Re: Maker: Build your own UPS with UPSide
OpenHW UPS - great way to further build the makerspace and openhw communities - since relatively simple circuits, great flow-on into larger UPSs and open source electric cars and off-grid power setups. Nice! Thanks for the links... On Wed, Mar 14, 2018 at 10:53:50PM -0400, grarpamp wrote: > https://gitlab.com/esr/upside > http://esr.ibiblio.org/?p=7839 > > upside: Design and implementation of an open-hardware, > open-software Uninterruptible Power Supply unit. > > > On 2018-02-08 I published a blog rant titled UPSes suck and need to be > disrupted complaining about the deficiencies of crappy Uninterruptible > Power Supply designs that perform poorly and pile hidden costs on > their users in order to minimize vendors' NRE and BOM costs. I > suggested that this whole product category needs to be disrupted by an > open-hardware design that addresses the many deficiencies of existing > hardware. UPSes are not complicated devices; there is no good excuse > for the state of the commmercial art to be as inadequate as it is. > > The response on my blog and G+ was intense, almost overwhelming. It > seems many UPS users are unhappy with what the vendors are pushing. > > This project is an attempt to do something about that. Our goal is to > define a set of requirements and develop a specification for a > high-quality UPS that can be built from off-the-shelf parts in any > reasonably well-equipped makerspace or home electronics shop. Our > final deliverable should be PCB designs, a full parts list, assembly > instructions, and full manuals for the hardware and software. > > We welcome contributors: people with interest in UPSes who have > expertise in battery technology, power-switching electronics, writing > device-control firmware, relevant standards such as USB and the DMTF > battery-management profile. > > We also welcome participation from established UPS and electronics > vendors. We know that consumer electronics is a cutthroat low-margin > business in which it's tough to support a real R&D team or make > possibly-risky product bets. Help us, and then let us help you! > > To get a handle on the state of the project it is probably best to > begin by browsing the wiki that hosts our design documents. > > You should also read the process document to learn how to contribute > effectively.
Intel SGX Spectre and Pectre Exploits
https://www.bleepingcomputer.com/news/security/sgxspectre-attack-can-extract-data-from-intel-sgx-enclaves/ https://github.com/osusecLab/SgxPectre https://github.com/lsds/spectre-attack-sgx https://www.theinquirer.net/inquirer/news/3026888/intel-has-been-hit-by-32-lawsuits-over-spectre-and-meltdown
Maker: Build your own UPS with UPSide
https://gitlab.com/esr/upside http://esr.ibiblio.org/?p=7839 upside: Design and implementation of an open-hardware, open-software Uninterruptible Power Supply unit. On 2018-02-08 I published a blog rant titled UPSes suck and need to be disrupted complaining about the deficiencies of crappy Uninterruptible Power Supply designs that perform poorly and pile hidden costs on their users in order to minimize vendors' NRE and BOM costs. I suggested that this whole product category needs to be disrupted by an open-hardware design that addresses the many deficiencies of existing hardware. UPSes are not complicated devices; there is no good excuse for the state of the commmercial art to be as inadequate as it is. The response on my blog and G+ was intense, almost overwhelming. It seems many UPS users are unhappy with what the vendors are pushing. This project is an attempt to do something about that. Our goal is to define a set of requirements and develop a specification for a high-quality UPS that can be built from off-the-shelf parts in any reasonably well-equipped makerspace or home electronics shop. Our final deliverable should be PCB designs, a full parts list, assembly instructions, and full manuals for the hardware and software. We welcome contributors: people with interest in UPSes who have expertise in battery technology, power-switching electronics, writing device-control firmware, relevant standards such as USB and the DMTF battery-management profile. We also welcome participation from established UPS and electronics vendors. We know that consumer electronics is a cutthroat low-margin business in which it's tough to support a real R&D team or make possibly-risky product bets. Help us, and then let us help you! To get a handle on the state of the project it is probably best to begin by browsing the wiki that hosts our design documents. You should also read the process document to learn how to contribute effectively.
Time-Nuts
https://yro.slashdot.org/story/18/03/11/0146216/are-the-alternatives-even-worse-than-daylight-saving-time http://www.leapsecond.com/time-nuts.htm
Accidental Warrior: The Life and Time of Barrett Brown
Trailer https://www.youtube.com/watch?v=t13B_jCQzFM Film https://www.youtube.com/watch?v=rt3aidwogck Pursuance Project https://www.youtube.com/channel/UCPOCibJUeuKRJT-sdc9t9Ew/videos
UFOs: US Defense Dept Videos and Black Money, Alien Tech, To The Stars
https://entertainment.slashdot.org/story/18/03/13/2124200/ufo-disclosure-group-releases-newest-navy-fa-18-super-hornet-ufo-encounter-video https://tothestarsacademy.com/ Third video posted, same even though.
