Skip Navigation
"A Message from Earth" (actually 501 messages, including a photo of George W Bush chosen by Gillian Anderson to illustrate evil) sent in 2008 to earth-like planet Gliese 581c will arrive there in 2029

https://en.wikipedia.org/wiki/Gliese_581c

https://en.wikipedia.org/wiki/RT-70

https://web.archive.org/web/20081011142445/http://www.telegraph.co.uk/news/newstopics/howaboutthat/3166709/Messages-from-Earth-sent-to-distant-planet-by-Bebo.html

13
Drop your most "wtf that's not how the world works" from movies/tv shows.
  • Lets Enhance is a pretty great supercut, but nothing beats the original Blade Runner scene.

    enhance 224 to 176

    enhance, stop

    move in, stop

    pull out, track right, stop

    center and pull back, stop

    track 45 right, stop

    center and stop

    enhance 34 to 36

    pan right and pull back, stop

    enhance 34 to 46

    pull back, wait a minute, go right, stop

    enhance 57 to 19

    track 45 left, stop

    enhance 15 to 23

    give me a hardcopy right there

  • carrot.py
  • only hobbyists and artisans still use the standalone carrot.py that depends on peeler.

    in enterprise environments everyone uses the pymixedveggies package (created using pip freeze of course) which helpfully vendors the latest peeled carrot along with many other things. just unpack it into a clean container and go on your way.

  • Removed
    Sounds like a threat
  • If they had just repeated what I had on my image, I wouldn’t have complained at all.

    They posted my address. Stop blaming me for shit other people dead.

    My assumption that whatever they posted came solely from your image was because they said:

    That barcode above is your full address btw

    to which you replied:

    But the post didn’t until you posted it.

    Do you see how someone looking at that exchange would read it as you acknowledging (via the word "But") that whatever they posted did in fact come from the barcode, and you are complaining about them decoding it?

    If they in fact obtained and posted your full address via some other means, I'm sorry for misunderstanding - and curious how they learned it!

    I'm still also confused by the fact that the barcode does not (as far as I can tell) contain a full address but rather just a zip+4 - which you also (still) have visible in text form in the image.

  • Removed
    Sounds like a threat
  • I'm really curious - was it actually your full address, or just your neighborhood? If the former, do you know how they learned it?!

    From reading the thread (only after they had already edited their comment) my impression is that whatever they posted came solely from the image you posted. Was that not the case?

    Apologies if I've misunderstood.

  • Removed
    Sounds like a threat
  • I didn’t. You posted my personal information on the Internet.

    They did, but so did you. They could not have posted it in text form if you hadn't first posted it as a barcode which anyone (still) can decode.

    i fully agree that they should have told you privately instead of posting it in text form, and i personally would have deleted their comment if it was on the instance where i could (and if they hadn't edited it already to remove your address).

    however, i must say: you appear to be confused. it has been six hours since their initial comment pointing out that you are doxing yourself via that barcode, and it is clear from your replies that you desire not to have your address published here... yet somehow you have still not replaced the image with a version that censors your zip+4 code.

    lemmy has an "edit post" function. if you don't want your address your approximate address to be public, you should edit the post to replace the image with one that censors that information. HTH!

    (edit: at first i mistakenly thought the barcode contained your whole address but now i see it actually just has the zip+4 - which you also have left in text form, so, decoding the barcode isn't even necessary 🤡 )

  • Handling non-responsive and frozen applications
  • The canonical documentation is https://www.kernel.org/doc/Documentation/filesystems/proc.rst (ctrl-f oom) but if you search a bit you'll find various guides that might be easier to digest.

    https://www.baeldung.com/linux/memory-overcommitment-oom-killer looks like an informative recent article on the subject, and reminds me that my knowledge is a bit outdated. (TIL about the choom(1) command which was added to util-linux in 2018 as an alternative to manipulating things in /proc directly...)

    https://dev.to/rrampage/surviving-the-linux-oom-killer-2ki9 from 2018 might also be worth reading.

    How to make your adjustments persist for a given desktop application is left as an exercise to the reader :)

  • Handling non-responsive and frozen applications
  • I'm not sure what this comic is trying to say but in my recent experience a single misbehaving website can still consume all available swap at which point Linux will sometimes completely lock up for many minutes before the out-of-memory killer decides what to kill - and then sometimes it still kills the desktop environment instead of the browser.

    (I do know how to use oom_adj; I'm talking about the default configuration on popular desktop distros.)

  • NSFW
    Found in the punk subreddit
  • Eternal reminder that KillEmAll Harris was part of the Jerry Brown administration immortalized in California Uber Alles.

    Almost. Same Jerry Brown, but a different administration and different century.

    Harris was only 14 years old when California Uber Alles was released.

