Buzzy AI startup Multiverse creates two of the smallest high-performing models ever | TechCrunch https://techcrunch.com/2025/08/14/buzzy-ai-startup-multiverse-creates-two-of-the-smallest-high-performing-models-ever/ #AI #tiny#IoT
@ge0rg @ifixcoinops @alienghic
XMPP is pronounced 'ʤæb.əʳ 🙂
To me,
#XMPP is the universal communication protocol, used for #IoT, #WebRTC, gaming, social, and #instantMessaging.
#Jabber is the latter in an open and federated network.
#CiscoJabber™ is a product by Cisco.
Zimpy is many things, but don't look it up in #UrbanDictionary!
(Btw. I fiercely advocate naming #freeSoftware projects, children, cats, companies, everything, after #UUIDs. No more unambiguousness, no more #trademark issues.)
Alex Akselrod
boosted
@jacob
I was going to ask for a copy of "Practical electronics for inventors"
But before I imposed on you shipping to Australia, I googled it and there is a free PDF published by the Author.
https://neuron.eng.wayne.edu/ECE330/Practical_Electronics_for_Inventors.pdf
So thank you for giving me the book with your message!
Tech books, free to a good home. Email or DM me your address and what book(s) you want and I’ll get them in the mail early next week.
@jacob
I was going to ask for a copy of "Practical electronics for inventors"
But before I imposed on you shipping to Australia, I googled it and there is a free PDF published by the Author.
https://neuron.eng.wayne.edu/ECE330/Practical_Electronics_for_Inventors.pdf
So thank you for giving me the book with your message!
Dane 🇮🇪 ☮️🕉️⚛️☸️
boosted
Found critical vulns in Lovense (the biggest sex toy company) affecting 11M+ users. They ignored researchers for 2+ years, then fixed in 2 days after public exposure. 🤦
What I found:
- Email disclosure via XMPP (username→email)
- Auth bypass (email→account takeover, no password)
History of ignoring researchers:
- 2022: Someone else reports XMPP email leak, ignored
- Sept 2023: Krissy reports account takeover + different email leak via HTTP API, paid only $350
- 2024: Another person reports XMPP email leak AND Account Takeover vuln, offered 2 free sex toys (accepted for the meme)
- March 2025: I report account takeover + XMPP email leak, paid $3000 (after pushing for critical)
- Told me fix for email vuln needs 14 months because "legacy support" > user security (had 1-month fix ready)
- July 28: I go public
- July 30: Both fixed in 48 hours
Same bugs, different treatment. They lied to journalists saying it was fixed in June, tried to get me banned from HackerOne after giving permission to disclose.
News covered it but my blog has the full technical details:
https://bobdahacker.com/blog/lovense-still-leaking-user-emails/
Edit: If you have Twitter Please retweet this. This guy was one of the CO Founders of Lovense and got kicked out like how Mark Zuckerburg from Facebook did to one of his Co-Founders
https://x.com/LovenseDispute/status/1879155775865589995
#InfoSec#BugBounty#ResponsibleDisclosure#Security#Vulnerability#IoT #cybersecurity
Found critical vulns in Lovense (the biggest sex toy company) affecting 11M+ users. They ignored researchers for 2+ years, then fixed in 2 days after public exposure. 🤦
What I found:
- Email disclosure via XMPP (username→email)
- Auth bypass (email→account takeover, no password)
History of ignoring researchers:
- 2022: Someone else reports XMPP email leak, ignored
- Sept 2023: Krissy reports account takeover + different email leak via HTTP API, paid only $350
- 2024: Another person reports XMPP email leak AND Account Takeover vuln, offered 2 free sex toys (accepted for the meme)
- March 2025: I report account takeover + XMPP email leak, paid $3000 (after pushing for critical)
- Told me fix for email vuln needs 14 months because "legacy support" > user security (had 1-month fix ready)
- July 28: I go public
- July 30: Both fixed in 48 hours
Same bugs, different treatment. They lied to journalists saying it was fixed in June, tried to get me banned from HackerOne after giving permission to disclose.
