(date: 2024-03-28 08:13:08)
date: 2024-03-28, updated: 2024-03-26, from: Bruce Schneier blog
It’s yet another hardware side-channel attack:
The threat resides in the chips’ data memory-dependent prefetcher, a hardware optimization that predicts the memory addresses of data that running code is likely to access in the near future. By loading the contents into the CPU cache before it’s actually needed, the DMP, as the feature is abbreviated, reduces latency between the main memory and the CPU, a common bottleneck in modern computing. DMPs are a relatively new phenomenon found only in M-series chips and Intel’s 13th-generation Raptor Lake microarchitecture, although older forms of prefetchers have been common for years…
https://www.schneier.com/blog/archives/2024/03/hardware-vulnerability-in-apples-m-series-chips.html
date: 2024-03-28, from: Robert Reich’s blog
Once you work for him, you’re trapped
https://robertreich.substack.com/p/the-trump-integrity-trap
date: 2024-03-27, updated: 2024-03-27, from: Daring Fireball
https://podcasts.voxmedia.com/show/on-with-kara-swisher
date: 2024-03-27, updated: 2024-03-26, from: Bruce Schneier blog
It’s pretty devastating:
Today, Ian Carroll, Lennert Wouters, and a team of other security researchers are revealing a hotel keycard hacking technique they call Unsaflok. The technique is a collection of security vulnerabilities that would allow a hacker to almost instantly open several models of Saflok-brand RFID-based keycard locks sold by the Swiss lock maker Dormakaba. The Saflok systems are installed on 3 million doors worldwide, inside 13,000 properties in 131 countries. By exploiting weaknesses in both Dormakaba’s encryption and the underlying RFID system Dormakaba uses, known as MIFARE Classic, Carroll and Wouters have demonstrated just how easily they can open a Saflok keycard lock. Their technique starts with obtaining any keycard from a target hotel—say, by booking a room there or grabbing a keycard out of a box of used ones—then reading a certain code from that card with a $300 RFID read-write device, and finally writing two keycards of their own. When they merely tap those two cards on a lock, the first rewrites a certain piece of the lock’s data, and the second opens it…
date: 2024-03-27, from: Robert Reich’s blog
Friends, Ronna McDaniel’s tenure at NBC lasted four days. It ended last night, after network anchors and reporters blasted NBC’s decision to hire her last Friday. They argued that hiring her gave a green light for election deniers to spread lies as paid contributors.
https://robertreich.substack.com/p/office-hours-the-end-of-the-republican
date: 2024-03-27, from: Daniel Stenberg Blog
Numbers the 255th and 256th releases5 changes56 days (total: 9,504)162 bug-fixes (total: 10,050)246 commits (total: 31,931)0 new public libcurl function (total: 93)0 new curl_easy_setopt() option (total: 304)0 new curl command line option (total: 258)92 contributors, 56 new (total: 3,133)37 authors, 15 new (total: 1,252)4 security fixes (total: 155) Versions I first released 8.7.0, but immediately … Continue reading curl 8.7.0 and 8.7.1
https://daniel.haxx.se/blog/2024/03/27/curl-8-7-0/
date: 2024-03-27, updated: 2024-03-27, from: Daring Fireball
https://daringfireball.net/thetalkshow/2024/03/26/ep-397
date: 2024-03-27, from: John Naughton’s online diary
Picasso’s guitar? No, mine, viewed through a distorting lens. Quote of the Day ”The McDaniel hiring speaks to a long-running poverty of imagination at television’s news divisions. Network bosses have come to believe that the news is a river that … Continue reading
https://memex.naughtons.org/wednesday-27-march-2024/39286/
date: 2024-03-26, updated: 2024-03-26, from: Daring Fireball
https://mjtsai.com/blog/2024/03/26/canva-acquires-affinity-serif/
date: 2024-03-26, updated: 2024-03-28, from: Daring Fireball
The DMA allows the EC to penalize “gatekeepers” with fines that are vastly disproportionate to the amount of revenue they generate in EU member states.
https://daringfireball.net/2024/03/eu_share_of_apples_revenue
date: 2024-03-26, updated: 2024-03-26, from: Daring Fireball
https://www.apple.com/newsroom/2024/03/apples-worldwide-developers-conference-returns-june-10-2024/
date: 2024-03-26, from: Om Malik blog
As an organization grows in scale, the idiosyncrasy and distinctiveness that was originally informed by the taste of the founders moves toward the mean. Over time, things get more average. That’s because each new customer, each new supplier and each new employee wants or needs something a little more normal, at least sometimes. The drift …
https://om.co/2024/03/26/normal-is-not-good/
date: 2024-03-26, updated: 2024-03-21, from: Bruce Schneier blog
Andrew Appel shepherded a public comment—signed by twenty election cybersecurity experts, including myself—on best practices for ballot marking devices and vote tabulation. It was written for the Pennsylvania legislature, but it’s general in nature.