  • A banana for scale should be to scale

    cross-posted from: https://lemmy.world/post/20263617

    > Review on Amazon: A banana for scale should be to scale https://a.co/d/aAZPaX4 > > ::: spoiler Alt text > 1 star review by user "Tall Guys Wife" on Amazon of a rubber banana that has the words [for scale] on it. > Picture attached shows rubber banana is smaller than real banana. > > Review text reads: "purchased this 'banana for scale, but it's way smaller than an average banana. People on social media demand if you're showing something that you use an average banana for scale. I would never deceive anyone with this ridiculous substitute for an accurate measuring tool." > :::

    0
    Go fuck yourself, Mike
  • does your resume include a sokoban clone?

  • Russian court fines Google $20,000,000,000,000,000,000,000,000,000,000,000
  • presumably they started with a base fine of $20 and simply multiplied it by 1000 for each of their time zones

  • Dickmann knew
  • see also: the mini version

    photograph of "Mini Dickmann's Schoko Trio"

  • Removed
    First North Korean troops killed in Russia, says Lithuanian source
  • that flag is upside down 🤘

  • I just need to keep it steady
  • keep it steady? did you neglect to install the shock absorbing plate?

    photo of a cardboard box packaging for SONY DISCMAN WITH COMPLETE CAR MOUNTING KIT
package has this text on top of a photo of the discman and accessories listed:
8 HOURS CONTINUOUS PLAY BACK WITH 2 x AA BATTERIES
RECHARGEABLE BATTERY CAPABLE (BP-DM10; OPTION)
1bit DAC AVLS MEGABASS
COMPLETE CAR CONNECTING KIT SUPPLIED
SHOCK ABSORBING PLATE
CAR CASSETTE ADAPTOR ENABLES CD PLAYBACK THROUGH YOUR
CAR CASSETTE DECK
CAR CIGARETTE LIGHTER POWER CORD INCLUDED
beneath the English-language text is this smaller text in Spanish:
8 HORAS DE REPRODUCCIÓN CONTINUA CON 2 PILAS AA
JUEGO DE CONEXIÓN PARA AUTOMOVILES SUMINISTRADO
across the bottom right corner it says:
EASY INSTALLATION

  • October 28: Hour-long video interview with Lowkey on the release of his new album “Soundtrack to the Struggle 3”
    www.mintpressnews.com “Soundtrack to the Struggle 3” Drops Amid Censorship Attempts: Lowkey Talks to MintCast

    In a new MintCast interview, Lowkey discusses the Israel lobby’s campaign to shut him down and why his latest album tackles Gaza, Assange, and mass surveillance., anti-war music, Israel lobby censorship, Julian Assange support, Lowkey Gaza, Lowkey new album, Lowkey tour dates, MintPress News MintCas...

    “Soundtrack to the Struggle 3” Drops Amid Censorship Attempts: Lowkey Talks to MintCast
    0
    October 28: Hour-long video interview with Lowkey on the release of his new album “Soundtrack to the Struggle 3”
    www.mintpressnews.com “Soundtrack to the Struggle 3” Drops Amid Censorship Attempts: Lowkey Talks to MintCast

    In a new MintCast interview, Lowkey discusses the Israel lobby’s campaign to shut him down and why his latest album tackles Gaza, Assange, and mass surveillance., anti-war music, Israel lobby censorship, Julian Assange support, Lowkey Gaza, Lowkey new album, Lowkey tour dates, MintPress News MintCas...

    “Soundtrack to the Struggle 3” Drops Amid Censorship Attempts: Lowkey Talks to MintCast
    0
    October 28: Hour-long video interview with Lowkey on the release of his new album “Soundtrack to the Struggle 3”
    www.mintpressnews.com “Soundtrack to the Struggle 3” Drops Amid Censorship Attempts: Lowkey Talks to MintCast

    In a new MintCast interview, Lowkey discusses the Israel lobby’s campaign to shut him down and why his latest album tackles Gaza, Assange, and mass surveillance., anti-war music, Israel lobby censorship, Julian Assange support, Lowkey Gaza, Lowkey new album, Lowkey tour dates, MintPress News MintCas...

    “Soundtrack to the Struggle 3” Drops Amid Censorship Attempts: Lowkey Talks to MintCast
    0
    `systemd` is all you need
  • I think it depends which side of the debate one is on?

  • `systemd` is all you need
  • $ systemd-analyze calendar tomorrow
    Failed to parse calendar specification 'tomorrow': Invalid argument
    Hint: this expression is a valid timestamp. Use 'systemd-analyze timestamp "tomorrow"' instead?
    $ systemd-analyze timestamp tuesday
    Failed to parse "tuesday": Invalid argument
    Hint: this expression is a valid calendar specification. Use 'systemd-analyze calendar "tuesday"' instead?
    

    ಠ_ಠ

    $ for day in Mon Tue Wed Thu Fri Sat Sun; do TZ=UTC systemd-analyze calendar "$day 02-29"|tail -2; done
        Next elapse: Mon 2044-02-29 00:00:00 UTC
           From now: 19 years 4 months left
        Next elapse: Tue 2028-02-29 00:00:00 UTC
           From now: 3 years 4 months left
        Next elapse: Wed 2040-02-29 00:00:00 UTC
           From now: 15 years 4 months left
        Next elapse: Thu 2052-02-29 00:00:00 UTC
           From now: 27 years 4 months left
        Next elapse: Fri 2036-02-29 00:00:00 UTC
           From now: 11 years 4 months left
        Next elapse: Sat 2048-02-29 00:00:00 UTC
           From now: 23 years 4 months left
        Next elapse: Sun 2032-02-29 00:00:00 UTC
           From now: 7 years 4 months left
    

    still image from "Zach Galifianakis Math" gif, with Zach looking contemplative with math notation floating in front of his face

    (It checks out.)

