github.io · Domains · Slashdot Mirror

Not mainresource integrity by tepples · 2018-01-01 17:04 · Score: 1 · on EFF Applauds 'Massive Change' to HTTPS (eff.org)

Anyone who knows anything about TLS also knows about digital signatures and checkhashes.

What browsers will accept a cipher suite containing only key exchange and HMAC (the "digital signatures and checkhashes") without bulk encryption?

There's even a year-old W3C spec called Subresource Integrity that addresses this problem.

Even if it works for images, style sheets, and scripts, it won't work for the HTML document itself because it's subresource integrity, not mainresource integrity. In addition, Mozilla's page about SRI doesn't mention the ability for an HTTPS document to use SRI to verify cleartext subresources in order to avoid restrictions imposed by browsers' Mixed Content and Secure Contexts policies. Nor does W3C's spec, though section 5.1 "Non-secure contexts remain non-secure" thereof (wisely) suggests not trusting SRI when the main document is cleartext.

No need to guess, here's an example by Cyberax · 2017-12-30 17:43 · Score: 1 · on Ask Slashdot: What Would an AI-Written Poem Look Like?

This article has a nice example of a "poem" written by an AI: http://karpathy.github.io/2015... - the article's author used the works of Shakespeare to train an RNN and then let it hallucinate. The result looks like this:

VIOLA:
Why, Salisbury must find his flesh and thought
That which I am not aps, not a man and in fire,
To show the reining of the raven and the wars
To grace my hand reproach within, and not a fair are hand,
That Caesar and my goodly father's world;
When I was heaven of presence and our fleets,
We spare with hours, but cut thy council I am great,
Murdered and by thy master's ready there
My power to give thee but so much as hell:
Some service in the noble bondman here,
Would show him to her wine.

KING LEAR:
O, if you were a feeble sight, the courtesy of your law,
Your sight and several breath, will wear the gods
With his heads, and my hands are wonder'd at the deeds,
So drop upon your lordship's head, and your opinion
Shall be against your honour.

Other examples are equally interesting. I highly recommend reading that article.

Re:What are good replacement options? by SeaFox · 2017-12-21 07:35 · Score: 1 · on Amazon Music Ending Cloud MP3 Storage, Streaming Option (billboard.com)

While Plex supports both audio and video, you can't cache media locally on devices with Plex without paying $5/mo for a Plex Pass so your concerns about our remote connection will come into play more. If this is more for music you can use Subsonic or Airsonic instead and spend much less/nothing to have local caching and a greater choice in playback apps.

Re:Facebook for Windows Store should go, too. by Hal_Porter · 2017-12-19 12:11 · Score: 1 · on Microsoft Removes Google's Chrome Installer From the Windows Store (theverge.com)

Microsoft have a long history of this sort of thing. Back in the Windows Phone days they banned third party non managed applications but made it clear to Adobe that Adobe would be allowed to use native code for Flash if they wanted to

http://www.itwriting.com/blog/...

Update: The latest on this is that Microsoft's Charlie Kindel says that Adobe will have special native access for Flash, but that no other vendor will have that privilege. This still does not make sense to me. Let's suppose that Windows Phone 7 is a big success. What justification could Microsoft have for supporting the Flash runtime but not the Java runtime, for example? I suspect that Microsoft is chasing the Flash checkbox to one-up Apple; but if Adobe gets native access, others will no doubt follow.

Adobe declined the offer. And amusingly all those technologies are now more or less extinct - Windows Phone's Silverlight and XNA APIs were killed off, and Flash is pretty much dead now too.

The only reason Skype ran on Windows Phone is that Microsoft bought the company so they could deploy Skype's Win32 code signed with the Microsoft key. And then they did a rewrite using ReactXP.

https://microsoft.github.io/re...

Microsoft killed off Windows Phone, but Skype is bundled with Windows 10 and runs on Android and iOS. Android and iOS got the horrible ReactXP rewrite replacing the original native app. I'm not sure if the Windows 10 version is the original Skype Win32 C/C++ code, a WinRT C++ hack of it or the the ReactXP rewrite.

Re:A simple off button would solve everything. by sl3xd · 2017-12-18 09:47 · Score: 1 · on Can Intel's 'Management Engine' Be Repurposed?

Ah, but Enterprise IT wants to be certain their more technically-inclined lusers can't disable the enterprise's ability to "manage" and "audit" the systems they manage. It's literally one of the selling points touted by Intel (and AMD for their equivalent of ME) until recently.

It's not like the machines Enterprise IT buys are any different from the ones I can buy as a consumer, and bulk buyers have a hell of a lot more sway than individual consumers.

Honestly, if you want secure, you gotta use ARM these days. ARM has been formally/mathmatically verified, and there's even a formally verified microkernel.

So we can all cheaply run a Raspberry Pi 3 and get a formally verified hardware and software stack. Or a BeagleBone... or whatever ARM system you want to use.

Sure, there aren't any servers, or even device drivers. It's been decades of work, but you too can have an idle loop that is provably bug-free in both hardware and software!

