Slashdot Mirror

Already happening: https://hackaday.com/2019/04/0...

In the older time to place a microphone somewhere hou have had to be really clever, like one that invents elecronic musical instruments: Theremin's bug now ir way way easier to russians to spy, because we have tons of micophones in appliance connected to a communication network...

Sure thing. Check out what these college students put aloft in Singapore earlier this year. Some pretty crazy thresholds are being crossed and on very accessible budgets. Hooray for today!

...and then there's guys like Woz...

By "build their own" do you mean out of individual logic gates, like Kevin Horton's NANDputer?

Hell, no.

There is a firm rule in my household: The children must build their computers using only NOR gates.

By "build their own" do you mean out of individual logic gates, like Kevin Horton's NANDputer? Or did you mean build a desktop computer out of motherboard, case, PSU, CPU, RAM, HDD, GPU, and whatever else is needed? Or somewhere in between?

The findings about solar flares and ball bearings was specifically about reaction wheels: https://hackaday.com/2018/09/1...

The gyros are for sensing orientation, although they do also contain ball bearings so might be afflicted by the same root cause. The same units also have components with the ability to create a magnetic field to push on the Earth's in order to help when the reaction wheels are saturated.

https://www.spacetelescope.org/about/general/gyroscopes/

https://hackaday.com/2018/09/1...

Mod parent up!

Tons of very useful links from the hackaday link, in no particular order:

http://linux-sunxi.org/Main_Pa... http://www.lindeni.org/lindeni... https://www.elecrow.com/ https://gist.github.com/probon... https://www.amazon.com/gp/prod... https://www.reddit.com/r/elect... https://github.com/petit-miner... https://www.pine64.org/?produc... https://www.pine64.org/?produc... https://www.pine64.org/?produc... https://www.board-db.org/ https://github.com/NextThingCo... https://detail.1688.com/offer/... https://detail.1688.com/offer/... https://www.aliexpress.com/ite... https://github.com/NextThingCo

Plus this ---> How to hand solder the Allwinner chip

Last, but not least, the following 3 youtube links for more soldering tips and tricks:

https://www.youtube.com/result...
https://www.youtube.com/watch?...
https://www.youtube.com/result...

https://hackaday.com/2018/09/1...

Mod parent up!

Tons of very useful links from the hackaday link, in no particular order:

  http://linux-sunxi.org/Main_Pa...
  http://www.lindeni.org/lindeni...
  https://www.elecrow.com/
  https://gist.github.com/probon...
  https://www.amazon.com/gp/prod...
  https://www.reddit.com/r/elect...
  https://github.com/petit-miner...
  https://www.pine64.org/?produc...
  https://www.pine64.org/?produc...
  https://www.pine64.org/?produc...
  https://www.board-db.org/
  https://github.com/NextThingCo...
  https://detail.1688.com/offer/...
  https://detail.1688.com/offer/...
  https://www.aliexpress.com/ite...
  https://github.com/NextThingCo

Plus this ---> How to hand solder the Allwinner chip

https://hackaday.com/2018/09/1...

Mod parent up!

Tons of very useful links from the hackaday link, in no particular order:

http://linux-sunxi.org/Main_Pa...
http://www.lindeni.org/lindeni...
https://www.elecrow.com/
https://gist.github.com/probon...
https://www.amazon.com/gp/prod...
https://www.reddit.com/r/elect...
https://github.com/petit-miner...
https://www.pine64.org/?produc...
https://www.pine64.org/?produc...
https://www.pine64.org/?produc...
https://www.board-db.org/
https://github.com/NextThingCo...
https://detail.1688.com/offer/...
https://detail.1688.com/offer/...
https://www.aliexpress.com/ite...
https://github.com/NextThingCo

https://hackaday.com/2018/09/1...

This is a good start:

https://hackaday.com/2018/07/2...

Or you could just stop buying stupid gimmicks. VR is the modern lightgun.

