IoT power switching equipment at [WayBack] Shelly Shop Europe:
Via: [WayBack] Tweakers Gift Guide 2019 – Smarthome – Koophulp – Tweakers
–jeroen
Archive for the ‘Development’ Category
Shelly Shop USA
Posted by jpluimers on 2021/09/01
Posted in Development, Hardware Development, IoT Internet of Things, Network-and-equipment, Power User | Leave a Comment »
Digging Through Event Log Hell (finding user logon & logoff) – Ars Technica OpenForum
Posted by jpluimers on 2021/08/31
This helped me big time finding failed logon attempts: [WayBack] Event Log Hell (finding user logon & logoff) – Ars Technica OpenForum
Alternatively, you can use the XPath query mechanism included in the Windows 7 event viewer. In the event viewer, select “Filter Current Log…”, choose the XML tab, tick “Edit query manually”, then copy the following to the textbox:
Code:<QueryList>
<Query Id="0" Path="Security">
<Select Path="Security">*[System[EventID=4624] and EventData[Data[@Name='TargetUserName'] = 'USERNAME']]</Select>
</Query>
</QueryList>This selects all events from the Security log with EventID 4624 where the EventData contains a Data node with a Name value of TargetUserName that is equal to USERNAME. Remember to replace USERNAME with the name of the user you’re looking for.
If you need to be even more specific, you can use additional XPath querying – have a look at the detail view of an event and select the XML view to see the data that you are querying into.
Thanks user Hamstro!
Notes:
- you need to perform this using
eventvwr.exerunning as an elevated process using an Administrative user CUA token. USERNAMEneeds to be the name of the user in UPPERCASE.- replacing
TargetUserNamewithsubjectUsername(as suggested by [WayBack] How to Filter Event Logs by Username in Windows 2008 and higher | Windows OS Hub) fails. - there are more relevant EventID values you might want to filter on (all links have screenshot and XML example of an event):
- [WayBack]
4624(S) An account was successfully logged on. (Windows 10) | Microsoft Docs - [WayBack]
4625(F) An account failed to log on. (Windows 10) | Microsoft Docs - [WayBack]
4626(S) User claims information./Device claims information. (Windows 10) | Microsoft Docs - [WayBack]
4634(S) An account was logged off. (Windows 10) | Microsoft Docs - [WayBack] 4647(S) User initiated logoff. (Windows 10) | Microsoft Docs
- [WayBack] 4648(S) A logon was attempted using explicit credentials. (Windows 10) | Microsoft Docs
- [WayBack]
4797(An attempt was made to query the existence of a blank password for an account) At the time of writing, it was undocumented, but it seems to be part of an account checking process as per [WayBack] Windows 8 Event ID 4797 in Security Log:
That means that an application or service makes an attempt to query the accounts which have blank password. I think some security software may make such request.
- [WayBack]
- blank (empty passwords) can only be used for local logon, so they disable network logon. That can be a useful security strategy.
Related:
- [WayBack] How to search the Windows Event Log for logins by username
- [WayBack] Active Directory – How to Find Failed Logon Requests – geekmungus
- [WayBack] Audit Failure – Suspicious Activity On A Server – IT Security – Spiceworks
–jeroen
Share this:
Posted in Development, Microsoft Surface on Windows 7, Power User, Software Development, Windows, Windows 10, Windows 7, Windows 8, Windows 8.1, Windows 9, Windows Vista, Windows XP, XML/XSD | Leave a Comment »
When Samsung TV’s fail, check the capacitors on the power board
Posted by jpluimers on 2021/08/31
[WayBack] Nick_Craver on Twitter: Plus Another mini-project: let’s see if we can’t figure out what’s wrong with this little guy. Symptoms: constant LCD on (briefly) and restart loop immediately when plugged in.
