I recently discovered a similar concerning security issue with my KVM. In my case it was a pretty standard KVM for multiple machines to share a keyboard, mouse, and screen but also Ethernet. One day while looking at my home network I noticed the KVM had its own IP and was transferring GBs of data everyday. I quickly blocked it from my network. But having used it for a number of months I worried that with screen capture and access to all my input devices, someone could have gotten access to pretty much everything I use. I wasn’t able to figure out if any data was actually being sent off my network and I really didn’t want to put myself in any more risk so I just threw it in an electronics recycling bin. Pretty scary what a network connected KVM could maliciously do.
Shame you threw it away. It would have been useful to collect the traffic with Wireshark and share that with info about the device in a post or a blog for others to investigate and be warned about that brand and model.
Why did you not just login to the device, and switched off "Broadcast to multicast", or changed the destination address?
Edit: Some brands of Network-KVM use this, so that you can control the target device from another device, like e.g. an App on a tablet. That way you don't have to stand next to the target device in the noisy and cold machine room
The KVM didn't have any documentation on anything related to its network interface. I ran a port scan on it but didn't know if there was a way to log into it.
Was the network port bridged to both PCs all the time (as the description makes it sound, or did only the "active" PC get a functioning network connection?
Could you tell from the FDB of the upstream device, if there were more than two MAC addresses active on the port?
Did you (hopefully) open it up and make PCB pictures before chucking it?
This picture from the list of product pictures [0] indicates that the thing acts as an Ethernet bridge. It probably exposes itself as a USB-C gigabit Ethernet device to the machine it's plugged into.
Page four of TFM [1] supports this theory.
Also, this functionality is called out in the product listing and in the manual. I'm over here laughing my ass off because OP got so frightened by this clearly-documented feature that they immediately threw the thing in the trash, rather than first investigating to see if the source of the network traffic was the machines plugged into the device.
I'm not an expert on this, but know enough to know the KVM doesn't need its own IP. In fact, the KVM I replaced it with provides ethernet to both my machines (at the same time) without getting its own IP.
The manual, as OP said, does not offer any explanation, why the device might show up with an additional MAC/IP at the upstream switch port, and which services it might offer. OP sounds knowledgeable enough to be able to exclude the possibility, that the additional MAC/IP could be from one of the PCs, like e.g. when playing with VMs using an internal bridge in the Hypervisor.
Maybe the device has a bigger "cousin" device, that includes "control via APP", and this feature was not properly/fully disabled on this one.
The network was active for both machines connected to it. And it had its own IP. So 3 MAC addresses in total. I didn't ever open it up. But maybe someone will be interested in buying one and exploring more.
The book uses Scala & ZIO but intends to be more about the concepts of Effects than the actual implementation. I'd love to do a Flix version of the book at some point. But first we are working on the TypeScript Effect version.
Author here. Yeah, the Go language feels very archaic when using more modern languages. Some things I miss when I use Go: immutability as a default, monadic error handling, type classes, higher-kinded types, high-level collection operations (map, flatmap, filter, etc), ADTs, extensive pattern matching, expression-orientedness, and explicit null handling.
You're assuming that tech is a meritocracy (it very much is not).
You're implying that if a tool is archaic, things cannot be done with it (also not true).
You're also explicitly saying that the features James mentioned are esoteric, which is easily disproven by the fact that many mainstream languages have them nowadays.
Some of the world's most incredible software is written in C and JavaScript and both are languages with incredible deficiencies from a language design standpoint. This doesn't take away from the software that was written in them.
The switch to Google Maps will definitely be nice since their current maps are crap. Not sure about the other pieces but it probably can't get worse than it currently is. I have the newest XC90 and the on-screen stuff is absolutely horrible. I run into many bugs every day and the response from support has been abysmal.
My wife got an XC90 about 2 years ago and I have to agree. Even changing the channel on the radio is bad - I press next channel, next channel, and it takes me back to the first channel repeatedly.
The car looks and handles great, but we won't be getting another Volvo just because the electronics are so bad.
Agree. I have the same vehicle and am simply astounded at how bad the entire UI is. How can a company like that with such a good brand ship something so awful in their flagship product?
"Where will the next great programming language come from?"
Interestingly Scala has come from Academia, Industry, and Hobbyists. And for me it's already the next great programming language. Yeah, it has some warts and is hard to learn but that's true of all great things. :)
> Scala has come from Academia, Industry, and Hobbyists.
That's an interesting point. The slide implies there will be no next great programming language because academia nor industry nor hobbyists can deliver it, but overlooks the possibility of a combination working together. For example, Rust started as Graydon Hoare's hobbyist language and then development was sponsored by Mozilla.
Yeah this comment stuck out to me in the presentation. Industry has a great record of creating + supporting languages. C#, F#, Dart, Swift, Rust, D are all languages that are actively supported by industry, and some were even created by industry too. Just seemed like a weird statement for the slides to say that new languages just aren’t going to appear.
If anything, almost too many of them. In the esoteric language area, every new language takes away from libraries for other ones as the communities get spread out. I do think the spread of ideas from that setup is good though.
But how many of those languages include substantial innovation? To me they seem to be mostly rehashing existing technology with slight cosmetic tweaks in order to serve the profit interests and ego of their creators.
Now, whatever innovation this proliferation of languages may bring, it also brings fragmentation which acts as a counter-weight on the value created for the industry as a whole.
Whether the net effect is positive or negative is very difficult to tell.
setTimeout uses the same message queuing system as XHR, DOM events, or communicating with stuff that has its own stack like iframes or workers. That's why a function with a timeout of 0 will not fire until after it's enclosing function has popped. Functions block. Waiting for messages doesn't. That's the model for JS concurrency.
