Slashdot Mirror

You can start reading up on it here. If you had done a little research before typing, you wouldn't have an egg on your face right now.

the small benefit of JavaScript is that we can disable it and/or prevent certain function calls if you want to (e.g. my browser asks me if alert() is allowed to trigger or intercepts audio() and video() tags etc etc.

All I know about WebAssembly is what I read in TFA but I'll bet you that it will still be possible to block API calls exactly the same way. In fact, if my understanding is correct, WebAssembly doesn't come with any API calls; it will need to ask JavaScript to do things like pop up an alert().

Here, have a link I Googled up for you. Here's you you do an alert() from WebAssembly: you import alert() from JavaScript and call that.

https://gist.github.com/cure53/f4581cee76d2445d8bd91f03d4fa7d3b

So whatever you are doing right now to forbid alert() would continue to work when your browser downloads WebAssembly code.

If you're going to obfuscate calls even further into machine code and allow for code to run directly on a CPU and manipulate memory without the capacity for inspection, you've given up all control.

I've already made my position on that clear. Bytecode is less readable than minified JS but not by that much.

Plus I don't actually pick apart all the minified JS my browser is running and inspect it in advance. And I figure with GMain and such my browser is running a lot of minified JS.

For those that thinks, this won't happen to me.
Check this out: https://www.youtube.com/watch?...
And to get an idea about the extend of devices affected: https://github.com/brandonlw/P...

The USG isolates BadUSB devices from your computer, while still passing through the data you need.

Attackers use probabilistic models to break passwords, but the rules that we typically use to defend against them are typically quite bad.

So, there is a pretty good password strength checker that we can use: https://github.com/dropbox/zxc... .

But we can even do better: a couple of years ago, with a colleague, I've written a paper to show how you can evaluate pretty precisely how much work attacks using probabilistic models need to break your passwords (http://www.eurecom.fr/~filippon/Publications/ccs15.pdf); since then, I've released the code online (https://github.com/matteodellamico/montecarlopwd). If anybody is interested in using it in the real world, please contact me!

matteo

yes

Yup that's the biggest hurdle right now but multiple ideas are being explored. The one that I personally find the most promising is "sharding", an idea developed to allow the Ethereum blockchain to scale massively. In a nutshell, they will split the blockchain in multiple shards and allow transactions between them.

More details here: https://github.com/ethereum/wi...

Your Intel CPU is backdoored and it is wide open, right now.

The backdoor is on all modern intel CPU/Chipset and is marketed as vPro/AMT/Small Business Advantage/Anti-Theft Technology, it is in all Core i3/i5/i7/Xeon CPU/Chipset in the past 6 years.

*3 Billion devices run JAVA* because everyone's Intel backdoor is running it.

REcon 2014 - Intel Management Engine Secrets

CCC Intel CPU backdoor live hack demonstration, keystrokes logged and sent over wire, wireshark can't detect packet because the Intel backdoor runs above the OS:
Towards (reasonably) trustworthy x86 laptops
Untrusting the CPU (33c3)
30C3 To Protect And Infect - The militarization of the Internet
Jacob Appelbaum - To Protect and Infect Part 2 - At 30c3 on Mass Surveillance Tools & Software

More links in this discussion:
The Intel ME subsystem can take over your machine, can't be audited

Tools to remove Intel backdoor firmware (You need to physically clip onto a 8pins chip on motherboards to download/neutralize/flash the rom, nothing else can touch it), the backdoor is designed to shutdown your machine within 30 minutes after boot, if you just remove the backdoor and don't handle checksums correctly:
https://github.com/corna/me_cleaner.

Neutralize your Intel backdoor:

Neutralize ME firmware on SandyBridge and IvyBridge platforms

First introduced in Intelâ(TM)s 965 Express Chipset Family, the Intel Management Engine (ME) is a separate computing environment physically located in the (G)MCH chip (for Core 2 family CPUs which is separate from the northbridge), or PCH chip replacing ICH(for Core i3/i5/i7 which is integrated with northbridge).

The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating systemâ(TM)s memory as well as to reserve a region of protected external memory to supplement the MEâ(TM)s limited internal RAM. The ME also has network access with its own MAC address through the Intel Gigabit Ethernet Controller integrated in the southbridge (ICH or PCH).

The Intel Management Engine with its proprietary firmware has complete access to and control over the PC: it can power on or shut down the PC, read all open files, examine all running applications, track all keys pressed and mouse movements, and even capture or display images on the screen. And it has a network interface that is demonstrably insecure, which can allow an attacker on the network to inject rootkits that completely compromise the PC and can report to the attacker all activities performed on the PC. It is a threat to freedom, security, and privacy that canâ(TM)t be ignored.

https://hackaday.com/tag/intel-management-engine/

Five or so years ago, Intel rolled out something horrible. Intelâ(TM)s Management Engine (ME) is a completely separate computing environment running on Intel chipsets that has access to everything. The ME has network access, access to the host operating system, memory, and cryptography engine. The ME can be used remotely even if the PC is powered off. If that sounds scary, it gets even worse: no one knows what the ME is doing, and we canâ

> ZFS doesn't even have an fsck. It is IMPOSSIBLE for it to get corrupted

--As much as I love ZFS, I wouldn't use the word that you use. Take a look here:

https://github.com/zfsonlinux/...

https://github.com/zfsonlinux/...