    Surprisingly its calendar specification parser actually allows for 31 days in every month:

    $ TZ=UTC systemd-analyze calendar '02-29' && echo OK || echo not OK
      Original form: 02-29
    Normalized form: *-02-29 00:00:00
        Next elapse: Tue 2028-02-29 00:00:00 UTC
           From now: 3 years 4 months left
    OK
    $ TZ=UTC systemd-analyze calendar '02-30' && echo OK || echo not OK
      Original form: 02-30
    Normalized form: *-02-30 00:00:00
        Next elapse: never           
    OK
    $ TZ=UTC systemd-analyze calendar '02-31' && echo OK || echo not OK
      Original form: 02-31
    Normalized form: *-02-31 00:00:00
        Next elapse: never           
    OK
    $ TZ=UTC systemd-analyze calendar '02-32' && echo OK || echo not OK
    Failed to parse calendar specification '02-32': Invalid argument
    not OK
    
  • tension on kernel mailing lists continues to grow as a Linux Foundation board member finally replies with a "summary of the legal advice the kernel is operating under" re: enforcing US sanctions
  • Funny that blog calls it a "failed attempt at a backdoor" while neglecting to mention that the grsec post (which it does link to and acknowledges is the source of the story) had been updated months prior to explicitly refute that characterization:

    5/22/2020 Update: This kind of update should not have been necessary, but due to irresponsible journalists and the nature of social media, it is important to make some things perfectly clear:

    Nowhere did we claim this was anything more than a trivially exploitable vulnerability. It is not a backdoor or an attempted backdoor, the term does not appear elsewhere in this blog at all; any suggestion of the sort was fabricated by irresponsible journalists who did not contact us and do not speak for us.

    There is no chance this code would have passed review and be merged. No one can push or force code upstream.

    This code is not characteristic of the quality of other code contributed upstream by Huawei. Contrary to baseless assertions from some journalists, this is not Huawei's first attempt at contributing to the kernel, in fact they've been a frequent contributor for some time.

  • tension on kernel mailing lists continues to grow as a Linux Foundation board member finally replies with a "summary of the legal advice the kernel is operating under" re: enforcing US sanctions
  • Wasn’t Huawei trying to put a Backdoor into linux?

    as far as i know, that has not happened.

    what makes you think it did?

  • Pan (moon)
  • screenshot of Obi-Wan Kenobi (Alec Guinness) and Han Solo (Harrison Ford) in Star Wars: Episode IV – A New Hope (1977) at the moment when Obi-Wan says "That's no moon". (no text added to screenshot)

  • Transmasc Godzilla Rule
  • After a minute of research I'm inclined to believe Godzilla egg-laying only happened in Roland Emmerich's 1998 film.

    Here is some contemporary reporting about it: https://www.chicagotribune.com/1998/05/19/godzilla-lays-an-egg-does-this-surprise-you/

    Big, buff and bodacious, he’s so cool he can even reproduce himself–or herself. Turns out, Godzilla’s a hermaphrodite.

    Consistent with the mythology, this giant lizard is a mutant by-product of nuclear radiation. As the only member of its species to have survived a bomb test in French Polynesia, Godzilla must assume male and female reproductive functions to maintain the lineage.

    Why Godzilla feels compelled to travel all the way to Manhattan to lay its eggs is a mystery not clearly explained in the script, but, like any Sinatra fan, the monster probably thought, “If I can make it there, I’ll make it anywhere.” So, it was off to New York, New York, where–like the Knicks–the creature lays a lot of eggs in Madison Square Garden.

    see also: https://fictionhorizon.com/how-does-godzilla-reproduce/

  • China’s infosec leads accuse Intel of NSA backdoor, cite chip security flaws
    www.theregister.com China infosec body slams Intel over chip security

