Slashdot Mirror

This seems to happen whenever an OSS project goes mainstream and someone decides they want to be "respected" by the evil jerks who created the situation that led to the OSS project being created in the first place. If they create addons with DRM they will have to be binary only and separate from KODI itself since KODI is GPL2. That said KODI even points you to forks should you dislike their new direction

Wonder what kind of remote attack vector is hidden in Intel Wireless Display/Anti-Theft.

The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
@21m43s, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.
[Video Link] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
[Quotes] Vortrag:
"DAGGER exploits Intel's Manageability Engine (ME), that executes firmware code such as Intel's Active Management Technology (iAMT), as well as its OOB network channel."

"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker. Our presentation consists of three parts. The first part addresses how to find valuable data in the main memory of the host. The second part exploits the ME's OOB network channel to exfiltrate captured data to an external platform and to inject new attack code to target other interesting data structures available in the host runtime memory. The last part deals with the implementation of a covert network channel based on JitterBug."

"We have recently improved DAGGER's capabilites to include support for 64-bit operating systems and a stealthy update mechanism to download new attack code."

"To be more precise, we show how to conduct a DMA attack using Intel's Manageability Engine (ME)."

"We can permanently monitor the keyboard buffer on both operating system targets."

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Useful links:
The Intel ME subsystem can take over your machine, can't be audited
REcon 2014 - Intel Management Engine Secrets
Untrusting the CPU (33c3)
Towards (reasonably) trustworthy x86 laptops
30C3 To Protect And Infect - The militarization of the Internet
30c3: To Protect And Infect Part 2 - Mass Surveillance Tools & Software

1. Introduction, what is Intel ME

Short version, from Intel staff:

Re: What Intel CPUs lack Intel ME secondary processor?
Amy_Intel Feb 8, 2016 9:27 AM

The Management Engine (ME) is an isolated and protected

Can't decide on a VPN service?

No problem, roll your own... streisand

"Streisand sets up a new server running L2TP/IPsec, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, a Tor bridge, and WireGuard. It also generates custom instructions for all of these services. At the end of the run you are given an HTML file with instructions that can be shared with friends, family members, and fellow activists."

It's weird to see people get all bent out of shape about Windows collecting data, but then totally ignore the open source projects that really aren't any better.

Just look at how much data Firefox collects and sends to Mozilla or others.

Or consider the data that Homebrew collects and sends off.

Some open source supporters will make claims like "But they're being transparent!" or "But you can opt out!" or some other nonsense like that.

But guess what? None of that matters!

The real real problem, which you missed, is that it's possible for this software to collect and transmit such data to begin with.

Disclosure and "transparency" don't matter. Being able to opt-out doesn't matter.

Getting rid of any and all software support for such data collection is what matters!

Until open source projects like Firefox and Homebrew totally remove all support for any and all data collection, we cannot consider them to be any better than Windows, or conversely, we can't consider Windows to be any worse than projects like Firefox and Homebrew.

The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
@21m43s, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.
[Video Link] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
[Quotes] Vortrag:
"DAGGER exploits Intel's Manageability Engine (ME), that executes firmware code such as Intel's Active Management Technology (iAMT), as well as its OOB network channel."

"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker. Our presentation consists of three parts. The first part addresses how to find valuable data in the main memory of the host. The second part exploits the ME's OOB network channel to exfiltrate captured data to an external platform and to inject new attack code to target other interesting data structures available in the host runtime memory. The last part deals with the implementation of a covert network channel based on JitterBug."

"We have recently improved DAGGER's capabilites to include support for 64-bit operating systems and a stealthy update mechanism to download new attack code."

"To be more precise, we show how to conduct a DMA attack using Intel's Manageability Engine (ME)."

"We can permanently monitor the keyboard buffer on both operating system targets."

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Useful links:
The Intel ME subsystem can take over your machine, can't be audited
REcon 2014 - Intel Management Engine Secrets
Untrusting the CPU (33c3)
Towards (reasonably) trustworthy x86 laptops
30C3 To Protect And Infect - The militarization of the Internet
30c3: To Protect And Infect Part 2 - Mass Surveillance Tools & Software

1. Introduction, what is Intel ME

Short version, from Intel staff:

Re: What Intel CPUs lack Intel ME secondary processor?
Amy_Intel Feb 8, 2016 9:27 AM

The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional part in all current Intel chipsets, I even checked wit

Instead of speculating about what software developers might look like, let's look at some actual photographs of actual software developers.

The Rust programming language contributors list is a good place to start.

Although not every developer has uploaded a photograph, many of them have.

Let's look at some examples.

This is what an actual software developer looks like.

This is what an actual software developer looks like.

This is what an actual software developer looks like.

This is what an actual software developer looks like.

Those are what actual software developers look like.

Chrome OS running crouton is fantastic. Run Linux apps in Chrome tabs. (Check out xiwi. Running Firefox in a Chrome OS tab is fun!)