–jeroen
Share this:
Posted in Development, Displays, Hardware, Hardware Development, LifeHacker, Power User | Leave a Comment »
Some links that might help use SonarQube with Delphi
Posted by jpluimers on 2021/08/31
For my link archive:
- SonarQube – Wikipedia
- [WayBack/Archive] GitHub – fabriciocolombo/sonar-delphi: SonarQube Delphi Plugin
- [WayBack/Archive] plugins – How to Configure SonarQube for delphi? – Stack Overflow
- [WayBack/Archive] Delphi Plugin – SonarQube-4.5 – Doc SonarQube (deprecated)
- [WayBack/Archive] Add Delphi language support – New features – SonarSource Community
I am requesting Delphi (Object Pascal) support as it’s still a widely used language. At minimum, a generic Pascal language support is requested so it could be used for Delphi and FreePascal (FPC) A somewhat workable plugin is available for use as a base: https://github.com/fabriciocolombo/sonar-delphi
- [WayBack/Archive] GitHub – SandroLuck/SonarDelphi: This repository contains the source code to the Sonar-Delphi plugin. Can be used to analyse Delphi projects with SonarQube.
--jeroen
Share this:
Posted in Delphi, Development, Software Development, SonarQube, Static Code Analysis | 2 Comments »
“fixing” ESXi “rsync error: error allocating core memory buffers (code 22) at util2.c(106) [sender=3.1.2]”
Posted by jpluimers on 2021/08/30
Reminder to self: create a static ESXi binary for a recent rsync release.
Quite a few people have bumped into rsync erroring out with “large” sets of files (where large can be as low as ~1000), like for instance Tj commenting on my post “ESXi 5.1 and rsync – damiendebin.net.”:
ERROR: out of memory in receive_sums [sender] │······
rsync error: error allocating core memory buffers (code 22) at util2.c(102) [sender=3.1.1] │······
rsync: [generator] write error: Broken pipe (32) │······
I bumped into this myself as well, even when updating from rsync 3.1.0 to 3.1.2.
There are various static
rsyncfor ESXi around. Just a few of them for completeness:
- 3.1.0: ESXi 5.1 and rsync – damiendebin.net. (how to download the build by Damien Debin from http://damiendebin.net and how to create the right XML firewall settings from his [Wayback] gist)
- 3.1.2: [Wayback] DOWNLOADS – bachmann-lan.de via [Wayback] VMware ESXi 5.1 rsync 3.0.9 statically linked binary erstellen – bachmann-lan.de
- 3.1.3: [Wayback/Archive.is] noelmartinon/vmtools: Tools for VMware ESXi to use in ESXi which pointed at the wrong binary link, so I archived the right one in the Wayback machine.
There is also 3.0.9 (via [Wayback] VMware ESXi 5.1 rsync 3.0.9 statically linked binary erstellen – bachmann-lan.de), but it has a VMFS bug ([Wayback] 8177 – Problems with big sparsed files) as per [Wayback] ESXi 5.1 and rsync – damiendebin.net.)
The good news is that it is fixed in 3.2.2 as a user-configurable setting, but since there is no ESXi build yet (see reminder above)…
Anyway: [Wayback] 12769 – error allocating core memory buffers (code 22) depending on source file system
Wayne Davison 2020-06-26 03:56:35 UTCI fixed the allocation args to be size_t values (and improved a bunch of allocation error checking while I was at it). I then added an option that lets you override this allocation sanity-check value. The default is still 1G per allocation, but you can now specify a much larger value (up to "--max-alloc=8192P-1"). If you want to make a larger value the default for your copies, export RSYNC_MAX_ALLOC in the environment with the size value of your choice. Committed for release in 3.2.2.