    Uncle Sam having a secret way into US tech? Say it ain't so

    China infosec body slams Intel over chip security

    cross-posted from: https://lemmy.ml/post/21476364

    > from The Register: > > A Chinese industry group has accused Intel of backdooring its CPUs, in addition to other questionable security practices while calling for an investigation into the chipmaker, claiming its products pose "serious risks to national security." > > > >The Cybersecurity Association of China (CSAC), in a lengthy post on its WeChat account on Wednesday described Intel's chips as being riddled with vulnerabilities, adding that the American company's "major defects in product quality and security management show its extremely irresponsible attitude towards customers." > > > >The CSAC also accused Intel of embedding a backdoor "in almost all" of its CPUs since 2008 as part of a "next-generation security defense system" developed by the US National Security Agency. > > > >This allowed Uncle Sam to "build an ideal monitoring environment where only the NSA is protected and everyone else is 'naked,'" the post continued. "This poses a huge security threat to the critical information infrastructure of countries around the world, including China," the industry group claims. > > > >The infosec org also recommends the Cyberspace Administration of China open an investigation into the security of Intel's products sold in the country "to effectively safeguard China's national security and the legitimate rights and interests of Chinese consumers." > > > >Intel did not immediately respond to The Register's inquiries. > > --- > Here is a machine translation (via google translate) of CSAC's post: > > >Frequent vulnerabilities and high failure rates. Intel product cybersecurity risks should be systematically checked > > > >China Cyberspace Security Association October 16, 2024 09:02 > > > >Frequent vulnerabilities and high failure rates > > > >Intel product cybersecurity risks should be systematically checked > > > >1. Frequent security vulnerabilities > > > >In August 2023, Intel CPU was exposed to the Downfall vulnerability, which is a CPU transient execution side channel vulnerability. It uses the Gather instruction in its AVX2 or AVX-512 instruction set to obtain sensitive data such as keys, user information, and key parameters previously stored in a specific vector register buffer. The vulnerability affects Intel's 6th to 11th generation Core, Celeron, and Pentium series CPUs, as well as 1st to 4th generation Xeon processors. In fact, as early as 2022, researchers reported the vulnerability to Intel, but Intel, knowing the existence of the vulnerability, neither acknowledged it nor took effective action. It continued to sell products with vulnerabilities until the vulnerability was publicly reported, and Intel was forced to take vulnerability repair measures. Five victims have filed a class action lawsuit against Intel in November 2023 in the San Jose Branch of the U.S. Federal District Court for the Northern California in the name of themselves and representatives of "CPU consumers across the United States". > > > >Coincidentally, in November 2023, Google researchers disclosed that Intel CPUs have a high-risk vulnerability, Reptar. Exploiting this vulnerability, attackers can not only obtain sensitive data such as personal accounts, card numbers and passwords in the system in a multi-tenant virtualization environment, but also cause the physical system to hang or crash, resulting in denial of service for other systems and tenants it carries. > > > >Since 2024, Intel CPUs have successively exposed vulnerabilities such as GhostRace, NativeBHI, and Indirector. Intel's major defects in product quality and security management show its extremely irresponsible attitude towards customers. > > > >2. Poor reliability and indifference to user complaints > > > >Since the end of 2023, a large number of users have reported that crashes occur when using Intel's 13th and 14th generation Core i9 series CPUs to play specific games. Game manufacturers have even added pop-up processing in the game to warn users who use these CPUs. Dylan Browne, Unreal Engine Supervisor and Visual Effects Manager at visual effects studio ModelFarm, posted that the failure rate of computers using Intel processors in his company was as high as 50%. > > > >With concentrated user feedback and no way to cover up, Intel finally had to admit that there were stability issues with its products and issued a so-called preliminary investigation report, attributing the problem to the motherboard manufacturer setting too high a voltage. However, it was immediately refuted by the motherboard manufacturer, who stated that the motherboards it produced were developed according to the data provided by Intel for BIOS programs, and the cause of the crash was not the motherboard manufacturer. In July 2024, Intel issued a statement to explain the frequent CPU crashes, admitting that due to the incorrect microcode algorithm sending too high a voltage request to the processor, some 13th and 14th generation processors became unstable. > > > >Frequent crashes occurred at the end of 2023, and Intel only identified the problem and provided an update program half a year later, and the mitigation measures given within half a year did not work, which fully reflected that Intel did not actively and honestly face the problems when facing its own product defects, but simply ignored, shirked and procrastinated. Some professionals speculate that the root cause is that Intel has actively sacrificed product stability in order to gain performance improvements and regain competitive advantages. It is also reported that the US law firm "Abington Cole + Ellery" has begun investigating the instability of Intel's 13th and 14th generation processors, and will file a class action lawsuit on behalf of end users. > > > >3. Under the guise of remote management, the real purpose is to monitor users > > > >Intel, together with HP and other manufacturers, jointly designed the IPMI (Intelligent Platform Management Interface) technical specification, claiming that it is to monitor the physical health characteristics of the server, and technically manages and controls the server through the BMC (Baseboard Management Controller) module. The BMC module allows users to remotely manage devices, and can realize functions such as starting the computer, reinstalling the operating system, and mounting ISO images. The module has also been exposed to high-risk vulnerabilities (such as CVE-2019-11181), resulting in a large number of servers around the world facing great security risks of being attacked and controlled. > > > >In addition, Intel also integrates third-party open source components with serious vulnerabilities in its products. Taking the Intel M10JNPSB server motherboard as an example, this product supports IPMI management and is currently out of after-sales service. The last firmware update package was released on December 13, 2022. Analysis shows that its web server is lighttpd, with version number 1.4.35, which is actually the version of March 12, 2014. At that time, the latest version of lighttpd had been upgraded to 1.4.66. The difference between the two is 9 years, which is surprisingly large. This irresponsible behavior puts the network and data security of the majority of server users at great risk. > > > >4. Hidden backdoors endanger network and information security > > > >The autonomous running subsystem ME (Management Engine) developed by Intel has been embedded in almost all Intel CPUs since 2008. It is part of its vigorously promoted AMT (Active Management Technology), allowing system administrators to perform tasks remotely. As long as this function is activated, the computer can be accessed remotely regardless of whether the operating system is installed. Based on the redirection technology of peripherals such as optical drives, floppy drives, and USB, it can achieve the effect of physical contact with the user's computer. Hardware security expert Damien Zammit pointed out that ME is a backdoor that can fully access the memory, bypass the operating system firewall, send and receive network packets without the operating system user's knowledge, and users cannot disable ME. Intel AMT (Active Management Technology) based on ME technology was exposed to have a high-risk vulnerability (CVE-2017-5689) in 2017. Attackers can bypass the authentication mechanism and log in to the system directly to obtain the highest authority by setting the response field in the login parameters to empty. > > > >In August 2017, Russian security experts Mark Ermolov and Maxim Goryachy found a hidden switch suspected to be set by the NSA (National Security Agency) through reverse engineering technology. The switch is located in the HAP bit in the PCHSTERP0 field, but the flag bit is not recorded in the official document. Dramatically, HAP is the full name of High Assurance Platform, which belongs to the NSA-initiated project to build a next-generation security defense system. > > > >If the NSA directly shuts down the ME system by turning on the hidden switch of the HAP bit, and at the same time all other Intel CPUs in the world run the ME system by default, it is equivalent to the NSA being able to build an ideal monitoring environment where only it is protected and everyone else is "naked". This poses a great security threat to the critical information infrastructure of countries around the world, including China. At present, the software and hardware on the ME are closed source, and its security mainly relies on Intel's unilateral commitment, but the facts show that Intel's commitment is pale and unconvincing. Using Intel products poses serious risks to national security. > > > >5. It is recommended to initiate a cybersecurity review > > > >According to reports, nearly a quarter of Intel's global annual revenue of more than US$50 billion comes from the Chinese market. In 2021, Intel's CPU accounted for about 77% of the domestic desktop market and about 81% of the notebook market; in 2022, Intel's x86 server market share in China was about 91%. It can be said that Intel has made a lot of money in China, but the company has continued to do things that harm China's interests and threaten China's national security. > > > >Previously, the US government passed the so-called "Chips and Science Act" to unreasonably exclude and suppress China's semiconductor industry. Intel is the biggest beneficiary of this bill. Intel CEO Pat Gelsinger successfully tied Intel to the US government and became the largest partner of the US chip strategy. It not only received $8.5 billion in direct subsidies, but also $11 billion in low-interest loans. > > > >In order to please the US government, Intel actively took a stand to suppress China on the so-called Xinjiang-related issues, requiring its suppliers not to use any labor, purchase products or services from the Xinjiang region. In its financial report, it even listed Taiwan Province on a par with China, the United States, and Singapore, and took the initiative to cut off supply and service to Chinese companies such as Huawei and ZTE. This is a typical "holding the bowl to eat, and putting down the bowl to smash the pot". > > > >It is recommended to initiate a cybersecurity review of Intel's products sold in China to effectively safeguard China's national security and the legitimate rights and interests of Chinese consumers. >

