xtronics - Slashdot User

Submission + - Your personal computer vs Meltdown, Spectre and patches

Submitted by rastos1 on Saturday January 13, 2018 @12:32PM

rastos1 writes: Considering the stream of news about Meltdown, Spectre, IME, buggy fixes, press releases by Intel, CPU, Microsoft etc etc. I'd like to suggest a poll (Is there a better place to submit a poll suggestion?) You —

Did not apply any fixes. Do not care
Did not apply any fixes. Waiting for the dust to settle down and then going to upgrade HW/update SW
Applied the fixes, got burned, could not roll back
Applied the fixes, got burned, but was able to roll back
Applied the fixes and it works, but there is performance penalty
Applied the fixes and it works without noticeable performance degradation
Switched or going to switch to a different architecture

Submission + - Lenovo Discovers and Removes Backdoor in Networking Switches (bleepingcomputer.com)

Submitted by Anonymous Coward on Saturday January 13, 2018 @10:52AM

An anonymous reader writes: Lenovo engineers have discovered a backdoor in the firmware of RackSwitch and BladeCenter networking switches. The company released firmware updates earlier this week. The Chinese company said it found the backdoor after an internal security audit of firmware for products added to its portfolio following the acquisitions of other companies. Lenovo says the backdoor affects only RackSwitch and BladeCenter switches running ENOS (Enterprise Network Operating System).

The backdoor was added to ENOS in 2004 when ENOS was maintained by Nortel's Blade Server Switch Business Unit (BSSBU). Lenovo claims Nortel appears to have authorized the addition of the backdoor "at the request of a BSSBU OEM customer." In a security advisory regarding this issue, Lenovo refers to the backdoor under the name of "HP backdoor." The backdoor code appears to have remained in the firmware even after Nortel spun BSSBU off in 2006 as BLADE Network Technologies (BNT). The backdoor also remained in the code even after IBM acquired BNT in 2010. Lenovo bought IBM's BNT portfolio in 2014.

Submission + - US Supreme Court Will Revisit Ruling On Collecting Internet Sales Tax (theverge.com)

Submitted by Anonymous Coward on Friday January 12, 2018 @04:45PM

An anonymous reader writes: The U.S. Supreme Court will consider freeing state and local governments to collect billions of dollars in sales taxes from online retailers, agreeing to revisit a 26-year-old ruling that has made much of the internet a tax-free zone. Heeding calls from traditional retailers and dozens of states, the justices said they’ll hear South Dakota’s contention that the 1992 ruling is obsolete in the e-commerce era and should be overturned. State and local governments could have collected up to $13 billion more in 2017 if they’d been allowed to require sales tax payments from online merchants and other remote sellers, according to a report from the Government Accountability Office, Congress’s non-partisan audit and research agency. Other estimates are even higher. All but five states impose sales taxes.

The high court’s 1992 Quill v. North Dakota ruling, which involved a mail-order company, said retailers can be forced to collect taxes only in states where the company has a “physical presence.” The court invoked the so-called dormant commerce clause, a judge-created legal doctrine that bars states from interfering with interstate commerce unless authorized by Congress. South Dakota passed its law in 2016 with an eye toward overturning the Quill decision. It requires retailers with more than $100,000 in annual sales in the state to pay a 4.5 percent tax on purchases. Soon after enacting the law, the state filed suit and asked the courts to declare the measure constitutional.

Submission + - Researcher Finds Another Security Flaw In Intel Management Firmware (arstechnica.com)

Submitted by Anonymous Coward on Friday January 12, 2018 @03:57PM

An anonymous reader writes: Meltdown and Spectre are not the only security problems Intel is facing these days. Today, researchers at F-Secure have revealed another weakness in Intel's management firmware that could allow an attacker with brief physical access to PCs to gain persistent remote access to the system, thanks to weak security in Intel's Active Management Technology (AMT) firmware—remote "out of band" device management technology installed on 100 million systems over the last decade, according to Intel. [T]he latest vulnerability—discovered in July of 2017 by F-Secure security consultant Harry Sintonen and revealed by the company today in a blog post—is more of a feature than a bug. Notebook and desktop PCs with Intel AMT can be compromised in moments by someone with physical access to the computer—even bypassing BIOS passwords, Trusted Platform Module personal identification numbers, and Bitlocker disk encryption passwords—by rebooting the computer, entering its BIOS boot menu, and selecting configuration for Intel’s Management Engine BIOS Extension (MEBx).

