Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
I'm getting ridiculously pissed off at Intel's Management Engine (etc.), yet again. I'm learning new terrifying things it does, and about more exploits. Anything this nefarious and overreaching and untouchable is evil by its very nature.
(tl;dr at the bottom.)
I also learned that -- as I suspected -- AMD has their own version of the bloody thing. Apparently theirs is a bit less scary than Intel's since you can ostensibly disable it, but i don't believe that because spy agencies exist and people are power-hungry and corrupt as hell when they get it.
For those who don't know what the IME is, it's hardware godmode. It's a black box running obfuscated code on a coprocessor that's built into Intel cpus (all Intell cpus from 2008 on). It runs code continuously, even when the system is in S3 mode or powered off. As long as the psu is supplying current, it's running. It has its own mac and IP address, transmits out-of-band (so the OS can't see its traffic), some chips can even communicate via 3g, and it can accept remote commands, too. It has complete and unfettered access to everything, completely invisible to the OS. It can turn your computer on or off, use all hardware, access and change all data in ram and storage, etc. And all of this is completely transparent: when the IME interrupts, the cpu stores its state, pauses, runs the SMM (system management mode) code, restores the state, and resumes normal operation. Its memory always returns 0xff when read by the os, and all writes fail. So everything about it is completely hidden from the OS, though the OS can trigger the IME/SMM to run various functions through interrupts, too. But this system is also required for the CPU to even function, so killing it bricks your CPU. Which, ofc, you can do via exploits. Or install ring-2 keyloggers. or do fucking anything else you want to.
tl;dr IME is a hardware godmode, and if someone compromises this (and there have been many exploits), their code runs at ring-2 permissions (above kernel (0), above hypervisor (-1)). They can do anything and everything on/to your system, completely invisibly, and can even install persistent malware that lives inside your bloody cpu. And guess who has keys for this? Go on, guess. you're probably right. Are they completely trustworthy? No? You're probably right again.
There is absolutely no reason for this sort of thing to exist, and its existence can only makes things worse. It enables spying of literally all kinds, it enables cpu-resident malware, bricking your physical cpu, reading/modifying anything anywhere, taking control of your hardware, etc. Literal godmode. and some of it cannot be patched, meaning more than a few exploits require replacing your cpu to protect against.
And why does this exist?
Ostensibly to allow sysadmins to remote-manage fleets of computers, which it does. But it allows fucking everything else, too. and keys to it exist. and people are absolutely not trustworthy. especially those in power -- who are most likely to have access to said keys.
The only reason this exists is because fucking power-hungry doucherockets exist.26 -
"God Mode" in Windows 10:
1. Create a new folder on your desktop. Leave its name to be "New Folder"
2. Open CMD with administrator privileges
3. cd C:\Users\<your username>\Desktop
4. ren "New folder" ".{ED7BA470-8E54-465E-825C-99712043E01C}"
Enjoy direct access to all and every settings. :-)16 -
http://www.species-in-pieces.com/
Really simple to create, will take ages, but thought I'd share it with all the devs that hate css.1 -
Q - What is more frustrating than the code that won't compile?
A - Boss who is constantly asking you to compile this code.
- as quoted by @GoDmode1 -
Been trying to install myself a gentoo but it's been more like the mode of broken packages than the godmode of Linux... I mean I see that some packages break if I am trying to compile via musl (not fully supported yet) or via uclibc. But please. CAN'T YOU JUST FUCKING TEST THE PACKAGES BEFORE PUSHING TO LIVE? Seriously. I just wanna install a system with i3 and lightdm for the first. But do you think I could build even the first 20 packages WITHOUT A FUCKING ERROR MESSAGE?! FUCK NO. I mean it's a clean install - nothing should be blocking - let's wait a day.
*one day later*
Fuck. Shit doesn't work now either.
*gets himself a new tarball*
Wow now it works.... Or not. 4 packages later it failed again. And like that it continues.
Gentoo isn't even running on that new software. BUT IT STILL WON'T BUILD ANYTHING TO EVEN LET ME CONTINUE BUILDING A FUCKING KERNEL AND SETTING THAT SHIT UP.
Now I am totally frustrated - deleted my efivars once because I forgot to unmount /sys from the Chroot - after a few days of trying. I tell myself: Why not just arch? It always worked.
Okay then reboot to windows and get an arch-livesystem.... If only my Windows didn't boot entry disappear again. -
Just figured out "code map" and "code clones" on VS 2015 (don't ask me why I didn't know these features)
Thought I should try it on my newly created application for a client (+/- 1500 lines of code C#)
Came across 1 duplication, 0 unreferenced classes or members and no circular references
I'm just awesome -
read and get a basic understanding ->
create using simpleton syntax until confident ->
read a bit more ->
refactor with a more advanced approach
-> repeat until GODMODE
-> sad panda if the next version is completely different (Angular 2.0)
-> flex your muscles
-> buy some swag
-> happy panda
-> retire.
Top Tags
Weekly Rant
View