Tech News of the Week for 4/2/2024 [MTG032]

Posted on Tuesday, Apr 2, 2024 | Series: Moar Tech Garbage
Medium declares war on AI, Apple silicon security flaws, and FCC broadband standards updated for the 21st century.

Transcript

Announcer: Welcome to Tech News of the Week with your host, the longest yard, which is actually a meter.

Ned: Welcome to Terraria Newts of the Watercrest. It’s our weekly tech news podcast where Chris and I dive into 4 interesting stories that caught our eye over the last couple of weeks. Yeah. It’s been a little while, and that’s because I was on vacation, and then I was stuck in a well. Now I’m out.

We’re gonna talk about some new stuff. Chris, why don’t you get us started?

Chris: Blogspot wannabe medium declares war on AI created content. So we’re talking about the website, medium.com. Yep. Medium.com is, at this point, a well known, so easy a caveman can do it, content hosting website. You can host articles for free, behind a login wall or behind a paywall.

As a matter of fact, if you want to read Medium’s own brief history of Medium article to learn more, you will in fact have to be a paying member.

Ned: Oh, jeez.

Chris: What what are you what are we doing here, kids? Anyway, Medium has, over the years, repeatedly tried to distinguish itself by only hosting quality content, A questionable assertion, considering I myself have published many things on Medium over the years. Zing. Shit. Oh.

Oh. Anyway, this week, last week, a week, Medium came out with a bold statement. They are going to suspend partner program writers if they are found to be using AI, plagiarizing, spamming, or otherwise, quote, participating in fraudulent activity, unquote. Partner program writers, of course, are the ones who get paid for views. So this is a pretty big deal.

And you heard me correctly. If writers want to use AI, even if it’s disclosed as being written partially or completely by AI, they will not be financially compensated on Medium. Reading comments on the post seems like about a 90 10 split, where people are more or less universally applauding the effort. AI has no place in creative writing, and it’s a slippery slope. As such, I will do a famous bonus link to the tragic story of a flood of garbage AI submissions, basically ruining sci fi zine Clark’s World for a time to prove this point for me.

Now Clark’s World is actually back to accepting material, but let’s just say they have their own stringent 0 tolerance policy on people using AI. And incidentally, those stories are damn good. Indeed. If people haven’t read Clark’s World, they should do that too.

Ned: And also listen to Escape Pod.

Chris: That 3.

Ned: FCC finally updates broadband speeds. The Federal Communications Commission, AKA the FCC, has declared that 100 megabytes down and 200 megabytes up is the new standard for what should be considered broadband in the US. There’s gonna be some portion of our audience that thinks, that was broadband in 2010. I get better speeds on my 5 g phone. And another portion of our audience that says, I would kill someone and give up my left pinky toe to get a 100 meg down.

The thing is both of these people would be right. 100 down, 20 up is both laughably slow and unattainable for certain underserved markets. We’ve covered in previous episodes how the FCC used to rely on self reporting from the ISPs, which unsurprisingly, often inaccurate when not simply an outright lie. This is despite those same ISPs taking 1,000,000 of dollars in government funding to, quote, build our infrastructure which is code for putting cold hard cash in investor hands. The latest standard update is informed by FCC’s new broadband map which shows that 45,000,000 Americans do not have access to a fixed or cellular network that meets the benchmark.

This map was compiled by the FCC without the ISPs. Armed with a new standard and a more accurate map, here’s hoping Jessica Rosenworcel and the rest of the team at the FCC can hold the ISPs accountable for their broken promises of the last 25 years.

Chris: Apple Silicon chips have hardware level exploit that could expose encryption keys. Yay. Well, this isn’t good. Security researchers, a phrase that brings fear into the heart of all AI, IT security professionals, and AI professionals, and AI shut up. Security researchers have announced a wildly complex, but doable exploit of the Apple Silicon M Series Processors.

And I say it that way because what I mean is all of them.

Announcer: Oh.

Chris: It has to do with data prefetching, which is a common trick that processor designers use to make chips faster. Long story short, the exploit tricks the CPU into prefetching encryption keys, which can then be, you know, regular fetched. Oh. If the phrase prefetch sounds familiar, it’s because it’s been part of at least a few Intel based attacks, Spectre and Meltdown, which sounds like an indie band that opens for Edward Sharp in the magnetic zeros, uses something similar called speculative execution. Other exploits like this are known to exist but have not received public disclosure.

Now, the proof of concept that the security researchers released that demonstrates the attack on Apple Silicon is called GoFetch, which sounds fun, like go fish. Yeah. But it’s extremely technical, so it’s more like the game Go. Not saying it isn’t fun, there’s a lot of rules. It does not appear that the exploit can be done remotely, so that’s good.