If MEBx hasn't been configured by the user or by their organization's IT department, the attacker can log into the configuration settings using Intel's default password of "admin.” The attacker can then change the password, enable remote access, and set the firmware to not give the computer's user an "opt-in" message at boot time. "Now the attacker can gain access to the system remotely," F-Secure's release noted, "as long as they’re able to insert themselves onto the same network segment with the victim (enabling wireless access requires a few extra steps)."

Submission + - The Performance Impact Of Meltdown + Spectre On Linux & BSD Systems (slashdot.org)

Submitted by Anonymous Coward on Monday January 08, 2018 @12:41PM

An anonymous reader writes: Phoronix has been benchmarking the patches for addressing the Spectre and Meltdown vulnerabilities. Their Linux benchmarks of "Kernel Page Table Isolation" has found little impact on Ubuntu's performance except for areas of heavy I/O and kernel-user-space communication and exceptions around Wine and VM performance being impacted more broadly. Fortunately, Docker and Linux gaming performance saw little change. DragonFlyBSD has recently landed initial kernel support for preventing a Meltdown situation but there DragonFly's performance was more broadly impacted at least with the patches in their present form. Their latest Linux benchmarking has been with looking at the still in-development Reptoline Linux performance. Google has claimed "negligible impact on performance" but that doesn't appear to quite be the case with the current state of the kernel patches causing further slowdowns in the area of I/O and other server workloads.

Submission + - Western Digital 'My Cloud' devices have a hardcoded backdoor (betanews.com)

Submitted by BrianFagioli on Sunday January 07, 2018 @06:44PM

BrianFagioli writes: Today, yet another security blunder becomes publicized, and it is really bad. You see, many Western Digital MyCloud NAS drives have a hardcoded backdoor, meaning anyone can access them — your files are at risk. It isn't even hard to take advantage of it — the username is "mydlinkBRionyg" and the password is "abc12345cba" (without quotes). To make matters worse, it was disclosed to Western Digital six months ago and the company dot nothing.

GulfTech Research and Development explains, "The triviality of exploiting this issues makes it very dangerous, and even wormable. Not only that, but users locked to a LAN are not safe either. An attacker could literally take over your WDMyCloud by just having you visit a website where an embedded iframe or img tag make a request to the vulnerable device using one of the many predictable default hostnames for the WDMyCloud such as 'wdmycloud' and 'wdmycloudmirror' etc."

Submission + - Users do not trust Facebook's judgment of what is "fake news" (thenewamerican.com)

Submitted by alternative_right on Saturday January 06, 2018 @06:10PM

alternative_right writes: Facebook wanted to tell us what was "fake news," but it turns out they were ideologically biased, so users stopped trusting the flags. Now Facebook is ending its fake news categorization.

Comment Re: God bless America!! (Score 1) 220

by xtronics on Saturday January 06, 2018 @01:58PM (#55875861) Attached to: Intel Hit With Three Class-Action Lawsuits Over Meltdown and Spectre Bugs

Of course socialism is obviously a form of capitalism. For the record - Capitalism is where people pool their capital in order to do projects they can't do on their own. The same pooling of capital happens with socialism. The difference between socialism and capitalism is one is FORCED to participate under socialism - one has the freedom not to take part under capitalism - at least in free countries.

The biblical form of cooperation was also voluntary.

Both systems can be corrupt. And neither of them works well with out free enterprise.

The idea that there is a meaningful difference between the major parties is usually a symptom of falling for a false dilemma - you are either with them or against them. Both parties are part of a cartel-socialist system - bought by fortune 500 cartels to prevent competing with smaller companies. (you might look in to how many finish their careers in congress with multi millions they got from special investment opportunities - influence peddling) .What is missing is a level playing field - free enterprise.

The focus on the idea that the battle of the common man is between the Ds and the Rs is a way to keep you from seeing the greater corruption.

Submission + - Ask Slashdot: Before and After Graphs Showing Meltdown/Specter Fix Impact

Submitted by Paul Doom on Saturday January 06, 2018 @12:20PM

Paul Doom writes: We have all heard that the Meltdown and Spectre workaround patches impact performance. There are the projected 5% — 30% slowdown figures (depending on workload type), and plenty of "seems slower!" anecdotes. What I would like to see is some clear evidence in the form of before and after graphs pulled from performance monitoring systems or visualized measured changes in times for jobs to complete.

Upload and share your most interesting results from Grafana, LibreNMS, Cacti, or whatever.

Submission + - Researchers now able to reconstruct past ocean temperatures (ucsd.edu)

Submitted by RoccamOccam on Friday January 05, 2018 @06:04PM

RoccamOccam writes: There is a new way to measure the average temperature of the ocean thanks to researchers at Scripps Institution of Oceanography at the University of California San Diego. In an article published in the latest issue of the journal Nature, geoscientist Jeff Severinghaus and colleagues at Scripps Oceanography and institutions in Switzerland and Japan detailed their ground-breaking approach.

