10 interesting stories served every morning and every evening.

Access denied | videocardz.com used Cloudflare to restrict access | videocardz.com

videocardz.com

Please en­able cook­ies.

Error 1005

What hap­pened?

The owner of this web­site (videocardz.com) has banned the au­tonomous sys­tem num­ber (ASN) your IP ad­dress is in (14061) from ac­cess­ing this web­site.

Please see https://​de­vel­op­ers.cloud­flare.com/​sup­port/​trou­bleshoot­ing/​http-sta­tus-codes/​cloud­flare-1xxx-er­rors/​er­ror-1005/ for more de­tails.

Was this page help­ful?

Thank you for your feed­back!

Cloudflare Ray ID: a1d4c4498b0343f7 •

Your IP:

167.99.127.20 •

Performance & se­cu­rity by Cloudflare

Regressive JPEGs: (Maurycy's blog)

maurycyz.com

One of the cool fea­tures of JPEG files is that there’s the op­tion to save low fre­quency com­po­nents first. This means that a par­tially down­loaded im­age will be dis­played at low res­o­lu­tion in­stead of be­ing cut off.

In the file, this works by break­ing up the com­pressed data into mul­ti­ple scans”, each pre­fixed with a header. Here’s the first scan of a rep­re­sen­tive im­age:

FF DA - start of scan” marker 00 0C - Big en­dian length field (12 bytes) Includes it­self 03 - Number of chan­nels in scan (3) 01 - Global id of first in­cluded chan­nel 00 - Huffman table in­dex #1 (DC: 0, AC: 0) 02 - Global id of sec­ond in­cluded chan­nel 10 - Huffman table in­dex #2 (DC: 1, AC: 0) 03 - Global id of third in­cluded chan­nel 10 - Huffman table in­dex #2 (DC: 0, AC: 0) 00 - Starting DCT bin (DC) 00 - Ending DCT bin (also DC) 01 - Precision: half, no pre-ex­ist­ing data.

f8ad 512d d3f1 cd96 - Huffman coded DCT co­ef­fi­cients bcb0 58df 53d5 5d97 […and a lot more]

… this one in­cludes the low­est (DC) Fourier bin for all three color chan­nels.

The three color chan­nels are YCbCr in­stead of the usual RGB. The lu­mi­nance (Y) seper­ated be­cause it must be high qual­ity, but the color can be fudged quite a bit while look­ing fine.

Very roughly: Y = G, Cb = B - G, Cr = R - G

After it, the file con­tains eight more scans to fill in the rest of the data:

Scan #0 con­tains a very low res­o­lu­tion pre­view of the im­age.

Scan #1 adds some de­tails to the lu­mi­nance.

Scans num­ber two through five con­tain full low pre­ci­sion data.

Scan 4 has an un­usual spec­tral range be­cause it’s fill­ing in the gap left by #1. That way, num­ber 5 has full quar­ter pre­ci­sion data to build on.

Scans six through nine add the fi­nal miss­ing bit to bring the im­age to full qual­ity.

Given what I said about color be­ing less im­por­tant, it might seem weird that my ex­am­ple has the color data first: This works be­cause the the chromi­nance is saved at half res­o­lu­tion (quarter pixel count). As a re­sult, full chromi­nance data (Cr + Cb) only weighs half as much as lu­mi­nance.

Since each scan ex­plic­itly sets its spec­tral range, it should be pos­si­ble to con­struct a JPEG file where fu­ture scans over­write al­ready ren­dered im­age data.

Actually, it’s very easy to do this:

Concatenate mul­ti­ple im­ages with the same res­o­lu­tion and fil­ter out the start-of-im­age, start-of-frame and end-of-im­age mark­ers. This can be done in a hex ed­i­tor, but I used a quick and dirty C pro­gram.

When served over a slow net­work, this con­cate­nated file will switch be­tween mul­ti­ple im­ages:

But, most de­coders will give up af­ter some num­ber of scans: I think this is done to avoid a zip bomb style prob­lem… but it pre­vents this from work­ing on more than 9 frames, which is not enough for a proper an­i­ma­tion.

To do that, I’d have to min­i­mize the num­ber of scans in each frame. The sim­plest idea is to start with base­line JPEGs that only have a sin­gle scan.

… but it does­n’t work:

In pro­gres­sive mode, a scan can’t con­tain both AC (bins above 0) and DC (bin 0) data at the same time. This lim­i­ta­tion does­n’t ex­ist for base­line mode, but the base­line de­coder stops af­ter the first scan.

Since AC data must fol­low DC data, the small­est pos­si­ble progressive” JPEG con­tains a sin­gle DC-only scan. Because the DCT runs on 16x16 blocks, such an im­age won’t a solid color:

it’ll be 1/16th of the orig­i­nal res­o­lu­tion.

Doing this, I can get Chrome to ren­der around 90 frames be­fore giv­ing up. Other browsers like Firefox have more pa­tience, but a 90 scan im­age seems to work al­most every­where.

As a bonus, this avoids the ghost­ing of the naive at­tempt: that hap­pened be­cause AC scans are sup­posed to re­fine old data. Normally, this al­lows im­ages to in­clude mul­ti­ple pre­ci­sion lev­els with­out in­flat­ing file size… but does­n’t play nicely with my tricks.

If the file only in­cludes DC scans with no ac­tual pro­gres­sion, this is­n’t a prob­lem.

Since a DC-only” frame is a stan­dards-com­pli­ant im­ages, cre­at­ing them does­n’t re­quire any­thing spe­cial:

cat > frame.scans<<EOF # DC only scan: 0,1,2:0 – 0,0,0; # and noth­ing else EOF jpeg­tran -scans frame.scans -outfile out.jpg in.jpg

Using these, it’s pos­si­ble to pack a whole video in­side a sin­gle im­age:

Besides un­con­ven­tional rick­rolls and other trolling, this has no prac­ti­cal ap­pli­ca­tions: there’s no way to add tim­ing in­for­ma­tion, so play­back is en­tirely de­pen­dent on net­work de­lay.

… al­though there is a lot of fun to be had us­ing par­tial ren­der­ing:

This is a pure HTML video us­ing <dialog> tags: badap­ple.rose.sys­tems

Of course, there’s no rule that the data must be hard­coded: here’s a in­ter­ac­tive sin­gle-page ap­pli­ca­tion with no CSS or JavaScript.

Related:

/projects/bad_jpeg/merge.c: The code used to gen­er­ate these im­ages

Kaiser nurses say AI, workplace surveillance are making their jobs and patient care worse

localnewsmatters.org

KAISER PERMANENTE NURSES who an­swer ad­vice and triage calls say their duty of care for pa­tients is be­ing in­creas­ingly threat­ened by work­place sur­veil­lance.

Seven cur­rent and for­mer nurses told CalMatters that those who spend more than 15 min­utes on a call with a pa­tient rou­tinely face crit­i­cism from Kaiser man­age­ment or get called into per­for­mance eval­u­a­tion meet­ings. Call time, they said, fac­tors into monthly per­for­mance scores they re­ceive.

In ad­di­tion to track­ing call length, they said Kaiser uses soft­ware that tries to pre­dict on a daily ba­sis whether they’re be­ing un­pro­duc­tive or fail­ing to an­swer calls quickly. Artificial in­tel­li­gence sys­tems have also been used to rate their em­pa­thy and tone of voice.

Their com­ments come as the California Nurses Association be­gins ne­go­ti­at­ing a new con­tract with Kaiser this month with AI a likely is­sue. Kaiser nurses went on strike against AI for one day in March and pick­eted against AI last fall. The CNA is bar­gain­ing for 25,000 nurses, in­clud­ing 1,000 in call cen­ters.

At the same time, California law­mak­ers are con­sid­er­ing sev­eral bills reg­u­lat­ing AI in the work­place, in­clud­ing one that would pro­tect from re­tal­i­a­tion doc­tors and nurses who over­ride au­to­mated care rec­om­men­da­tions.

Kaiser de­fended its use of AI, say­ing it de­ploys the tech­nol­ogy with pa­tient safety in mind and does not use average han­dle time” to as­sess per­for­mance.

Kaiser Permanente is the largest pri­vate em­ployer in California, pro­vid­ing health­care ser­vices to more than 9 mil­lion peo­ple in the state and to 3 mil­lion other Americans. That means the com­pa­ny’s use of ar­ti­fi­cial in­tel­li­gence could set im­por­tant prece­dents for man­ag­ing work­ers with AI. It could also have a big im­pact on pa­tient care, pro­vid­ing an early ex­am­ple of how the health­care sec­tor bal­ances cost-cut­ting au­toma­tion with hu­man pres­ence or touch.

Raquel Alvarez Sanchez, a Kaiser Permanente ad­vice nurse in Vallejo since 2010, said she was on a call with a pa­tient who was sui­ci­dal last year that took more than an hour be­cause she had to wait for po­lice to ar­rive be­fore hang­ing up. She tried to make the man feel cared for, even though she was cog­nizant that stay­ing on the call that long would throw off her av­er­age call time for weeks and could lead to ques­tions from man­age­ment. Sanchez, a union stew­ard, said she’s ac­com­pa­nied col­leagues to per­for­mance eval­u­a­tion meet­ings, where they were found to have done every­thing right on a call — ex­cept stay­ing on the line for more than 15 min­utes. She said she has­n’t seen nurses get fired for do­ing that, but she fears that con­tin­ued pres­sure can lead nurses to quit or re­tire early.

I think at some point all of the nurses have been talked to about their av­er­age han­dle time,” she said. The only thing I can think of is they’re do­ing it for profit.”

Another nurse who spoke with CalMatters on con­di­tion of anonymity due to fear of ret­ri­bu­tion de­scribed how that sur­veil­lance af­fected a call with a pa­tient last year. Initially she thought her pa­tient, an el­derly woman who just re­ceived a ter­mi­nal can­cer di­ag­no­sis, was sui­ci­dal, but quickly came to un­der­stand that she was in shock and re­ally needed some­body to talk to.

The nurse wanted to take time to show com­pas­sion or com­fort to the woman, who acts as a care­taker for her daugh­ter, but she stopped her­self out of fear it would hurt her monthly per­for­mance score and lead to a rep­ri­mand from her man­ager. She be­came a nurse to pro­vide peo­ple with com­pas­sion­ate care, but I had to ask my­self: Am I go­ing to get dis­ci­plined for go­ing off script or say­ing more than what is nec­es­sary?”

Kaiser Permanente says its per­for­mance eval­u­a­tions help im­prove pa­tient out­comes. A com­pany spokesper­son said, Kaiser Permanente does not use Average Handle Time to as­sess agent per­for­mance or en­force call time met­rics. Any tools used in con­tact cen­ter set­tings sup­port our qual­ity as­sur­ance ef­forts and have hu­man re­view and over­sight.” In a state­ment pro­vided to CalMatters, spokesper­son Vincent Staupe added that Kaiser uses AI re­spon­si­bly, with hu­man over­sight, and by prioritizing pa­tient safety, pri­vacy, and eq­uity,” but he said, As a large or­ga­ni­za­tion, we do not share spe­cific in­for­ma­tion about in­ter­nal tech­nol­ogy sys­tems for se­cu­rity and op­er­a­tional rea­sons.”

Is tech­nol­ogy putting pa­tients at risk?

It’s not clear how pa­tient care is af­fected by al­go­rith­mic man­age­ment, nor is the im­pact of lim­it­ing the length of triage and ad­vice calls on pa­tients. Kaiser call cen­ter nurses can’t say for cer­tain whether the pres­sures they face re­sults in ad­verse out­comes for pa­tients be­cause their con­tact with pa­tients ends af­ter they hang up the phone. A 2024 pub­lic records re­quest by CalMatters to the California Department of Managed Health Care found no com­plaints by pa­tients against Kaiser re­lated to call times. But nurses in­sist the risk to pa­tient safety and qual­ity of care is real.

Consumer Watchdog pa­tient ad­vo­cate Michele Ramos said many Kaiser pa­tients be­gin their care on the ad­vice line. They later com­plain to her, mostly about things that hap­pen in Kaiser fa­cil­i­ties, but I can see now where a lot of the prob­lems” start, given the call con­straints nurses are un­der.

Kaiser’s been known through the years to man­age dol­lars over man­ag­ing care, … which is only go­ing to fail pa­tients.”

Michele Ramos, Consumer Watchdog pa­tient ad­vo­cate

Kaiser’s been known through the years to man­age dol­lars over man­ag­ing care, … which is only go­ing to fail pa­tients.”

