kenmay

Meltdown and Spectre CPU flaws threaten PCs, phones and servers

By now you’ve probably heard about a bug Intel is dealing with that affects processors built since 1995. But according to the people who found “Meltdown” and “Spectre, ” the errors behind these exploits can let someone swipe data running in other apps on devices using hardware from Intel, ARM and AMD. While server operators ( like Amazon ) apply Linux patches to keep people from accessing someone else’s information that’s being executed on the same system, what does this mean for your home computer or phone? Google’s Project Zero researchers identified the problems last year, and according to its blog post, execution is “difficult and limited” on the majority of Android devices. A list of potentially impacted services and hardware is available here , while additional protection has been added in the latest Android security update . In a statement, Microsoft said: “We are in the process of deploying mitigations to cloud services and have also released security updates to protect Windows customers against vulnerabilities affecting supported hardware chips from Intel, ARM, and AMD.” In a blog post directed towards customers on its Azure server platform, the company said its infrastructure has already been updated, and that a “majority” of customers should not see a performance impact. Apple has not publicly commented on the issue, however security researcher Alex Ionescu points out that macOS 10.13.2 addresses the issue and said that the 10.13.3 update will include “surprises.” According to AMD, “Due to differences in AMD’s architecture, we believe there is a near zero risk to AMD processors at this time, ” however it has promised further updates as the information comes out. As for ARM, it says most processors are unaffected but it has specific information on the types that are available here . So what does this mean for you? On your devices the prescription is the same as always — make sure you have the latest security updates installed and try to avoid malware-laden downloads from suspicious or unknown sources. Source: MeltdownAttack.com

Intel says it will patch 90 percent of recent chips by next week (updated)

A little more than a day since Google Project Zero went public with its findings regarding a major security flaw in Intel ( and others ) chip designs, the company announced that it is already is pushing out patches to eliminate the vulnerability. Intel has “already issued updates for the majority of processor products introduced within the past five years, ” per the company press release, and expects to have 90 percent of affected chips produced within the past five years patched by the end of the week. The flaw, which afflicts chips made over the past decade, enables ordinary processes to determine the layout of protected kernel memory. This “software analysis method”, as Intel describes the flaw, allows a pair of exploits, dubbed “Meltdown” and “Spectre, ” to swipe data from other apps on vulnerable devices — be they PCs, servers or mobile phones — running Intel, ARM or AMD chips. The solution cooked up by Intel and its partners so far entails severing the link between the kernel and these processes, though that could have a dramatic impact on a patched chip’s operating speed. The company asserts that the impacts will be “highly workload-dependent” and not particularly noticeable by the average consumer. Update: Microsoft says it will release an update for Surface devices to protect them against the chip vulnerability. The company also explains that it “has not received any information to indicate that these vulnerabilities have been used to attack customers at this time.” You can check the list of Surface gear that will receive the patch at the link above, but Microsoft says the updates will be available devices running Windows 10 with Windows Update or through the Microsoft Download Center. Source: Intel

More:
Intel says it will patch 90 percent of recent chips by next week (updated)

When Designers Can’t Get Their Way: Photographs of a Mega-Library in China

In Tianjin, China is this massive Tianjin Binhai Library, designed by Dutch architecture firm MVRDV and the Tianjin Urban Planning and Design Institute. Photograph by Ossip van Duivenbode Photograph by Ossip van Duivenbode The massive structure is some 363, 000 square feet and houses over a million books. Photograph by Ossip van Duivenbode Photograph by Ossip van Duivenbode The sphere you see in the center of the space is an auditorium. Photograph by Ossip van Duivenbode Photograph by Ossip van Duivenbode The structure is intended to serve not only as a library, but as a social and cultural community center. Photograph by Ossip van Duivenbode The five-level building contains extensive educational facilities, arrayed along the edges of the interior and accessible through the main atrium space. The public program is supported by subterranean service spaces, book storage, and a large archive. Photograph by Ossip van Duivenbode Photograph by Ossip van Duivenbode One thing you’ve got to be wondering is how the heck the patrons access those books on the upper tiers. Photograph by Ossip van Duivenbode Photograph by Ossip van Duivenbode The designers came up with a clever way to do this, but, disappointingly, the idea could not be realized due to time constraints: The library is MVRDV’s most rapid fast-track project to date. It took just three years from the first sketch to the opening…. The tight construction schedule forced one essential part of the concept to be dropped: access to the upper bookshelves from rooms placed behind the atrium. This change was made locally and against MVRDV’s advice and rendered access to the upper shelves currently impossible. The full vision for the library may be realised in the future, but until then perforated aluminium plates printed to represent books on the upper shelves. Photograph by Ossip van Duivenbode Fake upper books aside, it’s still a magnificent structure! Via PetaPixel

Excerpt from:
When Designers Can’t Get Their Way: Photographs of a Mega-Library in China

Couple Transforms Underground Former Nuclear Missile Silo Into AirBNB Rental

If you were looking for a place to crash in Eskridge, Kansas last year, you’d have been able to stay at Matthew and Leigh Ann Fulkerson’s “Subterra” home listed on AirBNB . It’s no ordinary home, being both subterranean and located in a former Atlas E missile silo. But the Fulkersons have decked the place out, turning the Launch Control Room into a living room… …turning the Generator Room into a party space… …and fitting a massive country kitchen and dining hall into the space. They’ve even kept the original launch control desk. Alas, as of this month the Fulkersons are no longer taking reservations due to a “pending real estate transaction.” I assume that means they’re selling the space, and it does appear they’re moving on to bigger and better things. They’ve launched a GoFundMe campaign …to develop an Atlas F missile silo. Apparently, that’s a thing .

