Skip to main content

Cerca

Elementi taggati con: iphone


 
Spectre and Meltdown - Linus Torvalds infuriated by Intel insanity - Open CPU and rise of RISC? RISCV - hifive1

Update: 2018.07 – it’s getting worse – steal bytes WITHOUT RUNNING ANY CODE


this attack is SUPER SLOW but it could steal arbitrary Bytes (how many bytes are one root password? (well yes you would to have to know in advance where exactly the root password is in memory and then it is probably (hopefully) not in an unencrypted state but in an sha512sum hashed/encrypted state) from routers and servers WITHOUT RUNNING ANY CODE on the system itself?

https://misc0110.net/web/files/netspectre.pdf

mirror: netspectre.pdf

src: https://www.heise.de//security/meldung/NetSpectre-liest-RAM-via-Netzwerk-aus-4121831.html?wt_mc=nl.heisec-summary.2018-07-30

another reason, why JavaScript should be avoided in WebDevelopment


(this will hit the AngularJS, JQuery and NoScript guys BADLY, Richard Stallmann is right.)

Websites should get rid of JavaScript all together – if a website does not work – with NoScript turned on – it sucks.

https://vvdveen.com/publications/dimva2018.pdf

mirror: GuardION – Practical Mitigation of DMA-based – Rowhammer Attacks on ARM – Vrije Universiteit Amsterdam.pdf

Hello \#Firefox, this is \#Meltdown. And these are your passwords.


… intel, i think you just broke the internet.




src: https://github.com/IAIK/meltdown

Update: Android and ARM affected – iPhones too?


„Over the last two years, the Rowhammer bug transformed from a hard-to-exploit DRAM disturbance error into a fully weaponized attack vector“

Paper on RowHammer: https://gruss.cc/files/rowhammerjs.pdf

mirror download for paper: Paper on Rowhammer.js – A Remote Software-Induced Fault Attack in JavaScript Daniel Gruss, Clementine Maurice and Stefan Mangard Graz University of Technology Austria – rowhammerjs.pdf

Doesn’t this sound great?

I wonder when i can install the first JavaScript based exploit on my website X-D and connecting an ARM-based SmartPhone to the internet becomes equally dangerous than an non-updated Windows 7 or Windows XP. (you can count down 10 seconds until the first virus is remotely installed)

2015: RowHammer.js (src)

„it’s a piece of JavaScript code that can escape a web browser’s security sandbox and gain access to the physical memory of your computer.“

„Insanity: doing the same thing over and over again and expecting different results.“
Albert Einstein – Who did not live long enough to see Rowhammer

ccc 2015:

https://media.ccc.de/v/32c3-7197-rowhammer_js_root_privileges_for_web_apps

Google is downplaying the problem.

the paper continues:

„Researchers demonstrated exploits not only against desktop computers, but also used single bit flips to compromise the cloud and mobile devices, all without relying on any software vulnerability.

Since hardware-level mitigations cannot be backported, a search for software defenses is pressing.

Proposals made by both academia and industry, however, are either impractical to deploy, or insufficient in stopping

all attacks: we present rampage, a set of DMA-based Rowhammer attacks against the latest Android OS, consisting of (1) a root exploit, and (2) a series of app-to-app exploit scenarios that bypass all defenses.

To mitigate Rowhammer exploitation on ARM, we propose guardion, a lightweight defense that prevents DMA-based attacks – the main attack vector on mobile devices – by isolating DMA buffers with guard rows.

We evaluate guardion on 22 benchmark apps and show that it has a negligible memory overhead (2.2 MB on average).

We further show that we can improve system performance by re-enabling higher order allocations after Google disabled these as a reaction to previous attacks.“

src: https://vvdveen.com/publications/dimva2018.pdf

Re: [RFC 09/10] x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation


risc v is very new: https://wiki.debian.org/InstallingDebianOn/SiFive/HiFiveUnleashed

buy here: [url=https://www.crowdsupply.com/sifive/hifive1]https://www.crowdsupply.com/sifive/hifive1[/url]

why no ethernet port per default? Freedom U540

https://youtu.be/RCQqDdK4Hkw
<span style="color: #ff6600;"><strong>From: David Woodhouse
Date: Sun Jan 21 2018 - 15:28:51 EST</strong></span>
```- **Next message:** [ulrik . debie-os: „Re: \[PATCH\] Input: trackpoint – force 3 buttons if 0 button is reported“](http://lkml.iu.edu/hypermail/linux/kernel/1801.2/04602.html)
- **Previous message:** [David Lechner: „\[PATCH\] mmc: davinci: suppress error message on EPROBE\_DEFER“](http://lkml.iu.edu/hypermail/linux/kernel/1801.2/04600.html)
- **In reply to:** [Andy Lutomirski: „Re: \[RFC 09/10\] x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation“](http://lkml.iu.edu/hypermail/linux/kernel/1801.2/06508.html)
- **Next in thread:** [Linus Torvalds: „Re: \[RFC 09/10\] x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation“](http://lkml.iu.edu/hypermail/linux/kernel/1801.2/04628.html)
- **Messages sorted by:** [\[ date \]](http://lkml.iu.edu/hypermail/linux/kernel/1801.2/date.html&#35;04601) [\[ thread \]](http://lkml.iu.edu/hypermail/linux/kernel/1801.2/index.html&#35;04601) [\[ subject \]](http://lkml.iu.edu/hypermail/linux/kernel/1801.2/subject.html&#35;04601) [\[ author \]](http://lkml.iu.edu/hypermail/linux/kernel/1801.2/author.html&#35;04601)

- - - - - -

On Sun, 2018-01-21 at 11:34 -0800, Linus Torvalds wrote:
> All of this is pure garbage.
>
> Is Intel really planning on making this shit architectural? Has
> anybody talked to them and told them they are f*cking insane?
>
> Please, any Intel engineers here - talk to your managers.Â


If the alternative was a two-decade product recall and [color="#ff0000"]giving everyone[/color]
[color="#ff0000"] free CPUs, I'm not sure it was entirely insane.[/color]

Certainly it's a nasty hack, but hey â the world was on fire and in the end we didn't have to just turn the datacentres off and go back to goat farming, so it's not all bad.

```my comment: that is exactly what Intel OUGHT to do: recall all CPUs of the last 20 years.

IMHO the „motive“ of intel/AMD is pretty clear: „yes we admit our product is flawed – we try to give you a choice: flip the IBRS_ALL bit and get a 20% speed penalty but (probably) fix the security whole. Or leave the whole wide open because your infrastructure is physically shielded against intruders and NOT connected to the internet.“

Another possibility: fire their managers close down and start over under a new name with a new design and a hacking team that tries to constantly break things?

That would be the clean thing to do to save their economic asses uh i mean assets.

But that will not be enough: Intel / AMD / CPU and Hardware manufacturer: To avoid future mistakes follow the UNIX philosophy: 1. Simplify 2. Simplify 3. Simplify – everything.

Even Dr Sheldon Cooper or Einstein makes mistakes: Complexity is THE ENEMY in this game for perfection. (that only god and/or nobody can achieve, check out the „perfect software“ paradigm)

if you don’t believe me, you might believe: McIlroy:
Obrázek/fotografie

src: https://homepage.cs.uri.edu/~thenry/resources/unix_art/ch01s07.html

„We used to sit around in the Unix Room saying, ‚What can we throw out? Why is there this option?‘

It’s often because there is some deficiency in the basic design — you didn’t really hit the right design point.

