Tech News of The Week 04/02/24 [MTG-32]

Welcome to Tech News of the Week with your host, the longest yard, which is actually a meter.

Welcome to Terraria Newts of the Watercrest. It's our weekly tech news podcast where Chris and I dive into 4 interesting stories that caught our eye over the last couple of weeks. Yeah. It's been a little while, and that's because I was on vacation, and then I was stuck in a well. Now I'm out.

We're gonna talk about some new stuff. Chris, why don't you get us started?

Blogspot wannabe medium declares war on AI created content. So we're talking about the website, medium.com. Yep. Medium.com is, at this point, a well known, so easy a caveman can do it, content hosting website. You can host articles for free, behind a login wall or behind a paywall.

As a matter of fact, if you want to read Medium's own brief history of Medium article to learn more, you will in fact have to be a paying member.

Oh, jeez.

What what are you what are we doing here, kids? Anyway, Medium has, over the years, repeatedly tried to distinguish itself by only hosting quality content, A questionable assertion, considering I myself have published many things on Medium over the years. Zing. Shit. Oh.

Oh. Anyway, this week, last week, a week, Medium came out with a bold statement. They are going to suspend partner program writers if they are found to be using AI, plagiarizing, spamming, or otherwise, quote, participating in fraudulent activity, unquote. Partner program writers, of course, are the ones who get paid for views. So this is a pretty big deal.

And you heard me correctly. If writers want to use AI, even if it's disclosed as being written partially or completely by AI, they will not be financially compensated on Medium. Reading comments on the post seems like about a 90 10 split, where people are more or less universally applauding the effort. AI has no place in creative writing, and it's a slippery slope. As such, I will do a famous bonus link to the tragic story of a flood of garbage AI submissions, basically ruining sci fi zine Clark's World for a time to prove this point for me.

Now Clark's World is actually back to accepting material, but let's just say they have their own stringent 0 tolerance policy on people using AI. And incidentally, those stories are damn good. Indeed. If people haven't read Clark's World, they should do that too.

And also listen to Escape Pod.

That 3.

FCC finally updates broadband speeds. The Federal Communications Commission, AKA the FCC, has declared that 100 megabytes down and 200 megabytes up is the new standard for what should be considered broadband in the US. There's gonna be some portion of our audience that thinks, that was broadband in 2010. I get better speeds on my 5 g phone. And another portion of our audience that says, I would kill someone and give up my left pinky toe to get a 100 meg down.

The thing is both of these people would be right. 100 down, 20 up is both laughably slow and unattainable for certain underserved markets. We've covered in previous episodes how the FCC used to rely on self reporting from the ISPs, which unsurprisingly, often inaccurate when not simply an outright lie. This is despite those same ISPs taking 1,000,000 of dollars in government funding to, quote, build our infrastructure which is code for putting cold hard cash in investor hands. The latest standard update is informed by FCC's new broadband map which shows that 45,000,000 Americans do not have access to a fixed or cellular network that meets the benchmark.

This map was compiled by the FCC without the ISPs. Armed with a new standard and a more accurate map, here's hoping Jessica Rosenworcel and the rest of the team at the FCC can hold the ISPs accountable for their broken promises of the last 25 years.

Apple Silicon chips have hardware level exploit that could expose encryption keys. Yay. Well, this isn't good. Security researchers, a phrase that brings fear into the heart of all AI, IT security professionals, and AI professionals, and AI shut up. Security researchers have announced a wildly complex, but doable exploit of the Apple Silicon M Series Processors.

And I say it that way because what I mean is all of them.

Oh.

It has to do with data prefetching, which is a common trick that processor designers use to make chips faster. Long story short, the exploit tricks the CPU into prefetching encryption keys, which can then be, you know, regular fetched. Oh. If the phrase prefetch sounds familiar, it's because it's been part of at least a few Intel based attacks, Spectre and Meltdown, which sounds like an indie band that opens for Edward Sharp in the magnetic zeros, uses something similar called speculative execution. Other exploits like this are known to exist but have not received public disclosure.

Now, the proof of concept that the security researchers released that demonstrates the attack on Apple Silicon is called GoFetch, which sounds fun, like go fish. Yeah. But it's extremely technical, so it's more like the game Go. Not saying it isn't fun, there's a lot of rules. It does not appear that the exploit can be done remotely, so that's good.

Yeah. But longer term, this is probably a design situation. We're going to have to do like a chiplet fix. You figure out a way to design a CPU, where one specific non prefetchy core does all this encryption stuff linearly. Mhmm.

It'll be slower, but it'll be more secure. To quote from the comments, if you account for all of the CPU features that can be exploited, you are looking at probably 80% of what makes it ridiculously fast. Prefectching, something something, convenience, something something, security, seesaw. I should just go.

I appreciate that you didn't make a single Mean Girls reference, and I know you were tempted. Hotel hacking for fun and terror. Electronic locks on hotel rooms are the standard now basically everywhere. I seriously cannot think of the last time I was given an actual key and not a piece of flimsy plastic to awkwardly cram into my already over full wallet. In theory, an electronic lock should be more secure.

Previous occupants can't simply make a copy of the physical key. Master keys are unnecessary for a custodial and housekeeping staff, and access can be revoked from a centralized system. Of course, those locks run software and that software, like any software, can be hacked. And thus, we have a team of security researchers that have produced the unsaflock exploit, which works on several modes of the safflock. Is it called safflock?

Safelock? It's probably pronounced safelock, but I don't care. Safelock. I'm going with it. The safflock key card lock from Swedish company dormakaba.

The exploit simply requires an existing key card and a $300 RFID read write device and 2 new cards that can be made in tandem that will now open any door in the hotel. Yep. Any door. The impacted models are installed on roughly 3,000,000 doors across 13,000 properties globally, which is bad? Yeah.

That's bad. Since this was a security research team that found the vulnerability, they did the responsible thing and let dormakaba know about it in November of 2022 before publicly disclosing it. Dormacabra has released fixes, but they typically require an update of the central system and every door in the hotel. The effort involved means that an estimated 64% of impacted customers have not yet installed the update. I guess the main takeaway for me is to not leave anything in a hotel room that I value and to use the deadbolt and slide lock when I'm sleeping Or just stay home.

Forever.

Also remember the safe in the room is garbage, and you can't trust that either. Happy travels.

Alright. That's it. We're done. Go away now. Bye.