alt Hacker NewsYes, heavily, because of the use of adjectives and repeating the points.
Here, I'll emphasize the words that elicit the tone:
> After some basic reversing of the Tapo Android app, I found out that TP-Link have their entire firmware repository in an open S3 bucket. No authentication required. So, you can list and download every version of every firmware they’ve ever released for any device they ever produced: [command elided] The entire output is here, for the curious. This provides access to the firmware image of every TP-Link device - routers, cameras, smart plugs, you name it. A reverse engineer’s candy store.
Highlighting (repeatedly) the ease and breadth of access is a basic writing technique to illustrate the weakness of a security system.
Replies
Or to illustrate the convenience to the point of the article, being reverse engineering; not necessarily to critique their security practices here. Being easy to reverse engineer is not necessarily a weakness of security (as the inverse would simply be obscurity).
> Highlighting (repeatedly) the ease and breadth of access is a basic writing technique to illustrate the weakness of a security system.
It's a firmware distribution system. It's read-only access to a public storage account designed to provide open access to software deployment packages that the company wishes to broadcast to all products. Of course there is no auth requirement at all. The system is designed to allow everyone in the world to install updates. What compells anyone to believe the system would be designed to prevent public access?
Yeah, that writing definitely reeks of incredulity.
To me the phrasing seems objective. Making your binaries available to the public is good (though source would be better).
Replace [firmware] with [random popular GitHub repo] and nobody would blink. Replace [firmware] with [customer email address] and it would be a legal case. Differentiating here is important.