Monthly Archives: March 2020

Article note: Phrases I say from time to time and always feel a little gross about: "I think ESR is right."

Article note: HL article has _considerably_ more detail than UK's PR pap. UK clearly got hit by cryptocurrency mining malware like a month ago, thinks they finally kicked it this morning, and it sounds like it probably infected the big probably-licensed-from-SAP administrative systems. ...now if only we could get a trim for some of the administrative bloat those systems are selected by and entirely for the benefit of.

Article note: Ooh. AMD's turn. Every AMD design since Bulldozer (2011) has a metadata-leaking behavior in their L1 data cache. PoC from Javascript in a browser (bad) but it appears to only leak metadata so it's slower and harder to extract useful information than the previous high-profile Meltdown/Specter type bugs (good). Also interesting, it sounds like the research was at least partially funded by Intel, which is probably "we were looking for bugs in x86 parts and Intel sponsored us because they're bounty-ing their vast side-channel problem to get ahead of it" but may be borderline industrial espionage to take the heat off.

Article note: Womp-Womp. Intel's "Privileged black-box computer inside the computer" security by obscurity model may be subvertable by ... making a DMA write into said privileged black box's memory before it wakes up enough to disable them. Hopefully this will be helpful in hacking fully-Open stacks onto Intel boxes going forward, and/or subverting the TPM-based DRM schemes.

Article note: The death of Reader, and by extension the depreciation of RSS/open protocols/self curation/platform ownership for all but the most technically sophisticated has been bad for Google, and worse for society at large.