Michele Ramos, Consumer Watchdog pa­tient ad­vo­cate

Ramos said the time pres­sures may fit a broader pat­tern at Kaiser of putting costs over qual­ity. The health gi­ant was hit with a record fine, $50 mil­lion, as part of a set­tle­ment over find­ings from the California Department of Managed Health Care that it de­layed be­hav­ioral health ap­point­ments be­yond statu­tory lim­its and too of­ten moved pa­tients into group rather than in­di­vid­ual ther­apy. Kaiser also set­tled with the U.S. Department of Labor after in­ves­ti­ga­tions into its sub­stance use and men­tal health ser­vices. Kaiser faced crit­i­cism in 2002 for pay­ing bonuses to call cen­ter work­ers who aren’t nurses for keep­ing calls short, though call cen­ter nurses who spoke with CalMatters said they en­coun­tered no such prac­tices to­day.

Kaiser’s been known through the years to man­age dol­lars over man­ag­ing care, and I think this would be a con­trib­u­tor to that, which is only go­ing to fail pa­tients,” Ramos added.

Nurses said they are pres­sured to stay un­der 15 min­utes even for the sorts of calls that of­ten take more time, like di­ag­nos­ing a pa­tient with mul­ti­ple symp­toms, chronic ill­nesses, new par­ents in need of ad­vice and as­sur­ance, peo­ple who de­sire ex­tended health ed­u­ca­tion, or peo­ple who are over­whelmed af­ter re­ceiv­ing life-al­ter­ing news who could use some com­pas­sion. Nurses say calls that in­volve in­ter­preters of­ten take 30 min­utes or more. About four in 10 Californians speak a lan­guage other than English and half of them do not speak English well, ac­cord­ing to a state en­vi­ron­men­tal health agency.

The amount of time that Kaiser is giv­ing us to com­plete a call is some­times not safe,” said one nurse, who asked to re­main anony­mous due to fear of re­tal­i­a­tion.

People can get hurt,” said Charlotte Capulong, who has worked in nurse call cen­ters for 22 years and helped or­ga­nize Kaiser nurses against the AI tone-of-voice tool. Capulong said nurses felt ha­rassed by man­agers in meet­ings she at­tended as a union rep, even if they suc­cess­fully car­ried out all other du­ties of their jobs ex­cept com­plet­ing calls within 15 min­utes.

You aren’t call­ing Comcast. We’re deal­ing with life here,” she said.

Nurses are in­structed to stick to a script on phone calls and give no more than two to three pieces of ad­vice, Capulong and other nurses said, which means they may some­times need to de­cide whether to with­hold ad­vice or face a per­for­mance eval­u­a­tion hear­ing.

The nurses say ar­ti­fi­cial in­tel­li­gence could make the sur­veil­lance nurses en­counter on the job worse.

In sum­mer 2024, Kaiser be­gan test­ing an AI tool that at­tempts to as­sess em­pa­thy and tone in the voices of nurses and pa­tients, ac­cord­ing to nurses who spoke with CalMatters. In re­sponse, nurses cir­cu­lated and signed a pe­ti­tion in fa­vor of the right to pa­tient pri­vacy, more trans­parency,  and the right to ex­er­cise their pro­fes­sional judge­ment and en­cour­aged man­age­ment to in­volve nurse’s in­put and feed­back. The sig­na­ture cam­paign used the same tag line that nurses used at protests out­side San Francisco hos­pi­tals ear­lier that year: Trust nurses, not AI. The AI tests ended in November 2024, but union rep­re­sen­ta­tives were told that man­agers may bring the pro­gram back in the fu­ture.

Nurses re­ported feel­ing ha­rassed by ex­ist­ing sur­veil­lance, and that was in­ten­si­fied when they said we’re go­ing to use AI to eval­u­ate our calls and grade us,” said Sanchez.

Another nurse speak­ing on con­di­tion of anonymity said AI did not un­der­stand our job and would grade us wrong all the time.”

A Kaiser spokesper­son de­clined to re­spond to ques­tions about the AI tool or an­swer ques­tions about the use of AI and other au­to­mated sys­tems in the com­pa­ny’s call cen­ters and health­care fa­cil­i­ties, in­clud­ing for eval­u­at­ing nurse per­for­mance or whether pa­tients were in­formed about the use of AI to eval­u­ate their em­pa­thy and tone.

Nurses also said they get lit­tle time be­tween calls even if that call in­volves speak­ing with a pa­tient who is sui­ci­dal, ex­pe­ri­enc­ing a men­tal health episode, or near death. In years past, nurses got around 10 min­utes to fin­ish writ­ing notes in a pa­tien­t’s chart or col­lect them­selves af­ter a par­tic­u­larly tough call. Today they say they typ­i­cally get 30 sec­onds or less when lines are busy, al­though more at slow times, like late at night, or if they get a man­ager’s per­mis­sion af­ter a par­tic­u­larly chal­leng­ing call. The over­all pace they say, can lead to mis­takes like miss­ing im­por­tant cues into a pa­tien­t’s well­be­ing.

CNA reps de­clined to talk about spe­cific pro­vi­sions they in­tend to seek re­lated to AI ahead of their talks with Kaiser this sum­mer.

How sur­veil­lance and AI shape nurs­ing

Critics say ex­ces­sive work­place mon­i­tor­ing can lead to lower morale as em­ploy­ees feel less trusted and au­tonomous, rel­e­gated to be­ing no more than al­go­rithm mon­i­tors. UC Berkeley Labor Center Technology and Work Program di­rec­tor An­nette Bernhardt has warned that al­go­rith­mic man­age­ment can turn peo­ple into fleshy ro­bots, echo­ing com­plaints from an Ama­zon fac­tory worker who CalMatters in­ter­viewed last year. A 2023 aca­d­e­mic sur­vey of call cen­ters in four de­vel­oped coun­tries found that us­ing AI for man­age­ment or mon­i­tor­ing left work­ers with less time be­tween calls and more likely to feel emo­tion­ally drained by their work. Nearly half of re­spon­dents said that AI tools made their jobs more stress­ful. A prior study by the same re­searchers, Virginia Dolleghast of Cornell University and Sean O’Brady of McMaster University found that per­for­mance mon­i­tor­ing leads to higher rates of emo­tional ex­haus­tion.

Dolleghast, who has stud­ied the im­pact of sur­veil­lance tech­nol­ogy on call cen­ter work­ers for more than a decade, said what Kaiser call cen­ter nurses are ex­pe­ri­enc­ing is part of a broader trend: Across dif­fer­ent in­dus­tries, per­sis­tent sur­veil­lance is in­creas­ing stress lev­els for work­ers who are re­solv­ing com­plex, emo­tion­ally-charged is­sues.

Stress and burnout can lead to more mis­takes across a range of ar­eas, and in the health­care set­ting that is much higher risk be­cause you’re deal­ing with peo­ple’s lives and their health,” she said.

The con­verse can be true: Workers who are given more dis­cre­tion to de­cide the pace and tim­ing of their work ex­pe­ri­ence higher lev­els of job sat­is­fac­tion and less ab­sen­teeism.

Nurses na­tion­wide are more fre­quently en­coun­ter­ing ar­ti­fi­cial in­tel­li­gence and sim­i­lar soft­ware sys­tems in the work­place. Half of more than 2,000 nurses who re­sponded to a 2024 sur­vey by the National Nurses United union said their em­ployer uses al­go­rith­mic sys­tems to an­a­lyze health records. Such sys­tems can do things like de­ter­mine how frag­ile a pa­tient is or pre­dict how many hours of care they will need. Two-thirds of the sur­veyed nurses said their own as­sess­ments had at some point dis­agreed with a com­puter-gen­er­ated pre­dic­tion. Six out of 10 re­spon­dents said they don’t trust their em­ployer to pri­or­i­tize pa­tient safety when us­ing AI.

Pa Vue has worked as a nurse in call cen­ters for the bet­ter part of the past decade. She said she and other Kaiser nurses rou­tinely have con­ver­sa­tions with man­agers about call ef­fi­ciency and re­ceive eval­u­a­tion scores once a month. She re­calls hav­ing a score re­duced for re­peat­ing ad­vice to a pa­tient that she wor­ried had un­usual symp­toms and pos­si­ble heart is­sues.

As a union rep­re­sen­ta­tive in some per­for­mance meet­ings, Vue has seen man­agers raise ef­fi­ciency ques­tions about calls they deem too long. She’s also seen nurses re­ceive lower per­for­mance scores if they go against soft­ware rec­om­men­da­tions based on their pro­fes­sional opin­ion or make an ap­point­ment for a pa­tient with­out con­sult­ing a doc­tor.

She be­lieves that ef­fi­ciency aims ac­cel­er­ated by tech­nol­ogy can hin­der a nurse’s abil­ity to fo­cus and re­duce the qual­ity of care that pa­tients pay for.

I’m not against the use of AI as long as it’s ben­e­fi­cial to the pa­tient but in this par­tic­u­lar use [empathy and tone mon­i­tor­ing] it’s to in­crease pro­duc­tiv­ity and im­prove ef­fi­ciency and cut costs. Kaiser is for­get­ting we aren’t just a call cen­ter for cus­tomer sup­port, we’re nurses, and we’re there to take care of pa­tients,” she said.

As AI im­proves and busi­nesses push work­ers to use it, unions are, in turn, in­creas­ingly de­mand­ing that em­ploy­ers ad­dress is­sues raised by AI when bar­gain­ing for new con­tracts. Surveillance tech­nol­ogy has be­come a com­mon way for man­agers to col­lect data about work­ers in a num­ber of in­dus­tries, used for every­thing from im­prov­ing safety to hunt­ing for ways to in­crease profit gains or train AI to do a job.

At Kaiser, AI is a key is­sue not only among nurses but also for men­tal health work­ers, 2,400 of whom are in con­tract ne­go­ti­a­tions in Northern California with Kaiser Permanente. Kaiser ther­a­pists have said they are con­cerned about use of ther­apy ses­sion tran­scripts to train AI mod­els and about the health-care gi­ant us­ing AI to take their jobs. National Union of Healthcare Workers spokesper­son Matt Artz told CalMatters con­tract ne­go­ti­a­tions are on­go­ing.

How Kaiser uses AI

Kaiser Permanente is ex­plor­ing or us­ing AI in many parts of the health­care ex­pe­ri­ence far be­yond nurse call cen­ters. Kaiser uses AI to iden­tify pa­tients in hos­pi­tals at risk of ad­verse events by eval­u­at­ing data on their elec­tronic health records. An AI sys­tem called Preventus is used to de­ter­mine when to dis­charge pa­tients. Doctors and ther­a­pists use Abridge to record in­ter­ac­tions and trans­late speech to text dur­ing in-per­son vis­its with pa­tients in­stead of tak­ing notes. Remote mon­i­tor­ing with AI for pa­tients that need ex­tra care has been tested at Kaiser Permanente fa­cil­i­ties in the Bay Area, ac­cord­ing to nurses who en­coun­tered the tech­nol­ogy in the course of do­ing their jobs.

National Nurses United and CNA President Cathy Kennedy sees the use of AI to de­tect nurse em­pa­thy as part of a long se­ries of steps by Kaiser to limit their au­ton­omy and make them more ef­fi­cient. She be­lieves AI threat­ens to au­to­mate and frag­ment the work that nurses do, and com­pa­nies de­vel­op­ing and de­ploy­ing AI sys­tems should es­tab­lish that those sys­tems are ef­fec­tive and eq­ui­table be­fore de­ploy­ing them.

Notification of new tech de­ploy­ments is part of the nurse union’s con­tract with Kaiser but some­times nurses don’t re­ceive no­ti­fi­ca­tion, CNA says. So union lead­ers are at­tempt­ing to track the num­ber of AI mod­els in use at Kaiser Permanente, ad­vis­ing its mem­bers to in­form them when they en­counter new tech. This paves the way for CNA to push back as it did with the em­pa­thy and tone AI last sum­mer or as it did when it stopped a pi­lot pro­gram that would have re­placed nurses that sit at the bed­side of con­fused pa­tients with cam­eras.

