Agreed; six months ago when Intel's competitor (Intel Management Engine) was withering in the spotlight, I was disappointed to see that AMD had their "Secure Processor" that did the same thing.
In a past job, I wrote software that was used to manage large numbers of systems using remote management (such as IME or AMD's SP). They are all comically buggy, regardless of vendor. Where there are bugs, there are exploits, and I'm not at all surprised to see the two biggest implementations fell within six months of each other.
I totally understand the goal - it's very useful for corporate IT.
The problem is everybody who's implemented similar remote management thus far has been unable to get it to work reliably. Security is an afterthought 'achieved' by bolting on an SSL library and expecting it to magically secure everything.
Saying they aren't on par with Spectre or Meltdown is missing the point - it's an apples to oranges comparison, just like IME's many problems aren't comparable to Spectre or Meltdown.
It's not clear that firmware updates can fix it -- it depends on whether it's something that can be updated in firmware. Many security-critical hardware designs doesn't allow firmware updates, because at that stage modifiable firmware is a security hole in and of itself.
At the end of the day, it sounds like AMD's Secure Processor has similar problems as Intel's Management Engine. It's not exactly unexpected, as every remote management 'feature' of the type has historically been riddled with security holes, regardless of vendor.
I can't help but wonder, though, what the source of "24 hours notice" is; the articles I saw don't explain. I recall in years past, there are cases where researchers tried for months to get Microsoft to take their claims seriously. Microsoft wouldn't even acknowledge them, and when the researchers released it as a zero-day, and Microsoft shrieked they weren't given any notice...
If AMD really was only given 24 hours notice, it was outrageously unprofessional and unethical behavior by the research company.
Honestly, I'm more willing to believe corporate America would lie in an attempt to CYA than researchers would act in a way so unethical that nobody will work with them in the future.
Music rental is exactly what the music industry has been pushing for since at least 2000...
They like the 'pay per play' model that is used in every streaming subscription even better. None of that "buy once, play a million times" stuff the industry had to suffer with since 1900... And it works -- Netflix, Hulu, Spotify, Pandora... even YouTube monetizes per-play.
If they can figure out a way to charge us for every time a song plays when it gets stuck in our head, they'll do that too...
The ultimate goal, of course, is to retroactively copyright the 0 and 1, and charge a per-use fee for every bit used.
You mentioned the unholy duo of "Disney" and "DVD".
Disney's anti-copy measures can be described as "I've altered the deal, pray I don't alter it further." They produce discs which aren't entirely compliant with the standard, and they don't play in many devices -- and even destroy others.
Indeed. None of the Tesla owners I know are wealthy.
I live in a ~150k/house neighborhood. I have neighbors making ~$50k/year driving a $86k Ford Super Duty. The base model Tesla Model S or X are less than that.
To say nothing of the guys driving Lexus, BMW, Mercedes, Infiniti, Cadillac, Jaguar, etc.
Seriously... some people just really really like their cars.
I thought that. I had been seeing psychiatrists for nearly twenty years, combined with antidepressant therapy. Life was awesome.
I thought I could stop taking antidepressants. I was ready for some struggling while I adjusted.
I wasn't prepared for the nightmare that followed. Discontinuing the drug was easy. I never stopped therapy the entire time (I've been referred to different therapists/psychologists, trying to find something that would work).
In spite of my own (and multiple mental health professional's) best efforts, I couldn't cope. I accepted my psychiatrist's advice to resume antidepressant treatment.
It turns out that many people aren't treatable without antidepressants. My doctor told me it's not that different from diabetics: there are different levels of organ malfunction. Some diabetics just need diet and lifestyle changes. Others, however, must receive shots of insulin.
There is a cult of ignorance in the United States, and there always has been. The strain of anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that "my ignorance is just as good as your knowledge."
As someone who's been on antidepressants for nearly 20 years, had talk therapy for about as long, I thought I could leave the stuff behind. I was in a good place in my life - things were going very well, both personally and professionally.