See more here:
Couple Transforms Underground Former Nuclear Missile Silo Into AirBNB Rental

Linux Mint 19 Named ‘Tara’

BrianFagioli writes: Today, we get some information about the upcoming version 19 of Mint. The biggest news is that it will be called ‘Tara.’ If you aren’t aware, Mint’s distros are always named after a woman. Clement Lefebvre, Linux Mint leader, shares the following information: “The development cycle only just started so it’s a bit early to give details about Linux Mint 19, but here’s what we can say already: Linux Mint 19 is estimated to be released around May/June 2018. Linux Mint 19.x releases will be based on Ubuntu 18.04 LTS and supported until 2023. Linux Mint 19.x will use GTK 3.22. GTK 3.22 is a major stable release for GTK3. From there on, the theming engine and the APIs are stable. This is a great milestone for GTK3. It also means Linux Mint 19.x (which will become our main development platform) will use the same version of GTK as LMDE 3, and distributions which use components we develop, such as Fedora, Arch..etc. This should ease development and increase the quality of these components outside of Linux Mint.” Read more of this story at Slashdot.

Read the original post:
Linux Mint 19 Named ‘Tara’

Omid Asadi’s intricate leaf sculptures

UK-based artisan Omid Asadi traded in his boxing gloves and engineering career to focus on his craft since leaving his native Iran: turning large leaves into beautiful carved sculptures. (more…)

Continue reading here:
Omid Asadi’s intricate leaf sculptures

Underwater Research Team Encounters an Incredible "Fireworks Jellyfish"

E/V Nautilus , an underwater exploration organization, was using a Hercules remotely-operated vehicle to catch a crab when they stumbled upon this guy: The frilled tentacles of the Halitrephes maasi jelly came into view at 1225m in the Revillagigedo Archipelago off Baja California, Mexico. Radial canals that move nutrients through the jelly’s bell form a starburst pattern that reflects the lights of ROV Hercules with bright splashes of yellow and pink–but without our lights this gelatinous beauty drifts unseen in the dark. If the crab was smart, he’d have enlisted the help of the jellyfish to avoid capture. “Goddammit, that Hercules thing is coming back around…hey Halitrephes! Do a brother a solid, swim around in front of that thing to distract it while I ghost these motherf*ckers.”

Continued here:
Underwater Research Team Encounters an Incredible "Fireworks Jellyfish"

40 common tourist scams to look out for

Here’s an infographic with 40 scams you should be aware of when you travel. Grifting creeps have tried pulling scams like this on me on various trips but luckily they weren’t good enough at their trade to stop me from figuring out what was happening before I lost any money. The Broken Camera Someone will ask you to take a photo of them and their group of friends. The camera won’t work, and when you go to hand it back, they will drop it can cause it to smash. The entire group will then demand money for repairs, or pickpocket you during the commotion. The Fake Takeaway Menu Scam artists will slide fake takeaway menus under your hotel door, in the hope that you order from them on an evening where you don’t feel like going out. You won’t receive any food though, just a frightening bank statement after they have used your card details to make their own copy. The Getaway Taxi Driver When you arrive at your hotel from the airport, the taxi driver will kindly take your bags out of the trunk for you. He’ll seem in a rush though, and quickly hop back into his car and drive off as soon as possible. This is because he’s actually left one of your smaller and less memorable bags in his taxi.

Continue reading here:
40 common tourist scams to look out for

Microsoft releases Q#, a language for writing quantum algorithms

Is your New Years’ resolution to start writing quantum-computing algorithms as a side hustle? Hey, me too! So I’m going to spend this weekend playing around with Microsoft’s newly-released “Quantum Development Kit” . It includes their language Q# – designed for writing quantum-computing algorithms – as well as a little “universal quantum simulator” to test your code. Their “Hello, World” quickstart here has you entangle two qubits . Another demo, outlined in the video below , includes teleporting a message via entangled qubits. This is going to be a super weird weekend. https://www.youtube.com/watch?v=v7b4J2INq9c (Image via Wikimedia )

Opera browser now includes cryptojacking protection

“Cryptojacking” is the latest trend in malware; by some estimates, there are at least 2,500 sites that illicitly run Javascript in your browser to secretly mine cryptocurrency . So the browser pushback has begun. Opera just announced its latest release includes anti-mining measures : Bitcoins are really hot right now, but did you know that they might actually be making your computer hotter? Your CPU suddenly working at 100 percent capacity, the fan is going crazy for seemingly no reason and your battery quickly depleting might all be signs that someone is using your computer to mine for cryptocurrency. Brave, Brendan Eich’s new startup browser, also implemented this type of blocking earlier this year . I hope this trend continues; there are lots of plugins that block cryptocurrency mining , but it’ll only become mainstream if it’s built as a default into mainstream browsers.

Continue Reading:
Opera browser now includes cryptojacking protection

Tech Today w/ Ken May

Author: kenmay