--Complex software always has bugs somewhere. Can't say for certain on FreeBSD or Solaris implementations, but I do track the Linux bug reports.

> ZFS doesn't even have an fsck. It is IMPOSSIBLE for it to get corrupted

--As much as I love ZFS, I wouldn't use the word that you use. Take a look here:

https://github.com/zfsonlinux/...

https://github.com/zfsonlinux/...

--Complex software always has bugs somewhere. Can't say for certain on FreeBSD or Solaris implementations, but I do track the Linux bug reports.

NSA/CIA/GCHQ Shills kept down voting this:

Your Intel CPU is backdoored and it is wide open, right now.

The backdoor is on all modern intel CPU/Chipset and is marketed as vPro/AMT/Small Business Advantage/Anti-Theft Technology, it is in all Core i3/i5/i7/Xeon CPU/Chipset in the past 6 years.

Remember *3 Billion devices run JAVA* because everyone's Intel CPU backdoor is running it.

REcon 2014 - Intel Management Engine Secrets

CCC Intel CPU backdoor live hack demonstration, keystrokes logged and sent over wire, wireshark can't detect packet because the Intel backdoor runs above the OS:
Towards (reasonably) trustworthy x86 laptops
Untrusting the CPU (33c3)
30C3 To Protect And Infect - The militarization of the Internet
Jacob Appelbaum - To Protect and Infect Part 2 - At 30c3 on Mass Surveillance Tools & Software

More links in this discussion:
The Intel ME subsystem can take over your machine, can't be audited

Tools to remove Intel backdoor firmware (You need to physically clip onto a 8pins chip on motherboards to download/neutralize/flash the rom, nothing else can touch it), the backdoor is designed to shutdown your machine within 30 minutes after boot, if you just remove the backdoor and don't handle checksums correctly:
https://github.com/corna/me_cleaner.

Neutralize your Intel backdoor:

Neutralize ME firmware on SandyBridge and IvyBridge platforms

First introduced in Intelâ(TM)s 965 Express Chipset Family, the Intel Management Engine (ME) is a separate computing environment physically located in the (G)MCH chip (for Core 2 family CPUs which is separate from the northbridge), or PCH chip replacing ICH(for Core i3/i5/i7 which is integrated with northbridge).

The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating systemâ(TM)s memory as well as to reserve a region of protected external memory to supplement the MEâ(TM)s limited internal RAM. The ME also has network access with its own MAC address through the Intel Gigabit Ethernet Controller integrated in the southbridge (ICH or PCH).

The Intel Management Engine with its proprietary firmware has complete access to and control over the PC: it can power on or shut down the PC, read all open files, examine all running applications, track all keys pressed and mouse movements, and even capture or display images on the screen. And it has a network interface that is demonstrably insecure, which can allow an attacker on the network to inject rootkits that completely compromise the PC and can report to the attacker all activities performed on the PC. It is a threat to freedom, security, and privacy that canâ(TM)t be ignored.

https://hackaday.com/tag/intel-management-engine/

Five or so years ago, Intel rolled out something horrible. Intelâ(TM)s Management Engine (ME) is a completely separate computing environment running on Intel chipsets that has access to everything. The ME has network access, access to the host operating system, memory, and cryptography engine. The ME can be used remotely even if the PC is powered off. If that sounds scary, it gets e

NSA/CIA/GCHQ Shills kept down voting this:

Your Intel CPU is backdoored and it is wide open, right now.

The backdoor is on all modern intel CPU/Chipset and is marketed as vPro/AMT/Small Business Advantage/Anti-Theft Technology, it is in all Core i3/i5/i7/Xeon CPU/Chipset in the past 6 years.

Remember *3 Billion devices run JAVA* because everyone's Intel CPU backdoor is running it.

REcon 2014 - Intel Management Engine Secrets

CCC Intel CPU backdoor live hack demonstration, keystrokes logged and sent over wire, wireshark can't detect packet because the Intel backdoor runs above the OS:
Towards (reasonably) trustworthy x86 laptops
Untrusting the CPU (33c3)
30C3 To Protect And Infect - The militarization of the Internet
Jacob Appelbaum - To Protect and Infect Part 2 - At 30c3 on Mass Surveillance Tools & Software

More links in this discussion:
The Intel ME subsystem can take over your machine, can't be audited

Tools to remove Intel backdoor firmware (You need to physically clip onto a 8pins chip on motherboards to download/neutralize/flash the rom, nothing else can touch it), the backdoor is designed to shutdown your machine within 30 minutes after boot, if you just remove the backdoor and don't handle checksums correctly:
https://github.com/corna/me_cleaner.

