Apple is da bomb! Vulnerability found in battery circuitry

Subject: Editorial, General Tech | July 25, 2011 - 10:24 PM |
Tagged: Malware, apple

Okay, so the title is more joke than anything else but security researcher Charlie “Safari Charlie” Miller discovered a vulnerability in Apple devices, sort of. This exploit, which appears to not actually be a security flaw and rather just an over-permissive design, allows an attacker to gain access to your battery control using one of two static company-wide passwords. Charlie has discovered many exploits in the past several years on the OSX and iOS platforms. One of the most high profile attacks he discovered involved a data-execution vulnerability in the iPhone’s SMS handling: under certain conditions your iPhone could potentially confuse inbound text messages as code and run it with high permissions.

applebattery.jpg

Malware assaults and battery charges.

(Image from Apple, modified)

So what does having the ability to write to a laptop’s battery firmware mean? Firstly, remember the old advice of “Get a virus? Reinstall your OS!”? Well assuming you actually can perform a clean install without ridiculous hacking (thanks Lion) the battery controller can simply re-infect you if the attacker knows an exploit for your version of OSX. But how does the attacker know your current version of OSX? Well if you are installing from an optical disk they just need to know a Snow Leopard RTM exploit; unless of course you extract Lion from the Mac App Store and clean install using it – assuming the attacker does not know an exploit for Lion or simply just infects the reinstall media if you created it from the infected computer. True, malware is about money so it is highly unlikely that an attacker would go for that narrow of a market of Mac users (already a narrow-enough market to begin with) but the security risk is there if for some reason you are a tempting enough target to spear-phish. Your only truely secure option is removing the battery while performing the OHHHHHHHH.

You know, while working (very temporarily) on the Queen's University Solar Vehicle project I was told that Lithium cells smell like sweet apples when they rupture. I have never experienced it but if true I find it delightfully ironic.

While that would all require knowledge of other exploits in your operating system, there is a more direct problem. If for some reason someone would like to cause damage against your Apple devices they could use this flaw to simply break your batteries. Charlie has bricked nine batteries in his testing but has not even attempted to see whether it would be possible to over-charge a battery into exploding. While it is possible to force the battery controller to create the proper conditions for an explosion there are other, physical, safe guards in place. Then again, batteries have exploded in the past often making highly entertaining Youtube videos and highly unentertaining FOX news clips.

Source: Forbes

Overclocking Llano just makes sense, but the RAM not so much

Subject: General Tech | July 25, 2011 - 03:30 PM |
Tagged: llano, ddr3-1866, a8-3850

Most reviewers made a financial decision when pairing RAM to review AMD's new Llano A8-3850 processor.  Most chose 1333MHz DDR3, since when building a low cost PC most users are going to choose the lower cost as opposed to spending half the budget simply on DDR3.  After seeing significant overclocks produced by a variety of testers, The Tech Report thought it would be interesting to see the impact of high speed RAM on the performance of an A8-3850, especially the graphics portion.   As it turns out, the decision to go with lower cost RAM made a lot of sense as the the graphical performance did not benefit from faster RAM.

TR_llano dimms.jpg

"Will 1866MHz memory make a big difference to the performance of the AMD A8-3850 APU? How does power consumption look without a discrete GPU involved? We aim to find out."

Here are some more Processor articles from around the web:

Processors

Phone in your overclocking, MSI Afterburner App for Android

Subject: General Tech, Graphics Cards, Mobile | July 25, 2011 - 02:58 PM |
Tagged: msi, Android

Are you a hardcore PC user who likes to tweak your computer? Naturally there is an app for you. MSI has launched an application for the Android Marketplace this morning to allow users wishing to monitor and overclock their computers the ability to use their Android-powered smartphone or tablet for that purpose through their wireless network. This version allows you to monitor temperature, voltage, fan speed and adjust clock rates, voltages, and fan speeds.

afterburner.jpg

Let's hope Angry Birds doesn't see this: Some systems' power consumptions are pigs!

MSI Afterburner APP has relatively modest requirements: a tablet or smartphone device running Android 1.6 or higher, a system running Windows XP or later with a discrete graphics card, access to a network with wireless access for the Android device to link into, and Afterburner 2.1.0 or later installed on the PC. Setting up your PC is relatively simple once you have Afterburner installed as you just need to run, not even install, an application “Remote Server” that you can download from the MSI website linked to from the Android Marketplace link. While this application is too new to be rated, it is free and thus there is little reason to not simply try it out yourself.

