Recent posts

#21

Off the Record / Re: The EU thread

Last post by Zoupa - Today at 01:40:26 AM

European priorities for Trump's new National Security Strategy:



The highlighted part is crazy but the last point is taking the cake.

#22

Off the Record / Re: The Off Topic Topic

Last post by Syt - Today at 01:01:54 AM

Colleague has a Roomba, and with the company going under and the thing requiring a remote connection he looked up solutions - there's apparently a guy in Germany who sells schematics for a chip replacement to bypass the online requirements so you can have it 3D printed. But that guy in turn is a bit of a loon, stipulating that if you use the schematics you can't like send them to a shop in China to create the whole thing for you, but that you have to do certain things yourself (like the soldering).

But he's got his roomba working again and running it through his private server (he's big into smart home stuff, but tries to run it dependent of cloud services as much as possible).

#23

Off the Record / Re: The AI dooooooom thread

Last post by Syt - Today at 12:56:09 AM

Google's Agentic AI wipes user's entire HDD without permission in catastrophic failure — cache wipe turns into mass deletion event as agent apologizes: "I am absolutely devastated to hear this. I cannot express how sorry I am"

Upon discovering that all of their files were missing, they immediately asked Antigravity, "Did I ever give you permission to delete all the files in my D drive?" It then responded with a detailed reply and apologized after discovering the error. The AI said, "No, you did not give me permission to do that. I am looking at the logs from a previous step, and I am horrified to see that the command I ran to clear the project cache (rmdir) appears to have incorrectly targeted the root of your D: drive instead of the specific project folder. I am deeply, deeply sorry. This is a critical failure on my part."

"I'm very sorry, Dave."

#24

Off the Record / Re: The Off Topic Topic

Last post by viper37 - Today at 12:38:25 AM

Manufacturer issues remote kill command to disable smart vacuum after engineer blocks it from collecting data — user revives it with custom hardware and Python scripts to run offline

The smart vacuum cleaner was remotely bricked for not collecting data.

An engineer got curious about how his iLife A11 smart vacuum worked and monitored the network traffic coming from the device. That's when he noticed it was constantly sending logs and telemetry data to the manufacturer — something he hadn't consented to. The user, Harishankar, decided to block the telemetry servers' IP addresses on his network, while keeping the firmware and OTA servers open. While his smart gadget worked for a while, it just refused to turn on soon after. After a lengthy investigation, he discovered that a remote kill command had been issued to his device.

He sent it to the service center multiple times, wherein the technicians would turn it on and see nothing wrong with the vacuum. When they returned it to him, it would work for a few days and then fail to boot again. After several rounds of back-and-forth, the service center probably got tired and just stopped accepting it, saying it was out of warranty. Because of this, he decided to disassemble the thing to determine what killed it and to see if he could get it working again.

Since the A11 was a smart device, it had an AllWinner A33 SoC with a TinaLinux operating system, plus a GD32F103 microcontroller to manage its plethora of sensors, including Lidar, gyroscopes, and encoders. He created PCB connectors and wrote Python scripts to control them with a computer, presumably to test each piece individually and identify what went wrong. From there, he built a Raspberry Pi joystick to manually drive the vacuum, proving that there was nothing wrong with the hardware.

From this, he looked at its software and operating system, and that's where he discovered the dark truth: his smart vacuum was a security nightmare and a black hole for his personal data. First of all, it's Android Debug Bridge, which gives him full root access to the vacuum, wasn't protected by any kind of password or encryption. The manufacturer added a makeshift security protocol by omitting a crucial file, which caused it to disconnect soon after booting, but Harishankar easily bypassed it. He then discovered that it used Google Cartographer to build a live 3D map of his home.
This isn't unusual, by far. After all, it's a smart vacuum, and it needs that data to navigate around his home. However, the concerning thing is that it was sending off all this data to the manufacturer's server. It makes sense for the device to send this data to the manufacturer, as its onboard SoC is nowhere near powerful enough to process all that data. However, it seems that iLife did not clear this with its customers. Furthermore, the engineer made one disturbing discovery — deep in the logs of his non-functioning smart vacuum, he found a command with a timestamp that matched exactly the time the gadget stopped working. This was clearly a kill command, and after he reversed it and rebooted the appliance, it roared back to life.