And some people love their Duck Hunt so much that they cook up homemade solutions involving a Wii Remote, an Arduino MCU kit, and a Raspberry Pi single-board computer to force a Zapper to work with a modern TV. See "Tricking Duck Hunt to See A Modern LCD TV as CRT" by Jenny List.

I support reasonable copyright laws (ours have become overkill now), but it is a crazy position for Nintendo to "protect" intellectual "property" which they no longer license or sell to the public.

I'm in the same boat. Our copyright laws are a mess, but a good idea in general. Nintendo.... DOES license and sell this stuff to the public. Most of it anyway. A decade ago that wasn't true and I was pirating ROMS right and left and wholly supporting tearing down copyright law as laughably out of date because all this was abandonware that you couldn't get elsewhere. Bullshit artificial scarcity where there was no cause.

Nintendo took down ROM sites then too and I raged. Like a piece of my childhood and culture was being destroyed for no reason. And then the Wii had an emulator built in. And then everything had an emulator built in so you could keep buying Zelda over and over again. All them. Every game, rebought on every system.

And I'm ok with that. They can sell what they want.

BUT. I consider any license or contract which stipulates how you're going to use their data to be bullshit. Here's a number, but don't you DARE put it on a TI calculator, we only let you put it on a Casio calculator. Pft, utter bullshit. If you bought Zelda, the first one, in any capacity in any format for any system, you should have the right to use peek into that cartridge and use that big long string of binary however you see fit. Same way that if you buy a CD you can rip it to your computer and listen to it on your 32MB MP3 player with real LCD screen. Or if you buy Zelda again on their latest platform and do some crazy hardware RAM probing and extract the ROM out of it... and then shoe-horn it into some sort of NES cartridge reverse emulation... all the more power to you because that ought to be legal.

Homebrew Pancreas Gets 30 Minutes of Fame

That the innovation isn't present... it's all just standard kit and standard batteries bolted together with the one thing that they WOULDN'T want to replicate as he's done it - the automated driving computer.

I guess you've missed the multiple battery tear-down articles going back 4 years.

see: https://hackaday.com/2018/07/0...

Sadly I can't find a good source in the amount of time I promised I'd limit myself to looking
Here
https://hackaday.com/2011/03/1...
I think you may have a better time including germanium doping in your search but you have to understand i only allow myself a limited amount of time to respond to posts I make in bad faith. Unfortunately yours happens to be cool.

Search for 'flat earth', 'vaccine autism', 'creation science', 'labor economics', 'sociology' etc etc.

The thing they have in common? The people involved wouldn't know science if it bit them on the ass. Instead they grind axes.

And all of the "real science" that encourages citizen participation only has the citizens doing trivial things.

Things like running "Folding@Home", viewing astronomical photographs looking for potentially interesting things, sending in local samples for analysis - things that any high-school kid could do.

Find something in the astronomical photograph and you'll be listed as the discoverer, along with the *real* scientist who did the analysis. Send in a sample and you'll be listed as the contributor, along with the *real* scientists who wrote the paper.

(St. Louis zoo was passing out vials, asking people to find local samples of algae and send them back to be cultured. They were looking for high-yield cultures that could be used for aquaculture. A fine idea, and interesting for a child, but not actual citizen science.)

I've seen a bunch of YouTube videos that did brilliant technical comparisons of techniques or materials. One in particular - that I can't find at the moment - had everything one would need for a paper: background, hypothesis, test, measurement, and results. It would make a typical paper in materials science, except it was in video format. It was simple, concise, and had a clear result. (Update: it's here.)

If you want a platform for citizen science, you might try Hackaday.io. They are trying to start an actual scientific journal to collect some of the results that amateurs are coming up with, The Hackaday Journal of What You Don't Know.

Whether the journal goes anywhere is anybody's guess, but the .io system has a lot of cool scientific projects that might make for good research. Such as this one, or this one.

Hackaday did a recent article about a clock prop that was cut from the movie.

Also, we've basically got video phones now, although it's clunky and more difficult to use than a phone call was back then.