Instead of adding an option, think about what was forcing you to add that option.“

Never the less errors will be made: If architectural / design errors surface that can not be fixed by software – there should be some kind of recall mechanism, but this is expensive for the producer, so what probably happens is: Make the customer / re-seller bear the risk: If you want to run a Intel based computer, you will have to agree to some disclaimer like on software:

„THIS CPU IS SOLD „AS IS“ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE.
You are solely responsible for determining the appropriateness of using or redistributing this CPU and assume any risks associated with Your exercise of permissions under this License.“

Means: We don’t know if we just sold you a bunch of crap technology with unfixable security wholes – because this product is so complex – we kind of lost control over it’s quality – so all risk is on YOU!

That is just how mankind is: Apes with complex technology and technology dependent lifestyles that could get out of hand if no learning curve existed: so simplify, simplify, simplify!

Let’s just hope your lifestyle has no unfixable security problems.

Even worse: The monetary system actually might „encourage“ to repeat mistakes such as war – because it is good money for the „hardware“ (weapons) manufacturers.

And that is exactly what Intel will do: Save it’s ass – despite the flood (32 and more) lawsuits.

So Intel tries to sell it’s fix as „security“ and will not compensate the damaged datacenter owners – which probably are forced to rebuy, rebuy, rebuy Intel’s new CPU or go to an alternative CPU manufacturer that does not have this trouble (is there still one? Apple gave up on that… MISTAKE! another reason why monoculture sucks – not only in farming and nature).

Look at traffic: You could go by train, by car or by bus or by airplane or bicycle or horse or elephant or soon: DroneTaxi or or simply: walk.

There are basically completely different „methods“ of doing the same thing: travel distances and/or transport stuff.

And thus provide redundancy for the: travel/transport problem.

But redundancy costs money… repeating mistakes does too.

Oracle SPARC has the same problems.

This could be THE CHANCE for alternative CPU manufactureres and maybe even: Open Hardware?


Obrázek/fotografie

„The RISC-V Foundation says that no currently announced RISC-V CPU is vulnerable to Meltdown and Spectre“

„Until recently, RISC-V hadn’t seen much adoption in industry, but, in the past two years, Nvidia and Western Digital both announced that they would be adopting RISC-V CPUs. In light of the recent Meltdown/Spectre issue, the RISC-V foundation has released a statement on the vulnerabilities’ impact on RISC-V development.“

https://www.tomshardware.com/news/risc-v-not-vulnerable-meltdown-spectre-cpu-bugs,36231.html

https://riscv.org/

https://en.wikipedia.org/wiki/RISC-V

https://github.com/freechipsproject/rocket-chip

„As CISC raises too many verification problems, and a closed-source chip design cannot be trusted, the only solution is open-source RISC:“


openSPARC T1




OpenSPARC T1 is the open source version of the UltraSPARC T1 processor, a multi-core, 64-bit multiprocessor. The UltraSPARC T1 processor with CoolThreadstechnology was the highest-throughput and most eco-responsible processor ever created when it became available in the UltraSPARC T1 system. It was a breakthrough discovery for reducing data center energy consumption, while dramatically increasing throughput. Its 32 simultaneous processing threads, drawing about as much power as a light bulb, gave customers the best performance per watt of any processor available.

OpenSPARC T1 source components are covered under multiple open source licenses. The majority of OpenSPARC T1 source code is released under the GNU General Public License. GNU General Public License Source based on existing open source projects will continue to be available under their current licenses. Binary programs are released under a binary Software License Agreement.

Obrázek/fotografieDocs & Specs
Obrázek/fotografieSource Browser
Obrázek/fotografieDownload
Obrázek/fotografieFAQ

openSPARC T2

https://github.com/openrisc

https://github.com/riscv https://github.com/riscv/riscv-qemu

Is Open Source RISC-V Ready to Take on Intel, AMD, and ARM in the Data Center?


http://www.datacenterknowledge.com/hardware/open-source-risc-v-ready-take-intel-amd-and-arm-data-center

Open source startup SiFive introduces a single board computer running Linux on the open RISC-V architecture. Is the data center next?

costly RISC-V mainboard and CPU: https://www.crowdsupply.com/sifive/hifive-unleashed

LinuxGizmos.com:“Aside from being open source and customizable, one of the main benefits of RISC-V is that it is fully modern, purpose built, and unburdened with legacy code.“

https://www.heise.de/newsticker/meldung/RISC-V-Entwickler-Board-mit-64-Bit-Chip-und-Linux-ab-Juni-3960308.html

costly dev board: https://www.crowdsupply.com/microsemi/hifive-unleashed-expansion-board

… but only if we (can) buy it.

Debian supported CPU architectures:

Motorola 680x0: | m68k
- Atari | - atari
- Amiga | - amiga
- 68k Macintosh | - mac
- VME | - bvme6000
| - mvme147
| - mvme16x
|
DEC Alpha | alpha
| - generic
| - jensen
| - nautilus
|
Sun SPARC | sparc
| - sun4cdm
| - sun4u
The UltraSPARC class systems fall under the sun4u identifier,
and are supported using the sun4u set of install images.
|
ARM and StrongARM | arm
| - netwinder
| - riscpc
| - shark
| - lart
|
IBM/Motorola PowerPC | powerpc
- CHRP | - chrp
- PowerMac | - powermac, new-powermac
- PReP | - prep
- APUS | - apus
|
HP PA-RISC | hppa
- PA-RISC 1.1 | - 32
- PA-RISC 2.0 | - 64
|
Intel ia64-based | ia64
|
MIPS (big endian) | mips
- SGI Indy/I2 | - r4k-ip22
|
MIPS (little endian) | mipsel
- DEC Decstation | - r4k-kn04
| - r3k-kn02
|
IBM S/390 | s390
| - tape
| - vmrdr
```… the mail continues:


As a hack for existing CPUs, it's just about tolerable â as long as it
can die entirely by the next generation.


So the part is I think is odd is the IBRS_ALL feature, where a future
CPU will advertise "I am able to be not broken" and then you have to
set the IBRS bit once at boot time to ask it not to be broken. That
part is weird, because it ought to have been treated like the RDCL_NO
bit â just "you don't have to worry any more, it got better".

https://software.intel.com/sites/default/files/managed/c5/63/336996-Speculative-Execution-Side-Channel-Mitigations.pdf

``````
We do need the IBPB feature to complete the protection that retpoline
gives us â it's that or rebuild all of userspace with retpoline.


We'll also want to expose IBRS to VM guests, since Windows uses it.

