Slashdot Mirror

If you have any questions about PsychOS, feel free to email me and also take a look at https://github.com/TheOuterLin...; it's like journal I've kept during making it. If you're worried about RAM, you can also run "yast" in a console and then navigate to the YaST live installer. It is not as easy as Ubiquity is for Ubuntu-based systems. I really need to make a YouTube video of it, but I've been lazy. If you're bored and looking for an extremely light and feature rich OS, try KolibriOS or MenuetOS; it's made with assembly and will fit on a floppy but works just fine from a USB. If you do some digging, you can find interesting assembly software for them such as ZSNES.

Damn, I must be rich now! https://github.com/fsufitch/gi...

For people looking for EWS integration with Thunderbird... been using this for about a year now, without any issues:

https://github.com/Ericsson/ex...

Not sure what, if anything, can easily be done to support the EAS side of things.

The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
@21m43s, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.
[Video Link] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
[Quotes] Vortrag:
"DAGGER exploits Intel's Manageability Engine (ME), that executes firmware code such as Intel's Active Management Technology (iAMT), as well as its OOB network channel."

"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker. Our presentation consists of three parts. The first part addresses how to find valuable data in the main memory of the host. The second part exploits the ME's OOB network channel to exfiltrate captured data to an external platform and to inject new attack code to target other interesting data structures available in the host runtime memory. The last part deals with the implementation of a covert network channel based on JitterBug."

"We have recently improved DAGGER's capabilites to include support for 64-bit operating systems and a stealthy update mechanism to download new attack code."

"To be more precise, we show how to conduct a DMA attack using Intel's Manageability Engine (ME)."

"We can permanently monitor the keyboard buffer on both operating system targets."

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Useful links:
The Intel ME subsystem can take over your machine, can't be audited
REcon 2014 - Intel Management Engine Secrets
Untrusting the CPU (33c3)
Towards (reasonably) trustworthy x86 laptops
30C3 To Protect And Infect - The militarization of the Internet
30c3: To Protect And Infect Part 2 - Mass Surveillance Tools & Software

1. Introduction, what is Intel ME

Short version, from Intel staff:

Re: What Intel CPUs lack Intel ME secondary processor?
Amy_Intel Feb 8, 2016 9:27 AM

The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional part in all current Intel chipsets, I even checked wit

See subject: Beyond Intel's offering here in the article summary, double-check via this free tool "openSORES" to disable AMT https://github.com/bartblaze/Disable-Intel-AMT/

* Enjoy!

APK

P.S.=> I discovered that merely disabling the AMT/Intel Mgt. Engine usermode service in Windows services.msc + using DEVICE MANAGER to remove the driver (not just disable, use REMOVE rightclick popup menu option) cuts it off COMPLETELY per these checktools!

(I.E. - I literally installed Intel Mgt. Ware to test this & uninstalled it after both tools said I was 'ok' but not an identified vendor (I home built my rig = why) - funniest part is, even Intel's uninstall said it was "not there" once I manually disabled the service & removed the driver for Mgt. Engine alone - so I had to LITERALLY reinstall it to use Intel's uninstall & then I rechecked (both tools said clean here))... apk

- HandBrake-1.0.7.dmg was replaced by another unknown malicious file that DOES NOT match the SHA1 / SHA256 hashes on our website or on our Github Wiki which mirrors these: https://github.com/HandBrake/H...

- The Affected Download mirror (download.handbrake.fr) has been shutdown for investigation.

- The Primary Download Mirror and website were unaffected.

- Downloads via the applications built-in updater with 1.0 and later are unaffected. These are verified by a DSA Signature and will not install if they don't pass.

- Downloads via the applications built-in updater with 0.10.5 and earlier did not have verification so you should check your system with these older releases

Ugh.

The fork of Owncloud?

I heard of Owncloud about 5 years ago after I gave up on CalDav to replace Gmail as a solution which would allow me to do calendaring and scheduling, contacts, notes etc. on my phone and my desktop.

My friends who were once enthusiastic about running Owncloud eventually gave up on it as a buggy mess and stopped talking about it. E.g. https://github.com/mail-in-a-box/mailinabox/issues/514

I asked around about an "Owncloud hosted environment", hoping maybe a service maintained by Owncloud staff or crazy developers might be out there offering high availability. The FOSS-heads balked at it saying "why would you want a hosted Owncloud???, it's all about data privacy and control!". No such service existed.

All of this has been a total waste of time, as I've been running on a hosted Exchange environment for 7 years now and have no problems... well except that Thunderbird Exchange support is... barely tolerable, and Evolution itself is barely tolerable. The OWA web client, Android calendar and iPhone calendar are much better than Evolution and Thunderbird for calendaring.

systemd issues .. 626 open ...