(Back in the 50's and 60's, you could dial a number and be connected to the other phone in about 2 seconds. It would ring and they'd pick up, or not if they weren't home, and the audio was clear and crisp, you could make out other people talking in the background, and hear sounds from their environment. Fast forward to today, and see how difficult it is to use Skype to call your grandparents.)

here check this out..

https://hackaday.com/2018/03/2...

must be better then the crap they are posting here..

Star Trek's transporter is sort of a combination cloning machine and suicide booth, unless you believe that a person's consciousness is some incorporeal thing that will link to any brain with a certain configuration of neurons - in which case, what happens in a transporter malfunction that fails to destroy the body that went into it and produces a copy?

I explained my personal theory of what defines a human consciousness in this hackaday post.

That's about as realistic as sabotaging your neighbor's new laptop by feeding it programs written for the Commodore 64.

Yeah, about that...

After seeing the text I noticed that the link, https://hackaday.com/2018/01/0... , didn't show the problem it was discussing. The title of the page was speculative-execution-was-a-troublemaker-for-xbox-360.

Well the Register and Wikipedia seem to be in partial agreement with you about his influence on the Pentium. But the thing I heard about was before the Pentium was designed. That's all that showed up on the first page of a Google search. The earliest reference I quickly located was
https://hackaday.com/2018/01/0...
But this clearly isn't what I was referring to. The article I read wasn't about something in production, but rather about an approach to design that was being discussed.

That you couldn't find it on Google isn't a real surprise, as most such things never made it to the internet. That only happens if copyright has expired AND someone is interested enough to put it there. Even then you've got to wonder about the accuracy, because someone that interested often has an axe of some sort to grind. If it came out of the Internet Archive or the Gutenberg Project I'd trust it, but from somebody I don't know....probably not.

Haha, I designed lithium smart battery packs in use in the field right now and I dare you to make less sense. Tesla packs not only have series and parallel strings, it can dynamically rewire itself around problem cells. It is insulated and has a heating and cooling system akin to a radiator. Take a look at a teardown before posting stuff you have no idea about.

The backlash alone would be enough to destroy this entire "blacklist" justification.

Yeah, logic would certainly make you that, doesn't it ?

But I suggest you read "tepples" response. We are not their customers, the content industry is.

Mind providing a link or two to prove this stupidity is actually being used today

I guess googeling yourself for a bit first is to hard for ya ?

But here you go:

https://hackaday.com/2014/09/0...
(from the top)

https://en.wikipedia.org/wiki/...
(Chapter Encryption, paragraph 5)

http://www.aacsla.com/specific... <-- This is the spec itself.
(4.12 Updating Host Revocation List in Non-volatile Memory of Licensed Drive)

Blu-Rays and players can do a lot. Doesn't mean every feature is used (or abused).

Its your choice to trust a consortium not to wield that power. I personally don't like to be at their mercy like that.

Also:
https://news.slashdot.org/stor...

But than again, lots of people have no problem with using all kinds of stuff with attached services where they are at the full mercy of a company.
Online games come to mind.
Payment processors like PayPal that are not banks and as such are not regulated and can freeze your account for months on end.
Web-"enabled" (read: won't work without it). Expensive IoT gadgets (room temperature controllers, hue lamps, front door locks, etc).
(i)Phones which own you instead of the other way around.
Deere tractors.

Human kind seems to be rather good good at chanting the "that won't happen to me" mantra.

The PoC might have been written "in Javascript", but that doesn't mean it can be exploited by a random script referenced by an untrusted web page somewhere...

Actually, that's exactly what it means. Why do you think they went through the effort of dropping support for high resolution timers? https://hackaday.com/2018/01/0...

How are you this dense?

https://hackaday.com/2011/07/2...

At which point I go to the Knotted Rope Pulley AND Gate method.
https://hackaday.com/2014/05/30/using-pulleys-and-weights-to-explain-binary-logic-gates/

Or are you under the impression that strings, wheels, and weights are rare?

The modern global economy has, overall, destroyed more jobs than it has created over the years. That's why we need a welfare state under a global economy, where labor not in surplus in an isolated market.