I think we could probably live without the IBRS frobbing in our own
syscall/interrupt paths, as long as we're prepared to live with the
very hypothetical holes that still exist on Skylake. Because I like
IBRS more... no, let me rephrase... I hate IBRS less than I hate the
'deepstack' and other stuff that was being proposed to make Skylake
almost safe with retpoline.
```http://lkml.iu.edu/hypermail/linux/kernel/1801.2/04601.html

„As a programmer, it is your job to put yourself out of business. What you do today can be automated tomorrow.“

Doug McIlroy

Damn this guy is a philosopher.

\#linux #gnu #gnulinux #opensource #administration #sysops #unix #intel #spectre #meltdown #kernel #kiss #simplicity #simplify #cpu #amd #cisc #risc #rowhammer #firefox #iphone #arm #security #itsec #cybersec #cybersercurity #cyber #internetsecurity #web
Quelle: http://dwaves.de/2018/05/09/spectre-and-meltdown-linus-torvalds-infuriated-by-intel-insanity-open-cpu-and-rise-of-risc/
Spectre and Meltdown – Linus Torvalds infuriated by Intel insanity – Open CPU and rise of RISC? RISCV – hifive1

 

Doctors say: Children struggle to hold pencils due to too much tablet and smartphone usage


Strange generation... Using tablets and phones all the time, but having difficulties using a pen or pencil. Actually no wonder considering adult's phone addiction ( https://diasp.org/posts/8850004 ). Maybe pens and pencils are old fashioned anyway. Children might have to learn only touch screen usage in the future.

https://www.theguardian.com/society/2018/feb/25/children-struggle-to-hold-pencils-due-to-too-much-tech-doctors-say

#education #school #pen #pencil #tablet #smartphone #theguardian #guardian #phone #mobilephone #iphone #android #sailfish

 
Spectre and Meltdown - Linus Torvalds infuriated by Intel insanity - Open CPU and rise of RISC? RISCV - hifive1

Update: 2018.07 – it’s getting worse – steal bytes WITHOUT RUNNING ANY CODE


this attack is SUPER SLOW but it could steal arbitrary Bytes (how many bytes are one root password? (well yes you would to have to know in advance where exactly the root password is in memory and then it is probably (hopefully) not in an unencrypted state but in an sha512sum hashed/encrypted state) from routers and servers WITHOUT RUNNING ANY CODE on the system itself?

https://misc0110.net/web/files/netspectre.pdf

mirror: netspectre.pdf

src: https://www.heise.de//security/meldung/NetSpectre-liest-RAM-via-Netzwerk-aus-4121831.html?wt_mc=nl.heisec-summary.2018-07-30

another reason, why JavaScript should be avoided in WebDevelopment


(this will hit the AngularJS, JQuery and NoScript guys BADLY, Richard Stallmann is right.)

Websites should get rid of JavaScript all together – if a website does not work – with NoScript turned on – it sucks.

https://vvdveen.com/publications/dimva2018.pdf

mirror: GuardION – Practical Mitigation of DMA-based – Rowhammer Attacks on ARM – Vrije Universiteit Amsterdam.pdf

Hello \#Firefox, this is \#Meltdown. And these are your passwords.


… intel, i think you just broke the internet.




src: https://github.com/IAIK/meltdown

Update: Android and ARM affected – iPhones too?


„Over the last two years, the Rowhammer bug transformed from a hard-to-exploit DRAM disturbance error into a fully weaponized attack vector“

Paper on RowHammer: https://gruss.cc/files/rowhammerjs.pdf

mirror download for paper: Paper on Rowhammer.js – A Remote Software-Induced Fault Attack in JavaScript Daniel Gruss, Clementine Maurice and Stefan Mangard Graz University of Technology Austria – rowhammerjs.pdf

Doesn’t this sound great?

I wonder when i can install the first JavaScript based exploit on my website X-D and connecting an ARM-based SmartPhone to the internet becomes equally dangerous than an non-updated Windows 7 or Windows XP. (you can count down 10 seconds until the first virus is remotely installed)

2015: RowHammer.js (src)

„it’s a piece of JavaScript code that can escape a web browser’s security sandbox and gain access to the physical memory of your computer.“

„Insanity: doing the same thing over and over again and expecting different results.“
Albert Einstein – Who did not live long enough to see Rowhammer

ccc 2015:

https://media.ccc.de/v/32c3-7197-rowhammer_js_root_privileges_for_web_apps

Google is downplaying the problem.

the paper continues:

„Researchers demonstrated exploits not only against desktop computers, but also used single bit flips to compromise the cloud and mobile devices, all without relying on any software vulnerability.

Since hardware-level mitigations cannot be backported, a search for software defenses is pressing.

Proposals made by both academia and industry, however, are either impractical to deploy, or insufficient in stopping

all attacks: we present rampage, a set of DMA-based Rowhammer attacks against the latest Android OS, consisting of (1) a root exploit, and (2) a series of app-to-app exploit scenarios that bypass all defenses.

To mitigate Rowhammer exploitation on ARM, we propose guardion, a lightweight defense that prevents DMA-based attacks – the main attack vector on mobile devices – by isolating DMA buffers with guard rows.

We evaluate guardion on 22 benchmark apps and show that it has a negligible memory overhead (2.2 MB on average).

We further show that we can improve system performance by re-enabling higher order allocations after Google disabled these as a reaction to previous attacks.“

src: https://vvdveen.com/publications/dimva2018.pdf

Re: [RFC 09/10] x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation


risc v is very new: https://wiki.debian.org/InstallingDebianOn/SiFive/HiFiveUnleashed

buy here: [url=https://www.crowdsupply.com/sifive/hifive1]https://www.crowdsupply.com/sifive/hifive1[/url]

why no ethernet port per default? Freedom U540

https://youtu.be/RCQqDdK4Hkw
<span style="color: #ff6600;"><strong>From: David Woodhouse
Date: Sun Jan 21 2018 - 15:28:51 EST</strong></span>
```- **Next message:** [ulrik . debie-os: „Re: \[PATCH\] Input: trackpoint – force 3 buttons if 0 button is reported“](http://lkml.iu.edu/hypermail/linux/kernel/1801.2/04602.html)
- **Previous message:** [David Lechner: „\[PATCH\] mmc: davinci: suppress error message on EPROBE\_DEFER“](http://lkml.iu.edu/hypermail/linux/kernel/1801.2/04600.html)
- **In reply to:** [Andy Lutomirski: „Re: \[RFC 09/10\] x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation“](http://lkml.iu.edu/hypermail/linux/kernel/1801.2/06508.html)
- **Next in thread:** [Linus Torvalds: „Re: \[RFC 09/10\] x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation“](http://lkml.iu.edu/hypermail/linux/kernel/1801.2/04628.html)
- **Messages sorted by:** [\[ date \]](http://lkml.iu.edu/hypermail/linux/kernel/1801.2/date.html&#35;04601) [\[ thread \]](http://lkml.iu.edu/hypermail/linux/kernel/1801.2/index.html&#35;04601) [\[ subject \]](http://lkml.iu.edu/hypermail/linux/kernel/1801.2/subject.html&#35;04601) [\[ author \]](http://lkml.iu.edu/hypermail/linux/kernel/1801.2/author.html&#35;04601)

- - - - - -

On Sun, 2018-01-21 at 11:34 -0800, Linus Torvalds wrote:
> All of this is pure garbage.
>
> Is Intel really planning on making this shit architectural? Has
> anybody talked to them and told them they are f*cking insane?
>
> Please, any Intel engineers here - talk to your managers.Â


If the alternative was a two-decade product recall and [color="#ff0000"]giving everyone[/color]
[color="#ff0000"] free CPUs, I'm not sure it was entirely insane.[/color]