Re:WebAssembly and SIMD by Hal_Porter · 2017-12-03 04:58 · Score: 1 · on How Converting A C++ Game to JavaScript Gave Us WebAssembly (ieee.org)

They're working on it it Chromium

https://bugs.chromium.org/p/v8...

However this page

https://peterjensen.github.io/...

Complains that SIMD isn't implemented in Chrome 62, and unfortunately it's not implemented in Firefox 57 either.

So the answer is probably no, not yet.

Last time I used SIMD I used the Intel intrinsics in C++. Which are OK, but Visual Studio's C compiler didn't do a particularly good job at generating efficient assembler. Mind you, a vectorizable algorithm will still run faster using the intrinsics than not using them, and the compilers get better with each release. And of course if you use the intrinsics wrapped in a Float32xN class instead of hand rolled assembler it's pretty easy to support other SIMD instruction sets. E.g. 128 bit SSE to AVX512 you just need to fill in the operators with the appropriate intrinsic function and then tell your code to use Float32x16 instead of Float32x4. With hand rolled assembler you'd have to rewrite everything. So they do make sense. AVX512 has gather too -

https://en.wikipedia.org/wiki/...

And if you need to support NEON you can use the NEON intrinsics.

Re:"the code is perpetually scrutinized" by Anonymous Coward · 2017-11-27 17:50 · Score: 0 · on Pentagon To Make a Big Push Toward Open-Source Software Next Year (theverge.com)

I see you've never heard of dbus. Many serious bugs, no solutions in sight except by the dbus-broker guys, who have to intentionally not comply with the spec to fix them. And it's maintained by Redhat, a major corporation in the OSS world.

Re:Skype by Anonymous Coward · 2017-11-22 15:58 · Score: 0 · on Ask Slashdot: What Are Your Greatest Successes and Weaknesses With Wine (Software)?

Additional info: https://microsoft.github.io/re...

Skype by Anonymous Coward · 2017-11-22 13:41 · Score: 0 · on Ask Slashdot: What Are Your Greatest Successes and Weaknesses With Wine (Software)?

Skype is being built on ReactXP, delivering the same client across all platforms including Linux. No need to run Skype through WINE.

https://microsoft.github.io/re...

Searx Metasearch by Flagbrew · 2017-11-15 10:21 · Score: 1 · on Google Returns As Default Search Engine In Firefox (techcrunch.com)

Why wouldn't you just cram an instance of searx on your server and completely be done with the Search Engine Battle?

Fullscreen to go HTTPS-only because phishing by tepples · 2017-11-14 03:24 · Score: 1 · on Ask Slashdot: Which Software/Devices Are Unusable Without Connecting to the Internet? (techdirt.com)

Are your family and friends even going to CARE to try to connect to your network if the internet is down.

Yes, because with the Internet down, at least you have some entertainment stored on your NAS that visitors can view together. This could, for example, include a mirror of Wikipedia's best articles (those in GA, A, and FA classes).

There were plans at some time to make even the Fullscreen API secure-only

Of course you could just have plaintext HTTP enabled on your NAS for media access.

That's possible but impractical once browsers make HTTPS mandatory for using the Fullscreen API in documents served from anywhere but localhost. (The LAN is not localhost.) From the Secure Contexts spec, section 4.3 "Risks associated with non-secure contexts":

The ability to manipulate a user agent’s native UI in some way which removes, obscures, or manipulates details relevant to a user’s understanding of their context. [FULLSCREEN] is a good example.

A proof of concept for phishing using the Fullscreen API exists.

A picture is worth 1k words... by wallstprog · 2017-11-13 08:56 · Score: 1 · on Not Every Article Needs a Picture (theoutline.com)

I agree with a log of the comments here, esp. about those full-screen pics that you have to scroooollllll past before you can even begin to read.

OTOH, a picture can serve as a shortcut for a summary, or help to create interest. For better or worse, the web is largely a visual medium.

In my own case, I started publishing my (technical) blog without pictures, and it just looked boooorrrrrrrinng. So I started sticking whimsical little pictures next to the lede, and I have to say that I think it looks a lot better that way, and I suspect that it helps create interest for people who may just stumble upon it.

FWIW, here's the blog: http://btorpey.github.io/

Obligatory: Intel CPU Backdoor Report (May 5 2017) by Anonymous Coward · 2017-11-08 20:16 · Score: 0, Offtopic · on Intel Recruits AMD RTG Exec Raja Koduri To Head New Visual Computing Group (hothardware.com)

The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is in the CPU/Bridge, and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
@21m43s, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.
[Video Link] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
[Quotes] Vortrag:
"DAGGER exploits Intel's Manageability Engine (ME), that executes firmware code such as Intel's Active Management Technology (iAMT), as well as its OOB network channel."

"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker. Our presentation consists of three parts. The first part addresses how to find valuable data in the main memory of the host. The second part exploits the ME's OOB network channel to exfiltrate captured data to an external platform and to inject new attack code to target other interesting data structures available in the host runtime memory. The last part deals with the implementation of a covert network channel based on JitterBug."

"We have recently improved DAGGER's capabilites to include support for 64-bit operating systems and a stealthy update mechanism to download new attack code."

