Author Archives: pappp

The sad state of screen sharing on desktop Linux

Source: Hacker News

Article note: This article isn't really "Linux" it's "Wayland." I'm still confused by how Wayland development was supposed to be all about addressing the accreted cruft in the X11 plumbing, so they built a minimal protocol that didn't address many even rudimentary use cases, and immediately set about accreting an even more disjoint set of plumbing parts. _Maybe_ Pipewire will work out well enough to standardize Linux AV plumbing around in a reasonable amount of time, but given that Pulseaudio did less and took over 12 years to be more useful than trouble, and Wayland itself is a decade into "Still not ready," I have doubts.
Posted in News | Leave a comment

CacheOut: Leaking Data on Intel CPUs via Cache Evictions

Source: Hacker News

Article note: Yet another round of Intel "paying" for designs that prioritized easy performance gains over memory safety, and TSX generally being a shitshow.
Posted in News | Leave a comment

Modern Mass Surveillance: Identify, Correlate, Discriminate

Source: Schneier on Security

Article note: The point about regulating how it is permissible to discriminate thing is important and sticky. So many "amazing AI advancements" turn out to be using clustering to find proxy measures to discriminate in distasteful or prohibited ways. It's going to be very difficult to determine what is a permissible slice if you can obstruct (even to the people doing the slicing) how the decision was made, so it will most likely have to be attacked by controlling the retention, brokering, and use of data in general.

Communities across the United States are starting to ban facial recognition technologies. In May of last year, San Francisco banned facial recognition; the neighboring city of Oakland soon followed, as did Somerville and Brookline in Massachusetts (a statewide ban may follow). In December, San Diego suspended a facial recognition program in advance of a new statewide law, which declared it illegal, coming into effect. Forty major music festivals pledged not to use the technology, and activists are calling for a nationwide ban. Many Democratic presidential candidates support at least a partial ban on the technology.

These efforts are well-intentioned, but facial recognition bans are the wrong way to fight against modern surveillance. Focusing on one particular identification method misconstrues the nature of the surveillance society we're in the process of building. Ubiquitous mass surveillance is increasingly the norm. In countries like China, a surveillance infrastructure is being built by the government for social control. In countries like the United States, it's being built by corporations in order to influence our buying behavior, and is incidentally used by the government.

In all cases, modern mass surveillance has three broad components: identification, correlation and discrimination. Let's take them in turn.

Facial recognition is a technology that can be used to identify people without their knowledge or consent. It relies on the prevalence of cameras, which are becoming both more powerful and smaller, and machine learning technologies that can match the output of these cameras with images from a database of existing photos.

But that's just one identification technology among many. People can be identified at a distance by their heartbeat or by their gait, using a laser-based system. Cameras are so good that they can read fingerprints and iris patterns from meters away. And even without any of these technologies, we can always be identified because our smartphones broadcast unique numbers called MAC addresses. Other things identify us as well: our phone numbers, our credit card numbers, the license plates on our cars. China, for example, uses multiple identification technologies to support its surveillance state.

Once we are identified, the data about who we are and what we are doing can be correlated with other data collected at other times. This might be movement data, which can be used to "follow" us as we move throughout our day. It can be purchasing data, Internet browsing data, or data about who we talk to via email or text. It might be data about our income, ethnicity, lifestyle, profession and interests. There is an entire industry of data brokers who make a living analyzing and augmenting data about who we are ­-- using surveillance data collected by all sorts of companies and then sold without our knowledge or consent.

There is a huge ­-- and almost entirely unregulated ­-- data broker industry in the United States that trades on our information. This is how large Internet companies like Google and Facebook make their money. It's not just that they know who we are, it's that they correlate what they know about us to create profiles about who we are and what our interests are. This is why many companies buy license plate data from states. It's also why companies like Google are buying health records, and part of the reason Google bought the company Fitbit, along with all of its data.

The whole purpose of this process is for companies --­ and governments ­-- to treat individuals differently. We are shown different ads on the Internet and receive different offers for credit cards. Smart billboards display different advertisements based on who we are. In the future, we might be treated differently when we walk into a store, just as we currently are when we visit websites.