Debru Carthan, a Kaiser ra­di­ol­o­gist, is on the front line of worker-man­age­ment fights over AI at the com­pany. A mem­ber of Service Employees International Union, she is also part of the Coalition of Kaiser Permanente Unions, where she sits on a com­mit­tee to dis­cuss use of AI and emerg­ing tech­nol­ogy at Kaiser. The coali­tion also has a see some­thing, say some­thing,” cam­paign for front­line work­ers to re­port when they no­tice AI de­ploy­ments; the coali­tion says that too of­ten man­age­ment qui­etly im­ple­ments AI into work­flows with­out no­tice or worker in­put. She wor­ries that the AI tone de­tec­tor used on ad­vice nurses could dis­crim­i­nate against nurses from dif­fer­ent cul­tures and has come to be­lieve that the use of AI in health­care gen­er­ally has more to do with money and cor­po­rate greed than pa­tient care.

California law­mak­ers have re­sponded to worker AI con­cerns both in­side and out­side the health­care sec­tor. They tried and failed last year to ad­dress how AI im­pacts work­ers like call cen­ter nurses. As­sem­bly Bill 1018 and Senate Bill 7, two bills en­dorsed by the CNA, would have re­quired em­ploy­ers to in­form work­ers be­fore us­ing au­to­mated sys­tems on the job to do things like pro­mote or dis­ci­pline work­ers or eval­u­ate job per­for­mance, but Gov. Gavin Newsom ve­toed SB 7, and, fac­ing strong op­po­si­tion from com­pa­nies in­clud­ing Kaiser Permanente, AB 1018 failed to pass for the third con­sec­u­tive year.

Earlier this year, law­mak­ers rein­tro­duced a new ver­sion of Senate Bill 7, now called Senate Bill 947. Another bill would pro­hibit em­ploy­ers us­ing AI to pre­dict the emo­tional state of their em­ploy­ees. Yet another bill would pro­tect doc­tors and nurses from re­tal­i­a­tion if they over­ride rec­om­men­da­tions gen­er­ated by an au­to­mated sys­tem and re­quire health­care providers to sup­ply em­ploy­ees with an in­ven­tory of au­to­mated sys­tems once a year. Kaiser de­clined to share a com­pre­hen­sive list of AI sys­tems in use when asked by CalMatters.

Altogether CNA and the af­fil­i­ated California Labor Federation sup­port roughly half a dozen bills to reg­u­late use of AI in the work­place. Calling AI a cen­tral is­sue in the next pres­i­den­tial elec­tion, mem­bers of the California Labor Federation and la­bor lead­ers from Democratic pri­mary states held a press con­fer­ence in Sacramento ear­lier this year to say that if Newsom wants to be­come pres­i­dent then he needs to pass laws pro­tect­ing work­ers from AI. It’s an on­go­ing fight, and it’s a fight well worth hav­ing,” Kennedy said. Whenever there are other unions in dis­cus­sion about ar­ti­fi­cial in­tel­li­gence we are in sol­i­dar­ity with them.”

The nurse that with­held com­pas­sion to a ter­mi­nal can­cer pa­tient she thought was sui­ci­dal said she be­lieves mon­i­tor­ing and scor­ing sys­tems turn nurses into au­toma­tons that check boxes.

I used to use hu­mor as a way to help pa­tients heal, and I don’t feel com­fort­able do­ing that here be­cause I know the calls are be­ing recorded. You can al­ways tell when a pa­tient ap­pre­ci­ates the hu­mor or your per­sonal com­pas­sion, but I don’t feel like call cen­ters have tol­er­ance for that be­cause that’s not part of the script,” she said. That re­ally takes away from the whole point of be­ing a nurse and what pa­tients come to know from nurses.”

This story was re­ported with con­tri­bu­tions from Lam Thuy Vo and Ana Ibarra.

This story orig­i­nally ap­peared in CalMatters.

Blocked

old.reddit.com

whoa there, pard­ner!

Your re­quest has been blocked due to a net­work pol­icy.

Try log­ging in or cre­at­ing an ac­count here to get back to brows­ing.

If you’re run­ning a script or ap­pli­ca­tion, please reg­is­ter or sign in with your de­vel­oper cre­den­tials here. Additionally make sure your User-Agent is not empty and is some­thing unique and de­scrip­tive and try again. if you’re sup­ply­ing an al­ter­nate User-Agent string, try chang­ing back to de­fault as that can some­times re­sult in a block.

You can read Reddit’s Terms of Service here.

If you think that we’ve in­cor­rectly blocked you or you would like to dis­cuss eas­ier ways to get the data you want, please file a ticket here.

When con­tact­ing us, please in­clude your Reddit ac­count along with the fol­low­ing code:

019f774a-7a1d-7245-ac6a-4b00ebbdd669

Why do AI company logos look like buttholes?

velvetshark.com

If you pay at­ten­tion to AI com­pany brand­ing, you’ll no­tice a pat­tern:

Circular shape (often with a gra­di­ent)

Central open­ing or fo­cal point

Radiating el­e­ments from the cen­ter

Soft, or­ganic curves

Sound fa­mil­iar? It should, be­cause it’s also an apt de­scrip­tion of… well, you know.

A but­t­hole.

The cir­cu­lar AI logo epi­demic

If you ever thought that AI com­pany lo­gos look like but­t­holes, you’re not alone.

FastCompany no­ticed this trend in 2023 and pub­lished an ar­ti­cle about it, but (I could only pre­sume) their ed­i­tors and lawyers did­n’t let them ti­tle the ar­ti­cle the way the wanted it to ti­tle, so it got pub­lished with a more safe for work ti­tle: The AI boom is cre­at­ing a new logo trend: the swirling hexa­gon. They also were care­ful not to men­tion any­thing anatom­i­cal.

I don’t have ed­i­tors or lawyers, so let’s take a closer look at some ex­am­ples:

OpenAI’s logo evo­lu­tion

OpenAI’s orig­i­nal logo was a sim­ple, text-based mark. Then came the re­design: a per­fect cir­cle with a sub­tle gra­di­ent and cen­tral void.

OpenAI’s of­fi­cial ex­pla­na­tion is a mas­ter­class in cor­po­rate eu­phemism:

The Blossom logo is more than just a vi­sual sym­bol; it rep­re­sents the core phi­los­o­phy that guides our ap­proach to de­sign and in­no­va­tion. At its heart, the logo cap­tures the dy­namic in­ter­sec­tion be­tween hu­man­ity and tech­nol­ogy—two forces that shape our world and in­spire our work. The de­sign em­bod­ies the flu­id­ity and warmth of hu­man-cen­tered think­ing through the use of cir­cles, while right an­gles in­tro­duce the pre­ci­sion and struc­ture that tech­nol­ogy de­mands.”

Sure, Sam.

Translation: We made a cir­cu­lar shape with some an­gles be­cause it looked nice, then wrote flow­ery lan­guage to jus­tify why our but­t­hole-ad­ja­cent de­sign is ac­tu­ally pro­found.”

The flu­id­ity and warmth of hu­man-cen­tered think­ing through the use of cir­cles is per­haps the most el­e­gant way any­one has ever de­scribed mak­ing a logo that re­sem­bles an anus.

The Big AI com­pa­nies

Looking at the lo­gos of the Big AI com­pa­nies, you can see that they al­most all of them have a cir­cu­lar or snowflake-like shape and a cen­tral open­ing.

Only DeepSeek and Midjourney don’t fol­low the trend. Interestingly, both are sea-re­lated.

Smoking gun: Anthropic’s Claude

Up un­til this point, the lo­gos have been sub­tle. You might say that the lo­gos are sim­ply cir­cu­lar and there’s not much more to it.

But Anthropic’s Claude takes it to the next level.

Here’s a side-by-side com­par­i­son with a draw­ing from Kurt Vonnegut’s book Breakfast of Champions”. I added Claude’s logo be­low for easy com­par­i­son.

Both the draw­ing and the de­scrip­tion in the book are un­am­bigu­ous. This is not just a cir­cu­lar shape with a gra­di­ent” any­more, is it?

July 2026 up­date: the smok­ing gun now moves

Since pub­lish­ing this ar­ti­cle, I’ve dis­cov­ered new ev­i­dence. Open claude.ai and click on the Claude logo. Just watch what it does:

The Claude logo, when clicked. I have no fur­ther ques­tions.

Every click makes the logo clench and re­lax. It even re­sponds with a slightly an­noyed Yes, yes. What can I do for you?”, as if you poked some­thing you weren’t sup­posed to.

At this point, there’s no ar­gu­ment you could make that would per­suade me this is not a but­t­hole 🙂

It’s not just AI com­pa­nies

Even tra­di­tional com­pa­nies aren’t im­mune. Here are a few no­table or funny ex­am­ples. But the per­cent­age of AI com­pany lo­gos that look like but­t­holes is still sig­nif­i­cantly higher than than any other in­dus­try.

I es­pe­cially like the Electrolux one. It’s sim­ple, mem­o­rable, and once you see a butt and bikini, you can’t un­see it.

Why does this keep hap­pen­ing?

There are sev­eral fac­tors at play:

Circular de­sign psy­chol­ogy

Circles rep­re­sent whole­ness, com­ple­tion, and in­fin­ity—con­cepts that align with AIs promise. They’re also friendly and non-threat­en­ing, qual­i­ties com­pa­nies des­per­ately want to pro­ject when sell­ing po­ten­tially job-re­plac­ing tech­nol­ogy.

Unintentional bio­mimicry

The hu­man brain finds fa­mil­iar pat­terns in ran­dom shapes (pareidolia), like a face on Mars, taken by the Viking 1 or­biter and re­leased by NASA in 1976.

But some­times, de­sign­ers in­ad­ver­tently recre­ate bi­o­log­i­cal forms with­out re­al­iz­ing the… anatom­i­cal im­pli­ca­tions.

The copy­cat ef­fect

Once a few ma­jor play­ers adopted the cir­cu­lar sphinc­ter aes­thetic, every­one fol­lowed suit. Now we have an in­dus­try where stand­ing out means look­ing ex­actly like every­one else’s but­t­hole.

Basically, the same rea­son why so many brands change their lo­gos and look like every­one else.

Design by com­mit­tee

Another fac­tor is how these lo­gos are cre­ated. Important cor­po­rate de­ci­sions in­volve many stake­hold­ers. The re­sult is of­ten the safest, most in­of­fen­sive op­tion, the av­er­age of every­one’s opin­ions. In de­sign meet­ings at AI com­pa­nies, con­ver­sa­tions prob­a­bly sound like:

Can we make it more fu­tur­is­tic?

It needs to feel ad­vanced but ap­proach­able.

Let’s add a sub­tle gra­di­ent to con­vey in­tel­li­gence.

No sin­gle per­son sug­gests mak­ing a logo that re­sem­bles an anus, but when every­one’s feed­back gets in­cor­po­rated, that’s what of­ten emerges. Risk aver­sion in cor­po­rate en­vi­ron­ments nat­u­rally pushes de­signs to­ward fa­mil­iar, safe” ter­ri­tory, which ap­par­ently means anatom­i­cal open­ings.

What this says about tech brand­ing

This phe­nom­e­non re­veals some­thing deeper about the tech in­dus­try: the fear of stand­ing out too much. Despite claims of in­no­va­tion and dis­rup­tion, there’s tremen­dous pres­sure to look le­git­i­mate by con­form­ing to es­tab­lished vi­sual lan­guage.

When OpenAI’s sphinc­ter-like logo be­came suc­cess­ful, it cre­ated a tem­plate that said, This is what se­ri­ous AI looks like.” Now, any new AI com­pany that does­n’t re­sem­ble a col­or­ful anatom­i­cal open­ing risks be­ing seen as un­se­ri­ous or un­pro­fes­sional.

Tech de­sign trends through his­tory

This is­n’t the first time tech de­sign has gone through a con­for­mity phase. Consider these pre­vi­ous waves:

1990s-2000s: 3D and Glossy - Remember when every logo needed a drop shadow and a glassy shine? Apple’s aqua in­ter­face set the stan­dard.

2010 – 2013: Skeuomorphism - Digital de­signs mim­ic­k­ing phys­i­cal ob­jects, with stitched leather tex­tures and re­al­is­tic di­als.

2013 – 2018: Flat Design - Reaction to skeuo­mor­phism brought min­i­mal, clean in­ter­faces with bright col­ors and no shad­ows.

2018 – 2022: Neomorphism - Soft shad­ows and semi-flat de­sign cre­at­ing sub­tle, touchable” in­ter­faces.

2022-Present: The Butthole Era - Circular gra­di­ents with cen­tral fo­cal points dom­i­nat­ing AI brand­ing.

Each era started with in­no­va­tions that were quickly copied un­til the in­dus­try reached sat­u­ra­tion point and moved on to the next trend.