Combined with Android apps on Chrome OS maturing, it's not just about JavaScipt anymore.

For a language that's supposed to make it so much harder to write buggy code, Rust's implementation (which is written in Rust, like you point out) sure is buggy! Right now there are over 3,000 open issues and over 17,000 closed ones.

If the people who developed the language itself, and who presumably know it best, can't even reliably use it to create bug-free code, how are normal programmers supposed to be able to?

And don't waste our time trying to compare Rust's implementation to GCC by saying "But GCC has bugs, too!". GCC is massive compared to Rust. It includes front-ends for numerous languages (C, C++, Objective-C, Objective-C++, Fortran, Ada, and Java, among others), plus numerous back-ends for a variety of platforms, plus a lot of other code. Rust is tiny in comparison. It's just a simple compiler front end for one language, and a limited standard library.

Ignoring the bug problem, it's not like Rust has helped the Rust developers themselves develop their product faster, either. Rust 1.0 was very much delayed. It isn't just the Rust implementation that was affected by this. Servo, which is also developed by Moz://a and which features some of the same people who are working on Rust, is taking forever to product something usable. Even IE 3 gives a better experience at this point.

When we look at the evidence, Rust doesn't fare well at all. It just doesn't live up to the hype. It doesn't help avoid bugs. It doesn't increase programmer productivity. It puts you through a lot of pain for no gain.

I tried it. It works (for some values of "works") but the question is wrong. I had Rage working in Wine on Linux *with* CUDA support using someone's special wine-cuda wrapper hack, and it worked amazingly well, for all of 2 weeks then never worked again. I won't bore you with the sad technical details but the take away is that the real question that should be asked here is "Can Linux run a GPU-Computing application written for Windows without Nvidia's permission?"

References:
the code
back when it worked

HTML is a useful way of encoding static documents -- but it does not belong in a single-page application in my opinion. Stuff like JSX or Angular2 templates takes a standard (HTML) and makes adhoc changes -- which is a bad thing to do to a standard!

Mithril does the right thing by generating DOM from real programming code. If you use Mithril from TypeScript like I do, all that DOM-generating code is easily refactorable using an IDE just like any other code.

If you also use Tachyons.js or similar for CSS, you can also do styling in the same file -- like any standard development system in the past (like Java or Python or Smalltalk).

It's really sad that JavaScript developers are forced to be less productive their entire careers and have ugly lumps of junk in the middle of their source code just in case some "designer" might want to spend an hour playing with HTML and CSS in the application.

Ask a Java programmer if they want to code UIs that way -- with three files for every UI page written in three different languages -- three files that most IDEs can't even connect together for navigation and semantic search and refactoring.

My biggest Mithril app to date:
https://github.com/pdfernhout/...
https://narrafirma.com/try-nar...

It's really unfortunate some Slashdot editor saw fit to announce this on April Fools because it makes it less likely people will take is seriously.

...and Inferno is much faster.

You need to run them on Windows. Deal killer.

It's not 2005 any longer. Modern versions of ASP.NET, C# and .NET Core run on Windows, Linux and macOS, in addition to being open source.

Here are some links to browse if you're interested in getting up to date:
- https://www.asp.net/open-source
- https://github.com/microsoft/dotnet
- https://github.com/aspnet
- https://dotnetfoundation.org/
- https://www.microsoft.com/net/core#linuxredhat
- https://www.microsoft.com/net/core#macos

Even SQL Server is being ported to Linux.

The Microsoft of 2017 is not the Microsoft of the early 2000s.

You need to run them on Windows. Deal killer.

It's not 2005 any longer. Modern versions of ASP.NET, C# and .NET Core run on Windows, Linux and macOS, in addition to being open source.

Here are some links to browse if you're interested in getting up to date:
- https://www.asp.net/open-source
- https://github.com/microsoft/dotnet
- https://github.com/aspnet
- https://dotnetfoundation.org/
- https://www.microsoft.com/net/core#linuxredhat
- https://www.microsoft.com/net/core#macos

Even SQL Server is being ported to Linux.

The Microsoft of 2017 is not the Microsoft of the early 2000s.

Try the TrackMeNot plugin: https://cs.nyu.edu/trackmenot/ and source at: https://github.com/vtoubiana/T...

It doesn't hide anything that you are doing, so the signal is still there, but it sure puts up a lot of noise. If you are technically minded, please consider improving the software / forking and trying different things.

The tools we used to do this are at https://github.com/openssl/too...

For palemoon users, check Decentraleyes github for an xpi that works.
https://github.com/Synzvato/de...

It was a dual license. One of the licenses was unique to OpenSSL. LibreSSL is no better in this sense, and seems to have the exact OpenSSL license, as listed here:

* https://github.com/libressl/li...

The Apache license has been more portable and more acceptable to many developers and software publishers. It will be very interesting to see how this plays out.

Microsoft has actually done a good job with Visual Studio Code.