Neutralize your Intel backdoor:

Neutralize ME firmware on SandyBridge and IvyBridge platforms

First introduced in Intelâ(TM)s 965 Express Chipset Family, the Intel Management Engine (ME) is a separate computing environment physically located in the (G)MCH chip (for Core 2 family CPUs which is separate from the northbridge), or PCH chip replacing ICH(for Core i3/i5/i7 which is integrated with northbridge).

The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating systemâ(TM)s memory as well as to reserve a region of protected external memory to supplement the MEâ(TM)s limited internal RAM. The ME also has network access with its own MAC address through the Intel Gigabit Ethernet Controller integrated in the southbridge (ICH or PCH).

The Intel Management Engine with its proprietary firmware has complete access to and control over the PC: it can power on or shut down the PC, read all open files, examine all running applications, track all keys pressed and mouse movements, and even capture or display images on the screen. And it has a network interface that is demonstrably insecure, which can allow an attacker on the network to inject rootkits that completely compromise the PC and can report to the attacker all activities performed on the PC. It is a threat to freedom, security, and privacy that canâ(TM)t be ignored.

https://hackaday.com/tag/intel-management-engine/

Five or so years ago, Intel rolled out something horrible. Intelâ(TM)s Management Engine (ME) is a completely separate computing environment running on Intel chipsets that has access to everything. The ME has network access, access to the host operating system, memory, and cryptography engine. The ME can be used remotely even if the PC is powered off. If that sounds scary, it gets e

NSA/CIA/GCHQ Shills kept down voting this from Score 3:

Your Intel CPU is backdoored and it is wide open, right now.

The backdoor is on all modern intel CPU/Chipset and is marketed as vPro/AMT/Small Business Advantage/Anti-Theft Technology.

Remember *3 Billion devices run JAVA* because everyone's motherboard is running it.

REcon 2014 - Intel Management Engine Secrets

CCC Intel CPU backdoor live hack demonstration, keystrokes logged and sent over wire, wireshark can't detect packet because the Intel backdoor runs above the OS:
30C3 To Protect And Infect - The militarization of the Internet
Jacob Appelbaum - To Protect and Infect Part 2 - At 30c3 on Mass Surveillance Tools & Software
Towards (reasonably) trustworthy x86 laptops

Tools to remove Intel backdoor firmware (You need to physically clip onto a 8pins chip on motherboards to download/neutralize/flash the rom, nothing else can touch it):
https://github.com/corna/me_cleaner.

Neutralize your Intel backdoor:

Neutralize ME firmware on SandyBridge and IvyBridge platforms

First introduced in Intelâ(TM)s 965 Express Chipset Family, the Intel Management Engine (ME) is a separate computing environment physically located in the (G)MCH chip (for Core 2 family CPUs which is separate from the northbridge), or PCH chip replacing ICH(for Core i3/i5/i7 which is integrated with northbridge).

The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating systemâ(TM)s memory as well as to reserve a region of protected external memory to supplement the MEâ(TM)s limited internal RAM. The ME also has network access with its own MAC address through the Intel Gigabit Ethernet Controller integrated in the southbridge (ICH or PCH).

The Intel Management Engine with its proprietary firmware has complete access to and control over the PC: it can power on or shut down the PC, read all open files, examine all running applications, track all keys pressed and mouse movements, and even capture or display images on the screen. And it has a network interface that is demonstrably insecure, which can allow an attacker on the network to inject rootkits that completely compromise the PC and can report to the attacker all activities performed on the PC. It is a threat to freedom, security, and privacy that canâ(TM)t be ignored.

https://hackaday.com/tag/intel-management-engine/

Five or so years ago, Intel rolled out something horrible. Intelâ(TM)s Management Engine (ME) is a completely separate computing environment running on Intel chipsets that has access to everything. The ME has network access, access to the host operating system, memory, and cryptography engine. The ME can be used remotely even if the PC is powered off. If that sounds scary, it gets even worse: no one knows what the ME is doing, and we canâ(TM)t even look at the code. When â" not âifâ(TM) â" the ME is finally cracked open, every computer running on a recent Intel chip will have a huge security and privacy issue. Intelâ(TM)s Management Engine is the single most dangerous piece of computer hardware ever created.

NSA/CIA/GCHQ Shills kept down voting this from Score 3:

Your Intel CPU is backdoored and it is wide open, right now.

Remember *3 Billion devices run JAVA* because everyone's motherboard is running it.