Logos be­come in­creas­ingly in­ter­change­able (one of the bags is real, but they all look the same)

Historic logo dis­as­ters: You’re not alone

AI com­pa­nies can take some com­fort in know­ing they’re not the first to face un­in­tended anatom­i­cal com­par­isons. Logo his­tory is filled with dis­as­ters but to keep this con­sis­tent with the theme of the ar­ti­cle, here’s a cou­ple of them.

Zune logo, when flipped, says some­thing dif­fer­ent. Maybe that’s one of the rea­sons why iPod won?

Brazilian Institute of Oriental Studies is a styl­ized pagoda sil­hou­et­ted against the set­ting sun. Or so the de­sign­ers wanted it to look. The fi­nal re­sult was much more… anatom­i­cal. They since changed it to some­thing less sug­ges­tive.

Maybe com­pa­nies should have a panel of middle school­ers” on their pay­roll to re­view lo­gos be­fore launch. They’ll find every pos­si­ble in­ap­pro­pri­ate in­ter­pre­ta­tion with ruth­less ef­fi­ciency.

Breaking free from the but­t­hole

For com­pa­nies brave enough to dif­fer­en­ti­ate, here are some al­ter­na­tives:

Embrace sharp an­gles - geo­met­ric shapes with de­fined edges cre­ate a dis­tinct vi­sual iden­tity

Use neg­a­tive space cre­atively - think FedEx ar­row, not bi­o­log­i­cal open­ings

Avoid ra­dial sym­me­try - not every­thing needs to be per­fectly cir­cu­lar

Skip the gra­di­ent - flat de­sign still works

Test with di­verse au­di­ences - if five dif­fer­ent peo­ple in­de­pen­dently say that looks like a but­t­hole,” it prob­a­bly does (show it to teenagers if you want to un­cover even the most sub­tle anatom­i­cal im­pli­ca­tions)

Conclusion

Does this mean AI com­pa­nies should change their brand­ing? Not nec­es­sar­ily. The fa­mil­iar­ity clearly works in build­ing trust. But per­haps the next wave of AI in­no­va­tion could be ac­com­pa­nied by some vi­sual in­no­va­tion too.

For com­pa­nies look­ing to break the mold, con­sider these ap­proaches that suc­cess­ful tech brands have used:

Embrace mean­ing­ful ab­strac­tion - Slack’s hash­tag-in­spired logo com­mu­ni­cates col­lab­o­ra­tion with­out cir­cu­lar clichés

Leverage let­ter­forms - Netflix’s sim­ple N” has be­come in­stantly rec­og­niz­able with­out anatom­i­cal con­fu­sion

Tell a story - Stripe’s dis­tinc­tive par­al­lel lines re­flect pay­ment flows mov­ing seam­lessly

Use dis­tinc­tive color com­bi­na­tions - Twitch’s pur­ple brand­ing stands out in a sea of blue tech lo­gos

The chal­lenge for the next gen­er­a­tion of AI com­pa­nies is­n’t just tech­no­log­i­cal - it’s find­ing vi­sual lan­guage that com­mu­ni­cates in­no­va­tion with­out re­sort­ing to the same tired sphinc­ter-in­spired pat­terns.

PS. This post is meant to be hu­mor­ous, but let’s not pre­tend there is­n’t a se­ri­ous point here about the de­press­ing same­ness in mod­ern de­sign. No ac­tual anuses were con­sulted dur­ing this re­search, though sev­eral de­sign­ers were clearly think­ing about them.

If you like what you see, you’ll find more stuff like this on my Twitter.

If you like what you see, you’ll find more stuff like this on my Twitter.

Just a moment...

data.stackexchange.com

Ban on destruction of unsold clothes and shoes enters into application

environment.ec.europa.eu

From 19 July, large com­pa­nies across the EU are pro­hib­ited from de­stroy­ing un­sold clothes, cloth­ing ac­ces­sories and footwear. Medium-sized com­pa­nies will be sub­ject to the same rules from 2030.

The mea­sure, in­tro­duced un­der the Ecodesign for Sustainable Products Regulation (ESPR), aims to pre­vent the waste of valu­able prod­ucts and the re­sources used to make them.

When new, us­able goods are dis­carded, the raw ma­te­ri­als, wa­ter, en­ergy and labour in­vested in their pro­duc­tion are lost, while their dis­posal gen­er­ates avoid­able green­house gas emis­sions. By en­cour­ag­ing reuse, re­pair and more re­source-ef­fi­cient busi­ness prac­tices, the new rules sup­port the tran­si­tion to a more cir­cu­lar and com­pet­i­tive European econ­omy.

What the new rules mean for com­pa­nies

Under the new rules, busi­nesses must pri­ori­tise keep­ing prod­ucts in use by sell­ing them (including through dis­counts or al­ter­na­tive mar­kets), do­nat­ing them to char­i­ties or so­cial en­ter­prises, or prepar­ing them for reuse (repairing, re­fur­bish­ing or re­man­u­fac­tur­ing).

Destruction will be al­lowed only un­der spec­i­fied cir­cum­stances and must be car­ried out in ac­cor­dance with the waste treat­ment hi­er­ar­chy, giv­ing pri­or­ity to re­cy­cling.

When the ban does not ap­ply

Companies may only de­stroy un­sold clothes and shoes in lim­ited cases, such as when items are un­safe or dam­aged, coun­ter­feit or in­fring­ing in­tel­lec­tual prop­erty rights, or are re­jected by char­i­ties or do­na­tion schemes.

To pre­vent mis­use, busi­nesses re­ly­ing on these ex­emp­tions must pro­vide proof (e.g. doc­u­ments or test re­sults) and pub­lish an­nual re­ports on what they have dis­carded.

How the rules will be en­forced

National au­thor­i­ties will check com­pli­ance and can im­pose fines for vi­o­la­tions. Companies must keep records for five years to al­low in­spec­tions.

To re­duce pa­per­work, busi­nesses will use ex­ist­ing cus­toms and lo­gis­tics codes when re­port­ing. Small and mi­cro-busi­nesses are ex­empt from these re­quire­ments.

Background

The Ecodesign for Sustainable Products Regulation (ESPR), which came into force in 2024, sets EU-wide rules to make prod­ucts more durable, re­pairable, re­cy­clable and re­source-ef­fi­cient.

The ban on de­stroy­ing un­sold tex­tiles is one of the first con­crete mea­sures un­der the ESPR. Textiles are the first prod­uct group sub­ject to this ban due to the neg­a­tive en­vi­ron­men­tal im­pacts of cur­rent busi­ness mod­els, which of­ten lead to the de­struc­tion of un­sold goods.

According to the European Environment Agency, an es­ti­mated 4 – 9% of all tex­tile prod­ucts put on the mar­ket in Europe are de­stroyed be­fore use, amount­ing to be­tween 264,000 and 594,000 tonnes of tex­tiles de­stroyed each year.

The Commission de­vel­oped the rules af­ter wide con­sul­ta­tion with busi­nesses, NGOs and ex­perts to en­sure they work in prac­tice with­out cre­at­ing un­nec­es­sary red tape.

More in­for­ma­tion

Ecodesign for Sustainable Products Regulation | European Commission

EEA brief­ing - The de­struc­tion of re­turned and un­sold tex­tiles in Europe’s cir­cu­lar econ­omy | European Environment Agency

New EU rules to stop the de­struc­tion of un­sold clothes and shoes (February 2026) | European Commission

Commission Delegated Regulation set­ting out dero­ga­tions from the pro­hi­bi­tion of de­struc­tion of un­sold con­sumer prod­ucts | EUR-Lex

Commission Implementing Regulation on the de­tails and for­mat for the dis­clo­sure of in­for­ma­tion on dis­carded un­sold con­sumer prod­ucts | EUR-Lex

IoT-Vulnerability-Research-Public/TP-Link_Kasa_EC71/Kasa_EC71.md at main · BadChemical/IoT-Vulnerability-Research-Public

github.com

Security Advisory: Kasa Spot EC71 (Firmware 2.3.26)

Author: Christopher Childress (BadChemical) Status: Patched, CVE-2026 – 9770 (RSA/IAM) and CVE-2026 – 13230 (GPS) re­me­di­ated in 2.4.1.

Vendor: TP-Link Systems Inc. / Kasa Product: Kasa Spot EC71 Firmware Version: 2.3.26 (Build Date: 20240425, Release ID: 33797) Patched Firmware: 2.4.1 CVE: CVE-2026 – 9770 / CVE-2026 – 13230 Published: July 16th, 2026

Legal Disclaimer

This repos­i­tory con­tains proof of con­cept for patched vul­ner­a­bil­i­ties in TP-Link Kasa Spot EC71 in­door cam­eras. This in­for­ma­tion is pub­lished strictly for ed­u­ca­tional pur­poses and de­fen­sive re­search. The ven­dor was con­tacted in ac­cor­dance with stan­dard Coordinated Vulnerability Disclosure pro­to­cols on January 5, 2026. All three pri­mary find­ings, fleet-wide RSA key, un­salted MD5 cre­den­tial stor­age, and unau­then­ti­cated GPS ex­po­sure, have been re­me­di­ated in v2.4.1. All de­vice-spe­cific iden­ti­fiers, cre­den­tial hashes, and global pri­vate keys have been heav­ily redacted to pre­vent abuse.

Summary

A com­pre­hen­sive se­cu­rity analy­sis of the Kasa Spot EC71 re­vealed mul­ti­ple vul­ner­a­bil­i­ties com­pro­mis­ing the de­vice’s con­fi­den­tial­ity, in­tegrity, and avail­abil­ity. The firmware was ex­tracted phys­i­cally via a CH341A pro­gram­mer read­ing di­rectly from the SPI flash chip, fol­lowed by ac­tive net­work packet analy­sis and hard­ware analy­sis.

Three pri­mary vul­ner­a­bil­ity chains, cryp­to­graphic fail­ures, in­se­cure cre­den­tial stor­age, and unau­then­ti­cated ex­po­sure of pre­cise lo­ca­tion data, were con­firmed and re­me­di­ated in v2.4.1 fol­low­ing a multi com­po­nent ar­chi­tec­tural re­design span­ning six months of co­or­di­nated dis­clo­sure. The dis­clo­sure process in­cluded doc­u­mented triage fail­ures and firmware val­i­da­tion, re­sult­ing in a per­ma­nently bricked test de­vice that re­quired hard­ware level re­cov­ery.

The GPS ex­po­sure doc­u­mented in this ad­vi­sory has been pub­licly known since August 2020 across TP-Link’s cam­era prod­uct line and since July 2016 for the un­der­ly­ing unau­then­ti­cated pro­to­col. TP-Link re­me­di­ated an iden­ti­cal vul­ner­a­bil­ity class in the smart plug prod­uct line in November 2020, but did not ex­tend that re­me­di­a­tion to the cam­era prod­uct line. This ad­vi­sory doc­u­ments a pat­tern of tar­geted, in­cre­men­tal re­me­di­a­tion rather than a com­pre­hen­sive ar­chi­tec­tural se­cu­rity re­view.

A sec­ondary mar­ket at­tack path en­ables re­cov­ery of the pre­vi­ous own­er’s cre­den­tials and GPS co­or­di­nates from de­vices re­turned to fac­tory set­tings.

Coordinated Disclosure Timeline

CVE-2026 – 9770

Vendor CVSS 4.0: 8.6

Note: CVE-2026 – 9770 was as­signed by TP-Link as CNA to cover both find­ings be­low. These rep­re­sent dis­tinct vul­ner­a­bil­i­ties with sep­a­rate CWEs and in­de­pen­dent at­tack paths.

Note: CVE-2026 – 9770 was as­signed by TP-Link as CNA to cover both find­ings be­low. These rep­re­sent dis­tinct vul­ner­a­bil­i­ties with sep­a­rate CWEs and in­de­pen­dent at­tack paths.

Finding 1 — Hardcoded RSA Private Keys

CWE: CWE-321 / CWE-327 Status: Patched in firmware 2.4.1

Description: The firmware con­tains two com­plete fleet wide RSA key/​cert pairs across two SquashFS lay­ers. The pri­mary SquashFS squashfs-root con­tains a legacy 1024-bit RSA key/​cert pair is­sued by TPRI-CA in 2014, ex­pired July 2024, signed with SHA1. The sec­ondary SquashFS layer squashfs-root-0 con­tains the ac­tive 2048-bit RSA key/​cert pair is­sued by CN=TP-Link in 2021, valid un­til July 2031, signed with SHA256. Both key/​cert pairs were con­firmed co­her­ent via pub­lic key com­par­i­son. Both are fleet wide and iden­ti­cal across all de­vices run­ning this firmware build. The de­vice serves the 2021 cer­tifi­cate at run­time. Both pri­vate keys can be ex­tracted from SPI flash.