The point is that it doesn't matter which technology is used to identify people. That there currently is no comprehensive database of heartbeats or gaits doesn't make the technologies that gather them any less effective. And most of the time, it doesn't matter if identification isn't tied to a real name. What's important is that we can be consistently identified over time. We might be completely anonymous in a system that uses unique cookies to track us as we browse the Internet, but the same process of correlation and discrimination still occurs. It's the same with faces; we can be tracked as we move around a store or shopping mall, even if that tracking isn't tied to a specific name. And that anonymity is fragile: If we ever order something online with a credit card, or purchase something with a credit card in a store, then suddenly our real names are attached to what was anonymous tracking information.

Regulating this system means addressing all three steps of the process. A ban on facial recognition won't make any difference if, in response, surveillance systems switch to identifying people by smartphone MAC addresses. The problem is that we are being identified without our knowledge or consent, and society needs rules about when that is permissible.

Similarly, we need rules about how our data can be combined with other data, and then bought and sold without our knowledge or consent. The data broker industry is almost entirely unregulated; there's only one law ­-- passed in Vermont in 2018 ­-- that requires data brokers to register and explain in broad terms what kind of data they collect. The large Internet surveillance companies like Facebook and Google collect dossiers on us are more detailed than those of any police state of the previous century. Reasonable laws would prevent the worst of their abuses.

Finally, we need better rules about when and how it is permissible for companies to discriminate. Discrimination based on protected characteristics like race and gender is already illegal, but those rules are ineffectual against the current technologies of surveillance and control. When people can be identified and their data correlated at a speed and scale previously unseen, we need new rules.

Today, facial recognition technologies are receiving the brunt of the tech backlash, but focusing on them misses the point. We need to have a serious conversation about all the technologies of identification, correlation and discrimination, and decide how much we as a society want to be spied on by governments and corporations -- and what sorts of influence we want them to have over our lives.

This essay previously appeared in the New York Times.

EDITED TO ADD: Rereading this post-publication, I see that it comes off as overly critical of those who are doing activism in this space. Writing the piece, I wasn't thinking about political tactics. I was thinking about the technologies that support surveillance capitalism, and law enforcement's usage of that corporate platform. Of course it makes sense to focus on face recognition in the short term. It's something that's easy to explain, viscerally creepy, and obviously actionable. It also makes sense to focus specifically on law enforcement's use of the technology; there are clear civil and constitutional rights issues. The fact that law enforcement is so deeply involved in the technology's marketing feels wrong. And the technology is currently being deployed in Hong Kong against political protesters. It's why the issue has momentum, and why we've gotten the small wins we've had. (The EU is considering a five-year ban on face recognition technologies.) Those wins build momentum, which lead to more wins. I should have been kinder to those in the trenches.

If you want to help, sign the petition from Public Voice calling on a moratorium on facial recognition technology for mass surveillance. Or write to your US congressperson and demand similar action. There's more information from EFF and EPIC.

Posted in News | Leave a comment

The Truth is in There: The Art of Electronics, the x-Chapters

Source: Hack a Day

Article note: Oooh, reference chapters on non-ideal behaviors of passives alone make that interesting, and some of the advertised MOSFET applications are things I do that I'd like a reference for doing better.

If you’ve been into electronics for any length of time, you’ve almost certainly run across the practical bible in the field, The Art of Electronics, commonly abbreviated AoE. Any fan of the book will certainly want to consider obtaining the latest release, The Art of Electronics: The x-Chapters, which follows the previous third edition of AoE from 2015. This new book features expanded coverage of topics from the previous editions, plus discussions of some interesting but rarely traveled areas of electrical engineering.

For those unfamiliar with it, AoE, first published in 1980, is an unusually useful hybrid of textbook and engineer’s reference, blending just enough theory with liberal doses of practical experience. With its lively tone and informal style, the book has enabled people from many backgrounds to design and implement electronic circuits.