This is what happens with 3.1.2 and 3.1.3:
time rsync -aiv --info=progress2 --progress --partial --existing --inplace /vmfs/volumes/Samsung850-2TB-S3D4NX0HA01043L/ Samsung850-2TB-S3D4NX0HA01043L/ sending incremental file list 0 0% 0.00kB/s 0:00:00 (xfr#0, ir-chk=1000/1259) ERROR: out of memory in flist_expand [sender] rsync error: error allocating core memory buffers (code 22) at util2.c(106) [sender=3.1.2] Command exited with non-zero status 22 real 0m 0.87s user 0m 0.10s sys 0m 0.00s time rsync -aiv --info=progress2 --progress --partial --ignore-existing --sparse /vmfs/volumes/Samsung850-2TB-S3D4NX0HA01043L/ Samsung850-2TB-S3D4NX0HA01043L/ sending incremental file list 0 0% 0.00kB/s 0:00:00 (xfr#0, ir-chk=1000/1259) ERROR: out of memory in flist_expand [sender] rsync error: error allocating core memory buffers (code 22) at util2.c(106) [sender=3.1.2] Command exited with non-zero status 22 real 0m 0.28s user 0m 0.12s sys 0m 0.00s Finished
I was lucky that [Wayback] “rsync error: error allocating core memory buffers” protocol version “3.1.2” – Google Search got me a result so quickly: add a --protocol-29 and you are set.
The first result (Wayback has the results reversed from what got) didn’t fix it. The second did.
- [Wayback] 225761 – net/rsync long path causes buffer overflow (update to 3.1.3)
- [Wayback/Archive.is] AIX Open Source – IBM Power Systems Community: rsync out of memory
As a work around, I added “
--protocol=29” to one of our servers that was consistently failing with “ERROR: out of memory in flist_expand [receiver]” “rsync error: error allocating core memory buffers (code 22) at util2.c(105) [receiver=3.1.3]” in rsync-3.1.3-2.ppcI read the man page and started experimenting with the protocol version until I lowered it enough to get it to work consistently.
The problem might be that running on the ESXi gives you limited memory, but then some 10k files should not use more than like half a megabyte of memory.
Sometime I will dig deeper into the protocol version differences, for now a list of files I think will be relevant for that (mainly look for protocol_version):
- [Wayback/Archive.is] csprotocol.txt
- [Wayback/Archive.is] main.c
- [Wayback/Archive.is] sender.c
- [Wayback/Archive.is] receiver.c
- [Wayback/Archive.is] compat.c
- [Wayback/Archive.is] clientserver.c
- [Wayback/Archive.is] authenticate.c
- [Wayback/Archive.is] rsync.h
Some web pages mentioning the --protocol option and might give me more insight in the protocol differences:
- [Wayback] linux – rsync protocol incompatibility – Server Fault
- [Wayback] rsync(1) man page
- [Wayback] rsync NEWS (with release history)
- [Wayback] linux – Trouble negotiating rsync protocol versions – Super User
- [Wayback] bash – Rsync seems incompatible with .bashrc (causes “is your shell clean?”) – Server Fault
With --protocol=29, time estimation is way off, but there are no errors:
time rsync -aiv --info=progress2 --progress --partial --existing --inplace --protocol=29 /vmfs/volumes/Samsung850-2TB-S3D4NX0HA01043L/ Samsung850-2TB-S3D4NX0HA01043L/ building file list ... 9059 files to consider .d..t...... isos/ 27,593 0% 0.00kB/s 0:00:06 (xfr#1, to-chk=0/9059) sent 212,594 bytes received 268 bytes 20,272.57 bytes/sec total size is 3,055,677,645,398 speedup is 14,355,204.99 real 0m 13.31s user 0m 1.35s sys 0m 0.00s time /vmfs/volumes/5791a3e1-0b9368de-4965-0cc47aaa9742/local-bin/rsync -aiv --info=progress2 --progress --partial --ignore-existing --sparse --protocol=29 /vmfs/volumes/Samsung850-2TB-S3D4NX0HA01043L/ Samsung850-2TB-S3D4NX0HA01043L/ building file list ... 9059 files to consider >f+++++++++ isos/EN-Windows-XP-SP3-VL.iso ... cd+++++++++ ESXi65.filesystem-root/usr/share/ 216,868,164,639 7% 40.64MB/s 1:24:48 (xfr#2571, to-chk=0/9059) sent 216,894,938,870 bytes received 57,858 bytes 42,582,702.80 bytes/sec total size is 3,055,677,645,398 speedup is 14.09 real 1h 24m 58s user 34m 5.59s sys 0m 0.00s Finished
Even not on ESXi, there were just a few people bumping into this, so I wonder why there are so few matches on [Wayback] “ERROR: out of memory in flist_expand [sender]” “sender=3.1” – Google Search:
