News

3657 Articles

Apple Pushes Back On Right To Repair Bill Due To Parts Pairing

February 14, 2024 by 66 Comments

After previously supporting one in California, Apple has made an about-face and is now pushing back against a “Right to Repair” bill (Senate Bill 1596) currently under consideration in Oregon. The reason for this appears to be due to this new bill making parts pairing illegal, as reported by [404media] and [PCMag].

The practice of parts pairing is becoming ever more prevalent with Apple devices, which links specific parts of a system such as cameras, displays, batteries, and fingerprint sensors to the mainboard. During the open hearing on the newly proposed Oregonian bill, Apple’s [John Perry] insisted that this parts pairing is done for user security, safety and privacy.

Even in we take that claim at face value, the fact remains that with parts pairing in place, only authorized Apple repair centers can routinely replace components — while user repairs are limited to specific devices with limited part availability. Even in the latter case the user still has to contact Apple to have them reauthorize the replaced part. This is becoming an issue with Apple’s MacBooks as well, where the lid angle sensor requires calibration using a proprietary tool.

During the same hearing, the director of an Oregon nonprofit organization noted that of the 15,000 iPhones which they had donated to them last year, only 300 could be refurbished due to parts pairing. The remainder of otherwise perfectly fine phones are discarded for recycling, which is terrible for everyone but Apple. Whether the parts pairing element of the bill survives it to the final form remains to be seen, but if it passes it’d set the trend for future bills in other states as well as amendments to existing ones.

Thanks to [paulvdh] for the tip.

Sprint: The Mach 10 Magic Missile That Wasn’t Magic Enough

February 13, 2024 by 74 Comments

Defending an area against incoming missiles is a difficult task. Missiles are incredibly fast and present a small target. Assuming you know they’re coming, you have to be able to track them accurately if you’re to have any hope of stopping them. Then, you need some kind of wonderous missile of your own that’s fast enough and maneuverable enough to take them out.

It’s a task that at times can seem overwhelmingly impossible. And yet, the devastating consequences of a potential nuclear attack are so great that the US military had a red hot go anyway. In the 1970s, America’s best attempt to thwart incoming Soviet ICBMs led to the development of the Sprint ABM—a missile made up entirely of improbable numbers.

Continue reading “Sprint: The Mach 10 Magic Missile That Wasn’t Magic Enough”

Understanding Deep Learning: Free MIT Press EBook For Instructors And Students

February 12, 2024 by 9 Comments

The recently published book Understanding Deep Learning by [Simon J. D. Prince] is notable not only for focusing primarily on the concepts behind Deep Learning — which should make it highly accessible to most — but also in that it can be either purchased as a hardcover from MIT Press or downloaded for free from the Understanding Deep Learning website. If you intend to use it for coursework, a separate instructor answer booklet and other resources can be purchased, but student resources like Python notebooks are also freely available. In the book’s preface, the author invites readers to send feedback whenever they find an issue.

Continue reading “Understanding Deep Learning: Free MIT Press EBook For Instructors And Students”

Canada Bans Flipper Zero Over What It Imagines It Does

February 12, 2024 by 104 Comments

Canada’s intent to ban the Flipper Zero wireless tool over car thefts is, on the one hand, an everyday example of poorly researched government action. But it may also be a not-so-subtle peek into the harm misinformation online can cause by leading to said government action.

The Government of Canada recently hosted a national summit on combatting vehicle theft, and Minister of Innovation, Science and Industry François-Philippe Champagne proudly declared immediate actions being taken to ban devices used to steal vehicles by wirelessly bypassing keyless entry, the Flipper Zero being specifically named as one such device.

And yet, defeating a rolling code keyless entry system is a trick a device like the Flipper Zero simply cannot pull off. (What cars have such a system? Any car made in roughly the last thirty years, for a start.)

Continue reading “Canada Bans Flipper Zero Over What It Imagines It Does”

NIF’s Laser Fusion Experiment’s Energy Gain Passes Peer Review

February 9, 2024 by 53 Comments

Back in December of 2022, a team of researchers at the USA’s National Ignition Facility (NIF) announced that they had exceeded ‘scientific breakeven’ with their laser-based inertial confinement fusion (ICF) system. Their work has now been peer-reviewed and passed scrutiny, confirming that the energy put into fusing a small amount of deuterium-tritium fuel resulted in a net gain (Q) of 1.5.

Laser Bay 2, one of NIF's two laser bays
Laser Bay 2 at the NIF.

The key take-away here of course remains that ICF is not a viable method of producing energy, as we detailed back in 2021 when we covered the 1.3 MJ yield announcement, and again in 2022 following the subject of this now completed peer review.  The sheer amount of energy required to produce the laser energy targeting the fuel capsule and loss therein, as well as the energy required to manufacture each of these fuel capsules (Hohlraum) and sustaining a cycle make it a highly impractical proposition for anything except weapons research.