"To be more precise, we show how to conduct a DMA attack using Intel's Manageability Engine (ME)."

"We can permanently monitor the keyboard buffer on both operating system targets."

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Useful links:
The Intel ME subsystem can take over your machine, can't be audited
REcon 2014 - Intel Management Engine Secrets
Untrusting the CPU (33c3)
Towards (reasonably) trustworthy x86 laptops
30C3 To Protect And Infect - The militarization of the Internet
30c3: To Protect And Infect Part 2 - Mass Surveillance Tools & Software

1. Introduction, what is Intel ME

Short version, from Intel staff:

Re: What Intel CPUs lack Intel ME secondary processor?
Amy_Intel Feb 8, 2016 9:27 AM

The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional part in all current Intel chipsets, I even checked with t

Re:Yeah, about that by Dwedit · 2017-11-07 08:09 · Score: 3, Informative · on Facebook To Fight Revenge Porn by Letting Potential Victims Upload Nudes in Advance (bleepingcomputer.com)

There are image similarity algorithms out there that do not care about the absolute hash of the file, and can detect the same image cropped, scaled, or rotated just fine.
Here is one such algorithm:
https://pippy360.github.io/tra...

Re:Yeah, about that by Dwedit · 2017-11-07 08:05 · Score: 4, Informative · on Facebook To Fight Revenge Porn by Letting Potential Victims Upload Nudes in Advance (bleepingcomputer.com)

There are much better methods of hashing images than stupidly taking a file checksum, such as this one here:
https://pippy360.github.io/tra...

This algorithm here does not care about affine transformations applied to the image, so it can be scaled, rotated, skewed, and still be a match.

use OpenCV and caffe to catagorize your porn by SysEngineer · 2017-10-11 11:33 · Score: 1 · on PornHub Uses Computer Vision To ID Actors, Acts In Its Videos (techcrunch.com)

The biggest issue is categorizing the video/images to create the training set. I am using Convolutional Neural Net to categorize the images.
here is a good primer
https://adeshpande3.github.io/...

Re:I told you so! by pigsycyberbully · 2017-10-11 06:31 · Score: 2, Informative · on Moscow Has Turned Kaspersky Antivirus Software Into a Global Spy Tool, Using It To Scan Computers For Secret US Data (wsj.com)

https://hardenedlinux.github.i...

00 ME: Management Engine

First introduced in Intel’s 965 Express Chipset Family, the Intel Management Engine (ME) is a separate computing environment physically located in the (G)MCH chip (for Core 2 family CPUs which is separate from the northbridge), or PCH chip replacing ICH(for Core i3/i5/i7 which is integrated with northbridge).

The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating system’s memory as well as to reserve a region of protected external memory to supplement the ME’s limited internal RAM. The ME also has network access with its own MAC address through the Intel Gigabit Ethernet Controller integrated in the southbridge (ICH or PCH).

The Intel Management Engine with its proprietary firmware has complete access to and control over the PC: it can power on or shut down the PC, read all open files, examine all running applications, track all keys pressed and mouse movements, and even capture or display images on the screen. And it has a network interface that is demonstrably insecure, which can allow an attacker on the network to inject rootkits that completely compromise the PC and can report to the attacker all activities performed on the PC. It is a threat to freedom, security, and privacy that can’t be ignored.

Use MPV and Clementine instead of VLC by TheOuterLinux · 2017-10-09 10:13 · Score: 3, Interesting · on Windows 10 Update Removes Windows Media Player (betanews.com)

It's much much better, especially on Mac/Linux when it uses youtube-dl to support all these by default: https://rg3.github.io/youtube-.... Need a music player? Use Clementine.

Re:What are the IP ranges? by Zocalo · 2017-10-03 02:21 · Score: 5, Informative · on North Korea Gets Second Route To Internet Via Russia Link (bloomberg.com)

175.45.176.0/22 - this is directly assigned by APNIC and is the DPRK's only known native IP space allocation.
210.52.109.0/24 - this was assigned by China Unicom as part of their connectivity provision for the DPRK, also assigned from the APNIC RIR pool.
77.94.35.0/24 - assigned by SatGate, a Russian satellite communications provider, and is from the RIPE RIR pool.

Presumably, they'll now be adding a further allocation (another /24?) for the fixed line into Russia as well. All data obtained from Your Friendly North Korean Network Observer (no affiliation), which is worth a read if you're curious out the DPRK's Internet infrastructure, such as it is.

Re:Unfortunately, DeepMind is addicted to backprop by wiretrip · 2017-09-16 23:50 · Score: 1 · on Artificial Intelligence Pioneer Says We Need To Start Over (axios.com)

They have been investigating other methods though, like Synthetic Gradients https://iamtrask.github.io/201...

The DNC is corrupt and not worth your support. by jbn-o · 2017-09-16 10:12 · Score: 1 · on More Millennials Would Give Up Voting Than Texting (nypost.com)

I don't know about the rest of you folks but I waited 3 hours in line to vote for Bernie in my primary. That wasn't an accident. Nor was it because of overwhelming turnout.

