Monthly Archives: December 2022

4 electrical substations vandalized in Washington, leaving thousands without power

Source: The Week: Most Recent Home Page Posts

Article note: Uh-oh, the genuinely difficult problem we've done basically nothing about in the decade or so since it got undeniable is starting to take off. (now, am I talking about securing substations or the proliferation of right wing domestic terrorists most likely responsible for attacking them? Hint:it's both.)

Four electrical substations were vandalized in Washington state on Sunday, the Pierce County Sheriff's Office said Monday.

Tacoma Public Utilities reported that two of its substations were vandalized on Christmas morning, with outages affecting roughly 7,300 customers southeast of Tacoma. Around noon on Sunday, Puget Sound Energy reported that one of its substations was vandalized at about 2:30 a.m., and nearly 7,700 customers had lost power. The fourth substation was vandalized shortly after 7 p.m., with emergency dispatchers receiving a call about a fire at a Puget Sound Energy substation in Graham.

All of the substations are in South Pierce County. Sheriff's officials said in each case, someone broke into the fenced area around the substations and damaged the equipment in order to cause a power outage.

Over the last month, there have been six attacks on electrical substations in Washington and Oregon. In early December, tens of thousands of customers in Moore County, North Carolina, were without power after someone "opened fire" on two substations, damaging the equipment, Moore County Sheriff Ronnie Fields said. This "wasn't random," he added.

In January, the Department of Homeland Security warned that domestic extremists "have developed credible, specific plans to attack electricity infrastructure since at least 2020." There are more than 6,400 power plants and 450,000 miles of transmission lines in the United States, The Associated Press reports, and a law enforcement official told AP the extremists "feel that disrupting the electrical supply will disrupt the ability of government to operate. And secondly, by conducting attacks against the communications and electrical infrastructure, it will actually accelerate the coming civil war that they anticipate because it will disrupt the lives of so many people that they will lose their faith in government."

Posted in News | Leave a comment

Haiku R1/beta4

Source: Hacker News

Article note: Always exciting to see the BeOS lineage continue. The Haiku folks have done some really lovely engineering the the original spirit over the years.
Comments
Posted in News | Leave a comment

The Rise of User-Hostile Software (2021)

Source: Hacker News

Article note: It's a good description of the problem of software-as-value-extraction, which has become even more true in the year since it was written. As noted, it's "software prioritizing the vendor" more than the developer, but I think there is an interesting aside about software prioritizing the developer (as in the implementing programmer) in the old Wirth's law lazy but high-overhead dev tools argument. Or the self-justifying whims of UX "designers" situation. I'm not sure that the suggestions at the bottom are realistic, as the top HN comment notes, it's a Collective Action Problem and right now the only way out is open source.
Comments
Posted in News | Leave a comment

LastPass users: Your info and password vault data are now in hackers’ hands

Source: Ars Technica

Article note: Putting lots of sensitive user data in internet-connected silos is never a good idea. For passwords, use KeePass or something where you have a proper locally-encrypted DB, and sync that through a normal file-syncing tool (Seafile, Syncthing, Dropbox...whatever).
Calendar with words Time to change password. Password management.

Enlarge (credit: Getty Images)

LastPass, one of the leading password managers, said that hackers obtained a wealth of personal information belonging to its customers as well as encrypted and cryptographically hashed passwords and other data stored in customer vaults.

The revelation, posted on Thursday, represents a dramatic update to a breach LastPass disclosed in August. At the time, the company said that a threat actor gained unauthorized access through a single compromised developer account to portions of the password manager's development environment and "took portions of source code and some proprietary LastPass technical information." The company said at the time that customers’ master passwords, encrypted passwords, personal information, and other data stored in customer accounts weren't affected.

Sensitive data, both encrypted and not, copied

In Thursday’s update, the company said hackers accessed personal information and related metadata, including company names, end-user names, billing addresses, email addresses, telephone numbers, and IP addresses customers used to access LastPass services. The hackers also copied a backup of customer vault data that included unencrypted data such as website URLs and encrypted data fields such as website usernames and passwords, secure notes, and form-filled data.