News covered it but my blog has the full technical details:
https://bobdahacker.com/blog/lovense-still-leaking-user-emails/
Edit: If you have Twitter Please retweet this. This guy was one of the CO Founders of Lovense and got kicked out like how Mark Zuckerburg from Facebook did to one of his Co-Founders
https://x.com/LovenseDispute/status/1879155775865589995
#InfoSec#BugBounty#ResponsibleDisclosure#Security#Vulnerability#IoT #cybersecurity
Yet another example of a 'Smart device' company deciding that - No. You Don't actually Own The Thing.
"Smart home device maker Futurehome is forcing its customers’ hands by suddenly requiring a subscription for basic functionality of its products.
“You lose access to controlling devices, configuring; automations, modes, shortcuts, and energy services,” a company FAQ page says." - ArsTechnica
Kathy Reid
and 1 other
boosted
Heads up #AU #hardware#IoT hackers: soldering stations on sale under $50 at Rockby this week: https://www.rockby.com.au/Rockby/Mailer/WEEK3025_1.cfm
ETA: whoops, FHoDed the server
ETFA: Duct tape on sale too if that's your kink
Heads up #AU #hardware#IoT hackers: soldering stations on sale under $50 at Rockby this week: https://www.rockby.com.au/Rockby/Mailer/WEEK3025_1.cfm
ETA: whoops, FHoDed the server
ETFA: Duct tape on sale too if that's your kink
alcinnz
and 1 other
boosted
eSIM vulnerability discovered. That's gonna be a rough one to fix if it is genuinely exploitable.
eSIM vulnerability discovered. That's gonna be a rough one to fix if it is genuinely exploitable.
Alan Zimmerman
boosted
This is why I got frustrated with #IoT after many years of enthusiasm.
In an ideal world, all devices should seamlessly talk to each other, with no need for too many bridges, apps and intermediaries. Just like a Web browser doesn't need proprietary bridges and adapters to render a website over HTTPS.
And, in some sense, some devices do - those that properly implement the Zigbee protocol and (even better) Z-Wave.
Matter was that other thing that everyone used to talk about, too much and for too long, but as I expected a couple of years ago it didn't really happen, or at least not a significative scale. That's because protocols and standards should come together organically, rooted in FOSS and blessed by the ISO/IEEE/IETF. Not scrapped together as an afterthought by a couple of big corporations that just want to solve the "how do I make my certified product talk to your certified product?" problem by proposing yet another competing standard, without even bothering to look at what solutions (like Zigbee/Z-Wave) are already working.
Unfortunately, despite my hopes, that standardization of the IoT landscape, that moment where everybody blesses and embraces the TCP/IP of IoT, hasn't really happened.
And the reason why it hasn't happened, and why most of the smart devices out there in 2025 still talk Wi-Fi over priorietary protocols, and require either a physical bridge or a virtual one in the form of a mobile app, and instead of wide compatibility offered by open standards they still rely on ridicolously outdated "Works with Alexa/SmartThings/Google Assistant" labels (which remind me of the "Works with Internet Explorer 6" GIF that many websites used to sport in the early 2000s), is the most boring one. It's because they want control.
A lightbulb or a switch that talks Zigbee can work with anything that supports Zigbee. You can flash an open firmware on a CC2531 microcontroller, plug it in your RPi, install zigbee2mqtt, and suddenly any open home automation platform (HomeAssistant, OpenHAB, Platypush...) will recognize it and allow you to control it.
This is amazing from a user's perspective, but it sucks from the perspective of a greedy business manager.
Because, if you can use HomeAssistant or Platypush to control your lightbulb, then the vendor can't make extra money by selling you a bridge.
They can't force you to connect another device to your network to sniff all that juicy Intranet traffic and send it back home.
They can't force you to install a mobile app that requires tons of permissions, so they can grab and sell your location data or your bathing habits to any data broker willing to pay for it every time you turn on the lights.
They can't lock you inside subscription plans, premium features or other recurring revenue traps.
They can't forcefully push background upgrades to your devices to make them even more effective in their primary task - spying on you.
In other words, giving you devices that work (and will always work) on top of truly open protocols means that these vendors will be akin to the retail shop that sells you a lightbulb because you need one, and doesn't expect to make any extra profits from it after your purchase.
