Welcome to Beta-Labs!

Always in beta, because the mucking about is never done.

Blog

  • Massachusetts social media ban for under 14

    So my nominally sane state is getting aboard the hype train for restricting social media to young people with a proposed ban for anyone under 14. This means age verification, which is so much bullshit.

    Here’s the text I sent my state rep:

    I am writing to you, to urge you to vote against Amendment H.5349, especially Section 3 and its supporting sections. I am not real happy about Sections 1 and 2, either, but Section 3 with its social media ban for those under the age of 14 and and age verification are the most dangerous parts of the Amendment.

    While it is true that social media can have a negative impact on young people (much like any of us), I feel that there is a need for young people to be able to communicate with others of their age, and older, responsible adults. There are many reasons why young people would need to do so. I present a couple below.

    Matters of sexual health, orientation and identity may often not be able to be discussed with people locally. Being able to discuss and work through feelings and thoughts can be very useful to young people to help figure out who they are.

    Politics at the local, state, national, and world levels impact young people, too, and they need a way to discuss this with their peers, both locally and globally. If young people can form relationships and understandings with others, it may well reduce cultural misunderstandings and enable a calmer world.

    If I had peers I could talk things through with, my school life may have not been better, but I would have came to understand myself so much sooner than I did.

    As far as the identification and age verification requirements, that is a massive mistake.

    I am a retired technology worker. I have dealt with computer security and compliance (security and compliance are not the same, and are tangential related at best). Having government identification held electronically, by multiple entities, is will be a target for nefarious individuals looking to commit ID takeovers and impersonation, could result in reputational damage, fraud, blackmail pressures, and more. It also creates a database that can be used to track people, build a profile and dossier, and be abused in other ways. Having a statement that merely says “for verification purposes only” is about as effective as a screen door on a submarine.

    This is nothing like presenting your ID at a nightclub, liquor store, smoke shop, or adult store. In those cases, I show the ID to the clerk, they check the age (maybe even looking at the photo), and they hand it back. They do not take a photo of it, or make a record of it (except for date of birth at the grocery store). The exception to that is cannabis stores, where a record is made for some unknown and unnecessary reason.

    To force people to turn over IDs for social media, websites, and apps is a disaster waiting to happen. The security of some of these sites and systems would be laughable, if not so sad. There will be breaches, and people of all ages will be hurt by them.

    I understand wanted to protect people who may not be able to protect themselves or be mature enough to cope with things they see and hear, but this is not the way to that.

    I strongly oppose this Amendment for the above reasons and more, and hope you will do the same.

    I figure this has as much impact as a fart in a Nor’easter, but I can say I did something to express my displeasure.

  • Acurite 7 in 1 Atlas Weather Station

    So I bought a WiFi enabled personal weather station from Acurite. It was a bit pricier than some other personal weather stations available from Acurite and others, but I feel it had the better specifications overall than what was available otherwise.

    Since this was going on my network, I wanted to make sure things looked on the up and up, so create a test network and packet sniff it is. And what I difference I found between the weather station and the Hello Birdie camera.

    Quick little primer on the Atlas weather station: It uses a 900 MHz radio to connect from the sensor assembly to the local display. The local display has a ESP-WROOM-02 (datasheet here) to act as a bridge from the display to the WiFi connection. You don’t need the WiFi connection, and the local display will work fine without it. The purpose of the WiFi is to send data to WeatherUnderground.

    When you first power up the display, it creates an open AP. You join this AP to set the SSID and password so the display can join the network and send its data. The config webpage is very simple: just a pulldown for found WiFi networks and a password field.

    Running Nmap, the only port active at the setup stage is a http daemon at port 80. Once the display is configured on the Wifi, that port goes away and no open ports were found. It doesn’t even repond to pings.

    Snooping the traffic, the only sites the display accesses is pool.ntp.org and three sites within the myacurite.com.domain. This is all done a clients where the display makes the requests. All this thing does is get the current time, look for firmware updates, try to send the weather data to your myacurite account (if you create one, not mandatory). All this traffice is sent via TLS ver 1.2.

    Since I’m only playing with this inside the house right now, I haven’t gotten a WeatherUnderground account yet, but if what I see holds, I expect that will be just one more domain and comms over TLS.

    Big difference in the privacy aspect of this weather station and the Hello Birdie camera is like day and night.

    I downloaded a copy of the firmware from the site indicated in the traffic capture, but really expect no surprises whenever I get around to looking at it.

    The only bummer that I see right now is that short of using a SDR to pull the weather data off the 900MHz signal, there’s no way of getting the data out and using for my own purposes locally.

  • Hello Birdie project page updated

    Did some work on my basic project page for the Hello Birdie teardown. Got product and component info posted. Lots more to do tho.

  • Welcome to my little blog

    Hey there!

    I’m just getting things started, so there isn’t much of anything to see as of yet. I’ll eventually get some stuff up about anime, manga, and music I like. I’ll also post some about the little projects I do to try and keep myself busy, such as my home/lab network, Arduino stuff, and reverse engineering (which I’m just getting started with). Got Big Plans™ for a bunch of stuff, but we’ll see how it goes. ¯\_(ツ)_/¯