About two years ago, I asked my Doctor if I could try going off my antidepressants. I wanted to stop taking them. I thought that 20 years of therapy had helped, and that I'd be able to cope, because my life was so much better than when I started antidepressant use.
I tapered down, and eventually off of my antidepressant (venlafaxine, one of the hardest to discontinue) around the end of July. I celebrated the day I took my last dose.
Things seemed good at first - tapering off and discontinuing the drug wasn't awful - I felt like I had a mild illness for week or two. Things continued to go well in my personal and professional life. I felt great.
Towards the end of August, I started worrying about stupid things; I didn't really notice my thoughts had changed for several weeks.
September was challenging - there weren't any major changes in my personal or professional life, but I was struggling, and I figured I just needed to work on coping better. I saw therapists, talked things out, and so on. I kept thinking "I just need to make it a few more weeks, and things will be back to normal."
The nightmare began about halfway into October, and it just kept getting worse. None of the things I enjoyed brought me pleasure anymore. Nothing. I dreaded going to work, dreaded going home, dreaded every experience. I would have panic attacks for no reason at all. Most of the time, I had chest pain - crushing anxiety. It didn't take long before it seemed nothing was right - I couldn't cope anymore.
I finally swallowed my pride the second week of November, and did what everybody else in my life had been pleading for me to do six weeks earlier: Therapists wasn't working, Behavioral therapy wasn't working. I agreed to start taking antidepressants again. Things continued to get worse for about a week. I wanted them to get worse to "prove" it wasn't the antidepressants.
Family & friends saw positive changes before I noticed a difference, but stayed quiet, knowing I'd react badly.
When Christmas rolled around, I finally felt normal again. I noticed it, my family noticed, and my friends noticed... and even my boss noticed, and brought up my "months in hell" during my yearly performance review.
In my case, the difference is literally the difference between life and death.
That remains to be seen. Meltdown is a big problem if unpatched. However, patches are available, and they appear to work.
Spectre is harder to exploit, but also harder to mitigate. Nobody has fully patched Spectre; the in-flight 4.16 Linux kernel has only the beginning of Spectre patches, and the situation isn't any better with other OSes.
Spectre, unlike Meltdown, will haunt for years to come.
For example, the first generation of DAB radio (used in Europe) used MPEG-1 Audio level 2, with a maximum of 128 kbit/s of bandwidth. The end result was notably worse sound quality than the analog FM signal they replaced.
It was a problem built-in to the standard, though: it wasn’t because it’s digital.
The problem is that broadcast standards need to be long-lived: nobody wants to go buy all new televisions or radios every few years. That’s why old codecs (like MP3, which is a part of MPEG-1) still matter.
Even 18th century celestial navigation was dependent on accurate clocks - Then, as now, a more accurate clock gives you a more accurate location.
Relativistic effects are important, and the GPS system uses all of them (as does its siblings).
GPS Satellites subtract 45 microseconds per day due to their position high above Earth's magnetic field, and then add back 7 microseconds due to their orbital velocity -- making a rough 38 microsecond/day correction.
If you want something more accurate than internet-based NTP, you can try: Your own Stratum-1 NTP server (it's fun, do it!).
This lets you connect a GPIO pin of a Raspberry Pi directly to the Pulse Per Second pin of a GPS receiver (which receives the signal from multiple satellites simultaneously, and each has multiple atomic clocks. GPS, GLONASS, Galileo, Baidu...) The receiver I use typically sees at least 15 satellites, which isn't too hard when there are four constellations in various stages of completeness.
The big issue is that NTP isn't really accurate past a millisecond or so for network synchronization. If you need better than that, you're going to have to go with the Precision Time Protocol which can get you down to a microsecond or so - much better than NTP.
And DVD's... even many Blu-ray discs use MPEG-2, especially at the beginning.
When you're using a medium for which bandwidth or size isn't a problem, there's nothing wrong with MPEG-2. Many of the first (high-def) Blu-ray discs used MPEG-2.
The original analog broadcast formats are still widespread, and in many cases, are still better quality than their digital replacements.