According to information known at the time and later leaked by WikiLeaks, it was likely because Sen. Bernie Sanders' campaign was a victim of collusion between the Hillary Clinton campaign and the DNC corporation. And if you read the (remarkable but predictably underreported) DNC lawsuit (CAROL WILDING et al. v DNC SERVICES CORPORATION, d/b/a DEMOCRATIC NATIONAL COMMITTEE and DEBORAH âoeDEBBIEâ WASSERMAN SCHULTZ), you'll understand why voting in party primaries is a waste of time. Consider what the DNC corporation's lawyer, Bruce Spiva, said about how that party could have picked a standard bearer (http://jampac.us/wp-content/uploads/2016/07/042517cw2.pdf pages 36-37):

[I]f you had a charity where somebody said, Hey, I'm gonna take this money and use it for a specific purpose, X, and they pocketed it and stole the money, of course that's different. But here, where you have a party that's saying, We're gonna, you know, choose our standard bearer, and we're gonna follow these general rules of the road, which we are voluntarily deciding, we could have — and we could have voluntarily decided that, Look, we're gonna go into back rooms like they used to and smoke cigars and pick the candidate that way. That's not the way it was done. But they could have. And that would have also been their right, and it would drag the Court well into party politics, internal party politics to answer those questions.

There's no obligation for them to pay attention to your primary "votes" and you, Court, keep your nose out of our corporate business. I doubt any court would have told a corporation how to pick its representatives here anyhow, but the lawsuit was worth mounting even though it was likely to lose.

I don't want anyone to have to run YouTube's nonfree Javascript, so either look elsewhere for clips of "Redacted Tonight" (one of the few TV shows to mention this lawsuit which, uncoincidentally, is very revealing of the Democratic Party) or use youtube-dl to download https://www.youtube.com/watch?v=ZoSYC45cl6k and https://www.youtube.com/watch?v=V_fdBqISODQ for information on the class action lawsuit and how it ended.

Re:JBoss Development? by snookiex · 2017-09-13 07:56 · Score: 1 · on Java EE Is Moving To the Eclipse Foundation (adtmag.com)

And Glassfish, the Java EE application server inherited from Sun and supported by Oracle, seems to be doomed to oblivion. Happily, the project was forked.

Re:My add-on list: All are marked as "Legacy". by Anonymous Coward · 2017-09-07 10:57 · Score: 0 · on AskSlashdot: How Do You See Your Life After Firefox 52 ESR? (mozilla.org)

Mozilla is intentionally getting rid of heavyweight themes and not providing any replacement. Mozilla has a web site listing their most popular extensions, with user counts, and Classic Theme Restorer is not in the "Most Widely Adopted" extensions list even though it has more users than other extensions in that list like Xmarks Sync. It is pretty clear that they know it exists and is popular and they don't care because XUL is too uncool for web developers.

Re:If an ad can click Allow, it's a serious bug by tepples · 2017-09-07 04:02 · Score: 1 · on Chrome 61 Arrives With JavaScript Modules, WebUSB Support (venturebeat.com)

Last I checked javascript can take over the cursor.

I assume you're referring to the pointer lock API. Running the linked demo of the pointer lock API doesn't engage until the user makes a gesture on the playfield, and then it shows a pop-up notification that a particular origin has control of the mouse pointer. This notification states the domain with control and that the user can press the Esc key to end pointer lock. And when pointer lock ends, the pointer is in the same position it was when pointer lock began.

Re:Windows and Linux support by TheFakeTimCook · 2017-08-30 08:03 · Score: 3, Informative · on APFS Is Not Optional (apple.com)

Nope. Not even close. Other operating systems tend to be much more accommodating. Either the OS vendor itself is more accommodating or the end users pick up the slack.

You're so full of shit it's running out your ears.

Natively, macOS can read/write the following filesystems:

APFS, HFS, HFS+, NTFS, FAT32, exFAT, ext2 (or maybe later).

And with MacFuse, it can read/write more.

https://osxfuse.github.io/

So, what were you saying, again?

Google alone has presence on 85%+ of top domains by joelpurra · 2017-08-25 02:36 · Score: 1 · on Ask Slashdot: How Much of Your Online Browsing Can Advertisers See?

Shameless self-promotion of my master's thesis on third-party tracking follows; see full PDF for numbers backing up claims. A paper based on the thesis also got published by IEEE.

I'm uncomfortable being "monitored" and "logged" -- but worry less about visible advertisements, and more about either hidden web beacons or visible (but desirable) content served by known tracker organizations. Adblockers can block most visible ads, and you'll notice if one slips through -- but fewer care about less blinky-flashy tracking.

Google is the king here; they have embedded fonts, videos, maps, analytics scripts -- and own one or more ad networks. Google alone has resources present and loaded from 85%+ of global top sites. That includes domains protected by HTTPS, which doesn't actually protect against "active tracking." Among others, these numbers dwarf those of Facebook and Twitter -- and any other ad/tracker network that I know of; see Table C.14 for some Google services such as DoubleClick, Analytics, Maps, Youtube, Fonts, APIs.