REcon 2014 - Intel Management Engine Secrets

CCC Intel CPU backdoor live hack demonstration, keystrokes logged and sent over wire, wireshark can't detect packet because the Intel backdoor runs above the OS:
30C3 To Protect And Infect - The militarization of the Internet
Jacob Appelbaum - To Protect and Infect Part 2 - At 30c3 on Mass Surveillance Tools & Software
Towards (reasonably) trustworthy x86 laptops

Tools to remove Intel backdoor firmware (You need to physically clip onto a 8pins chip on motherboards to download/neutralize/flash the rom, nothing else can touch it):
https://github.com/corna/me_cleaner.

Neutralize your Intel backdoor:

Neutralize ME firmware on SandyBridge and IvyBridge platforms

First introduced in Intelâ(TM)s 965 Express Chipset Family, the Intel Management Engine (ME) is a separate computing environment physically located in the (G)MCH chip (for Core 2 family CPUs which is separate from the northbridge), or PCH chip replacing ICH(for Core i3/i5/i7 which is integrated with northbridge).

The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating systemâ(TM)s memory as well as to reserve a region of protected external memory to supplement the MEâ(TM)s limited internal RAM. The ME also has network access with its own MAC address through the Intel Gigabit Ethernet Controller integrated in the southbridge (ICH or PCH).

The Intel Management Engine with its proprietary firmware has complete access to and control over the PC: it can power on or shut down the PC, read all open files, examine all running applications, track all keys pressed and mouse movements, and even capture or display images on the screen. And it has a network interface that is demonstrably insecure, which can allow an attacker on the network to inject rootkits that completely compromise the PC and can report to the attacker all activities performed on the PC. It is a threat to freedom, security, and privacy that canâ(TM)t be ignored.

https://hackaday.com/tag/intel-management-engine/

Five or so years ago, Intel rolled out something horrible. Intelâ(TM)s Management Engine (ME) is a completely separate computing environment running on Intel chipsets that has access to everything. The ME has network access, access to the host operating system, memory, and cryptography engine. The ME can be used remotely even if the PC is powered off. If that sounds scary, it gets even worse: no one knows what the ME is doing, and we canâ(TM)t even look at the code. When â" not âifâ(TM) â" the ME is finally cracked open, every computer running on a recent Intel chip will have a huge security and privacy issue. Intelâ(TM)s Management Engine is the single most dangerous piece of computer hardware ever created.

Intel Active Management Technology

Almost all AMT features are available even if the PC is in a powered-off sta

*3 Billion devices run JAVA* because everyone's motherboard is running it.

32c3 Intel CPU backdoor live hack demonstration, keystrokes logged and sent over wire, wireshark can't detect packet because the Intel backdoor runs above the OS:
Towards (reasonably) trustworthy x86 laptops

REcon 2014 - Intel Management Engine Secrets

Tools to remove Intel backdoor firmware (The backdoor firmware sits outside the BIOS, you need to physically clip onto a 8pin chip on motherboards to download/neutralize/flash the rom, nothing else can touch it):
https://github.com/corna/me_cleaner.

Neutralize your Intel backdoor:

Neutralize ME firmware on SandyBridge and IvyBridge platforms

First introduced in Intelâ(TM)s 965 Express Chipset Family, the Intel Management Engine (ME) is a separate computing environment physically located in the (G)MCH chip (for Core 2 family CPUs which is separate from the northbridge), or PCH chip replacing ICH(for Core i3/i5/i7 which is integrated with northbridge).

The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating systemâ(TM)s memory as well as to reserve a region of protected external memory to supplement the MEâ(TM)s limited internal RAM. The ME also has network access with its own MAC address through the Intel Gigabit Ethernet Controller integrated in the southbridge (ICH or PCH).

The Intel Management Engine with its proprietary firmware has complete access to and control over the PC: it can power on or shut down the PC, read all open files, examine all running applications, track all keys pressed and mouse movements, and even capture or display images on the screen. And it has a network interface that is demonstrably insecure, which can allow an attacker on the network to inject rootkits that completely compromise the PC and can report to the attacker all activities performed on the PC. It is a threat to freedom, security, and privacy that canâ(TM)t be ignored.

https://hackaday.com/tag/intel-management-engine/

Five or so years ago, Intel rolled out something horrible. Intelâ(TM)s Management Engine (ME) is a completely separate computing environment running on Intel chipsets that has access to everything. The ME has network access, access to the host operating system, memory, and cryptography engine. The ME can be used remotely even if the PC is powered off. If that sounds scary, it gets even worse: no one knows what the ME is doing, and we canâ(TM)t even look at the code. When â" not âifâ(TM) â" the ME is finally cracked open, every computer running on a recent Intel chip will have a huge security and privacy issue. Intelâ(TM)s Management Engine is the single most dangerous piece of computer hardware ever created.

Intel Active Management Technology

Almost all AMT features are available even if the PC is in a powered-off state but with its power cord attached, if the operating system has crashed, if the software agent is missing, or if hardware (such as a hard drive or memory) has failed.[1][2] The console-redirection feature (SOL), agent presence checking, and network traffic filters are available after the PC is powered up.[1][2]

The Management Engine (ME) is an isolated and protected co

Americans seem to think if you lost your cat the fucking Russians did it.