Side step the corroded copper!

https://www.extremetech.com/ex...

https://hackaday.com/2017/04/1...

https://thenewstack.io/laser-r...

https://hackaday.com/2011/07/14/did-microsoft-steal-the-kinect/

And for sure they will discover that with ham radio you can talk just like with skype! Having them to embrace ARRL will be the last straw for a dead hobby.

And this great new mouse!!!

http://hackaday.com/2010/09/30...

This sums up my experience.
http://hackaday.com/2017/06/19...

May be just a rumor, I've heard of it more than once recently. Here's one instance:

https://hackaday.com/2016/11/2...

Businesses should not switch to biometric passwords. They could use biometry for convenience paired with password for security, but biometry isn't enough for one main reason: if someone figures a way of replicating even a single biometric identification, the whole system is defeated.
It's a difference between replacing a single user password versus possibly having to recall and replace all hardware, and the entire system behind it.

You can easily replace passwords. Biometrics cannot be replaced.
It uniquely identifies people and is uniquely tied to each one, which also creates a problem regarding privacy.
It's always a bad idea to use something that is uniquely identifiable as a password, because you end up running in scenarios where anonymity becomes impossible.

And in the end, the problem with security systems is that they are prone to failure due to a bunch of different factors.
Smartphone fingerprint readers were easily defeated just recently because they were implemented to work faster.
http://www.computerworld.com/a...
Technology catches on. We'll always be one step from a scanner with high enough resolution and a printer of some sort with high enough definition and usage of the right materials.

You know what people said about fingerprint readers in the past? That it would be close to impossible to replicate because of how complex our fingerprints are. That argument being made by Harvard Business Review in the end of the quote is just the same. We can't assume how hard it's gonna be to replicate even if you are tying a bunch of biometrics together because it hasn't been out yet, nor there's any incentive for people to break it just yet. If someone haphazardly implements it through a wide range of businesses, then all bets are off.

Also, companies behind such systems will always fail to recognize the problem because recalling and replacing devices will always be impossibly expensive, and in several instances we're basically relying on security through obscurity.
https://www.forbes.com/sites/e...

https://hackaday.com/2015/11/1...

Now, with things as they stand, imagine this scenario: as we all know, several companies nowadays are basically building entire dossiers about each and every costumer with all sorts of information about them to sell for advertisers and whatnot. Imagine if biometrics got into that, and then innevitably one of those companies gets hacked or leaks their entire databases. Instead of people scrambling to reset and change their passwords, we'd get people who could do nothing about it, biometrics in the wild, just waiting for someone to come up with a way to use/replicate them. This happens to enough businesses and enough databases, biometric data becomes something as easy to find out as an address or name.

Putting Internet accessible code running over the operating system was a terrible idea and this is the predictable outcome.

Coincidentally, around six weeks back, I bookmarked this article, originally written in 2016. Notably, it says that:-

Five or so years ago, Intel rolled out something horrible. Intel’s Management Engine (ME) is a completely separate computing environment running on Intel chipsets that has access to everything. The ME has network access, access to the host operating system, memory, and cryptography engine. The ME can be used remotely even if the PC is powered off. If that sounds scary, it gets even worse: no one knows what the ME is doing, and we can’t even look at the code. When — not ‘if’ — the ME is finally cracked open, every computer running on a recent Intel chip will have a huge security and privacy issue. Intel’s Management Engine is the single most dangerous piece of computer hardware ever created.

Pedantry; it doesn't appear to be on every Intel chip, only those with vPro enabled(?) Still a horrible idea.

The above posts are disinformation. We're talking about Intel Management Engine, not AMT, the latter is the service, the former is not optional. ME is installed on nearly every Intel-based chipset/motherboard combo since 2008. That's well known and has been discussed for a long time, and it's not unreasonable to assume that the ME has been designed with backdoor features in mind from the start by Israel/US chip developers (though of course nobody in public has a proof for that).