Impact: The ac­tive 2048-bit RSA pri­vate key in squashfs-root-0 is ex­tractable from any EC71 unit via SPI flash and is iden­ti­cal across all de­vices run­ning this firmware build. This key cor­re­sponds to the cer­tifi­cate the de­vice serves at run­time. An at­tacker who ex­tracts this key from any sin­gle de­vice pos­sesses the cryp­to­graphic ma­te­r­ial for the en­tire de­ployed fleet. A legacy 1024-bit key/​cert pair from 2014 is also pre­sent in the pri­mary SquashFS, but it cor­re­sponds to an ex­pired cer­tifi­cate that is no longer served at run­time and has no prac­ti­cal ex­ploita­tion value. An ARP spoof­ing MITM at­tempt against lo­cal app-to-de­vice traf­fic did not in­ter­cept data, sug­gest­ing pri­mary com­mu­ni­ca­tion may route through the cloud. The prac­ti­cal ex­ploitabil­ity of the ex­tracted fleet-wide key for ac­tive traf­fic in­ter­cep­tion was not demon­strated. The ven­dor char­ac­ter­ized this as issues re­lated to the lo­cal com­mu­ni­ca­tion TLS cer­tifi­cates” in their January 16, 2026, re­sponse.

Finding 2 — Insecure Storage of User Passwords & Cross-Domain Compromise

CWE: CWE-916 Status: Patched in v2.4.1

Description: User cloud ac­count cre­den­tials are stored in con­fig/​ac­count as an un­salted MD5 hash across two filesys­tem par­ti­tions. The read-only SquashFS filesys­tem con­tains fac­tory de­fault cre­den­tials (admin/admin) as place­holder val­ues. At run­time, the jffs2 over­lay over­writes this file with the au­then­ti­cated user’s ac­tual TP-Link ID email ad­dress in plain­text, and the pass­word is stored as an un­salted MD5 hash.

Cross-Domain Impact: Per TP-Link pub­li­ca­tion TP-Link ID of­fers a uni­fied au­then­ti­ca­tion ser­vice to al­low you use a sin­gle email ad­dress to ac­cess the TP-Link Community, Omada Cloud, Training Systems as well as man­age­ment for your TP-Link prod­ucts and TP-Link Apps such as Deco, Tether, Kasa, Tapo, Aginet, Omada, and VIGI. While each plat­form main­tains its own in­ter­face, the TP-Link ID cre­den­tials are global. Cracking this un­salted MD5 hash is triv­ial with mod­ern rain­bow ta­bles, and full hash space brute force can be achieved via GPU clus­ter ac­cel­er­a­tion, en­abling full cross do­main ac­count takeover across all TP-Link prod­ucts used by the user. This in­cludes high-im­pact de­vices such as Tapo smart locks (remote phys­i­cal ac­cess con­trol by­pass), Deco mesh net­work sys­tems (full net­work in­fra­struc­ture takeover), or VIGI com­mer­cial sur­veil­lance equip­ment.

CVE-2026 – 13230

Finding 3 — Unauthenticated Precise GPS ex­po­sure & Device Fingerprinting

CWE: CWE-359 Status: Patched in firmware 2.4.1

Vendor CVSS 4.0: 5.3

Researcher CVSS 4.0: 7.1

Description: A sin­gle unau­then­ti­cated UDP packet con­tain­ing {“system”:{“get_sysinfo”:{}}} sent to port 9999 re­turns a full JSON re­sponse ex­pos­ing pre­cise GPS co­or­di­nates, unique hard­ware iden­ti­fiers (oemId, hwId, de­vi­ceId, mac, mic_­mac), user-as­signed de­vice alias, and full firmware ver­sion string. This data is pro­tected only by a triv­ial XOR ci­pher, which Wireshark na­tively de­codes as clear­t­ext. No au­then­ti­ca­tion to­ken, ses­sion cre­den­tial, or prior de­vice setup is re­quired to trig­ger this re­sponse.

GPS co­or­di­nates are sourced from the mo­bile de­vice’s GPS at ac­count cre­ation and stored per­ma­nently in the de­vice’s firmware. They do not ro­tate (manual sync­ing is avail­able), pro­vid­ing a sta­tic record of the de­vice own­er’s home lo­ca­tion.

Protocol History: The unau­then­ti­cated na­ture of TP-Link’s Smart Home Protocol on port 9999 has been pub­licly doc­u­mented since July 2016, when softScheck pub­lished re­verse en­gi­neer­ing re­search on the HS110 ex­plic­itly stat­ing: No au­then­ti­ca­tion: Anybody on the lo­cal net­work can turn the Smart Plug on and off, re­set it or ren­der it in­op­er­a­ble.” A pub­lic Python client and Wireshark dis­sec­tor were re­leased si­mul­ta­ne­ously.

Independent re­search pub­lished in August 2020 doc­u­mented iden­ti­cal unau­then­ti­cated GPS co­or­di­nate ex­po­sure via port 9999 on the TP-Link KC100, a Kasa in­door pan-tilt cam­era. EC71 firmware built in April 2024 ex­hib­ited the same be­hav­ior on the same port us­ing the same pro­to­col. Standard vul­ner­a­bil­ity man­age­ment prac­tice re­quires iden­ti­fy­ing all prod­ucts that share a vul­ner­a­ble com­po­nent and ver­i­fy­ing re­me­di­a­tion across the en­tire af­fected scope.

Note: In the 2016 softScheck pub­li­ca­tion, GPS data was la­beled as an op­tional field. The 2020 pub­li­ca­tion con­tained pre­cise co­or­di­nates; the trig­ger to pop­u­late the pre­vi­ously op­tional field was not iden­ti­fied.

Note: In the 2016 softScheck pub­li­ca­tion, GPS data was la­beled as an op­tional field. The 2020 pub­li­ca­tion con­tained pre­cise co­or­di­nates; the trig­ger to pop­u­late the pre­vi­ously op­tional field was not iden­ti­fied.

GPS Storage Context: GPS co­or­di­nates are stored, pro­tected by the over­ar­ch­ing at-rest en­cryp­tion, in con­fig/​lo­ca­tion within the jffs2 over­lay, and broad­cast in clear­t­ext via the unau­then­ti­cated get_sys­info re­sponse re­gard­less of de­vice or ac­count con­fig­u­ra­tion. The Kasa ge­ofenc­ing beta fea­ture launched in September 2023, three years af­ter GPS ex­po­sure was first pub­licly doc­u­mented. TP-Link’s own ge­ofenc­ing doc­u­men­ta­tion con­firms that the fea­ture re­lies on mo­bile de­vice GPS rather than cam­era stored co­or­di­nates and re­quires ex­plicit user opt-in. Despite this, GPS co­or­di­nates are col­lected at ac­count cre­ation, stored per­ma­nently in de­vice firmware, and broad­cast via an unau­then­ti­cated lo­cal net­work pro­to­col re­gard­less of whether the user has en­abled or is aware of the ge­ofenc­ing fea­ture.

CCPA Implications: The firmware be­hav­ior is in­con­sis­tent on three in­de­pen­dent grounds. First, GPS co­or­di­nate col­lec­tion and lo­cal net­work broad­cast via port 9999 were pub­licly doc­u­mented in August 2020, more than three years be­fore the ge­ofenc­ing fea­ture ex­isted. Users who pro­vi­sioned de­vices prior to September 2023 had no ge­ofenc­ing fea­ture to en­able, yet their co­or­di­nates were col­lected and stored. Second, GPS co­or­di­nates con­firmed in con­fig/​lo­ca­tion are pre­sent re­gard­less of whether the user has ever en­abled ge­ofenc­ing. Third, TP-Link’s own ge­ofenc­ing doc­u­men­ta­tion con­firms the fea­ture re­lies on mo­bile de­vice GPS, not cam­era-stored co­or­di­nates, ren­der­ing the firmware’s co­or­di­nate col­lec­tion in­de­pen­dent of any doc­u­mented user-fac­ing pur­pose.

TP-Link’s Kasa Privacy Policy (last up­dated September 26, 2024) es­tab­lishes a two tier lo­ca­tion dis­clo­sure frame­work in Section 2.1. Account reg­is­tra­tion is dis­closed as col­lect­ing gen­eral location” data. Precise lo­ca­tion, ex­plic­itly de­fined as longitude and lat­i­tude”, is dis­closed only in the con­text of Geofencing en­able­ment: When you en­able Geofencing Smart Action, we col­lect or process your pre­cise lo­ca­tion (longitude and lat­i­tude).’ The California Privacy sup­ple­ment fur­ther lim­its ge­olo­ca­tion dis­clo­sure to state/country in­for­ma­tion by IP ad­dress.” TP-Link’s own ge­ofenc­ing FAQ states: Kasa will not keep track of your ge­o­graphic lo­ca­tion, but will only send ba­sic no­ti­fi­ca­tion in­for­ma­tion to ex­e­cute your Smart Actions when you ar­rive or leave home.”

These co­or­di­nates, sub me­ter lon­gi­tude and lat­i­tude, are col­lected at ac­count cre­ation and stored per­ma­nently in de­vice firmware re­gard­less of whether the user has en­abled ge­ofenc­ing, plac­ing the ob­served col­lec­tion prac­tice in the cat­e­gory that re­quires opt-in un­der the ven­dor’s own pol­icy frame­work.

Impact: Any ac­tor on the lo­cal net­work can re­trieve the de­vice own­er’s pre­cise home co­or­di­nates and full hard­ware fin­ger­print with a sin­gle unau­then­ti­cated UDP re­quest. This ex­po­sure com­pounds with CVE-2026 – 9770: an at­tacker who ob­tains home co­or­di­nates via this find­ing can cor­re­late them with the cre­den­tial chain from Finding 2 to iden­tify, lo­cate, and fully com­pro­mise a spe­cific user’s smart home in­fra­struc­ture, in­clud­ing phys­i­cal ac­cess con­trol de­vices.

Independent CVSS Assessment

TP-Link as­signed CVE-2026 – 13230 a CVSS 4.0 score of 5.3 Medium with VC:L. Independent as­sess­ment rates this VC:H based on the fol­low­ing: pre­cise GPS co­or­di­nates con­sti­tute sen­si­tive per­sonal in­for­ma­tion un­der CCPA ex­plic­itly de­fined as re­quir­ing opt in con­sent; sub me­ter lo­ca­tion data iden­ti­fies a spe­cific res­i­den­tial ad­dress; the sec­ondary mar­ket at­tack path con­firmed in this ad­vi­sory en­ables re­cov­ery of this data with­out any net­work ac­cess to the vic­tim’s cur­rent net­work; en­abling prop­erty iden­ti­fi­ca­tion and in­te­rior lay­out cor­re­la­tion via pub­lic real es­tate data­bases. VC:L does not re­flect the real-world pri­vacy harm of pre­cise home lo­ca­tion dis­clo­sure.

TP-Link’s ad­vi­sory for CVE-2026 – 9770 char­ac­ter­izes the find­ing as a hard­coded cryp­to­graphic key vul­ner­a­bil­ity en­abling cre­den­tial in­ter­cep­tion. This fram­ing omits the in­de­pen­dent cre­den­tial stor­age find­ing doc­u­mented in Finding 2, un­salted MD5 hash­ing of TP-Link ID cre­den­tials with email ad­dress stored in plain­text, which is in­de­pen­dently ex­ploitable via SPI flash ex­trac­tion with­out re­quir­ing ex­ploita­tion of the RSA key or lo­cal net­work ac­cess. These rep­re­sent dis­tinct at­tack paths with dis­tinct CWEs bun­dled un­der a sin­gle CVE at TP-Link’s dis­cre­tion as CNA.

Secondary Market Risk

The com­bi­na­tion of find­ings doc­u­mented in this ad­vi­sory cre­ates a com­pounded risk for de­vices that are resold, do­nated, or oth­er­wise trans­ferred to new own­ers. On firmware 2.3.26, re­turn­ing a de­vice to fac­tory set­tings does not clear user data from jffs2 flash stor­age. The fol­low­ing at­tack path was con­firmed on firmware 2.3.26 and is mit­i­gated in firmware 2.4.1.

