not meant to be consistent with the human eye.
Even then, postprocessing is inevitable.
As the white/gold versus blue/black dress debate showed, our perception of color is heavily influenced by context, and is more than just a simple algorithm of which rods and cone cells were activated while viewing an image.
A big chunk of the US military’s budget is on very expensive US healthcare. Something like 7% of the military’s annual budget is health expenses, and that doesn’t even include the Department of Veterans Affairs, which provides health care to veterans.
A zero day is an exploit that has been identified by someone but not yet used.
I’ve always understood that the counting of days comes from the vendor’s knowledge. So any exploit from before Google was aware of the vulnerability would be a zero day.
It wouldn’t make any sense to refer to the days counted from when an attacker first discovers the vulnerability, because by definition any vulnerability in active exploitation wouldn’t be a zero day.
disclosed active exploitation
So, not a fucking zero day.
I’m confused. Isn’t an active exploit that hasn’t been patched yet, by definition, a zero day? So the release of a new patch that closes an actively exploited vulnerability patches a zero-day?
It basically varies from chip to chip, and program to program.
Speculative execution is when a program hits some kind of branch (like an if-then statement) and the CPU just goes ahead and calculates as if it’s true, and progresses down that line until it learns “oh wait it was false, just scrub all that work I did so far down this branch.” So it really depends on what that specific chip was doing in that moment, for that specific program.
It’s a very real performance boost for normal operations, but for cryptographic operations you want every function to perform in exactly the same amount of time, so that something outside that program can’t see how long it took and infer secret information.
These timing/side channel attacks generally work like this: imagine you have a program that tests if variable X is a prime number, by testing if every number smaller than X can divide evenly, from 2 on to X. Well, the bigger X is, the longer that particular function will take. So if the function takes a really long time, you’ve got a pretty good idea of what X is. So if you have a separate program that isn’t allowed to read the value of X, but can watch another program operate on X, you might be able to learn bits of information about X.
Patches for these vulnerabilities changes the software to make those programs/function in fixed time, but then you lose all the efficiency gains of being able to finish faster, when you slow the program down to the weakest link, so to speak.
This particular class of vulnerabilities, where modern processors try to predict what operations might come next and perform them before they’re actually needed, has been found in basically all modern CPUs/GPUs. Spectre/Meldown, Downfall, Retbleed, etc., are all a class of hardware vulnerabilities that can leak crypographic secrets. Patching them generally slows down performance considerably, because the actual hardware vulnerability can’t be fixed directly.
It’s not even the first one for the Apple M-series chips. PACMAN was a vulnerability in M1 chips.
Researchers will almost certainly continue to find these, in all major vendors’ CPUs.
Can’t fix the vulnerability, but can mitigate by preventing other code from exploiting the vulnerability in a useful way.
Remind me of who won that war?
I’m pretty sure the Ukrainians won that one too.
I’ve seen it for keypads that have to send a signal to an actuator located elsewhere, but I think the typical in-door deadbolt (where the keypad is mere millimeters from the motor itself) wouldn’t have the form factor leaving the connection as exposed to a magnet inducing a current that would actually actuate the motor.
Most of LPL’s videos on smart locks just defeat the mechanical backup cylinder, anyway. I’d love to see him take on the specific Yale x Nest model I have, though.
Yup. The backup for battery failure on this model is that the bottom of the plate can accept power from the pins of a 9V battery, held there just long enough to punch in the code.
Things might be different by now, but when I was researching this I decided on the Yale x Nest.
It’s more secure than a keyed lock in the following ways:
It’s less secure than a physical traditional lock in the following ways:
It’s basically the same level of security in the following ways:
Overall, I’d say it’s more secure against real-world risk, where the weakest link tends to be the people you share your keys with.
Well it’s obvious that Musk wants X to be a bank, so this isn’t unexpected.
For what it’s worth, that particular format war, the format backed by more porn studios (HD-DVD) actually lost to the one with less porn backing (Blu-ray). Personally I think that the PS3 tipped things over the edge.