Language Selection

English French German Italian Portuguese Spanish

Intel is Full of Holes

Filed under
Hardware
Security
  • A Security Issue in Intel’s Active Management Technology (AMT)
  • Backdoor In 30 Seconds: New Major AMT Security Flaw Is Here To Haunt Intel Laptops
  • Meltdown and Spectre FAQ: Crapification at Scale

    Yesterday, Yves posted a “primers on Meltdown and Spectre”, which included several explanations of the two bugs from different viewpoints; if you feel you don’t have a handle on them, please review it. Today, I want to give an overview of the two bugs. I will dig into the details of these two bugs in the form of a FAQ, and then I’ll open a discussion of the larger business and political economy issues raised in the form of a MetaFAQ. First, I should make one point: Meltdown is a bug; Specture is a class of bugs (or, if you prefer, a strategy).

    [...]

    What Are The Costs of the Meltdown and Spectre Bugs?

    A few billions.

  • Fixing Chipmageddon Will Slow Down Older Computers

    Microsoft has come out and said it: cures for the pervasive chip flaws Meltdown and Spectre are likely to dent the performance of your PC if it’s a few years old.

  • Intel needs to come clean about Meltdown and Spectre

    Intel hasn’t had the best of times recently. Meltdown and Spectre security flaws have helped reveal fundamental issues with processor designs over the past 20 years, and the software updates to protect PCs will have performance impacts. Even as I write this, it’s still not clear to anyone exactly how bad these performance impacts will be for older desktop systems, or how significant they’ll be to server-based cloud platforms. It’s all a bit of a mess, and Intel hasn’t helped with its lack of transparency. It’s time for Intel to stop hiding behind cleverly worded statements.

  • Intel details performance hit for Meltdown fix on affected processors
  • Keeping Spectre secret

    When Graz University of Technology researcher Michael Schwarz first reached out to Intel, he thought he was about to ruin the company’s day. He had found a problem with their chips, together with his colleagues Daniel Gruss, Moritz Lipp, and Stefan Mangard. The vulnerability was both profound and immediately exploitable. His team finished the exploit on December 3rd, a Sunday afternoon. Realizing the gravity of what they’d found, they emailed Intel immediately.

  • Intel's telling some customers to avoid its fix for the Spectre and Meltdown attacks — because of a big bug
  • Everything running smoothly at the plant? *Whips out mobile phone* Wait. Nooo...

    The security of mobile apps that tie in with Supervisory Control and Data Acquisition (SCADA) systems has deteriorated over the last two-and-a-half years, according to new research.

    A team of boffins from IOActive and IoT security startup Embedi said they had discovered 147 vulnerabilities in 34 of the most popular Android mobile apps for SCADA systems.

    Mobile applications are increasingly being used in conjunction with SCADA systems. The researchers warned these apps are "riddled with vulnerabilities that could have dire consequences on SCADA systems that operate industrial control systems".

More in Tux Machines

OSS Leftovers

  • First results of the ROSIN project: Robotics Open-Source Software for Industry
    Open-Source Software for robots is a de-facto standard in academia, and its advantages can benefit industrial applications as well. The worldwide ROS-Industrial initiative has been using ROS, the Robot Operating System, to this end. In order to consolidate Europe’s expertise in advanced manufacturing, the H2020 project ROSIN supports EU’s strong role within ROS-Industrial. It will achieve this goal through three main actions on ROS: ensuring industrial-grade software quality; promoting new business-relevant applications through so-called Focused Technical Projects (FTPs); supporting educational activities for students and industry professionals on the one side conducting ROS-I trainings as well as and MOOCs and on the other hand by supporting education at third parties via Education Projects (EPs).
  • Baidu To Launch World’s First Intelligent Vehicle Infrastructure Cooperative Systems Open Source Solution By End Of 2018
    Baidu Inc. has announced it will launch the Apollo Intelligent Vehicle Infrastructure Cooperative Systems (IVICS) open-source solution by the end of 2018, leveraging its capabilities in autonomous driving to bring together intelligent vehicles and infrastructure to form a “human-vehicle-roadway” interplay – an important step toward developing future intelligent transportation.
  • Versity Open Sources Next Generation Archiving Filesystem
    The ScoutFS project was started in 2016 to address the rapidly growing demand for larger POSIX namespaces and faster metadata processing. The design goal for ScoutFS includes the ability to store up to one trillion files in a single namespace by efficiently distributing metadata handling across a scale out cluster of commodity compute nodes.
  • Moving from Wordpress
  • Epic Clock Clocks The Unix Epoch
    Admit it: when you first heard of the concept of the Unix Epoch, you sat down with a calculator to see when exactly 2³¹-1 seconds would be from midnight UTC on January 1, 1970. Personally, I did that math right around the time my company hired contractors to put “Y2K Suspect” stickers on every piece of equipment that looked like it might have a computer in it, so the fact that the big day would come sometime in 2038 was both comforting and terrifying. [Forklift] is similarly entranced by the idea of the Unix Epoch and built a clock to display it, at least for the next 20 years or so. Accommodating the eventual maximum value of 2,147,483,647, plus the more practical ISO-8601 format, required a few more digits than the usual clock – sixteen to be exact. The blue seven-segment displays make an impression in the sleek wooden case, about which there is sadly no detail in the build log. But the internals are well documented, and include a GPS module and an RTC. The clock parses the NMEA time string from the satellites and syncs the RTC. There’s a brief video below of the clock in action.
  • 3 top Python libraries for data science
    Python's many attractions—such as efficiency, code readability, and speed—have made it the go-to programming language for data science enthusiasts. Python is usually the preferred choice for data scientists and machine learning experts who want to escalate the functionalities of their applications. (For example, Andrey Bulezyuk used the Python programming language to create an amazing machine learning application.) Because of its extensive usage, Python has a huge number of libraries that make it easier for data scientists to complete complicated tasks without many coding hassles. Here are the top 3 Python libraries for data science; check them out if you want to kickstart your career in the field.
  • PortableCL 1.2 Still Coming While POCL 1.3 Will Further Improve Open-Source OpenCL
    It's been a number of months since last having any major news to report on POCL, the "PortableCL" project providing a portable OpenCL/compute implementation that can run on CPUs, select GPUs, and other accelerators. POCL 1.1 from March remains the current stable release while POCL 1.2 has been in the release candidate stage. The POCL 1.2 release candidates began last month with a few highlights like LLVM 7.0 support, device-side printf support, and HWLOC 2.0 library support.

New CloudBees Suite Addresses DevOps Gaps in Software Delivery

CloudBees is bringing a set of products into a new CloudBees Suite that it said will help companies of all sizes streamline the software development process. The new software is set to be announced Sept. 18 at the company’s DevOps World / Jenkins World conference in San Francisco. Jenkins is the open-source version of CloudBees, which is a commercial offering. A central piece of the CloudBees Suite is the CloudBees Core for unified governance of continuous delivery operations and processes used in DevOps. Software pipelines can also use Core to run software pipelines more efficiently in a self-managed way in the cloud or on-premises. Read more Also: CloudBees Announces Availability of Support for Jenkins Open Source

Chrome's Latest

Everything Is File In Linux - Part 1

Divided into 2 parts, in this first part I will introduce the concept that everything is file and present the special devices / dev / null, / dev / zero, / dev / random and / dev / full. Part 2 will be to present didactically interesting features about this, for example, how to turn a file into a partition! Read
more