GNOME, KDE, and Cinnamon have been removed from tasksel, but can still be installed although they "are known to suffer from some glitches due to the lack of systemd."

Cannot say anything on GNOME, but KDE (both KDE4 and Plasma 5) run fine in Slackware. As for Cinnamon, there's also an excellent distribution for Slackware, Cinnamon Slackbuilds . There are also implementations for Xfce, MATE, Lumina and LX-Qt, all up to date and fully functional. No glitches due to lack of systemd at all.

I'm typing this on a Slackware64-current box, using the latest KDE Plasma with no trace of systemd.

Since Slackware manages to avoid systemd like the plague even to this day, using modern desktop environments in a systemd-free environment should be no problem.

The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
@21m43s, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.
[Video Link] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
[Quotes] Vortrag:
"DAGGER exploits Intel's Manageability Engine (ME), that executes firmware code such as Intel's Active Management Technology (iAMT), as well as its OOB network channel."

"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker. Our presentation consists of three parts. The first part addresses how to find valuable data in the main memory of the host. The second part exploits the ME's OOB network channel to exfiltrate captured data to an external platform and to inject new attack code to target other interesting data structures available in the host runtime memory. The last part deals with the implementation of a covert network channel based on JitterBug."

"We have recently improved DAGGER's capabilites to include support for 64-bit operating systems and a stealthy update mechanism to download new attack code."

"To be more precise, we show how to conduct a DMA attack using Intel's Manageability Engine (ME)."

"We can permanently monitor the keyboard buffer on both operating system targets."

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Useful links:
The Intel ME subsystem can take over your machine, can't be audited
REcon 2014 - Intel Management Engine Secrets
Untrusting the CPU (33c3)
Towards (reasonably) trustworthy x86 laptops
30C3 To Protect And Infect - The militarization of the Internet
30c3: To Protect And Infect Part 2 - Mass Surveillance Tools & Software

1. Introduction, what is Intel ME

Short version, from Intel staff:

Re: What Intel CPUs lack Intel ME secondary processor?
Amy_Intel Feb 8, 2016 9:27 AM

The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional part in all current Intel chipsets, I even checked wit

Follow-up comment:

I was not trying to troll. This project is right up my alley and I've been using raspberry pi's recently as octoprint servers for my 3D printer. Turning one of my spares into a voice recognition box is interesting to me, which is why I was disappointed that it seemed to be a black box device sending data to "the cloud" in the worst traditions of IoT devices.

A comment defending me mentioned this github:

https://github.com/google/aiyp...

It's clearly not the entire source code for the raspbian distro they are distributing, but it does suggest that there is an "Embedded Assistant API" that might run locally on the pi without internet connectivity.

I'm still reserving judgement until we hear feedback from the brave souls who build this kit.

Do we really want CDNs and proxies and mirrors to dictate what the public can and cannot see?

Absolutely not. Free speech is free speech, even if it's not necessarily something that you, personally, might agree with, and (when it works) it's a two way street - you can't get them to STFU, but they can't get you to STFU either.

That's completely apart from the doxing of people who complain directly to those that are being complained about though; something that CloudFlare has a considerable track record of doing, often quite openly on the grounds of "so many people use us, so we're too big to block". CloudFlare might be standing up for free speech, and should be applauded for that, but the way that they are doing it has some serious moral issues and has caused people to get into some incredibly ugly situations IRL because of their approach to dealing with often legitimate complaints about their seedier clients. One thing that CloudBleed made perfectly clear was that CloudFlare provides CDN services for a lot of sites with "issues" that go far beyond free speech and into borderline or outright criminality. If they're doing the right thing on free speech, it's almost certainly more by accident than design - this is definitely not a company with a working moral compass.

John Wheeler created a Flask extension for those who prefer to code their Alexa Skills in Python.

https://github.com/johnwheeler...

The project contains helpful links to get you started.

Also, please be aware that Alexa is not an AI, it is basically a voice recognition remote control robot - you program the phrases and the actions, Alexa does not learn new skills, they are explicitly programmed to appear like a natural language conversation. The intelligence is in the speech recognition and the cleverness of the skill developers.

As I waited for the Echo Dot that I ordered "for my wife" for Christmas, I researched custom code, came to the conclusion that expecting Alexa to go to the cloud for a simple "pause my TV" command was really stupid, so I coded around it, because I am a programmer and that is what we do.

I learned in my research that the Echo can talk to several different kinds of "smart" things without going to the cloud. The "Phillips Hue" being one of them... so that was my back door.