The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional[32] part in all current (as of 2015) Intel chipsets.[33] According to an independent analysis by Igor Skochinsky, it is based on an ARC core, and the Management Engine runs the ThreadX RTOS from Express Logic. According to this analysis, versions 1.x to 5.x of the ME used the ARCTangent-A4 (32-bit only instructions) whereas versions 6.x to 8.x use the newer ARCompact (mixed 32- and 16-bit instruction set architecture). Starting with ME 7.1, the ARC processor can also execute signed Java applets. The ME state is stored in a partition of the SPI flash, using the Embedded Flash File System (EFFS).[34]

The ME has its own MAC and IP address for the out-of-band interface, with direct access to the Ethernet controller; one portion of the Ethernet traffic is diverted to the ME even before reaching the host's operating system, for what support exists in various Ethernet controllers, exported and made configurable via Management Component Transport Protocol (MCTP).[35][36] The ME also communicates with the host via PCI interface.[34] Under Linux, communication between the host and the ME is done via /dev/mei.[33]

Until the release of Nehalem processors, the ME was usually embedded into the motherboard's northbridge, following the Memory Controller Hub (MCH) layout.[37] With the newer Intel architectures (Intel 5 Series onwards), ME is included into the Platform Controller Hub (PCH).[38][39]

Quote from Wikipedia Article

More info: Hackaday article, on attempts to neutralizing it, Slides by Igor Skochinsky, CCC talk by Jana Rutkowska, short 2016 hackaday article. There is plenty of more information on the Net if you care to look it up. Theoretically, ME only gives total access locally, if AMT features are disabled. Practically, it's likely that by a combination with other exploits a remote exploit is also possible. If AMT features are enabled, you're screwed anyway.

To repeat, this affects almost every Intel machine since 2008 and certainly every current Intel machine, whether you use AMT or not. It's especially problematic if you use full disk encryption.

The above posts are disinformation. We're talking about Intel Management Engine, not AMT, the latter is the service, the former is not optional. ME is installed on nearly every Intel-based chipset/motherboard combo since 2008. That's well known and has been discussed for a long time, and it's not unreasonable to assume that the ME has been designed with backdoor features in mind from the start by Israel/US chip developers (though of course nobody in public has a proof for that).

The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional[32] part in all current (as of 2015) Intel chipsets.[33] According to an independent analysis by Igor Skochinsky, it is based on an ARC core, and the Management Engine runs the ThreadX RTOS from Express Logic. According to this analysis, versions 1.x to 5.x of the ME used the ARCTangent-A4 (32-bit only instructions) whereas versions 6.x to 8.x use the newer ARCompact (mixed 32- and 16-bit instruction set architecture). Starting with ME 7.1, the ARC processor can also execute signed Java applets. The ME state is stored in a partition of the SPI flash, using the Embedded Flash File System (EFFS).[34]

The ME has its own MAC and IP address for the out-of-band interface, with direct access to the Ethernet controller; one portion of the Ethernet traffic is diverted to the ME even before reaching the host's operating system, for what support exists in various Ethernet controllers, exported and made configurable via Management Component Transport Protocol (MCTP).[35][36] The ME also communicates with the host via PCI interface.[34] Under Linux, communication between the host and the ME is done via /dev/mei.[33]

Until the release of Nehalem processors, the ME was usually embedded into the motherboard's northbridge, following the Memory Controller Hub (MCH) layout.[37] With the newer Intel architectures (Intel 5 Series onwards), ME is included into the Platform Controller Hub (PCH).[38][39]

Quote from Wikipedia Article

More info: Hackaday article, on attempts to neutralizing it, Slides by Igor Skochinsky, CCC talk by Jana Rutkowska, short 2016 hackaday article. There is plenty of more information on the Net if you care to look it up. Theoretically, ME only gives total access locally, if AMT features are disabled. Practically, it's likely that by a combination with other exploits a remote exploit is also possible. If AMT features are enabled, you're screwed anyway.

To repeat, this affects almost every Intel machine since 2008 and certainly every current Intel machine, whether you use AMT or not. It's especially problematic if you use full disk encryption.