After the initial book, the second edition (AoE2) was published in 1989, and the third (AoE3) in 2015, each one renewing and expanding coverage to keep up with the rapid pace of the field. I started with the second edition and it was very well worn when I purchased a copy of the third, an upgrade I would recommend to anyone still on the fence. While the second and third books looked a lot like the first, this new one is a bit different. It’s at the same time an expanded discussion of many of the topics covered in AoE3 and a self-contained reference manual on a variety of topics in electrical engineering.

I pre-ordered this book the same day I learned it was to be published, and it finally arrived this week. So, having had the book in hand — almost continuously — for a few days, I think I’ve got a decent idea of what it’s all about. Stick around for my take on the latest in this very interesting series of books.


In the first paragraph of the book’s preface, the authors give the basic picture: the “x” is for eXtra, meaning that the material in this book was originally slated to be part of the AoE3, but simply didn’t fit — that book is 1250 pages as it stands. The new book comprises some 500 pages organized into five chapters: 1x, 2x, 3x, 4x, and 9x. This unusual numbering scheme keeps the contents in correspondence with the chapters of the third edition of AoE, stressing the fact that a lot of this material would be right at home there. In fact, each chapter of the new book begins with a repetition of the end-of-chapter review from the corresponding part of AoE3.

The back cover of The Art of Electronics: The x-Chapters

While I’ll discuss some of the highlights of each chapter — but not an exhaustive list — keep in mind that this book reads a little differently than AoE3: it’s more engineering reference handbook and less textbook. The preface is explicit about this; the linear structure of previous AoE books has been replaced with very modular sections on specific topics. This is great if you’re an even somewhat experienced designer looking for some from-the-trenches experience on a specific topic, but maybe less useful for the beginner — more about that later.

Chapter 1x: Real-World Passive Components

Starting with the lowly wire, this chapter examines the behavior of components in the real world. Conductors, cables, and connectors are examined to determine the non-ideal effects they can exhibit. Likewise, there are discussions of real-world resistors of various types, including digital potentiometers. Capacitors and inductors get extensive treatment since there are myriad imperfections that plague them. Section 1x.6 is particularly interesting, covering mechanical switches and relays, components that we sometimes forget have non-ideal characteristics. This is certainly worth a read if you use these components for anything non-trivial. Finally, the chapter concludes with a discussion of different types of diodes, including some esoteric types, and their practical failings.

Testing a tunnel diode

But there’s more than the merely practical in this book. As an example, the book devotes a section of a few pages to tunnel diodes, an esoteric subject with largely nostalgic interest for the authors. Not content to simply give the theory, they delve into the practical aspects of tracing tunnel diode curves. Having documented my attempts at this in these very pages, I can really appreciate the care and detail that went into the treatment of this subject in the x-Chapters. This is Hackaday-type stuff; if it were’t already in a book, their work would fit right in as a daily article here. As we’ll see, there’s more of the same in subsequent chapters.

This isn’t the only fun the authors are having. The title of this very article comes from their own footnote alluding to The X Files.

Chapter 2x: Advanced BJT Topics

NDR Circuit

As was noted, you won’t find a textbook introduction to bipolar junction transistors here; instead, you’ll find a collection of smaller notes about specific subtopics. For instance, the authors tabulate and discuss the leakage currents of a collection of BJTs and FETs for comparison and include a section on BJT bandwidth and transition frequency. They work through a detailed example simulating several BJT amplifiers in SPICE to measure distortion. They discuss improved current mirrors and some very interesting bipolarity ones.

There are further excursions into lands less traveled, like the discussion of a two-terminal negative resistance made from BJTs, another obscure subject close to my heart.

Chapter 3x: Advanced FET Topics

In the third x-Chapter, you’ll find some good info on selecting FETs for your application, discussions of FET transconductance, the bandwidth of FET circuits (and comparisons to BJTs), a very good discussion of the evolution and current state of power MOSFETs, and a section on integrated MOSFET gate drivers. There are also application circuits for measuring MOSFET gate charge and FET transconductance, with tabulated results for a variety of types.