Like 10 minutes of googling told me that there is an open-source implementation of the phillips hue protocol: https://github.com/bwssytems/h...

it didn't work for me right out of the box, but I fiddled with it for a few minutes then it was fine.

From there I wrote in a few minutes a rest endpoint that could take commands from the Hue bridge, and run (locally on my computer) the code of my choice.

All told about an hour after my device arrived at my house, it can control the Roku boxes attached to both of my TVs, and it can run specific movies off of my media server with no round-trip to "the cloud" needed

it is a simple use-case, and required a little bit of "non-amazon" thinking, but it was really easy. Any self-respecting developer could do it.

The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
@21m43s, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.
[Video Link] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
[Quotes] Vortrag:
"DAGGER exploits Intel's Manageability Engine (ME), that executes firmware code such as Intel's Active Management Technology (iAMT), as well as its OOB network channel."

"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker. Our presentation consists of three parts. The first part addresses how to find valuable data in the main memory of the host. The second part exploits the ME's OOB network channel to exfiltrate captured data to an external platform and to inject new attack code to target other interesting data structures available in the host runtime memory. The last part deals with the implementation of a covert network channel based on JitterBug."

"We have recently improved DAGGER's capabilites to include support for 64-bit operating systems and a stealthy update mechanism to download new attack code."

"To be more precise, we show how to conduct a DMA attack using Intel's Manageability Engine (ME)."

"We can permanently monitor the keyboard buffer on both operating system targets."

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Useful links:
The Intel ME subsystem can take over your machine, can't be audited
REcon 2014 - Intel Management Engine Secrets
Untrusting the CPU (33c3)
Towards (reasonably) trustworthy x86 laptops
30C3 To Protect And Infect - The militarization of the Internet
30c3: To Protect And Infect Part 2 - Mass Surveillance Tools & Software

1. Introduction, what is Intel ME

Short version, from Intel staff:

Re: What Intel CPUs lack Intel ME secondary processor?
Amy_Intel Feb 8, 2016 9:27 AM

The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional part in all current Intel chipsets, I even checked wit

I've been happy with Newsblur.com: the UI has a number of improvements over Google Reader — especially the trainer which allows you to prioritize keywords, domains, authors, tags, etc. up or down (great if you follow people who share things on multiple topics and you're just not interested in one of their hobbies) and the option to have it automatically load the remote article text, which is configurable per-site — perfect for sites which only publish a snippet of the full article. The social features are decent but definitely show the market fragmentation since the number of users is so much smaller than when almost everyone was on Google Reader.

Beyond the technical aspects, there are two things which I really like about Newsblur:
1. A non-bubble business model: it's a lean but reportedly profitable service, which means you're not looking to move as soon as the venture capital runs out
2. It's all open-source: https://github.com/samuelclay/... has the entire site and the official Android and iOS clients

The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
@21m43s, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.
[Video Link] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
[Quotes] Vortrag:
"DAGGER exploits Intel's Manageability Engine (ME), that executes firmware code such as Intel's Active Management Technology (iAMT), as well as its OOB network channel."

"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker. Our presentation consists of three parts. The first part addresses how to find valuable data in the main memory of the host. The second part exploits the ME's OOB network channel to exfiltrate captured data to an external platform and to inject new attack code to target other interesting data structures available in the host runtime memory. The last part deals with the implementation of a covert network channel based on JitterBug."

"We have recently improved DAGGER's capabilites to include support for 64-bit operating systems and a stealthy update mechanism to download new attack code."

"To be more precise, we show how to conduct a DMA attack using Intel's Manageability Engine (ME)."

"We can permanently monitor the keyboard buffer on both operating system targets."

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Useful links:
The Intel ME subsystem can take over your machine, can't be audited
REcon 2014 - Intel Management Engine Secrets
Untrusting the CPU (33c3)
Towards (reasonably) trustworthy x86 laptops
30C3 To Protect And Infect - The militarization of the Internet
30c3: To Protect And Infect Part 2 - Mass Surveillance Tools & Software

1. Introduction, what is Intel ME

Short version, from Intel staff:

Re: What Intel CPUs lack Intel ME secondary processor?
Amy_Intel Feb 8, 2016 9:27 AM

The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional part in all current Intel chipsets, I even checked wit

The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
@21m43s, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.
[Video Link] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
[Quotes] Vortrag:
"DAGGER exploits Intel's Manageability Engine (ME), that executes firmware code such as Intel's Active Management Technology (iAMT), as well as its OOB network channel."

"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker. Our presentation consists of three parts. The first part addresses how to find valuable data in the main memory of the host. The second part exploits the ME's OOB network channel to exfiltrate captured data to an external platform and to inject new attack code to target other interesting data structures available in the host runtime memory. The last part deals with the implementation of a covert network channel based on JitterBug."