From the executive summary:
We believe that no system is perfect, with each having trade-offs. Hand-marked and hand-counted ballots remove the uncertainty introduced by use of electronic machinery and the ability of bad actors to exploit electronic vulnerabilities to remotely alter the results. However, some portion of voters mistakenly mark paper ballots in a manner that will not be counted in the way the voter intended, or which even voids the ballot. Hand-counts delay timely reporting of results, and introduce the possibility for human error, bias, or misinterpretation…
https://www.schneier.com/blog/archives/2024/03/on-secure-voting-systems.html
date: 2024-03-26, from: Chris Heilmann’s blog
Welcome to another edition of the WeAreDevelopers Dev Digest. This time we have am interview with Sead Ahmetovic, CEO of of WeAreDevelopers amd Scott Chacon, co-Founder of GitHub. They talk about careers, early coding days, developer communities, evangelizing git, and how AI is shaping the future of coding. Gitting things done… So, let’s get started […]
https://christianheilmann.com/2024/03/26/dev-digest-108-git-off-my-cloud/
date: 2024-03-26, from: Robert Reich’s blog
The case for restricting U.S. arms sales to Israel
https://robertreich.substack.com/p/the-case-for-stopping-us-military
date: 2024-03-26, updated: 2024-03-26, from: Daring Fireball
date: 2024-03-26, updated: 2024-03-26, from: Daring Fireball
You could have set your watch by this announcement dropping the week after the EC held compliance “workshops”.
https://daringfireball.net/2024/03/ec_non_compliance_investigations
date: 2024-03-25, from: Om Malik blog
The European Union has opened a non-compliance investigation under the European Digital Markets Act (DMA) against Apple, Google and Meta. It is evident that there is intensified scrutiny on the (US) Big Tech, in Europe. Before today’s investigations, over the past few years, the EU has: Steve Sinofsky, a former high-ranking Microsoft executive, points out …
https://om.co/2024/03/25/can-eu-be-tough-on-china-inc/
date: 2024-03-25, from: Dan Rather’s Steady
NBC News hires Trump apologist to be on-air commentator
https://steady.substack.com/p/what-were-they-thinking
date: 2024-03-25, updated: 2024-03-26, from: Daring Fireball
https://www.youtube.com/watch?v=CU_qKQL5PVk
date: 2024-03-25, updated: 2024-03-25, from: Daring Fireball
date: 2024-03-25, updated: 2024-03-25, from: Daring Fireball
https://www.kickstarter.com/projects/glennf/how-comics-were-made
date: 2024-03-25, updated: 2024-03-25, from: Daring Fireball
https://support.apple.com/en-us/112266
date: 2024-03-25, from: Daniel Stenberg Blog
On March 21 2024 we had a curl distro meeting where people from at least ten different distros and curl project members had a video meeting and talked curl and distro related topics for a while. Here is my summary of what we talked about and concluded. Attendees We had about 25 persons attending. At … Continue reading curl distro report
https://daniel.haxx.se/blog/2024/03/25/curl-distro-report/
date: 2024-03-25, updated: 2024-03-21, from: Bruce Schneier blog
The debate over professionalizing software engineers is decades old. (The basic idea is that, like lawyers and architects, there should be some professional licensing requirement for software engineers.) Here’s a law journal article recommending the same idea for AI engineers.