- RHEL rsync.x86_64 3.1.2-6.el7_6.1 [Wayback] 1751822 – rsync failing with out of memory in flist_expand (Redhat denied fix effort because “Red Hat Enterprise Linux version 7 entered the Maintenance Support 1 Phase in August 2019”)
- Cygwin rsync 3.0.9:
–jeroen
Share this:
Posted in *nix, *nix-tools, ash/dash development, Development, ESXi5, ESXi5.1, ESXi5.5, ESXi6, ESXi6.5, ESXi6.7, ESXi7, Power User, rsync, Scripting, Software Development, Virtualization, VMware, VMware ESXi | Leave a Comment »
firewalld: show interfaces with their zone details and show zones in use
Posted by jpluimers on 2021/08/26
A while ago openSUSE switched to firewalld as a fronte-end for iptables. Tumbleweed was first in 2018, so I wrote a reminder: On my research list: migrate from OpenSuSE SuSEfirewall2 to firewalld « The Wiert Corner – irregular stream of stuff.
The core concept of firewalld is zones, which some people find hard to understand: [Archive.is/WayBack] Firewalld on Leap 15 – why is it so complicated ? : openSUSE.
Another concept is interfaces and how they bind to zones. [Wayback] Masquerading and Firewalls | Security Guide | openSUSE Leap 15.2 shows more of that.
The final concept is services that bind one or more aspects (like ports or addresses) to a service name [Wayback] Documentation – Manual Pages – firewalld.service | firewalld.
Other interesting bits of information:
- Wayback] 5 Useful Examples of firewall-cmd command – The Geek Diary
- [Wayback] How to enable ssh on startup in opensuse – Server Fault
- [Wayback] How to enable or disable firewall in SLES 15 – Init Pals
Below are some examples on what I learned, especially finding details about active interfaces and the zones they are bound to.
All of them are based on:
- the
xargsshell trick (I known you can do some of them without the trick, but I try to use common patterns in my solution so I do not have to remember which boundary case fails - the
echo-n trick to skip the newline output - the [WayBack]
firewall-cmdoptions (which kind of care commands)--get-active-zones:
Print currently active zones altogether with interfaces and sources used in these zones. Active zones are zones, that have a binding to an interface or source. The output format is:
zone1 interfaces: interface1 interface2 .. sources: source1 .. zone2 interfaces: interface3 .. zone3 sources: source2 ..If there are no interfaces or sources bound to the zone, the corresponding line will be omitted.
--list-interfaces:
List interfaces that are bound to zone
zoneas a space separated list. If zone is omitted, default zone will be used.--get-zone-of-interface=<zone>:
Print the name of the zone the
interfaceis bound to or no zone.--info-zone=<zone>(which shows far more information than the manual indicates):
Print information about the zone
zone. The output format is:zone interfaces: interface1 .. sources: source1 .. services: service1 .. ports: port1 .. protocols: protocol1 .. forward-ports: forward-port1 .. source-ports: source-port1 .. icmp-blocks: icmp-type1 .. rich rules: rich-rule1 ..
Two more notes before the examples:
- My first hunch was to use
--list-all-zones, but that shows details of all un-used zones as well. - I am not fully sure about the
--list-interfacesto list *all* interfaces. I might replace this later withls /sys/class/net(see [WayBack] linux – List only the device names of all available network interfaces – Super User).
Other useful commands
Besides lising zones and interfaces, you might be interested in services and ports:
# firewall-cmd --list-services dhcpv6-client ssh # firewall-cmd --list-ports
List used zones
The first only shows the zone names
# firewall-cmd --list-interfaces | xargs -I {} sh -c 'firewall-cmd --get-zone-of-interface={}' public
The second both zones and interfaces:
# firewall-cmd --get-active-zones public interfaces: ens192
When there are no bound interfaces
OpenSuSE by default does not bind interfaces to zones; it means any interface uses the default zone. That means the --list-interfaces commands in this blog post fail.
