Daily Archives: 2022-08-09

Installing SKS B53 Fenders on a Giant Escape Disc

Giant Escape 3 Disc with SKS B53 Fenders
Giant Escape 3 Disc with SKS B53 fenders, modified to fit

I’ve been biking a fair amount lately after a 20-odd year hiatus; I decided last year that I wanted to start biking, bought a Giant Escape 3 Disc near the end of summer, but didn’t get confident enough riding to use it around campus last year among the students texting their way to their first (next?) vehicular manslaughter charge before they flocked back.

This summer, I’ve been dong my commute into campus on it, plus a significant amount of fun/exercise riding, and the top fixable annoyance has become getting sprayed at the slightest hint of wet. I did some hackin’ that I haven’t seen on the interwebs to fit the fenders I picked to the frame, which is the point of this post.

Continue reading
Posted in DIY, General, Objects | Leave a comment

SGX, Intel’s supposedly impregnable data fortress, has been breached yet again

Source: Ars Technica

Article note: The search method is neat, they found that the collection of known processor vulnerabilities in pairs (every transient execution vulnerability had a static ISA vulnerability with the same underlying mechanism)... except for one where there were only known transient attacks. So they built tools to hunt for it, and sure enough, ISA vulnerability. Which renders SGX useless (again). Demonstrating, once again, that high-complexity ISA features will cause bugs, either by implementation bugs or interactions.
SGX, Intel’s supposedly impregnable data fortress, has been breached yet again

Enlarge (credit: Intel)

Intel’s latest generation of CPUs contains a vulnerability that allows attackers to obtain encryption keys and other confidential information protected by the company’s software guard extensions, the advanced feature that acts as a digital vault for security users’ most sensitive secrets.

Abbreviated as SGX, the protection is designed to provide a fortress of sorts for the safekeeping of encryption keys and other sensitive data, even when the operating system or a virtual machine running on top is maliciously compromised. SGX works by creating trusted execution environments that protect sensitive code and the data it works with from monitoring or tampering by anything else on the system.

Cracks in Intel’s foundational security

SGX is a cornerstone of the security assurances many companies provide to users. Servers used to handle contact discovery for the Signal Messenger, for instance, rely on SGX to ensure the process is anonymous. Signal says running its advanced hashing scheme provides a “general recipe for doing private contact discovery in SGX without leaking any information to parties that have control over the machine, even if they were to attach physical hardware to the memory bus.”

Read 17 remaining paragraphs | Comments

Posted in News | Leave a comment

Ask HN: Why did smartphones become a single point of failure?

Source: Hacker News

Article note: I rage about this a lot. My phone is my least-trustworthy, most loss/theft-prone computer. The Phone network is a security shamble. All the blackbox vendor apps doing "security" are a threat to each other. Why are you assholes trying to use it as a trust root instead of letting me dump something in my password manager DB?
Posted in News | Leave a comment

Netflix Piracy Thrives as Subscribers Rethink Their Streaming Subscriptions

Source: TorrentFreak

Article note: And the rule maintains. If piracy is a better overall experience than the official option, on an experience/cost/effort basis, then piracy wins. Fragmenting content libraries into a bunch of individual expensive services -> Piracy. Adding friction to using services across devices/locations -> piracy. Costs exceeding perceived value -> piracy.

pirate streamAs the first major legal subscription streaming service on the Internet, Netflix paved the way for a streaming revolution.

The company began competing with piracy from the get-go, branding itself as a superior alternative. In the early years, the strategy paid off.

Millions of subscribers switched from casually consuming pirated content on unlicensed platforms in favor of a convenient and reasonably-priced legal alternative. Piracy never went away, but downloading Netflix content illegally seemed silly.

Streaming Wars

In the years that followed the legal streaming landscape became more crowded. Inspired by Netflix’s success, new streaming portals such as Amazon, Disney+, HBO Max, Hulu, Paramount+, and Peacock started competing for a share of the lucrative streaming market.

The media often refers to this competition as the “streaming wars,” but the real threat may not come from legal streaming services but illegal pirate sites.

The suggestion that “subscription fatigue” may motivate people to start pirating again isn’t new. We have highlighted this issue in the past and it has been confirmed by research, but it’s now reaching a point where it’s hard for Hollywood to ignore.

Piracy tracking firm MUSO recognizes the problem too. In addition to doing anti-piracy work for major copyright holders, the UK company also helps major players such as Amazon, Lionsgate, and Sony, to understand the latest piracy trends.

Piracy is Appealing Once Again

In an op-ed, MUSO CEO Andy Chatterley highlights that increased fragmentation in the streaming ecosystem, paired with higher prices, is starting to make piracy more appealing again. And without an option to pay for everything, people are seeking out alternatives.

“[F]aced with an increasingly fractured streaming landscape, the consumer does the math and realizes that having access to all the shows they want to watch is not a justifiable expense when their grocery bill has doubled and they’re cycling or carpooling to work to save money on fuel,” Chatterley says.

“And in the absence of a one-stop shop like Spotify is to music lovers, and now that piracy sites have evolved to become sophisticated, easy-to-use experiences, people who have never resorted to piracy before are finding it more appealing than ever. Everything you could ever want to watch, all in one place, only a few clicks away and all for free. What’s not to like?”

Netflix Piracy Thrives

Chatterley notes that copyright holders should be aware of this potential shift in user behavior, which is backed up by data. Earlier this year Netflix reported that its subscriber numbers had dropped for the first time in history and piracy continues to grow.

According to MUSO’s data, Netflix content was good for an 11.4% U.S. piracy market share in June. Globally, this number is even higher, with Netflix content making up 16% of the worldwide piracy demand.

“Now, imagine if they could convert those pirate consumers into paying customers,” Chatterley comments.

MUSO’s messaging is in part out of self-interest as the company offers piracy insights as a commercial service. This is serious business for Muso. Just last week the company announced that it had secured a $3.9M investment from Puma Private Equity.

A One-Stop Streaming Solution?

That said, the fact that a company working with several Hollywood players is prepared to highlight the dangers of too many subscriptions is quite something. Especially when that company started as a fairly traditional anti-piracy outfit roughly a decade ago.

Instead of pointing a finger at pirates, Chatterley focuses more on the shortcomings of the TV and movie industry. Piracy can be lowered by offering a one-stop solution for a fair price but somehow that seems to be a pipe dream.

“By offering a service that is both comprehensive and good value for money, you render piracy a much less attractive option,” he writes.

“But with content providers investing billions in their platforms and determined to keep their shows exclusive to them, this seems fanciful. And so the drop off in subscribers seems set to continue, with piracy sites continuing to welcome them with open arms,” Chatterley concludes.

From: TF, for the latest news on copyright battles, piracy and more.

Posted in News | Leave a comment