7heo

joined 2 years ago
[–] 7heo@lemmy.ml 50 points 9 months ago* (last edited 9 months ago) (5 children)

Yeah, let's entirely outlaw pentesting while we're at it. What could possibly go wrong? πŸ™ˆ

[–] 7heo@lemmy.ml 50 points 9 months ago* (last edited 9 months ago) (6 children)

(Personal annotations between parentheses. Edit: I know this is a long TL;DR, but it is an outrageously long article, especially considering its substance)

  1. Person discovers VR at an arcade as a kid. Loves it.
  2. Person stays tuned, life happens.
  3. Person gets a Facebook Quest when it is out. Uses it daily. Loves it.
  4. Person eventually stops using it. Can't say why exactly (Spoiler alert: lack of useful software, unpolished UX. Essentially, nothing beyond an awesome tech demo).
  5. Failing to recognize the aforementioned conclusion (cue "spoiler"), person wonders if VR has a "fatal flaw".
  6. Person states that Apple unveiling new tech is akin to major social and political landmarks (moon landing, JFK assassination, 9/11, ...).
  7. Person depicts touch-centric (without proper buttons) interface as revolutionary (Looks to me as if this person never used proper, non budget peripherals[^1] ).
  8. Person briefly strays to other cult-like tech firms and confuses scientific innovation (electric engines are hardly a revolution of this century) with (Tesla's) marketing.
  9. Person states they were jaded by previous VR experiences, so the Apple Vision Pro (AVP) headset unveiling didn't wow them.
  10. Person pre-orders one at 3.5k as soon as the pre-orders start anyway.
  11. Cognitive dissonance due to the price, and Apple (religious) marketing kick in, and the person decides this is a life defining moment.
  12. Person goes back home with their newly acquired liability, and informs their spouse that they will be intentionally failing their duties for a week, due to the previous point.
  13. Person presents the product. At least, they don't hide the battery pack (as Apple did), nor some of the other flaws (FoV, avatars, etc).
  14. Person also adds that the headset takes biometric information from you (iris scan, hard pass from me).
  15. Person finally recognizes that UX is what was lacking all along.
  16. Person also states that the screen and eye tracking is beyond compare (for 3x the price of the Kura Gallium, I sure hope so...)
  17. Person also then recognizes that productivity apps were also missing all along, and that now, VR (magically) doesn't have any fatal flaw anymore.
  18. Person makes predictions to justify their spending, stating that the number of apps will be multiplied by 1000, the technological improvement will also step up, and the price will (somehow!?) go down (original iPhone was USD 499 to 599, which is USD 750 to USD 900 in 2024 money, and that is lower than the price of the iPhone 15 models, which range from USD 800 to 1000 πŸ™ƒ)

[^1]: I personally hate touch centric interfaces with a passion. IMHO, no one in their right mind, who understands the prevalence of muscle memory/spatial memory, and the consequential importance of haptic feedback, of absolute coordinate systems, and of explicit information presentation, would ever even think touch-centric interfaces for sustained use are a good idea.

[–] 7heo@lemmy.ml 7 points 9 months ago (7 children)

Why not both? πŸ˜…

[–] 7heo@lemmy.ml 12 points 9 months ago* (last edited 9 months ago)

Thank you πŸ™

But I hardly doubt I would be given a voice. I'm just a random millennial struggling to make rent... (no avocado toast involved tho)

[–] 7heo@lemmy.ml 119 points 9 months ago* (last edited 9 months ago) (12 children)

Why? Well, it was Chrome. Yes, I know many of you spit at the very name. Get over it.

OK, boomer (yes, "surprise! surprise!", this harticle – for "hate driven article" – was written by a boomer, and one that writes for several online publications, too).

This article is not only a (staggering) failure from the aforementioned boomer to grasp what really is at play here, but it also shows a significant, shocking lack of quality assurance in the way "theregister" determines what gets published. This piece isn't an opinion as much as a flaming bag of shit, meant to stink everyone's shoes, and motivated only by the author's ineptitude-fuelled frustration in what seems a textbook example of the Dunning–Kruger effect.

Lemme first address my primary point, in relation to what I quoted at the top, I'll get to illustrating the various failures of the author after that.


No, Steven J. Vaughan-Nichols, we will not "get over it".

The first inaccuracy is in depicting Mozilla Firefox as "a browser". It isn't merely just another browser. Firefox is the last widespread multiplatform browser that isn't using the Blink engine (yes I know GNOME Web and Konqueror use WebKit, which is Blink's ancestor, BTW[^1] , but they are hardly widespread. And safari isn't multiplatform).

Why does that matter? Because the engine is essentially all that a browser is, once you strip away the cosmetics. So the actual contest here isn't between a dozen of browsers, but between two engines, and Firefox's (Gecko) is, indeed, in a dire position. But if we let it go further, it will, as Steven puts it, fall into irrelevance (the inaccuracy here is that the harticle depicts Firefox as already irrelevant).

And if we ever come to the point where only one engine prevails, where services necessary for administrations, citizenship, and life in general, can drop support for anything else than Blink, it is the end of the open web, and of open source web browsers in general[^2].

You will then have to input intimate personal information into a proprietary software, by law.

If you don't see this as a problem, you are part of the problem.

And this is why we can't "get over it".

The internet is much more than just the web. But 100% (rounded from 99.999+%) of users are unaware of that.

The web is much more than browsing. But 100% (rounded) of users are unaware of that.

We are getting our technology reduced to the lowest common denominator, and this denominator is set by people who fail to open PDFs.