"We have recently improved DAGGER's capabilites to include support for 64-bit operating systems and a stealthy update mechanism to download new attack code."

"To be more precise, we show how to conduct a DMA attack using Intel's Manageability Engine (ME)."

"We can permanently monitor the keyboard buffer on both operating system targets."

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Useful links:
The Intel ME subsystem can take over your machine, can't be audited
REcon 2014 - Intel Management Engine Secrets
Untrusting the CPU (33c3)
Towards (reasonably) trustworthy x86 laptops
30C3 To Protect And Infect - The militarization of the Internet
30c3: To Protect And Infect Part 2 - Mass Surveillance Tools & Software

1. Introduction, what is Intel ME

Short version, from Intel staff:

Re: What Intel CPUs lack Intel ME secondary processor?
Amy_Intel Feb 8, 2016 9:27 AM

The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional part in all current Intel chipsets, I even checked wit

RSS got me here, and it's my personal news aggregator and podcast collector of choice. And I really like to read it on my phone in the subway and to listen to new audiobooks and sounds of friends in the evening. It's Owncloud News and Cloudnews here. And simply iTunes for podcast, as this is the only useful cast for it. https://github.com/owncloud/ne... https://itunes.apple.com/de/ap...

Aka I FUCKING TOLD YOU SO.

Newest update: On May 1st 2017, under pressure from the Vault 7 leak, Intel released a "Critical" security bulletin INTEL-SA-00075, admitting Intel Core CPU from 1st gen to 7th gen (2006-2017) all share the same critical vulnerability.

The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
@21m43s, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.
[Video Link] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
[Quotes] Vortrag:
"DAGGER exploits Intel's Manageability Engine (ME), that executes firmware code such as Intel's Active Management Technology (iAMT), as well as its OOB network channel."

"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker. Our presentation consists of three parts. The first part addresses how to find valuable data in the main memory of the host. The second part exploits the ME's OOB network channel to exfiltrate captured data to an external platform and to inject new attack code to target other interesting data structures available in the host runtime memory. The last part deals with the implementation of a covert network channel based on JitterBug."

"We have recently improved DAGGER's capabilites to include support for 64-bit operating systems and a stealthy update mechanism to download new attack code."

"To be more precise, we show how to conduct a DMA attack using Intel's Manageability Engine (ME)."

"We can permanently monitor the keyboard buffer on both operating system targets."

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Useful links:
The Intel ME subsystem can take over your machine, can't be audited
REcon 2014 - Intel Management Engine Secrets
Untrusting the CPU (33c3)
Towards (reasonably) trustworthy x86 laptops
30C3 To Protect And Infect - The militarization of the Internet
30c3: To Protect And Infect Part 2 - Mass Surveillance Tools & Software

1. Introduction, what is Intel ME

Aka I FUCKING TOLD YOU SO.

Newest update: On May 1st 2017, under pressure from the Vault 7 leak, Intel released a "Critical" security bulletin INTEL-SA-00075, admitting Intel Core CPU from 1st gen to 7th gen (2006-2017) all share the same critical vulnerability.

The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
@21m43s, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.
[Video Link] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
[Quotes] Vortrag:
"DAGGER exploits Intel's Manageability Engine (ME), that executes firmware code such as Intel's Active Management Technology (iAMT), as well as its OOB network channel."

"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker. Our presentation consists of three parts. The first part addresses how to find valuable data in the main memory of the host. The second part exploits the ME's OOB network channel to exfiltrate captured data to an external platform and to inject new attack code to target other interesting data structures available in the host runtime memory. The last part deals with the implementation of a covert network channel based on JitterBug."

"We have recently improved DAGGER's capabilites to include support for 64-bit operating systems and a stealthy update mechanism to download new attack code."

"To be more precise, we show how to conduct a DMA attack using Intel's Manageability Engine (ME)."

"We can permanently monitor the keyboard buffer on both operating system targets."

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Useful links:
The Intel ME subsystem can take over your machine, can't be audited
REcon 2014 - Intel Management Engine Secrets
Untrusting the CPU (33c3)
Towards (reasonably) trustworthy x86 laptops
30C3 To Protect And Infect - The militarization of the Internet
30c3: To Protect And Infect Part 2 - Mass Surveillance Tools & Software

1. Introduction, what is Intel ME

Aka I FUCKING TOLD YOU SO.

Newest update: On May 1st 2017, under pressure from the Vault 7 leak, Intel released a "Critical" security bulletin INTEL-SA-00075, admitting Intel Core CPU from 1st gen to 7th gen (2006-2017) all share the same critical vulnerability.

