JATth @ JATtho @lemmy.world

I mean no harm.

---

Read more

Posts

2

Comments

123

Joined

2 yr. ago

The attack is spread via iMessage. A vulnerable device merely needs to receive a bad message with PDF attachment. --> A Remote code execution. No user interaction.

Yikes. Indeed.

The attack entry point is via bad TrueType font + PDF attachment that only needs to processed once. Once a process touches that, the attack vector begins and exploits are chained until they get kernel mode access. After getting kernel mode access all hope is lost, the attacker owns the device.

Only sliver of hope is that fixing the attack entry point blocks the current attack. And that bug is:

This attachment exploits the remote code execution vulnerability CVE-2023-41990 in the undocumented, Apple-only ADJUST TrueType font instruction. This instruction had existed since the early nineties before a patch removed it.

But unless all the CVEs are patched, it is just matter of time a new attack entry point is found.

Shorter version: Operating systems set up hardware locks and protections to confine processes, and once set up, they cannot be undone. (the hardware + OS denies modifications to the security policy)

• Attacker broke out from the app sandbox. (attacker can run code in the infected process)
• Broke out of the process. (gained root access; attacker can run anything)
• Broke into the kernel space (gained 100% control over the hardware)
• Corrupted some kernel memory via a damm magic MMIO accesses nobody knows (hardware vulnerable)
• Bypassed protections that kernel set up earlier such that it cannot accidentally modify itself.
• Finally broke the kernel via hardware exploit thus the attacker got rootkit level access.

Getting arbitrary code execution and root access is one thing, but breaking out from the damm kernel configured hardware protections is insane.

They basically managed to flip a "read-only" switch to "modify-as-much-as-you-like". The infected device at this point is broken beyond repair, as the firmware(s) may have been tampered with. End result is a terrestrial spy brick.

Any new battery technology news needs to be taken with a grain of salt. They are highly likely over-hyped and the actually realized products will have more problems than the current established tech initially.

"traveling salesman problem quantum annealing" produces results on arXiv.org, so the math heads are hard at work. :)

What pressuring? They're scared to shit to point of hallucinating threats because they think because we have a prime-eval grudge against them.

If they magically would co-operate with us, drop their shit we would more than happy resume the trade with them.

Our sorrow of the year is the death of Martti Ahtisaari, a Peace Nobelist. May his legacy to be respected in honor, his wisdom would be in great need as of today.

Sauli Niinistö, who will soon peacefully leave us as a president and join the same history books. Sad we can't have a another Kekkonen, depends who you ask. I hope the next president will have a stone cool head in this heated world.:)

Quantum computing is going to make it possible to solve problems that normal computers simply cannot do.

Most of these are optimizing problems like "compute the best solution to traveling salesman" or "find a molecule that binds to this receptor".

On normal computers solving such problems "perfectly" takes^exponential amount of computing time vs. the size of the problem.

Quantum computers are going to chop down that exponential thing a little, so we can see the results before the sun burns out. The reason QCs are theoretically able to do this is that each added qubit improves the machines performance exponentially.

However, the qubit state is so fragile that we need hundreds of them to make a single "stable" logical qubit that can do operations repeatedly. What the quantum computer uses as qubit (photons, super-conducting wire) is irrelevant as long as the system can do useful work.

Because of the fragility, the results are gathered using thousands of runs on the quantum machine and measured statistically.

We are not quite there yet to solve any useful sized problems.

Finland's blank NATO papers were kept in a safe (30 years figuratively?) and as soon as the war(s) started to cause us harm, they were pulled out of the safe and ratified.

From the news at the time of NATO ratification: "Look in the mirror" - Sauli Niinistö

From the news of the last two weeks: Now the eastern border is pretty much closed for the foreseeable future.

My armchair stance: If the Soviets angered nearly 4 million Finns in the 1940s who had only pitchforks and cows and the result was 126 875 dead and 188 671 wounded Soviets. ^{[*](https://fi.wikipedia.org/wiki/Talvisota)} Now there is a nation of +5 600 000 grumpy Finns with access to modern weaponry and a bitter memories of the past...

I don't know what the russian leaders are hallucinating trying to anger us more? :P

Based on the article the satellites are not staying 100% on their intended spectrum spec and are bleeding some unintended interfere noise. I hope the starlink cloud doesn't interfere so much that it excludes possibility of some research. On earth, if you transmit even slightly out-of-spec radio signals, the government agencies will get mad and really really fast.

ELI5: Low earth orbit is becoming over crowed "FM radio station", with regulation lacking who can broadcast and at what frequency.