Credential Recovery via SPI Extraction: SPI flash ex­trac­tion of a de­vice re­turned to fac­tory set­tings con­firmed that the pre­vi­ous own­er’s TP-Link ID email ad­dress in plain­text and un­salted MD5 pass­word hash re­main pre­sent in con­fig/​ac­count. An at­tacker can re­cover the pre­vi­ous own­er’s global TP-Link ID cre­den­tials with­out any net­work ac­cess or in­ter­ac­tion with the pre­vi­ous owner. As doc­u­mented in Finding 2, these cre­den­tials pro­vide cross-do­main ac­count takeover across the en­tire TP-Link ecosys­tem.

GPS Exposure via Soft AP: When a de­vice is re­turned to fac­tory set­tings and pow­ered on, it en­ters a soft AP bind­ing mode to fa­cil­i­tate setup by a new owner. During this bind­ing mode, the unau­then­ti­cated get_sys­info re­quest on port 9999 was con­firmed to re­turn the pre­vi­ous own­er’s pre­cise GPS co­or­di­nates in clear­t­ext.

Complete Secondary Market Attack Path

An at­tacker who pur­chases a sec­ond­hand EC71 can:

Power on the de­vice and con­nect to its soft AP, re­trieve the pre­vi­ous own­er’s home GPS co­or­di­nates via unauth port 9999

Perform SPI flash ex­trac­tion, re­cov­er­ing the pre­vi­ous own­er’s TP-Link ID email in plain­text, MD5 pass­word hash

Crack the un­salted MD5 hash via pre­com­puted rain­bow ta­bles or GPU ac­cel­er­ated brute force

Authenticate to any TP-Link plat­form (Kasa, Tapo, Deco, VIGI) us­ing the re­cov­ered cre­den­tials

Use the home GPS co­or­di­nates ob­tained in step 1 to cor­re­late the com­pro­mised ac­count with a phys­i­cal ad­dress

The com­plete chain from de­vice pur­chase to phys­i­cal ad­dress and ac­count com­pro­mise re­quires no prior knowl­edge of the pre­vi­ous owner, no net­work ac­cess to the pre­vi­ous own­er’s net­work, and no tech­ni­cal ex­per­tise be­yond con­nect­ing to a WiFi net­work and run­ning a $3 pro­gram­mer.

Remediation: Firmware 2.4.1 re­moves GPS co­or­di­nates from the get_sys­info re­sponse, ad­dress­ing the GPS ex­po­sure path. Credential stor­age is en­crypted via the at-rest en­cryp­tion roll­out in check­_de­fault­_­con­fig.

Additional Research Findings

The fol­low­ing find­ings were sub­mit­ted to the ven­dor and closed un­der CNA Operational Rule 4.1.2 as not demon­strat­ing a clear ex­ploitable vul­ner­a­bil­ity, or clas­si­fied as ac­cepted risk or in­tended func­tion­al­ity.

Finding 4 — Weak Cloud Token Derivation, Potential IDOR & TLS Session Persistence

Vendor Response: The iot_­to­ken is used solely for de­vice cloud au­then­ti­ca­tion and has no as­so­ci­a­tion with user ac­counts. Consequently, there is no risk of de­vice takeover via the iot_­to­ken, nor is there a risk of grant­ing unau­tho­rized ac­cess to live video feeds, stored clips, and de­vice PII with­out the user’s knowl­edge or the need for a pass­word.”

Researcher Rebuttal: The to­ken is de­liv­ered to the de­vice dur­ing pro­vi­sion­ing and de­crypted lo­cally us­ing an AES key. For units tak­ing the eFuse path, key re­cov­ery re­quires BGA level chip analy­sis. On units falling back to filesys­tem stor­age, the AES key is writ­ten in plain­text to /etc/rwdir/.abcd_cfg and is fully re­cov­er­able via SPI flash ex­trac­tion. The at­tack bar­rier varies sig­nif­i­cantly, de­pend­ing on the pro­vi­sion­ing path fol­lowed.

Analysis of SPI flash dumps taken ap­prox­i­mately four months apart con­firmed that iot_­to­ken and iot_re­fresh­To­ken val­ues stored in raw flash out­side the jffs2 filesys­tem are iden­ti­cal across both cap­tures. Tokens do not ro­tate dur­ing nor­mal de­vice op­er­a­tion and per­sist fol­low­ing a fac­tory re­set. Whether server-side re­vo­ca­tion oc­curs on fac­tory re­set was not con­firmed.

Packet cap­ture analy­sis re­veals anom­alous TLS ses­sion be­hav­ior: Client Hello and Client Key Exchange pack­ets are pre­sent with no cor­re­spond­ing Server Hello or Certificate re­sponse, per­sist­ing across de­vice re­boots and re­pro­vi­sion­ing events. If the iot_­to­ken in­flu­ences TLS ses­sion state, a rea­son­able hy­poth­e­sis given its role as the pri­mary cloud au­then­ti­ca­tion vec­tor, the ac­cepted risk clo­sure may war­rant re-eval­u­a­tion. If the to­ken serves as the pri­mary au­tho­riza­tion for cloud API calls, a non-ro­tat­ing to­ken re­cov­er­able from flash stor­age could en­able unau­tho­rized de­vice level ac­cess if server side au­tho­riza­tion is not en­forced per de­vice.

Finding 5 — Authentication Bypass via $FAILSAFE Logic & Hardcoded Credentials

Description: The pro­duc­tion firmware con­tains a log­i­cal au­then­ti­ca­tion by­pass in /bin/login.sh ac­ti­vated by the $FAILSAFE en­vi­ron­ment vari­able, com­bined with a fac­tory-burned root pass­word hash in /etc/shadow.

#!/bin/sh # Extracted from Kasa EC71 pro­duc­tion firmware v2.3.26

if ( ! grep -qsE ^root:[!x]?:’ /etc/shadow || \ ! grep -qsE ^root:[!x]?:’ /etc/passwd ) && \ [ -z $FAILSAFE ] then echo Login failed.” exit 0 else exec /bin/ash –login fi

The $FAILSAFE con­di­tion is ac­tively eval­u­ated by the preinit sys­tem. Analysis of the preinit scripts con­firmed three po­ten­tial trig­ger vec­tors in the code­base: ker­nel com­mand line in­jec­tion grep -q failsafe=’ /proc/cmdline && FAILSAFE=true, phys­i­cal but­ton press dur­ing the fs_wait­_­for_key win­dow, and key­press in­put dur­ing the fail­safe wait time­out. A com­mand ex­e­cu­tion sink for the $FAILSAFE con­di­tion was not iden­ti­fied.

Vendor Response: Vendor stated lo­gin.sh is not uti­lized in the pro­duc­tion code­base. Requested a func­tional brute-force at­tack to demon­strate a de­fin­i­tive at­tack path for the burned-in cre­den­tials.

Researcher Rebuttal: The ven­dor’s unused’ clas­si­fi­ca­tion is in­con­sis­tent with a preinit ar­chi­tec­ture that ac­tively eval­u­ates and ex­ports the $FAILSAFE en­vi­ron­ment vari­able via three in­de­pen­dent mech­a­nisms.

Regarding the burned in root pass­word hash: ship­ping a sta­tic, fleet-wide cre­den­tial hash in a pro­duc­tion firmware vi­o­lates PSA Certified and NIST SP 800 – 213 IoT se­cu­rity base­line re­quire­ments for unique per-de­vice cre­den­tials. The ven­dor’s re­quest for a func­tional brute-force demon­stra­tion sets an in­ap­pro­pri­ate bar; the se­cu­rity fail­ure is the pres­ence of a sta­tic fleet wide hash, not the speed at which it can be cracked. A sin­gle of­fline crack of this hash com­pro­mises every EC71 unit ship­ping firmware v2.3.26. This hash is also pre­sent in 2.4.1.

Finding 6 — Active Local Service Endpoints — Legacy Architecture with Prior CVE History

Vendor Response: Vendor stated that the Kasa prod­uct line does not sup­port a lo­cal web man­age­ment in­ter­face, and that the find­ings may re­late to legacy or un­used code paths.

Description: Four ser­vice ports (tcp/10443, tcp/​17443, tcp/​18443, tcp/​19443) ac­cept TLS con­nec­tions and re­spond to re­quests. The LINKIE CGI end­point at port 10443 re­turns {“err_code”:-1,“msg”:“Bad Request”}, in­di­cat­ing com­piled bi­nary han­dler code is pre­sent in the ulinkied bi­nary. No traf­fic on these ports was ob­served dur­ing nor­mal op­er­a­tion; all cam­era com­mu­ni­ca­tion routes through port 443 to the cloud in­fra­struc­ture. The ac­ti­va­tion con­di­tions and cur­rent pur­pose of these lo­cal ports were not fully char­ac­ter­ized.

The Kasa Smart app launched in November 2015. Independent re­search pub­lished in August 2020 doc­u­mented these ports as ac­tive HTTPS end­points on the KC100. CVE-2023 – 28478 doc­u­mented a CVSS 8.8 stack-based buffer over­flow on these same ports on the hard­ware-iden­ti­cal EC70 in 2023.

Beta 2.4.1 be­hav­ior: Per-device cer­tifi­cates re­place the fleet-wide RSA cer­tifi­cate. Ports 17443, 18443, and 19443 now re­ject con­nec­tions with a TLS hand­shake fail­ure alert con­sis­tent with mu­tual TLS au­then­ti­ca­tion be­ing re­quired. Port 10443 con­tin­ues to serve the LINKIE CGI end­point.

Researcher Rebuttal: The ven­dor’s January 16, 2026, re­sponse com­mit­ted to re­me­di­at­ing issues re­lated to the lo­cal com­mu­ni­ca­tion TLS cer­tifi­cates”, re­fer­ring specif­i­cally to uhttpd.key and uhttpd.crt, the TLS cre­den­tials for the uhttpd web server con­firmed ac­tive on ports 10443, 17443, 18443, and 19443. Dead code does not re­quire re­me­di­a­tion. The ad­di­tion of mTLS au­then­ti­ca­tion on ports 17443, 18443, and 19443 fur­ther con­firms these end­points are ac­tive in­fra­struc­ture rather than legacy rem­nants. A ven­dor can­not si­mul­ta­ne­ously char­ac­ter­ize ser­vice end­points as un­used legacy code and im­ple­ment cryp­to­graphic hard­en­ing against unau­then­ti­cated ac­cess to those same end­points.

Finding 7 — Internal Staging Infrastructure Exposure

Vendor Response: Closed un­der CNA Operational Rule 4.1.2.

Description: The fol­low­ing non-pro­duc­tion end­points were iden­ti­fied as hard­coded strings in pro­duc­tion firmware and as ac­tive com­mu­ni­ca­tion end­points in net­work cap­tures:

n-devs.tplinkcloud.com

.dcipc-beta.i.tplinkcloud.com

tapo-care-beta.i.tplinkcloud.com

Hardcoded ref­er­ences to in­ter­nal stag­ing and de­vel­op­ment in­fra­struc­ture in pro­duc­tion firmware pro­vide a map to en­vi­ron­ments that typ­i­cally op­er­ate with re­duced se­cu­rity con­trols. The pres­ence of Tapo branded beta end­points sug­gests con­ver­gence of back­end re­sources across prod­uct ecosys­tems. The de­vice ac­tively com­mu­ni­cates with these end­points, cre­at­ing a bridge be­tween con­sumer de­vices and in­ter­nal test­ing in­fra­struc­ture.

Beta Firmware Validation

Beta 2.4.00 (June 11 – 15, 2026)

OTA de­liv­ery bricked the test de­vice. The fac­tory re­set was non func­tional. LED pat­tern: ap­prox­i­mately 25 green pulses fol­lowed by one red pulse, cy­cling in­def­i­nitely. Vendor con­firmed no soft­ware re­cov­ery path af­ter en­gi­neer­ing re­view. Device re­cov­ered via CH341A SPI re­flash with orig­i­nal firmware 2.3.26.

Firmware diff analy­sis of 2.4.00 re­vealed the se­cu­rity re­me­di­a­tion was bun­dled with ex­ten­sive new WiFi chipset sup­port code (WQ9001/hawk_usb). The beta cer­tifi­cate con­fig­u­ra­tion ref­er­ences EC70 rather than EC71.

Note: 2.4.0 was orig­i­nally grayscale de­ployed, aborted at 60% cov­er­age due to stability is­sues’. The 2.4.0 ver­sion that bricked the test de­vice was a tar­geted OTA af­ter the roll­back. Standard con­sumers do not have ac­cess to SPI flash pro­gram­mers. Any af­fected de­vice in the con­sumer de­ploy­ment that ex­pe­ri­enced the same fail­ure would have been per­ma­nently bricked with­out hard­ware level re­me­di­a­tion.