The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
@21m43s, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.
[Video Link] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
[Quotes] Vortrag:
"DAGGER exploits Intel's Manageability Engine (ME), that executes firmware code such as Intel's Active Management Technology (iAMT), as well as its OOB network channel."

"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker. Our presentation consists of three parts. The first part addresses how to find valuable data in the main memory of the host. The second part exploits the ME's OOB network channel to exfiltrate captured data to an external platform and to inject new attack code to target other interesting data structures available in the host runtime memory. The last part deals with the implementation of a covert network channel based on JitterBug."

"We have recently improved DAGGER's capabilites to include support for 64-bit operating systems and a stealthy update mechanism to download new attack code."

"To be more precise, we show how to conduct a DMA attack using Intel's Manageability Engine (ME)."

"We can permanently monitor the keyboard buffer on both operating system targets."

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Useful links:
The Intel ME subsystem can take over your machine, can't be audited
REcon 2014 - Intel Management Engine Secrets
Untrusting the CPU (33c3)
Towards (reasonably) trustworthy x86 laptops
30C3 To Protect And Infect - The militarization of the Internet
30c3: To Protect And Infect Part 2 - Mass Surveillance Tools & Software

1. Introduction, what is Intel ME

Aka I FUCKING TOLD YOU SO.

Newest update: On May 1st 2017, under pressure from the Vault 7 leak, Intel released a "Critical" security bulletin INTEL-SA-00075, admitting Intel Core CPU from 1st gen to 7th gen (2006-2017) all share the same critical vulnerability.

The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
@21m43s, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.
[Video Link] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
[Quotes] Vortrag:
"DAGGER exploits Intel's Manageability Engine (ME), that executes firmware code such as Intel's Active Management Technology (iAMT), as well as its OOB network channel."

"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker. Our presentation consists of three parts. The first part addresses how to find valuable data in the main memory of the host. The second part exploits the ME's OOB network channel to exfiltrate captured data to an external platform and to inject new attack code to target other interesting data structures available in the host runtime memory. The last part deals with the implementation of a covert network channel based on JitterBug."

"We have recently improved DAGGER's capabilites to include support for 64-bit operating systems and a stealthy update mechanism to download new attack code."

"To be more precise, we show how to conduct a DMA attack using Intel's Manageability Engine (ME)."

"We can permanently monitor the keyboard buffer on both operating system targets."

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Useful links:
The Intel ME subsystem can take over your machine, can't be audited
REcon 2014 - Intel Management Engine Secrets
Untrusting the CPU (33c3)
Towards (reasonably) trustworthy x86 laptops
30C3 To Protect And Infect - The militarization of the Internet
30c3: To Protect And Infect Part 2 - Mass Surveillance Tools & Software

1. Introduction, what is Intel ME

Aka I FUCKING TOLD YOU SO.

Obligatory:Intel CPU Backdoor Report (May 1sts 2017)

The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

Newest update: On May 1st 2017, under pressure from the Vault 7 leak, Intel released a "Critical" security bulletin , admitting Intel Core CPU from 1st gen to 7th gen (2006-2017) all share the same critical vulnerability.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
@21m43s, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.
[Video Link] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
[Quotes] Vortrag:
"DAGGER exploits Intel's Manageability Engine (ME), that executes firmware code such as Intel's Active Management Technology (iAMT), as well as its OOB network channel."

"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker. Our presentation consists of three parts. The first part addresses how to find valuable data in the main memory of the host. The second part exploits the ME's OOB network channel to exfiltrate captured data to an external platform and to inject new attack code to target other interesting data structures available in the host runtime memory. The last part deals with the implementation of a covert network channel based on JitterBug."

"We have recently improved DAGGER's capabilites to include support for 64-bit operating systems and a stealthy update mechanism to download new attack code."

"To be more precise, we show how to conduct a DMA attack using Intel's Manageability Engine (ME)."

"We can permanently monitor the keyboard buffer on both operating system targets."

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Useful links:
The Intel ME subsystem can take over your machine, can't be audited
REcon 2014 - Intel Management Engine Secrets
Untrusting the CPU (33c3)
Towards (reasonably) trustworthy x86 laptops
30C3 To Protect And Infect - The militarization of the Internet
30c3: To Protect And Infect Part 2 - Mass Surveillance Tools & Software

1. Introduction, what is Intel ME

Short version, from Inte

Similarly, when Google Reader shut down, I started my own RSS reader: https://github.com/dhasenan/pi...

Oddly enough, I never actually used Google Reader. I didn't use any RSS reader before then. I just used the announcement as a reminder to take a look.

Got you covered!

