Debloating the Onyx Boox Go 10.3
I was looking for an eink tablet to read books and take notes while I’m away from home.
After adventuring in the eInk rabbit hole I decided to go for the Onyx Boox Go 10.3: a Black and White eInk Android Tablet with 300ppi that’s also good for taking notes, weighting only 365g!
I was a bit concerned about this report from Mozilla so I decided to take a look at the device.
The xz backdoor from a Security Engineer persepective
As you probably already heard, the xz
package got compromised.
The package was used as entrypoint to inject malicious code in sshd, altering the authentication flow. This forged vulnerability is now known as CVE-2024-3094.
Security Theatre? More like Security Circus
I have seen many companies invest significant time and resources into security measures that have little to no actual effect on security. This is commonly referred to as “security theater”.
Long Time No See
Long time no see, uh? Lot of stuff happen since the last post in 2018 on the old blog.
Getting "Zero Click" Remote Code Execution in Mycroft AI vocal assistant
1 IntroductionDuring my journey contributing to open source I was working with my friend Matteo De Carlo on an AUR Package of a really interesting project called Mycroft AI. It’s an AI-powered vocal assistant started with a crowdfunding campaign in 2015 and a more recent one that allowed Mycroft to produce their Mark-I and Mark-II devices. It’s also running on Linux Desktop/Server, Raspberry PI and will be available soon™ on Jaguar F-Type and Land Rover