Due to lemmy.world blocking pirating communities, I will now be using [email protected]

  • 5 Posts
  • 142 Comments
Joined 1 year ago
cake
Cake day: June 13th, 2023

help-circle

  • Shit, I’m even grateful for when you all tell me off.

    Oh fuck off!

    Just kidding! I haven’t seen any of your posts here (mostly because I sort by all) but yeah the people in this sub are top tier.

    A few weeks ago I came here to ask about building my own computer and which parts to get because it had been years since I’ve done so and everyone was nice about it.





  • They don’t need to be a techie. Just someone who can click a button.

    I am remembering Julian Assuage has/had a payload that was distributed via BitTorrent. The file was encrypted with a private key and his public key was posted either as a file in the package or on the site where the magnet file was downloaded.

    Before he was arrested, he encouraged everyone to download the file and sit on it and to keep seeding it. He said in the event of his untimely death, the password would be released for everyone to decrypt.

    That would be another option but you sort of need the notoriety to make this work.



  • I’ve actually given this a lot of thought over the years. The biggest issue for me is all my AWS services that no one in my family knows about.

    So the idea would be to, at minimum, let my family know what services are being used.

    Unfortunately there isn’t a turn-key solution. I’ve seen a number of well-meaning solutions and some that are quite novel but they all suffer from the same problems: how do you deal with false positives and how do you verify your deadness.

    I imagine that the problem is similar to the Yellowstone trash can problem, in that any solution to mitigate one will make it harder on the other.

    The best solution I’ve found is to have a two-person solution, similar to launching a nuke. You have automation that tests if you are active that emails a close friend or relative to verify you are indeed dead.

    Ideally there would be more than one person on this list a confirmation from two people would kick off all of the automations you code.











  • Edit: I just saw your edit. Great job fixing it! God I hate that you had to do this.

    What is the make and model of the wheelchair and the wheels?

    Links to their official website would be helpful.

    Did your wheelchair come with a regular manual? A link to a PDF would also help.

    If you want to go down a more…questionable route, you could call the wheelchair provider number. Use social engineering by saying you’re from a doctor’s office and you can’t get the wheels to activate.

    It helps to have a friend do this for you. You want a buffer and you want your friend to say “I am not sure” or “I don’t know” a lot. That way the company gives him or her more information on what to do next before calling you back.

    This is a terrible situation. Maybe your insurance will spring for the cost. It’s so infuriating that if I had access, I probably wouldn’t sleep until I figured it out and posted it everywhere.


  • Jesus fucking mother of Christ.

    Ok, I’m going to skip my indignation.

    I’m not an app developer or a wheel chair person. That said, we need some info to help you better.

    • What phone? Android or iOS?
    • link to the app (and a link it’s APK or whatever iPhones equivalent to an APK would be)
    • instructions on how you register, e.g. is registration tied to your phone, the wheelchair, or both?

    Here is some general hacking advice:

    • check online for your wheelchairs “provider” manual. I “hacked” my CPAP machine a few years back. My doctor forgot to turn on heated tubing and the setting was hidden behind a “provider” menu. Chances are good that there will be a similar manual for your wheelchair.
    • if you haven’t already, search for the make and model of your wheelchair and see if there are forums or discussion boards
    • typically, physical access is the best access. Depending on how your phone communicates with the chair, you might able to spy on the signals that it uses. My guess is Bluetooth. It probably is encrypted but medical devices are notoriously easy skimpy on their tech security. Might be worth a try
    • If you have the tools and the knowledge, consider taking apart the wheelchair to access the physical components. Information like the processor, chip set, etc will make it easier to understand how it works. While you might expect custom boards and software, more and more devices are going the Raspberry Pi or Pico route because they are cheaper to manufacturer than to do a whole custom board. If it’s a run of the mill consumer board, you have a lot more attack vectors.

    Often settings like these are based on PKI(Public Key Infrastructure), meaning that the program on your wheelchair likely knows the public key for the company and will test any input to change the settings will require the private key. Again, generally speaking.

    But also generally speaking, medical equipment, especially consumer equipment, has to deal with the lowest common denominator, meaning people who don’t have apps, who don’t know what a smart phone is, etc. Because of that, my hunch is that the setting is in plain text and you just need to change it.

    You also have to remember that the people setting this up are often in doctors offices, which means it must be easy to do because time is of the essence. The doctor would not recommend their product if it takes more than a few minutes to set up.

    I’m sorry I can’t give you better more specific advice but hopefully you can figure this out.


  • I’ve requested confirmation and have only gotten it once or twice.

    What I’ve started doing is actually just sending them their same exact terms via their corporate registered address (regardless of their instructions) with the arbitration clause and jury trial waiver and just about anything I don’t agree to removed. I tell them so long as they continue to provide the services to me, that they implicitly agree to the terms I’m sending them, with any further updates requiring them to send a registered (not certified) letter.

    I intentionally do not provide any way for them to identify my account except for the return address.

    I figured if I ever had to go to court, one of these things would happen:

    • judge finds that the original terms are enforceable, which means I’m no worse off
    • judge finds that my amended terms are enforceable, which means it worked
    • judge finds both terms unenforceable and I can continue to sue them

    So far, no company has ever written me back or turned off my access to the site.

    I suggest everyone do this because these forced arbitration clauses are very anti-consumer and we need to start clawing back our rights.