My office building alone has 300-400 people within 30m of me, and over 1300 within 100m. All are using WiFi, and all actively using Bluetooth headsets (They stuck engineering smack in the middle of a multi-floor call center. Somebody has to fill the parts of the building where there are no windows...). A simple Bluetooth scan shows hundreds (maybe thousands) of devices.
All of those people eat luch, so the company supplies about 40 microwaves, all of which get heavy use.
I’ve never been able to get Bluetooth to disconnect from less than 10 meters, nor have there been audio artifacts.
I’m not discounting any of the things you’ve said, but I’ve not found interference in the 2.4 GHz ISM band to be a serious problem.
that ambient microwave radiation degrades the signal, etc..
That ranks up there with audiophile HDMI cables giving a clearer picture, or saying webpages are getting corrupted because you're using WiFi.
Bluetooth has issues, but microwaves aren't among them. Jamming Bluetooth isn't easy; it's a modern spread spectrum signal designed to handle interference. Until the signal is effectively jammed (no audio at all), other microwave sources don't affect Bluetooth.
Slashdot Mirror
Agreed; six months ago when Intel's competitor (Intel Management Engine) was withering in the spotlight, I was disappointed to see that AMD had their "Secure Processor" that did the same thing.
In a past job, I wrote software that was used to manage large numbers of systems using remote management (such as IME or AMD's SP). They are all comically buggy, regardless of vendor. Where there are bugs, there are exploits, and I'm not at all surprised to see the two biggest implementations fell within six months of each other.
I totally understand the goal - it's very useful for corporate IT.
The problem is everybody who's implemented similar remote management thus far has been unable to get it to work reliably. Security is an afterthought 'achieved' by bolting on an SSL library and expecting it to magically secure everything.
Saying they aren't on par with Spectre or Meltdown is missing the point - it's an apples to oranges comparison, just like IME's many problems aren't comparable to Spectre or Meltdown.
It's not clear that firmware updates can fix it -- it depends on whether it's something that can be updated in firmware. Many security-critical hardware designs doesn't allow firmware updates, because at that stage modifiable firmware is a security hole in and of itself.
At the end of the day, it sounds like AMD's Secure Processor has similar problems as Intel's Management Engine. It's not exactly unexpected, as every remote management 'feature' of the type has historically been riddled with security holes, regardless of vendor.
I can't help but wonder, though, what the source of "24 hours notice" is; the articles I saw don't explain. I recall in years past, there are cases where researchers tried for months to get Microsoft to take their claims seriously. Microsoft wouldn't even acknowledge them, and when the researchers released it as a zero-day, and Microsoft shrieked they weren't given any notice...
If AMD really was only given 24 hours notice, it was outrageously unprofessional and unethical behavior by the research company.
Honestly, I'm more willing to believe corporate America would lie in an attempt to CYA than researchers would act in a way so unethical that nobody will work with them in the future.
I prefer something slightly more melodious. Like the long, drawn-out death rattle of a man suffering from terminal flatulence.
-- David Lister, Red Dwarf
I, for one, hope BlackBerry succeeds. Let the lesser evils of the world squabble and spend all of their resources in a pointless fight.
That the greater evil may prevail.
Music rental is exactly what the music industry has been pushing for since at least 2000...
They like the 'pay per play' model that is used in every streaming subscription even better. None of that "buy once, play a million times" stuff the industry had to suffer with since 1900... And it works -- Netflix, Hulu, Spotify, Pandora... even YouTube monetizes per-play.
If they can figure out a way to charge us for every time a song plays when it gets stuck in our head, they'll do that too...
The ultimate goal, of course, is to retroactively copyright the 0 and 1, and charge a per-use fee for every bit used.
Android is developed by the world's largest advertising and tracking agency.
Is it any surprise Google's OS is tailored to meet the desires of an advertiser?
It's a racket so good Microsoft copied it with Windows 10...
Why fake it?