Govt News
Torture Gets A Promotion and Pay Raise https://politics.slashdot.org/story/18/03/13/1343235/trumps-pick-for-new-cia-director-is-career-spymaster France 6VEY https://www.youtube.com/watch?v=uGUlNZLwtRk https://www.youtube.com/watch?v=NwpGgck7pyU https://wikipedia.org/wiki/Five_Eyes Warrantless Searches https://www.aclunc.org/news/aclu-northern-california-lawsuit-demands-information-tsa-searches-domestic-airline-passengers Piracy https://yro.slashdot.org/story/18/03/13/0441206/us-navy-under-fire-in-mass-software-piracy-lawsuit https://wikipedia.org/wiki/Hacktivismo_Enhanced-Source_Software_License_Agreement Chipping People https://www.theverge.com/2018/3/12/17109224/university-of-arizona-tracking-smartchips-student-ids-privacy-drop-out Malware https://www.kaspersky.com/blog/web-sas-2018-apt-announcement-2/21514/ Nuclear EPA https://science.slashdot.org/story/18/03/11/1754232/epas-science-advisory-board-has-not-met-in-6-months https://tech.slashdot.org/story/18/03/11/0825244/report-says-radioactive-monitors-failed-at-nuclear-plant Crypto Illegal https://yro.slashdot.org/story/18/03/11/0820217/feds-bust-ceo-allegedly-selling-custom-blackberry-phones-to-sinaloa-drug-cartel Facials Now Come With Glasses https://yro.slashdot.org/story/18/03/11/0028241/chinese-police-begin-tracking-citizens-with-face-recognizing-smart-glasses
Re: Flaws in AMD CPUs.
On Wed, Mar 14, 2018 at 05:38:54PM -0400, grarpamp wrote: > https://www.amdflaws.com/ > https://safefirmware.com/amdflaws_whitepaper.pdf > https://safefirmware.com/CTO+Letter.pdf > https://www.youtube.com/watch?v=BDByiRhMjVA > https://www.youtube.com/watch?v=pgYhOwikuGQ > > > As with Intel's decades of fail, this is yet another salvo exposing > the proven laughable security, bullshit, and FUD of closed source > products. > > Recent CPU issues were presumably found by independent researchers. > Wait till Snowden style mass corporate leakage begins to hit. > > > Solution, replace such legacy closed source models with... > > #OpenFabs , #OpenHW , #OpenSW , #OpenDev Ack! There are many solvable issues with openfabs such as: - trustability - people (Juan for openfab accountability executive FTW :) - jurisdictions (e.g. USA vs RUS fabs) - purchase/ pre-order scale/ cost of fab chip production runs Some thoughts on some approaches: - trustable processes to minimize requirement to trust individuals, e.g. auditability, and actual random audits (at each level of the manufacturing pipeline - design/ schematics, fab process, chips fabbed, boards shipped, end products received by human citizens) - build networks of people you trust/ those who will support with pre-buys/ promise to buy etc, IRL - sugar-daddy investors who have a spare $ billion here or there to guarantee/ bankroll, regardless of purchase commitments - but do NOT rush on this (Jordan Peterson gets this well), since such steps are doomed to failure if done before most or all of the key issues above (and others yet to be thunked), are actually solved, in place, ready to go - some dickwad will come in, proclaiming to be the messiah, and blow that $ billion before you can finish saying "ponzi scheme" - slow and steady, "grass roots" openhw tech stack presumably far better than flash in the pan of anything - consciousness of end users, therefore education ever important > Create more. > > > Internet analysis growing, including... > https://viceroyresearch.files.wordpress.com/2018/03/amd-the-obituary-13-mar-2018.pdf > https://twitter.com/dguido/status/973628511515750400 > https://hn.algolia.com/?sort=byDate&dateRange=pastWeek&query=amd > https://www.reddit.com/search?q=amd&t=week > > Interesting that CTS currently states having no plans > to ever release full details publicly itself... a throwback to > Snowden's third party release model... or just more closed > bullshit games by player profiteurs and control agents... > were there any difference. Jim Bell's thought that it's a "revenge from Intel" might be "relevant (including military) contracts were shifting to AMD, at least temporarily whilst Intel fixed their FUBARs, and this was put in motion to release now that Intel's latest chips have been updated and they wants more precious claw backs contracts my precious... perfect timing (for Intel) on a few fronts.
Attn: Image Posting Retards
https://www.gimp.org/ httpa://www.graphicsmagick.org/ Image size reduce... use it.
