Monthly Archives: March 2019

Nvidia to Acquire Mellanox for $6.9B

Source: Hacker News

Article note: Nvidia got a taste of that HPC lucre and needs to keep the gravy train rolling as their primary product gets less relevant? They're both well-known for ridiculous self-aggrandizing opulence, and price gouging high-end customers, so I suppose it's a good match.
Comments
Posted in News | Leave a comment

DRAM Prices in ‘Freefall’

Source: Hacker News

Article note: Hnnng. Consumer DRAM pricing has been excessive for years, I'd love to see another cheap-RAM era.
Comments
Posted in News | Leave a comment

How the Spectre and Meltdown Hacks Really Worked
 An in-depth look at these dangerous exploitations of microprocessor vulnerabilities and why there might be more of them out there

Source: Published articles

This is by far the best detailed-but-not-mired-in-details explanation of speculation attacks I've seen.

Posted in News | Leave a comment

Ghidra, NSA’s reverse engineering tool, is now available to the public

Source: Hacker News

Article note: Neat. I've taught myself a little radare2 for taking things apart, but when I get some time I'd like to poke through this, it looks like the decompiler is considerably more powerful and user-friendly. I'll also let others look over it and find out if/how it calls home...
Comments
Posted in News | Leave a comment

Google pay equity analysis leads to raises for thousands of men

Source: Ars Technica

Article note: I shouldn't look at the comments. I shouldn't look at the commen...GET THE POPCORN, I'M GOING IN!
Exterior of Google office building.

Enlarge / Google's main headquarters. (credit: Cyrus Farivar)

Google has given raises to thousands of men after an analysis of Google's pay structure found that the company would otherwise be underpaying those men relative to their peers, The New York Times reports. The analysis also led to raises for some women.

Google determines annual pay raises in a three-phase process. First, Google adjusts every employee's compensation based on standard factors like their location, seniority, and performance ratings. Managers can then seek additional discretionary raises for their best-performing employees.

Finally, Google performs a company-wide analysis to determine whether these raises are biased in terms of race or gender. If biases are detected, the disadvantaged workers are given additional raises to eliminate the discrepancies.

Read 10 remaining paragraphs | Comments

Posted in News | Leave a comment

The Prodigy’s Keith Flint remembered as a ‘true pioneer’ and ‘huge inspiration’

Source: The Week: Most Recent Home Page Posts

Article note: I've been listening to The Prodigy whenever I could have music on today since I saw this this morning. Damn they were a force. Liam Howlett was the musical genius, but so much of the aesthetic came from Keith Flit, and that aesthetic destroyed genres, and birthed others, and colored everything for those of us who spent the 90s immersed in "that computer shit." I hope he at least went out on his own terms.

The Prodigy vocalist Keith Flint has died at age 49, the band confirmed on Monday.

Flint was found dead in his home, with The Prodigy's Liam Howlett writing on Instagram that the cause of death was suicide, CNN reports. Howlett said he is "shell shocked" and "heart broken." On Twitter, the band remembered Flint as "true pioneer, innovator and legend," adding that he "will be forever missed."

Tributes poured in for Flint throughout the morning, with Supergrass' Gaz Coombes calling him "such a warm, sweet guy," Kasabian calling him a "beautiful man" and an "incredible pioneer," and The Chemical Brothers' Ed Simons saying he was "always great fun to be around." Many also thanked Flint for being an enormous influence on their lives, including Friction, who wrote, "I wouldn't do what I do without him and The Prodigy in my life. A huge inspiration to me and many others." Chase & Status agreed, saying that "we wouldn’t be here if it wasn't for Keith."

Posted in News | Leave a comment

Thunderbolt 3 becomes USB4, as Intel’s interconnect goes royalty-free

Source: Ars Technica

Article note: While Intel going royalty-free on their interconnect is useful, none of the articles I've seen are discussing the security implications. Thunderbolt supports DMA (and other lower-level access) that USB doesn't, and there have been a variety of exploits in the wild for like 5 years at this point (see Thunderstrike & co.). USB is a relatively low-privilege connection, making the power socket, cheap peripheral connector, and other throwaway connections able to surreptitiously ask to root around the host system's memory seems like a questionable feature.
A very dramatic-looking Thunderbolt 3 cable.

Enlarge / A very dramatic-looking Thunderbolt 3 cable.

Fulfilling its 2017 promise to make Thunderbolt 3 royalty-free, Intel has given the specification for its high-speed interconnect to the USB Implementers Forum (USB-IF), the industry group that develops the USB specification. The USB-IF has taken the spec and will use it to form the basis of USB4, the next iteration of USB following USB 3.2.

Thunderbolt 3 not only doubles the bandwidth of USB 3.2 Gen 2×2, going from 20Gb/s to 40Gb/s, it also enables the use of multiple data and display protocols simultaneously. We would expect the USB4 specification to be essentially a superset of the Thunderbolt 3 and USB 3.2 specifications, thus incorporating both the traditional USB family of protocols (up to and including the USB 3.2 Gen 2×2) and the Thunderbolt 3 protocol in a single document. Down the line, this should translate into USB4 controllers that support the whole range of speeds.

Intel has previously announced that its Ice Lake platform, due to ship later this year, will integrate both Thunderbolt 3 and USB 3.1 Gen 2 (aka USB 3.2 Gen 2) controllers. Currently, offering Thunderbolt 3 requires the use of an additional chip, one of Intel's Alpine Ridge or Titan Ridge Thunderbolt 3 controllers. Integration into the platform means that system-builders no longer need to choose whether or not to include the extra chip; the capability will be built in, and as such, we'd expect to see it become nearly universal.

Read 1 remaining paragraphs | Comments

Posted in News | Leave a comment

Did you hear the one about Cisco routers using strcpy insecurely for login authentication? Makes you go AAAAA-AAAAAAAA *segfault*

Source: The Register

Article note: Again? It's a classic "strcopy into a buffer fixed-bytes away from the return address" bug.

RV110W, RV130W, RV215W need patching to close remote hijacking bug

Cisco has patched three of its RV-series routers after Pen Test Partners (PTP) found them using hoary old C function strcpy insecurely in login authentication function. The programming blunder can be exploited to potentially hijack the devices.…

Posted in News | Leave a comment

Burning Digital Books and the Fight over Online Ideology

Source: Hacker News

Article note: It's not a great essay, but at least it does hit the "proximity and reach as the primary problems" point that I've been steadily more convinced of. The internet (and especially social media) means you are constantly confronted with your neighbors' ideas you find abhorrent, and you and your neighbor can both round up a global-scale mob who share your probably abhorrent to others ideas, and that's a recipe for disaster. I read Neal Stephenson's Diamond Age (published in 1995) recently, and while its most interesting thoughts (to me) are about education, it also has an _awful_ lot about the inherent difficulties of pluralistic society, especially in the face of delocalization. Tragically, it didn't have much in the way of good advice on solutions.
Comments
Posted in News | Leave a comment