If you're willing to completely dismiss performance concerns then yes, great work. On the other hand, if you care about performance, and memory usage, it's pretty hard to do worse than VSCode without including including something like Eclipse or Intellij in the survey.

http://pdfernhout.net/on-fundi...
"Consider again the self-driving cars mentioned earlier which now cruise some streets in small numbers. The software "intelligence" doing the driving was primarily developed by public money given to universities, which generally own the copyrights and patents as the contractors. Obviously there are related scientific publications, but in practice these fail to do justice to the complexity of such systems. The truest physical representation of the knowledge learned by such work is the codebase plus email discussions of it (plus what developers carry in their heads).
    We are about to see the emergence of companies licensing that publicly funded software and selling modified versions of such software as proprietary products. There will eventually be hundreds or thousands of paid automotive software engineers working on such software no matter how it is funded, because there will be great value in having such self-driving vehicles given the result of America's horrendous urban planning policies leaving the car as generally the most efficient means of transport in the suburb. The question is, will the results of the work be open for inspection and contribution by the public? Essentially, will those engineers and their employers be "owners" of the software, or will they instead be "stewards" of a larger free and open community development process?"

And also, earlier, this to Ray Kurzweil in 2000:
http://heybryan.org/fernhout/k...
"... It will be difficult for you to change your opinion on this because you have been heavily rewarded for riding the digital wave. You were making money building reading machines before I bought my first computer -- a Kim-I. But, I think someday the contradiction may become apparent of thinking the road to spiritual enlightenment can come from material competition (a point in your book which deserves much further elaboration). To the extent material competition drives the development of the digital realm the survival of humanity is in doubt.
    Still, you are a bright guy. If you study ecology and evolution in more detail, I think you may change your conclusion, or at least admit the significant probability of a bad outcome, and that we should plan
accordingly.
    If you do change your opinion in the future, and wish to fund work related to helping ensure humanity survives the birth of the digital realm, please remember me.
    MOSH to the end I guess!"

The Bayh-Dole Act is a big part of that disaster (letting universities privatize gains and tightly control use of what they make an with public funds rather than insist publicly funded research goes into the public domain):
https://en.wikipedia.org/wiki/...
https://www.theatlantic.com/ma...

Anyway, I'm still trying to limp along making glacially slow progress doing free stuff (Twirlip/Pointrel/etc.) on GitHub in increasingly vanishing spare time... My latest small increment:
"High Performance Organizations Reading List"
https://github.com/pdfernhout/...

You evidently didn't know the entire source for UEFI is available. I have git cloned it and built and used it successfully. Of course, that doesn't tell you about the UEFI build running on your system, but it DOES allow you to roll your own.

Are you people really stupid or just paid shill? Or you have some kind of weak mind that you just can't accept how bad things are?

You really need to look at reality more before talking out of your ass, they've got you by the balls.

I just updated the report:

7. Active Intel ME Example:
Thinkpad X201 has KVM and Anti-Theft (internal 3G) enabled by default

intelmetool -s

ME: Firmware Version 0.996.511.0

ME Capability- Full Network manageability - ON
ME Capability- Regular Network manageability - OFF
ME Capability- Manageability - ON
ME Capability- Small business technology - OFF
ME Capability- Level III manageability - OFF
ME Capability- Intel Anti-Theft (AT) - ON
ME Capability- Intel Capability Licensing Service (CLS) - ON
ME Capability- Intel Power Sharing Technology (MPC) - ON
ME Capability- ICC Over Clocking - ON
ME Capability- Protected Audio Video Path (PAVP) - ON
ME Capability- IPV6 - ON
ME Capability- KVM Remote Control (KVM) - ON
ME Capability- Outbreak Containment Heuristic (OCH) - OFF
ME Capability- Virtual LAN (VLAN) - OFF
ME Capability- TLS - ON
ME Capability- Wireless LAN (WLAN) - OFF

The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
@21m43s, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.
[Video Link] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
[Quotes] Vortrag:
"DAGGER exploits Intel's Manageability Engine (ME), that executes firmware code such as Intel's Active Management Technology (iAMT), as well as its OOB network channel."

"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker. Our presentation consists of three parts. The first part addresses how to find valuable data in the main memory of the host. The second part exploits the ME's OOB network channel to exfiltrate captured data to an external platform and to inject new attack code to target other interesting data structures available in the host runtime memory. The last part deals with the implementation of a covert network channel based on JitterBug."

"We have recently improved DAGGER's capabilites to include support for 64-bit operating systems and a stealthy update mechanism to download new attack code."

"To be more precise, we show how to conduct a DMA attack using Intel's Manageability Engine (ME)."

"We can permanently monitor the keyboard buffer on both operating system targets."