    12
    China’s infosec leads accuse Intel of NSA backdoor, cite chip security flaws
    www.theregister.com China infosec body slams Intel over chip security

    Uncle Sam having a secret way into US tech? Say it ain't so

    China infosec body slams Intel over chip security

    cross-posted from: https://lemmy.ml/post/21476364

    > from The Register: > > A Chinese industry group has accused Intel of backdooring its CPUs, in addition to other questionable security practices while calling for an investigation into the chipmaker, claiming its products pose "serious risks to national security." > > > >The Cybersecurity Association of China (CSAC), in a lengthy post on its WeChat account on Wednesday described Intel's chips as being riddled with vulnerabilities, adding that the American company's "major defects in product quality and security management show its extremely irresponsible attitude towards customers." > > > >The CSAC also accused Intel of embedding a backdoor "in almost all" of its CPUs since 2008 as part of a "next-generation security defense system" developed by the US National Security Agency. > > > >This allowed Uncle Sam to "build an ideal monitoring environment where only the NSA is protected and everyone else is 'naked,'" the post continued. "This poses a huge security threat to the critical information infrastructure of countries around the world, including China," the industry group claims. > > > >The infosec org also recommends the Cyberspace Administration of China open an investigation into the security of Intel's products sold in the country "to effectively safeguard China's national security and the legitimate rights and interests of Chinese consumers." > > > >Intel did not immediately respond to The Register's inquiries. > > --- > Here is a machine translation (via google translate) of CSAC's post: > > >Frequent vulnerabilities and high failure rates. Intel product cybersecurity risks should be systematically checked > > > >China Cyberspace Security Association October 16, 2024 09:02 > > > >Frequent vulnerabilities and high failure rates > > > >Intel product cybersecurity risks should be systematically checked > > > >1. Frequent security vulnerabilities > > > >In August 2023, Intel CPU was exposed to the Downfall vulnerability, which is a CPU transient execution side channel vulnerability. It uses the Gather instruction in its AVX2 or AVX-512 instruction set to obtain sensitive data such as keys, user information, and key parameters previously stored in a specific vector register buffer. The vulnerability affects Intel's 6th to 11th generation Core, Celeron, and Pentium series CPUs, as well as 1st to 4th generation Xeon processors. In fact, as early as 2022, researchers reported the vulnerability to Intel, but Intel, knowing the existence of the vulnerability, neither acknowledged it nor took effective action. It continued to sell products with vulnerabilities until the vulnerability was publicly reported, and Intel was forced to take vulnerability repair measures. Five victims have filed a class action lawsuit against Intel in November 2023 in the San Jose Branch of the U.S. Federal District Court for the Northern California in the name of themselves and representatives of "CPU consumers across the United States". > > > >Coincidentally, in November 2023, Google researchers disclosed that Intel CPUs have a high-risk vulnerability, Reptar. Exploiting this vulnerability, attackers can not only obtain sensitive data such as personal accounts, card numbers and passwords in the system in a multi-tenant virtualization environment, but also cause the physical system to hang or crash, resulting in denial of service for other systems and tenants it carries. > > > >Since 2024, Intel CPUs have successively exposed vulnerabilities such as GhostRace, NativeBHI, and Indirector. Intel's major defects in product quality and security management show its extremely irresponsible attitude towards customers. > > > >2. Poor reliability and indifference to user complaints > > > >Since the end of 2023, a large number of users have reported that crashes occur when using Intel's 13th and 14th generation Core i9 series CPUs to play specific games. Game manufacturers have even added pop-up processing in the game to warn users who use these CPUs. Dylan Browne, Unreal Engine Supervisor and Visual Effects Manager at visual effects studio ModelFarm, posted that the failure rate of computers using Intel processors in his company was as high as 50%. > > > >With concentrated user feedback and no way to cover up, Intel finally had to admit that there were stability issues with its products and issued a so-called preliminary investigation report, attributing the problem to the motherboard manufacturer setting too high a voltage. However, it was immediately refuted by the motherboard manufacturer, who stated that the motherboards it produced were developed according to the data provided by Intel for BIOS programs, and the cause of the crash was not the motherboard manufacturer. In July 2024, Intel issued a statement to explain the frequent CPU crashes, admitting that due to the incorrect microcode algorithm sending too high a voltage request to the processor, some 13th and 14th generation processors became unstable. > > > >Frequent crashes occurred at the end of 2023, and Intel only identified the problem and provided an update program half a year later, and the mitigation measures given within half a year did not work, which fully reflected that Intel did not actively and honestly face the problems when facing its own product defects, but simply ignored, shirked and procrastinated. Some professionals speculate that the root cause is that Intel has actively sacrificed product stability in order to gain performance improvements and regain competitive advantages. It is also reported that the US law firm "Abington Cole + Ellery" has