You can check this behaviour by running this command:
# ls /sys/class/net | xargs -I {} sh -c 'echo -n "interface {} has zone " ; firewall-cmd --get-zone-of-interface={} | xargs -I [] sh -c "echo [] ; firewall-cmd --info-zone=[]"' interface eth0 has zone no zone interface lo has zone no zone interface wlan0 has zone no zone
Alternatives:
- Finding the default zone
# firewall-cmd --get-default-zone public - Details of the default zone
# firewall-cmd --info-zone=$(firewall-cmd --get-default-zone) public target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
You can see that here the public zone is marked default which means it binds to any interface that is not bound to a specific zone.
List used zone details
# firewall-cmd --list-interfaces | xargs -I {} sh -c 'firewall-cmd --get-zone-of-interface={} | xargs -I [] sh -c "firewall-cmd --info-zone=[]"' public (active) target: default icmp-block-inversion: no interfaces: ens192 sources: services: dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
List interfaces and their zones:
# firewall-cmd --list-interfaces | xargs -I {} sh -c 'echo -n "interface {} has zone " ; firewall-cmd --get-zone-of-interface={}' interface ens192 has zone public
List interfaces and their zone details:
# firewall-cmd --list-interfaces | xargs -I {} sh -c 'echo -n "interface {} has zone " ; firewall-cmd --get-zone-of-interface={} | xargs -I [] sh -c "echo [] ; firewall-cmd --info-zone=[]"' interface ens192 has zone public public (active) target: default icmp-block-inversion: no interfaces: ens192 sources: services: dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
Verifying if dns service is available, then allow it on public
Verify if a DNS is in the enabled services:
# firewall-cmd --list-services dhcpv6-client ssh
Here no DNS service is enabled, so I need to figure out if any DNS service is available to be enabled.
This lists all the services that can be enabled in a zone:
# firewall-cmd --get-services
On my system, this returned the following list:
RH-Satellite-6 amanda-client amanda-k5-client amqp amqps apcupsd audit bacula bacula-client bb bgp bitcoin bitcoin-rpc bitcoin-testnet bitcoin-testnet-rpc bittorrent-lsd ceph ceph-mon cfengine cockpit condor-collector ctdb dhcp dhcpv6 dhcpv6-client distcc dns dns-over-tls docker-registry docker-swarm dropbox-lansync elasticsearch etcd-client etcd-server finger freeipa-4 freeipa-ldap freeipa-ldaps freeipa-replication freeipa-trust ftp ganglia-client ganglia-master git grafana gre http https imap imaps ipp ipp-client ipsec irc ircs iscsi-target isns jenkins kadmin kdeconnect kerberos kibana klogin kpasswd kprop kshell ldap ldaps libvirt libvirt-tls lightning-network llmnr managesieve matrix mdns memcache minidlna mongodb mosh mountd mqtt mqtt-tls ms-wbt mssql murmur mysql nfs nfs3 nmea-0183 nrpe ntp nut openvpn ovirt-imageio ovirt-storageconsole ovirt-vmconsole plex pmcd pmproxy pmwebapi pmwebapis pop3 pop3s postgresql privoxy prometheus proxy-dhcp ptp pulseaudio puppetmaster quassel radius rdp redis redis-sentinel rpc-bind rsh rsyncd rtsp salt-master samba samba-client samba-dc sane sip sips slp smtp smtp-submission smtps snmp snmptrap spideroak-lansync spotify-sync squid ssdp ssh steam-streaming svdrp svn syncthing syncthing-gui synergy syslog syslog-tls telnet tentacle tftp tftp-client tile38 tinc tor-socks transmission-client upnp-client vdsm vnc-server wbem-http wbem-https wsman wsmans xdmcp xmpp-bosh xmpp-client xmpp-local xmpp-server zabbix-agent zabbix-server
I was searching to see if dns was available, so I split the string with tr, then searced with grep:
