Monthly Archives: January 2024

Article note: If the creepy, intrusive, and largely useless "AI" shit could go away because it's unsustainably expensive to run and not paying for itself, that would be great.

Article note: tl;dr: In the old days the web was driven by sharing and communities, then everything turned into self promotion, because in late stage capitalism everything is a hustle, and once something is a hustle it's gonna be awful for everyone.

Article note: Ugh.

Article note: Man, UK got hit by Google ramping educational storage costs a couple years ago, and nudged everyone on to Microsoft storage. It sounds like this is really McGill being goofy, but if it becomes a general thing it'll be ugly. Academic storage capacity is a huge problem because there are rules requiring data retention, and limiting where it can happen, so there are relatively non-technical users with sometimes terabytes of stuff that has to be housed on university-approved storage for extended periods of time. It'll be interesting to see what happens if there's another round of the same bullshit from cloud providers, as it'll pretty fully demonstrate that the whole cloud situation is largely rentseeking. Maybe we'll go back to hosting our own storage appliances instead of renting. Or just losing data stored on media tucked in desk drawers until the last person who knows about it leaves.

Article note: Financialization.

Article note: The reference TianoCore EDK2 PXE implementation that everyone just checks out a copy of and ships is full of fail, and all you need to exploit it is to be able to sniff/inject packets on the same network while PXE (netboot) is enabled in the firmware. Lovely. Sure would be nice if there was something not as over-complicated as UEFI but still capable of passing hardware description tables (...preferably in a format not as nasty as ACPI) so we're not doing DeviceTree shit everywhere.

Enlarge (credit: Nadezhda Kozhedub)

UEFI firmware from five of the leading suppliers contains vulnerabilities that allow attackers with a toehold in a user's network to infect connected devices with malware that runs at the firmware level.

The vulnerabilities, which collectively have been dubbed PixieFail by the researchers who discovered them, pose a threat mostly to public and private data centers and possibly other enterprise settings. People with even minimal access to such a network—say a paying customer, a low-level employee, or an attacker who has already gained limited entry—can exploit the vulnerabilities to infect connected devices with a malicious UEFI.

Short for Unified Extensible Firmware Interface, UEFI is the low-level and complex chain of firmware responsible for booting up virtually every modern computer. By installing malicious firmware that runs prior to the loading of a main OS, UEFI infections can’t be detected or removed using standard endpoint protections. They also give unusually broad control of the infected device.

Article note: Huh. The claim is that Magic Leap's overspend included a custom APU from AMD, and the first gen Steam Deck is built on basically that part with the special DSPs fused off, bought cheap either because there were a ton of extras or since the design was already spun ordering more with a post-processed tweak was way less than a custom part. It's fairly credible, dumber things have happened in the silicon industry, the Switch and Raspberry Pi are basically built on repurposed existing SoCs.

Article note: This is the current AI revolution, folks. Winter is coming again.

Enlarge / I know naming new products can be hard, but these Amazon sellers made some particularly odd naming choices. (credit: Amazon)

Amazon users are at this point used to search results filled with products that are fraudulent, scams, or quite literally garbage. These days, though, they also may have to pick through obviously shady products, with names like "I'm sorry but I cannot fulfill this request it goes against OpenAI use policy."

As of press time, some version of that telltale OpenAI error message appears in Amazon products ranging from lawn chairs to office furniture to Chinese religious tracts. A few similarly named products that were available as of this morning have been taken down as word of the listings spreads across social media (one such example is Archived here).

Other Amazon product names don't mention OpenAI specifically but feature apparent AI-related error messages, such as "Sorry but I can't generate a response to that request" or "Sorry but I can't provide the information you're looking for," (available in a variety of colors). Sometimes, the product names even highlight the specific reason why the apparent AI-generation request failed, noting that OpenAI can't provide content that "requires using trademarked brand names" or "promotes a specific religious institution" or in one case "encourage unethical behavior."

Article note: Oh, good to see they aren't being dicks about it. One-Way enable mechanisms like that seem like a good balance between "pissing off enthusiasts who then find and publish exploits so they can do what they want" and "discouraging non-technical users from doing dumb things that will hurt them."