For my master's thesis (2014-2015) I asked a similar, but broader, question: how prevalent are third-party resources on websites/domains? Turns out most domains in Alexa's top 10.000 sites have some kind of resource (image, script, video, fonts, ads, and so on) from another domain (internal/external CDN, content provider, advertising network, etcetera). Downloaded the front page of some 150.000 domains to compare; the pattern continues across other sets of domains. See Appendix C in the PDF for lots of numbers and graphs.

My personal tips: if you're stubborn, use uMatrix to block/unblock resources per origin domain and resource type. If you're even more stubborn, edit the settings to blacklist all non-first party resources and only whitelist what you'd like to see -- but expect a steep learning curve. Your boss is probably more comfortable with uBlock Origin.

Re:not properly restricted by Anonymous Coward · 2017-08-05 17:52 · Score: 1 · on Browser Extensions Are Undermining Privacy (vortex.com)

If the domain name isn't part of the [content of] requested page then it should require explicit permissions to access it.

You know, there's an extension for that: Request Policy.

Obligatory:Intel CPU Backdoor Report (May 5 2017) by Anonymous Coward · 2017-08-03 18:23 · Score: -1, Flamebait · on Intel's Upcoming Coffee Lake CPUs Won't Work With Today's Motherboards (pcworld.com)

The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
[Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
@21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

[Quotes] Vortrag:
"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

"We can permanently monitor the keyboard buffer on both operating system targets."

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Useful links:
The Intel ME subsystem can take over your machine, can't be audited
REcon 2014 - Intel Management Engine Secrets
Untrusting the CPU (33c3)
Towards (reasonably) trustworthy x86 laptops
30C3 To Protect And Infect - The militarization of the Internet
30c3: To Protect And Infect Part 2 - Mass Surveillance Tools & Software

1. Introduction, what is Intel ME

Short version, from Intel staff:

Re: What Intel CPUs lack Intel ME secondary processor?
Amy_Intel Feb 8, 2016 9:27 AM

The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional part in all current Intel chipsets, I even checked with the engineering department and they confirmed it.

Long version:

ME: Management Engine

The Intel Management Engine (ME) is a separate computing environment physically located in the MCH chip or PCH chip replacing ICH.

The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating system's memory as well as to reserve a region of protected external memory to supplement the ME's limited internal RAM. The ME also has network access with its own MAC address through the Intel Gigabit Ethernet Controller integrated in the southbridge (ICH or

Re:Has no one heard of Handbrake? by Pathwalker · 2017-07-30 10:28 · Score: 4, Informative · on Petition Asks Adobe To Open-Source Flash To Preserve Internet History (bleepingcomputer.com)

The "big deal" is things beyond simple video content.

* Vector animations, that would lose quality if they were rasterized and compressed.
* Interactive presentations; where rendering to a normal video and compressing it would strip out the interactive aspects.
* Old games; it was easy for people who were learning how to create games to get started with flash, and there is a huge corpus of games out there which represent an interesting segment of indie game development history.

Hopefully things like Shumway will provide a path forward for viewing old content in the future.

Suggested Software by TheOuterLinux · 2017-07-21 23:53 · Score: 1 · on Ask Slashdot: Ubuntu 18.04 LTS Desktop Default Application Survey

Web Browser: Firefox+w3m
- I suggested w3m as well because you can change the user agent to mobile Safari and then set the external web browser short cut to "mpv -ytdl --vo=opengl --ao=alsa" (install mpv) and it will play the mobile formats (mp4, etc.) that youtube-dl supports, even in TTY environment.
Email Client: Thunderbird
- But you need to include Enigmail and Lightning by default
Terminal: xfce4-terminal + tmux
IDE: Geany
File manager: Thunar
- Thunar is very light and fast, but also has lots of ways to customize. I have no idea why anyone likes Nautilus or Nemo; if logging in and using 1GB+ of RAM at start is okay with you, score one for GNOME or Unity; Pantheon is pretty bad about it too.
Basic Text Editor: Gedit
IRC/Messaging Client: Hexchat, irssi
PDF Reader: Evince
Office Suite: LibreOffice
Calendar: gxul-ext-lightning
Video Player: mpv+youtube-dl
- mpv is much better than mplayer or VLC and is very easy to use. To open a URL, you just type "mpv https://..../" and youtube-dl will usually do the rest for you, including streaming sites like Twitch. The support list is here: https://rg3.github.io/youtube-.... You will get the most bang per buck this way.
Music Player: Clementine
Photo Viewer: Viewnior, Shotwell
Screen recording: gtk-recordmydesktop

If software isn't available as a .deb, but as source code or .rpm, please don't make a snap for it. Snaps feel too much like "closing" open source software and dangerously close to having Ubuntu creating its own version of Windows exe's; actually, that's exactly what it is.

Re:Android updates sold me on IOS by Spy+Handler · 2017-07-18 08:39 · Score: 1 · on Apple's Risky Balancing Act With the Next iPhone (macworld.com)

I mean the FILE link listed on the webpage is broken. This one:

You can disable automated downloading of iOS updates by installing the following tvOS Beta Configuration Profile.

