Article note: These are always fun.
Getting to a state where you can use the microcode read/write instructions they found is clearly tricky, but I could see an escalation paths with a CSME exploit to get into the appropriate debug mode, or side effects from speculatively executing (because of course it speculatively executes them) the special instructions to leak data from the security by complexity bullshit on the processors or the like.
There _are_ apparently some machine-readable unique identifiers in the parts they studied which is itself interesting/concerning.
Article note: Passwords win because they are _disposable_.
I don't _want_ to give random internet hustler #83445 more information about or access to me for them to misuse or to be leaked in their next breach. I don't want to give a phone number that will be used for marketing purposes after they get bought out, install an intrusive app on my phone, hand over biometric data that they'll totally hash properly like they fail to do passwords, let randos leave tracking residue on my machine, or accrue a pile of expensive variously-incompatible physical tokens to manage.
Not exactly a 25-character, randomized string of numbers, letters, cases, and symbols. (credit: Dan Goodin)
There are certain sci-fi promises the future is supposed to hold: jetpacks, flying cars, a Mars colony. But there are also some seemingly more attainable goals that somehow also always feel just on the horizon. And one of the most tantalizing is the end of passwords. The good news is that the infrastructure—across all the major operating systems and browsers—is largely in place to support passwordless login. The less-good news? You're still plugging passwords into multiple sites and services every day, and you will be for a while.
There's no doubt that passwords are an absolute security nightmare. Creating and managing them is annoying, so people often reuse them or choose easily guessable logins—or both. Hackers are more than happy to take advantage. By contrast, passwordless logins authenticate with attributes that are innate and harder to steal, like biometrics. No one's going to guess your thumbprint.
You likely already use some version of this when you unlock your phone, say, with a scan of your face or your finger rather than a passcode. Those mechanisms work locally on your phone and don't require that companies store a big trove of user passwords—or your sensitive biometric details—on a server to check logins. You can also now use stand-alone physical tokens in certain cases to log in wirelessly and without a password. The idea is that, eventually, you'll be able to do that for pretty much everything.
Article note: That's a neat stunt, using the 286 as a front-end to a pi crammed in there is a cute approach.
Usually it's either pi connected to io devices (which is cool) or original hardware (which is cool).
Article note: ...Wow, that's a hard abandon. Transactional Memory has always been supremely difficult to get right, so it's not super shocking, but it's still a wild ride.
They retroactively microcode-removed the "earlier buggy" implementation from most Haswell through Broadwell parts in 2014, they stopped including it in new parts from Comet Lake (2019) on, and now they're removing it for a bunch of products from the Skylake through Coffee Lake era in between with microcode updates... which is basically going back and erasing it.
Article note: Sad.
Near (Byuu for most of the time they were notable, author of bsnes, higan, etc.) was ...super weird and uncomfortable in themselves in ways obvious to even a casual observer... but they were the kind of weird that drove them to be insanely productive at valuable things very few people are suited to tackle.
Article note: Bummer.
He was one of the only high-profile approximate left libertarians in the US, his 2008 Democratic presidential primary run was the last time someone [vaguely credibly] ran for president without any major issue I had to had to hold my nose on.
Mike Gravel, former Alaska senator and dark horse presidential candidate, has died at 91
There is a cult of ignorance in the United States, and there always has been. The strain of anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that “my ignorance is just as good as your knowledge.”