Figuring out how to do some of them could be a damn fun hobby... Model rocket launched horizontally, then have a parachute slow it down?
Honestly, though, Pokemon Go probably has that angle covered far better than MoviePass ever could.
Everybody knows about Pokemon Go. I've never heard of MoviePass.
let alone the DVD itself not playing
You mentioned the unholy duo of "Disney" and "DVD".
Disney's anti-copy measures can be described as "I've altered the deal, pray I don't alter it further." They produce discs which aren't entirely compliant with the standard, and they don't play in many devices -- and even destroy others.
Indeed. None of the Tesla owners I know are wealthy.
I live in a ~150k/house neighborhood. I have neighbors making ~$50k/year driving a $86k Ford Super Duty. The base model Tesla Model S or X are less than that.
To say nothing of the guys driving Lexus, BMW, Mercedes, Infiniti, Cadillac, Jaguar, etc.
Seriously... some people just really really like their cars.
Safe from Humans, at least.
Who knows what the Dolphins will do.
Is this the first time you've seen auto geeks brag about new tech?
I thought that. I had been seeing psychiatrists for nearly twenty years, combined with antidepressant therapy. Life was awesome.
I thought I could stop taking antidepressants. I was ready for some struggling while I adjusted.
I wasn't prepared for the nightmare that followed. Discontinuing the drug was easy. I never stopped therapy the entire time (I've been referred to different therapists/psychologists, trying to find something that would work).
In spite of my own (and multiple mental health professional's) best efforts, I couldn't cope. I accepted my psychiatrist's advice to resume antidepressant treatment.
It turns out that many people aren't treatable without antidepressants. My doctor told me it's not that different from diabetics: there are different levels of organ malfunction. Some diabetics just need diet and lifestyle changes. Others, however, must receive shots of insulin.
There is a cult of ignorance in the United States, and there always has been. The strain of anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that "my ignorance is just as good as your knowledge."
-- Isaac Asimov
I'd feel a lot better if we knew HOW/WHY they worked.
I would too. Here's the thing, though: There are a lot of things we don't know why they work, only that they do.
Let's start with Gravity. Honestly, ask "why" enough times about even simple things and we run into "we don't know why, it just is" pretty quickly.
As someone who's been on antidepressants for nearly 20 years, had talk therapy for about as long, I thought I could leave the stuff behind. I was in a good place in my life - things were going very well, both personally and professionally.
About two years ago, I asked my Doctor if I could try going off my antidepressants. I wanted to stop taking them. I thought that 20 years of therapy had helped, and that I'd be able to cope, because my life was so much better than when I started antidepressant use.
I tapered down, and eventually off of my antidepressant (venlafaxine, one of the hardest to discontinue) around the end of July. I celebrated the day I took my last dose.
Things seemed good at first - tapering off and discontinuing the drug wasn't awful - I felt like I had a mild illness for week or two. Things continued to go well in my personal and professional life. I felt great.
Towards the end of August, I started worrying about stupid things; I didn't really notice my thoughts had changed for several weeks.
September was challenging - there weren't any major changes in my personal or professional life, but I was struggling, and I figured I just needed to work on coping better. I saw therapists, talked things out, and so on. I kept thinking "I just need to make it a few more weeks, and things will be back to normal."
The nightmare began about halfway into October, and it just kept getting worse. None of the things I enjoyed brought me pleasure anymore. Nothing. I dreaded going to work, dreaded going home, dreaded every experience. I would have panic attacks for no reason at all. Most of the time, I had chest pain - crushing anxiety. It didn't take long before it seemed nothing was right - I couldn't cope anymore.
I finally swallowed my pride the second week of November, and did what everybody else in my life had been pleading for me to do six weeks earlier: Therapists wasn't working, Behavioral therapy wasn't working. I agreed to start taking antidepressants again. Things continued to get worse for about a week. I wanted them to get worse to "prove" it wasn't the antidepressants.
Family & friends saw positive changes before I noticed a difference, but stayed quiet, knowing I'd react badly.