The above posts are disinformation. We're talking about Intel Management Engine, not AMT, the latter is the service, the former is not optional. ME is installed on nearly every Intel-based chipset/motherboard combo since 2008. That's well known and has been discussed for a long time, and it's not unreasonable to assume that the ME has been designed with backdoor features in mind from the start by Israel/US chip developers (though of course nobody in public has a proof for that).

The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional[32] part in all current (as of 2015) Intel chipsets.[33] According to an independent analysis by Igor Skochinsky, it is based on an ARC core, and the Management Engine runs the ThreadX RTOS from Express Logic. According to this analysis, versions 1.x to 5.x of the ME used the ARCTangent-A4 (32-bit only instructions) whereas versions 6.x to 8.x use the newer ARCompact (mixed 32- and 16-bit instruction set architecture). Starting with ME 7.1, the ARC processor can also execute signed Java applets. The ME state is stored in a partition of the SPI flash, using the Embedded Flash File System (EFFS).[34]

The ME has its own MAC and IP address for the out-of-band interface, with direct access to the Ethernet controller; one portion of the Ethernet traffic is diverted to the ME even before reaching the host's operating system, for what support exists in various Ethernet controllers, exported and made configurable via Management Component Transport Protocol (MCTP).[35][36] The ME also communicates with the host via PCI interface.[34] Under Linux, communication between the host and the ME is done via /dev/mei.[33]

Until the release of Nehalem processors, the ME was usually embedded into the motherboard's northbridge, following the Memory Controller Hub (MCH) layout.[37] With the newer Intel architectures (Intel 5 Series onwards), ME is included into the Platform Controller Hub (PCH).[38][39]

Quote from Wikipedia Article

More info: Hackaday article, on attempts to neutralizing it, Slides by Igor Skochinsky, CCC talk by Jana Rutkowska, short 2016 hackaday article. There is plenty of more information on the Net if you care to look it up. Theoretically, ME only gives total access locally, if AMT features are disabled. Practically, it's likely that by a combination with other exploits a remote exploit is also possible. If AMT features are enabled, you're screwed anyway.

To repeat, this affects almost every Intel machine since 2008 and certainly every current Intel machine, whether you use AMT or not. It's especially problematic if you use full disk encryption.

You are thinking Intel's Management Engine, normally called ME. I didn't want to play that game, but I wasn't willing to switch to ARM to avoid playing that game.

The AMD version is the Platform Security Processor (PSP, not to be confused with Sony's portable offering).

Both are bitched about by libreboot here:
https://libreboot.org/faq.html

AMD is on record as considering looking at the PSP and making it optional or open. Intel lurves their ME and has no plans to do anything with it except continue to make it mandatory. All x86 processors for at least the last half-decade have it built in. There are some few motherboards where the ME can be disabled or at least crippled, assuming you have access to some hardware bullshit and plenty of spare time. There may be equivalents on AMD but I think it is unlikely- Intel chips are happy to boot up for half an hour, AMD chips won't even release cores from reset until their One Ring has control, and has in the darkness bound them.
http://hackaday.com/2016/11/28...

If you are concerned about this- and you personally are- I suggest a router not made by any of the major manufactures (so some of them), and not running x86 (so, almost all of the remaining ones) set to default-deny incoming junk (all of them). I also suggest making sure that your actual network connection is not one that is glued to the motherboard, or is generally considered incompatible in some way (like a pci-e card), as that will minimize the likelihood that the ME/PSP can actually use the network without your help. I assume that any theoretically extant ME/PSP backdoor would most likely rely on an actual packet of some sort being delivered to the PC, as other methods (scan RAM for fixed value, watch for magic opcode, etc) would have both false positive possibility and not be as reliable against whatever targets would be tasty for a theoretical backdoor.

But frankly, until the PSP or ME can be safely disabled, you aren't going to get away from this "paranoid" concern completely on modern x86.

The article over at Hackaday has a good summary of the situation:

The friendly Burger King employee ends the ad by saying “Ok Google, what is the Whopper burger?” Google home then springs into action reading the product description from Burger King’s Wikipedia page.