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Useful links:
The Intel ME subsystem can take over your machine, can't be audited
REcon 2014 - Intel Management Engine Secrets
Untrusting the CPU (33c3)
Towards (reasonably) trustworthy x86 laptops
30C3 To Protect And Infect - The militarization of the Internet
30c3: To Protect And Infect Part 2 - Mass Surveillance Tools & Software

1. Introduction, what is Intel ME

Short version, from Intel staff:

Re: What Intel CPUs lack Intel ME secondary processor?
Amy_Intel Feb 8, 2016 9:27 AM

The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional part in all current Intel chipsets, I even checked with the en

Obligatory: Intel CPU Backdoor Report

Intel CPU Backdoor Report (Updated Mar 13, 2017)

The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
@21m43s, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.
[Video Link] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
[Quotes] Vortrag:
"DAGGER exploits Intel's Manageability Engine (ME), that executes firmware code such as Intel's Active Management Technology (iAMT), as well as its OOB network channel."

"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker. Our presentation consists of three parts. The first part addresses how to find valuable data in the main memory of the host. The second part exploits the ME's OOB network channel to exfiltrate captured data to an external platform and to inject new attack code to target other interesting data structures available in the host runtime memory. The last part deals with the implementation of a covert network channel based on JitterBug."

"We have recently improved DAGGER's capabilites to include support for 64-bit operating systems and a stealthy update mechanism to download new attack code."

"To be more precise, we show how to conduct a DMA attack using Intel's Manageability Engine (ME)."

"We can permanently monitor the keyboard buffer on both operating system targets."

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Useful links:
The Intel ME subsystem can take over your machine, can't be audited
REcon 2014 - Intel Management Engine Secrets
Untrusting the CPU (33c3)
Towards (reasonably) trustworthy x86 laptops
30C3 To Protect And Infect - The militarization of the Internet
30c3: To Protect And Infect Part 2 - Mass Surveillance Tools & Software

1. Introduction, what is Intel ME

Short version, from Intel staff:

Re: What Intel CPUs lack Intel ME secondary processor?
Amy_Intel Feb 8, 2016 9:27 AM

The Management Engine (ME) is an isolated and protected cop

Oblig Fizz Buzz solution.

https://github.com/pdfernhout/...

The most important for a company to re-invent itself is the first item and it relates to "shoplifting all of the spare hours":

"Slack: Getting Past Burnout, Busywork, and the Myth of Total Efficiency (by Tom DeMarco)"
https://www.amazon.com/Slack-G...

He says there is a tradeoff between efficiency meeting old needs quickly) versus effectiveness (meeting new needs with flexibility & responsiveness).

DeMarco points out that it is precisely the middle management layer that needs some slack time the most to be able to innovate in ways that lead to organizational learning. But everyone needs slack time to take part in that too. IBM is likely going in the completely wrong direction if it is reeling people in to presumably over-schedule them even more.

I last worked for IBM in Research about sixteen years ago myself... The project I worked the most on was the IBM Personal Speech Assistant (a forerunner to Siri and such). The team was very proud that Lou asked for one for his office:
http://liamcomerford.com/alpha...

But -- I had enough "slack" then (after a year of hard work) that when my then supervisor (his site above) went on a two week vacation, I build a speech activated display wall out of used ThinkPads which looked a lot like a Jeopardy board. (A coworker said it was a a good thing I was not in the lab when my supervisor first walked in after his vacation. :-) I always wonder though if years later that spark led to the idea of Watson being on Jeopardy?

Still think a conversational display wall is a good idea to pursue further. And I still want to make a programming language tailored to being edited easily via voice recognition. Of course IBM has long since sold off ViaVoice... And while there was some slack in Research then around 2000, I was told it was nothing like what was there in the 1970s and 1980s where a lot more creativity was possible. So, even then, these ideas were unlikely to be pursue-able.

And also around 2000, on teamwork at Research, one thing I heard at lunch was someone saying something like "We hire the top people from the most competitive schools and then wonder why they have trouble getting along.." There is a certain lack of diversity as well from such hiring practices.

Fabric3 is a Java container.

No, you dumb twat, the fabric3 under discussion is a python module, as the 'pip3 install fabric3' command would have suggested to you, if you weren't a half-wit with no knowledge of python, and no legitimate reason to be near the business end of a computer.

The only thing I blast to my servers are static web files. I have Python 3, Java and Ant installed on my laptop.

Even easier - install python 2.7 as well, learn to virtualenv to keep your installation repeatable & uncluttered, and use the pelican module out of the box with fabric. You've INVENTED a need for a new tool by specifying requirements that aren't requirements. You didn't HAVE to go install a JDK and Ant, you are not constrained by the version of python already installed on your laptop. Or do yourself one better, vagrant up a centos-based host, and use a proper fucking development machine instead of some half-assed "I'm an IT guy who loves to talk about the right tool for the job, but can't apparently discern what the right tool for a job is, or that the tools I'm already using offer the exact functionality I say I need out of the box."

Which is what I'm already doing for my websites.

