• Unicode considered harmful: Hiding backdoors in plain sight by, um, making them invisible.  (Bleeping Computer)
  
  The script in question uses an invisible Unicode character as a JavaScript variable parsed from a URL parameter, and passes it, still invisible, to the command line, where it can do whatever the hell it wants.
  
  PyCharm flags this as a warning, and Rust quite properly won't compile.  In Notepad++ though, it looks absolutely normal; the only sign of anything odd is a redundant trailing comma in a couple of places.
  
  Given how frequently Node.js packages are caught misbehaving in obvious ways, it's discomforting to consider that this invisible attack could already be in the wild.

  "It might therefore be a good idea to disallow any non-ASCII characters," advises the researcher.

  Quite.
  
  
  
• This researcher, if you want to go to the source.  (Certitude)
  
  
  
  

Tech News

• Testing the Framework Laptop under Linux.  (Phoronix)
  
  This is the one where ever component is replaceable with nothing more than a Phillips screwdriver needed to take it apart, and all the IO is in little adaptor pods, two on each side.
  
  It runs Linux quite well.
  
  
  
• Three out of four adults think Facebook is making society worse.  (CNN)
  
  On the one hand, yes.
  
  On the other hand, it's a convenient scapegoat for far worse actors such as CNN.
  
  
  
• YouTube is removing the dislike count after discovering that no-one likes them.  (Tech Crunch)
  
  "It's all the fault of the hoarders and wreckers," said a YouTube spokes.
  
  
  
• Google lost its appeal against a $2.7 billion EU antitrust ruling.  (The Register)
  
  More of this, please, harder and faster.

The 12700K backs off a little on clock speeds and removes four of the low power cores.  That brings its power consumption way down compared to the 12900K.  It still runs hotter than the AMD competition but on single-threaded benchmarks it is also noticeably faster.  Plus it's substantially cheaper than the 12900K and - hang on - yes, actually available.

On the other hand, it's priced uncomfortably close to the current retail price of AMD's 5900X, a 12 core part that is 30% faster on multi-threaded workloads.  So for a dedicated workstation I'd probably still recommend AMD.  For mixed work and gaming, the 12700K has the edge.

Of course, there's still the DDR5 problem, which is to say, there isn't any.  You can buy a DDR4 motherboard instead, and it will work fine, but then you're limited to the lower-end motherboards, with only, uh, four M.2 slots (all PCIe 4.0 x4) and five PCIe slots, including a PCIe 5.0 x16.

So, probably just fine.

I'm tempted.  If I survive the next few weeks.



Disclaimer: It's got edge, and it knows how to use it.

Posted by: Rick C at Friday, November 12 2021 12:32 AM (Z0GF0)

Posted by: Rick C at Friday, November 12 2021 12:34 AM (Z0GF0)

Hide Comments | Add Comment