Despite this, it’s good to see that the NIF’s ICF research is bearing fruit, even if for energy production we should look towards magnetic confinement fusion (MCF), which includes the many tokamaks active today like Japan’s JT-60SE, as well as stellarators like Germany’s Wendelstein 7-X and other efforts to make MCF a major clean-energy source for the future.

This Week In Security: Broken Shims, LassPass, And Toothbrushes?

February 9, 2024 by 8 Comments

Linux has a shim problem. Which naturally leads to a reasonable question: What’s a shim, and why do we need it? The answer: Making Linux work wit Secure Boot, and an unintended quirk of the GPLv3.

Secure Boot is the verification scheme in modern machines that guarantees that only a trusted OS can boot. When Secure Boot was first introduced, many Linux fans suggested it was little more than an attempt to keep Linux distros off of consumer’s machines. That fear seems to have been unwarranted, as Microsoft has dutifully kept the Linux Shim signed, so we can all run Linux distros on our Secure Boot machines.

So the shim. It’s essentially a first-stage bootloader, that can boot a signed GRUB2 or other target. You might ask, why can’t we just ask Microsoft to sign GRUB2 directly? And that’s where the GPLv3 comes in. That license has an “anti-tivoization” section, which specifies “Installation Information” as part of what must be provided as part of GPLv3 compliance. And Microsoft’s legal team understands that requirement to apply to even this signing process. And it would totally defeat the point of Secure Boot to release the keys, so no GPLv3 code gets signed. Instead, we get the shim.

Now that we understand the shim, let’s cover how it’s broken. The most serious vulnerability is a buffer overflow in the HTTP file transfer code. The buffer is allocated based on the size in the HTTP header, but a malicious HTTP server can set that value incorrectly, and the shim code would happily write the real HTTP contents past the end of that buffer, leading to arbitrary code execution. You might ask, why in the world does the shim have HTTP code in it at all? The simple answer is to support UEFI HTTP Boot, a replacement for PXE boot.

The good news is that this vulnerability can only be triggered when using HTTP boot, and only by connecting to a malicious server or via a man-in-the-middle attack. With this in mind, it’s odd that this vulnerability is rated a 9.8. Specifically, it seems incorrect that this bug is rated low complexity, or a general network attack vector. In Red Hat’s own write-up of the vulnerability, they argue that the exploitation is high complexity, and is only possible from an adjacent network. There were a handful of lesser vulnerabilities found, and these were all fixed with shim 15.8. Continue reading “This Week In Security: Broken Shims, LassPass, And Toothbrushes?”

Flipped Bit Could Mark The End Of Voyager 1‘s Interstellar Mission

February 9, 2024 by 95 Comments

Sometimes it’s hard to read the tea leaves of what’s going on with high-profile space missions. Weighted down as they are with the need to be careful with taxpayer money and having so much national prestige on the line, space agencies are usually pretty cagey about what’s going on up there. But when project managers talk about needing a “miracle” to continue a project, you know things have gotten serious.

And so things now sit with Voyager 1, humanity’s most distant scientific outpost, currently careening away from Mother Earth at 17 kilometers every second and unable to transmit useful scientific or engineering data back to us across nearly a light-day of space. The problem with the 46-year-old spacecraft cropped up back in November, when Voyager started sending gibberish back to Earth. NASA publicly discussed the problem in December, initially blaming it on the telemetry modulation unit (TMU) that packages data from the remaining operable scientific instruments along with engineering data for transmission back to Earth. It appeared at the time that the TMU was not properly communicating with the flight data system (FDS), the main flight computer aboard the spacecraft.

Since then, flight controllers have determined that the problem lies within the one remaining FDS on board (the backup FDS failed back in 1981), most likely thanks to a single bit of corrupted memory. The Deep Space Network is still receiving carrier signals from Voyager, meaning its 3.7-meter high-gain antenna is still pointing back at Earth, so that’s encouraging. But with the corrupt memory, they’ve got no engineering data from the spacecraft to confirm their hypothesis.

The team has tried rebooting the FDS, to no avail. They’re currently evaluating a plan to send commands to put the spacecraft into a flight mode last used during its planetary fly-bys, in the hope that will yield some clues about where the memory is corrupted, if indeed it is. But without a simulator to test the changes, and with most of the engineers who originally built the spacecraft long gone now, the team is treading very carefully.

Voyager 1 is long past warranty, of course, and with an unparalleled record of discovery, it doesn’t owe us anything at this point. But we’re not quite ready to see it slip into its long interstellar sleep, and we wish the team good luck while it works through the issue.