Websites = content you publish. All the other shit that you have to download, write, and manage to that end is tooling that serves the goal of publishing your content. If publishing your content can be achieved in these two ways:
1) download a few existing packages, then combine them to use their native functionality to publish your website;
2) download the same few existing packages, then wrap them in a bunch of custom scripting from 2 other tools to replace the native functionality already available to you without the wrapper to publish your website;

Then the proper choice is *always* #1. ALWAYS. Writing a bunch of one-off support scripts that are required to achieve your goal is taking focus away from the goal, and making your environment more complex, harder to debug, and harder to maintain. The net result is that you will spend MORE time on maintenance and dicking around with tools, and LESS time on publishing your websites.

Again - "Not Invented Here syndrome". It's a thing. Look it up.

"He'd let us slack off all day. "

Maybe your ex-boss also understood some of the ideas in Tom DeMarco's book "Slack"?

"Slack: Getting Past Burnout, Busywork, and the Myth of Total Efficiency"
https://www.amazon.com/Slack-G...
"If your companyâ(TM)s goal is to become fast, responsive, and agile, more efficiency is not the answer--you need more slack.
    Why is it that todayâ(TM)s superefficient organizations are ailing? Tom DeMarco, a leading management consultant to both Fortune 500 and up-and-coming companies, reveals a counterintuitive principle that explains why efficiency efforts can slow a company down. That principle is the value of slack, the degree of freedom in a company that allows it to change. Implementing slack could be as simple as adding an assistant to a department and letting high-priced talent spend less time at the photocopier and more time making key decisions, or it could mean designing workloads that allow people room to think, innovate, and reinvent themselves. It means embracing risk, eliminating fear, and knowing when to go slow. Slack allows for change, fosters creativity, promotes quality, and, above all, produces growth.
    With an approach that works for new- and old-economy companies alike, this revolutionary handbook debunks commonly held assumptions about real-world management, and gives you and your company a brand-new model for achieving and maintaining true effectiveness."

Other related ideas I've collected:
https://github.com/pdfernhout/...

Disclaimer: I am the author of the following projects. At Red Hat, we have been researching this problem for the last few years. This has resulted in the creation of the Clevis[1] & Tang[2] projects for automating decryption. This currently ships in Fedora and we plan to ship it in a future RHEL release. This project currently supports both root volumes and removable storage, as well as any other data you want to encrypt and then automatically decrypt. We are working on adding support for non-root volumes as well. For a video on the problem of automated decryption and the architecture of Clevis & Tang, see my recent talk at FOSDEM: Securing Automated Decryption[3]. [1]: https://github.com/latchset/cl... [2]: https://github.com/latchset/ta... [3]: https://fosdem.org/2017/schedu...

Disclaimer: I am the author of the following projects. At Red Hat, we have been researching this problem for the last few years. This has resulted in the creation of the Clevis[1] & Tang[2] projects for automating decryption. This currently ships in Fedora and we plan to ship it in a future RHEL release. This project currently supports both root volumes and removable storage, as well as any other data you want to encrypt and then automatically decrypt. We are working on adding support for non-root volumes as well. For a video on the problem of automated decryption and the architecture of Clevis & Tang, see my recent talk at FOSDEM: Securing Automated Decryption[3]. [1]: https://github.com/latchset/cl... [2]: https://github.com/latchset/ta... [3]: https://fosdem.org/2017/schedu...

You won't find Linux or Apache on Github, for example...

Linux kernel
Apache HTTPD Server

I'm not saying you're wrong, but your examples are wrong.

You won't find Linux or Apache on Github, for example...

Linux kernel
Apache HTTPD Server

I'm not saying you're wrong, but your examples are wrong.

I haven't tried it, because I game in Windows, but Valve has released its SteamVR for Linux. https://github.com/ValveSoftwa...

Well, to me it seems really, really, stupid. Might sound like a good idea without thinking about the numbers but seriously a global warrant for anyone who searched for a specific name and to add even more stupid to that, variants of the name. I sure hope that name was globally unique, not many people have that though, I do and a fully appreciate how rare that is.

So goggle concedes this one, because the reward for a stupid question has always been a stupid answer. Not a unique name and taking into accounts variants, sure, not a problem, here are the, I don't know imagine a number between one thousand and one million, have fun and good luck with that. Think that's not likely to happen, sure goggle does 3.5 billion searches per day and even the tiniest percentage of that becomes a huge number.

Never to forget trackmenot http://www.cs.nyu.edu/trackmen..., hey trackmenot, did you go somewhere naughty and get me in trouble and new stuff like https://adnauseam.io/, hey adnauseam, did you click at naughty add, cheeky bugger. My computer makes more searches than I do, by an order of magnitude and adnauseam, well it clicks more ads than I do, by many, many, orders of magnitude (adnauseam helping to boost many web sites profits, I am suprised a lot of web sites have not be actively promoting that add on, even when asshats at google work to ban it on chrome https://www.bleepingcomputer.c..., spoilsports but of course https://github.com/dhowe/AdNau....

