Monthly Archives: June 2022

Intel’s Netburst: Failure Is a Foundation for Success

Source: Hacker News

Article note: This is detailed and historically situated and in a very readable style. Pretty sure it's the best "what happened with Netburst" I've ever seen, even with holes like barely discussing the early Willamette/Northwood situation.
Comments
Posted in News | Leave a comment

Setting up a new machine, I was reminded that the default Firefox tab style after 89 is “utter lack of visual separation, but with lots of useless empty space.” I’ve hacked sloppy solutions on several other machines, but it looks … Continue reading

Posted on by pappp | Leave a comment

Continuous Unix commit history from 1970 until today

Source: Hacker News

Article note: Repo is a neat history dive, one of the HN comments made me aware of Diomidis Spinellis' "Code Reading: The Open Source Perspective" which looks like something I've been desiring for a long time and just didn't know existed.
Comments
Posted in News | Leave a comment

Senate considers ban on data brokers selling health and location info

Source: Engadget

Article note: I have low hopes for any kind of reasonable data privacy policy in the US, but it's a lovely idea.

Politicians are determined to put a stop to brokers who compromise privacy by selling your data. Motherboard has learned Elizabeth Warren and other senators are introducing a bill, the Health and Location Data Protection Act, that would ban brokers from selling or transferring a person's medical and positional info outside of limited circumstances. The main exceptions would include HIPAA-compliant activities (such as sharing patient records between facilities) and First Amendment-protected speech.

The legislation would also give the Federal Trade Commission $1 billion over the next decade to help fund enforcement. The FTC, state attorneys general and individuals would also have the power to sue and seek injunctions. Bill cosponsors include longtime data privacy advocate Ron Wyden as well as Bernie Sanders, finance committee chair Patty Murray and HELP committee chair Sheldon Whitehouse.

The act comes in response to numerous instances where companies and government bodies violated privacy by purchasing data through brokers. Bounty hunters bought location data from carriers, for instance, while Google banned a company last year for allegedly selling Android location data indiscriminately. Critics have also accused agencies like ICE and the Secret Service of buying location info through brokers to get data that would normally require a warrant. At the same time, lawmakers are worried about access to abortion seekers' data when the Supreme Court is expected to overturn Roe vs. Wade. This measure could limit anti-abortion politicians and activists hoping to target patients.

Protection bills like this aren't new. Wyden's stalled Fourth Amendment is Not for Sale Act would require agencies to obtain warrants for location data. This would represent one of the most sweeping data controls yet if it became law, however, and reflects mounting opposition to companies that profit from trading sensitive content.

Posted in News | Leave a comment

A new vulnerability in Intel and AMD CPUs lets hackers steal encryption keys

Source: Ars Technica

Article note: Remember how only a couple years ago, architectural timing attacks causing data leakage were novel, instead of "oh, yeah, of course, another one"? This one doesn't sound terribly dangerous.
A new vulnerability in Intel and AMD CPUs lets hackers steal encryption keys

Enlarge

Microprocessors from Intel, AMD, and other companies contain a newly discovered weakness that remote attackers can exploit to obtain cryptographic keys and other secret data traveling through the hardware, researchers said on Tuesday.

Hardware manufacturers have long known that hackers can extract secret cryptographic data from a chip by measuring the power it consumes while processing those values. Fortunately, the means for exploiting power-analysis attacks against microprocessors is limited because the threat actor has few viable ways to remotely measure power consumption while processing the secret material. Now, a team of researchers has figured out how to turn power-analysis attacks into a different class of side-channel exploit that's considerably less demanding.

Targeting DVFS

The team discovered that dynamic voltage and frequency scaling (DVFS)—a power and thermal management feature added to every modern CPU—allows attackers to deduce the changes in power consumption by monitoring the time it takes for a server to respond to specific carefully made queries. The discovery greatly reduces what's required. With an understanding of how the DVFS feature works, power side-channel attacks become much simpler timing attacks that can be done remotely.

Read 9 remaining paragraphs | Comments

Posted in News | Leave a comment

Tachyum’s Prodigy CPU Specs

Source: Hacker News

Article note: It smells an _awful_ lot like bullshit, but bullshit built on the premise of a 20-year-old Transmeta trick. Some kind of in-order VLIW with a JIT-y interpreter/scheduler thing that will circumstantially do well at executing code for existing platforms. Claiming 5nm TSMC process and a 950W TDP in the top of the line part which is .. a lot of chip.
Comments
Posted in News | Leave a comment

If OpenSSL were a GUI

Source: Hacker News

Article note: This is an illustration of a lot of fun things at once. The certificate ecosystem is an utter shitshow of exposed complexity. GUIs are awkward tools for coping with complexity that can be reasonably manageable in scritpable text GUIs are actually really nice for discoverability (I actually find that easier to visually parse than the relevant man page for handling x509 certs)
Comments
Posted in News | Leave a comment

I cut GTA Online loading times (2021)

Source: Hacker News

Article note: Doing an exceptionally bad job at parsing strings brings AAA title to its knees.
Comments
Posted in News | Leave a comment

Porting Doom to a/UX

Source: Hacker News

Article note: This is delightful.
Comments
Posted in News | Leave a comment

Inside the $100K+ forgery scandal that’s roiling PC game collecting

Source: Ars Technica

Article note: Ugh. I care _much_ more about preservation and sharing experience (eg. high quality scans and disc images being distributed widely enough that they won't be lost to time) than original media and packaging, but counterfeiters using the digital copies to scam people who care about original media produces a disincentive for sharing high-quality digital copies.
Beyond adventure lies... forgery?

Enlarge / Beyond adventure lies... forgery? (credit: Collage by Aurich Lawson)

Before last month, Enrico Ricciardi was one of the most respected members of a niche community of classic PC game collectors, with a practically unrivaled collection of rarities that he regularly bragged about on social media. Today, he’s a pariah in that community, the central figure in a wide-ranging alleged forgery scandal that has changed the way many collectors look at their hobby.

At least seven PC game collectors have publicly or privately identified dozens of suspected forgeries they say Ricciardi traded or sold as far back as 2015 and as recently as last month. Collectors estimate that those trades and sales include games that would be valued at well over $100,000 total on the open market if they were authentic.

Ricciardi told Ars he is also a victim who simply unknowingly passed along suspect collectibles without checking them thoroughly enough. Regardless, the overwhelming evidence suggesting that there are many forgeries circulating through the world of rare PC games has shaken the trust of that community to the core.

Read 72 remaining paragraphs | Comments

Posted in News | Leave a comment