This Article proposes another way: professionalizing AI engineering. Require AI engineers to obtain licenses to build commercial AI products, push them to collaborate on scientifically-supported, domain-specific technical standards, and charge them with policing themselves. This Article’s proposal addresses AI harms at their inception, influencing the very engineering decisions that give rise to them in the first place. By wresting control over information and system design away from companies and handing it to AI engineers, professionalization engenders trustworthy AI by design. Beyond recommending the specific policy solution of professionalization, this Article seeks to shift the discourse on AI away from an emphasis on light-touch, ex post solutions that address already-created products to a greater focus on ex ante controls that precede AI development. We’ve used this playbook before in fields requiring a high level of expertise where a duty to the public welfare must trump business motivations. What if, like doctors, AI engineers also vowed to do no harm?…
https://www.schneier.com/blog/archives/2024/03/licensing-ai-engineers.html
date: 2024-03-25, from: Robert Reich’s blog
Friends, The 2024 general election is now underway. Like most of you, I’ve found myself immersed in many conversations about the threat to our nation — and the world — posed by Donald Trump. Just to be clear, I’m not talking about conversations with Trump
https://robertreich.substack.com/p/how-to-deal-with-the-trump-threat
date: 2024-03-25, from: John Naughton’s online diary
Director’s cut Strange juxtaposition of Andrew ‘Brillopad’ Neil and someone else. Shot in 2007. Quote of the Day “Ideas rot if you don’t do something with them. Don’t hoard them. Blog them or otherwise tell people.” Ed Dumbill Musical alternative … Continue reading
https://memex.naughtons.org/monday-25-march-2024/39274/
date: 2024-03-24, from: Robert Reich’s blog
House Republicans are determined to hit bottom
https://robertreich.substack.com/p/congresss-new-record
date: 2024-03-24, from: Om Malik blog
While my blog is about technology, I wanted to share some of the articles, videos, and other stuff I enjoyed during this past week — Om. “What you have is all you need.” Pico Iyer, A Beginner’s Guide to Japan Imagine turning your Mac Studio and an iPad into a vintage Macintosh. Clever. It is amazing …
https://om.co/2024/03/24/weekend-leftovers-good-reads-more/
date: 2024-03-24, from: Dan Rather’s Steady
A Reason To Smile
https://steady.substack.com/p/the-last-repair-shop
date: 2024-03-24, from: Liam on Linux
The thing is, that’s only part of the story.
There’s a generation of techies who are about 40 now who don’t remember this stuff well, and some of the older ones have forgotten with time but don’t realise. I had some greybeard angrily telling me that floppy drives were IDE recently. Senile idiot.
Anyway.
Preemptive multitasking is only part of the story. Lots of systems had it. Windows 2.0 could do preemptive multitasking – but only of DOS apps, and only in the base 640kB of RAM, so it was pretty useless.
It sounds good but it’s not. Because the other key ingredient is memory protection. You need both, together, to have a compelling deal. Amiga and Windows 2.x/3.x only had the preemption part, they had no hardware memory management or protection to go with it. (Windows 3.x when running on a 386 and also when given >2MB RAM could do some, for DOS apps, but not much.)
Having multiple pre-emptive tasks is relatively easy if they are all in the same memory space, but it’s horribly horribly unstable.
Also see: microkernels. In size terms, AmigaOS was a microkernel, but a microkernel without memory protection is not such a big deal, because the hard part of a microkernel is the interprocess communication, and if they can just do that by reading and writing each other’s RAM it’s trivially easy but also trivially insecure and trivially unstable.
RISC OS had pre-emptive multitasking too… but only of text-only command-line windows, and there were few CLI RISC OS apps so it was mostly useless. At least on 16-bit Windows there were lots of DOS apps so it was vaguely useful, if they’d fit into memory. Which only trivial ones would. Windows 3 came along very late in the DOS era, and by then, most DOS apps didn’t fit into memory on their own one at a time. I made good money optimising DOS memory around 1990-1992 because I was very good at it and without it most DOS apps didn’t fit into 500-550kB any more. So two of them in 640kB? Forget it.
Preemption is clever. It lets apps that weren’t designed to multitask do it.
But it’s also slow. Which is why RISC OS didn’t do it. Co-op is much quicker which is also why OSes like RISC OS and 16-bit Windows chose it for their GUI apps: because GUI apps strained the resources of late-1980s/very-early-1990s computers. So you had 2 choices:
• The Mac and GEM way: don’t multitask at all.
• The 16-bit Windows and RISC OS way: multitask cooperatively, and hope nothing goes wrong.
Later, notably, MacOS 7-8-9 and Falcon MultiTOS/MiNT/MagiC etc added coop multitasking to single-tasking GUI OSes. I used MacOS 8.x and 9.x a lot and I really liked them. They were extraordinarily usable to an extent Mac OS X has never and will never catch up with.
But the good thing about owning a Mac in the 1990s was that at least one thing in your life was guaranteed to go down on you every single day.
comments
https://liam-on-linux.dreamwidth.org/90834.html
date: 2024-03-24, from: Robert Reich’s blog
And last week’s winner
https://robertreich.substack.com/p/sunday-caption-contest-broke
date: 2024-03-24, updated: 2024-03-25, from: Daring Fireball
https://daringfireball.net/misc/2024/03/Harrison_Bergeron.pdf