In the world of spy vs spy misinformation is often the most effective means of security (you can play to, another good example would be a fake file on your desktop with fake credit card details, passwords and information, they find it, take it and leave). How long before fame email tools turn up as well as a full range of other data base toxins (filling invasive databases with poisoned data creating false links eventually killing the database, actually dead in reality, requiring most of the data to be tossed and forced to start again).

Open firmware: https://github.com/christinaa/...

Coders wanted. Linux bring-up is done, needs USB and display to be more useful. Discussion happens on Freenode IRC #raspberrypi-internals

When this popular embedded platform has a fully functional open firmware to use instead of the proprietary bootcode.bin then I'll be a little more cheery about the success of the Raspberry Pi worldwide.

Intel CPU Backdoor Report (Updated Mar 13, 2017)

The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
@21m43s, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.
[Video Link] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
[Quotes] Vortrag:
"DAGGER exploits Intel's Manageability Engine (ME), that executes firmware code such as Intel's Active Management Technology (iAMT), as well as its OOB network channel."

"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker."

"We have recently improved DAGGER's capabilites to include support for 64-bit operating systems and a stealthy update mechanism to download new attack code."

"To be more precise, we show how to conduct a DMA attack using Intel's Manageability Engine (ME)."

"We can permanently monitor the keyboard buffer on both operating system targets."

Quotes on Intel backdoors:

A message from RMS
by Richard Stallman on Dec 29, 2016 09:45 AM

The current generation of Intel and AMD processor chips are designed with vicious back doors that users cannot shut off. (In Intel processors, it's the "management engine".)

No users should trust those processors.

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Useful links:
The Intel ME subsystem can take over your machine, can't be audited
REcon 2014 - Intel Management Engine Secrets
Untrusting the CPU (33c3)
Towards (reasonably) trustworthy x86 laptops
30C3 To Protect And Infect - The militarization of the Internet
30c3: To Protect And Infect Part 2 - Mass Surveillance Tools & Software

1. Introduction, what is Intel ME

Short version, from Intel staff:

Re: What Intel CPUs lack Intel ME secondary processor?
Amy_Intel Feb 8, 2016 9:27 AM

The Management Engine (ME) is an isolated and p

But instead, let's act like a spoiled-entitled-child with the immature "If I can't have it, no one can".

I don't think that's what happened at all here.

These are videos that are made by Berkeley, for Berkeley's own purposes. Someone got the idea to upload them to YouTube and make them available to the world for free, because the cost to doing that is very close to zero. Very likely one university employee came up with the idea and spends a few minutes per day uploading whatever new lectures are in the library... or maybe even automated it so that no human spends any time on it.

What you're talking about, even if it is possible to get some crowdfunding, will require orders of magnitude more effort and expenditure by the university, isn't really in their mission, and definitely isn't in their budget. And it's entirely possible that they're even looking into what they could do... but until they have a system in place, *and* have verified that whatever approach they take satisfies the requirements of the law and won't leave them with more legal bills, the only thing they reasonably can do is take them all down.

There's no reason to assume that they're acting out of spite here.

Note: Guetzli uses a large amount of memory. You should provide 300MB of memory per 1MPix of the input image.

Github

Intel CPU Backdoor Report (Updated Mar 13, 2017)

The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
@21m43s, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.
[Video Link] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
[Quotes] Vortrag:
"DAGGER exploits Intel's Manageability Engine (ME), that executes firmware code such as Intel's Active Management Technology (iAMT), as well as its OOB network channel."

"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker. Our presentation consists of three parts. The first part addresses how to find valuable data in the main memory of the host. The second part exploits the ME's OOB network channel to exfiltrate captured data to an external platform and to inject new attack code to target other interesting data structures available in the host runtime memory. The last part deals with the implementation of a covert network channel based on JitterBug."

"We have recently improved DAGGER's capabilites to include support for 64-bit operating systems and a stealthy update mechanism to download new attack code."

"To be more precise, we show how to conduct a DMA attack using Intel's Manageability Engine (ME)."

"We can permanently monitor the keyboard buffer on both operating system targets."

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Useful links:
The Intel ME subsystem can take over your machine, can't be audited
REcon 2014 - Intel Management Engine Secrets
Untrusting the CPU (33c3)
Towards (reasonably) trustworthy x86 laptops
30C3 To Protect And Infect - The militarization of the Internet
30c3: To Protect And Infect Part 2 - Mass Surveillance Tools & Software

1. Introduction, what is Intel ME

Short version, from Intel staff:

Re: What Intel CPUs lack Intel ME secondary processor?
Amy_Intel Feb 8, 2016 9:27 AM

The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional part in

Then stop using Google. :) It's not like they're the only search engine.

And stop giving them your data, while you're at it.
https://addons.mozilla.org/en-...
https://github.com/disconnectm...