begun investigating the instability of Intel's 13th and 14th generation processors, and will file a class action lawsuit on behalf of end users. > > > >3. Under the guise of remote management, the real purpose is to monitor users > > > >Intel, together with HP and other manufacturers, jointly designed the IPMI (Intelligent Platform Management Interface) technical specification, claiming that it is to monitor the physical health characteristics of the server, and technically manages and controls the server through the BMC (Baseboard Management Controller) module. The BMC module allows users to remotely manage devices, and can realize functions such as starting the computer, reinstalling the operating system, and mounting ISO images. The module has also been exposed to high-risk vulnerabilities (such as CVE-2019-11181), resulting in a large number of servers around the world facing great security risks of being attacked and controlled. > > > >In addition, Intel also integrates third-party open source components with serious vulnerabilities in its products. Taking the Intel M10JNPSB server motherboard as an example, this product supports IPMI management and is currently out of after-sales service. The last firmware update package was released on December 13, 2022. Analysis shows that its web server is lighttpd, with version number 1.4.35, which is actually the version of March 12, 2014. At that time, the latest version of lighttpd had been upgraded to 1.4.66. The difference between the two is 9 years, which is surprisingly large. This irresponsible behavior puts the network and data security of the majority of server users at great risk. > > > >4. Hidden backdoors endanger network and information security > > > >The autonomous running subsystem ME (Management Engine) developed by Intel has been embedded in almost all Intel CPUs since 2008. It is part of its vigorously promoted AMT (Active Management Technology), allowing system administrators to perform tasks remotely. As long as this function is activated, the computer can be accessed remotely regardless of whether the operating system is installed. Based on the redirection technology of peripherals such as optical drives, floppy drives, and USB, it can achieve the effect of physical contact with the user's computer. Hardware security expert Damien Zammit pointed out that ME is a backdoor that can fully access the memory, bypass the operating system firewall, send and receive network packets without the operating system user's knowledge, and users cannot disable ME. Intel AMT (Active Management Technology) based on ME technology was exposed to have a high-risk vulnerability (CVE-2017-5689) in 2017. Attackers can bypass the authentication mechanism and log in to the system directly to obtain the highest authority by setting the response field in the login parameters to empty. > > > >In August 2017, Russian security experts Mark Ermolov and Maxim Goryachy found a hidden switch suspected to be set by the NSA (National Security Agency) through reverse engineering technology. The switch is located in the HAP bit in the PCHSTERP0 field, but the flag bit is not recorded in the official document. Dramatically, HAP is the full name of High Assurance Platform, which belongs to the NSA-initiated project to build a next-generation security defense system. > > > >If the NSA directly shuts down the ME system by turning on the hidden switch of the HAP bit, and at the same time all other Intel CPUs in the world run the ME system by default, it is equivalent to the NSA being able to build an ideal monitoring environment where only it is protected and everyone else is "naked". This poses a great security threat to the critical information infrastructure of countries around the world, including China. At present, the software and hardware on the ME are closed source, and its security mainly relies on Intel's unilateral commitment, but the facts show that Intel's commitment is pale and unconvincing. Using Intel products poses serious risks to national security. > > > >5. It is recommended to initiate a cybersecurity review > > > >According to reports, nearly a quarter of Intel's global annual revenue of more than US$50 billion comes from the Chinese market. In 2021, Intel's CPU accounted for about 77% of the domestic desktop market and about 81% of the notebook market; in 2022, Intel's x86 server market share in China was about 91%. It can be said that Intel has made a lot of money in China, but the company has continued to do things that harm China's interests and threaten China's national security. > > > >Previously, the US government passed the so-called "Chips and Science Act" to unreasonably exclude and suppress China's semiconductor industry. Intel is the biggest beneficiary of this bill. Intel CEO Pat Gelsinger successfully tied Intel to the US government and became the largest partner of the US chip strategy. It not only received $8.5 billion in direct subsidies, but also $11 billion in low-interest loans. > > > >In order to please the US government, Intel actively took a stand to suppress China on the so-called Xinjiang-related issues, requiring its suppliers not to use any labor, purchase products or services from the Xinjiang region. In its financial report, it even listed Taiwan Province on a par with China, the United States, and Singapore, and took the initiative to cut off supply and service to Chinese companies such as Huawei and ZTE. This is a typical "holding the bowl to eat, and putting down the bowl to smash the pot". > > > >It is recommended to initiate a cybersecurity review of Intel's products sold in China to effectively safeguard China's national security and the legitimate rights and interests of Chinese consumers. >

    3
    China’s infosec leads accuse Intel of NSA backdoor, cite chip security flaws
    www.theregister.com China infosec body slams Intel over chip security