Beta 2.4.1 (June 24 – 25, 2026)

Delivered via OTA to the re­place­ment de­vice along­side the beta Kasa app via TestFlight.

Confirmed re­me­di­ated:

Fleet-wide RSA: 2.4.1 re­moves uhttpd.key and uhttpd.crt from the firmware filesys­tem en­tirely. Per-device EC keys are pro­vi­sioned through a NOC cer­tifi­cate in­fra­struc­ture, re­plac­ing the fleetwide RSA ar­chi­tec­ture. mbedTLS up­graded from 2.6.0 to 2.28.1.

Fleet-wide RSA: 2.4.1 re­moves uhttpd.key and uhttpd.crt from the firmware filesys­tem en­tirely. Per-device EC keys are pro­vi­sioned through a NOC cer­tifi­cate in­fra­struc­ture, re­plac­ing the fleetwide RSA ar­chi­tec­ture. mbedTLS up­graded from 2.6.0 to 2.28.1.

MD5 cre­den­tials: 2.4.1 ap­plies at rest en­cryp­tion to cre­den­tial stor­age via check­_de­fault­_­con­fig en­cryp­tion roll­out us­ing the de­vice’s ex­ist­ing AES rou­tine.

MD5 cre­den­tials: 2.4.1 ap­plies at rest en­cryp­tion to cre­den­tial stor­age via check­_de­fault­_­con­fig en­cryp­tion roll­out us­ing the de­vice’s ex­ist­ing AES rou­tine.

GPS co­or­di­nates: GPS co­or­di­nates are re­moved from the get_sys­info UDP re­sponse in firmware 2.4.1. Port 9999 no longer re­turns a re­sponse to unau­then­ti­cated get_sys­info re­quests in the patched firmware. The Kasa app broad­casts a pub­lic RSA key via UDP as part of its lo­cal de­vice dis­cov­ery ar­chi­tec­ture. This be­hav­ior is pre­sent in both firmware ver­sions and ap­pears to be the au­then­ti­cated dis­cov­ery mech­a­nism that re­placed the unau­then­ti­cated get_sys­info re­sponse in 2.4.1.

GPS co­or­di­nates: GPS co­or­di­nates are re­moved from the get_sys­info UDP re­sponse in firmware 2.4.1. Port 9999 no longer re­turns a re­sponse to unau­then­ti­cated get_sys­info re­quests in the patched firmware. The Kasa app broad­casts a pub­lic RSA key via UDP as part of its lo­cal de­vice dis­cov­ery ar­chi­tec­ture. This be­hav­ior is pre­sent in both firmware ver­sions and ap­pears to be the au­then­ti­cated dis­cov­ery mech­a­nism that re­placed the unau­then­ti­cated get_sys­info re­sponse in 2.4.1.

Triage Deficiencies

The ven­dor triage re­sponse dated May 29, 2026, 66 days from dis­clo­sure, ref­er­enced an MD5 hash in a re­served field” as the ba­sis for low-risk clas­si­fi­ca­tion of CVE-2026 – 13230. No MD5 field ex­ists any­where in the de­vice’s JSON re­sponse to get_sys­info. The TPVD20260324001 track­ing num­ber breaks down into TPVD 2026 03 24 001, the day af­ter sub­mis­sion, con­firm­ing the find­ing was cor­rectly re­ceived and logged. The triage re­sponse de­scribes a dif­fer­ent vul­ner­a­bil­ity en­tirely. A re­but­tal video demon­strat­ing the pre­vi­ously pro­vided PoC script was sub­mit­ted the same day.

Affected Models

Vāgdhenu — Sanskrit Śloka-to-Chant TTS

prathosh.in

Try it

Paste a Sanskrit verse in any Indian script — the me­ter is de­tected au­to­mat­i­cally.

First chant takes ~10 – 60s while the model warms up. If the demo does­n’t load, use the backup demo ↗.

Listen — sam­ple chants

Six vṛttas ren­dered by this sys­tem — in­clud­ing verses from the shipped de­ploy­ments.

vas­an­tati­lakā Mahābhārata Tātparya Nirṇaya · 1.1

नारायणाय परिपूर्णगुणार्णवाय विश्वोदयस्थितिलयोन्नियतिप्रदाय ।ज्ञानप्रदाय विबुधासुरसौख्यदुःखसत्कारणाय वितताय नमोनमस्ते

śārdūlavikrīḍita Śrīmad Bhāgavatam · 1.1.2

जन्माद्यस्य यतोऽन्वयादितरतश्‍चार्थेष्वभिज्ञः स्वराट् तेने ब्रह्म हृदाआदिकवये मुह्यन्ति यं सूरयः। तेजोवारिमृदां यथा विनिमयो यत्र त्रिसर्गो मृषा धाम्ना स्वेन सदा निरस्तकुहकं सत्यं परं धीमहि

anuṣṭubh Śrīmad Bhāgavatam · 1.1.5

नैमिषेऽनिमिषक्षेत्रे ऋषयः शौनकादयः। सत्रं स्वर्गाय लोकाय सहस्रसममासत

vaṃśastha Śrīmad Bhāgavatam · 1.3.5

पश्यन्त्यदो रूपमदभ्रचक्षुषः सहस्रपादोरुभुजाननाद्भुतम्। सहस्रमूर्धश्रवणाक्षिनासिकं सहस्रमौल्यम्बरकुण्डलोल्‍लसत्

dru­tavil­am­bita Śrīmad Bhāgavatam · 1.1.4

निगमकल्पतरोर्गलितं फलं शुकमुखादमृतद्रवसंयुतम्। पिबत भागवतं रसमालयं मुहुरहो रसिका भुवि भावुकाः

mālinī Narasiṃha stuti · retroflex tongue-twister

हठलुठ दल घिष्टोत्कण्ठदष्टोष्ठ विद्युत् सटशठ कठिनोरः पीठभित्सुष्ठुनिष्ठाम् ।पठतिनुतव कण्ठाधिष्ठ घोरान्त्रमाला दह दह नरसिंहासह्यवीर्याहितं मे

Get the app

These recita­tions power a free app for the com­plete Śrīmad Bhāgavatam.

भागवतवाणी

Bhāgavata-VāNi

The com­plete Śrīmad Bhāgavatam — all 12 skand­has — with synced au­dio recita­tion and line-by-line karaoke high­light­ing, in 10 Indian scripts. Search any verse in any script, tra­di­tional in­dices, works fully of­fline. Free, no ads.

Practise with it

Vāgdhenu’s chants power a com­pan­ion tool that lis­tens to you.

वाग्बोधिनी

Vāgbodhinī

A Sanskrit chant tu­tor. Paste any śloka (or prose) in any script, hear its me­tre-aware ref­er­ence chant ren­dered by Vāgdhenu, then chant along — a Sanskrit speech model scores every syl­la­ble and shows you what to fix. For clas­si­cal (laukika) Sanskrit.

About

Vāgdhenu maps a met­ri­cal verse to its chanted pārāyaṇa recita­tion. Its voice is a flow-match­ing TTS back­bone re­trained on a pur­pose-recorded, care­fully de­signed sin­gle-speaker Sanskrit chant cor­pus (~5 hours), with a fur­ther voice-steer­ing re­train; the neural vocoder is like­wise fine-tuned for the chant reg­is­ter. Around the trained model sits the ma­chin­ery a faith­ful Sanskrit chant pipeline needs: a script-aware fron­tend that routes Sanskrit through Kannada or­thog­ra­phy (avoiding the Hindi schwa-dele­tion that Devanagari trig­gers); vis­arga sandhi with the ji­hvāmūlīya and upadhmānīya al­lo­phones; the as­pi­ra­tion con­trast; the three sibi­lants and the full retroflex se­ries kept dis­tinct; ho­mor­ganic anusvāra and vo­calic ṝ; and a vṛtta-aware mech­a­nism that de­tects the me­ter and se­lects a matched ref­er­ence un­der the half-ref­er­ence rule. The re­trained model reaches an ex­pert MOS of about 4.6, and dense con­juncts — in­clud­ing retroflex as­pi­rates — ren­der cor­rectly, the class ear­lier ar­chi­tec­tures could not crack.

Deployments

This sys­tem pro­duced two cor­pora at scale.

● Mahābhārata Tātparya Nirṇaya — 32 chap­ters, 5,183 verses (~17.5h) · video se­ries ↗

● Śrīmad Bhāgavatam — ~18,000 verses across 12 books · karaoke-video se­ries ↗

Reviving a 15-year-old netbook with Arch Linux

parksb.github.io

Arch Linux 32 on an Eee PC 1000HE 2026.07.04

KO | EN

A new op­er­at­ing sys­tem

Before in­stal­la­tion­Prepar­ing the boot me­di­a­Con­nect­ing to the in­ter­net­Set­ting the sys­tem clock­Par­ti­tion­ing the disk

Preparing the boot me­dia

Connecting to the in­ter­net

Setting the sys­tem clock

Partitioning the disk

InstallationSystem con­fig­u­ra­tionBoot­loader con­fig­u­ra­tionNet­work con­fig­u­ra­tion

System con­fig­u­ra­tion

Bootloader con­fig­u­ra­tion

Network con­fig­u­ra­tion

After in­stal­la­tion­Arch User RepositoryDesktop en­vi­ron­men­tRAM up­grade

Arch User Repository

Desktop en­vi­ron­ment

RAM up­grade

I still have a net­book I bought back in 2009.

The ASUS Eee PC 1000HE has an Intel Atom N280 and 1GB of DDR2 RAM. The Atom N se­ries was Intel’s line of cheap, low-per­for­mance CPUs for net­books. The chip has 56KB of L1 cache and 512KB of L2 cache, and its clock speed is 1.667GHz. Compare that with the Intel Core i3 N305, a bud­get lap­top proces­sor re­leased in 2023, which has 768KB of L1 cache, 4MB of L2 cache, and runs at 3.8GHz, and you get a feel for how poor the Eee PCs per­for­mance is.

Those were the kinds of com­pro­mised specs that came with be­ing a net­book, so there is not much point in com­plain­ing about how bad they were. Even at the time it was no match for a lap­top, but it was still fine for light work like edit­ing doc­u­ments or brows­ing the web. By around 2012, though, it had be­come hard to use even for rou­tine tasks. Programs kept gain­ing fea­tures, web­sites kept grow­ing more in­ter­ac­tive, and the net­book’s small HDD was ag­ing. In the end, ul­tra­books re­placed net­books.

And so the net­book went to sleep in stor­age.

A new op­er­at­ing sys­tem

More than ten years later, in 2023, I sud­denly thought of the net­book again. The ma­chine I pulled out of stor­age looked ex­actly as it had when it went in, and the tacky Windows XP UI that ap­peared af­ter boot­ing was just as I re­mem­bered it. It took sev­eral sec­onds just to open Windows Explorer, and the cur­sor stut­tered while it loaded. I could not re­mem­ber whether the ma­chine had got­ten even slower, or whether it had al­ways been like this and I had once thought even this was fast. Once the net­book was out of stor­age again, I de­cided to bring it back to life and put it to use again, whether as a server or a YouTube ma­chine.

My first thought was that Windows XP, whose sup­port ended in 2014, had to go. Windows re­leases af­ter Windows 7 re­quired at least 1GB of RAM. Because the net­book had ex­actly 1GB of RAM in­stalled, I fig­ured I would need a lighter op­er­at­ing sys­tem if I wanted it to be pleas­ant to use. Ubuntu re­quired at least 512MB of RAM, but when I had in­stalled Ubuntu on low-spec lap­tops in the past, I had not found the per­for­mance es­pe­cially good.

I needed an ex­tremely light op­er­at­ing sys­tem with only the bare min­i­mum. It had to come with­out un­nec­es­sary de­fault fea­tures, and it had to let me build an en­vi­ron­ment from the ground up for this net­book alone. The an­swer was ob­vi­ous. Arch Linux. Arch Linux is a Linux dis­tri­b­u­tion built on the prin­ci­ples of sim­plic­ity, moder­nity, prag­ma­tism, user cen­tral­ity, and ver­sa­til­ity. I had wanted to try Arch Linux for a while any­way, so it felt like a good chance. The fact that the setup process would teach me a lot about op­er­at­ing sys­tems also made it a nice hobby to start right be­fore the se­mes­ter be­gan.