Trolls across the internet jumped into the fray. The Whopper’s ingredient list soon included such items as toenail clippings, rat, cyanide, and a small child. Wikipedia has since reverted the changes and locked down the page.

Google apparently wasn’t involved in this, as they quickly updated their voice recognition algorithms to specifically ignore the commercial. Burger King responded by re-dubbing the audio of the commercial with a different voice actor, which defeated Google’s block. Where this game of cat and mouse will end is anyone’s guess.

My response on reading that: "Bwa ha ha ha!"

There's a lot to chuckle about.

2) Automate page flipping for books that couldn't be spine-cut or sheet fed.

My understanding of the early book scanners was a chair that the operator sat back in to look at the overhead monitor. One button took a picture of the page, the other button flipped the page. If the book went out of alignment, the operator had to readjust it. The technology may have changed since then, as the human component was a big problem for the program back then.

http://hackaday.com/2012/11/16/google-books-team-open-sources-their-book-scanner/

for a little background on the management engine:
http://hackaday.com/2016/11/28...

Intel used custom compression and multiple instruction sets (ARC/ARCompact/SPARC V8/ARM) for their backdoor to make reverse engineering extremely difficult.

The Trouble With Intel's Management Engine

To break the Management Engine, though, this code will have to be reverse engineered, and figuring out the custom compression scheme that's used in the firmware remains an unsolved problem.

But unsolved doesn't mean that people aren't working on it. There are efforts to break the ME's Huffman algorithm. Of course, deciphering the code we have would lead to another road block: there is still the code on the inaccessible on-chip ROM. Nothing short of industrial espionage or decapping the chip and looking at the silicon will allow anyone to read the ROM code. While researchers do have some idea what this code does by inferring the functions, there is no way to read and audit it. So the ME remains a black box for now.

There are many researchers trying to unlock the secrets of Intel's Management Engine, and for good reason: it's a microcontroller that has direct access to everything in a computer. Every computer with an Intel chip made in the last few years has one, and if you're looking for the perfect vector for an attack, you won't find anything better than the ME. It is the scariest thing in your computer, and this fear is compounded by our ignorance: no one knows what the ME can actually do. And without being able to audit the code running on the ME, no one knows exactly what will happen when it is broken open.

The first person to find an exploit for Intel's Management Engine will become one of the greatest security researchers of the decade. Until that happens, we're all left in the dark, wondering what that exploit will be.

Intel used custom compression and multiple instruction sets (ARC/ARCompact/SPARC V8/ARM) for their backdoor to make reverse engineering extremely difficult.

The Trouble With Intel's Management Engine

To break the Management Engine, though, this code will have to be reverse engineered, and figuring out the custom compression scheme that's used in the firmware remains an unsolved problem.

But unsolved doesn't mean that people aren't working on it. There are efforts to break the ME's Huffman algorithm. Of course, deciphering the code we have would lead to another road block: there is still the code on the inaccessible on-chip ROM. Nothing short of industrial espionage or decapping the chip and looking at the silicon will allow anyone to read the ROM code. While researchers do have some idea what this code does by inferring the functions, there is no way to read and audit it. So the ME remains a black box for now.

There are many researchers trying to unlock the secrets of Intel's Management Engine, and for good reason: it's a microcontroller that has direct access to everything in a computer. Every computer with an Intel chip made in the last few years has one, and if you're looking for the perfect vector for an attack, you won't find anything better than the ME. It is the scariest thing in your computer, and this fear is compounded by our ignorance: no one knows what the ME can actually do. And without being able to audit the code running on the ME, no one knows exactly what will happen when it is broken open.

The first person to find an exploit for Intel's Management Engine will become one of the greatest security researchers of the decade. Until that happens, we're all left in the dark, wondering what that exploit will be.

You know things are bad when Intel used ARM for the backdoor chip just to make reverse-engineering difficult.

Intel used custom compression and multiple instruction sets (ARC/ARCompact/SPARC V8/ARM) for their backdoor. You can't be sure what's going on unless you decap the chip and look at the circuits, but how many people have that skill?

