Roger Cheng – Page 17 – WindowsTechs.com

Spectre and Meltdown: Attackers Always Have The Advantage

Posted on January 10, 2018 by Roger Cheng

While the whole industry is scrambling on Spectre, Meltdown focused most of the spotlight on Intel and there is no shortage of outrage in Internet comments. Like many great discoveries, this one is obvious with the power of hindsight. So much so that the spectrum of reactions have spanned an extreme range. From “It’s so obvious, Intel engineers must be idiots” to “It’s so obvious, Intel engineers must have known! They kept it from us in a conspiracy with the NSA!”

We won’t try to sway those who choose to believe in a conspiracy that’s simultaneously secret and obvious to …read more

Continue reading Spectre and Meltdown: Attackers Always Have The Advantage→

Getting a Handle on Meltdown Update Impact, Stay Tuned for Spectre

Posted on January 10, 2018 by Roger Cheng

When news broke on Meltdown and Spectre ahead of the original disclosure plan, word spread like wildfire and it was hard to separate fact from speculation. One commonly repeated claim was that the fix would slow down computers by up to 30% for some workloads. A report released by Microsoft today says that “average users” with post-2015 hardware won’t notice the difference. Without getting into specific numbers, they mention that they expect folks running pre-2015 hardware to experience noticeable slowdowns with the patches applied.

The impact from Meltdown updates are easier to categorize: they slow down the transition from an …read more

Continue reading Getting a Handle on Meltdown Update Impact, Stay Tuned for Spectre→

Raspberry Pi Ain’t Afraid Of No Spectre And Will Not Meltdown

Posted on January 9, 2018 by Roger Cheng

While there’s broad agreement that Meltdown and Spectre attacks are really bad news at a fundamental level, there is disagreement on its immediate practical impact in the real world. Despite reassurance that no attacks have been detected in the wild and there’s time to roll out the full spectrum of mitigation, some want to find protection right now. If you’re interested in an usable and easy to set up modern desktop that’s free of Meltdown or Spectre threats, a Raspberry Pi can provide the immunity you seek.

[Eben Upton] explained the side channel attacks using fragments of Python for illustration, …read more

Continue reading Raspberry Pi Ain’t Afraid Of No Spectre And Will Not Meltdown→

Speculative Execution Was A Troublemaker For Xbox 360

Posted on January 8, 2018 by Roger Cheng

Part of why people can’t stop talking about Meltdown/Spectre is the fact that all the individual pieces have been sitting in plain sight for a long time. When everyone saw how it all came together last week, many people (and not even necessarily security focused people) smacked themselves on the forehead: “Why didn’t I see that earlier?” Speculative execution has caused headaches going way back. [Bruce Dawson] tells one such story he experienced back in 2005. (Warning: ads on page may autoplay video.)

It’s centered around Xbox 360’s custom PowerPC processor. Among the customization on this chip was the addition …read more

Continue reading Speculative Execution Was A Troublemaker For Xbox 360→

Mom, I’ll Be In My Attic Spaceship

Posted on January 8, 2018 by Roger Cheng

Most attics sit empty or serve as storage space to keep infrequently used items out of sight. Many of us keep boxes of half-completed abandoned projects there. But some people turn the attic itself into the project: this past Christmas some very lucky children received a spaceship playroom in the attic. [Titospot] shared his project via an Imgur album.

The cramped space lends itself to the theme as real-life spacecraft have never been known for interior spaciousness. The builders are skilled enough at standard home improvement tasks of building out and finishing a room, then they took their step into …read more

Continue reading Mom, I’ll Be In My Attic Spaceship→

Lowering JavaScript Timer Resolution Thwarts Meltdown and Spectre

Posted on January 6, 2018 by Roger Cheng

The computer security vulnerabilities Meltdown and Spectre can infer protected information based on subtle differences in hardware behavior. It takes less time to access data that has been cached versus data that needs to be retrieved from memory, and precisely measuring time difference is a critical part of these attacks.

Our web browsers present a huge potential surface for attack as JavaScript is ubiquitous on the modern web. Executing JavaScript code will definitely involve the processor cache and a high-resolution timer is accessible via browser performance API.

Web browsers can’t change processor cache behavior, but they could take away malicious …read more

Continue reading Lowering JavaScript Timer Resolution Thwarts Meltdown and Spectre→

How The Hero Droid BB-8 Rolls

Posted on January 1, 2018 by Roger Cheng

By now we’ve come to expect a bountiful harvest of licensed merchandise to follow every Star Wars film. This year’s crop included many flavors of BB-8 so every fan can find something to suit their taste. At the top of this food chain is a mobile interactive “Hero Droid BB-8”. For those who want to see how it works, [TheMikeSenna] cracked open his unit to feed our curiosity.

Also called “Spin Master BB-8” for the manufacturer, this toy is impressively sophisticated for its price point. The video surveyed the mechanical components inside the ball. Showing how the droid travels, and …read more

Continue reading How The Hero Droid BB-8 Rolls→

Dig Into the Apple Device Design Guide

Posted on December 29, 2017 by Roger Cheng

Millions of people worldwide have just added new Apple gadgets to their lives thanks to the annual end of December consumerism event. Those who are also Hackaday readers are likely devising cool projects incorporating their new toys. This is a good time to remind everybody that Apple publishes information useful for such endeavors: the Accessory Design Guidelines for Apple Devices (PDF).

This comes to our attention because [Pablo] referenced it to modify an air vent magnet mount. The metal parts of a magnetic mount interferes with wireless charging. [Pablo] looked in Apple’s design guide and found exactly where he needed …read more

Continue reading Dig Into the Apple Device Design Guide→

JST Is Not A Connector

Posted on December 27, 2017 by Roger Cheng

When reading about cool projects and products, it’s common to see wiring plugs labelled “JST connector.” This looks fine until we start getting hands-on and begin hacking things together. Inevitably we find the JST connector from one part fails to fit in the JST connector of another. This is the moment we learn “JST” is not a connector specification. It is short for Japan Solderless Terminals Manufacturing Company, Ltd. A company whose history goes back to 1957 and their website (styled in 1999) lists hundreds of different types.

We can simplify to “JST connector” when chit-chatting about projects. But when …read more

Continue reading JST Is Not A Connector→

Aireon Hitchhikes on Iridium to Track Airplanes

Posted on December 27, 2017 by Roger Cheng

SpaceX just concluded 2017 by launching 10 Iridium NEXT satellites. A footnote on the launch was the “hosted payload” on board each of the satellites: a small box of equipment from Aireon. They will track every aircraft around the world in real-time, something that has been technically possible but nobody claimed they could do it economically until now.

Challenge one: avoid adding cost to aircraft. Instead of using expensive satcom or adding dedicated gear, Aireon listen to ADS-B equipment already installed as part of international air traffic control modernization. But since ADS-B was designed for aircraft-to-aircraft and aircraft-to-ground, Aireon had …read more

Continue reading Aireon Hitchhikes on Iridium to Track Airplanes→