# firewall-cmd --get-services | tr " " "\n" | grep dns
dns
dns-over-tls
mdns
To get details, use the firewall-cmd --info-service=servicename like this:
# firewall-cmd --get-services | tr " " "\n" | grep dns | xargs -I [] sh -c "firewall-cmd --info-service=[]" dns ports: 53/tcp 53/udp protocols: source-ports: modules: destination: includes: dns-over-tls ports: 853/tcp protocols: source-ports: modules: destination: includes: mdns ports: 5353/udp protocols: source-ports: modules: destination: ipv4:224.0.0.251 ipv6:ff02::fb includes:
So for named (bind), I need the dns service to be enabled:
# firewall-cmd --zone=public --add-service=dns --permanent success
Now a –list-services will not show dns as we changed the --permanent configuration, not the current configuration:
# firewall-cmd --list-services
dhcpv6-client ssh
So you need to --reload the --permanent settings:
# firewall-cmd --list-services --permanent
dhcpv6-client dns ssh
# firewall-cmd --reload
success
# firewall-cmd --list-services
dhcpv6-client dns ssh
–jeroen
Share this:
Posted in *nix, *nix-tools, bash, bash, Development, iptables, Linux, openSuSE, Power User, Scripting, Software Development, SuSE Linux, Tumbleweed, xargs | Leave a Comment »
html – CSS Display an Image Resized and Cropped – Stack Overflow
Posted by jpluimers on 2021/08/25
[WayBack] html – CSS Display an Image Resized and Cropped – Stack Overflow (thanks [WayBack] roborourke!); see full answer link for runnable snippet and HTML (the WordPress editor keeps fucking up preformatted code blocks with html or XML in it).
You could use a combination of both methods eg.
.crop { width: 200px; height: 150px; overflow: hidden; } .crop img { width: 400px; height: 300px; margin: -75px 0 0 -100px; }
You embed the img in a div with class .crop, or in-line the styles in the img and div tags.
--jeroen
Share this:
Posted in CSS, Development, HTML, HTML5, SocialMedia, Software Development, Web Development, WordPress, WordPress | Leave a Comment »
linux – How can I find all hardlinked files on a filesystem? – Super User
Posted by jpluimers on 2021/08/25
[WayBack] linux – How can I find all hardlinked files on a filesystem? – Super User
use the following line (for sure you have to replace
/PATH/FOR/SEARCH/with whatever you want to search):find /PATH/FOR/SEARCH/ -xdev -printf '%i\t%n\t%p\n' | fgrep -f <(find . -xdev -printf '%i\n' | sort -n | uniq -d) | sort -nthis scans the filesystem only once, shows inode, number of hardlinks and path of files with more than one hardlink and sorts them according to the inode.
if you are annoyed by error messages for folders you aren’t allowed to read, you can expand the line to this:
find /PATH/FOR/SEARCH/ -xdev -printf '%i\t%n\t%p\n' 2> /dev/null | fgrep -f <(find . -xdev -printf '%i\n' 2> /dev/null | sort -n | uniq -d) | sort -n
It uses these commands:
–jeroen
Share this:
Posted in *nix, *nix-tools, bash, bash, Development, fgrep, find, Power User, Scripting, Software Development | 1 Comment »
Some links on Flux outside React.js
Posted by jpluimers on 2021/08/24
The Flux architecture is often used in ReactJS, but there are also implementations outside that realm.
So here are some links for my archive:
- React (web framework): Use of the Flux architecture – Wikipedia
- [WayBack] In-Depth Overview
Flux is the application architecture that Facebook uses for building client-side web applications. It complements React’s composable view components by utilizing a unidirectional data flow. It’s more of a pattern rather than a formal framework, and you can start using Flux immediately without a lot of new code.