Re:Android updates sold me on IOS by sexconker · 2017-07-18 08:33 · Score: 1 · on Apple's Risky Balancing Act With the Next iPhone (macworld.com)

Works for me. Here it is. I even manually preserved the link and converted < and > and stupid "smart" quotes for you so Slashdot wouldn't eat them.

Disabling iOS OTA Updates
Written on February 9, 2016

This is a three-fold process. One, disabling check and automated download of new OTA updates. Two, removing badge "1" on Settings app. Three, removing downloaded, but not yet installed OTA packages.
Step One
Disabling automated checking and download of new OTA updates

You can disable automated downloading of iOS updates by installing the following tvOS Beta Configuration Profile.

iPhone checks whether an update is available through a special XML document at mesu.apple.com. This configuration profile redirects the check to only look for beta updates available for the Apple TV. Since your iPhone is not an Apple TV, the redirected catalog check will make your device "believe" iOS is up-to-date.

The configuration profile is cryptographically signed by Apple (in fact, configuration profile that redirects OTA update catalog through "Internal Settings" will fail to install if it is not), therefore, can be trusted. Other than adding a "Feedback" icon that you can dump into any folder at any time, this configuration profile does not negatively affect your iPhone's performance or battery life. Don't worry. It is not possible for your phone to suddenly install tvOS.

Alternatively, you can also block "mesu.apple.com" through your router settings. However, as you connect your devices to Wi-Fi hotspots that you do not have control of, this would be rendered uneffective.

Step Two
Removing badge "1" on Settings app

1) You can remove the "1" badge on Settings app icon through backing up your iPhone, then open up the backup in iBackupBot.

2) After that, go to the following directory. /System Files/Home Domain/Library/Preferences

Then double click to open the following file:

com.apple.Preferences.plist

Then locate the following key:

<key>kBadgedForSoftwareUpdateKey</key>

Then change the value from its initial value...

<true/> ...into:

Then locate the following key:

<key>kBadgedForSoftwareUpdateJumpOnceKey</key>

Then change its value from...

<true/> ...into:

Then click save and close the window.

3) Select the following file

com.apple.Preferences.plist

Then click Restore in the toolbar. When prompted, untick the third option and only tick "Don't copy backup" and "Reboot device after restore (Recommended)". Then click OK. Your phone will reboot.

4) Navigate to the following folder in iBackupBot: /System Files/Home Domain/Library/BackBoard

Then, double click to open the following file:

applicationState.plist

Then, locate the following key:

<key>com.apple.Preferences</key>

In the key, find the following entry:

<key>SBApplicationBadgeKey</key>

Then change the value of the entry from:

<integer>1</integer> ...into

Then click save and close the window.

5) Select applicationState.plist file and click Restore in the toolbar. When prompted, untick the third option and only tick "Don't copy backup" and "Reboot device after restore (Recommended)". Then click OK. Your phone will reboot.

If everything went well, your phone's Settings app should no longer be badged. However, it is possible for the changes to not take effect. If that's the case for you, repeat (5).

Step Three
Removing downloaded, but not yet installed OTA packages.

You can remove existing downloaded OTA packages at Settings - General -

Re:Android updates sold me on IOS by Anonymous Coward · 2017-07-18 07:22 · Score: 1 · on Apple's Risky Balancing Act With the Next iPhone (macworld.com)

Blocking it in your router doesn't help when you connect to a different wifi network. Instead, install the tvOS beta profile - your phone will never download an update because no tvOS version exists that will run on it. I've been blissfully update-nag-free for over 6 months using this.

https://writekay.github.io/Dis... (skip step 2 which is stupid, convoluted,and totally unnecessary)

My bigger concern than bloat is the horrific regressions in user interface that I've seen, particularly starting with iOS 10. Notification Center is a total shitshow, as is the Music app. It's like nobody at Apple even uses their crap anymore. Or more likely, Jony Ive has been given way too much power, and the smart people who actually understand good UI (make things obvious and minimize taps/swipes to do things) are being silenced. Sad.</trumpvoice>

Register variables by tepples · 2017-07-13 03:19 · Score: 1 · on Ask Slashdot: How Do You Read Code?

God, you're one of those people who uses single letter variable names and think it saves time, aren't you?

The MOS 6502 processor has single-letter register names (A, X, Y, P, and S), and the most commonly used C compiler distributed as free software isn't nearly as good at optimizing as even an average assembly language programmer. Thus coding directly in assembly language can save a lot of CPU time. And if a variable fits in the X or Y register, I might add a comment to the effect:

; here, X is the actor ID and Y is the animation frame number

Any variable that spills out to the local variable area on zero page gets a more descriptive name, such as ceiling_ht or mapsrc.

Youtube-DL by Trikoloko · 2017-07-07 05:08 · Score: 2 · on Stream-ripping Is 'Fastest Growing' Music Piracy (bbc.com)

youtube-dl FTW. Hint: it handles more than youtube, and has one cajillion command line options to suit you necessities.

