A Boeing code leak exposes security flaws deep in a 787’s guts | Ars Technica

<

p style=”max-width:100%;color:rgb(27,27,27);font-family:-apple-system-font;font-size:19px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;orphans:auto;text-align:start;text-indent:0;text-transform:none;white-space:normal;widows:auto;word-spacing:0;-webkit-text-size-adjust:none;text-decoration:none;”>

Savage points in particular to a vulnerability Santamarta highlighted in a version of the embedded operating system VxWorks, in this case customized for Boeing by Honeywell. Santamarta found that when an application asks to write to the underlying computer’s memory, the tailored operating system doesn’t properly check that it’s not instead over­writing the kernel, the most sensitive core of the operating system. Combined with several application-level bugs Santamarta found, that so-called parameter-check privilege escalation vulnerability represents a serious flaw, Savage argues, made more serious by the notion that VxWorks likely runs in many other components on the plane that might have the same bug.

<

p style=”max-width:100%;color:rgb(27,27,27);font-family:-apple-system-font;font-size:19px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;orphans:auto;text-align:start;text-indent:0;text-transform:none;white-space:normal;widows:auto;word-spacing:0;-webkit-text-size-adjust:none;text-decoration:none;”>

“Every piece of software has bugs. But this is not where I’d like to find the bugs. Checking user parameters is security 101,” Savage says. “They shouldn’t have these kinds of straightforward vulnerabilities, especially in the kernel. In this day and age, it would be inconceivable for a consumer operating system to not check user pointer parameters, so I’d expect the same of an airplane.”

— Read on arstechnica.com/information-technology/2019/08/a-boeing-code-leak-exposes-security-flaws-deep-in-a-787s-guts/

The 18-month fence hop, the six-day chair, and why video games are so hard to make – Polygon

“Early on, we designed some glassware, but then we were having trouble seeing what the glass looked like because everything is so transparent,” Pascual says. “We needed [to] up the poly count on it to even be able to see the type of material, or the type of rendering or shading we had.”

“Yeah,” Krankel says, “it’s one of those things where we started and you spend all this time having, like, a fluid simulation in a goblet that’s flying around, and you’re like, ‘This looks so badass’ totally out of context. And then you look at it in the game, you’re like, ‘A, I don’t see any of this, B, our performance is taking a giant hit. What’s a better, more effective way to do it?’”

Read on www.polygon.com/features/2019/8/7/20755231/the-18-month-fence-hop-the-six-day-chair-remedy-control-and-why-video-games-are-so-hard-to-make

Lame title but interesting article.

In sociological storytelling, the characters have personal stories and agency, of course, but those are also greatly shaped by institutions and events around them. The incentives for characters’ behavior come noticeably from these external forces, too, and even strongly influence their inner life.

People then fit their internal narrative to align with their incentives, justifying and rationalizing their behavior along the way. (Thus the famous Upton Sinclair quip: “It is difficult to get a man to understand something, when his salary depends upon his not understanding it.”)

The overly personal mode of storytelling or analysis leaves us bereft of deeper comprehension of events and history. Understanding Hitler’s personality alone will not tell us much about rise of fascism, for example. Not that it didn’t matter, but a different demagogue would probably have appeared to take his place in Germany in between the two bloody world wars in the 20th century. Hence, the answer to “would you kill baby Hitler?,” sometimes presented as an ethical time-travel challenge, should be “no,” because it would very likely not matter much. It is not a true dilemma.

From: https://blogs.scientificamerican.com/observations/the-real-reason-fans-hate-the-last-season-of-game-of-thrones

New secret-spilling flaw affects almost every Intel chip since 2011

Security researchers have found a new class of vulnerabilities in Intel chips which, if exploited, can be used to steal sensitive information directly from the processor., The bugs are reminiscent of Meltdown and Spectre , which exploited a weakness in speculative execution, an important part of how modern processors work.

So, their “old” processors get slower and slower due to patches for massive security bugs?

Why would you buy an Intel processor again?

Source: New secret-spilling flaw affects almost every Intel chip since 2011

Macintosh API Comes To Linux, Android

Wine for 68k Mac binaries 🙂

Unlike DOS, early versions of Windows, and most *nixes, the classic Mac operating system is weird. Contained in the ROM are subroutines to draw windows, pop up dialog boxes, and other various tasks purely related to the UI. On other systems, this would be separate from the BIOS, but in your Mac from the 80s, everything is baked into the ROM and hidden deep in the operating system.

Source: Macintosh API Comes To Linux, Android

“Facebook allowed Microsoft’s Bing search engine to see the names of virtually all Facebook users’ friends without consent, the records show, and gave Netflix and Spotify the ability to read Facebook users’ private messages.

But the documents, as well as interviews with about 50 former employees of Facebook and its corporate partners, reveal that Facebook allowed certain companies access to data despite those protections…In all, the deals described in the documents benefited more than 150 companies — most of them tech businesses…The deals, the oldest of which date to 2010, were all active in 2017. Some were still in effect this year.”

www.nytimes.com/2018/12/18/technology/facebook-privacy.html