Before in­stal­la­tion

Arch Linux of­fi­cially dropped sup­port for the x86 ar­chi­tec­ture af­ter 2017. The Atom N2xx proces­sors sup­port only 32-bit, so I had no choice but to use Arch Linux 32, which is main­tained by the com­mu­nity. The in­stal­la­tion process for Arch Linux 32 was not very dif­fer­ent from the Arch Linux in­stal­la­tion guide on the ArchWiki, but the ma­chine’s lim­ited per­for­mance led to some un­ex­pected twists. In this ar­ti­cle I want to record, in de­tail, my per­sonal ex­pe­ri­ence in­stalling Arch Linux 32 on this net­book.

Preparing the boot me­dia

First, I needed an Arch Linux disk im­age. On the Arch Linux 32 down­load page, I down­loaded the im­age file (.iso) and the sig­na­ture file (.sig), then used the gpg com­mand to ver­ify that the im­age had not been tam­pered with.

$ gpg –keyserver-options auto-key-re­trieve –verify arch­lin­ux32 – 2023.03.02-i686.iso.sig

If every­thing checks out, cre­ate the boot me­dia. I used Rufus on a Windows desk­top to burn the ISO file I had down­loaded to a USB drive. I then plugged the USB drive into the net­book, en­tered the BIOS (Basic Input/Output System), set USB as the first boot op­tion, and re­booted. That makes the com­puter boot from the USB drive in­stead of the hard disk.

Connecting to the in­ter­net

The Arch Linux in­stal­la­tion im­age uses zsh as its de­fault shell. To in­stall Arch Linux, the ma­chine needs an in­ter­net con­nec­tion. First check whether the net­work in­ter­faces are up.

$ ip link 1: lo … state UNKNOWN … link/​loop­back 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: en­p3s0 … state DOWN … link/​ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff 4: wlan0 … state UP … link/​ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff

Here lo is the loop­back in­ter­face. The loop­back in­ter­face is a vir­tual net­work in­ter­face the sys­tem uses to con­nect to it­self. The IP ad­dress 127.0.0.1 is the loop­back ad­dress as­signed to it. en­p3s0 is the in­ter­face cor­re­spond­ing to the Ethernet de­vice (en) on the moth­er­board’s PCI bus 3 (p3), slot 0 (s0). Ethernet is the stan­dard for wired net­work­ing. wlan0 is the wire­less LAN in­ter­face. Since I was go­ing to con­nect over Wi-Fi, I checked that wlan0 was in the UP state. Next, use rfkill to check whether any in­ter­faces are blocked.

$ rfkill ID TYPE DEVICE SOFT HARD 0 wlan eeepc-wlan un­blocked un­blocked 1 blue­tooth eeepc-blue­tooth un­blocked un­blocked 2 wwan eeepc-wwan3g un­blocked un­blocked …

If a wired con­nec­tion is avail­able, you can just plug in a LAN ca­ble. To con­nect over Wi-Fi, though, you have to use iw­ctl to scan for ac­cess points and con­nect man­u­ally. iw­ctl is the client pro­gram pro­vided by iwd (iNet wire­less dae­mon), the wire­less net­work dae­mon made by Intel. The Arch Linux in­stal­la­tion im­age ships with iwd by de­fault.

$ iw­ctl

[iwctl]# de­vice list Devices –––––––––––––––––––––––––––––- Name Address Powered Adapter Mode –––––––––––––––––––––––––––––- wlan0 xx:xx:xx:xx:xx:xx on phy0 sta­tion

[iwctl]# sta­tion wlan0 scan

[iwctl]# sta­tion wlan0 get-net­works Available net­works ––––––––––––––––– Network name Security Signal ––––––––––––––––– ip­time psk **** ip­time_2.4G psk ****

[iwctl]# sta­tion wlan0 con­nect ip­time_2.4G Type the net­work passphrase for ip­time_2.4G psk. Passphrase: ********

[iwctl]# exit

The net­book’s wire­less card did not sup­port 5GHz net­works, so I had no choice but to con­nect to 2.4GHz. Finally, send a ping to arch­lin­ux32.org to make sure the in­ter­net con­nec­tion is work­ing.

$ ping -c3 arch­lin­ux32.org

Setting the sys­tem clock

Update the sys­tem clock. First en­able NTP (Network Time Protocol), then check that the clock is cor­rect. NTP is a pro­to­col that syn­chro­nizes the sys­tem clock by re­ceiv­ing the cor­rect time from a server. I ex­plain it briefly in How rail­way timeta­bles be­came Unix time.

$ time­da­te­ctl set-ntp true $ time­da­te­ctl

Partitioning the disk

fdisk lets you check what disks are at­tached to the com­puter.

$ fdisk -l Disk /dev/sda: 14.8 Gib, x bytes, x sec­tors Disk model: Flash Disk … Disk /dev/sdb: 149.0 GiB, x bytes, x sec­tors Disk model: ST9160410AS

sda is the in­stal­la­tion USB, and sdb is the HDD in­side the net­book, so I se­lected sdb.

$ fdisk /dev/sdb

The ex­ist­ing par­ti­tions had been set up for Windows. One HDD was split into a C drive and a D drive, and there was also an EFI par­ti­tion and a re­cov­ery par­ti­tion. I wanted to delete all of the old par­ti­tions, which I no longer needed, and set every­thing up from scratch. To do that, I first had to un­der­stand the sys­tem’s moth­er­board.

The moth­er­board’s ROM holds the firmware that runs first when the sys­tem re­ceives power and ini­tial­izes the hard­ware needed for boot­ing. Broadly speak­ing, there are three kinds of firmware: BIOS, EFI (Extensible Firmware Interface), and UEFI (Unified Extensible Firmware Interface). EFI im­proved on BIOS, and UEFI im­proved on EFI, so re­cent hard­ware usu­ally ships with UEFI. Older moth­er­boards typ­i­cally came with BIOS. Yet even though the Eee PC 1000HE clearly used BIOS, it still had an EFI par­ti­tion. I later learned that the EFI par­ti­tion ex­isted not be­cause the firmware was EFI, but to sup­port the BIOSs Boot Booster” op­tion[1]. When a com­puter pow­ers on, the BIOS goes through POST (Power-On Self Test), which checks the sys­tem’s hard­ware be­fore ini­tial­iz­ing it. That takes a few sec­onds. Boot Booster” re­duces boot de­lay by caching POST in­for­ma­tion in the EFI par­ti­tion.

POST screen of the American Megatrends International BIOS. (CC0)

There are two par­ti­tion­ing schemes: MBR (Master Boot Record) and GPT (GUID Partition Table). MBR oc­cu­pies the first 512 bytes of a stor­age de­vice. Of those, 440 bytes hold boot­strap code, 6 hold a disk sig­na­ture, 64 hold a par­ti­tion table for up to four par­ti­tions at 16 bytes each, and the re­main­ing 2 hold a boot sig­na­ture. GPT, mean­while, is a par­ti­tion­ing scheme that im­proves on many of MBRs lim­its and is also part of the UEFI spec­i­fi­ca­tion. Compared with MBR, GPT al­lows more pri­mary par­ti­tions and larger par­ti­tions. Unlike MBR, it also uses a sep­a­rate boot par­ti­tion. I made two mis­takes here. One was choos­ing MBR be­cause I mis­tak­enly be­lieved[2] there was no way to use GPT with BIOS. The other was par­ti­tion­ing in an or­di­nary MBR lay­out like the one be­low with­out un­der­stand­ing what the EFI par­ti­tion was for. I re­gret­ted it a lit­tle, but I did not bother set­ting it up again.

A swap par­ti­tion is needed when phys­i­cal mem­ory is in­suf­fi­cient and part of stor­age has to be used as mem­ory. The ArchWiki rec­om­mends al­lo­cat­ing at least 512MB to the swap par­ti­tion. That is not enough. On this net­book, which has 1GB of RAM, if you keep the swap par­ti­tion small you will run into No space left on de­vice” er­rors all the time. RHEL rec­om­mends al­lo­cat­ing swap at twice the size of RAM when the sys­tem has 2GB of RAM or less. So on a net­book with 1GB of RAM, a 2GB swap par­ti­tion would do. I gave it 4GB to be safe, though, be­cause build­ing from source can some­times re­quire more than 4GB of mem­ory. Making the swap par­ti­tion larger than main mem­ory is also a good choice if you want to leave room for hi­ber­na­tion.

Command (m for help): n

Command ac­tion e ex­tended p pri­mary par­ti­tion (1 – 4) p

Partition num­ber (1 – 4): 1

First sec­tor (2048-y, de­fault 2048): <enter> Using de­fault value 2048

Last sec­tor, +sectors or +size(K,M,G) (2048-y, de­fault y): +4G

Change the type of the swap par­ti­tion you just cre­ated to 82 (Linux swap).

Command (m for help): t Partition num­ber (1 – 4): 1 Hex code: 82 Changed sys­tem type of par­ti­tion 2 to 82

Next cre­ate the root par­ti­tion. The root par­ti­tion is where Arch Linux will be in­stalled.

Command (m for help): n

Command ac­tion e ex­tended p pri­mary par­ti­tion (1 – 4) p

Partition num­ber (1 – 4): 2

First sec­tor (x-y, de­fault x): <return> Using de­fault value x

Last sec­tor, +sectors or +size(K,M,G) (x-y, de­fault y): <return> Using de­fault value y

Finally, check the re­sult.

Command (m for help): p Disk /dev/sdb: 149.0 GiB, x bytes, x sec­tors Disk model: ST9160410AS … Device Boot Start End Sectors Size Id Type /dev/sdb1 2048 y z 4G 82 Linux swap / Solaris /dev/sdb2 x y z 145G 83 Linux

As I will men­tion later, I did not set the boot flag be­cause I was plan­ning to use the GRUB boot­loader. (GRUB ig­nores the boot flag.) Now save (w) and exit (q) fdisk.

Command (m for help): w Command (m for help): q

Set the filesys­tem for the root par­ti­tion. Since ext4 is gen­er­ally used as a Linux filesys­tem, for­mat sdb2 as ext4.

$ mkfs.ext4 /dev/sdb2

Use mk­swap to ini­tial­ize the swap area cre­ated ear­lier as a swap par­ti­tion, then ac­ti­vate it.

$ mk­swap /dev/sdb1 $ swapon /dev/sdb1

Installation

Now the real in­stal­la­tion be­gins. Mount the root par­ti­tion on /mnt so you can ac­cess the par­ti­tion where Arch Linux will be in­stalled.

$ mount /dev/sdb2 /mnt

Next in­stall the es­sen­tial pack­ages. pac­strap in­stalls pack­ages into the mounted root di­rec­tory. Use it to put the Linux ker­nel, mod­ules, and firmware files into /mnt. But if you try to in­stall pack­ages im­me­di­ately, you will get an er­ror say­ing the sig­na­tures can­not be trusted. First you need to use Arch Linux’s pack­age man­ager pac­man to in­stall Arch Linux 32’s PGP keyring, arch­lin­ux32-keyring.

$ pac­man -S arch­lin­ux32-keyring $ pac­strap -K /mnt base linux linux-firmware

Once the in­stal­la­tion fin­ishes, gen­er­ate the fstab file. The fstab file con­tains in­for­ma­tion about filesys­tems such as disk par­ti­tions and al­lows the sys­tem to mount them au­to­mat­i­cally at boot ac­cord­ing to the con­fig­u­ra­tion. gen­f­stab, which comes with the Arch Linux in­stal­la­tion im­age, gen­er­ates the fstab con­tents au­to­mat­i­cally.

$ gen­f­stab -U /mnt >> /mnt/etc/fstab

Chroot into /mnt.

$ arch-ch­root /mnt

From this point on, you should think of your­self as be­ing in­side the Arch Linux sys­tem, with /mnt now act­ing as the root di­rec­tory.

System con­fig­u­ra­tion

First, link the time­zone file un­der /usr/share/zoneinfo to /etc/localtime to set the lo­cal time­zone. I chose ROK so the sys­tem would use Korean Standard Time.

$ ln -sf /usr/share/zoneinfo/ROK /etc/localtime

Use hw­clock to set the hard­ware clock from the sys­tem clock. This up­dates the time­stamp in /etc/adjtime.

$ hw­clock –systohc

Generate the lo­cale files.

$ lo­cale-gen

Set the host­name.

$ echo eee-pc-1000he > /etc/hostname

Set the root ac­coun­t’s pass­word.

$ passwd

That takes care of the ba­sic con­fig­u­ra­tion.

To add this web app to your iOS home screen tap the share button and select "Add to the Home Screen".

10HN is also available as an iOS App

If you visit 10HN only rarely, check out the the best articles from the past week.

Visit pancik.com for more.