Everyone knows the CIA is the most evil organization and your tax dollar is funding it.

By the way, your Intel CPU is already backdoored, Intel and CIA/NSA are bed buddies that's why CIA/NSA are the biggest suspect.

Remember, *3 Billion devices run JAVA*, and your motherboard backdoor is running it.

REcon 2014 - Intel Management Engine Secrets

32c3 Intel backdoor live hack demonstration, keystrokes logged and sent over wire, wireshark can't detect packet because the Intel backdoor runs above the OS:
Towards (reasonably) trustworthy x86 laptops

Tools to remove Intel backdoor firmware:
https://github.com/corna/me_cleaner.

Neutralize your Intel backdoor:

Neutralize ME firmware on SandyBridge and IvyBridge platforms

First introduced in Intelâ(TM)s 965 Express Chipset Family, the Intel Management Engine (ME) is a separate computing environment physically located in the (G)MCH chip (for Core 2 family CPUs which is separate from the northbridge), or PCH chip replacing ICH(for Core i3/i5/i7 which is integrated with northbridge).

The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating systemâ(TM)s memory as well as to reserve a region of protected external memory to supplement the MEâ(TM)s limited internal RAM. The ME also has network access with its own MAC address through the Intel Gigabit Ethernet Controller integrated in the southbridge (ICH or PCH).

The Intel Management Engine with its proprietary firmware has complete access to and control over the PC: it can power on or shut down the PC, read all open files, examine all running applications, track all keys pressed and mouse movements, and even capture or display images on the screen. And it has a network interface that is demonstrably insecure, which can allow an attacker on the network to inject rootkits that completely compromise the PC and can report to the attacker all activities performed on the PC. It is a threat to freedom, security, and privacy that canâ(TM)t be ignored.

https://hackaday.com/tag/intel-management-engine/

Five or so years ago, Intel rolled out something horrible. Intelâ(TM)s Management Engine (ME) is a completely separate computing environment running on Intel chipsets that has access to everything. The ME has network access, access to the host operating system, memory, and cryptography engine. The ME can be used remotely even if the PC is powered off. If that sounds scary, it gets even worse: no one knows what the ME is doing, and we canâ(TM)t even look at the code. When â" not âifâ(TM) â" the ME is finally cracked open, every computer running on a recent Intel chip will have a huge security and privacy issue. Intelâ(TM)s Management Engine is the single most dangerous piece of computer hardware ever created.

Intel Active Management Technology

Almost all AMT features are available even if the PC is in a powered-off state but with its power cord attached, if the operating system has crashed, if the software agent is missing, or if hardware (such as a hard drive or memory) has failed.[1][2] The console-redirection feature (SOL), agent presence checking, a

Your Intel CPU is already backdoored

Forget security, your Intel CPU is already backdoored and it is wide open.

Remember, *3 Billion devices run JAVA*, and your motherboard backdoor is running it.

REcon 2014 - Intel Management Engine Secrets

32c3 Intel backdoor live hack demonstration, keystrokes logged and downloaded over wire, wireshark can't detect:
Towards (reasonably) trustworthy x86 laptops

Tools to remove Intel backdoor firmware:
https://github.com/corna/me_cleaner.

Neutralize your Intel backdoor:

Neutralize ME firmware on SandyBridge and IvyBridge platforms

First introduced in Intelâ(TM)s 965 Express Chipset Family, the Intel Management Engine (ME) is a separate computing environment physically located in the (G)MCH chip (for Core 2 family CPUs which is separate from the northbridge), or PCH chip replacing ICH(for Core i3/i5/i7 which is integrated with northbridge).

The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating systemâ(TM)s memory as well as to reserve a region of protected external memory to supplement the MEâ(TM)s limited internal RAM. The ME also has network access with its own MAC address through the Intel Gigabit Ethernet Controller integrated in the southbridge (ICH or PCH).

The Intel Management Engine with its proprietary firmware has complete access to and control over the PC: it can power on or shut down the PC, read all open files, examine all running applications, track all keys pressed and mouse movements, and even capture or display images on the screen. And it has a network interface that is demonstrably insecure, which can allow an attacker on the network to inject rootkits that completely compromise the PC and can report to the attacker all activities performed on the PC. It is a threat to freedom, security, and privacy that canâ(TM)t be ignored.

https://hackaday.com/tag/intel-management-engine/

Five or so years ago, Intel rolled out something horrible. Intelâ(TM)s Management Engine (ME) is a completely separate computing environment running on Intel chipsets that has access to everything. The ME has network access, access to the host operating system, memory, and cryptography engine. The ME can be used remotely even if the PC is powered off. If that sounds scary, it gets even worse: no one knows what the ME is doing, and we canâ(TM)t even look at the code. When â" not âifâ(TM) â" the ME is finally cracked open, every computer running on a recent Intel chip will have a huge security and privacy issue. Intelâ(TM)s Management Engine is the single most dangerous piece of computer hardware ever created.