Certainly it's a nasty hack, but hey â the world was on fire and in the end we didn't have to just turn the datacentres off and go back to goat farming, so it's not all bad.

```my comment: that is exactly what Intel OUGHT to do: recall all CPUs of the last 20 years.

IMHO the „motive“ of intel/AMD is pretty clear: „yes we admit our product is flawed – we try to give you a choice: flip the IBRS_ALL bit and get a 20% speed penalty but (probably) fix the security whole. Or leave the whole wide open because your infrastructure is physically shielded against intruders and NOT connected to the internet.“

Another possibility: fire their managers close down and start over under a new name with a new design and a hacking team that tries to constantly break things?

That would be the clean thing to do to save their economic asses uh i mean assets.

But that will not be enough: Intel / AMD / CPU and Hardware manufacturer: To avoid future mistakes follow the UNIX philosophy: 1. Simplify 2. Simplify 3. Simplify – everything.

Even Dr Sheldon Cooper or Einstein makes mistakes: Complexity is THE ENEMY in this game for perfection. (that only god and/or nobody can achieve, check out the „perfect software“ paradigm)

if you don’t believe me, you might believe: McIlroy:
Obrázek/fotografie

src: https://homepage.cs.uri.edu/~thenry/resources/unix_art/ch01s07.html

„We used to sit around in the Unix Room saying, ‚What can we throw out? Why is there this option?‘

It’s often because there is some deficiency in the basic design — you didn’t really hit the right design point.

Instead of adding an option, think about what was forcing you to add that option.“

Never the less errors will be made: If architectural / design errors surface that can not be fixed by software – there should be some kind of recall mechanism, but this is expensive for the producer, so what probably happens is: Make the customer / re-seller bear the risk: If you want to run a Intel based computer, you will have to agree to some disclaimer like on software:

„THIS CPU IS SOLD „AS IS“ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE.
You are solely responsible for determining the appropriateness of using or redistributing this CPU and assume any risks associated with Your exercise of permissions under this License.“

Means: We don’t know if we just sold you a bunch of crap technology with unfixable security wholes – because this product is so complex – we kind of lost control over it’s quality – so all risk is on YOU!

That is just how mankind is: Apes with complex technology and technology dependent lifestyles that could get out of hand if no learning curve existed: so simplify, simplify, simplify!

Let’s just hope your lifestyle has no unfixable security problems.

Even worse: The monetary system actually might „encourage“ to repeat mistakes such as war – because it is good money for the „hardware“ (weapons) manufacturers.

And that is exactly what Intel will do: Save it’s ass – despite the flood (32 and more) lawsuits.

So Intel tries to sell it’s fix as „security“ and will not compensate the damaged datacenter owners – which probably are forced to rebuy, rebuy, rebuy Intel’s new CPU or go to an alternative CPU manufacturer that does not have this trouble (is there still one? Apple gave up on that… MISTAKE! another reason why monoculture sucks – not only in farming and nature).

Look at traffic: You could go by train, by car or by bus or by airplane or bicycle or horse or elephant or soon: DroneTaxi or or simply: walk.

There are basically completely different „methods“ of doing the same thing: travel distances and/or transport stuff.

And thus provide redundancy for the: travel/transport problem.

But redundancy costs money… repeating mistakes does too.

Oracle SPARC has the same problems.

This could be THE CHANCE for alternative CPU manufactureres and maybe even: Open Hardware?


Obrázek/fotografie

„The RISC-V Foundation says that no currently announced RISC-V CPU is vulnerable to Meltdown and Spectre“

„Until recently, RISC-V hadn’t seen much adoption in industry, but, in the past two years, Nvidia and Western Digital both announced that they would be adopting RISC-V CPUs. In light of the recent Meltdown/Spectre issue, the RISC-V foundation has released a statement on the vulnerabilities’ impact on RISC-V development.“

https://www.tomshardware.com/news/risc-v-not-vulnerable-meltdown-spectre-cpu-bugs,36231.html

https://riscv.org/

https://en.wikipedia.org/wiki/RISC-V

https://github.com/freechipsproject/rocket-chip

„As CISC raises too many verification problems, and a closed-source chip design cannot be trusted, the only solution is open-source RISC:“


openSPARC T1




OpenSPARC T1 is the open source version of the UltraSPARC T1 processor, a multi-core, 64-bit multiprocessor. The UltraSPARC T1 processor with CoolThreadstechnology was the highest-throughput and most eco-responsible processor ever created when it became available in the UltraSPARC T1 system. It was a breakthrough discovery for reducing data center energy consumption, while dramatically increasing throughput. Its 32 simultaneous processing threads, drawing about as much power as a light bulb, gave customers the best performance per watt of any processor available.

OpenSPARC T1 source components are covered under multiple open source licenses. The majority of OpenSPARC T1 source code is released under the GNU General Public License. GNU General Public License Source based on existing open source projects will continue to be available under their current licenses. Binary programs are released under a binary Software License Agreement.

Obrázek/fotografieDocs & Specs
Obrázek/fotografieSource Browser
Obrázek/fotografieDownload
Obrázek/fotografieFAQ

openSPARC T2

https://github.com/openrisc

https://github.com/riscv https://github.com/riscv/riscv-qemu

Is Open Source RISC-V Ready to Take on Intel, AMD, and ARM in the Data Center?


http://www.datacenterknowledge.com/hardware/open-source-risc-v-ready-take-intel-amd-and-arm-data-center

Open source startup SiFive introduces a single board computer running Linux on the open RISC-V architecture. Is the data center next?

costly RISC-V mainboard and CPU: https://www.crowdsupply.com/sifive/hifive-unleashed

LinuxGizmos.com:“Aside from being open source and customizable, one of the main benefits of RISC-V is that it is fully modern, purpose built, and unburdened with legacy code.“

https://www.heise.de/newsticker/meldung/RISC-V-Entwickler-Board-mit-64-Bit-Chip-und-Linux-ab-Juni-3960308.html

costly dev board: https://www.crowdsupply.com/microsemi/hifive-unleashed-expansion-board

… but only if we (can) buy it.

Debian supported CPU architectures:

Motorola 680x0: | m68k
- Atari | - atari
- Amiga | - amiga
- 68k Macintosh | - mac
- VME | - bvme6000
| - mvme147
| - mvme16x
|
DEC Alpha | alpha
| - generic
| - jensen
| - nautilus
|
Sun SPARC | sparc
| - sun4cdm
| - sun4u
The UltraSPARC class systems fall under the sun4u identifier,
and are supported using the sun4u set of install images.
|
ARM and StrongARM | arm
| - netwinder
| - riscpc
| - shark
| - lart
|
IBM/Motorola PowerPC | powerpc
- CHRP | - chrp
- PowerMac | - powermac, new-powermac
- PReP | - prep
- APUS | - apus
|
HP PA-RISC | hppa
- PA-RISC 1.1 | - 32
- PA-RISC 2.0 | - 64
|
Intel ia64-based | ia64
|
MIPS (big endian) | mips
- SGI Indy/I2 | - r4k-ip22
|
MIPS (little endian) | mipsel
- DEC Decstation | - r4k-kn04
| - r3k-kn02
|
IBM S/390 | s390
| - tape
| - vmrdr
```… the mail continues:


As a hack for existing CPUs, it's just about tolerable â as long as it
can die entirely by the next generation.


So the part is I think is odd is the IBRS_ALL feature, where a future
CPU will advertise "I am able to be not broken" and then you have to
set the IBRS bit once at boot time to ask it not to be broken. That
part is weird, because it ought to have been treated like the RDCL_NO
bit â just "you don't have to worry any more, it got better".

https://software.intel.com/sites/default/files/managed/c5/63/336996-Speculative-Execution-Side-Channel-Mitigations.pdf

``````
We do need the IBPB feature to complete the protection that retpoline
gives us â it's that or rebuild all of userspace with retpoline.


We'll also want to expose IBRS to VM guests, since Windows uses it.

I think we could probably live without the IBRS frobbing in our own
syscall/interrupt paths, as long as we're prepared to live with the
very hypothetical holes that still exist on Skylake. Because I like
IBRS more... no, let me rephrase... I hate IBRS less than I hate the
'deepstack' and other stuff that was being proposed to make Skylake
almost safe with retpoline.
```http://lkml.iu.edu/hypermail/linux/kernel/1801.2/04601.html

„As a programmer, it is your job to put yourself out of business. What you do today can be automated tomorrow.“

Doug McIlroy

Damn this guy is a philosopher.