Obligatory:Intel CPU Backdoor Report (May 5 2017) by Anonymous Coward · 2017-06-25 12:08 · Score: 0, Offtopic · on New HyperThreading Flaw Affects Intel 6th And 7th Generation Skylake and Kaby Lake-Based Processors (hothardware.com)

The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
[Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
@21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

[Quotes] Vortrag:
"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

"We can permanently monitor the keyboard buffer on both operating system targets."

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Useful links:
The Intel ME subsystem can take over your machine, can't be audited
REcon 2014 - Intel Management Engine Secrets
Untrusting the CPU (33c3)
Towards (reasonably) trustworthy x86 laptops
30C3 To Protect And Infect - The militarization of the Internet
30c3: To Protect And Infect Part 2 - Mass Surveillance Tools & Software

1. Introduction, what is Intel ME

Short version, from Intel staff:

Re: What Intel CPUs lack Intel ME secondary processor?
Amy_Intel Feb 8, 2016 9:27 AM

The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional part in all current Intel chipsets, I even checked with the engineering department and they confirmed it.

Long version:

ME: Management Engine

The Intel Management Engine (ME) is a separate computing environment physically located in the MCH chip or PCH chip replacing ICH.

The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating system's memory as well as to reserve a region of protected external memory to supplement the ME's limited internal RAM. The ME also has network access with its own MAC address through the Intel Gigabit Ethernet Controller integrated in the southbridge (ICH or

Obligatory:Intel CPU Backdoor Report (May 5 2017) by Anonymous Coward · 2017-06-25 12:07 · Score: 1, Insightful · on New HyperThreading Flaw Affects Intel 6th And 7th Generation Skylake and Kaby Lake-Based Processors (hothardware.com)

The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
[Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
@21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

[Quotes] Vortrag:
"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

"We can permanently monitor the keyboard buffer on both operating system targets."

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Useful links:
The Intel ME subsystem can take over your machine, can't be audited
REcon 2014 - Intel Management Engine Secrets
Untrusting the CPU (33c3)
Towards (reasonably) trustworthy x86 laptops
30C3 To Protect And Infect - The militarization of the Internet
30c3: To Protect And Infect Part 2 - Mass Surveillance Tools & Software

1. Introduction, what is Intel ME

Short version, from Intel staff:

Re: What Intel CPUs lack Intel ME secondary processor?
Amy_Intel Feb 8, 2016 9:27 AM

The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional part in all current Intel chipsets, I even checked with the engineering department and they confirmed it.

Long version:

ME: Management Engine

The Intel Management Engine (ME) is a separate computing environment physically located in the MCH chip or PCH chip replacing ICH.

The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating system's memory as well as to reserve a region of protected external memory to supplement the ME's limited internal RAM. The ME also has network access with its own MAC address through the Intel Gigabit Ethernet Controller integrated in the southbridge (ICH or

storing data in the US by KiloByte · 2017-06-25 01:53 · Score: 1 · on Does US Have Right To Data On Overseas Servers? We're About To Find Out (arstechnica.com)

Take a look at this propaganda piece against Scaleway (that they're somehow inferior for obeying the speed of light).

At this point, I quite don't see a rational person hosting their data in the US or at a company with US presence. Because, you see, you got the 4th Amendment, we don't, right?

Obligatory:Intel CPU Backdoor Report (May 5 2017) by Anonymous Coward · 2017-06-15 14:57 · Score: 0 · on CIA Created 'CherryBlossom' Toolkit For Hacking Hundreds of Routers Models (bleepingcomputer.com)

The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
[Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
@21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

[Quotes] Vortrag:
"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

"We can permanently monitor the keyboard buffer on both operating system targets."

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Useful links:
The Intel ME subsystem can take over your machine, can't be audited
REcon 2014 - Intel Management Engine Secrets
Untrusting the CPU (33c3)
Towards (reasonably) trustworthy x86 laptops
30C3 To Protect And Infect - The militarization of the Internet
30c3: To Protect And Infect Part 2 - Mass Surveillance Tools & Software

1. Introduction, what is Intel ME

Short version, from Intel staff:

Re: What Intel CPUs lack Intel ME secondary processor?
Amy_Intel Feb 8, 2016 9:27 AM

The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional part in all current Intel chipsets, I even checked with the engineering department and they confirmed it.

Long version:

ME: Management Engine

The Intel Management Engine (ME) is a separate computing environment physically located in the MCH chip or PCH chip replacing ICH.

The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating system's memory as well as to reserve a region of protected external memory to supplement the ME's limited internal RAM. The ME also has network access with its own MAC address through the Intel Gigabit Ethernet Controller integrated in the southbridge (ICH or

Re:cause vs correlation. by kiminator · 2017-06-15 11:32 · Score: 1 · on Developers Who Use Spaces Make More Money Than Those Who Use Tabs (stackoverflow.blog)

There may also be policies related to use of spaces vs. tabs at the specific companies people work for. For example, Google's C++ style guide requires using spaces for indentation.

My experience has been that spaces are markedly superior to tabs in shared projects, for the reason that different developers are likely to have different editor settings. If I write some code, I might not realize at the time of writing that I've accidentally mixed some tabs and some spaces. But the moment I send the code to somebody else who uses a different editor with a different tab setting, that code will have weird formatting. And even if the original author was consistent about using tabs everywhere, a different tab setting would make lines end at different locations, potentially making for odd line breaks.