When Christmas rolled around, I finally felt normal again. I noticed it, my family noticed, and my friends noticed... and even my boss noticed, and brought up my "months in hell" during my yearly performance review.
In my case, the difference is literally the difference between life and death.
Meltdown which is the worst of all
That remains to be seen. Meltdown is a big problem if unpatched. However, patches are available, and they appear to work.
Spectre is harder to exploit, but also harder to mitigate. Nobody has fully patched Spectre; the in-flight 4.16 Linux kernel has only the beginning of Spectre patches, and the situation isn't any better with other OSes.
Spectre, unlike Meltdown, will haunt for years to come.
Not all of the analog formats are video formats.
For example, the first generation of DAB radio (used in Europe) used MPEG-1 Audio level 2, with a maximum of 128 kbit/s of bandwidth. The end result was notably worse sound quality than the analog FM signal they replaced.
It was a problem built-in to the standard, though: it wasn’t because it’s digital.
The problem is that broadcast standards need to be long-lived: nobody wants to go buy all new televisions or radios every few years. That’s why old codecs (like MP3, which is a part of MPEG-1) still matter.
Earth's magnetic field
Yeah, I meant to say gravitational field. Sorry.
It's mostly for navigation.
Even 18th century celestial navigation was dependent on accurate clocks - Then, as now, a more accurate clock gives you a more accurate location.
Relativistic effects are important, and the GPS system uses all of them (as does its siblings).
GPS Satellites subtract 45 microseconds per day due to their position high above Earth's magnetic field, and then add back 7 microseconds due to their orbital velocity -- making a rough 38 microsecond/day correction.
If you want something more accurate than internet-based NTP, you can try: Your own Stratum-1 NTP server (it's fun, do it!).
This lets you connect a GPIO pin of a Raspberry Pi directly to the Pulse Per Second pin of a GPS receiver (which receives the signal from multiple satellites simultaneously, and each has multiple atomic clocks. GPS, GLONASS, Galileo, Baidu...) The receiver I use typically sees at least 15 satellites, which isn't too hard when there are four constellations in various stages of completeness.
The big issue is that NTP isn't really accurate past a millisecond or so for network synchronization. If you need better than that, you're going to have to go with the Precision Time Protocol which can get you down to a microsecond or so - much better than NTP.
And DVD's... even many Blu-ray discs use MPEG-2, especially at the beginning.
When you're using a medium for which bandwidth or size isn't a problem, there's nothing wrong with MPEG-2. Many of the first (high-def) Blu-ray discs used MPEG-2.
The original analog broadcast formats are still widespread, and in many cases, are still better quality than their digital replacements.
I'm pretty sure AM radio is "forever" because it's so simple to make a receiver in an emergency.
My office building alone has 300-400 people within 30m of me, and over 1300 within 100m. All are using WiFi, and all actively using Bluetooth headsets (They stuck engineering smack in the middle of a multi-floor call center. Somebody has to fill the parts of the building where there are no windows...). A simple Bluetooth scan shows hundreds (maybe thousands) of devices.
All of those people eat luch, so the company supplies about 40 microwaves, all of which get heavy use.
I’ve never been able to get Bluetooth to disconnect from less than 10 meters, nor have there been audio artifacts.
I’m not discounting any of the things you’ve said, but I’ve not found interference in the 2.4 GHz ISM band to be a serious problem.
My understanding is that the human ear is particularly insensitive to THD in the bass range... is that not the case?
Just out of curiosity, are those headsets over-the-ear cans, or something smaller like earbuds?
Many of the over-the-ear cans are indistinguishable from normal wired cans when charging.
that ambient microwave radiation degrades the signal, etc..
That ranks up there with audiophile HDMI cables giving a clearer picture, or saying webpages are getting corrupted because you're using WiFi.
Bluetooth has issues, but microwaves aren't among them. Jamming Bluetooth isn't easy; it's a modern spread spectrum signal designed to handle interference. Until the signal is effectively jammed (no audio at all), other microwave sources don't affect Bluetooth.