\#linux #gnu #gnulinux #opensource #administration #sysops #unix #intel #spectre #meltdown #kernel #kiss #simplicity #simplify #cpu #amd #cisc #risc #rowhammer #firefox #iphone #arm #security #itsec #cybersec #cybersercurity #cyber #internetsecurity #web
Quelle: http://dwaves.de/2018/05/09/spectre-and-meltdown-linus-torvalds-infuriated-by-intel-insanity-open-cpu-and-rise-of-risc/
Spectre and Meltdown – Linus Torvalds infuriated by Intel insanity – Open CPU and rise of RISC? RISCV – hifive1

 
Spectre and Meltdown - Linus Torvalds infuriated by Intel insanity - Open CPU and rise of RISC? RISCV - hifive1

Update: 2018.07 – it’s getting worse – steal bytes WITHOUT RUNNING ANY CODE


this attack is SUPER SLOW but it could steal arbitrary Bytes (how many bytes are one root password? (well yes you would to have to know in advance where exactly the root password is in memory and then it is probably (hopefully) not in an unencrypted state but in an sha512sum hashed/encrypted state) from routers and servers WITHOUT RUNNING ANY CODE on the system itself?

https://misc0110.net/web/files/netspectre.pdf

mirror: netspectre.pdf

src: https://www.heise.de//security/meldung/NetSpectre-liest-RAM-via-Netzwerk-aus-4121831.html?wt_mc=nl.heisec-summary.2018-07-30

another reason, why JavaScript should be avoided in WebDevelopment


(this will hit the AngularJS, JQuery and NoScript guys BADLY, Richard Stallmann is right.)

Websites should get rid of JavaScript all together – if a website does not work – with NoScript turned on – it sucks.

https://vvdveen.com/publications/dimva2018.pdf

mirror: GuardION – Practical Mitigation of DMA-based – Rowhammer Attacks on ARM – Vrije Universiteit Amsterdam.pdf

Hello \#Firefox, this is \#Meltdown. And these are your passwords.


… intel, i think you just broke the internet.




src: https://github.com/IAIK/meltdown

Update: Android and ARM affected – iPhones too?


„Over the last two years, the Rowhammer bug transformed from a hard-to-exploit DRAM disturbance error into a fully weaponized attack vector“

Paper on RowHammer: https://gruss.cc/files/rowhammerjs.pdf

mirror download for paper: Paper on Rowhammer.js – A Remote Software-Induced Fault Attack in JavaScript Daniel Gruss, Clementine Maurice and Stefan Mangard Graz University of Technology Austria – rowhammerjs.pdf

Doesn’t this sound great?

I wonder when i can install the first JavaScript based exploit on my website X-D and connecting an ARM-based SmartPhone to the internet becomes equally dangerous than an non-updated Windows 7 or Windows XP. (you can count down 10 seconds until the first virus is remotely installed)

2015: RowHammer.js (src)

„it’s a piece of JavaScript code that can escape a web browser’s security sandbox and gain access to the physical memory of your computer.“

„Insanity: doing the same thing over and over again and expecting different results.“
Albert Einstein – Who did not live long enough to see Rowhammer

ccc 2015:

https://media.ccc.de/v/32c3-7197-rowhammer_js_root_privileges_for_web_apps

Google is downplaying the problem.

the paper continues:

„Researchers demonstrated exploits not only against desktop computers, but also used single bit flips to compromise the cloud and mobile devices, all without relying on any software vulnerability.

Since hardware-level mitigations cannot be backported, a search for software defenses is pressing.

Proposals made by both academia and industry, however, are either impractical to deploy, or insufficient in stopping

all attacks: we present rampage, a set of DMA-based Rowhammer attacks against the latest Android OS, consisting of (1) a root exploit, and (2) a series of app-to-app exploit scenarios that bypass all defenses.

To mitigate Rowhammer exploitation on ARM, we propose guardion, a lightweight defense that prevents DMA-based attacks – the main attack vector on mobile devices – by isolating DMA buffers with guard rows.

We evaluate guardion on 22 benchmark apps and show that it has a negligible memory overhead (2.2 MB on average).

We further show that we can improve system performance by re-enabling higher order allocations after Google disabled these as a reaction to previous attacks.“

src: https://vvdveen.com/publications/dimva2018.pdf

Re: [RFC 09/10] x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation


risc v is very new: https://wiki.debian.org/InstallingDebianOn/SiFive/HiFiveUnleashed

buy here: [url=https://www.crowdsupply.com/sifive/hifive1]https://www.crowdsupply.com/sifive/hifive1[/url]

why no ethernet port per default? Freedom U540

https://youtu.be/RCQqDdK4Hkw
<span style="color: #ff6600;"><strong>From: David Woodhouse
Date: Sun Jan 21 2018 - 15:28:51 EST</strong></span>
```- **Next message:** [ulrik . debie-os: „Re: \[PATCH\] Input: trackpoint – force 3 buttons if 0 button is reported“](http://lkml.iu.edu/hypermail/linux/kernel/1801.2/04602.html)
- **Previous message:** [David Lechner: „\[PATCH\] mmc: davinci: suppress error message on EPROBE\_DEFER“](http://lkml.iu.edu/hypermail/linux/kernel/1801.2/04600.html)
- **In reply to:** [Andy Lutomirski: „Re: \[RFC 09/10\] x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation“](http://lkml.iu.edu/hypermail/linux/kernel/1801.2/06508.html)
- **Next in thread:** [Linus Torvalds: „Re: \[RFC 09/10\] x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation“](http://lkml.iu.edu/hypermail/linux/kernel/1801.2/04628.html)
- **Messages sorted by:** [\[ date \]](http://lkml.iu.edu/hypermail/linux/kernel/1801.2/date.html&#35;04601) [\[ thread \]](http://lkml.iu.edu/hypermail/linux/kernel/1801.2/index.html&#35;04601) [\[ subject \]](http://lkml.iu.edu/hypermail/linux/kernel/1801.2/subject.html&#35;04601) [\[ author \]](http://lkml.iu.edu/hypermail/linux/kernel/1801.2/author.html&#35;04601)

- - - - - -

On Sun, 2018-01-21 at 11:34 -0800, Linus Torvalds wrote:
> All of this is pure garbage.
>
> Is Intel really planning on making this shit architectural? Has
> anybody talked to them and told them they are f*cking insane?
>
> Please, any Intel engineers here - talk to your managers.Â


If the alternative was a two-decade product recall and [color="#ff0000"]giving everyone[/color]
[color="#ff0000"] free CPUs, I'm not sure it was entirely insane.[/color]

Certainly it's a nasty hack, but hey â the world was on fire and in the end we didn't have to just turn the datacentres off and go back to goat farming, so it's not all bad.

```my comment: that is exactly what Intel OUGHT to do: recall all CPUs of the last 20 years.

IMHO the „motive“ of intel/AMD is pretty clear: „yes we admit our product is flawed – we try to give you a choice: flip the IBRS_ALL bit and get a 20% speed penalty but (probably) fix the security whole. Or leave the whole wide open because your infrastructure is physically shielded against intruders and NOT connected to the internet.“

Another possibility: fire their managers close down and start over under a new name with a new design and a hacking team that tries to constantly break things?

That would be the clean thing to do to save their economic asses uh i mean assets.

But that will not be enough: Intel / AMD / CPU and Hardware manufacturer: To avoid future mistakes follow the UNIX philosophy: 1. Simplify 2. Simplify 3. Simplify – everything.

