Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
That moment when you are on terminal, you highlight text and press Ctrl+C, only to realize you have terminated a running job that was 90% complete.19
-
I'm getting ridiculously pissed off at Intel's Management Engine (etc.), yet again. I'm learning new terrifying things it does, and about more exploits. Anything this nefarious and overreaching and untouchable is evil by its very nature.
(tl;dr at the bottom.)
I also learned that -- as I suspected -- AMD has their own version of the bloody thing. Apparently theirs is a bit less scary than Intel's since you can ostensibly disable it, but i don't believe that because spy agencies exist and people are power-hungry and corrupt as hell when they get it.
For those who don't know what the IME is, it's hardware godmode. It's a black box running obfuscated code on a coprocessor that's built into Intel cpus (all Intell cpus from 2008 on). It runs code continuously, even when the system is in S3 mode or powered off. As long as the psu is supplying current, it's running. It has its own mac and IP address, transmits out-of-band (so the OS can't see its traffic), some chips can even communicate via 3g, and it can accept remote commands, too. It has complete and unfettered access to everything, completely invisible to the OS. It can turn your computer on or off, use all hardware, access and change all data in ram and storage, etc. And all of this is completely transparent: when the IME interrupts, the cpu stores its state, pauses, runs the SMM (system management mode) code, restores the state, and resumes normal operation. Its memory always returns 0xff when read by the os, and all writes fail. So everything about it is completely hidden from the OS, though the OS can trigger the IME/SMM to run various functions through interrupts, too. But this system is also required for the CPU to even function, so killing it bricks your CPU. Which, ofc, you can do via exploits. Or install ring-2 keyloggers. or do fucking anything else you want to.
tl;dr IME is a hardware godmode, and if someone compromises this (and there have been many exploits), their code runs at ring-2 permissions (above kernel (0), above hypervisor (-1)). They can do anything and everything on/to your system, completely invisibly, and can even install persistent malware that lives inside your bloody cpu. And guess who has keys for this? Go on, guess. you're probably right. Are they completely trustworthy? No? You're probably right again.
There is absolutely no reason for this sort of thing to exist, and its existence can only makes things worse. It enables spying of literally all kinds, it enables cpu-resident malware, bricking your physical cpu, reading/modifying anything anywhere, taking control of your hardware, etc. Literal godmode. and some of it cannot be patched, meaning more than a few exploits require replacing your cpu to protect against.
And why does this exist?
Ostensibly to allow sysadmins to remote-manage fleets of computers, which it does. But it allows fucking everything else, too. and keys to it exist. and people are absolutely not trustworthy. especially those in power -- who are most likely to have access to said keys.
The only reason this exists is because fucking power-hungry doucherockets exist.26 -
I just want to add my 2 Cents to the all this GDPR chaos. Because I feel lots of you are missing the point here.
When reading here about GDPR I hear all kinds of fair statements of how flawed it is and how it's mainly hurting the small companies etc etc.
I agree, at this state GDPR might actually be doing more harm than good.
However, I don't think that is what it is about. It's about going in the right direction. If you read/look over the course of history we've had several technological revolutions. Industrial, renaissance. They all start the same:
"This technology is going to change everything, it's going to solve all our problems!" It's something holy. Something that shouldn't be touched or regulated, only embraced.
But as we all know it wasn't all that pretty.
Industrial revolution was hard super underpaid, dirty work. Children had to work too. People were getting sick. Lots of alcoholism, depression.
And what made the factories start taking better care of their employees? Regulation.
Once fines start to come, companies will have to adapt.
We have to learn and understand that these systems like government, company, capitalism. They're built for reasons. They all exist for reasons. And only when it is in balance, things will flourish.
So I encourage you all to stay as critical as you are, but to give it a chance. To have a bit of faith.
It might just turn into something worthwhile!
Thanks for reading!:)4 -
SMM: Can you chat over the phone? Just want to make sure we are on the same page! I am not great with web lingo!
Me: Sure.
Me, internally: You're a social media manager. That's literally your one fucking job.3 -
I would say that devRant is only GDPR compliant if they explicitly mention that it's extremely addictive!
5 -
Tldr; its a long introduction
Hi Ranters,
I've been on this app for quite a while now. As a shy cat watching from a distance and reading all kinds of rants. Anywho I feel comfortable enough to crawl out of my shell and introduce myself. Since I feel you guys together made such a pleasant and safe community, I'm really happy to be a part of it!
Anyway I'm Sam, 24 year old, from the Netherlands. My favorite color is green. Mostly the green you can find in nature. The one that calms you down:). I'm a very introverted person but always very curious and eager to learn new things.
I started to program when I was 12. I did assembly and C++. Because I liked making cheats for online games. Later I learned about C#, Java and Python. Mostly used it for web stuff, scraping, services etc. But also chatbots (for Skype for example).
Currently I'm 2 years in as a data scientist, mostly working in Python.
But on the side as a hobby and with an ambition I have a basic understanding of full stack development.
Mostly Nodejs, express, mongo, and frontend, no frameworks.
(I will later ask you guys some more questions about that! I could really use some advice!)
Anyway enough about me! Tell a bit about yourselves! Happy to get to know you all a little better!22 -
So as all of you web developers know. If you are stepping into the world of web development you stepping into a world of unlimited possibilities, opportunities and adventure.
The flip side is that you step into a world of unlimited choices, tools, best practices, tutorials etc.
Since even for a veteran programmer, this is a little overwhelming, I'd like to take the opportunity to ask you guys for advice.
I know that 'there is no best' and that everything 'depends on what you want to achieve'. So how about just say the pro's and cons or when to use and when not to use. Or why you prefer one over another. Everything is allowed! :D
Maybe it will help others too. Start a nice, professional discussion:)
These are the parts I'd like advice about:
- frontend: what frameworks, libraries
- backend: language, framework, good practice
- server: OS, proxy (nginx, Apache, passenger), extra tips (like don't use root user)
- extras: git, GitHub, docker, anything
Thanks in advance everyone willing to help!:)
Also, if you only know frontend or backend. No worries, just tell me about your specialism!6 -
So I'm working on a Gnome shell extension. Which is a nice integration wtih Todoist. It's far from done but it's starting to shape up.
From all projects and things I've done, this is a pain. There is almost no documentation so I'm almost entirely reliant on source codes of other extensions.
And yeah, stackoverflow isn't going to help you...
Fun project nevertheless :) Reminds me of the time I worked in WINAPI.
9 -
You know what the best invention is for devs?
It's not JS, not C++, no IDEs, not VIM, not VSCode, not Linux, not Apple, not a computer (🤔).
It's coffee :) hmmmm....2 -
Opening a million tabs on Chrome, inwardly saying, 'I'll get back to you later' after briefly reading the first few paragraphs
Top Tags
Weekly Rant
View