The Sizzle

Issue 497 - Wednesday, 11th October 2017

Sorry for the early Sizzle. I have some stuff on today that requires having to leave the house when I'd normally be writing.


The NBN will put lives at risk according to emergency management experts
The NBN has come under scrutiny from some Queensland emergency service managers (i.e: people who plan what happens to society when there's a bushfire or flood) for not being resilient enough, particularly with power outages. FTTN cabinets require power and if there's no power, the entire area is cut off, despite an individual business or home-owner having their own backup power source. FTTP nodes were unpowered so would have worked in such a scenario. NBN has responded saying that they will respond to any busted nodes and install temporary generators, but the emergency services think that's a stupid idea and say this issue "appears to be a built in flaw".
Discuss - Share

The US Deputy Attorney General joins the rant against encryption
Another day, another government attacking encryption. This time, it's the US Deputy Attorney General going around saying shit like "warrant-proof encryption defeats the constitutional balance by elevating privacy above public safety". He then went banging on about how new devices are too hard to get evidence off and that the companies involved are allowing criminals and terrorists to flourish - the usual shit. But the Deputy Attorney General coined a new phrase for what he'd like to see implemented as a response: "responsible encryption" - a pipe dream that politicians keep insisting is possible (it isn't), where there's a way for cops to get into your phone, but not hackers.
Discuss - Share

Google's new Home Mini speaker was accidentally sending everything it heard back to Google
That insidious little Home Mini speaker Google announced last week was listening to everything a review over at Android Police was saying and sending it back to Google. It's supposed to only activate and send stuff back when it hears the "Ok Google" hotword. The unit Artem was reviewing had a hardware fault that registered "phantom" presses of the physical button on top of the Home Mini as an alternative to speaking to it. A few others had this issue, so Google's disabled that feature in the latest software update. Just one small mistake and your privacy is at risk. The Stasi would be proud.
Discuss - Share

Aussies don't care about the government's mass facial recognition technology
It looks like the majority of Australians do not care about their driver's licence photos getting sucked into a big database that can ID you via CCTV footage. Via an SMS poll by Roy Morgan, when asked "under anti-terror measures State Governments will provide driver licence photos for mass facial recognition technology. Does this concern you?" 67.5% of respondents said, no, it doesn't. Lib voters had the least concern, with only 19% not a fan of state level surveillance, backing up my theory that Liberal voters are unable to read between the lines and only think of themselves.
Discuss - Share

The Netherlands to ban sales of combustion engine cars by 2030
The Dutch have seen the light and declared that by 2030 all new cars in the Netherlands must be emission free. Dutch people will not be able to buy a car with an exhaust pipe in 13 years time. There's not a lot of detail, as it's one of those line items on a budget proposal sorta thing, but it's got the approval of most of the political parties there so it's probably gonna happen. The Netherlands joins the UK, France, China and India all have a plan to rid their countries of polluting vehicles - even if some of those "plans" are looser than others, at least people are thinking about it.
Discuss - Share


Public facing support websites allow access to internal company Slack & Twitter accounts
Here's a bit of crafty hacking that allowed this guy to get into private company Slack and Yammer groups without the group owners inviting them. Heaps of companies use online platforms like ZenDesk or Kayako to manage support tickets and these systems usually let a customer access their ticket history with no form of authentication. Inti De Ceukelaire was able to send password resets and Slack magic login links to the emails he was able to guess (e.g: and then simply visit the support history pages of that email address (which remember, requires no login) and reset passwords, heh - so cheeky and I love it.
Discuss - Share

Turn a Raspberry Pi into a wi-fi access point with an easy to use web UI
Got a Raspberry Pi lying around that you want to turn into a wi-fi access point? RaspAP is an excellent way to do it. Install Raspbian as normal, but then install RaspAP via the instructions on the Github page and you've got a nice little web UI to configure and administer your new access point. Running a Pi as an AP is kinda nice vs. a "normal" AP as you can run it off a battery relatively easily and use any weird and wonderful wi-fi dongles you like to get more range or unique features you won't otherwise get with a D-Link or Netgear or whatever.
Discuss - Share

8-port USB charger with voltage & current info for each port
Check out this 8-port USB charger with built in LCD screen that tells you the current and voltage flowing through each port. Each port can do up to 3.5A, but you only get a max of 8A in total, so if you plug in 8 devices at once, each device will only charge at 1A. There's even a Qualcomm Quick Charge 3.0 port, which is pretty nice. Bit exxy at $60, but still cool. I bet there's an even fancier one on AliExpress - if you've seen it, please show it to me.
Discuss - Share

Here endeth the sizzle (until tomorrow!)

The Sizzle is curated by Anthony "@decryption" Agius and emailed every weekday afternoon. Join us on Slack and chat with other Sizzle subscribers.