Intel CPU Backdoor Report (Updated Mar 13, 2017)

The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
@21m43s, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.
[Video Link] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
[Quotes] Vortrag:
"DAGGER exploits Intel's Manageability Engine (ME), that executes firmware code such as Intel's Active Management Technology (iAMT), as well as its OOB network channel."

"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker. Our presentation consists of three parts. The first part addresses how to find valuable data in the main memory of the host. The second part exploits the ME's OOB network channel to exfiltrate captured data to an external platform and to inject new attack code to target other interesting data structures available in the host runtime memory. The last part deals with the implementation of a covert network channel based on JitterBug."

"We have recently improved DAGGER's capabilites to include support for 64-bit operating systems and a stealthy update mechanism to download new attack code."

"To be more precise, we show how to conduct a DMA attack using Intel's Manageability Engine (ME)."

"We can permanently monitor the keyboard buffer on both operating system targets."

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Useful links:
The Intel ME subsystem can take over your machine, can't be audited
REcon 2014 - Intel Management Engine Secrets
Untrusting the CPU (33c3)
Towards (reasonably) trustworthy x86 laptops
30C3 To Protect And Infect - The militarization of the Internet
30c3: To Protect And Infect Part 2 - Mass Surveillance Tools & Software

1. Introduction, what is Intel ME

Short version, from Intel staff:

Re: What Intel CPUs lack Intel ME secondary processor?
Amy_Intel Feb 8, 2016 9:27 AM

The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional part in

The biggest concern with XMPP is of course that you need to access a public service, which may be shut down at any time - unless you run your own XMPP server (I do). Another concern is privacy. Even if messages can be encrypted, meta-data about who is communicating with whom may leak to those who have the powers to listen in on the IP packages to the server(s).

For whistle-blowers, journalists, and anyone living under repressive regimes, there are not too many options today. I am working on my own solution, allowing IM over the Tor network, using the legacy Tor Chat protocol (https://github.com/jgaa/darkspeak). This takes care of the privacy concerns - but it adds another protocol to the mix.

I am signed into Skype using the third-party SkypeWeb plug-in for Pidgin, which supports the JSON protocol that Skype for Web uses.

Intel CPU Backdoor Report (Updated Mar 13, 2017)

The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
@21m43s, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.
[Video Link] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
[Quotes] Vortrag:
"DAGGER exploits Intel's Manageability Engine (ME), that executes firmware code such as Intel's Active Management Technology (iAMT), as well as its OOB network channel."

"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker. Our presentation consists of three parts. The first part addresses how to find valuable data in the main memory of the host. The second part exploits the ME's OOB network channel to exfiltrate captured data to an external platform and to inject new attack code to target other interesting data structures available in the host runtime memory. The last part deals with the implementation of a covert network channel based on JitterBug."

"We have recently improved DAGGER's capabilites to include support for 64-bit operating systems and a stealthy update mechanism to download new attack code."

"To be more precise, we show how to conduct a DMA attack using Intel's Manageability Engine (ME)."

"We can permanently monitor the keyboard buffer on both operating system targets."

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Useful links:
The Intel ME subsystem can take over your machine, can't be audited
REcon 2014 - Intel Management Engine Secrets
Untrusting the CPU (33c3)
Towards (reasonably) trustworthy x86 laptops
30C3 To Protect And Infect - The militarization of the Internet
30c3: To Protect And Infect Part 2 - Mass Surveillance Tools & Software

1. Introduction, what is Intel ME

Short version, from Intel staff:

Re: What Intel CPUs lack Intel ME secondary processor?
Amy_Intel Feb 8, 2016 9:27 AM

The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional part in

As others have noted: "yes, it has changed."
https://github.com/mstarke/Mac...
https://github.com/keepassx/ke...

As others have noted: "yes, it has changed."
https://github.com/mstarke/Mac...
https://github.com/keepassx/ke...

Intel CPU Backdoor Report (Updated Mar 12, 2017)

The goal of this report is to make the existence of Intel CPU backdoors a common knowledge.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
@21m43s, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

[Video Link] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware

[Quotes] Vortrag:
"DAGGER exploits Intel's Manageability Engine (ME), that executes firmware code such as Intel's Active Management Technology (iAMT), as well as its OOB network channel."

"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker. Our presentation consists of three parts. The first part addresses how to find valuable data in the main memory of the host. The second part exploits the ME's OOB network channel to exfiltrate captured data to an external platform and to inject new attack code to target other interesting data structures available in the host runtime memory. The last part deals with the implementation of a covert network channel based on JitterBug."

"We have recently improved DAGGER's capabilites to include support for 64-bit operating systems and a stealthy update mechanism to download new attack code."

"To be more precise, we show how to conduct a DMA attack using Intel's Manageability Engine (ME)."

"We can permanently monitor the keyboard buffer on both operating system targets."