Even Dr Sheldon Cooper or Einstein makes mistakes: Complexity is THE ENEMY in this game for perfection. (that only god and/or nobody can achieve, check out the „perfect software“ paradigm)

if you don’t believe me, you might believe: McIlroy:
Obrázek/fotografie

src: https://homepage.cs.uri.edu/~thenry/resources/unix_art/ch01s07.html

„We used to sit around in the Unix Room saying, ‚What can we throw out? Why is there this option?‘

It’s often because there is some deficiency in the basic design — you didn’t really hit the right design point.

Instead of adding an option, think about what was forcing you to add that option.“

Never the less errors will be made: If architectural / design errors surface that can not be fixed by software – there should be some kind of recall mechanism, but this is expensive for the producer, so what probably happens is: Make the customer / re-seller bear the risk: If you want to run a Intel based computer, you will have to agree to some disclaimer like on software:

„THIS CPU IS SOLD „AS IS“ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE.
You are solely responsible for determining the appropriateness of using or redistributing this CPU and assume any risks associated with Your exercise of permissions under this License.“

Means: We don’t know if we just sold you a bunch of crap technology with unfixable security wholes – because this product is so complex – we kind of lost control over it’s quality – so all risk is on YOU!

That is just how mankind is: Apes with complex technology and technology dependent lifestyles that could get out of hand if no learning curve existed: so simplify, simplify, simplify!

Let’s just hope your lifestyle has no unfixable security problems.

Even worse: The monetary system actually might „encourage“ to repeat mistakes such as war – because it is good money for the „hardware“ (weapons) manufacturers.

And that is exactly what Intel will do: Save it’s ass – despite the flood (32 and more) lawsuits.

So Intel tries to sell it’s fix as „security“ and will not compensate the damaged datacenter owners – which probably are forced to rebuy, rebuy, rebuy Intel’s new CPU or go to an alternative CPU manufacturer that does not have this trouble (is there still one? Apple gave up on that… MISTAKE! another reason why monoculture sucks – not only in farming and nature).

Look at traffic: You could go by train, by car or by bus or by airplane or bicycle or horse or elephant or soon: DroneTaxi or or simply: walk.

There are basically completely different „methods“ of doing the same thing: travel distances and/or transport stuff.

And thus provide redundancy for the: travel/transport problem.

But redundancy costs money… repeating mistakes does too.

Oracle SPARC has the same problems.

This could be THE CHANCE for alternative CPU manufactureres and maybe even: Open Hardware?


Obrázek/fotografie

„The RISC-V Foundation says that no currently announced RISC-V CPU is vulnerable to Meltdown and Spectre“

„Until recently, RISC-V hadn’t seen much adoption in industry, but, in the past two years, Nvidia and Western Digital both announced that they would be adopting RISC-V CPUs. In light of the recent Meltdown/Spectre issue, the RISC-V foundation has released a statement on the vulnerabilities’ impact on RISC-V development.“

https://www.tomshardware.com/news/risc-v-not-vulnerable-meltdown-spectre-cpu-bugs,36231.html

https://riscv.org/

https://en.wikipedia.org/wiki/RISC-V

https://github.com/freechipsproject/rocket-chip

„As CISC raises too many verification problems, and a closed-source chip design cannot be trusted, the only solution is open-source RISC:“


openSPARC T1




OpenSPARC T1 is the open source version of the UltraSPARC T1 processor, a multi-core, 64-bit multiprocessor. The UltraSPARC T1 processor with CoolThreadstechnology was the highest-throughput and most eco-responsible processor ever created when it became available in the UltraSPARC T1 system. It was a breakthrough discovery for reducing data center energy consumption, while dramatically increasing throughput. Its 32 simultaneous processing threads, drawing about as much power as a light bulb, gave customers the best performance per watt of any processor available.

OpenSPARC T1 source components are covered under multiple open source licenses. The majority of OpenSPARC T1 source code is released under the GNU General Public License. GNU General Public License Source based on existing open source projects will continue to be available under their current licenses. Binary programs are released under a binary Software License Agreement.

Obrázek/fotografieDocs & Specs
Obrázek/fotografieSource Browser
Obrázek/fotografieDownload
Obrázek/fotografieFAQ

openSPARC T2

https://github.com/openrisc

https://github.com/riscv https://github.com/riscv/riscv-qemu

Is Open Source RISC-V Ready to Take on Intel, AMD, and ARM in the Data Center?


http://www.datacenterknowledge.com/hardware/open-source-risc-v-ready-take-intel-amd-and-arm-data-center

Open source startup SiFive introduces a single board computer running Linux on the open RISC-V architecture. Is the data center next?

costly RISC-V mainboard and CPU: https://www.crowdsupply.com/sifive/hifive-unleashed

LinuxGizmos.com:“Aside from being open source and customizable, one of the main benefits of RISC-V is that it is fully modern, purpose built, and unburdened with legacy code.“

https://www.heise.de/newsticker/meldung/RISC-V-Entwickler-Board-mit-64-Bit-Chip-und-Linux-ab-Juni-3960308.html

costly dev board: https://www.crowdsupply.com/microsemi/hifive-unleashed-expansion-board

… but only if we (can) buy it.

Debian supported CPU architectures:

Motorola 680x0: | m68k
- Atari | - atari
- Amiga | - amiga
- 68k Macintosh | - mac
- VME | - bvme6000
| - mvme147
| - mvme16x
|
DEC Alpha | alpha
| - generic
| - jensen
| - nautilus
|
Sun SPARC | sparc
| - sun4cdm
| - sun4u
The UltraSPARC class systems fall under the sun4u identifier,
and are supported using the sun4u set of install images.
|
ARM and StrongARM | arm
| - netwinder
| - riscpc
| - shark
| - lart
|
IBM/Motorola PowerPC | powerpc
- CHRP | - chrp
- PowerMac | - powermac, new-powermac
- PReP | - prep
- APUS | - apus
|
HP PA-RISC | hppa
- PA-RISC 1.1 | - 32
- PA-RISC 2.0 | - 64
|
Intel ia64-based | ia64
|
MIPS (big endian) | mips
- SGI Indy/I2 | - r4k-ip22
|
MIPS (little endian) | mipsel
- DEC Decstation | - r4k-kn04
| - r3k-kn02
|
IBM S/390 | s390
| - tape
| - vmrdr
```… the mail continues:


As a hack for existing CPUs, it's just about tolerable â as long as it
can die entirely by the next generation.


So the part is I think is odd is the IBRS_ALL feature, where a future
CPU will advertise "I am able to be not broken" and then you have to
set the IBRS bit once at boot time to ask it not to be broken. That
part is weird, because it ought to have been treated like the RDCL_NO
bit â just "you don't have to worry any more, it got better".

https://software.intel.com/sites/default/files/managed/c5/63/336996-Speculative-Execution-Side-Channel-Mitigations.pdf

``````
We do need the IBPB feature to complete the protection that retpoline
gives us â it's that or rebuild all of userspace with retpoline.


We'll also want to expose IBRS to VM guests, since Windows uses it.

