Re: Ebay port scans your pc on every visit.
A bit more on this, it does seem to be ThreatMatrix, LexusNexus' security service as a script inclusion by "customers" of theirs. They list some other sites that seem to use this. https://www.bleepingcomputer.com/news/security/list-of-well-known-web-sites-that-port-scan-their-visitors/ I still wonder what shenanigans illegitimate sites are using this for, since seemingly only Firefox seems possessing of the security features and capable of blocking it with uBlock Origin or like. -mb On Mon, May 25, 2020 at 11:21 PM Michael Butash wrote: > Far more interesting on that article breaking it down for sure. > > From what I gathered, it's a service Ebay uses, one owned by LexusNexus, > dba ThreatMatrix. Sounds like they figured out how to use hacker > techniques, and monetized it with some crafty sales folk to get into ebay, > banks, others. This is a big market, not surprised this is common as it's > been monetized by a somewhat sleazy company apparently. Funny that, > LexusNexus being mostly a search engine data repo for lawyers, the sleaze > continues. > > It didn't sound conclusive why it wasn't attacking linux. It didn't seem > to trigger the port scans, per them, even when they spoofed their user > agent as a windoze box. He concluded they were able to tell somehow it was > linux, but not sure how. They only go hunting for sheep(le). I might try > to reproduce. > > I tend to side with the fact they have a routine ala if windoze, > probe/infect/whatever. If mac, probe/infect, whatever. If linux, who > cares, it's probably ok. I found years ago M$ had something like this as > an ingestion formula for Office365 that caused only linux web clients to > suck/crash/just do bad things. It was technically chalked up as a "bug" > and fixed (causing office365 to finally actually work under linux), but we > all know better than that. Not surprised people do this for various user > agents and other meta recognition methods to *influence* behavior. > > It's that 1% linux desktop user thing, but hey, I'll hang out here and > watch the carnage they invoke upon Windows/Mac as market leaders. > > -mb > > > On Mon, May 25, 2020 at 9:28 PM der.hans wrote: > >> Am 25. May, 2020 schwätzte Michael Butash so: >> >> moin moin, >> >> >> Should we be insulted that they don't check for SSH? >> >> >> >> Ah, "According to Nullsweep, who first reported on the port scans, >> they do >> >> not occur when browsing the site with Linux." >> > >> > Probably more flattered about ssh - they know they're not getting >> anything >> > out of a linux system anyways. >> >> Could they? I thought there was a problem with JavaScript hitting >> localhost a couple years ago and this was blocked. >> >> One of the links in the original article points to a break-down of the >> code in question. I'm only about 1/3 of the way through the article, so I >> don't yet know how it ends. Spoilers are OK :). >> >> https://blog.nem.ec/2020/05/24/ebay-port-scanning/ >> >> As to script blocking below, yeah, other than security-curious people at >> conferences, I don't get much buy in. Kidling however is learning to work >> with it :). >> >> ciao, >> >> der.hans >> >> > Interesting on the second comment - didn't catch that. Wonder why/how >> > windoze allows this, but linux does not? And what about the mac users? >> > Now I'm even more curious. >> > >> > I feel a bit better knowing I'm protected since I don't use windoze for >> > anything but visio, but the other billion suckers still using windoze >> as a >> > main rig are screwed as usual. >> > >> >> I use uMatrix to limit JavaScript. Most sites aren't allowed to run >> any. >> > >> > I too use uBlock Origin, mostly for adware lists, but I use NoScript >> that >> > flat disallows sites unless whitelisted. It breaks all sorts of stuff >> > until whitelisted, but usually the ones that require me to whitelist >> more >> > than a few domains, I quickly close and forget about. It's pretty scary >> > going to big sites like various news outlets just how many domains their >> > javascripts are banging your browser with. I've seen upwards of 20-30 >> > foreign domains all attempting to track/probe you at times - those I >> close >> > quick, blacklist them all, and thank the fact I have script blocking >> > enabled. >> > >> > Trying to get others to use noscript or any sort of whitelist model is >> > tough, 99% of the time they don't want the inconvenience and end up >> turning >> > it off. I usually stop taking tech support calls or listening to >> whining >> > after that when they're infected yet again. >> > >> > -mb >> > >> > >> > On Mon, May 25, 2020 at 6:17 PM der.hans wrote: >> > >> >> Am 24. May, 2020 schwätzte Michael Butash via PLUG-discuss so: >> >> >> >> moin moin, >> >> >> >>> >> >> >> https://www.bleepingcomputer.com/news/security/ebay-port-scans-visitors-computers-for-remote-access-programs/ >> >>> >> >>> This was a bit disturbing to read today. Ebay injects a few >> javascript >>
Re: homewide sound system
There is still the old Logitech SqueezeCenter server and plenty of SquezePlayer servers/clients out there to make your whole home audio. I run a SqueezeCenter Server on my synology with all my audio tracks there, and then you just add Squeezeplayer hardware clients that act as your speaker output in each room to play individually, or synchronize multiple rooms. The hardware died in the mid 2000's, but the software never did... These clients can be RPi's with Squeeze software, in my case, a bunch of old/repurposed android cell phones with a Squeeze Player server software, going to various old iphone speaker docks, 2.1, and 5.1 systems acquired from goodwill's around the house and connected via mic jacks. I also picked up a few chinese DLNA network players that worked ok too in this. My Pioneer Elite receiver also shows up in the inventory for room control, my buddy I setup uses his with two Onkyo's. Wireless audio sync on my android