    Uncle Sam having a secret way into US tech? Say it ain't so

    China infosec body slams Intel over chip security

    from The Register: > A Chinese industry group has accused Intel of backdooring its CPUs, in addition to other questionable security practices while calling for an investigation into the chipmaker, claiming its products pose "serious risks to national security." > >The Cybersecurity Association of China (CSAC), in a lengthy post on its WeChat account on Wednesday described Intel's chips as being riddled with vulnerabilities, adding that the American company's "major defects in product quality and security management show its extremely irresponsible attitude towards customers." > >The CSAC also accused Intel of embedding a backdoor "in almost all" of its CPUs since 2008 as part of a "next-generation security defense system" developed by the US National Security Agency. > >This allowed Uncle Sam to "build an ideal monitoring environment where only the NSA is protected and everyone else is 'naked,'" the post continued. "This poses a huge security threat to the critical information infrastructure of countries around the world, including China," the industry group claims. > >The infosec org also recommends the Cyberspace Administration of China open an investigation into the security of Intel's products sold in the country "to effectively safeguard China's national security and the legitimate rights and interests of Chinese consumers." > >Intel did not immediately respond to The Register's inquiries.

    --- Here is a machine translation (via google translate) of CSAC's post:

    >Frequent vulnerabilities and high failure rates. Intel product cybersecurity risks should be systematically checked > >China Cyberspace Security Association October 16, 2024 09:02 > >Frequent vulnerabilities and high failure rates > >Intel product cybersecurity risks should be systematically checked > >1. Frequent security vulnerabilities > >In August 2023, Intel CPU was exposed to the Downfall vulnerability, which is a CPU transient execution side channel vulnerability. It uses the Gather instruction in its AVX2 or AVX-512 instruction set to obtain sensitive data such as keys, user information, and key parameters previously stored in a specific vector register buffer. The vulnerability affects Intel's 6th to 11th generation Core, Celeron, and Pentium series CPUs, as well as 1st to 4th generation Xeon processors. In fact, as early as 2022, researchers reported the vulnerability to Intel, but Intel, knowing the existence of the vulnerability, neither acknowledged it nor took effective action. It continued to sell products with vulnerabilities until the vulnerability was publicly reported, and Intel was forced to take vulnerability repair measures. Five victims have filed a class action lawsuit against Intel in November 2023 in the San Jose Branch of the U.S. Federal District Court for the Northern California in the name of themselves and representatives of "CPU consumers across the United States". > >Coincidentally, in November 2023, Google researchers disclosed that Intel CPUs have a high-risk vulnerability, Reptar. Exploiting this vulnerability, attackers can not only obtain sensitive data such as personal accounts, card numbers and passwords in the system in a multi-tenant virtualization environment, but also cause the physical system to hang or crash, resulting in denial of service for other systems and tenants it carries. > >Since 2024, Intel CPUs have successively exposed vulnerabilities such as GhostRace, NativeBHI, and Indirector. Intel's major defects in product quality and security management show its extremely irresponsible attitude towards customers. > >2. Poor reliability and indifference to user complaints > >Since the end of 2023, a large number of users have reported that crashes occur when using Intel's 13th and 14th generation Core i9 series CPUs to play specific games. Game manufacturers have even added pop-up processing in the game to warn users who use these CPUs. Dylan Browne, Unreal Engine Supervisor and Visual Effects Manager at visual effects studio ModelFarm, posted that the failure rate of computers using Intel processors in his company was as high as 50%. > >With concentrated user feedback and no way to cover up, Intel finally had to admit that there were stability issues with its products and issued a so-called preliminary investigation report, attributing the problem to the motherboard manufacturer setting too high a voltage. However, it was immediately refuted by the motherboard manufacturer, who stated that the motherboards it produced were developed according to the data provided by Intel for BIOS programs, and the cause of the crash was not the motherboard manufacturer. In July 2024, Intel issued a statement to explain the frequent CPU crashes, admitting that due to the incorrect microcode algorithm sending too high a voltage request to the processor, some 13th and 14th generation processors became unstable. > >Frequent crashes occurred at the end of 2023, and Intel only identified the problem and provided an update program half a year later, and the mitigation measures given within half a year did not work, which fully reflected that Intel did not actively and honestly face the problems when facing its own product defects, but simply ignored, shirked and procrastinated. Some professionals speculate that the root cause is that Intel has actively sacrificed product stability in order to gain performance improvements and regain competitive advantages. It is also reported that the US law firm "Abington Cole + Ellery" has begun investigating the instability of Intel's 13th and 14th generation processors, and will file a class action lawsuit on behalf of end users. > >3. Under the guise of remote management, the real purpose is to monitor users > >Intel, together with HP and other manufacturers, jointly designed the IPMI (Intelligent Platform Management Interface) technical specification, claiming that it is to monitor the physical health characteristics of the server, and technically manages and controls the server through the BMC (Baseboard Management Controller) module. The BMC module allows users to remotely manage devices, and can realize functions such as starting the computer, reinstalling the operating system, and mounting ISO images. The module has also been exposed to high-risk vulnerabilities (such as CVE-2019-11181), resulting in a large number of servers around the world facing great security risks of being attacked and controlled. > >In addition, Intel also integrates third-party open source components with serious vulnerabilities in its products. Taking the Intel M10JNPSB server motherboard as an example, this product supports IPMI management and is currently out of after-sales service. The last firmware update package was released on December 13, 2022. Analysis shows that its web server is lighttpd, with version number 1.4.35, which is actually the version of March 12, 2014. At that time, the latest version of lighttpd had been upgraded to 1.4.66. The difference between the two is 9 years, which is surprisingly large. This irresponsible behavior puts the network and data security of the majority of server users at great risk. > >4. Hidden backdoors endanger network and information security > >The autonomous running subsystem ME (Management Engine) developed by Intel has been embedded in almost all Intel CPUs since 2008. It is part of its vigorously promoted AMT (Active Management Technology), allowing system administrators to perform tasks remotely. As long as this function is activated, the computer can be accessed remotely regardless of whether the operating system is installed. Based on the redirection technology of peripherals such as optical drives, floppy drives, and USB, it can achieve the effect of physical contact with the user's computer. Hardware security expert Damien Zammit pointed out that ME is a backdoor that can fully access the memory, bypass the operating system firewall, send and receive network packets without the operating system user's knowledge, and users cannot disable ME. Intel AMT (Active Management Technology) based on ME technology was exposed to have a high-risk vulnerability (CVE-2017-5689) in 2017. Attackers can bypass the authentication mechanism and log in to the system directly to obtain the highest authority by setting the response field in the login parameters to empty. > >In August 2017, Russian security experts Mark Ermolov and Maxim Goryachy found a hidden switch suspected to be set by the NSA (National Security Agency) through reverse engineering technology. The switch is located in the HAP bit in the PCHSTERP0 field, but the flag bit is not recorded in the official document. Dramatically, HAP is the full name of High Assurance Platform, which belongs to the NSA-initiated project to build a next-generation security defense system. > >If the NSA directly shuts down the ME system by turning on the hidden switch of the HAP bit, and at the same time all other Intel CPUs in the world run the ME system by default, it is equivalent to the NSA being able to build an ideal monitoring environment where only it is protected and everyone else is "naked". This poses a great security threat to the critical information infrastructure of countries around the world, including China. At present, the software and hardware on the ME are closed source, and its security mainly relies on Intel's unilateral commitment, but the facts show that Intel's commitment is pale and unconvincing. Using Intel products poses serious risks to national security. > >5. It is recommended to initiate a cybersecurity review > >According to reports, nearly a quarter of Intel's global annual revenue of more than US$50 billion comes from the Chinese market. In 2021, Intel's CPU accounted for about 77% of the domestic desktop market and about 81% of the notebook market; in 2022, Intel's x86 server market share in China was about 91%. It can be said that Intel has made a lot of money in China, but the company has continued to do things that harm China's interests and threaten China's national security. > >Previously, the US government passed the so-called "Chips and Science Act" to unreasonably exclude and suppress China's semiconductor industry. Intel is the biggest beneficiary of this bill. Intel CEO Pat Gelsinger successfully tied Intel to the US government and became the largest partner of the US chip strategy. It not only received $8.5 billion in direct subsidies, but also $11 billion in low-interest loans. > >In order to please the US government, Intel actively took a stand to suppress China on the so-called Xinjiang-related issues, requiring its suppliers not to use any labor, purchase products or services from the Xinjiang region. In its financial report, it even listed Taiwan Province on a par with China, the United States, and Singapore, and took the initiative to cut off supply and service to Chinese companies such as Huawei and ZTE. This is a typical "holding the bowl to eat, and putting down the bowl to smash the pot". > >It is recommended to initiate a cybersecurity review of Intel's products sold in China to effectively safeguard China's national security and the legitimate rights and interests of Chinese consumers.