I think we could probably live without the IBRS frobbing in our own
syscall/interrupt paths, as long as we're prepared to live with the
very hypothetical holes that still exist on Skylake. Because I like
IBRS more... no, let me rephrase... I hate IBRS less than I hate the
'deepstack' and other stuff that was being proposed to make Skylake
almost safe with retpoline.
```http://lkml.iu.edu/hypermail/linux/kernel/1801.2/04601.html

„As a programmer, it is your job to put yourself out of business. What you do today can be automated tomorrow.“

Doug McIlroy

Damn this guy is a philosopher.

\#linux #gnu #gnulinux #opensource #administration #sysops #unix #intel #spectre #meltdown #kernel #kiss #simplicity #simplify #cpu #amd #cisc #risc #rowhammer #firefox #iphone #arm #security #itsec #cybersec #cybersercurity #cyber #internetsecurity #web
Quelle: http://dwaves.de/2018/05/09/spectre-and-meltdown-linus-torvalds-infuriated-by-intel-insanity-open-cpu-and-rise-of-risc/
Spectre and Meltdown – Linus Torvalds infuriated by Intel insanity – Open CPU and rise of RISC? RISCV – hifive1

 
Want to #charge your #iPhone #instantly? A world-first #super #battery could make it #possible
Immagine/foto
Are you sick of waiting an hour or two for your phone to charge? Don't want to leave it on charge overnight? Well, an Adelaide scientist is researching new technology which could change the shape of the energy industry worldwide.
http://www.abc.net.au/news/2018-07-21/new-technology-could-help-to-charge-your-iphone-instantly/10021086

 

Note to myself: How to disable OTR in ChatSecure



Some weeks ago, a colleague, who unfortunately uses an iPhone (he is not a completely bad person, though) installed ChatSecure. Immediately, I and others were annoyed by unreadable OTR garbage he sent. It took us a while, but at the end of the day (the whole day!) we found out how to disable OTR. Yesterday, a friend who unfortunately also uses an iPhone (he is not a completely bad person neither), had the same issue and it took me the help of strangers on the internet (here; the Conversations MUC), to remember what to do. For the next time and the benefit of the public:
  • One cannot disable OTR globally in ChatSecure, but only contact by contact.
  • You need to open the chat of the contact.
  • Go to the "contact details".
  • Go to "advanced encryption settings" and select "OMEMO", nothing else.
  • Close chat with the contact.
  • Repeat the last four steps for all your 511 contacts.
#xmpp #ios #iphone #otr #omemo #chatsecure #conversations

 

Japan’s Sharp may break ground on $7 billion U.S. plant in first half: source



#americafirst #appleinc #asia #billion #break #business #businessnews #display #florid #foxconn #ground #half #honhaiprecisionindustrycoltd #iphone #japan #japaneseprimeministershinzo #japans #japanssharpmaybreakgroundon7billionusplantinfirsthalfsource #maker #maralagoresort #masayoshison #news #philippines #plant #sharp #sharpcorp #softbankgroupcorp #source #toyotamotorcorp #unitedstates #uspresidentdonaldtrump
Japan’s Sharp may break ground on $7 billion U.S. plant in first half: source

Manila Bulletin Business: Japan’s Sharp may break ground on $7 billion U.S. plant in first half: source (Jet Pelea)


 

Japan’s Sharp may break ground on $7 billion U.S. plant in first half: source



#americafirst #appleinc #asia #billion #break #business #businessnews #display #florid #foxconn #ground #half #honhaiprecisionindustrycoltd #iphone #japan #japaneseprimeministershinzo #japans #japanssharpmaybreakgroundon7billionusplantinfirsthalfsource #maker #maralagoresort #masayoshison #news #philippines #plant #sharp #sharpcorp #softbankgroupcorp #source #toyotamotorcorp #unitedstates #uspresidentdonaldtrump
Japan’s Sharp may break ground on $7 billion U.S. plant in first half: source

Manila Bulletin Business: Japan’s Sharp may break ground on $7 billion U.S. plant in first half: source (Jet Pelea)


 

Ocho personas poseen la misma riqueza que la mitad más pobre del mundo.



http://www.oxfamintermon.org/es/sala-de-prensa/nota-de-prensa/ocho-personas-poseen-misma-riqueza-que-mitad-mas-pobre-del-mundo

Al parecer a la mayoría de la gente no le importa las consecuencias de usar Microsoft Windows y productos de Apple, cuando van a grandes centros comerciales, cuando no boicotean empresas que carecen de responsabilidad social, cuando votan a políticos corruptos, etc.

Por supuesto, también hay que tener en cuenta:
· El sistema financiero/bancario (basado en esclavitud por medio de deuda, interés compuesto, etc.).
· Patentes (es decir, monopolios otorgados por el estado a depredadores corporativos que secuestran tecnologías que podrían ser usadas para crear nuevos productos y medicinas más baratas en todo el mundo).
· Paraísos fiscales y ventajas para grandes fortunas en el sistema impositivo.
· Subvenciones y rescates a bancos y grandes empresas.
· Corrupción, especulación usando información privilegiada, etc.

#riqueza #desigualdad #economía #pobreza #financiero #bancos #bancario #deuda #tecnología #SoftwareLibre #código-abierto #Microsoft #Apple #iphone #paraísos-fiscales #multinacionales #corporaciones #monopolio #patentes #copyright #medicina #salud #consumismo #corrupción #oxfam

 

Ocho personas poseen la misma riqueza que la mitad más pobre del mundo.



http://www.oxfamintermon.org/es/sala-de-prensa/nota-de-prensa/ocho-personas-poseen-misma-riqueza-que-mitad-mas-pobre-del-mundo

Al parecer a la mayoría de la gente no le importa las consecuencias de usar Microsoft Windows y productos de Apple, cuando van a grandes centros comerciales, cuando no boicotean empresas que carecen de responsabilidad social, cuando votan a políticos corruptos, etc.

Por supuesto, también hay que tener en cuenta:
· El sistema financiero/bancario (basado en esclavitud por medio de deuda, interés compuesto, etc.).
· Patentes (es decir, monopolios otorgados por el estado a depredadores corporativos que secuestran tecnologías que podrían ser usadas para crear nuevos productos y medicinas más baratas en todo el mundo).
· Paraísos fiscales y ventajas para grandes fortunas en el sistema impositivo.
· Subvenciones y rescates a bancos y grandes empresas.
· Corrupción, especulación usando información privilegiada, etc.

#riqueza #desigualdad #economía #pobreza #financiero #bancos #bancario #deuda #tecnología #SoftwareLibre #código-abierto #Microsoft #Apple #iphone #paraísos-fiscales #multinacionales #corporaciones #monopolio #patentes #copyright #medicina #salud #consumismo #corrupción #oxfam

 

Just 8 men own same wealth as half the world.



https://www.oxfam.org/en/pressroom/pressreleases/2017-01-16/just-8-men-own-same-wealth-half-world

It's like most people don't think about the consequences when they use Microsoft Windows and Apple products, when they go to Walmart, when they don't boycott companies that lack social responsibility, when they vote for corrupt politicians, etc.

Of course we also have to take into account:
· The financial/banking system (based on debt slavery, compound interests, etc).
· Patents (that is, monopolies granted by the state so corporate predators can hijack technologies that otherwise could be used to produce new cheaper products, medicines... all over the world).
· Tax havens and loopholes.
· Corporate welfare.
· Corruption, insider trading, etc.

#wealth #inequality #economy #poverty #financial #banks #banking #debt #technology #open-source #OpenSource #freesw #FOSS #Microsoft #Apple #iphone #tax-havens #corporations #corporate #momopoly #patent #patents #copyright #medicine #healthcare #consumerism #corruption #insider-trading #oxfam

 

Just 8 men own same wealth as half the world.



https://www.oxfam.org/en/pressroom/pressreleases/2017-01-16/just-8-men-own-same-wealth-half-world

It's like most people don't think about the consequences when they use Microsoft Windows and Apple products, when they go to Walmart, when they don't boycott companies that lack social responsibility, when they vote for corrupt politicians, etc.

Of course we also have to take into account:
· The financial/banking system (based on debt slavery, compound interests, etc).
· Patents (that is, monopolies granted by the state so corporate predators can hijack technologies that otherwise could be used to produce new cheaper products, medicines... all over the world).
· Tax havens and loopholes.
· Corporate welfare.
· Corruption, insider trading, etc.