I would hope reproducing research would take longer because just reproducing it doesn't do anyone any good, you should want to use previous work to incorporate into your own hypothesis and eliminate any confounding variables the original authors may have in their discussion section. Most research papers are only 10 pages...maybe. I've come across a few that are about 40-50 pages long with no skipping on the math or setup. I think people don't go too much into detail because of the expense and time in publishing, or lack confidence in their work (college students are notorious for this), or the researchers have more future ideas that may lead to a patent.

As for me, I try to take down everything I can. Give you an example, I've been creating and maintaining my own Linux distro for personal research for a while now. Everything I do to it, regardless of whether I have a new release as of yet, goes here: https://github.com/theouterlin.... Any updates contradicting what I have said previously gets a note below it either as [See entry ...] or [Update "Date":] and so forth. I'm still kind of playing around with the format. But, I have this "journey journal" of sorts not just because it may help someone else create their own distro, but as a way to build trust.

I wish we could all see researcher's lab notebooks, as god-awful as most of them are.

A first-pass screening test is to see if TCP port 445 is open. Most hosts will have 445 blocked by the firewall, thereby providing a degree of protection for the vulnerable SMB.

If 445 is open, that does not mean the host is compromised, but it is likely to vulnerable. This Metasploit module is one check that can be run:

https://github.com/rapid7/meta...

More information can be found on the Alert Logic blog and our various teams will continue to post there and elsewhere as more information is made available.
https://www.alertlogic.com/res...

I know Alert Logic has other resources posted elsewhere, but unfortunately I don't know the exact URLs off hand. My team sends technical details to another team, who aggregates it with information developed by other teams, then they forward it to the PR people who post it for you to read, with other, more detailed information provided to customers. So personally I only know where I send the information internally, but not where you can read all of it.

So now, the inmates are running the asylum.

they always did!

What we're seeing here is the result of feature creep being integrated into standards because the W3C is financed by donations of corporations. As a result they have lost their spine and the ability to say no to bad ideas. So now, the inmates are running the asylum.

"Peopleware: Productive Projects and Teams" explains how supporting true team spirit is a key aspect of a high-performance organization. You can find some good evidence in there for your point.

The authors also explain better ways to manage email. Here are subheadings from the book chapter:

Chapter 33: E(vil) Mail 199
In Days of Yore 199
Corporate Spam 200
What Does "FYI" Even Mean? 200
Is This an Open Organization or a Commune? 201
Repeal Passive Consent 201
Building a Spam-less Self-Coordinating Organization 202

In general, their focus on good use of email is on helping people in organizations self-coordinate. It is more a vision of the manager as supporting good communications within and between teams versus than a manager being a hub of communications. So, to them, lots of CCs on emails suggest the possibility of some sort of organizational dysfunction which could be corrected by training people to be more self-coordinating.

That book is the second item I list here in a curated reading list on creating and sustaining high-performance organizations:
https://github.com/pdfernhout/...

Another book by one of the authors (Tom DeMarco) is listed as the first item: "Slack: Getting Past Burnout, Busywork, and the Myth of Total Efficiency"

But, this is all easier said than done in practice.

It's amazing how quickly you can filter out folks just based on a few quick tests...

e.g. during an interview, give them a laptop with a terminal, and ask them to write a program to read in a number, and output a "yes" or "no" answer depending on whether the number is prime

My answer is one line:

wget https://github.com/kimwalisch/...

And I can tell you why I would use primesieve and not primegen, the former fast prime searcher, but I'm damned if I'll reinvent that wheel, badly. (Hehe. Wheel. It's funny, 'cause both the sieve of Eratosthenes and Atkin's sieve are implemented with wheel factorization.)

Or we could talk about an implementation that simply looks up the number in a flat file that's a bit field of the primes marked. The first 100 million natural numbers take up 11.9MB uncompressed, and that can be deflated probably by a factor of 5 at least, maybe more. Uncompressed, you just mmap the file and read at the calculated offset. On a system equipped with an SSD, finding the answer is faster than actually printing the letters "y", "e", and "s" or the letters "n" and "o" to the terminal.

And I still won't write that code for you. (But I am job hunting. You hiring?)

*vomitting sound*

This did: https://gist.github.com/simons... They got paid.

They announced it. Will use the money to upgrade their systems etc. Selling off 8 million IP addresses. I think that's worth around $100 million.

https://gist.github.com/simons...

"Fourteen million of these IPv4 addresses have not been used, and we have concluded that at least eight million are excess and can be sold without impacting our current or future needs, up to the point when IPv6 becomes universal and address scarcity is no longer an issue. The Institute holds a block of 20 times 10^30 (20 nonillion) IPv6 addresses.

