I'm getting ridiculously pissed off at Intel's Management Engine (etc.), yet again. I'm learning new terrifying things it does, and about more exploits. Anything this nefarious and overreaching and untouchable is evil by its very nature.

(tl;dr at the bottom.)

I also learned that -- as I suspected -- AMD has their own version of the bloody thing. Apparently theirs is a bit less scary than Intel's since you can ostensibly disable it, but i don't believe that because spy agencies exist and people are power-hungry and corrupt as hell when they get it.

For those who don't know what the IME is, it's hardware godmode. It's a black box running obfuscated code on a coprocessor that's built into Intel cpus (all Intell cpus from 2008 on). It runs code continuously, even when the system is in S3 mode or powered off. As long as the psu is supplying current, it's running. It has its own mac and IP address, transmits out-of-band (so the OS can't see its traffic), some chips can even communicate via 3g, and it can accept remote commands, too. It has complete and unfettered access to everything, completely invisible to the OS. It can turn your computer on or off, use all hardware, access and change all data in ram and storage, etc. And all of this is completely transparent: when the IME interrupts, the cpu stores its state, pauses, runs the SMM (system management mode) code, restores the state, and resumes normal operation. Its memory always returns 0xff when read by the os, and all writes fail. So everything about it is completely hidden from the OS, though the OS can trigger the IME/SMM to run various functions through interrupts, too. But this system is also required for the CPU to even function, so killing it bricks your CPU. Which, ofc, you can do via exploits. Or install ring-2 keyloggers. or do fucking anything else you want to.

tl;dr IME is a hardware godmode, and if someone compromises this (and there have been many exploits), their code runs at ring-2 permissions (above kernel (0), above hypervisor (-1)). They can do anything and everything on/to your system, completely invisibly, and can even install persistent malware that lives inside your bloody cpu. And guess who has keys for this? Go on, guess. you're probably right. Are they completely trustworthy? No? You're probably right again.

There is absolutely no reason for this sort of thing to exist, and its existence can only makes things worse. It enables spying of literally all kinds, it enables cpu-resident malware, bricking your physical cpu, reading/modifying anything anywhere, taking control of your hardware, etc. Literal godmode. and some of it cannot be patched, meaning more than a few exploits require replacing your cpu to protect against.

And why does this exist?
Ostensibly to allow sysadmins to remote-manage fleets of computers, which it does. But it allows fucking everything else, too. and keys to it exist. and people are absolutely not trustworthy. especially those in power -- who are most likely to have access to said keys.

The only reason this exists is because fucking power-hungry doucherockets exist.

A typical bouba coder:
- thinks a kilobyte contains 1024 bytes
- thinks Object.assign clones an object
- codes in react.js, thinks he knows reactive programming
- “amd is better for games, intel is better for work”
- thinks that the main advantage of ssh is that you don’t need to enter your password manually
- watches porn in incognito mode
- “crapple”
- “uhm, is it immutable?”
- thinks “persistent” means saved to local storage
- thinks designer is an inferior job because “they only draw shapes”
- thinks good accessibility is when the tab key works
- “All non-mechanical keyboards are trash”
- “C is outdated and nobody uses it anymore”
- “Zuck quit uni and now he’s a billionaire, everybody should quit”
- thinks “pointer” is a shape of the cursor

WHY IS IT SO FUCKIN ABSURDLY HARD TO PUSH BITS/BYTES/ASM ONTO PROCESSOR?

I have bytes that I want ran on the processor. I should:
1. write the bytes to a file
2a. run a single command (starting virtual machine (that installed with no problems (and is somewhat usable out-of-the-box))) that would execute them, OR
2b. run a command that would image those bytes onto (bootable) persistent storage
3b. restart and boot from that storage

But nooo, that's too sensible, too straightforward. Instead I need to write those bytes as a parameter into a c function of "writebytes" or whatever, wrap that function into an actual program, compile the program with gcc, link the program with whatever, whatever the program, build the program, somehow it goes through some NASM/MASM "utilities" too, image the built files into one image, re-image them into hdd image, and WHO THE FUCK KNOWS WHAT ELSE.

I just want... an emulator? probably. something. something which out of the box works in a way that I provide file with bytes, and it just starts executing them in the same way as an empty processor starts executing stuff.

What's so fuckin hard about it? I want the iron here, and I want a byte funnel into that iron, and I want that iron to run the bytes i put into the fuckin funnel.

Fuckin millions of indirection layers. Fuck off. Give me an iron, or a sensible emulation of that iron, and give me the byte funnel, and FUCK THE FUCK AWAY AND LET ME PLAY AROUND.

