Saturday, September 18

Daily News Stuff 18 September 2021
Everyone Has Three Mortgages On Their Soul Edition
Everyone Has Three Mortgages On Their Soul Edition
Top Story
- Deliver sixteen tons what do you get
A bottle of piss and deeper in debt
Saint Peter don't you call me 'cause I can't go
I owe my soul to the Amazon store. (Bloomberg)
On the one hand, anything that hastens the exodus from and collapse of large liberal cities is an unalloyed good. On the other hand, all the people pushing for these company towns vote Democrat anyway and they will turn out to be just as bad as the first time around.
- Speaking of company towns, bit of a kerfuffle in Melbourne today. The old-school working class socialists have had quite enough of the new-wave managerial class socialists and decided to break things.
Safe prediction: The Victorian government, which collectively has the decision-making capacity of a week-dead wombat, will promptly step in to make everything much worse.
Update: That was indeed prompt. Victoria has just announced lockdowns won't be lifted until 90% of the population is fully vaccinated.
Riots it is then.
Tech News
- There's a chipset driver bug that affects security on all AMD desktop and laptop systems. (Tom's Hardware)
This probably doesn't affect Linux servers, particularly ones with Epyc CPUs, which don't actually have a chipset. And it only affects you if you're running untrusted software on your computer, at which case you're already screwed.
- The lower-end Alder Lake desktop parts won't have the low-power efficiency cores. (WCCFTech)
Which makes total sense for several reasons. Those cores are mostly for laptops where you need to save power, but are also useful for Intel's high-end desktop parts because they draw about as much power as a space heater. The lower-end desktop parts don't fall into either of those categories. Mostly.
- The Biden administration is planning to sanction crypto exchanges and wallets used by ransomware groups. (Bleeping Computer)
That description is a bit confused, but the idea is not without merit - prevent them from turning their ill-gotten digital gains into ill-gotten fiat gains. I expect the implementation to be a disaster.
- The operator of a DDoS for hire service is facing 35 years in prison. (Bleeping Computer)
Good.
- If you're a Linux admin on Microsoft Azure you're probably having a lousy week.
As mentioned yesterday, if you don't pre-emptively firewall every single thing it only takes one network packet to get root access. (Bleeping Computer)
If you do, it still only takes one network packet from a local user.
Also, you need to manually update every single server because Microsoft neither told you about the management agent it was installing nor provided automated updates.
And it's already being actively exploited. (Bleeping Computer)
So if you don't want all your Azure servers mining crypto and joining botnets, update them now.
Disclaimer: And then never use the cloud again.
Posted by: Pixy Misa at
05:35 PM
| Comments (2)
| Add Comment
| Trackbacks (Suck)
Post contains 476 words, total size 5 kb.
1
It Just Makes Senseâ„¢ that when you're renting out cloud servers running an OS you didn't design that you would install a trivial-to-exploit backdoor without telling the customers.
Posted by: normal at Sunday, September 19 2021 05:28 AM (LADmw)
2
"AMD has divulged . . . memory pages in Windows."
So, yeah, I think anything that's not Redmond's Hydra is probably safe (until they write a shitty driver for linux that contains all the "features" of the windows driver).
Is the PSP/IME vulnerable? Probably. Good thing it runs in its own namespace with RW access to the network and practically no way to inspect or audit the code (or the silicon) running down there.
So, yeah, I think anything that's not Redmond's Hydra is probably safe (until they write a shitty driver for linux that contains all the "features" of the windows driver).
Is the PSP/IME vulnerable? Probably. Good thing it runs in its own namespace with RW access to the network and practically no way to inspect or audit the code (or the silicon) running down there.
Posted by: normal at Sunday, September 19 2021 11:19 AM (obo9H)
52kb generated in CPU 0.0139, elapsed 0.1452 seconds.
58 queries taking 0.1354 seconds, 351 records returned.
Powered by Minx 1.1.6c-pink.
58 queries taking 0.1354 seconds, 351 records returned.
Powered by Minx 1.1.6c-pink.