Article was a bit of a nothingburger for the technically inclined.
Digging into the paper, the significant finding (RCE) is achieved via:
A payload was written which installs a reverse shell backdoor for root persistence. The payload was sent from a computer hosting a Wi-Fi to which the watch was connected, to ensure the watch had a reachable IPv4 address.
The program ncat was used both to send the payload to the watch's network service, and to catch reverse shell connections.
So if i understand this- it requires the watch being connected to a compromised AP. Anyone get a different read?
The quote seems to imply that if the watch receives the payload from any source, even without a compromised AP, it'll pop the shell.
The easiest source of this is local network attacks, and it's not that unusual. In this case you could imagine a teacher at school who knows how to use Metasploit.
It doesn't seem like it has to be local network, though, the computer just has to receive the packet somehow. So for example if the watch loads a website or connects to some service on the internet (firmware updates, cloud sync, telemetry, whatever), an attacker could try to receive/intercepts/redirect that traffic and serve the payload through that channel.
You might need the watch has no certificate pinning or weak certificate validation if it's using TLS but IoT devices often skip TLS.
Write a list of everything that you fuck up every time, check the next one against it and eventually you get a good one first hit. I had three in a row that worked out of the box in the end!
Printing the board outline and layers combined as well. And checking you used the correct footprints against actual parts helps.
I mean that's hardly that bad.In the 17 years since release, ~7 billion humans will have had 1,042,440,000,000,000 hours of free time meaning society has spent 0.000451% of it's time on minecraft in the last 17 years.
Which is rounded well out beyond significant figures (as we've only got the one in 7 billion people). Rounded, we've spent effectively no time on minecraft.
We love engineer Kala. She decided to do a thing, while marking progress on her "technology tree" of skills gained by (very arguable) necessity. Dealing with permits and city beuaracracy seems like one of the hardest parts!
the field is advancing so fast it's hard to do real science as their will be a new SOTA by the time you're ready to publish results. i think this is a combination of that and people having a laugh.
Would you mind sharing which benchmarks you think are useful measures for multimodal reasoning?
A benchmark only tests what the benchmark is doing, the goal is to make that task correlate with actually valuable things. Graphic benchmarks is a good example, extremely hard to know what you will get in a game by looking at 3D Mark scores, it varies by a lot.
Making a SVG of a single thing doesn’t help much unless that applies to all SVG tasks.
> Definitely, like drug dealers, you know they're cutting the good stuff with low cost cached gibberish.
Can confirm. My partner's chatGPT wouldnt return anything useful for her given a specific query involving web use, while i got the desired result sitting side by side. She contacted support and they said nothing they can do about it, her account is in an A/B test group without some features removed. I imagine this saves them considerable resources despite still billing customers for them.
Digging into the paper, the significant finding (RCE) is achieved via:
A payload was written which installs a reverse shell backdoor for root persistence. The payload was sent from a computer hosting a Wi-Fi to which the watch was connected, to ensure the watch had a reachable IPv4 address. The program ncat was used both to send the payload to the watch's network service, and to catch reverse shell connections.
So if i understand this- it requires the watch being connected to a compromised AP. Anyone get a different read?
reply