Read 10 remaining paragraphs | Comments

Posted in News | Leave a comment

Linux’s strcmp() for the m68k has always been broken

Source: Hacker News

Article note: Looked for the fun old platform, stayed for the "Everything is subtle when you get close enough." Kernel char being presumptively unsigned on all platforms (-funsigned-char) will be ...fun... for the large amounts of code primarily worked on x86 where char is signed in the ABI.
Comments
Posted in News | Leave a comment

Porting Labs from ARM Compiler V5 to V6

I spent the last two afternoons procrastinating from other work doing a deferred maintenance project, porting the labs for UK’s CPE287 Introduction to Embedded Systems from the “V5” armcc to the “V6” armclang compiler, since the most recent releases of Keil (the IDE we use in the class) have dropped support for the older compiler, and all our materials were written against V5. It has been a somewhat interesting porting exercise for a “same vendor, same platform” situation.

We have some slightly unusual circumstances: First, because the class starts in writing pure assembly, proceeds through manual bit manipulation in C, and eventually starts to write high-level software driver model code, we hit all the styles and interfaces. Secondly, we have an inexpensive textbook and supporting materials we rather like, but all the examples use the old style assembly syntax, which differs significantly from the more modern GCC/LLVM style, and for pedagogical consistency reasons we’d like to write our code in that style.

ARM/Keil have produced a document AN298 – Migrate ARM Compiler 5 to ARM Compiler 6 which covers most of the important details, but it was still a bit of a skilled process.

Some notes:

  • For the time being, Keil with the V6 toolchain includes the older armasm binary, so separate pure-assembly .s sources written in the old syntax can still be ingested, you only have to port inline assembly.
  • Keil’s debugger doesn’t appear to be able to keep source lines of inline assembly and the disassembly view synchronized for GCC-style inlined assembly the way it could with armcc. Unfortunate, and a bit klutzy for setting breakpoints, but not a deal-breaker.
  • armclang defines __ARMCC_VERSION as 6something so various pieces of existing code have pre-processor directives that will decide to use the armcc style inline assembly instead of the gcc style ones. Particularly irritating, TI’s first party TivaWare library has this problem in both cpu.c and sysctl.c, so I had to make a hacked version with the #ifdef s swirled around appropriately. The code in TivaWare intended for IAR ewarm is suitable for armclang … as long as you remove some spare ewarm-specific pragmas embedded here and there for suppressing return value warnings; I ended up putting -Wno-return-type in the extended compiler options for projects depending on those files.
  • armclang is much more aggressive about optimization by default than armcc was. In particular, you could get away without marking variables used in busy wait loops or ISRs volatile in armcc, and armclang will happily optimize them out if you forget.
  • armclang is more vocal about implicit type conversion than armcc, especially where it might affect signedness. This is triggered a lot by the REGISTER_NAME &= ~0xMASK bit-specific addressing idiom. I sprinkled in lots of UL suffixes on literals to avoid the issue.

Long term we might try to get off of Keil, though my experiences with CodeComposerStudio have been sufficiently frustrating that I’m in no hurry to move to it for the TI TivaC boards we’ve been using, and while I like ST’s Cube environment, it would both be a major change of materials and a potential supply-chain nightmare (when is the last time you saw a legitimate major electronics vendor with STM32 parts in a stock status other than “Expected Date: Eventually”?)

Posted in Computers, General, School | Leave a comment

Deep work. Essentialism in asynchronous culture

Source: Hacker News

Article note: I'm _so bad_ about letting myself spend months at a time being interrupt driven and not getting to do any deep work. This article is pretentious as fuck, but not wrong.
Comments
Posted in News | Leave a comment

Examining the Top Five Fallacies About RISC-V

Source: Hacker News

Article note: I went and listened to the RISC V BoF at SC22 a month or so ago, mostly because I wanted to hear what their plans for making the proliferation of extensions manageable for toolchains and libraries looked like... The presented plan included quality choices like "vendor toolchains forked from upstream that support their secret sauce features, but suck at everything else compared to mainline, and are only maintained until until the vendor runs out of VC money," "You can always use the nearest base profile and ignore the special hardware you theoretically paid this vendor a fortune for" and special attention to "Most of your workloads are torch or something anyway, just use the vendor's binaries." I was not impressed.
Comments
Posted in News | Leave a comment

Ky. Supreme Court rules against Republican-backed school choice law

Source: Latest News

Article note: Oh, cool. Not letting groups ditch their civic obligations in favor of private and/or religious institutions is always a win.

The Kentucky Supreme Court heard oral arguments Nov. 15, 2022, regarding the state’s abortion laws and reduction of access since the reversal of Roe v. Wade this summer.

Posted in News | Leave a comment

The rise and fall of peer review

Source: Hacker News

Article note: Yup. And this doesn't even get into the abuses of peer-review to establish and defend people's little principalities and cabals.
Comments
Posted in News | Leave a comment