player servers is always a problem with delay differences between rooms, but if wired, it works just fine. There are various player clients for choosing tracks from your library and control, ala sync across devices. I had to buy one for my ipad, but plenty free on android, and better ones less free. You can even control via the web ui on the server, in my case my Synology. HTH! -mb On Sun, May 31, 2020 at 1:40 AM der.hans via PLUG-discuss < plug-discuss@lists.phxlinux.org> wrote: > moin moin, > > with all the time spent at home, the family is asking for some upgrades. > > Aside from packing some pis with speakers all over the house, any > suggestions on how to use Free Software that doesn't want to ping out? > > I buy my music, download oggcasts, etc., so no need for speakers to be > checking in with a license server. > > There's a Free Software project for building a home assistant. I'd rather > avoid that right now and prefer a setup without microphones and camaeras. > > Wired or wireless can work. > > ciao, > > der.hans > -- > # https://www.LuftHans.com https://www.PhxLinux.org > # Im Zweifelsfall wähle das am interessantesten. -- > der.hans--- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: homewide sound system
hehe, reminds me of someone I met that was on the ultra-paranoid side. He equipped his window with a contact speaker and streamed a combination of non-stop porn and evangelical tv into it 24/7. The people I have met. On Sun, May 31, 2020 at 1:22 PM Matt Birkholz via PLUG-discuss < plug-discuss@lists.phxlinux.org> wrote: > On Sun, 2020-05-31 at 12:26 -0700, Ed via PLUG-discuss wrote: > > phone call? > > In extremis. Something that won't bother the NSA during everyday use? > > --- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > https://lists.phxlinux.org/mailman/listinfo/plug-discuss -- A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button. Stephen --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: homewide sound system
On Sun, 2020-05-31 at 12:26 -0700, Ed via PLUG-discuss wrote: > phone call? In extremis. Something that won't bother the NSA during everyday use? --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: homewide sound system
PulseAudio can pull/push audio to/from remote servers. They had a decent GUI for setting that up too. This recent(?) post suggests it can (could?) do auto discovery via Avahi. https://blogs.gnome.org/ignatenko/2015/07/31/how-to-set-up-network-audio-server-based-on-pulseaudio-and-auto-discovered-via-avahi/ I almost had this working years ago; I might try again. :-} I don't have any Apples or Windows but I imagine there are PulseAudio clients for those desktops too. But how do I connect two bluetooth headsets so that I can talk to my wife across the table in a noisy restaurant? There has got to be an Android app for that. --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: homewide sound system
https://www.monoprice.com/product?p_id=10761 I use this. Some kid wrote a python program that controls it over an rs232 dongle connected to a pi/PC. I containerized it and have it running alongside my other home automation containers. It's a little pricey but gives fantastic sound. I have 2 Chromecast audios as my inputs (I know, I know). So any input of the 6 can be directed to any of the six zones. You can also run all 6 zones off of the same input if you choose. The local control stations connect over cat5e but aren't networked. I've been very happy with it. On Sun, May 31, 2020, 01:40 der.hans via PLUG-discuss < plug-discuss@lists.phxlinux.org> wrote: > moin moin, > > with all the time spent at home, the family is asking for some upgrades. > > Aside from packing some pis with speakers all over the house, any > suggestions on how to use Free Software that doesn't want to ping out? > > I buy my music, download oggcasts, etc., so no need for speakers to be > checking in with a license server. > > There's a Free Software project for building a home assistant. I'd rather > avoid that right now and prefer a setup without microphones and camaeras. > > Wired or wireless can work. > > ciao, > > der.hans > -- > # https://www.LuftHans.com https://www.PhxLinux.org > # Im Zweifelsfall wähle das am interessantesten. -- > der.hans--- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: homewide sound system
google has not failed me. http://nyanko.ws/product_nymphcast.php I think I finally found a project for my little bananna pi. On Sun, May 31, 2020 at 10:10 AM Stephen Partington wrote: > Well the Chromecast functionality I think, with R-Pi powered speakers and > wifi might be a solid bet, but wire would work as well. > > Have to give this some thought. > > > On Sun, May 31, 2020 at 1:40 AM der.hans via PLUG-discuss < > plug-discuss@lists.phxlinux.org> wrote: > >> moin moin, >> >> with all the time spent at home, the family is asking for some upgrades. >> >> Aside from packing some pis with speakers all over the house, any >> suggestions on how to use Free Software that doesn't want to ping out? >> >> I buy my music, download oggcasts, etc., so no need for speakers to be >> checking in with a license server. >> >> There's a Free Software project for building a home assistant. I'd rather >> avoid that right now and prefer a setup without microphones and camaeras. >> >> Wired or wireless can work. >> >> ciao, >> >> der.hans >> -- >> # https://www.LuftHans.com https://www.PhxLinux.org >> # Im Zweifelsfall wähle das am interessantesten. -- >> der.hans--- >> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >> To subscribe, unsubscribe, or to change your mail settings: >> https://lists.phxlinux.org/mailman/listinfo/plug-discuss > > > > -- > A mouse trap, placed on top of your alarm clock, will prevent you from > rolling over and going back to sleep after you hit the snooze button. > > Stephen > > -- A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button. Stephen --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