- [WayBack] Flux vs. MVC: Comparing two Application Design Patterns | DotNetCurry
- [WayBack] What the Flux? (On Flux, DDD, and CQRS) — Jack Hsu
- [WayBack] GitHub – mrpmorris/blazor-fluxor: A low-boilerplate Flux/Redux state library for Blazor
- [WayBack] GitHub – spinettaro/delphi-flux-seed (note this differentiates actions from events)
- [WayBack] GitHub – spinettaro/delphi-event-bus: Delphi Event Bus (for short DEB) is an Event Bus framework for Delphi
–jeroen
Share this:
Posted in .NET, C#, Delphi, Development, JavaScript/ECMAScript, ReactJS, Scripting, Software Development | Leave a Comment »
Some links related to Apple’s NeuralHash algorithm, as it was reverse engineered and collisions can be generated so abuse with pictures matching sensitive hashes can be performed
Posted by jpluimers on 2021/08/24
Last week, I wrote [Archive.is] Jeroen Wiert Pluimers on Twitter: “Apple’s NeuralHash algorithm for automagically reporting sensitive images from iOS devices has not only been reverse engineered, but also collisions can now be generated. Now just wait for abuse of innocent pictures matching sensitive hashes. … “
Below, for my link archive, some relevant links on this:
- [Archive.is] stacksmashing on Twitter: “I generated a picture that shows its own NeuralHash… “
- [Wayback/Archive.is] anishathalye/neural-hash-collider: Preimage attack against NeuralHash 💣
- [Wayback/Archive.is] ImageNet contains naturally occurring NeuralHash collisions
NeuralHash is the perceptual hashing model that back’s Apple’s new CSAM (child sexual abuse material) reporting mechanism. It’s an algorithm that takes an image as input and returns a 96-bit unique identifier (a hash) that should match for two images that are “the same” (besides some minor perturbations like JPEG artifacts, resizing, or cropping).
- [Wayback/Archive.is] ImageNet contains naturally occurring NeuralHash collisions
- [Wayback/Archive.is] roboflow-ai/neuralhash-collisions: A catalog of naturally occurring images whose Apple NeuralHash is identical.
- Serious flaw in Apple’s CSAM scanner uncovered: [Wayback/Archive.is] Apple says collision in child-abuse hashing system is not a concern – The Verge
- [Wayback/Archive.is] AsuharietYgvar/AppleNeuralHash2ONNX: Convert Apple NeuralHash model for CSAM Detection to ONNX.
- [Wayback/Archive.is] Apple’s NeuralHash Algorithm Has Been Reverse-Engineered – Schneier on Security
- [Wayback/Archive.is] International Coalition Calls on Apple to Abandon Plan to Build Surveillance Capabilities into iPhones, iPads, and other Products – Center for Democracy and Technology
- [Wayback/Archive.is] iOS 15 – Wikipedia: CSAM Detection (NeuralHash)
- [Wayback/Archive.is] Hash collision in Apple NeuralHash model : programming
- Thread about duplicate hashes fore both related and unrelated images: [Wayback] Sarah Jamie Lewis on Twitter: “I let NeuralHash run most of the day in the background processing ~200K images. Didn’t find any absolute “random” hashes (a few were 2-3 bits close) – but did find a few sets like this – sets of burst photos which match All have the same hash: 75bbd25662074bdc7ac97677… “
- [Archive.is] Rich Harang on Twitter: “Do you see a difference between these two images? Apple’s NeuralHash thinks they differ on 52 of 96 bits (ed570844756690de887ceec3 vs 2d574044756690de887cfe43). No I won’t tell you how I did it, but it runs on CPU in about 10 seconds. NeuralHash is trivial to evade.… “
- [Archive.is] badidea 🪐 on Twitter: “neural hash c78fc26ec100f8508d4e60a3 🙂… “
–jeroen
Share this:
Posted in AI and ML; Artificial Intelligence & Machine Learning, Development, Hashing, Power User, Security, Software Development | Leave a Comment »
The Wiert Corner - irregular stream of stuff 