Intel Active Management Technology

Almost all AMT features are available even if the PC is in a powered-off state but with its power cord attached, if the operating system has crashed, if the software agent is missing, or if hardware (such as a hard drive or memory) has failed.[1][2] The console-redirection feature (SOL), agent presence checking, and network traffic filters are available after the PC is powered up.[1][2]

The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional[29] part in all current (as of 2015) Intel chipset

you can definitely boot to zfsonlinux on jessie.

i have used the following to set up a jessie machine with a single root raidz8 pool:

https://github.com/zfsonlinux/...

UDF is the RW format for dvd-rw and can be used on HDs in all modern OS (it requires format version 2.01)

The format is resilient, as DVD-R(W) may have scratches and have CRC in metadata... sadly it do not have CRC in data, as the DVD reader/physical format also have some recovery info, so UDF didn't add it directly.

It is still a good format, being a ISO, it should have a long life and be read for a long time. Of course, for HDs, i would bet that mechanical problems will probably be a problem sooner.

other than UDF, ZFS and BTRFS both have CRC and should be resilient and the format is set and should not change. but there are other formats with CRC, check the wikipedia for more options

Finally, probably the format that you store the files is also important, a solid RAR or TAR may cause problems in the future than compressing each file with gzip. Probably the best option is store the files using par, as it was created to permit access to the files even if several blocks can't be read. some backup tools support this, directly , as DAR or but, or indirectly, as backuppc (search ArchivePar) on the archive step

Whatever you do, a followup of this in one year (or more) is a good idea, as the theory and real life may be different things :)

Perhaps there are gems of unsung first-party contributions hiding in their huge number of public repositories? https://github.com/vmware

The Zapper does not work with LCDs. It uses a circuit similar to that found in infrared remote control receivers. The circuit is tuned to sense light that flickers at roughly 16 kHz, which matches the horizontal scan rate of a CRT SDTV.

Furthermore, some NES games actually measure the time between the start of the picture and when the Zapper begins to detect light. This lets the game tell how far up or down the gun is pointed and narrow down the set of targets that it has to turn on in sequence. Operation Wolf does this, as does Zap Ruder (source).

If you have an LCD, you need to wait until 2026 for the Wii Remote patents to expire.

For terminals rather than arbitrary images: cool-retro-term.

A black-and-white image? convert trollface.png trollface.ubrl && cat trollface.ubrl
A colour image? catimg -r2 | ansi2html (package colorized-logs), elinks with use_document_colors=2 only.
A histogram? braillegraph.

The first and the last work in plain Unicode text, the second one requires HTML.
On any site with basic Unicode support I'd include samples, but, you know, Slashdot...

A black-and-white image? convert trollface.png trollface.ubrl && cat trollface.ubrl
A colour image? catimg -r2 | ansi2html (package colorized-logs), elinks with use_document_colors=2 only.
A histogram? braillegraph.

The first and the last work in plain Unicode text, the second one requires HTML.
On any site with basic Unicode support I'd include samples, but, you know, Slashdot...

Their collection of 3D models is nice: https://github.com/nasa/NASA-3...

You can check out what is publicly/globally available on github: https://github.com/nasa

On their main software page, there is a LOT of stuff that is by request only but github is all the easy to get stuff.

Sorry Travis; once an asshole, always an asshole; all the leadership training in the world isn't going to change that. You're 40 years old, how long would you have us waiting? Even brother J. was on your tail in noting that bad trees don't give good fruit. Claiming 'profound' for PR-bullshit like this when you're in that kind of mess is just another nail in the coffin. https://github.com/codr4life/v...

Sorry but if you don't know algorithm theory you don't know how to evaluate the code you are writing.

I know code well enough to know when a sort algorithm is required. As for the implementation details, I can look it up.

https://github.com/Sayan-Paul/Sort-Library-in-Python/blob/master/sortlib.py

Thanks, just briefly (sorry busy):

1. Pi3 + 16Gb MicroSD + Ubuntu Mate 2. Noise meter: http://www.ebay.co.uk/sch/sis.... (this isn't super accurate, not expensive either)
3. ADS-B USB Dongle (R820T) incl. Small Indoor Antenna from jetvision.de
4. https://github.com/antirez/dum... to read the transponder
5. https://github.com/fiddyspence... to read the noise meter

And some ugly glue code that 'joins' the two readings and sticks them in a one-table database. Obviously this is correlation, it will record cars if you point it in the 'wrong' direction. I haven't published the glue code, because it's in a terrible state. Hope that helps.