#wealth #inequality #economy #poverty #financial #banks #banking #debt #technology #open-source #OpenSource #freesw #FOSS #Microsoft #Apple #iphone #tax-havens #corporations #corporate #momopoly #patent #patents #copyright #medicine #healthcare #consumerism #corruption #insider-trading #oxfam

 

Just 8 men own same wealth as half the world.



https://www.oxfam.org/en/pressroom/pressreleases/2017-01-16/just-8-men-own-same-wealth-half-world

It's like most people don't think about the consequences when they use Microsoft Windows and Apple products, when they go to Walmart, when they don't boycott companies that lack social responsibility, when they vote for corrupt politicians, etc.

Of course we also have to take into account:
· The financial/banking system (based on debt slavery, compound interests, etc).
· Patents (that is, monopolies granted by the state so corporate predators can hijack technologies that otherwise could be used to produce new cheaper products, medicines... all over the world).
· Tax havens and loopholes.
· Corporate welfare.
· Corruption, insider trading, etc.

#wealth #inequality #economy #poverty #financial #banks #banking #debt #technology #open-source #OpenSource #freesw #FOSS #Microsoft #Apple #iphone #tax-havens #corporations #corporate #momopoly #patent #patents #copyright #medicine #healthcare #consumerism #corruption #insider-trading #oxfam

 

Student Lets #Thief Steal His #Phone, Spies On Him For Weeks To Make This #Documentary



Film student Anthony van der Meer had his #iPhone stolen and the thought that a stranger had access to all of his #personal #data really concerned him. What kind of person would steal a phone? Where do these phones end up? These were his biggest questions. To get answers, Anthony had another phone stolen from him on purpose, but this time he followed the thief using a hidden app and made a captivating documentary film about the whole process. http://www.boredpanda.com/find-my-phone-thief-stolen-smartphone-spying-cerberus-anthony-van-der-meer/ #surveillance #tracking #gps #mobile #mobileshttp://www.boredpanda.com/find-my-phone-thief-stolen-smartphone-spying-cerberus-anthony-van-der-meer/

 

Student Lets #Thief Steal His #Phone, Spies On Him For Weeks To Make This #Documentary



Film student Anthony van der Meer had his #iPhone stolen and the thought that a stranger had access to all of his #personal #data really concerned him. What kind of person would steal a phone? Where do these phones end up? These were his biggest questions. To get answers, Anthony had another phone stolen from him on purpose, but this time he followed the thief using a hidden app and made a captivating documentary film about the whole process. http://www.boredpanda.com/find-my-phone-thief-stolen-smartphone-spying-cerberus-anthony-van-der-meer/ #surveillance #tracking #gps #mobile #mobileshttp://www.boredpanda.com/find-my-phone-thief-stolen-smartphone-spying-cerberus-anthony-van-der-meer/

 

Ten years anniversary of Openmoko



An interesting and rather sad retrospect by free software hero Harald Welte:
It was about building a #smartphone before #Android or the #iPhone existed or even were announced. It was about doing things "right" from a Free Software point of view, with FOSS requirements going all the way down to component selection of each part of the electrical design. ... What does this mean in practise? We're stuck with a smartphone world in which we can hardly escape any vendor lock-in. It's virtually impossible in the non-free-software iPhone world, and it's difficult in the Android world. In 2016, we have more Linux based smartphones than ever - yet we have less freedom on them than ever before. ... So yes, the smartphone world is much more restricted, locked-down and proprietary than it was back in the #Openmoko days. If we had been more successful then, that world might be quite different today. It was a lost opportunity to make the world embrace more freedom in terms of software and hardware. Without single-vendor lock-in and proprietary obstacles everywhere.

(This is one of the reasons, why I refuse to use a "smart" phone.)

#openhardware #freesoftware #neo900 #pyra #fairphone

Ten years anniversary of Openmoko

In 2006 I first visited Taiwan. The reason back then was Sean Moss-Pultz
contacting me about a new Linux and Free Software based Phone that he
wanted to do at FIC in Taiwan. This later became the Ne

 

Ten years anniversary of Openmoko



An interesting and rather sad retrospect by free software hero Harald Welte:
It was about building a #smartphone before #Android or the #iPhone existed or even were announced. It was about doing things "right" from a Free Software point of view, with FOSS requirements going all the way down to component selection of each part of the electrical design. ... What does this mean in practise? We're stuck with a smartphone world in which we can hardly escape any vendor lock-in. It's virtually impossible in the non-free-software iPhone world, and it's difficult in the Android world. In 2016, we have more Linux based smartphones than ever - yet we have less freedom on them than ever before. ... So yes, the smartphone world is much more restricted, locked-down and proprietary than it was back in the #Openmoko days. If we had been more successful then, that world might be quite different today. It was a lost opportunity to make the world embrace more freedom in terms of software and hardware. Without single-vendor lock-in and proprietary obstacles everywhere.

(This is one of the reasons, why I refuse to use a "smart" phone.)

#openhardware #freesoftware #neo900 #pyra #fairphone

Ten years anniversary of Openmoko

In 2006 I first visited Taiwan. The reason back then was Sean Moss-Pultz
contacting me about a new Linux and Free Software based Phone that he
wanted to do at FIC in Taiwan. This later became the Ne

 

WHAT KIND OF #BULLSHIT IS THIS?????



a guy claims to have made an "app" that charges your phone without a charger or battery pack... and apparently all of this is done purely in software

apparently the app his company developed magically stores extra charge in your phone when you charge your phone and then uses that extra charge stored in your phone to charge your phone.... wtf?

he claims that this app can charge your phone up to 40% when it's first installed, and then that figure slowly increases over time

and this is being launched in Jan

i smell serious bullshit with this >:(

I'm not kidding about anything. i saw it in the local news report at around 6. Here is the link, it starts at around 10 minutes: https://youtu.be/_jHAYrMMPEo?t=10m7s

#Pravik #tech #technology #technews #android #linux #iphone #apple #google #app #application #applications #hoax #scam #news #battery #phone #phones #smartphones #shovelware #veryangryaboutthis

YouTube: Fiji One News 251116 (FIJIONE BULLETINS)


 

WHAT KIND OF #BULLSHIT IS THIS?????



a guy claims to have made an "app" that charges your phone without a charger or battery pack... and apparently all of this is done purely in software

apparently the app his company developed magically stores extra charge in your phone when you charge your phone and then uses that extra charge stored in your phone to charge your phone.... wtf?

he claims that this app can charge your phone up to 40% when it's first installed, and then that figure slowly increases over time

and this is being launched in Jan

i smell serious bullshit with this >:(

I'm not kidding about anything. i saw it in the local news report at around 6. Here is the link, it starts at around 10 minutes: https://youtu.be/_jHAYrMMPEo?t=10m7s

#Pravik #tech #technology #technews #android #linux #iphone #apple #google #app #application #applications #hoax #scam #news #battery #phone #phones #smartphones #shovelware #veryangryaboutthis

YouTube: Fiji One News 251116 (FIJIONE BULLETINS)


 
Immagine/foto

iPhone Secretly Sends Your Call History to Apple Even If iCloud Backups are Turned Offhttps://thehackernews.com/2016/11/icloud-backup.html

a new report from a security firm suggests Apple's online syncing service iCloud secretly stores logs of its users' private information for as long as four months — even when iCloud backup is switched off.

#iPhone #Apple

iPhone Secretly Sends Your Call History to Apple Even If iCloud Backups are Turned Off

Russian Security Firm Finds Apple Stores Your iPhone Call Logs in iCloud even If iCloud Backups Are Turned Off.