And this idea is a nightmare for the current generation of business manager. WHERE IS MY YEARLY RECURRING REVENUE?? WHERE IS MY OWN ECOSYSTEM?? WHERE IS MY LOCK-IN AND UPSELL STRATEGY??
So that's why we've ended up in a state that is still as fragmented as it was 15 years ago. Because incentives were never aligned to force those vendors to put the user's interests at the center. And, when you don't have those incentives, products will inevitably and predictably enshittify over time.
For putting things in perspective on how big of a tragedy this is: can you imagine a world where some geeks at CERN hadn't decided to put together HTTP and give it away to the world?
A world where the Internet experience consists of a bunch of closed and mutually incompatible apps instead of largely mutually-compatible browsers, each implementing their own competing transport protocols, each with their own convention for identifying resources (no URLs), each resource using different markup languages, each app supporting only a limited set of domains, and each of them available only on a subscription plan?
Because that's exactly where we are with the IoT. And things could have been much better than this.
But you know what's another often forgotten problem with this business model?
That when you're locked inside of somebody else's ecosystem, and you have no alternatives but to use their software and hardware to interact with those devices, then all it takes for your expensive smart devices to become trashware is a new business manager who joins the company and says "this product line is not profitable enough, we need to cut it".
And the sad part is that this will inevitably happen to all the smart devices that you purchase and that don't support open protocols - unless you're strongly confident that the company that produces them will still be around in 10, 50 or 100 years.
What happens after that decision is usually a well-rehearsed protocol. An email is sent out to all customers announcing that their products will be discontinued and abandoned, and that the app will be pulled down from all the stores.
And these emails almost try to make you feel guilty - "how come you haven't yet thrown away all the electronic devices in your home that you purchased 10 years ago to buy some new ones? How are we supposed to make money if there are people like you that don't keep buying new smart switches from us every year?"
These emails usually contain a quite dismissive "we're sorry about any inconvenience caused by this decision, but....BYEEEE!!!"
A deadline is provided for the complete end-of-life of your product, and by then you're expected to just throw a device made of environmentally hazardous plastics, rare earths and heavy metals in a landfill, and go to your local store to buy a new one - all because a clueless greedy guy who just came out of a business school, and to whom it doesn't matter if you produce IoT devices or biscuits made of stone, complained about profitability and recurring revenue.
Luckily, if you are a Belkin user who still has some WeMo devices, you can still rely on Platypush to control them.
I made a plugin a while ago to interact with those devices without the mobile app https://docs.platypush.tech/platypush/plugins/switch.wemo.html (and this was actually one of the first plugins I developed, as I purchased those plugs more than 10 years ago).
It previously leveraged ouimeaux (an open-source project to interact with Belkin products put together through some extensive reverse engineering), but eventually I incorporated most of that implementation in Platypush itself after ouimeaux was discontinued.
I can't make promises about maintaining this long-term because I no longer use those devices (but they're safely stored in a cupboard, not in a landfill), but I still have them around if anyone needs supports for debugging stuff.
I wish that my industry was different. I wish that MBAs had kept clear of it. I wish that they had never tried to subjugate and pollute the purity of engineering with their perverse ideas on how to get rich while not giving people what they need. But here we are. So the best we can do is to reverse engineer and pirate the shit out of them, build and spread open and compatible implementations of their software and protocols, avoid all of their lock-in traps, keep your phone free of their crapware, and demand that hardware products that you install in your own home should only get obsolete when they physically break apart after several decades of continuous use - not because of software-enforced planned obsolescence.
There are some electrical sockets in my late grandpa's home that still do their job 80 years after being installed. I'd like my grandsons to also come to my house one day, and find out that the same devices that I use today are still working. Without me having to replace them every couple of years, without being locked out of them as soon as I stop to pay for a subscription, and without me embracing the same technology used 80 years ago by my grandpa as an alternative. Otherwise we can't really call it progress.
This is why I got frustrated with #IoT after many years of enthusiasm.
In an ideal world, all devices should seamlessly talk to each other, with no need for too many bridges, apps and intermediaries. Just like a Web browser doesn't need proprietary bridges and adapters to render a website over HTTPS.