We know where your Bitcoins went

Subject: General Tech | July 25, 2011 - 01:59 PM |
Tagged: bitcoin

With all the research that Ken did, it turns out that Bitcoin mining will not make you rich overnight and possibly cost you more money to create a bitcoin than you will ever see out of it.  Now, according to a study linked to at Slashdot it seems that one of the big attractions of Bitcoins is not true.  Researchers have found that with enough work and data, Bitcoin purchases are not anonymous.  Anonymity was never a major goal for those who first envisioned Bitcoins but it has been touted as a major feature by those who have been mining and spending coins.  If that is why you are interested in the process of mining maybe it is a better idea to switch to an @home project.

gpu-bitcoin_0.jpg

"Researchers from University College Dublin have conducted an analysis of anonymity on Bitcoin, and found it is not inherently anonymous, and that in many cases, users and their transactions can be identified. They use techniques such as context discovery and flow analysis to investigate and visualize an alleged theft of Bitcoins, which, at the time of the theft, had a market value of approximately half a million U.S. dollars."

Here is some more Tech News from around the web:

Tech Talk

 

Source: Slashdot

Intel MLAA: Matrox had the right idea, wrong everything else

Subject: Editorial, General Tech, Graphics Cards, Processors | July 22, 2011 - 08:20 PM |
Tagged: MLAA, Matrox, Intel

Antialiasing is a difficult task for a computer to accomplish in terms of performance and many efforts have been made over the years to minimize the impact while still keeping as much of the visual appeal as possible. The problem with aliasing is that while pixels are the smallest unit of display on a computer monitor, it is large enough for our eye to see it as a distinct unit. You may however have two objects of two different colors partially occupy the same pixel, who wins? In real life, our eye would see the light from both objects hit the same retina nerve (that is not really how it biologically works but close enough) and it would see some blend between the two colors. Intel has released a whitepaper for their attempt at this problem and it resembles a method that Matrox used almost a decade ago.

MatroxAA.jpg

Matrox's antialiasing method.

(Image from Tom's Hardware)

Looking at the problem of antialiasing, you wish to have multiple bits of information dictate the color of a pixel in the event that two objects of different colors both partially occupy the same pixel. The simplest method of doing that is dividing the pixel up into smaller pixels and then crushing them together to an average which is called Super Sampling. This means you are rendering an image 2x, 4x, or even 16x the resolution you are running at. More methods were discovered including just flagging the edges for antialiasing since that is where aliasing occurs. In the early 2000s, Matrox looked at the problem from an entirely different angle: since the edge is what really matters, we can find the shape of the various edges and see how much area of a pixel gets divided up between each object giving an effect they say is equivalent to 16x MSAA for very little cost. The problem with Matrox’s method: it failed with many cases of shadowing and pixelshaders… and came out in the DirectX 9 era. Suffices to say it did not save Matrox as an elite gaming GPU company.

37399.png

37400.png

Look familiar?

(Both images from Intel Blog)

Intel’s method of antialiasing again looks at the geometry of the image but instead breaks the edges into L shapes to determine the area they enclose. To keep the performance up they do pipelining between the CPU and GPU which keeps the CPU and GPU constantly filled with the target or neighboring frames. In other words, as the GPU lets the CPU perform MLAA, the GPU is busy preparing and drawing the next frame. Of course when I see technology like this I think two things: will this work on architectures with discrete GPUs and will this introduce extra latency between the rendering code and the gameplay code? I would expect that it must as the frame is not even finished let alone drawn to monitor before you fetch the next set of states to be rendered. The question still exists if that effect will be drowned in the rest of the latencies experienced between synchronizing.

AMD and NVIDIA both have their variants of MLAA, the latter of which being called FXAA by NVIDIA's marketing team. Unlike AMD's method, NVIDIA's method must be programmed into the game engine by the development team requiring a little bit of extra work on the developer's part. That said, FXAA found its way into Duke Nukem Forever as well as the upcoming Battlefield 3 among other games so support is there and older games should be easy enough to just compute properly.

37407.png

The flat line is how much time spent on MLAA itself, just a few milliseconds and constant.

(Image from Intel Blog)

Performance-wise the Intel solution performs ridiculously faster than MSAA, is pretty much scene-independent, and should produce results near the 16x mark due to the precision possible with calculating areas. Speculation about latency between render and game loops aside the implementation looks quite sound and allows users with on-processor graphics to not need to waste precious cycles (especially on GPUs that you would see on-processor) with antialiasing and instead use it more on raising other settings including resolution itself while still avoiding jaggies. Conversely, both AMD and NVIDIA's method run on the GPU which should make a little more sense for them as a discrete GPU should not require as much help as a GPU packed into a CPU.

Could Matrox’s last gasp from the gaming market be Intel’s battle cry?