Fwd: [tor-talk] Google's Captchas - Not just annoying but deadly
https://duckduckgo.com/?q=opensource+captcha -- Forwarded message -- From: procmem Date: Tue, Mar 13, 2018 at 6:32 PM Subject: [tor-talk] Google's Captchas - Not just annoying but deadly To: tor-t...@lists.torproject.org Every Google reCaptcha feeds their neural network used by the DoD to enhance drone strikes. Switching your code to the AGPL makes it radioactive to Google. https://joeyh.name/blog/entry/prove_you_are_not_an_Evil_corporate_person/
Re: [Cryptography] You guys do realize the first crypto war was lost, right?
On Tue, Mar 13, 2018 at 12:09 PM, Ryan Carboni wrote: > There is evidence that since 1997, we have been buying chips with secret > features that would make our computers more secure, but have been denied to > us as a de facto backdoor right? > > There is the reverse of the clipper chip. Except the silicon and the API to > access it is secret, as opposed to only the API. Here's the latest expose of secret features... https://lists.cpunks.org/pipermail/cypherpunks/2018-March/041639.html > It is hard to come to any other conclusion that pro-cryptography civil > libertarians are anything other than clowns when Zerodium pays up to $10,000 > for router exploits. You know. Routers, the ones with 128-bit WPA encryption > with shared secrets for multiple devices? I suppose people won't "wittingly" > buy backdoored products. Many people, even here, seem to "wantonly" deny the solutions described within, even as one of many solutions. So instead of starting up those entirely new open models, they continue game supporting / buying closed with Zerodium like startup... aka: govts / etc. No reduction of root problem there. > The good news is that bruteforcing 128-bit encryption with a classical > computer is that it would cost 2^56 times as much as gross bitcoin mining > expenditures. Somehow estimated bitcoin mining expenditures don't seem to > add up though, shouldn't intelligence agencies be able to crack 2^80 > encryption with ASICs? Currently costs several billion to preimage at 2^73 > complexity. research: govt electricity bills
Stephen Hawking
Dead at 76... https://www.youtube.com/results?search_query=stephen+hawking
Re: Flaws in AMD CPUs.
https://www.amdflaws.com/ https://safefirmware.com/amdflaws_whitepaper.pdf https://safefirmware.com/CTO+Letter.pdf https://www.youtube.com/watch?v=BDByiRhMjVA https://www.youtube.com/watch?v=pgYhOwikuGQ As with Intel's decades of fail, this is yet another salvo exposing the proven laughable security, bullshit, and FUD of closed source products. Recent CPU issues were presumably found by independent researchers. Wait till Snowden style mass corporate leakage begins to hit. Solution, replace such legacy closed source models with... #OpenFabs , #OpenHW , #OpenSW , #OpenDev Create more. Internet analysis growing, including... https://viceroyresearch.files.wordpress.com/2018/03/amd-the-obituary-13-mar-2018.pdf https://twitter.com/dguido/status/973628511515750400 https://hn.algolia.com/?sort=byDate&dateRange=pastWeek&query=amd https://www.reddit.com/search?q=amd&t=week Interesting that CTS currently states having no plans to ever release full details publicly itself... a throwback to Snowden's third party release model... or just more closed bullshit games by player profiteurs and control agents... were there any difference.
Re: Flaws in AMD CPUs.
On Wed, Mar 14, 2018 at 03:40:26PM +, jim bell wrote: > Security researchers find flaws in AMD chips but raise eyebrows with rushed > disclosure > What is the problem with "rushed disclosure"? A vulnerability is like an asset and the owner can do whatever he wants with it. Why care about the vendor or its lusers at all? The vendor should invest more in quality instead of selling complete shit. Like the game of life, bugs games are non-cooperative games, don't know if equilibrium always exists. Fucked up vendors must find excuse for the shit they sell and jurnos are soldouts. Did waiting help for the Intel shit?
Flaws in AMD CPUs.