Again, there’s a smattering of application examples featuring FETs, including driving a piezo transducer, generating fast pulses for LEDs, quickly quenching high-energy magnetic field coils, and generating fast 1.5 kV voltage ramps.

Chapter 4x: Advanced Topics in Operational Amplifiers

x-Chaper four begins appropriately with a brief discussion of an antique vacuum-tube op-amp, with the rest of the chapter devoted mainly to discussing the finer points of design with modern devices. There’s an expanded discussion of feedback stability, a detailed treatment of transresistance amplifiers, such as for photodiodes, coverage of unity-gain buffers and their uses, and two chapters on high-speed op-amps: one on the voltage-feedback variety, and a second for current-feedback types. They also cover some unusual capacitive-feedback op-amp circuits, logarithmic amplifiers, and driving capacitive loads, among other short topics.

In the exotica category, there is a section on silicon photomultipliers, and an example circuit which produces graphs of the chaotic attractor of the Lorenz system on an oscilloscope.

Chapter 9x: Advanced Topics in Power Control

Here, you’ll find a discussion of simple diode- and MOSFET-based reverse battery protection circuits, lithium-ion battery circuit safety, implementing foldback current limiting, controlling DC motors with PWM, high-side current sensing, and various other topics in power electronics design. There is a teardown and bench comparison of genuine and counterfeit iPhone chargers, and a good section on making temperature measurements on power circuits — from the usual finger probe to thermal cameras.

As for out-of-the-way topics, there’s one page on low-voltage boost converters for energy harvesting — they present a simple circuit that starts up at a supply voltage of 20 mV and runs down to 10 mV. They have also included a section on bus converters: bi-directional DC converters, which can convert from one voltage to another, say 12V down to 5V, but also work in reverse, transparently. This is interesting stuff.


Obviously, in this short review, I can’t cover everything in the book. Have I left out something that will end up being your favorite part? Quite possibly. Hopefully, though, you’ve got enough of the flavor of the book to know if it warrants a further look.

Like in the original AoE books, in addition to the discussion of design issues, the new book contains selection tables for various electronic parts. Need a high-speed op-amp? How about a MOSFET gate driver? Check the corresponding table. It would be a mistake to confuse these tables with the parametric search available on manufacturer’s or distributor’s web sites. While the search tools are certainly useful, they’re a poor substitute for tables carefully curated by designers who’ve actually used the parts.

One of the more interesting features of the book is the parts index at the back. If you want to know all the authors have to say about the 2N3904 transistor, for instance, the index will point you to the twenty-two places in the book that it’s mentioned. This is a tremendous idea for a book like this, which contains all sorts of information you may not find in datasheets.

Should You Buy It?

First off, I should say that I don’t consider any of the AoE books to be suitable as first books for absolute beginners. Sure, if you’ve studied another field of engineering, you could probably pick up a copy and start running, but for the true beginner without any engineering experience, you would probably want to start elsewhere and refer to AoE for more advanced discussions — sound off in the comments with beginner book recommendations if you have them.

However, if you’ve used any of the three editions of The Art of Electronics with success, I’d recommend the x-Chapters without hesitation. Having had a little bit of time with it now, I’d be tempted to say that the third edition of AoE is incomplete without this additional material. This is not to say that I felt AoE3 was lacking before this new book, but it’s certainly more complete with this included. Does it make sense to buy this book without AoE3? Sure it’s a great book for what it covers, but the x-Chapters itself is absolutely incomplete without AoE3 by its side. Personally, I wouldn’t be without either on my shelf now.

Posted in News | Leave a comment

Google ads look like search results now, hard to tell difference

Source: Boing Boing

Article note: The web has become such a shithole. For decades Google won because their search was just so much better than the competition. I have a mixture of google and duckduckgo set as default on my machines lately, and I'm not sure that DDG's result quality is getting better, but google's is getting noticeably worse of late, for reasons easily explained by their incentive structure pointing entirely to "maximize user interaction with ads."

Google's new redesign of desktop search results makes ads pretty much look exactly like search results. Critics identify it as a dark pattern.