Backdoor removal:

The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

Decoding Intel backdoors:

The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Useful links:

The Intel ME subsystem can take over your machine, can't be audited
REcon 2014 - Intel Management Engine Secrets
Untrusting the CPU (33c3)
Towards (reasonably) trustworthy x86 laptops
30C3 To Protect And Infect - The militarization of the Internet
30c3: To Protect And Infect Part 2 - Mass Surveillance Tools & Software

1. Introduction, what is Intel ME

Short version, from Intel staff:

Re: What Intel CPUs lack Intel ME secondary processor?
Amy_Intel Feb 8, 2016 9:27 AM

The Management Engine (ME) is an isolated and protected coprocesso

Intel CPU Backdoor Report (Updated Mar 12, 2017)

The goal of this report is to make the existence of Intel CPU backdoors a common knowledge.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
@21m43s, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

[Video Link] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware

[Quotes] Vortrag:
"DAGGER exploits Intel's Manageability Engine (ME), that executes firmware code such as Intel's Active Management Technology (iAMT), as well as its OOB network channel."

"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker. Our presentation consists of three parts. The first part addresses how to find valuable data in the main memory of the host. The second part exploits the ME's OOB network channel to exfiltrate captured data to an external platform and to inject new attack code to target other interesting data structures available in the host runtime memory. The last part deals with the implementation of a covert network channel based on JitterBug."

"We have recently improved DAGGER's capabilites to include support for 64-bit operating systems and a stealthy update mechanism to download new attack code."

"To be more precise, we show how to conduct a DMA attack using Intel's Manageability Engine (ME)."

"We can permanently monitor the keyboard buffer on both operating system targets."

Backdoor removal:

The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

Decoding Intel backdoors:

The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded.

Useful links:

The Intel ME subsystem can take over your machine, can't be audited
REcon 2014 - Intel Management Engine Secrets
Untrusting the CPU (33c3)
Towards (reasonably) trustworthy x86 laptops
30C3 To Protect And Infect - The militarization of the Internet
30c3: To Protect And Infect Part 2 - Mass Surveillance Tools & Software

1. Introduction, what is Intel ME

Short version, from Intel staff:

Re: What Intel CPUs lack Intel ME secondary processor?
Amy_Intel Feb 8, 2016 9:27 AM

The Management Engine (ME) is an isolated and protected coprocessor, embedded as a n

Intel CPU Backdoor Alert (Updated Mar 12, 2017)

The goal of this report is to make the existence of Intel CPU backdoors a common knowledge.
What we know about the Intel backdoor so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak:

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware is in the chipset flash chip (Intel Management Engine).

ccc.de: "Our presentation covers a DMA malware that benefits from an isolated network channel to update the attack code and to exfiltrate captured data. To be more precise, we show how to conduct a DMA attack using Intel's Manageability Engine (ME)."

30C3 Intel ME live hack, @21m43s, keystrokes leaked from Intel ME outside the OS, wireshark cannot detect packets:
[Video Link] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware

The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal is tricky and requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort. If you are skilled in BIOS/Firmware, download some of the Intel ME firmware from this collection have a go at it (Intel used various decode counter measures, explained below).

Useful links:
The Intel ME subsystem can take over your machine, can't be audited
REcon 2014 - Intel Management Engine Secrets
Untrusting the CPU (33c3)
Towards (reasonably) trustworthy x86 laptops

1. Introduction, what is Intel ME

Short version, from Intel staff:

Re: What Intel CPUs lack Intel ME secondary processor?
Amy_Intel Feb 8, 2016 9:27 AM

The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional part in all current Intel chipsets, I even checked with the engineering department and they confirmed it.

Long version:

ME: Management Engine

The Intel Management Engine (ME) is a separate computing environment physically located in the MCH chip or PCH chip replacing ICH.

The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating system's memory as well as to reserve a region of protected external memory to supplement the ME's limited internal RAM. The ME also has network access with its own MAC address through the Intel Gigabit Ethernet Controller integrated in the southbridge (ICH or PCH).

The Intel Management Engine with its proprietary firmware has complete access to and control over the PC: it can power on or shut down the PC, read all open files, examine all running applications, track all keys pressed and mouse movements, and even capture or display images on the screen. And it has a network interface that is demonstrably insecure, which can allow an attacker on the networ

The debugger code is open source:

https://github.com/Microsoft/M...

They're called Chromebooks now. There are dozens of options from $199 to $500. Pick the one you like the best and install Crouton on it. Here's my personal favorite - quad core N3160 Intel CPU, 4GB RAM, 32GB storage, 1080p 14" IPS (yes, IPS) display, 12+ hour battery life, a trackpad that's better than it has any right to be and ALL ALUMINUM construction for comfortably under $300.

Every battery is removable if you own a screwdriver, this is a non-issue. Especially given the battery lives on laptops. Who is using a laptop for over 10 hours without being near a charger? 0.1% of the market, maybe.