And, in some sense, some devices do - those that properly implement the Zigbee protocol and (even better) Z-Wave.
Matter was that other thing that everyone used to talk about, too much and for too long, but as I expected a couple of years ago it didn't really happen, or at least not a significative scale. That's because protocols and standards should come together organically, rooted in FOSS and blessed by the ISO/IEEE/IETF. Not scrapped together as an afterthought by a couple of big corporations that just want to solve the "how do I make my certified product talk to your certified product?" problem by proposing yet another competing standard, without even bothering to look at what solutions (like Zigbee/Z-Wave) are already working.
Unfortunately, despite my hopes, that standardization of the IoT landscape, that moment where everybody blesses and embraces the TCP/IP of IoT, hasn't really happened.
And the reason why it hasn't happened, and why most of the smart devices out there in 2025 still talk Wi-Fi over priorietary protocols, and require either a physical bridge or a virtual one in the form of a mobile app, and instead of wide compatibility offered by open standards they still rely on ridicolously outdated "Works with Alexa/SmartThings/Google Assistant" labels (which remind me of the "Works with Internet Explorer 6" GIF that many websites used to sport in the early 2000s), is the most boring one. It's because they want control.
A lightbulb or a switch that talks Zigbee can work with anything that supports Zigbee. You can flash an open firmware on a CC2531 microcontroller, plug it in your RPi, install zigbee2mqtt, and suddenly any open home automation platform (HomeAssistant, OpenHAB, Platypush...) will recognize it and allow you to control it.
This is amazing from a user's perspective, but it sucks from the perspective of a greedy business manager.
Because, if you can use HomeAssistant or Platypush to control your lightbulb, then the vendor can't make extra money by selling you a bridge.
They can't force you to connect another device to your network to sniff all that juicy Intranet traffic and send it back home.
They can't force you to install a mobile app that requires tons of permissions, so they can grab and sell your location data or your bathing habits to any data broker willing to pay for it every time you turn on the lights.
They can't lock you inside subscription plans, premium features or other recurring revenue traps.
They can't forcefully push background upgrades to your devices to make them even more effective in their primary task - spying on you.
In other words, giving you devices that work (and will always work) on top of truly open protocols means that these vendors will be akin to the retail shop that sells you a lightbulb because you need one, and doesn't expect to make any extra profits from it after your purchase.
And this idea is a nightmare for the current generation of business manager. WHERE IS MY YEARLY RECURRING REVENUE?? WHERE IS MY OWN ECOSYSTEM?? WHERE IS MY LOCK-IN AND UPSELL STRATEGY??
So that's why we've ended up in a state that is still as fragmented as it was 15 years ago. Because incentives were never aligned to force those vendors to put the user's interests at the center. And, when you don't have those incentives, products will inevitably and predictably enshittify over time.
For putting things in perspective on how big of a tragedy this is: can you imagine a world where some geeks at CERN hadn't decided to put together HTTP and give it away to the world?
A world where the Internet experience consists of a bunch of closed and mutually incompatible apps instead of largely mutually-compatible browsers, each implementing their own competing transport protocols, each with their own convention for identifying resources (no URLs), each resource using different markup languages, each app supporting only a limited set of domains, and each of them available only on a subscription plan?
Because that's exactly where we are with the IoT. And things could have been much better than this.
But you know what's another often forgotten problem with this business model?
That when you're locked inside of somebody else's ecosystem, and you have no alternatives but to use their software and hardware to interact with those devices, then all it takes for your expensive smart devices to become trashware is a new business manager who joins the company and says "this product line is not profitable enough, we need to cut it".
And the sad part is that this will inevitably happen to all the smart devices that you purchase and that don't support open protocols - unless you're strongly confident that the company that produces them will still be around in 10, 50 or 100 years.
What happens after that decision is usually a well-rehearsed protocol. An email is sent out to all customers announcing that their products will be discontinued and abandoned, and that the app will be pulled down from all the stores.
And these emails almost try to make you feel guilty - "how come you haven't yet thrown away all the electronic devices in your home that you purchased 10 years ago to buy some new ones? How are we supposed to make money if there are people like you that don't keep buying new smart switches from us every year?"