"As part of our upgrade to IPv6, we will be consolidating our in-use IPv4 address space to facilitate the sale of MIT’s excess IPv4 capacity. Net proceeds from the sale will cover our network upgrade costs, and the remainder will provide a source of endowed funding for the Institute to use in furthering its academic and research mission.

systemd is a major improvement over what we had before, more modular, easier to read configuration, more flexible.

Bwahaha! Have a look here to see what kind of moron the creator of systemd is. This is in addition to all the other crap systemd does. Thanks RedHat for embrace-extending Linux. We are forever grateful.

For Android there is the excellent XPrivacy. It allows you to allow or deny permissions with as much granularity as you like. More importantly it allows you to feed garbage (either random or specifically set by you) when disabling a permission breaks an app. It requires root and the Xposed framework.

I'm not aware of anything similar for Apple devices.

It would also be very nice to have something similar for web browsers. There are some basic solutions but ideally I'd like a complete shim for all JavaScript functions that can impact privacy or profile users. Basically XPrivacy for browsers. uMatrix and NoScript are nice for selectively enabling JavaScript on a site-by-site basis, but I'd like to have more granular control to be able to deny access or feed bogus data to sensitive JavaScript functions/variables.

It's been studied repeatedly

So where's your cites to any of these studies?

there are simply far more open source projects under the GPL-family of licenses than any other license. That implies it is chosen by more free/open source developers than any other license - which makes it the most popular.

Oh really?

1 MIT 44.69%
2 Other 15.68%
3 GPLv2 12.96%
4 Apache 11.19%
5 GPLv3 8.88%
6 BSD 3-clause 4.53%
7 Unlicense 1.87%
8 BSD 2-clause 1.70%
9 LGPLv3 1.30%
10 AGPLv3 1.05%

Why yes it can actually: https://github.com/raspberrypi.... It works really well for snes and nes emulation but you have to tweak settings a bit in the retroarch config to get it pixel perfect. I'm really enjoying 240p on my Trinitron CRT using the zune av cables. I've preordered a Retrotink-C hat for component output but the composite output is just fine if you're feeling nostalgic.

A lot could be learned by observing what the developers of the Rust programming language project do when running their project.

They're dealing with a large project that covers a complex domain, a huge amount of code, and many developers scattered across the globe.

The first thing to do is to use git, and perhaps something like GitHub. This will allow your developers to collaborate using a free and open source version control system.

Next, you need a Code of Conduct to prevent social injustice from negatively affecting the project. A Moderation Team is tasked with ensuring that everyone is tolerant, and any intolerance will be ruthlessly stamped out.

Changes go through a request for comments process. This keeps everything organized and everybody on the same page. Bugs have detailed bug reports and discussion.

GitHub pull requests are used to integrate the changes. All changes are reviewed by somebody else. If you're a lucky contributor, you may even have your contribution reviewed by none other than Steve Klabnik zerself! If the review passes then their automatic integration/merging bot will merge the pull request into the master branch.

Your project doesn't have to follow the exact same approach that the Rust project follows, of course. But I think that there are a lot of things that any large software development project could learn from how the Rust developers work. Their approach has scaled to over 1,700 contributors!

A lot could be learned by observing what the developers of the Rust programming language project do when running their project.

They're dealing with a large project that covers a complex domain, a huge amount of code, and many developers scattered across the globe.

The first thing to do is to use git, and perhaps something like GitHub. This will allow your developers to collaborate using a free and open source version control system.

Next, you need a Code of Conduct to prevent social injustice from negatively affecting the project. A Moderation Team is tasked with ensuring that everyone is tolerant, and any intolerance will be ruthlessly stamped out.

Changes go through a request for comments process. This keeps everything organized and everybody on the same page. Bugs have detailed bug reports and discussion.

GitHub pull requests are used to integrate the changes. All changes are reviewed by somebody else. If you're a lucky contributor, you may even have your contribution reviewed by none other than Steve Klabnik zerself! If the review passes then their automatic integration/merging bot will merge the pull request into the master branch.

Your project doesn't have to follow the exact same approach that the Rust project follows, of course. But I think that there are a lot of things that any large software development project could learn from how the Rust developers work. Their approach has scaled to over 1,700 contributors!

A lot could be learned by observing what the developers of the Rust programming language project do when running their project.

They're dealing with a large project that covers a complex domain, a huge amount of code, and many developers scattered across the globe.

The first thing to do is to use git, and perhaps something like GitHub. This will allow your developers to collaborate using a free and open source version control system.

Next, you need a Code of Conduct to prevent social injustice from negatively affecting the project. A Moderation Team is tasked with ensuring that everyone is tolerant, and any intolerance will be ruthlessly stamped out.