    18
    Python @lemmy.ml Arthur Besse @lemmy.ml
    Rust macro to inline Python(-ish) code

    cross-posted from: https://lemmy.ml/post/21461907

    > So, this uses a macro, but if you're thinking anything is possible with a macro, it's actually not in Rust. The input does still need to parse as valid Rust tokens. > > Which means the authors asked themselves at some point: Is the Rust syntax a superset of the Python syntax? > And well, it's not. In particular, some Python keywords will just be tokenized as an identifier (like a variable name). > > But it is close enough that the authors decided against requiring a massive string to be passed in, which does amuse me. 🙃

    0
    Google backed Israel’s military. Now its workers are in revolt
    www.middleeasteye.net Google backed Israel’s military. Now its workers are in revolt

    Dozens of workers have been sacked by the tech giant for speaking up for Palestinians against Project Nimbus - but others say they won’t be silenced

    Google backed Israel’s military. Now its workers are in revolt

    cross-posted from: https://lemmy.ml/post/21201228

    > cross-posted from: https://lemmy.world/post/20643795 > > > It's early morning, and Zelda Montes walks briskly through the crisp New York air as they head to Google's headquarters on Manhattan’s 9th Avenue. Montes, who self-identifies as they, fumbles with their ID card at the entrance, blending in with the steady stream of Googlers swiping through the security barriers as if it were just another day at the office. > > > > Armed with an oversized tote bag, Montes pulls back their purple hair and heads to the 13th-floor canteen to order their usual: a dirty chai and an egg, avocado, and cheese sandwich with a bowl of raspberries. > > > > Their hands tremble slightly as they grip the coffee cup. > > > > Locking eyes with two others, they get the signal that the coast is clear, head down to the entrance, and sit. The three Googlers unfurl their banners and begin chanting to demand that Google do one thing: Drop Project Nimbus. > > > > But this will be the last time they sit inside Google's New York office as Googlers, as Google itself refers to its own employees. "Getting fired felt like a possibility but never a reality," remarked Montes, one of 50 employees fired by Google for staging a 10-hour sit-in at one of its American offices in April. > > > > For the last three years, Montes has been one of several activists calling for Google to drop Project Nimbus, a partnership Google and Amazon have with the Israeli government reportedly worth $1.2bn.

    9