!rant && story

tl;dr I lost my path, learned to a lot about linux and found true love.

So because of the recent news about wpa2, I thought about learning to do some things network penetration with kali. My roommate and I took an old 8gb usb and turned it into a bootable usb with persistent storage. Maybe not the best choice, but atleast we know how to do that now.

Anyway, we started with a kali.iso from 2015, because we thought it would be faster than downloading it with a 150kpbs connection. Learned a lot from that mistake while waiting apt-get update/upgrade.

Next day I got access to some faster connection, downloaded a new release build and put the 2015 version out it's misery. Finally some signs of progress. But that was not enough. We wanted more. We (well atleast I) wanted to try i3, because one of my friends showed me to /r/unixporn (btw, pornhub is deprecated now). So after researching what i3 is, what a wm is AND what a dm is, we replaced gdm3 with lightdm and set i3 as standard wm. With the user guide on an other screen we started playing with i3. Apparently heaven is written with two characters only. Now I want to free myself from windows and have linux (Maybe arch) as my main system, but for now we continue to use thus kali usb to learn about how to set uo a nice desktop environment. Wait, why did we choose to install kali? 😂

I feel kinda sorry for that, but I want to experiment on there before until I feel confident. (Please hit me up with tips about i3)

Still gotta use Windows as a subsystem for gaming. 😥

I gave a very small overview of the flutter sdk a whiiiile ago and I have been thinking about going back to it. Currently considering between 2 courses on udemy that are at a discount price. I love the idea of dart as a language and prefer declarative ui building over xml shittyness. I was an Android/ios development for 2 years and hated every minute of it, but really love the idea of building mobile apps.

What are your thoughts and considerations on this? Should I jump right in or just leave it asside? What are your success stories with flutter and what did you use to learn the framework besides the docs? How easy are things like state management and persistent storage with flutter compared to android and ios?

I will eventually make my own decission by building sample projects, but hearing from the community would be great.

I've never been a big fan of the "Cloud hype".

Take today for example. What decent persistent storage options do I have for my EKS cluster?

- EBS -- does not support ReadWriteMany, meaning all the pods mounting that volume will have to be physically running on the same server. No HA, no HP. Bummer

- EFS -- expensive. On top of that, its performance is utter shit. Sure, I could buy more IOPS, but then again.. even more expensive.

S3 -- half-assed filesystem. Does not support O_APPEND, so basically any file modifications will have to be in a
`createFile(file+"_new", readAll(file) + new_data); removeFile(file); renameFile(file + "_new", file);`
way.
ON TOP of that, the s3 CSI has even more limitations, limiting my ability to cross-mount volumes across different applications (permission issues)

I'm running out of options. And this does not help my distrust in cloud infras...

!rant
TL;DR: Can anyone recommend or point at any resources which deal with best practices and software design for non-beginners?

I started out as a self-taught programmer 7 years ago when I was 15, now I'm computer science student at a university.
I'd consider myself pretty experienced when it comes to designing software as I already made lots of projects, from small things which can be done in a week, to a project which i worked on for more than a year. I don't have any problems with coming up with concepts for complex things. To give you an example I recently wrote a cache system for an android app I'm working on in my free time which can cache everything from REST responses to images on persistent storage combined with a memcache for even faster access to often accessed stuff all in a heavily multithreaded environment. I'd consider the system as solid. It uses a request pattern where everthing which needs to be done is represented by a CacheTask object which can be commited and all responses are packed into CacheResponse objects.

Now that you know what i mean by "non-beginner" lets get on to the problem:

In the last weeks I developed the feeling that I need to learn more. I need to learn more about designing and creating solid systems. The design phase is the most important part during development and I want to get it right for a lot bigger systems.
I already read a lot how other big systems are designed (android activity system and other things with the same scope) but I feel like I need to read something which deals with these things in a more general way.

Do you guys have any recommended readings on software design and best practices?

Docker newbie question

Does anyone have any insight on how to rclone mount a drive , and map a volume to it for persistent storage?

Okay, can anyone explain to me why this is the third time in a row that I have to re-disable "fast startup" after a windows-update?

I know, some of you might think that windows sucks, and I agree, to some extent, but I still want to be able to play my games there.

So, is there any rational explanation for the fact that windows seems to suffer from some kind of amnesia when it comes to settings? I don't believe it was either bad intent or complete incompetence from the developers...
Is it a certain design decision? Or is is that hard to implement "persistent" settings storage?