Category Archives: News

Article note: That's pretty cool, I've pretty happily used a couple of these sketchy Chinese diode laser + grbl machines, and have been low-priority eyeballing one with an air assist for myself. Ortur's offerings were pretty high on my list (last I looked ZBAITU seemed to have better air nozzles), and are promoted by, unusually, complying with the GPL.

Article note: Systematically incentivizing high margin trivialities while letting foundations rot.

Article note: The response to all this kind of shit should always be "If you want me to act professional, you better fuckin' pay me like a professional." If assholes want to build businesses on top of other people's hobby projects, that's their problem. Also, the rise of dung-beetle development, especially when coupled with a vast DAG of micro-libraries instead of a few large standard libraries, is a recipe for disaster for enough reasons that this isn't even the worst one.

Article note: There is really no excuse for general tolerance of software invasive enough for this to be an issue. (No, I'm not suggesting individual students who need credentials are in a position to refuse, but it should be a goddamn ordeal for those involved in deciding to produce and it, every single time). The grifters selling this shit to educational institutions should disappear in a puff of liability.

Enlarge / Intel's 12th-generation Core CPUs use different types of CPU cores for different tasks. That hybrid architecture continues to cause problems for some software. (credit: Intel)

Earlier this week, some people waiting to take the bar exam received a message from ExamSoft, the company that makes the Examplify software that many states use to administer the exam: PCs with Intel's latest 12th-generation Core processors are "not currently supported" because they were "triggering Examplify's automatic virtual machine check." The company's suggested solution was that people find another device to take the test with, a frustrating and unhelpful "workaround" for anyone with a new computer.

As pointed out by The Verge, Examsoft's system requirements page for its software provides no additional detail, simply reiterating that 12th-gen CPUs aren't currently supported and that you aren't allowed to run the Examplify software within a virtual machine. But it's not the first time a problem like this has surfaced, and the culprit is almost certainly the hybrid CPU architecture that Intel is using in most 12th-gen chips.

In previous generations, all of the cores in a given Intel CPU have been identical to one another: same design, same performance, same features. Clock speed and power usage would ramp up and down based on what the computer was doing at any given time, but the cores themselves were all the same and could be treated that way by the operating system. In 12th-gen chips, CPUs come with a mix of completely different processor cores: large, fast performance cores (or P-cores) handle the heavy lifting, while smaller, low-power efficiency cores (or E-cores) handle lighter tasks. But because operating systems and most apps are used to assuming that all CPU cores in a given system are the same, software has needed to be modified to tell the difference between the two.

Article note: Oh cool, this should make it easier for folks building and/or modifying retro systems to distribute their work.

Article note: Oh great, the cheaper retpoline based mitigation for speculation attacks isn't adequate, so we get another 10-20% performance hit to mitigate better. What was the nominal generation-over-generation performance gain from adding all this complexity again?

Enlarge

Some microprocessors from Intel and AMD are vulnerable to a newly discovered speculative execution attack that can covertly leak password data and other sensitive material, sending both chipmakers scrambling once again to contain what is proving to be a stubbornly persistent vulnerability.

Researchers from ETH Zurich have named their attack Retbleed because it exploits a software defense known as retpoline, which chipmakers introduced in 2018 to mitigate the harmful effects of speculative execution attacks. Speculative execution attacks, also known as Spectre, exploit the fact that when modern CPUs encounter a direct or indirect instruction branch, they predict the address for the next instruction they’re about to receive and automatically execute it before the prediction is confirmed. Spectre works by tricking the CPU into executing an instruction that accesses sensitive data in memory that would normally be off-limits to a low-privileged application. Retbleed then extracts the data after the operation is canceled.

Is it a trampoline or a slingshot?

Retpoline works by using a series of return operations to isolate indirect branches from speculative execution attacks, in effect erecting the software equivalent of a trampoline that causes them to safely bounce. Stated differently, a retpoline works by replacing indirect jumps and calls with returns, which many researchers presumed weren’t susceptible. The defense was designed to counter variant 2 of the original speculative execution attacks from January 2018. Abbreviated as BTI, the variant forces an indirect branch to execute so-called “gadget” code, which in turn creates data to leak through a side channel.

Article note: *Raised Fist*

Enlarge (credit: Getty Images)

A number of course-altering US Supreme Court decisions last month—including the reversal of a constitutional right to abortion and the overturning of a century-old limit on certain firearms permits—have activists and average Americans around the country anticipating the fallout for rights and privacy as abortion “trigger laws,” expanded access to concealed carry permits, and other regulations are expected to take effect in some states. And as people seeking abortions scramble to protect their digital privacy and researchers plumb the relationship between abortion speech and tech regulations, encryption proponents have a clear message: Access to end-to-end encrypted services in the US is more important than ever.

Studies, including those commissioned by tech giants like Meta, have repeatedly and definitively shown that access to encrypted communications is a human rights issue in the digital age. End-to-end encryption makes your messages, phone calls, and video chats unintelligible everywhere except on the devices involved in the conversations, so snoops and interlopers can’t access what you’re saying—and neither can the company that offers the platform. As the legal climate in the US evolves, people who once thought they had nothing to hide may realize that era is now over.

Article note: It'll be interesting to see how that shakes out.

Article note: Refurb/Off-Lease/Last-Gen/Used upmarket computers are awesome, I was just posting about this. Especially on laptops, pay for a great chassis, do not pay for tiny generation-to-generation tweaks. Make sure you don't get into grossly power inefficient territory (which sometimes makes "server" market stuff unsuitable because of the different PM design), but, especially once you patch all the risky speculation tricks, the generation-over-generation gains have been pretty modest for a decade.

Article note: The OSNews take is _exactly_ what I was thinking when I saw this thing go by.