From what I can tell from looking at it, this seems like something deliberately left in, but not for malicious reasons. The op codes referenced simply give access to lower level parts of the boards programming. ESP32’s are already a user programmable board, a valid use case is to run your entire application on one if the code being run is lightweight enough to not interfere with the Bluetooth code. Either during development, or during runtime, these undocumented codes are likely used to run specific commands on the board.

The actual issue as far as I can tell, since normally it’s valid usage to rewrite the board over USB, is that ESP32 boards also offer ways to encrypt device code, and require it to be signed, and you are presumably able to mess with this in order to dump code that was expected to be securely encrypted, and overwrite code on devices that was intended to require signing. (https://docs.espressif.com/projects/esp-idf/en/latest/esp32s3/security/secure-boot-v2.html#background)

Proving what someone was thinking when they programmed something is extremely difficult unless you can find written evidence of someone specifically saying if they did something or not, but this all seems like a legitimate minor exploit in a device that wasn’t built by, or intended for, people who are working against highly resourced attackers. This is still not a concern for normal people who aren’t concerned about being attacked by spies, and if a nation state wanted to hide a vulnerability in something then there are far easier paths to take than one that only works if you can steal a microcontroller so you can connect to it over USB.

Looking at the article, the exploit requires you to be able to send arbitrary data to the Bluetooth device over a physical connection. This means that a properly secure application will be protected from drive by connections, but if the application has an exploit that either lets an attacker write arbitrary values to the Bluetooth controller, or more likely contains a general arbitrary code execution exploit, then you could use this to rewrite values to the chip that would let you “persist” certain changes to the Bluetooth chip that would be difficult to notice.

I would consider this a moderate concern, as this will definitely increase your options if you’re looking to be able to make an attack that targets a specific device and this gives you a few additional persistence options, but any attack would have to be designed for a particular program running connected to a Bluetooth chip.

A more likely concern in my opinion would be the possibility of a supply chain attack, where someone compromises a Bluetooth chip that they know will be used to construct a particular part.

I don’t think that it’s super likely that either of these will affect the average person, only corporations and governments where espionage is an actual threat, as if you can find a Bluetooth IOT device that you want to mess with, like a Bluetooth enabled door lock, then you’re more likely to be able to find an arbitrary code execution attack which causes it to unlock immediately. Being able to spoof a different Bluetooth device isn’t likely to give you that big of an advantage when you’re working with a device that was already vulnerable for a different reason.

I suspect that the PC was mostly made because AMD offered to let them release a fancy CPU and they wanted to make a product that would hopefully get a different audience to hear about them. Given the emphasis that it’s just a PC, I wouldn’t be surprised if they don’t bother making new parts for it down the line unless it sells well enough that it can fund them continuing to make a PC line. Since, as they repeatedly pointed out, it’s all standard connections, it’s not a problem if they stop releasing new parts, unlike their other product lines.

The convertible will probably take a year or two to shake off the rough edges, same as the 13 and the 16 have/are still doing, I’m interested to see how it does down the line once it’s been out for a while and they’ve had time to respond to user feedback.

How about https://www.tumblr.com/cute-catts/766377029924962304/this-keeps-him-busy-for-the-rest-of-the-night

Ooh I didn’t know that KDE has touchpad gesture support now, I’ll need to give that a go next time I try linux

Yep! The Ryzen 5 7640U. It’s never immediately, it generally takes several minutes, maybe just bringing up a Tumblr page with a video and letting it loop for several minutes might hopefully do it, though, I’ve had a crash when Tumblr wasn’t the active tab so you can multitask if you’re fine with suddenly getting booted.

I was using Firefox. I don’t expect Tumblr to be well coded, but at most it should be able to freeze a single browser tab, if a tab can crash the entire desktop then that’s a greater issue. I haven’t had issues with tumblrs infinite scroll on other desktop situations, and while the crash happens at random I’ve had it happen within 30 seconds of opening a site if there’s a video first thing. The dmesg logs indicate that the GPU driver gets upset about something and resets itself at the time of the crash.

Trying the Firefox flatpak, or not installing the nonfree drivers didn’t make any change for me.

When looking at past reports of the crash I’ve seen some people report that things are fine on chrome but I’m not willing to make the change to see if that helps haha. It’s not a massive deal but it bugs me that I have to remember what websites to ignore and I want an expensive laptop to be a stress free experience so I’ll stick with windows and maybe give Linux another try every year or so to see if they can tempt me over yet.

I’ve mostly tried Fedora 40, I gave it another quick go after 41 with no improvement. Given that most other people haven’t experienced it, and I’ve only had this issue with Tumblr specifically and no other website, I’m guessing that it must be an uncommon codec.

I’ve had one for a few months now and it works really well. The only issue that I’ve had was that I expected Linux to run well on it, but it seems like AMDs Linux support has been overstated, and gnome would crash entirely when browsing certain websites like Tumblr, I assume because of some poorly supported video format. Everything runs fine on windows and it’s been a solid laptop so far. Obviously it’s not going to be the best for gaming, but the integrated graphics will handle lighter workloads fine and I’m hoping that it’ll save me money in the long run from the much cheaper cost of repairing vs having to buy a new laptop after 5 years.

Thanks for teaching me about LiveSync, not being able to sync my notes with mobile without an obsidian account has been annoying, but none of the web based interfaces look at nice or as usable as obsidian. Being able to sync everything between desktops and mobile will be really handy.