(Registration not required for commenting)

Source: Intel Blog

Mariner 1 is down

Subject: General Tech | July 22, 2011 - 05:49 PM |
Tagged: friday

The biggest mistake you can make, next to admitting you know about computers, is offering tech support to family.   Paying a backyard mechanic in beer, food or both is well ingrained in most peoples mind as is the fact that the repair will not be instantaneous.   Such is not true of the lowly PC tech, not only are you unlikely to be offered anything for your efforts there is usually about a 5 minute time limit for you to finish rebuilding the smoking and infected ruin that once was a loved ones PC.  On the other hand you can't say no to Mom, nor should you go for fancy repairs like you would do for yourself

Not that you can win by keeping things secret of course, nothing will protect you from equipment that shows up dead on your doorstop or works but is just plain recalcitrant.  Sometimes asking for advice before you buy is your best bet, just speculating on unreleased hardware is probably safer.  Even safer would be to just listen to us talk and speculate on hardware in the latest installment of the PC Perspective Podcast ... the last one from the TWiT Cottage.  Next week we should be broadcasting from the new Brick TWiT house.  Then we may be doing something from QuakeCon, don't miss it if you have a chance to go!

 

Bulldozer will be on time, missing CEO or not

Subject: General Tech | July 22, 2011 - 11:42 AM |
Tagged: amd, bulldozer, finance, release

AMD has a lot to happy about today, even if both they and GLOBALFOUNDRIES are one CEO short of a full board.  This time last year AMD was talking up Bulldozer as a product 12 months or more out of market and facing a $43 million loss under “Generally Accepted Accounting Principles”, as Josh explained fully.  Long story short it was money being paid for GF; the unadjusted profit for the quarter was actually $83 million, . This quarter it was a $61 million profit, $70 million non-GAAP, thanks to AMD focusing on keeping the costs down, with a bit of help from the recent release of Llano. 

On the processor side, AMD is pegging the 16-core "Interlagos" Opteron 6200 Bulldozer CPU for servers and the Zambezi FX series will both come out at the same time, at least as far as revenue is concerned.  We may not have them in hand for a while longer than that, but not too long.  Drop by the Register for the full picture.

scroogemcduck.jpg

"The hybrid CPU-GPU chips for mobile PCs gave Advanced Micro Devices some breathing room in the second quarter, but it's going to take continued ramping of these APU processors and an upswing in Opteron server sales to get the company back to the profit levels it should be enjoying during a retooling phase in the IT market – and it looks like AMD and its server partners won't have to wait too much longer."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register

18,592 Academic Papers Released To Public Via Torrent

Subject: General Tech | July 21, 2011 - 07:29 PM |
Tagged: torrent, tech, networking, jstor

In light of Aaron Swartz’s recent legal trouble involving charges being brought against him for downloading academic papers from the online pay-walled database called JSTOR using MIT’s computer network, a bittorrent user named Greg Maxwell has decided to fight back against publishers who charge for access to academic papers by releasing 18,592 academic papers to the public in a 32.48 gigabyte torrent uploaded to The Pirate Bay.

library.png

Maxwell claims that the torrent consists of documents from the Philosophical Transactions of the Royal Society journal. According to Gigaom, the copyrights on these academic papers have been expired for some time; however, the only way to access these documents have been through the pay-walled JSTOR database where individual articles can cost as much as $19. While Maxwell claims to have gained access to the papers many years prior through legal means (likely through a college or library’s database access), he has been fearful of releasing the documents due to legal repercussions from the journal’s publishers. He claims that the legal troubles that Swartz is facing for (allegedly) downloading the JSTOR library has fueled his passion and changed his mind about not releasing them.

Maxwell justifies the release by stating that the authors and universities do not benefit from their work, and the move to a digital distribution method has yet to coincided with a reduction in prices. In the past the high cost (sometimes paid by the authors) has been such to cover the mechanical process of binding and printing the journals. Maxwell further states that to his knowledge, the money those wishing to verify their facts and learn more from these academic works “serves little significant purpose except to perpetuate dead business models.” The pressure and expectation that authors must publish or face irrelevancy further entrenches the publisher’s business models.

Further, GigaOm quoted Maxwell in stating:

“If I can remove even one dollar of ill-gained income from a poisonous industry which acts to suppress scientific and historic understanding, then whatever personal cost I suffer will be justified . . . it will be one less dollar spent in the war against knowledge. One less dollar spent lobbying for laws that make downloading too many scientific papers a crime.”