“This method is a radically new way to measure change in total ocean heat,” said Severinghaus. “It takes advantage of the fact that the atmosphere is well-mixed, so a single measurement anywhere in the world can give you the answer.”

In the study, the scientists measured values of the noble gases argon, krypton, and xenon in air bubbles captured inside ice in Antarctica. As the oceans warm, krypton and xenon are released into the atmosphere in known quantities. The ratio of these gases in the atmosphere therefore allows for the calculation of average global ocean temperature.

“Our precision is about 0.2 C (0.4 F) now, and the warming of the past 50 years is only about 0.1 C,” Severinghaus said, adding that advanced equipment can provide more precise measurements, allowing scientists to use this technique to track the current warming trend in the world’s oceans.

Submission + - 9% of Popular Websites Use Anti-Adblock Scripts (bleepingcomputer.com)

Submitted by Anonymous Coward on Friday January 05, 2018 @05:45PM

An anonymous reader writes: Around 9% of today's most popular websites deployed or are deploying anti-adblock scripts in an effort to maintain advertising revenues and fight off the rise in the adoption of ad-blocking extensions. The percentage comes from a research project carried out by academics from the University of Iowa and University of California-Riverside that reviewed the use of anti-adblock scripts in the past five years.

For their project, researchers scanned cached website copies stored in the Internet Archive's Wayback Machine for today's Alexa Top 5,000 Websites, looking for the two anti-adblock scripts named above. Researchers looked for two of the most popular anti-adblock solutions, namely Anti-Adblock Killer List and the Combined EasyList (Adblock Warning Removal List + Anti-Adblock sections in EasyList).

"We find that the Anti-Adblock Killer List triggers on 8.7% websites and the Combined EasyList only triggers on 0.4% websites currently. We further test both anti-adblock filter lists on Alexa top-100K live websites. We find that the Anti-Adblock Killer List triggers on 5.0% websites and the Combined EasyList only triggers on 0.2% websites," researchers said.

Comment Vegan health risks (Score 1) 669

by xtronics on Tuesday December 26, 2017 @12:54PM (#55809801) Attached to: Should Plant-Based Meat Replace Beef Completely?

What I wonder about is if Vegan causes mental illness or if it is the other way round?

The Association between Eating Behavior and Various Health Parameters: A Matched Sample Study
http://www.plosone.org/article...
side-effects-of-vegetarianism
http://www.womenshealthmag.com...

Submission + - SparkyLinux Now Available for Raspberry Pi

Submitted by memojuez on Wednesday December 20, 2017 @12:55PM

memojuez writes: DistroWatch Weekly reports that the Debian-based SparkyLinux's stable branch is now available for Raspberry Pi.

There are two editions of SparkyLinux's Raspberry Pi build, one which features the Openbox graphical interface and one which presents a command line only. The distribution's website states: "Sparky 4.7 armhf for Raspberry Pi is out now. Sparky of the 4.x line is based on the stable branch of Debian 9 'Stretch'. This release is available in two versions: Openbox — with a small set of applications and CLI — text based." Further details and login credentials for the default accounts can be found in the distribution's announcement.

Submission + - Installing Ubuntu Linux 17.10 Is Now Bricking Lenovo Laptop

Submitted by Anonymous Coward on Wednesday December 20, 2017 @12:23PM

An anonymous reader writes: It seems that there is a bug in specific models of Lenovo laptops. These systems are bricked when users are trying to install one of the most popular Linux distros. Canonical the company behind Ubuntu Linux currently is not allowing anyone to download Ubuntu 17.10 and posted a message that read as, "The download of Ubuntu 17.10 is currently discouraged due to an issue on certain Lenovo laptops. Once fixed this download will be enabled again." The detailed bug report is here. This is not the first Linux with poor bios implementation caused bricked system. Back in 2016, running "rm -rf /" caused the same problem and was bricking many Linux based system.

Submission + - Facebook Facial Recognition Gets Even Creepier

Submitted by Anonymous Coward on Wednesday December 20, 2017 @11:59AM

An anonymous reader writes: Facebook announced new facial recog settings for uploaded images:
https://newsroom.fb.com/news/2...
Naturally it is"opt out" not "opt in". Plus no way for a non-Facebook user to opt-out unless you sign up for Facebook first. You can be a face in the background of a photo taken at a restaurant and now your face is scanned along with any others in the photo just waiting for you to sign up and acknowledge it is your face.

Slashdot Top Deals