• 9 Posts
Joined vor 2 Jahren
Cake day: Mai 28, 2020

So one could have replace a JS file with one fetched from attacker controlled server for any site behind Akamai like LastPass or PayPal. That JS could have exfiltrated all the secrets from these sites on the client side (post decryption) or replace account numbers with their own on behalf of the user.

Torvalds added that Rust isn’t that terrible in the end; “it’s not Perl”.


I see many of articles and blog posts were people use commercial metaphors when describing free software. These simply do not apply to free software and use of them will just confuse everybody and make them to render incorrect conclusions. Free software is sufficiently different from anything that capitalism produces and requires use of its own metaphors to be understood correctly.

Sounds like GPU-pocalyps time has come, though for a different reason that I thought it would :)

It amazes me that people write financial software in JS. What can possibly go wrong :D

The worse kind of technology is one that promises things and then delivers only 80% of the time. It works enough that it gives you hope that it is usable, but when you need it the most it fails without any way knowing why. Also Bluetooth is a security nightmare, every few months there is some serious problem found and many of them are “by design” so cannot be fixed properly. It is also use for location tracking (beacon).

Wired headphones are like 100x cheaper, don’t require charging and will work for many years if you get one with good cable. There are only few failure modes that are easy to troubleshoot. But cable management can be a pain if you are not tidy.

Good. In the meantime my GP asked me to send my medical data to theirs @gmail.com address… long way to go.

What would also extend life time of smartphones is the ability to replace the battery! But I guess this is just too radical of an idea for present day.

Nice they are able to get the most from the battery lifetime, that also helps to reduce waste.

I think the inspiration behind uxn is game “Another World” which was made very portable as it is actually implemented as a VM: https://fabiensanglard.net/another_world_polygons/

The idea is that if your work is implemented on a VM that is very easy to implement. Then you can port all your programs to past and future computer systems by just implementing that VM on the computer you have at hand. This is the “permacomputing” part of uxn and has nothing to do with reliability or performance (although Another World was quite impressive as for Amiga 500).

Another thing is that uxn was designed with games, arts and music in mind and not with replacing life critical systems with.

Would be a good article without the uxn part. I think the author confused uxn with RISK-V or something.

I did not try them but perhaps you can check:

I was hoping for BerkeleyDB or Kyoto Cabinet bindings that I have used in my Ruby times for this purpose but nothing there that looks maintained.

Yes it can. This (among many other reasons) is why privacy matters. Even if you have noting to hide today, law can change and now data that is collected can be used against you.

a decentralised finance protocol that acts as an exchange, lost out to “the recent insolvency of two large centralised entities”

So what it says is:

  • we will spy on you and sell data collected to unknown third parties for our profit, or you can’t use the TV
  • you don’t own this product and we can take parts of it’s functionality away from you at any time for any reason
  • we will make more money off you by selling ads directly to your screen based on data that we have collected on you to maximize our profit and effect of advertisement on you and your family for our partners gain

No one could have predicted. /s

Now it is time for Europe to be able to make this core component of its economy and society.

GPUpocalypse is coming :) (when $15b worth of GPUs are dumped on second hand market duet to cryptocurrencies collapse or them not begin financially viable for mining any more)

Yeah, still the case. Even if ME is not made for malicious purposes, it is a very bad idea to begin with. It is only useful for enterprise customers and not in a way that would not have been possible before.

Some say that Netflix has a blob in ME :)

Good watch: https://media.ccc.de/v/34c3-8782-intel_me_myths_and_reality

Well, I switched to Wayland (sway) exactly because mpv could not do vsync with X11. So I guess frame callback is how you get vsync working by default and client timing loop is how you get no vsync by default. And getting the other than the default thing is always a major hack - in last 20 years I wasted days trying to get X11 do proper vsync and it never really worked and probably will never do work.

Another think is that in one paragraph the complaint is that Xorg supports to many features and on another that Wayland is slow to adopt and requires justification for adding more features… so have cake and eat it too?

Also please don’t complain about missing features when you know they are not there just because the thing did not get all the development time the other thing did… unless stuff is broken by design/culture (like with the scale factor it seems).

“ERROR: [youtube] jXf04bhcjbg: Video unavailable. The uploader has not made this video available in your country”

Looks like the monopolies are acting fast :D

Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code – Krebs on Security
> Like NVIDIA, Microsoft was able to stanch some of the bleeding, cutting off LAPSUS$’s illicit access while the group was in the process of downloading all of the available source code repositories alphabetically (the group publicized their access to Microsoft at the same time they were downloading the software giant’s source code). As a result, LAPSUS$ was only able to leak the source for Microsoft products at the beginning of the code repository, including Azure, Bing and Cortana.

Climate emergency: Is nuclear power a part of the solution?
YT: https://www.youtube.com/watch?v=E1TV1Y5f7Mg

> EU data protection authorities find that the consent popups that plagued Europeans for years are illegal. All data collected through them must be deleted. This decision impacts Google’s, Amazon’s and Microsoft’s online advertising businesses. > All data collected through the TCF must now be deleted by the more than 1,000 companies that pay IAB Europe to use the TCF. This includes Google’s, Amazon’s and Microsoft’s online advertising businesses.

Norton 360 Now Comes With a Cryptominer – Krebs on Security
> “Norton is pretty much amplifying energy consumption worldwide, costing their customers more in electricity use than the customer makes on the mining, yet allowing Norton to make a ton of profit,” tweeted security researcher Chris Vickery. “It’s disgusting, gross, and brand-suicide.”

> ...when combined with a vulnerability, it does have the ability to emulate circuits of arbitrary logic gates operating on arbitrary memory. So why not just use that to build your own computer architecture and script that!? That's exactly what this exploit does. Using over 70,000 segment commands defining logical bit operations, they define a small computer architecture with features such as registers and a full 64-bit adder and comparator which they use to search memory and perform arithmetic operations.

Inside Ireland’s Public Healthcare Ransomware Scare
The report notes the HSE’s hospital network had over 30,000 Windows 7 workstations that were deemed end of life by the vendor.

> An uncensored interview between the Russian OSINT and REvil operator has popped up in one of the hacking forums today. This is an unedited interview, which was originally released on October 23, 2020, by the Russian OSINT on their YouTube channel.

> Intel 11th Gen Intel Core vPro CPUs with support for the Hardware Shield and TDT features will be able to detect ransomware attacks at the hardware level, many layers below antivirus software. This is bullshit or the CPU can now detect and potentially block software that is running on it that Intel considers malware.