Changes go through a request for comments process. This keeps everything organized and everybody on the same page. Bugs have detailed bug reports and discussion.

GitHub pull requests are used to integrate the changes. All changes are reviewed by somebody else. If you're a lucky contributor, you may even have your contribution reviewed by none other than Steve Klabnik zerself! If the review passes then their automatic integration/merging bot will merge the pull request into the master branch.

Your project doesn't have to follow the exact same approach that the Rust project follows, of course. But I think that there are a lot of things that any large software development project could learn from how the Rust developers work. Their approach has scaled to over 1,700 contributors!

I have such a fondness for that old Apple, I've spent the last few weeks writing an emulator.

Rather than reinvent the wheel, why not contribute?

See also the vidstab filter for ffmpeg - open source goodness that does about as well: https://github.com/georgmartiu...

Heck, some independent tests would help.

Microsoft can hardly go out and do independent tests now can they, they provide all the information and anybody with an ounce of technical knowledge can repeat them. But of course you just prefer to be an armchair keyboard warrior instead of doing anything.
You can find the BrowserEfficiencyTest here: https://github.com/MicrosoftEdge/BrowserEfficiencyTest.
And just in case you think there's some funny business going on of Windows hobbling Chrome you can then run the same test for Chrome on both Windows and macOS/Linux.

Leaving the computer off drains the battery even slower. Hence, by your reasoning, leaving the computer off is superior to running Edge. I'm finding that conclusion almost plausible.

Are you really a mouthbreathing idiot? Or is it just because Microsoft is the topic here that you pretend to be one? Perhaps it is the former and you do indeed need it explained to you that what is being compared here is the power consumption of one browser with another, not "how do we use the least power by any means necessary". I really thought this community had risen above being as dense as you are.

Very little functionality exists on these Chromebooks (making them dumb).

The amount of functionality included in bundled apps isn't what makes a device smart or dumb. It's the extensibility.

They are nothing more than the modern equivalent of a VT100.

That's completely false. You clearly have never owned a VT100. My first glass terminal (that I owned) was a VT100-AA. It didn't have the ability to run any kind of code locally aside from what is in ROM. The only settings were for tab stops and communications parameters.

Not only does Chromium on ChromeOS have a[n admittedly limited] built in shell, but you can add app-like functionality to it. For example, there is a GUI SSH client addon. And if you enable developer mode then you can tamper with the system, whether installing busybox or a full Linux environment via Crouton. This is not a complete reinstallation, but a chrooted Linux install using the existing kernel.

Very little functionality exists on these Chromebooks (making them dumb).

The amount of functionality included in bundled apps isn't what makes a device smart or dumb. It's the extensibility.

They are nothing more than the modern equivalent of a VT100.

That's completely false. You clearly have never owned a VT100. My first glass terminal (that I owned) was a VT100-AA. It didn't have the ability to run any kind of code locally aside from what is in ROM. The only settings were for tab stops and communications parameters.

Not only does Chromium on ChromeOS have a[n admittedly limited] built in shell, but you can add app-like functionality to it. For example, there is a GUI SSH client addon. And if you enable developer mode then you can tamper with the system, whether installing busybox or a full Linux environment via Crouton. This is not a complete reinstallation, but a chrooted Linux install using the existing kernel.

There is flix4kodi (sourcewhich launches Chrome in full-screen, and worked for me about a year ago.

And of course recent posts indicate that it is no longer working :-(.

I'd love to be able to use Kodi for all of my media viewing - ideally including live TV as well. If Kodi had a Netflix plugin, we'd use Kodi in place of the crappy Netflix player built into the TV.

There is flix4kodi (sourcewhich launches Chrome in full-screen, and worked for me about a year ago. But then of course you'll probably need a mouse and/or keyboard (which I don't need otherwise) to navigate inside the browser window instead of using a remote or the Kore smartphone app, and Chrome on Linux was still limited on 720p last time I tried. And since Netflix didn't really have anything I wanted to watch at the time, I haven't used it recently.

If they had an Amazon Video plugin, we'd ditch the Amazon FireTV box too. If there was a decent way to hook up a MythTV server and Kodi, then we could ditch the satellite box too. We'd be down to a couple of raspberry pis to do the lot. Sounds pretty awesome to me.

Yep, I really wouldn't mind paying for Prime Video to watch The Grand Tour, but I'm not going to watch anywhere but on my TV, and the only thing connected to it is Kodi on Linux. If Prime Video worked well on Kodi on Linux, I would definitely trial it ...

I thought the PVR branch was merged into recent versions of Kodi, and I thought it supported two backends, one of which was Myth?