fidzu : computers

A couple months ago, YouTuber Benn Jordan "found vulnerabilities in some of Flock's license plate reader cameras," reports 404 Media's Jason Koebler. "He reached out to me to tell me he had learned that some of Flock's Condor cameras were left live-streaming to the open internet." This led to a remarkable article where Koebler confirmed the breach by visiting a Flock surveillance camera mounted on a California traffic signal. ("On my phone, I am watching myself in real time as the camera records and livestreams me - without any password or login - to the open internet... Hundreds of miles away, my colleagues are remotely watching me too through the exposed feed.") Flock left livestreams and administrator control panels for at least 60 of its AI-enabled Condor cameras around the country exposed to the open internet, where anyone could watch them, download 30 days worth of video archive, and change settings, see log files, and run diagnostics. Unlike many of Flock's cameras, which are designed to capture license plates as people drive by, Flock's Condor cameras are pan-tilt-zoom (PTZ) cameras designed to record and track people, not vehicles. Condor cameras can be set to automatically zoom in on people's faces... The exposure was initially discovered by YouTuber and technologist Benn Jordan and was shared with security researcher Jon "GainSec" Gaines, who recently found numerous vulnerabilities in several other models of Flock's automated license plate reader (ALPR) cameras. Jordan appeared this week as a guest on Koebler's own YouTube channel, while Jordan released a video of his own about the experience. titled "We Hacked Flock Safety Cameras in under 30 Seconds." (Thanks to Slashdot reader beadon for sharing the link.) But together Jordan and 404 Media also created another video three weeks ago titled "The Flock Camera Leak is Like Netflix for Stalkers" which includes footage he says was "completely accessible at the time Flock Safety was telling cities that the devices are secure after they're deployed." The video decries cities "too lazy to conduct their own security audit or research the efficacy versus risk," but also calls weak security "an industry-wide problem." Jordan explains in the video how he "very easily found the administration interfaces for dozens of Flock safety cameras..." - but also what happened next: None of the data or video footage was encrypted. There was no username or password required. These were all completely public-facing, for the world to see.... Making any modification to the cameras is illegal, so I didn't do this. But I had the ability to delete any of the video footage or evidence by simply pressing a button. I could see the paths where all of the evidence files were located on the file system... During and after the process of conducting that research and making that video, I was visited by the police and had what I believed to be private investigators outside my home photographing me and my property and bothering my neighbors. John Gaines or GainSec, the brains behind most of this research, lost employment within 48 hours of the video being released. And the sad reality is that I don't view these things as consequences or punishment for researching security vulnerabilities. I view these as consequences and punishment for doing it ethically and transparently. I've been contacted by people on or communicating with civic councils who found my videos concerning, and they shared Flock Safety's response with me. The company claimed that the devices in my video did not reflect the security standards of the ones being publicly deployed. The CEO even posted on LinkedIn and boasted about Flock Safety's security policies. So, I formally and publicly offered to personally fund security research into Flock Safety's deployed ecosystem. But the law prevents me from touching their live devices. So, all I needed was their permission so I wouldn't get arrested. And I was even willing to let them supervise this research. I got no response. So instead, he read Flock's official response to a security/surveillance industry research group - while standing in front of one of their security cameras, streaming his reading to the public internet. "Might as well. It's my tax dollars that paid for it." " 'Flock is committed to continuously improving security...'"

Read more of this story at Slashdot.

17 Jan 2026 5:34pm GMT

After "a decade of deep focus on embedded and server systems," T2 SDE Linux "is back to the Desktop," according to its web site, calling the new "T2 Desktop" flavour "ready for everyday home and office use!" Built on the latest KDE Plasma, systemd, and Wayland, the new T2 Desktop flavour delivers a modern, clean, and performant experience while retaining the project's trademark portability and reproducible cross-compilation across architectures. T2 Desktop targets x86_64, arm64, and riscv64, delivering "a fully polished, streamlined out-of-the-box experience," according to project lead René Rebe (also long-time Slashdot reader ReneR): I>[T2 Desktop] delivered a full KDE Plasma desktop on RISC-V, reproducibly cross-compiled from source using T2 SDE Linux. The desktop spans more than 600 packages - from toolchain to Qt and KDE and targets a next-generation RVA23 RISC-V flagship desktop, including full multimedia support and AMD RDNA GPU acceleration under Wayland. As a parallel milestone, the same fully reproducible desktop stack is now also landing on Qualcomm X1 ARM64 platforms, highlighting T2 SDE's architecture-independent approach and positioning both RISC-V and ARM64 as serious, first-class Linux desktop contenders.

Read more of this story at Slashdot.

17 Jan 2026 4:34pm GMT

An anonymous reader shared this report from the Washington Post: The U.S. Department of Transportation brought an automated bus to D.C. this week to showcase its work on self-driving vehicles, taking officials from around the country on a ride between agency headquarters at Navy Yard and Union Station. One of those trips was interrupted Sunday when the bus got rear-ended. The bus, produced by the company Beep, was following its fixed route when it was struck by a Tesla with Maryland plates whose driver was trying to change lanes, officials said. The bus had a human driver behind the wheel for backup as required by the city. The Tesla driver stayed on the scene on H Street for about 10 minutes. No police were called. "The service was temporarily paused after another vehicle made an illegal lane change and contacted the rear of the autonomous bus, which resulted in minor cosmetic damage to both vehicles," a spokesman for Beep said in a statement. "The autonomous bus operated appropriately in the moment and, after review, it was determined the autonomous bus was safe to resume service." Beep is working with the [U.S.] Transportation Department and Carnegie Mellon University on a pilot program of automated public buses. The vehicle was brought to D.C. for an annual conference that brings together transportation researchers and policymakers...