I'd be willing to bet that this consistency argument makes it so that companies working on large codebases with lots of developers are more likely to require use of spaces than not, and they probably also have higher salaries.

Re:9th Circuit gets slapped down...again by clodney · 2017-06-12 09:52 · Score: 1 · on Microsoft Wins Xbox Class-Action Fight at US Supreme Court (reuters.com)

You'd think they were out of the mainstream of jurisprudence, judging by how often that happens.

It is not nearly so clear cut as that. The huge majority of all cases decided by any appeals court never make it to the Supreme Court, so if you look at the likelihood of any given ruling being reversed by the Supreme court, it is on the order of 0.1%.

And the 9th Circuit is the biggest circuit, so if you talk in absolute numbers it will have the most ruling reviewed and overturned, just because it hears the most cases.

Depending on how you do the math and what period you analyze, the 9th Circuit is not even the most overruled circuit - that distinction goes to the Court of Appeals for the Federal Circuit, which incidentally handles patent filings.

This site has some good information: http://ellisp.github.io/blog/2...

Obligatory:Intel CPU Backdoor Report (May 5 2017) by Anonymous Coward · 2017-06-09 05:20 · Score: 4, Interesting · on Intel: Steer Clear Of Our Patents (axios.com)

The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
[Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
@21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

[Quotes] Vortrag:
"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

"We can permanently monitor the keyboard buffer on both operating system targets."

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Useful links:
The Intel ME subsystem can take over your machine, can't be audited
REcon 2014 - Intel Management Engine Secrets
Untrusting the CPU (33c3)
Towards (reasonably) trustworthy x86 laptops
30C3 To Protect And Infect - The militarization of the Internet
30c3: To Protect And Infect Part 2 - Mass Surveillance Tools & Software

1. Introduction, what is Intel ME

Short version, from Intel staff:

Re: What Intel CPUs lack Intel ME secondary processor?
Amy_Intel Feb 8, 2016 9:27 AM

The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional part in all current Intel chipsets, I even checked with the engineering department and they confirmed it.

Long version:

ME: Management Engine

The Intel Management Engine (ME) is a separate computing environment physically located in the MCH chip or PCH chip replacing ICH.

The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating system's memory as well as to reserve a region of protected external memory to supplement the ME's limited internal RAM. The ME also has network access with its own MAC address through the Intel Gigabit Ethernet Controller integrated in the southbridge (ICH or

Re:It's not a thing by Cerlyn · 2017-06-08 14:39 · Score: 2 · on Ask Slashdot: What Is Your View On Sloot Compression? (youtube.com)

For instance, Zstandard lets you precompute a dictionary of common strings you want to shorten. Imagine if you trained it on HTML so that each tag or other common string just takes a few bits, then you can distribute that dictionary to the whole world so that you can save the bandwidth of transmitting it alongside the compressed data each and every time (like we do with Zip, Gzip, etc.).

HTTP/2.0 actually does this for HTTP headers as part of the HTTP Header Compression specification.

Obligatory:Intel CPU Backdoor Report (May 5 2017) by Anonymous Coward · 2017-06-08 08:24 · Score: 5, Informative · on Malware Uses Obscure Intel CPU Feature To Steal Data and Avoid Firewalls (bleepingcomputer.com)

The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
@21m43s, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.
[Video Link] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
[Quotes] Vortrag:
"DAGGER exploits Intel's Manageability Engine (ME), that executes firmware code such as Intel's Active Management Technology (iAMT), as well as its OOB network channel."

"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker. Our presentation consists of three parts. The first part addresses how to find valuable data in the main memory of the host. The second part exploits the ME's OOB network channel to exfiltrate captured data to an external platform and to inject new attack code to target other interesting data structures available in the host runtime memory. The last part deals with the implementation of a covert network channel based on JitterBug."

"We have recently improved DAGGER's capabilites to include support for 64-bit operating systems and a stealthy update mechanism to download new attack code."

"To be more precise, we show how to conduct a DMA attack using Intel's Manageability Engine (ME)."

"We can permanently monitor the keyboard buffer on both operating system targets."

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Useful links:
The Intel ME subsystem can take over your machine, can't be audited
REcon 2014 - Intel Management Engine Secrets
Untrusting the CPU (33c3)
Towards (reasonably) trustworthy x86 laptops
30C3 To Protect And Infect - The militarization of the Internet
30c3: To Protect And Infect Part 2 - Mass Surveillance Tools & Software

1. Introduction, what is Intel ME

Short version, from Intel staff:

Re: What Intel CPUs lack Intel ME secondary processor?
Amy_Intel Feb 8, 2016 9:27 AM

The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional part in all current Intel chipsets, I even checked wit

Obligatory:Intel CPU Backdoor Report (May 5 2017) by Anonymous Coward · 2017-06-08 08:22 · Score: 5, Informative · on Malware Uses Obscure Intel CPU Feature To Steal Data and Avoid Firewalls (bleepingcomputer.com)