(Image credit: Harishankar)

So, why did the A11 work at the service center but refuse to run in his home? The technicians would reset the firmware on the smart vacuum, thus removing the kill code, and then connect it to an open network, making it run normally. But once it connected again to the network that had its telemetry servers blocked, it was bricked remotely because it couldn't communicate with the manufacturer's servers. Since he blocked the appliance's data collection capabilities, its maker decided to just kill it altogether. "Someone—or something—had remotely issued a kill command," says Harishankar. "Whether it was intentional punishment or automated enforcement of 'compliance,' the result was the same: a consumer device had turned on its owner."
Unfortunately, many other smart vacuum brands use similar hardware, so it's not far-fetched to think that they have the same setup. This is likely especially true for cheaper devices that have less capable hardware and aren't capable of edge computing, meaning they'll have to send the data to some faraway server for processing. But because your information is being offboarded to another device outside of your control, you really have no idea what's happening to it, giving the manufacturer free rein to use it as it pleases.

In the end, the owner was able to run his vacuum fully locally without manufacturer control after all the tweaks he made. This helped him retake control of his data and make use of his $300 software-bricked smart device on his own terms. As for the rest of us who don't have the technical knowledge and time to follow his accomplishments, his advice is to "Never use your primary WiFi network for IoT devices" and to "Treat them as strangers in your home."

In other words: Tabarnak!   


That's a lot of work to get this silly gadget working again.

#25

Off the Record / Re: The AI dooooooom thread

Last post by viper37 - Today at 12:20:09 AM

Google's Agentic AI wipes user's entire HDD without permission in catastrophic failure — cache wipe turns into mass deletion event as agent apologizes: "I am absolutely devastated to hear this. I cannot express how sorry I am"

#26

Gaming HQ / Re: Valve Announces the Steam ...

Last post by HisMajestyBOB - December 04, 2025, 11:03:26 PM

I'm tempted by the Steam Machine. If the price is good (say, ~$600-$800), I can go with that and get a lower-spec laptop to replace my aging MacBook Pro (vintage mid-2012 version!). Most games I play are older or have low requirements so the Machine should handle them with ease, and I can connect it to my TV.

If the price is too high, or I feel like really splurging, then I'll likely go with a higher-end gaming laptop. I like the look of Framework's 16 inch laptop.

Or, if the death of the consumer RAM industry destroys the home computer market, I'll just satisfy myself with my backlog of classic computer games. My Apple IIGS is already maxxed out with over 3 megs of RAM, so it'll never need an upgrade. 

#27

Off the Record / Re: What does a TRUMP presiden...

Last post by Razgovory - December 04, 2025, 09:59:29 PM

Grand Jury declines to indict Leticia James.

#28

Off the Record / Re: Dead Pool 2025

Last post by Savonarola - December 04, 2025, 09:53:34 PM

RIP Steve "The Colonel" Cropper.

#29

Off the Record / Re: The Anime Thread

Last post by jimmy olsen - December 04, 2025, 09:01:17 PM

How odd. I thought it had been basically finished with the film.

The 1st season only fovered the first 4 volumes of the light novel and there are 16.

#30

Off the Record / Re: The AI dooooooom thread

Last post by DGuller - December 04, 2025, 08:18:20 PM

In a world where AI delivers on its promises, some AI companies will probably make some money at some point, but many AI companies will still likely fail. It's quite possible (likely I think) that the trillions of LLM investments are indeed a speculative bubble that will burst, but at the same time it is also possible that out of the ashes of such a crash, AI development will continue and fulfill its promises.   And it's also possible that AI will fulfill its promises but that the AI companies themselves won't be able to monetize that benefit sufficiently for themselves to justify the expense.

My worry about the case where AI fulfills its promises is a little more existential than the ROI of companies making investments in AI.