Read more of this story at Slashdot.

17 Jan 2026 3:34pm GMT

Supernatural has had its staff cut and won't receive any more content updates.

17 Jan 2026 12:00pm GMT

"I've got one job, and it's the safe return of Reid, Victor, Christina, and Jeremy."

17 Jan 2026 4:45am GMT

Reseller says Rackspace plans to charge it 706 percent more.

16 Jan 2026 11:15pm GMT

Since Wayland is still quite new to a lot of people, it's often difficult to figure out which features the Wayland compositor you're using actually supports. While the Wayland Explorer is a great way to browse through the various protocols and their status in various compositors, there's now an easier way. The Wayland protocols table makes it very easy to see what your favourite compositor supports, which compositors support the protocol you really want supported before leaving X11 behind, and much more. Roughly speaking, there's a set of stable core Wayland protocols, as well as a slew of unstable core Wayland protocols that are still in development, but may already be supported by various compositors. On top of that, compositors themselves also have a ton of protocols they themselves introduced and support, but which aren't supported by anything else - yet, as they may be picked up by other compositors and eventually become part of Wayland's core protocols. Keeping tabs on specific protocols and their support status is mostly only interesting for developers and people with very specific needs, since mature compositors provide a complete set of features most users never have to worry about. Still, that doesn't mean there aren't really cool features cooking, nor does it mean that one specific accessibility-related protocol isn't incredibly important to keep track of. These websites provide an easy way to do so.

16 Jan 2026 10:08pm GMT

Excellent news for OpenBSD users who are tied to macOS: you can now run OpenBSD using Apple's Hypervisor. Following a recent series of commits by Helg Bredow and Stefan Fritsch, OpenBSD/arm64 now works as a guest operating system under the Apple Hypervisor. ↫ Peter N. M. Hansteen at the OpenBSD Journal If you have an M1 or M2 Mac and want to get rid of macOS entirely, OpenBSD can be run on those machines natively, too.

16 Jan 2026 8:20pm GMT

Speaking of NixOS' use of 9P, what if you want to, for whatever inexplicable reason, use macOS, but make it immutable? Immutable Linux distributions are getting a lot of attention lately, and similar concepts are used by Android and iOS, so it makes sense for people stuck on macOS to want similar functionality. Apple doesn't offer anything to make this happen, but of course, there's always Nix. And I literally do mean always. Only try out Nix if you're willing to first be sucked into a pit of despair and madness before coming out enlightened on the other end - I managed to only narrowly avoid this very thing happening to me last year, so be advised. Nix is no laughing matter. Anyway, yes, you can use Nix to make macOS immutable. But managing a good working environment on macOS has long been a game of "hope for the best." We've all been there: a curl | sh here, a manual brew install there, and six months later, you're staring at a broken PATH and a Python environment that seems to have developed its own consciousness. I've spent a lot of time recently moving my entire workflow into a declarative system using nix. From my zsh setup to my odin toolchain, here is why the transition from the imperative world of Homebrew to the immutable world of nix-darwin has been both a revelation and a fight. ↫ Carette Antonin Of course it's been a fight - it's Nix, after all - but it's quite impressive and awesome that Nix can be used in this way. I would rather discover what electricity from light sockets tastes like than descend into this particular flavour of Nix madness, but if you're really sick of macOS being a pile of trash for - among a lot of other things - homebrew and similar bolted-on systems held together by duct tape and spit, this might be a solution for you.

16 Jan 2026 12:09am GMT

In the recent blog post on the work funded by Sovereign Tech Fund (STF), we provided an overview of the "File Hierarchy for the Verification of OS Artifacts" (VOA) and the voa project as its reference implementation. VOA is a generic framework for verifying any kind of distribution artifacts (i.e. files) using arbitrary signature verification technologies. The voa CLI ⌨️ The voa project offers the voa(1) command line interface (CLI) which makes use of the voa(5) configuration file format for technology backends. It is recommended to read the respective man pages to get …

11 Jan 2026 12:00am GMT

In 2024 the Sovereign Tech Fund (STF) started funding work on the ALPM project, which provides a Rust-based framework for Arch Linux Package Management. Refer to the project's FAQ and mission statement to learn more about the relation to the tooling currently in use on Arch Linux. The funding has now concluded, but over the time of 15 months allowed us to create various tools and integrations that we will highlight in the following sections. We have worked on six milestones with focus on various aspects of the package management ecosystem, ranging from formalizing, parsing and writing of …

10 Jan 2026 12:00am GMT

Did you know you can have newlines in pathnames? The design is very human and this absolutely doesn't have any unforeseen consequences! Also a friendly reminder that you can store anything on a nameserver if you try hard enough.

Originally posted by me on donotsta.re (2025-12-23)

09 Jan 2026 12:00am GMT