net/)
America's Mailbox (https://americasmailbox.com/south-dakota-residency/)
QSL Cards
09:15 HVAC follow up - Ziggy
Boiler Heat
Equipment Interface Module
How boilers work
ESP32
Pull the old thermostat
Be careful making changes on the boiler
Venstar Thermostats (https://venstar.com/thermostats/colortouch/)
Honeywell Intrusion (https://www.amazon.com/Honeywell-Intrusion-TH6320ZW2003/dp/B07H5FR7WL/)
21:49 Fedora on PI Boot Problems - Mark
Other people report Fedora "hangs" on Raspberry Pi 4
Try it on another pi
Raspberry Pi 5
27:16 News Wire
Samba 4.22 - samba.org (https://www.samba.org/samba/history/samba-4.22.0.html)
Pipewire 1.4 - gitlab.freedesktop.org (https://gitlab.freedesktop.org/pipewire/pipewire/-/releases/1.4.0)
Thunderbird 136 - thunderbird.net (https://www.thunderbird.net/en-US/thunderbird/136.0/releasenotes/)
Firefox 136 - mozilla.org (https://www.mozilla.org/en-US/firefox/136.0/releasenotes/)
Ubuntu Touch OTA 8 - ubports.com (https://ubports.com/en/blog/ubports-news-1/post/ubuntu-touch-ota-8-release-26)
ExTix 25.3 - linux.exton.net (https://linux.exton.net/extix-25-3-kde-plasma-and-the-ubuntu-desktop-together-with-waydroid-waydroid-lets-you-launch-a-complete-android-system-on-linux-with-gapps-build-250305/)
Tails 6.13 - torproject.org (https://blog.torproject.org/new-release-tails-6-13/)
Garuda Linux Broadwing - opensourcefeed.org (https://www.opensourcefeed.org/garuda-linux-broadwing-release/)
Malicious Go Packages - thehackernews.com (https://thehackernews.com/2025/03/seven-malicious-go-packages-found.html)
Alibaba qwq - venturebeat.com (https://venturebeat.com/ai/alibabas-new-open-source-model-qwq-32b-matches-deepseek-r1-with-way-smaller-compute-requirements/)
Light-R1-32B - venturebeat.com (https://venturebeat.com/ai/new-open-source-math-model-light-r1-32b-surpasses-equivalent-deepseek-performance-with-only-1000-in-training-costs/)
EFF Rayhunter - eff.org (https://www.eff.org/deeplinks/2025/03/meet-rayhunter-new-open-source-tool-eff-detect-cellular-spying)
28:38 Software Freedom Conservancy Interview
Denver Gingerich - Director of Compliance
OpenWRT One (https://sfconservancy.org/activities/openwrt-one.html)
Powered over PoE
$10 of purchase price goes to OpenWRT
Target audience
Un-brickable
Made by BananaPi
36:10 Considering OpenWRT One
Steve for family?
On par with any consumer router
OpenWRT vs OPNSense
Very well put together
39:35 ESP32 "Backdoor"
The basics
Wireless has to talk
What the company did
opcode3f
Undocumented Commands
0xFC30 - Register Read
0xFC31 - Register write
0xFC32 - Set MAC Address
0xFC07 - Write Flash
0xFC08 - Read Flash
0xFC0E - Send LMP Packet (different layers of the bluetooth stack)
What they are not telling you
Much to do about nothing
Ycombinator.com (https://news.ycombinator.com/item?id=43330331)
Espressif Response (https://www.espressif.com/en/news/Response_ESP32_Bluetooth)
Dark Mentor (https://darkmentor.com/blog/esp32_non-backdoor/)
46:37 Vizio Lawsuit
SFC filed Oct 19 2021
Vizio tried to move the lawsuit
Going to trial in this year in Oct
SFC became a hardware manufacture to avoid fighting these lawsuits
51:00 Steve's eBook Tinkering
Started to help ChrisLAS
Extending the program
-- The Extra Credit Section --
For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard!
This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/432)
Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah)
Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix (https://element.linuxdelta.com/#/room/#geeklab:linuxdelta.com)
-- Stay In Touch --
Find all the resources for this show on the Ask Noah Dashboard
Ask Noah Dashboard (http://www.asknoahshow.com)
Need more help than a radio show can offer? Altispeed provides commercial IT services and they’re excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show!
Altispeed Technologies (http://www.altispeed.com/)
Contact Noah
live [at] asknoahshow.com
-- Twitter --
Noah - Kernellinux (https://twitter.com/kernellinux)
Ask Noah Show (https://twitter.com/asknoahshow)
Altispeed Technologies (https://twitter.com/altispeed)