Now, as to the other blunders I mentioned above, here are a bunch:

  • "Mozilla's revenue dropped from $527,585,000 to $510,389,000".

    This is a 3% drop. Significant? Yes. But hardly a game ender.

  • "So, where is all that money coming from? Google".

    I know it, you know it, we all have known that for a decade by now, and yes, it is a problem, yes, we need public FOSS funding, but that is neither news, nor relevant. Firefox, as the last major browser not directly controlled by Google, can find funding elsewhere. If I'm correct, and the stakes are so high, when Google pulls out, the public will step in (🀞), in the form of institutions, such as the EU.

  • "[...] she wants to draw attention to our increasingly malicious online world [...] I don't know what that has to do with the Mozilla Foundation".

    That's on you, buddy. Understanding the matter at hand should be a prerequisite for publishing on theregister. But I digress. The maliciousness has a lot more to do with software than with users. And the root of said software aren't in "the algorithms", but really in actual, user facing software, that runs in our physical machines, where our microphones, cameras, GPS, and various other sensors are plugged...

  • "Somehow, all this will be meant to help Mozilla in "restoring public trust in institutions, governments, and the fabric of the internet." That sounds good, but what does that have to do with Firefox?".

    Again, it's on you. Seriously, WTF. I get that you, the author, are American, and that decades of misinformation about "socialism", and "public ownership" will do that to a motherfucker, but Firefox does need funding aside from verdammt Google. You even highlighted that point yourself... How do you suppose they would get public funding if the government, or the public, doesn't trust Mozilla? Because replacing Google by another corporation only moves the problem, it hardly solves anything. While I'm at it, quick history lesson here: the "fabric of the internet" has been publicly funded. All of it. The internet was designed by DARPA funded researchers. Public money. Developed by universities. Public money. The web was invented at the CERN, by a researcher. Paid with public money. As a tech writer, how do you not know that?

[^1]: WebKit is only partially different from Blink, since Blink is a fork of WebKit. So, as far as "interoperability through competing implementations" goes, WebKit is of rather limited relevance, unfortunately.
[^2]: Only chromium and brave are available as open source software, chromium is maintained by Google as a courtesy, they can pull the plug any time, it will probably only affect their revenue positively. Brave is 3 times less popular than Firefox.

[–] 7heo@lemmy.ml 3 points 9 months ago* (last edited 9 months ago) (2 children)

Well, technically, if you can do #1, you can probably do #2... πŸ˜‹

And then the rest doesn't require advanced skills, with the exceptions of point #8. Using a programmer is essentially the same as with any other tool. There is a method, you follow it, and you never, ever get close to the blade with your hands when the machine is running. Oh, no, wait, that is for a different tool. πŸ™ƒ

[–] 7heo@lemmy.ml 4 points 9 months ago* (last edited 9 months ago) (4 children)

You might be able to drop the manufacturer's keys somehow[^1] but I would not recommend.

If you still really want to do this, I would advise you to:

  1. Unsolder the eeprom
  2. Solder a slot-in socket instead
  3. Get a new blank chip
  4. Get an eeprom programmer
  5. Dump the eeprom to a bin file
  6. Flash that bin file onto the new eeprom
  7. Test that the motherboard POSTs
  8. Search for cryptographic signatures (possibly compressed, possibly obfuscated - rolling XOR, reversed, etc) in the bin file
  9. Hack around that bin file trying to blank the keys, or better yet, replace them with yours.
  10. Go to step 7, repeat.

Of course, you could always flash the modified bin onto the new eeprom directly at step 6, but what's the fun in that? πŸ˜…

Also, if you really do this(!), please don't forget to document. πŸ™

[^1]: I doubt they went as far as "fusing" them in the factory, it would be perceived as "overkill" for a general public product - which I assume it is - and would run the risk of bricking upgradibility of the board, should the manufacturer lose the keys. Plus, it doesn't help anything (quite the contrary) if the keys are somehow leaked by the manufacturer.

[–] 7heo@lemmy.ml 3 points 9 months ago

Thanks πŸ™

[–] 7heo@lemmy.ml 18 points 9 months ago* (last edited 9 months ago) (8 children)

~~Somehow I doubt that manufacturers of 13 years old motherboards are going to update their UEFIs... I would love to be proven wrong, but it was hard enough to find a UEFI able to POST with a 2080 super already.~~

Edit: I apologize for having missed the point entirely. I would like to thank SteveTech@Programming.dev for bringing this to my attention. This is actually a firmware hacking mod that works by flashing an already modified (using the tools documented in the linked page) firmware to the UEFI EEPROM of a motherboard.

However I will take the opportunity of hijacking my own comment to point out a couple (important) facts:

  1. Ron Minnich, one of the coreboot developers, once gave me the following, (hardware) life saving advice:

Do not flash firmware on a UEFI EEPROM without having a mean to rescue your board. Meaning buy another chip, get a programmer and keep the original firmware onto the original EEPROM.

  1. Some UEFI firmwares are signed. Obviously, modifying them will break the cryptographic signature. This might entirely prevent you from flashing them, but if it does not, it will in any way always prevent the motherboard from checking the integrity of the file. Therefore, only modify a verified firmware, in a way that you understand. And ideally, sign it afterwards with your own key (or at least keep a copy of its hash in a separate location). This will not help wrt the motherboard, but it will absolutely help you making sure the firmware has not been modified any further.
[–] 7heo@lemmy.ml 15 points 9 months ago (1 children)
[–] 7heo@lemmy.ml 2 points 9 months ago (1 children)
view more: β€Ή prev next β€Ί