Thanks, just briefly (sorry busy):

1. Pi3 + 16Gb MicroSD + Ubuntu Mate 2. Noise meter: http://www.ebay.co.uk/sch/sis.... (this isn't super accurate, not expensive either)
3. ADS-B USB Dongle (R820T) incl. Small Indoor Antenna from jetvision.de
4. https://github.com/antirez/dum... to read the transponder
5. https://github.com/fiddyspence... to read the noise meter

And some ugly glue code that 'joins' the two readings and sticks them in a one-table database. Obviously this is correlation, it will record cars if you point it in the 'wrong' direction. I haven't published the glue code, because it's in a terrible state. Hope that helps.

From wiki for TOP500:

Since 1993, performance of the #1 ranked position has grown steadily in accord with Moore's law, doubling roughly every 14 months. As of November 2014, Tianhe-2 was fastest with an Rpeak[6] of 54.9024 PFLOPS, is over 419,102 times faster than the fastest system in November 1993, the Connection Machine CM-5/1024 (1024 cores) with Rpeak of 131.0 GFLOPS.[7]

And then there's this article from a company that knows a little bit about parallel processing.

As the trend continues for increases of processing power while cost decreases, the only real question to me is at what point is there critical mass enough where simulation can evolve strong AI. Unless there is a firmly held belief that our consciousness is the result of a spirit entity which is destined for a higher plane of existence after temporarily inhabiting a meat sack, why does it seem so difficult to assume that natural process that created human intelligence could not be reproduced and condensed into a fractional timespan, using software tools similar to Avida.

It's really great that the US DoD are doing this; but it should be noted that the UK MOD have been doing exactly this for some time now...

See: https://github.com/dstl/

This is why git is not vulnerable in this specific instance. In git all objects are prepended with their type, in this case "blob". Of course if you had $100k (-ish) to burn, you could repeat this attack on a file that does start with "blob" to break git.

However you don't need to do this. This attack depends on reaching an intermediate state with specific properties in order to massively reduce the search space. Any attempt to hash a file that reaches one of these states can be detected and rejected. If you swap to using https://github.com/cr-marcstevens/sha1collisiondetection for all SHA-1 calculations, every instance of this attack can be detected and rejected.

Also I mis-spoke slightly and spotted my error after checking the paper again. The first pair of blocks have half of the same bytes, but produce an internal state with only 6 bytes of differences. The second pair of blocks, again only differ in half of their bytes, and exactly cancel out those 6 bytes of differences. See Table One on page 3 for the actual byte values.

Instead of getting mad, just maintain the patch locally. You have fixed the bug for you, after all, so why get angry. The only thing that does suck is if you later find out your patch has been merged, but without attribution, in which case a passive aggressive mail to their list might be in order. Happens rarely, though.

And there are more than enough counter examples to your story, e.g. my latest fix to icinga (a nagios fork) had a turnaround time of roughly half an hour (Though github will only show it happened on the same day...)

I grabbed the 22MB zip file of domains on Cloudflare from this page, which supposedly contains a superset of the sites that *might* have been infected by CloudBleed - e.g. not all the sites included have a problem, but all those that did are in the list. I then dumped a list of all the domain names in my Password Manager to a second text file and used "egrep -f" to see which domains were in both files. That turned out to be a pretty short list considering the supposed reach of CloudFlare, so I then worked through those domains and updated those passwords (increasing length and complexity where I could as well), just in case. Done.

The whole process took me less than 15 minutes and, barring future developments, CloudBleed is now hopefully in my rear view mirror. Not that I consider the odds of any of my data being leaked likely to cause much pain cleaning up the aftermath anyway - one of the benefits of unique passwords for every single site.

Sites using Cloudflare: https://github.com/pirate/site...

Rockstar

Rockstar is one amazing library, which will make you a Rockstar Programmer in just 2 minutes. In last decade, people learned C++ in 21 days. But these days, it has come down to just 10 minutes. But, I wanted to do better.

This repo will not only teach you Complete C++ in just 2 minutes, but also makes Open Source Contributions. You see, Open Source contributions are very important these days, especially if you can get those boxes filled with green on your Github profile. As an efficient programmer, I believe in killing two birds in just one shot.

Run Rockstar, be a Rockstar, show off your Github profile to everyone and bag those $200K programmer jobs. Once you become a Rockstar, every recruiter will want to hire you and there is no turning back.

Why not? The hash in git is not there to provide security.

True, and this is the main point. The principle reason Sha-1 was chosen by the creator of the Monotone project that begat Git is, its designed-in ability to hash non-uniform input into uniformly distributed hashes. Or maybe the main point should actually be, Linus did not choose Sha-1, Graydon Hoare did, and Linus simply copied that along with Monotone's basic algorithms. See, Linus isn't a mathematician and doesn't claim to be, but he is a master of knowing what to copy.

I think you underestimate the number - there were way more than seven of us Linux gamers just developing for the DK1 years back. There are over a 100 vive owners asking Valve to support Linux here: https://github.com/ValveSoftwa..., and that's just the subset of us that have github accounts and thought it would be a good idea to me-too the issue.