Personally, I’m torn on the ethics of the issue. On one hand, these academic papers should be made available for free (or at least at cost of production) to anyone that wants them as they are written for the betterment of humanity and pursuit of knowledge (or at least as a thought provoking final paper). On the other hand, releasing the database via a torrent has it’s own issues. As far as non-violent protests go, this is certainly interesting and likely to get the attention of the publishers and academics. Whether it will cause them to reevaluate their business models; however, is rather doubtful (and unfortunate).

Image courtesy Isabelle Palatin.

Source: GigaOm

Gmail Now Supports Multiple Calls and Placing Calls On Hold

Subject: General Tech | July 21, 2011 - 04:27 PM |
Tagged: networking, voip, google

The Gmail blog recently showed off a new feature that allows you to put one call on hold while accepting another, a feature that standard phones have had for a long time now. Inside Gmail, you are able to start a call to another computer or a physical phone and then you are free to place this call on hold by hitting the “hold” button. When you wish to return to the call, you simply hit the “Resume” button- just like a normal phone. When a second person calls you, you will be asked to accept or reject it, and if you accept the call the first call will automatically be placed on hold.

multiplecalls.png

According to Google, the call hold feature “works across all call types (voice, video, and phone)” and the only caveat is a limit of two outgoing calls to physical phones can be active at a time. The only feature I see missing from this function is integration with Google Music that would allow me to set up custom hold music to the chagrin to telemarketers and customer support everywhere. After all, it is almost a Friday and everyone would just love to hear some Rebecca Black, right!?

Source: Gmail Blog

Podcast #163 - Mini ITX Z68 Motherboard, PDXLAN coverage, Sandy Bridge-E rumors and more!

Subject: General Tech | July 21, 2011 - 03:37 PM |
Tagged: vellamo, podcast, nvidia, Intel, eyefinity, Android, amd

PC Perspective Podcast #163 - 7/21/2011

This week we talk about a Mini ITX Z68 Motherboard, PDXLAN coverage, Sandy Bridge-E rumors and more!

You can subscribe to us through iTunes and you can still access it directly through the RSS page HERE.

The URL for the podcast is: http://pcper.com/podcast - Share with your friends!

  • iTunes - Subscribe to the podcast directly through the iTunes Store
  • RSS - Subscribe through your regular RSS reader
  • MP3 - Direct download link to the MP3 file

Hosts: Ryan Shrout, Jeremy Hellstrom and Allyn Malventano

This Podcast is brought to you by MSI Computer, and their all new Sandy Bridge Motherboards!

Program length: 1:22:27

Program Schedule:

  1. 0:00:31 Introduction
  2. 1-888-38-PCPER or podcast@pcper.com
  3. http://pcper.com/podcast
  4. http://twitter.com/ryanshrout and http://twitter.com/pcper
  5. 0:02:20 BlackBerry PlayBook Review: Good Hardware Seeks Great Software
  6. 0:04:10 Eyefinity and Me - An Idiot's Guide to AMD's Multi-Monitor Technology
  7. 0:05:05 Qualcomm Vellamo Browser Benchmark and Results - Android Web Performance
  8. 0:10:45 Zotac thinks small with their new Z68 motherboard
  9. 0:15:15 This Podcast is brought to you by MSI Computer, and their all new Sandy Bridge Motherboards!
  10. 0:16:20 One Billion work units down and the FLOPs are still rising - team ranking page 
  11. 0:20:05 Intel Sandy Bridge-E Processors Just In Time For Christmas But With Some Features Removed 
  12. 0:25:02 Steam readies update to download system, just in (Valve) time
  13. 0:29:25 PDXLAN Custom Cases Round 1
  14. 0:34:15 Overclockers Achieve Impressive Llano Overclocking Results, Come Close to 5GHz
  15. 0:38:30 Intel and AMD be warned; ARM could grab up to 20% of the laptop market in the next 4 years 
  16. 0:44:00 Southern Island is ahead of the pack, but it is set to low power for now  
  17. 0:48:02 FPS games have hit the innovation wall? Not so says John Carmack 
  18. 0:56:35 With Intel's recent purchasing habits, could crossdressing be in their future? 
  19. 1:03:00 New Apple Hardware overview
  20. 1:09:45 Quakecon Reminder - http://www.quakecon.org/
    1. Tshirts, prizes, stuff!
  21. 1:12:30 Hardware / Software Pick of the Week
    1. Ryan: Spotify
    2. Jeremy: sweet RAM deal
    3. Allyn: http://www.passwordcard.org/en
  22. 1-888-38-PCPER or podcast@pcper.com
  23. http://pcper.com/podcast   
  24. http://twitter.com/ryanshrout and http://twitter.com/pcper
  25. 1:20:55 Closing

Source: