Notices by dragosr (dragosr@chaos.social)

Congratulations to the new American administration, achieving something no Canadian politician has been able to - rallying the entire country around the flag.

Uniting BC's left wing Eby, Ford's right wing Conservatives, Trudeau/Carney's centrist Liberals, even separatist CAQ François Legault saying Quebec must stand together with the rest of Canada and fight (!!!).

I don't think we have seen ALL of Canada synchronize and unify like this to respond to a threat since WW2.

P.S. Of the U.S.’s top five trading partners, Canada was the only country with whom the U.S. had a trade surplus in manufacturing (US$33 billion in 2023).

Canada buys more from the U.S. than any country on earth — more than U.K., France, Germany, Italy and Vietnam combined.

And they are already taking wines and spirits from "red states" off provincial liquor store shelves.

Here is a small sample of the affected products now being removed from Canada's stores.

Why worry about government access - when its available on the internet? DeepSeek Leak.

https://www.wiz.io/blog/wiz-research-uncovers-exposed-deepseek-database-leak

Good explanation of why AES-GCM should be frowned upon - catastrophic failure upon nonce/IV reuse. Use XChaCha20-Poly1305 if you are dealing with low computing power devices or the lesser well known AES-SIV or AES-GCM-SIV modes... and use post-quantum resistant key exchanges like KEM.

https://frereit.de/aes_gcm/

@cy @annika It's still probably Matrix under the hood.

For those unfamiliar with it, there are loads of Matrix networks, private, public networks.

I was trying to match the screenshots with known Matrix clients to verify, problem is there are too many now. Think we can rule out text only ones but, with multiple mobile and desktop OS versions each that's a lot to check:

Element
Element X
FluffyChat
Nheko
Cinny
Fractal
Quaternion
gomuks
Hydrogen
NeoChat
SchildiChat
Ement.el
Tammy
iamb
chatty

Please note that these folks seem a little confused about the the takedown of a single Matrix server. Matrix is an open source encrypted protocol, and there are multiple sets of Matrix clients (Element most popular) and open source server sw, many servers, and multiple matrix networks. This takedown seems unrelated to matrix.org

https://www.pcmag.com/news/encrypted-chat-service-seized-2m-messages-read

For those going home to visit family this weekend:

• Samsung calls it Auto Motion Plus
• LG calls it TruMotion
• Sony calls it Motionflow
• Roku calls it Action Smoothing
• Google TV calls it Motion Enhancement
• Vizio calls it Smooth Motion Effect.
• Panasonic calls it Intelligent Frame Creation (IFC)
• Philips calls it Perfect Natural Motion
• Sharp calls it AquoMotion
• Toshiba calls it ClearScan
• JVC calls it Clear Motion Drive
• Magnavox calls it Perfect Pixel HD

1/4

• Hisense calls it Ultra Smooth Motion
• TCL calls it Clear Motion Index (CMI)
• Sceptre refers to it as MEMC (Motion Estimation and Motion Compensation)
• Insignia calls it Smooth Motion
• Element uses Motion Rate
• Westinghouse refers to it as Enhanced Motion
• RCA calls it Motion Rate
• Blaupunkt refers to it as Active Motion
• Hitachi uses Clear Motion Rate
• Finlux calls it Smooth Motion Rate
• Thomson uses Clear Motion Index

2/4

• Hitachi uses Clear Motion Rate
• Grundig refers to it as Vivid Motion
• Polaroid refers to it as Motion Rate
• Emerson uses Clear Motion
• Vestel calls it Pixellence
• Funai refers to it as Clear Pix Motion
• Proscan calls it Motion Rate
• Bang & Olufsen calls it Motion Enhancement
• Loewe refers to it as Image+ Active

3/4

• Metz uses MetzMotion
• Haier calls it Smooth Motion Rate
• Skyworth refers to it as Motion Compensation
• Seiki uses Smooth Motion
• AOC calls it Clear Motion Rate
• Xiaomi refers to it as MEMC Technology
• OnePlus calls it MEMC

4/4

Here is a menu guide to turning off interpolation, which can make cinematic content look unnatural—similar to soap operas—introducing visual glitches around moving objects due to inaccurate predictions, and adds input lag for gamers, negatively affecting gameplay responsiveness. Film-makers hate it. It ruins their films and careful lighting. Defaults to on on most TVs and drives most people crazy, making movies look "off."

D-Link tells users to trash old VPN routers over bug too dangerous to identify.

Hopefully folks realize they should replace it with another vendor.

This vuln was covered at DEF CON 32 by Sam Curry. TR-069 is an admin access protocol that lets DLink work with your router remotely (reset device, etc.). Bad actors use spoofed requests to change config data, read the MAC address, monitor traffic, and use them as botnets. TR-069 is industry standard

https://www.theregister.com/2024/11/20/dlink_rip_replace_router/

Just a heads up for those who use "legacy" mail reader systems:

Google is shutting off password access to mail, calendars, and contacts, forcing OAuth2 to authenticate.

Anything with IMAP, SMTP, POP, CalDAV, or CardDAV using basic auth will fail.

https://support.google.com/a/answer/14114704

SectorC: C compiler written in x86-16 assembly that fits within the 512 byte boot sector of an x86 machine. It supports a subset of C that is large enough to write real and interesting programs. It is quite likely the smallest C compiler ever written.

https://xorvoid.com/sectorc.html

30 years ago today, we started putting images on the web. Marc Andreessen proposed adding the IMG tag to HTML.

It's 2023 and we are still getting NetHack CVEs https://nvd.nist.gov/vuln/detail/CVE-2023-24809