The Trouble With Intel's Management Engine

To break the Management Engine, though, this code will have to be reverse engineered, and figuring out the custom compression scheme that's used in the firmware remains an unsolved problem.

But unsolved doesn't mean that people aren't working on it. There are efforts to break the ME's Huffman algorithm. Of course, deciphering the code we have would lead to another road block: there is still the code on the inaccessible on-chip ROM. Nothing short of industrial espionage or decapping the chip and looking at the silicon will allow anyone to read the ROM code. While researchers do have some idea what this code does by inferring the functions, there is no way to read and audit it. So the ME remains a black box for now.

There are many researchers trying to unlock the secrets of Intel's Management Engine, and for good reason: it's a microcontroller that has direct access to everything in a computer. Every computer with an Intel chip made in the last few years has one, and if you're looking for the perfect vector for an attack, you won't find anything better than the ME. It is the scariest thing in your computer, and this fear is compounded by our ignorance: no one knows what the ME can actually do. And without being able to audit the code running on the ME, no one knows exactly what will happen when it is broken open.

The first person to find an exploit for Intel's Management Engine will become one of the greatest security researchers of the decade. Until that happens, we're all left in the dark, wondering what that exploit will be.

LOL, Intel used custom compression and multiple instruction sets (ARC/ARCompact/SPARC V8/ARM) for their backdoor to make reverse engineering extremely difficult.

And this Intel shill come out acting everything is save because "the firmware is signed". And the other NSA/CIA shills modded him up.

The Trouble With Intel's Management Engine

To break the Management Engine, though, this code will have to be reverse engineered, and figuring out the custom compression scheme that's used in the firmware remains an unsolved problem.

But unsolved doesn't mean that people aren't working on it. There are efforts to break the ME's Huffman algorithm. Of course, deciphering the code we have would lead to another road block: there is still the code on the inaccessible on-chip ROM. Nothing short of industrial espionage or decapping the chip and looking at the silicon will allow anyone to read the ROM code. While researchers do have some idea what this code does by inferring the functions, there is no way to read and audit it. So the ME remains a black box for now.

There are many researchers trying to unlock the secrets of Intel's Management Engine, and for good reason: it's a microcontroller that has direct access to everything in a computer. Every computer with an Intel chip made in the last few years has one, and if you're looking for the perfect vector for an attack, you won't find anything better than the ME. It is the scariest thing in your computer, and this fear is compounded by our ignorance: no one knows what the ME can actually do. And without being able to audit the code running on the ME, no one knows exactly what will happen when it is broken open.

The first person to find an exploit for Intel's Management Engine will become one of the greatest security researchers of the decade. Until that happens, we're all left in the dark, wondering what that exploit will be.

Intel used custom compression and multiple instruction sets (ARC/ARCompact/SPARC V8/ARM) for their backdoor to make reverse engineering extremely difficult.

The Trouble With Intel's Management Engine

To break the Management Engine, though, this code will have to be reverse engineered, and figuring out the custom compression scheme that's used in the firmware remains an unsolved problem.

But unsolved doesn't mean that people aren't working on it. There are efforts to break the ME's Huffman algorithm. Of course, deciphering the code we have would lead to another road block: there is still the code on the inaccessible on-chip ROM. Nothing short of industrial espionage or decapping the chip and looking at the silicon will allow anyone to read the ROM code. While researchers do have some idea what this code does by inferring the functions, there is no way to read and audit it. So the ME remains a black box for now.

There are many researchers trying to unlock the secrets of Intel's Management Engine, and for good reason: it's a microcontroller that has direct access to everything in a computer. Every computer with an Intel chip made in the last few years has one, and if you're looking for the perfect vector for an attack, you won't find anything better than the ME. It is the scariest thing in your computer, and this fear is compounded by our ignorance: no one knows what the ME can actually do. And without being able to audit the code running on the ME, no one knows exactly what will happen when it is broken open.

The first person to find an exploit for Intel's Management Engine will become one of the greatest security researchers of the decade. Until that happens, we're all left in the dark, wondering what that exploit will be.