At any rate, it's the chicken and the egg - there can't be a huge number of Linux VR gamers until the platform is supported.

Cloudflare = Crimeflare

A list of impacted sites begs to differ.

A "mode" will be detectable — looking at your screen whoever compels you to show it (a criminal or an officer or both-in-one) will be able to tell, you are in "travel mode" and demand to see the real deal.

The concept you want is Duress Password — which ostensibly unlocks "everything", but hides the things you previously marked for hiding whenever the "duress" password is entered instead of real one.

And you may wish to use it not only to fool overzealous border-guards, but, for example, to hide certain materials from bystanders at Internet-cafes.

There is a "duress" PAM-module in the works for folks compelled to login to their Unix-laptop and a move to add the feature to Cyrus IMAP-server.

But, to reiterate, it is of utmost importance, that your usage of such functionality can not be not only proven, but even suspected. Whoever is in a position to compel you to login, is also in a position to punish you for fooling him...

A "mode" will be detectable — looking at your screen whoever compels you to show it (a criminal or an officer or both-in-one) will be able to tell, you are in "travel mode" and demand to see the real deal.

The concept you want is Duress Password — which ostensibly unlocks "everything", but hides the things you previously marked for hiding whenever the "duress" password is entered instead of real one.

And you may wish to use it not only to fool overzealous border-guards, but, for example, to hide certain materials from bystanders at Internet-cafes.

There is a "duress" PAM-module in the works for folks compelled to login to their Unix-laptop and a move to add the feature to Cyrus IMAP-server.

But, to reiterate, it is of utmost importance, that your usage of such functionality can not be not only proven, but even suspected. Whoever is in a position to compel you to login, is also in a position to punish you for fooling him...

For those who don't know, libsodium is a C library that PHP will be utilizing. It is not a PHP library.

A one character bug? Really?

"one character typo" can cover a wide range of things. Using = instead of == is probablly the most famous but also generally one of the easiest to spot (modern compilers usually have a warning for it). Using the wrong variable is a big one (not helped by the fact that mathematicians love one-character variable names). Using the wrong logical or comparision operator can be another.

Unfortunately TFA doesn't say what the "one character typo" was and looking at their github I don't see any one character typos being fixed recently. I do however see a "two character" typo being fixed though ("||" vs "&&"). I also see some == being change to >= but I *think* that is just a case of making a test more paranoid.

https://github.com/zcoinoffici...

What about the tests?

It takes extreme discipline to carefully create test cases that cover every failure case. All too often people only test that the normal case works as it should and fail to test the error handling.

Microsoft makes money of Open Source software by shaking down companies that deploy it. I.e. they weaponize their software patent portfolio.

That's how they make money from Android.

Recently, they received good press for their Azure patents protection offer, but it is not what it seems at first glance, their is nothing benign about it. It's just a dressed up protection racket.

And while moving their Quantum Computing software to github, gave them press that they "Open Sourced" it, nothing could be further from the truth.

They will try to get a stranglehold on the future of computing, just as they had it in the PC market. They just switched strategy, but this tiger won't change its stripes.

If that is the right repository, then this is the relevant pull request: https://github.com/zcoinoffici...

It is a one line change from two days ago. Apparently the typo was initializing a variable to 1 instead of 0.

Here's the link: http://www.oreilly.com/programming/free/files/open-source-in-brazil.pdf or http://www.oreilly.com/programming/free/files/open-source-in-brazil.mobi or http://www.oreilly.com/programming/free/files/open-source-in-brazil.epub

Source: https://gist.github.com/dotevo/66a3320598ac38a64072ec56f9633e8e

I'm using a 64GB sd card a bit differently. Forget copying things back and forth, that's too much hassle with plenty of room for mistakes.

Instead, get a phone with vendor supplied sdcard backdoor (there's plenty of those, just look for root tutorials of your favorite vendors). For example huawei ones look for dload/update.app, This is made of kernel and squashfs image. You can just rip those from internal ROM, except modify the sdcard version /system squashfs slightly so that fstab mounts sdcard partitions to /cache and /data (running whole system off sd is possible too, but a bit involved to bastardize the rom for it). Put the card in, start the phone and voila - entirely different world boots up, remove the card, and its back to original.

I did this mainly because the sdcard image is rooted and heavily customized, while the internal rom is the original vendors (to not void warranty). But as a side effect, this way you get perfect plausible deniability. Without the sdcard, the phone is pretty much stock, with no indication that entirely different world exist on some card that isn't there.

So MaxScale 2.0 is not freely available for use then?

Probably safer to stick with Percona's ProxySQL https://github.com/sysown/proxysql

Seems like the BS in BSL isn't business source.

... to produce a secure system that is closed source?

It may not make a difference in your argument, but it is worth noting that Fuchsia is currently open source: https://github.com/fuchsia-mir....