Yeah. But longer term, this is probably a design situation. We’re going to have to do like a chiplet fix. You figure out a way to design a CPU, where one specific non prefetchy core does all this encryption stuff linearly. Mhmm.

It’ll be slower, but it’ll be more secure. To quote from the comments, if you account for all of the CPU features that can be exploited, you are looking at probably 80% of what makes it ridiculously fast. Prefectching, something something, convenience, something something, security, seesaw. I should just go.

Ned: I appreciate that you didn’t make a single Mean Girls reference, and I know you were tempted. Hotel hacking for fun and terror. Electronic locks on hotel rooms are the standard now basically everywhere. I seriously cannot think of the last time I was given an actual key and not a piece of flimsy plastic to awkwardly cram into my already over full wallet. In theory, an electronic lock should be more secure.

Previous occupants can’t simply make a copy of the physical key. Master keys are unnecessary for a custodial and housekeeping staff, and access can be revoked from a centralized system. Of course, those locks run software and that software, like any software, can be hacked. And thus, we have a team of security researchers that have produced the unsaflock exploit, which works on several modes of the safflock. Is it called safflock?

Safelock? It’s probably pronounced safelock, but I don’t care. Safelock. I’m going with it. The safflock key card lock from Swedish company dormakaba.

The exploit simply requires an existing key card and a $300 RFID read write device and 2 new cards that can be made in tandem that will now open any door in the hotel. Yep. Any door. The impacted models are installed on roughly 3,000,000 doors across 13,000 properties globally, which is bad? Yeah.

That’s bad. Since this was a security research team that found the vulnerability, they did the responsible thing and let dormakaba know about it in November of 2022 before publicly disclosing it. Dormacabra has released fixes, but they typically require an update of the central system and every door in the hotel. The effort involved means that an estimated 64% of impacted customers have not yet installed the update. I guess the main takeaway for me is to not leave anything in a hotel room that I value and to use the deadbolt and slide lock when I’m sleeping Or just stay home.

Forever.

Chris: Also remember the safe in the room is garbage, and you can’t trust that either. Happy travels.

Ned: Alright. That’s it. We’re done. Go away now. Bye.

Show Notes

Moar Tech Garbage

Episode: 032 Published: 4/2/2024

Tech News of the Week for 4/2/2024

Medium declares war on AI, Apple silicon security flaws, and FCC broadband standards updated for the 21st century.

Intro and outro music by Ned Bellavance copyright 2022

Hosts

Chris Hayner

Chris Hayner (He/Him)

Our story starts with a young Chris growing up in the agrarian community of Central New Jersey. Son of an eccentric sheep herder, Chris’ early life was that of toil and misery. When he wasn’t pressing cheese for his father’s failing upscale Fromage emporium, he languished on a meager diet of Dinty Moore and boiled socks. His teenage years introduced new wrinkles in an already beleaguered existence with the arrival of an Atari 2600. While at first it seemed a blessed distraction from milking ornery sheep, Chris fell victim to an obsession with achieving the perfect Pitfall game. Hours spent in the grips of Indiana Jones-esque adventure warped poor Chris’ mind and brought him to the maw of madness. It was at that moment he met our hero, Ned Bellavance, who shepherded him along a path of freedom out of his feverish, vine-filled hellscape. To this day Chris is haunted by visions of alligator jaws snapping shut, but with the help of Ned, he freed himself from the confines of Atari obsession to become a somewhat productive member of society. You can find Chris at coin operated laundromats, lecturing ironing boards for being itinerant. And as the cohost on the Chaos Lever podcast.

Ned Bellavance

Ned Bellavance (He/Him)

Ned is an industry veteran with piercing blue eyes, an indomitable spirit, and the thick hair of someone half his age. He is the founder and sole employee of the ludicrously successful Ned in the Cloud LLC, which has rocked the tech world with its meteoric rise in power and prestige. You can find Ned and his company at the most lavish and exclusive tech events, or at least in theory you could, since you wouldn’t actually be allowed into such hallowed circles. When Ned isn’t sailing on his 500 ft. yacht with Sir Richard Branson or volunteering at a local youth steeplechase charity, you can find him doing charity work of another kind, cohosting the Chaos Lever podcast with Chris Hayner. Really, he’s doing Chris a huge favor by even showing up. You should feel grateful Chris. Oaths of fealty, acts of contrition, and tokens of appreciation may be sent via carrier pigeon to his palatial estate on the Isle of Man.