Security researchers find flaws in AMD chips but raise eyebrows with rushed disclosure Business Security researchers find flaws in AMD chips but raise eyebrows with rushed disclosure Devin Coldewey,TechCrunch 19 hours ago A newly discovered set of vulnerabilities in AMD chips is making waves not because of the scale of the flaws, but rather the rushed, market-ready way in which they were disclosed by the researchers. When was the last time a bug had its own professionally shot video and PR rep, yet the company affected was only alerted 24 hours ahead of time? The flaws may be real, but the precedent set here is an unsavory one. The flaws in question were discovered by CTS Labs, a cybersecurity research outfit in Israel, and given a set of catchy names: Ryzenfall, Masterkey, Fallout, and Chimera, with associated logos, a dedicated website, and a whitepaper describing them. So far, so normal: major bugs like Heartbleed and of course Meltdown and Spectre got names and logos too. The difference is that in those cases the affected parties, such as Intel, the OpenSSL team, and AMD were quietly alerted well ahead of time. This is the concept of "responsible disclosure," and gives developers first crack at fixing an issue before it becomes public. There's legitimate debate over just how much control big companies should exert over the publicity of their own shortcomings, but generally speaking in the interest of protecting users the convention tends to be adhered to. In this case, however, the CTS Labs team sprang their flaws on AMD fully formed and with little warning. The flaws discovered by the team are real, though they require administrative privileges to execute a cascade of actions, meaning taking advantage of them requires considerable access to the target system. The research describes some as backdoors deliberately included in the chips by Taiwanese company ASmedia, which partners with many manufacturers to produce components. The access requirement makes these much more limited than the likes of Meltdown and Spectre, which exploited problems at the memory handling and architecture level. They're certainly serious, but the manner in which they have been publicized has aroused suspicion around the web. Why the extremely non-technical video shot on green screen with stock backgrounds composited in? Why the scare tactics of calling out AMD's use in the military? Why don't the bugs have CVE numbers, the standard tracking method for nearly all serious issues? Why was AMD given so little time to respond? Why not, if as the FAQ suggests, some fixes could be created in a matter of months, at least delay the publication until they were available? And what's with the disclosure that CTS "may have, either directly or indirectly, an economic interest in the performance" of AMD? That's not a common disclosure in situations like this. (I've contacted the PR representative listed for the flaws (!) for answers to some of these questions.) It's hard to shake the idea that there's some kind of grudge against AMD at play. That doesn't make the flaws any less serious, but it does leave a bad taste in the mouth. AMD issued a statement saying that "We are investigating this report, which we just received, to understand the methodology and merit of the findings." Hard to do much else in a day. As always with these big bugs, the true extent of their reach, how serious they really are, whether users or businesses will be affected, and what they can do to prevent it are all information yet to come as experts pore over and verify the data. * This article originally appeared on TechCrunch. ×
Dying from alcohol or car accident, probabilities
Some non-drinking crowd was rather critical about using alcohol. I am not sure alcohol is more dangerous than car accident. What are the (local) probabilities of dying from: 1. alcohol 2. car accident Since the intersection is not empty, possibly add 0. car accident caused by drunk driver According the interwebs the probability for 2 in california in 2013 is about 1/13K.
Cryptocurrency Dump
Early Years https://youtu.be/JP9-lAYngi4 Key Control https://www.youtube.com/watch?v=F12lpqnug-0 Attacks https://youtu.be/dHfomnOhvZc https://www.reddit.com/r/CryptoCurrency/comments/847cj8/for_people_who_think_crypto_is_doomed_or_the/ https://www.reddit.com/r/Bitcoin/comments/8473rc/worlds_central_bank_crypto_could_risk_bank_runs/ http://www.darkwebguide.net/worlds-central-bank-crypto-could-risk-bank-runs/ https://www.reddit.com/r/Bitcoin/comments/848x03/if_you_can_sue_it_it_is_not_decentralized/ Decentralized Deception https://youtu.be/5KXHgh2rTTw End Murder http://comptroller.defense.gov/Portals/45/Documents/defbudget/fy2019/army/ctef/PB19_CTEF.pdf https://www.youtube.com/watch?v=YDk62HApDa8 Everything A Rich Man's Trick https://youtu.be/U1Qt6a-vaNM Evolution https://www.youtube.com/watch?v=xxFqNKAXhlc Airdrop / Privacy Next https://www.youtube.com/watch?v=JHRnqJJ0rhc https://www.youtube.com/watch?v=NoCi64uaFT0 Ownership Criminal S.1241 https://www.youtube.com/watch?v=5xihdO7bVZE https://www.youtube.com/watch?v=kPYUNN7QkPY DEX / Counterparty https://www.youtube.com/watch?v=hi_jaw0dT9M Regulation / Bank Boycott https://www.youtube.com/watch?v=8ypH69Cb1l0 Weaponizing Social Media https://youtu.be/0dL8vt1n-f8 War Profit https://www.youtube.com/watch?v=8WlftSkGFXk How Does It Work https://www.youtube.com/watch?v=N6NscwzbMvI Coinocracy https://www.youtube.com/watch?v=vtzJRCqkwvE Political Power https://www.youtube.com/watch?v=joITmEr4SjY Gov Shutdown https://www.youtube.com/watch?v=tYilAmaXJ_g Molyneux on Attacks https://youtu.be/tXBwcedQuQ0 https://www.youtube.com/results?search_query=banks+fear+bitcoin Crypto is Best https://youtu.be/md4cPHFBeiU