I would argue there is now no visual distinction between ads and results. There is still, technically, *labelling*, but it's hard to escape the conclusion that it is supposed to be difficult to spot at a glance where the adverts end.

— hern (@alexhern) January 23, 2020

Writes Jon Porter at The Verge today:

Last week, Google began rolling out a new look for its search results on desktop, which blurs the line between organic search results and the ads that sit above them. In what appears to be something of a purposeful dark pattern, the only thing differentiating ads and search results is a small black-and-white “Ad” icon next to the former. It’s been formatted to resemble the new favicons that now appear next to the search results you care about. Early data collected by Digiday suggests that the changes may already be causing people to click on more ads.

The Guardian’s Alex Hern is one of many commenters to point out the problem, noting that there’s now next to no visual distinction between ads and search results.

IMAGE: The blurring of ads and search results. Screenshot by Thomas Ricker / The Verge

Read more:
Google’s ads just look like search results now
[, Thu. Jan. 20, 2020]

Posted in News | Leave a comment

Internet routers running Tomato are under attack by notorious crime gang

Source: Ars Technica

Article note: It's interesting/surprising how many people have the savvy to flash a custom firmware and still leave it with default credentials.
Internet routers running Tomato are under attack by notorious crime gang

Enlarge (credit:

Internet routers running the Tomato alternative firmware are under active attack by a self-propagating exploit that searches for devices using default credentials. When credentials are found, the exploit then makes the routers part of a botnet that’s used in a host of online attacks, researchers said on Tuesday.

The Muhstik botnet came to light about two years ago when it started unleashed a string of exploits that attacked Linux servers and Internet-of-things devices. It opportunistically exploited a host of vulnerabilities, including the so-called critical Drupalgeddon2 vulnerability disclosed in early 2018 in the Drupal content management system. Muhstik has also been caught using vulnerabilities in routers that use Gigabit Passive Optical Network (GPON) or DD-WRT software. The botnet has also exploited previously patched vulnerabilities in other server applications, including the Webdav, WebLogic, Webuzo, and WordPress.

On Tuesday, researchers from Palo Alto Networks said they recently detected Muhstik targeting Internet routers running Tomato, an open-source package that serves as an alternative to firmware that ships by default with routers running Broadcom chips. The ability to work with virtual private networks and provide advanced quality of service control make Tomato popular with end users and in some cases router sellers.

Read 6 remaining paragraphs | Comments

Posted in News | Leave a comment

WordPad is gettings ads in Windows 10

Source: OSNews

Article note: The tech industry has become a parody of it's rent-seeking self.

An upcoming feature of WordPad has been discovered by enthusiasts, revealing in-app ads that promote Microsoft Office. The change is hidden in recent Insider Preview builds, and not activated for most users. WordPad is a very simple text editor, more powerful than Notepad, but still less feature rich than Microsoft Word or LibreOffice Writer. It is good for creating a simple text document without complicated formatting. The more advertisements and preinstalled junkware Microsoft shoves into Windows 10, the more the otherwise decent operating system turns into a user-hostile joke. Apple is going down the same route with iOS, and everything about it just feels disgusting and sleazy. One of the many reasons I transitioned all my machines away from Windows and to Linux.

Posted in News | Leave a comment

ACM costs vs. costs

Source: Hacker News

Article note: ACM's $34M/yr on "publication costs" seems high, but IEEE's $139M/yr in "publication costs" of which $93M is pure bureaucratic overhead is truly absurd. The academic prestige game is such an obvious sham, but I really don't know how we're going to kill it.
Posted in News | Leave a comment

Digital Sharecropping (2006)

Source: Hacker News

Article note: Man, did that turn out to be prescient.
Posted in News | Leave a comment

Trying out the Pinebook Pro – a $200 ARM Laptop

Source: Hacker News

Article note: That is turning out more credible than I expected - especially in the context of the firmware shenanigans involved putting normal Linux on Chromebooks (my $80 used Chromebook 11-3189 still has unresolved issues with sound and input).
Posted in News | Leave a comment