[/blogfolio]

If it fits it ships... hot air #homelab

    My two servers started being way too much heat for my home office. My solution was to make it the problem of the rest of the world and vent it outside. A few 3d printed parts and a 4in exhaust fan, connected to home assistant, later...

    Huge difference! I probably should have taken a baseline measurement. Doh!

    It feels great. Inside. Trust me. STL, 3d printable, designs available on previous article.

  • A. Buford
  • June, 2022

Homelab: Teaching my oldest son, 9, to solder.

    He really did good work and has a new 'understanding' of how things function at a board level.

  • A. Buford
  • June, 2022

A stroll down electronic soldering

    Ever since telephone phreaking was 'a thing' soldering and hardware hacking has always been on my radar. I decided to set a little time aside to improve on my 'rework' skills.

    The plan is to take my time and finish with something that actually looks half decent. I am actually starting to find the process somewhat relaxing.

    I already ruined one led and pad. On to the next step.

  • A. Buford
  • June, 2022

Streaming /dev/video over lan w/ VLC

    I really never looked into the offerings of CLI VLC until recently and am amazed at how much it can do

    cvlc v4l2:///dev/video0 :v4l2-standard= :input-slave=alsa://hw:0,0 :live-caching=300 :sout="#transcode{vcodec=WMV2, vb=800, scale=1, acodec=wma2, ab=128, channels=2, samplerate=44100}:http{dst=:8080/stream.wmv}"

    This allows me to view a queen ant, under a microscope, over the LAN. She laid eggs. Awww and ewww. I'm not a fan of insects but the kids and I both enjoy the learning experience.

    🙃

    It made a lot more sense to multicast stream with rtp for a couple of reasons. 1st, I do not need connected clients to have any sort of data control. They are simply consuming the video stream. 2nd, it works better. Most likely because of the less overhead/bandwidth.

    cvlc -vvv v4l2:///dev/video0 --sout '#transcode{vcodec=mp2v,vb=800,acodec=none}:rtp{dst=239.0.0.1,port=5004,mux=ts}'

  • A. Buford
  • June, 2022

The tree in the back of the lab

    I have a palm tree in the back of the lab growing. It is also connected to my Home Assistant home automation system. The plan is to make this simple setup do everything by itself. The automation part is actually pretty interesting if you have ever coded before because it doesn't use code in the front end. It is basically 'IF-THEN' statements in a point-to-click interface. I'm all for anything nature-positive that deals with technology. So far so good.

  • A. Buford
  • June, 2022

USB Microscope with FREE Malware

    Very long story short. I needed a USB Microscope for another rabbit hole.. then I had a thought. Is Amazon marketplace being used to distribute malware? I bought a $20 USB Microscope from Amazon after reading the review below which caught my interest.

    Camera: https://www.amazon.com/dp/B07SR7YPV5?psc=1&ref=ppx_yo2ov_dt_b_product_details

    There were several reasons why the ad stood out specifically; 1) Several identical units under various sellers/brands. 2)4,800+ purchases for an item w/ several versions. 3) 80 people found "Buyer beware of virus/spyware!" to be a 'helpful' Customer Review. 4) No direct seller contact information available online other than email address. 5) Selling since 2019(ish). That is a long time for any non-professional camera device.

    After the unit arrived I went ahead and ran the softwares it was supplied with through VirusTotal. A cryptominer Trojan Horse and bot were found with file autorun.exe [Trojan.Win32.Miner.oa!s1 && https://www.virustotal.com/gui/file/54d268d385ad74ce096bc3848169eca9d8f70efb7e6d22bec68aa294ac32e27e]. Autorun.exe is A file which would automatically run on any Windows PC once the CD is inserted.

    VirusTotal: https://www.virustotal.com/gui/file/54d268d385ad74ce096bc3848169eca9d8f70efb7e6d22bec68aa294ac32e27e

    False positive? Or new-new obfuscation? I would like to dig a little more.

    https://www.jiusion.com/ Is pretty much a mirror of the Microscope sellers' website [https://bysameyee.com/]. When you initiate a search on address 'jiusion@outlook.com' you return A LOT of results and may begin to formulate a picture of their business model. They [possibly could] flood the market with an inexpensive USB microscope, with malware as software, and abandon shop when the outlook isn't great. Then open a new one. Fly-by-night 'usb' brands.

    Most data resources associated with that same email are sketchy and almost ALL include links to download AV software and or alternative product drivers. I'll pass.

    I decided to download all drivers and softwares directly from the Jiusion website and process through VirusTotal. Nothing was flagged...until Amcap.zip

    DO NOT DOWNLOAD: https://www.jiusion.com/tmp/madeimg/Amcap.zipfile.dont.linkme

    VirusTotal: https://www.virustotal.com/gui/file/60ec7e0d411aa74bce5f5cf42f6148a2b3ec81794d310ee06e37df502f93c6c6

    More flase positives?

    I decided to download all drivers and softwares directly from the Bysameyee website and process through VirusTotal.

    Next, DO NOT DOWNLOAD: https://www.bysameyee.com/tmp/madeimg/USBCAMERA.apkfile.dont.linkme

    VirusTotal: https://www.virustotal.com/gui/file/6136d776d55d734300d68fd0b3b95ba4b2f37482263b40b64b629735adc2c7a9

    Now, this one, is simply interesting when compared to the product listings. There is a big push to connect this camera to an Android device. The packing includes a usb OTG adapter and the device manual states it does not support Apple devices.

    Next, DO NOT DOWNLOAD: https://www.bysameyee.com/tmp/madeimg/OTGView.apkfile.dont.linkme

    VirusTotal: https://www.virustotal.com/gui/file/0d16b38417c1bb531b55e299bcc0578474bfc14bdc493265c7837abb3a57acdc

    My RE skills are not the greatest. I doubt I will further research. I was more so curious to see if Amazon took any steps to research product security, based on reviews, after being reported. A few years ago I reported a Uokoo wifi camera that was phoning home at odd hours of the day. I never received a response from the merchant, the manufacturer [in Shenzen], nor Amazon YET the product line was pulled entirely shortly after reported! Uokoo operated with a similar business model from my research.

    At this point, the average consumer, should purchase something more reputable.

    Yes. I'm keeping the scope.

    TLDR video version;

    *Yes, I know, a low YT score is usually a good sign. Not always!

  • A. Buford
  • June, 2022