These emails usually contain a quite dismissive "we're sorry about any inconvenience caused by this decision, but....BYEEEE!!!"
A deadline is provided for the complete end-of-life of your product, and by then you're expected to just throw a device made of environmentally hazardous plastics, rare earths and heavy metals in a landfill, and go to your local store to buy a new one - all because a clueless greedy guy who just came out of a business school, and to whom it doesn't matter if you produce IoT devices or biscuits made of stone, complained about profitability and recurring revenue.
Luckily, if you are a Belkin user who still has some WeMo devices, you can still rely on Platypush to control them.
I made a plugin a while ago to interact with those devices without the mobile app https://docs.platypush.tech/platypush/plugins/switch.wemo.html (and this was actually one of the first plugins I developed, as I purchased those plugs more than 10 years ago).
It previously leveraged ouimeaux (an open-source project to interact with Belkin products put together through some extensive reverse engineering), but eventually I incorporated most of that implementation in Platypush itself after ouimeaux was discontinued.
I can't make promises about maintaining this long-term because I no longer use those devices (but they're safely stored in a cupboard, not in a landfill), but I still have them around if anyone needs supports for debugging stuff.
I wish that my industry was different. I wish that MBAs had kept clear of it. I wish that they had never tried to subjugate and pollute the purity of engineering with their perverse ideas on how to get rich while not giving people what they need. But here we are. So the best we can do is to reverse engineer and pirate the shit out of them, build and spread open and compatible implementations of their software and protocols, avoid all of their lock-in traps, keep your phone free of their crapware, and demand that hardware products that you install in your own home should only get obsolete when they physically break apart after several decades of continuous use - not because of software-enforced planned obsolescence.
There are some electrical sockets in my late grandpa's home that still do their job 80 years after being installed. I'd like my grandsons to also come to my house one day, and find out that the same devices that I use today are still working. Without me having to replace them every couple of years, without being locked out of them as soon as I stop to pay for a subscription, and without me embracing the same technology used 80 years ago by my grandpa as an alternative. Otherwise we can't really call it progress.
Neil Brown
boosted
🆕 blog! “Are Brother's Insecure Printers Illegal in the UK?”
Another day, another security disaster! This time, multiple printers from Brother have an unfixable security flaw. That's bad, obviously, but is it illegally bad?
Let's take a look at details of the vulnerability:
An unauthenticated attacker who knows the target device's serial…
👀 Read more: https://shkspr.mobi/blog/2025/07/are-brothers-insecure-printers-illegal-in-the-uk/
⸻
#CyberSecurity#IoT #law #legal#Legislation
🆕 blog! “Are Brother's Insecure Printers Illegal in the UK?”
Another day, another security disaster! This time, multiple printers from Brother have an unfixable security flaw. That's bad, obviously, but is it illegally bad?
Let's take a look at details of the vulnerability:
An unauthenticated attacker who knows the target device's serial…
👀 Read more: https://shkspr.mobi/blog/2025/07/are-brothers-insecure-printers-illegal-in-the-uk/
⸻
#CyberSecurity#IoT #law #legal#Legislation
So happy to see the project that I have been in love with and contributing to for the last several years getting so much attention.
If you work with ESP32 or RPi Pico devices and want a development platform built with fault tolerance and concurrency at it’s heart that allows you to write sophisticated applications with very little code AtomVM might be just what you are looking for.
Nerves is an IoT framework that includes a lot of embedded best practices in the fundamental design. A/B partitions, using Erlang for your init system, watchdogs, a robust approach to networking, signed firmware delivery, streaming firmware, minimal OS surface area.
The only general-audience talk I've given on Nerves focused on updating firmware/software and covers some of it:
https://www.youtube.com/watch?v=xsL_cusf66c
#iot #embedded #linux
Finally kicked off the development phase of this short IoT contract at @limeleaf@social.coop . I'm mainly building out the cloud service to show device inventory, their state, and data upload flow. I also get to advise the implementation of the embedded side from a security perspective.
I've built this a few times before on top of AWS IoT which is why we got the contract. Methinks we should advertise this skill more.
#IoT #GoLang #Security #mTLS #Embedded