Description

This week the news of an "ESP backdroor" spread around the internet like wildfire. We dig into the technical details as to what happened, and what if any, the risk is.

-- During The Show --

00:52 Intro

• Thank you for visiting at Scale
• Weather
• Cutting Silicon Wafers
• YouTube Video

Sleuth - Live

• Ham Radio Liscnse Address requirement
• ARRL Privacy
• Private Mail Box
  • Nomads With a Purpose
  • Dakota Post
  • America's Mailbox
• QSL Cards

09:15 HVAC follow up - Ziggy

• Boiler Heat
• Equipment Interface Module
• How boilers work
• ESP32
• Pull the old thermostat
• Be careful making changes on the boiler
• Venstar Thermostats
• Honeywell Intrusion

21:49 Fedora on PI Boot Problems - Mark

• Other people report Fedora "hangs" on Raspberry Pi 4
• Try it on another pi
• Raspberry Pi 5

27:16 News Wire

• Samba 4.22 - samba.org

• Pipewire 1.4 - gitlab.freedesktop.org

• Thunderbird 136 - thunderbird.net

• Firefox 136 - mozilla.org

• Ubuntu Touch OTA 8 - ubports.com

• ExTix 25.3 - linux.exton.net

• Tails 6.13 - torproject.org

• Garuda Linux Broadwing - opensourcefeed.org

• Malicious Go Packages - thehackernews.com

• Alibaba qwq - venturebeat.com

• Light-R1-32B - venturebeat.com

• EFF Rayhunter - eff.org

28:38 Software Freedom Conservancy Interview

• Denver Gingerich - Director of Compliance
• OpenWRT One
• Powered over PoE
• $10 of purchase price goes to OpenWRT
• Target audience
• Un-brickable
• Made by BananaPi

36:10 Considering OpenWRT One

• Steve for family?
• On par with any consumer router
• OpenWRT vs OPNSense
• Very well put together

• 39:35 ESP32 "Backdoor"

• The basics

• Wireless has to talk

• What the company did

• opcode3f

• Undocumented Commands

  • 0xFC30 - Register Read
  • 0xFC31 - Register write
  • 0xFC32 - Set MAC Address
  • 0xFC07 - Write Flash
  • 0xFC08 - Read Flash
  • 0xFC0E - Send LMP Packet (different layers of the bluetooth stack)

• What they are not telling you

• Much to do about nothing

• Ycombinator.com

• Espressif Response

• Dark Mentor

46:37 Vizio Lawsuit

• SFC filed Oct 19 2021
• Vizio tried to move the lawsuit
• Going to trial in this year in Oct
• SFC became a hardware manufacture to avoid fighting these lawsuits

51:00 Steve's eBook Tinkering

• Started to help ChrisLAS
• Extending the program

-- The Extra Credit Section --

For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard!

This Episode's Podcast Dashboard

Phone Systems for Ask Noah provided by Voxtelesys

Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix

-- Stay In Touch --

Find all the resources for this show on the Ask Noah Dashboard

Ask Noah Dashboard

Need more help than a radio show can offer? Altispeed provides commercial IT services and they’re excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show!

Altispeed Technologies

Contact Noah

live [at] asknoahshow.com

-- Twitter --

• Noah - Kernellinux
• Ask Noah Show
• Altispeed Technologies