In January 3, 2018 I saw first news on the new processor vulnerabilities. I kept researching on the topics, and write one of the early news article on those to Uusiteknologia.fi magazine Suorittimissa tietoturvaongelmia – myös ARM-suorittimissa that was published in early morning January 4, 2018 (to my knowledge the first news on those in Finnish language ). My research on the topic included international news and reading newest changes made to Linux Kernel source code.

Soon a web site https://meltdownattack.com/ was made to tell about those vulnerabilities (it was planned to be published later when all the fixes were out, but was publishes earlier than planned because information had leaked out). The two vulnerabilities were made public jointly, on 3 January 2018, several days ahead of the coordinated release date of 9 January 2018 as news sites started reporting about commits to the Linux kernel and mails to its mailing list.

Meltdown was issued a Common Vulnerabilities and Exposures ID of CVE-2017-5754, also known as Rogue Data Cache Load (RDCL), in January 2018. The same research teams that discovered Meltdown also discovered Spectre. On 1 February 2017, the CVE numbers 2017-5715, 2017-5753 and 2017-5754 were assigned to Intel. Two Common Vulnerabilities and Exposures IDs related to Spectre, CVE-2017-5753 (bounds check bypass, Spectre-V1, Spectre 1.0) and CVE-2017-5715 (branch target injection, Spectre-V2), have been issued.

Meltdown relies on a CPU race condition that can arise between instruction execution and privilege checking. Meltdown affects a wide range of systems. At the time of disclosure (2018), this included all devices running any but the most recent and patched versions of iOS, Linux, macOS, or Windows. Accordingly, many servers and cloud services were impacted, as well as a potential majority of smart devices and embedded devices using ARM-based processors

The issued were much older. There had been already some some technical talks material “under the radar” information and that would indicate that Intel processors could have a serious vulnerability that waits to be fixed. On 27 December 2016, at 33C3, Clémentine Maurice and Moritz Lipp of TU Graz presented their talk “What could possibly go wrong with ? Side effects include side-channel attacks and bypassing kernel ASLR” which outlined already what was coming. On 27 February 2017, Bosman et al. of Vrije Universiteit Amsterdam published their findings of how address space layout randomization (ASLR) could be abused on cache-based architectures at the NDSS Symposium. On 27 March 2017, researchers at Graz University of Technology in Austria developed a proof-of-concept that could grab RSA keys from Intel SGX enclaves. In July 2017, research made public on the CyberWTF website by security researcher Anders Fogh outlined the use of a cache timing attack to read kernel space data by observing the results of speculative operations conditioned on data fetched with invalid privileges. In October 2017, Kernel ASLR support on amd64 was added to NetBSD-current, making NetBSD the first totally open-source BSD system to support kernel address space layout randomization (KASLR).

The affected hardware and software vendors had been made aware of the issue on 28 July 2017. The fixes were made and information was kept quite well secret until the beginning of 2018.

Links to sources and more material:

Spectre and Meltdown

Meltdown affects Intel x86 microprocessors, IBM POWER processors, and some ARM-based microprocessors.

https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)

https://www.cloudflare.com/learning/security/threats/meltdown-spectre/

https://www.epanorama.net/newepa/2018/01/03/kernel-memory-leaking-intel-processor-design-flaw/

https://www.uusiteknologia.fi/2018/01/04/suorittimissa-tietoturvaongelmia-myos-arm-suorittimissa/

Usenet started to operate at 1980 and I started using it in 1989. Users read and post messages (called articles or posts, and collectively termed news) to one or more categories, known as newsgroups. Usenet is culturally and historically significant in the networked world, having given rise to, or popularized, many widely recognized concepts and terms such as “FAQ”, “flame”, sockpuppet, and “spam”. Quality of content in a specific newsgroup depended on culture of that newsgroups’ following.

Today, Usenet has diminished in importance with respect to Internet forums, blogs, mailing lists and social media. But Usenet still works today. It is still possible to read and participate in Usenet newsgroups to a large degree using ordinary web browsers since most newsgroups are now copied to several web sites, including Google Groups.

Sfnet is a Finnish-language newsgroup hierarchy founded in 1985. The sfnet hierarchy was managed during its active days (up to year 2013), which meant that only certain people called coordinators could add or remove newsgroups.

I was pretty active on several Finnish Usenet in 1990′s and early 2000′s. I was especially active at sfnet.harrastus.elektroniikka and sfnet.harrastus.audio+video groups. I even maintained and hosted the FAQ (Frequently Asked Questions) lists for both newsgroups: sfnet.harrastus.elektroniikka usein kysytyt kysymykset and sfnet.harrastus.audio+video usein kysytyt kysymykset (FAQ). The content of them is still on-line although the news groups have pretty much faded over years.

In the newest issue have written articles on many high tech topics (text in Finnish with short introduction in English). Newest issue Uusiteknologia 2/2020 has just been published.

I have written two articles to the newest issue.

The front page article is about More CPU power from desktop to embedded systems. The PC processor market is undergoing a drastic change, with challenger company AMD wedging to threaten Intel’s traditional leadership. In addition, Apple and Microsoft are bringing more widely ARM-based processors as processors for PCs and even card servers. The market for personal computers has been downward going for a couple of years now, while developments in the industry have focused on the implementation of new, more efficient mobile chips. New laptops and servers have now restored faith in the PC world and CPU sales are growing again. The most new has been offered by AMD, which has become an industry challenger and has snapped the market from Intel. In addition, rapidly evolving ARM processors are becoming more widespread in computers.
Link to article: https://www.uusiteknologia.fi/2020/11/18/lisaa-sirutehoa-poytakoneista-sulautettuihin/

The other article Single pair of wires to new areas tells about Single Pair Ethernet (SPE). There is a desire to bring more Ethernet networks to industry and vehicles, but problems have been caused by traditional Ethernet solutions based on eight wires and an RJ-45 connector. Therefore, more suitable solutions have been developed to replace them, which are also based on a smaller number of conductors. The introduction of Ethernet in cars created the first one-megabyte and even one gigabit per second standard operating on a single pair of wires. And the development was not limited to vehicles and moving heavy machines, but the solution was also seen as suitable for a wider range of industrial automation, intelligent buildings and various IoT applications. However, solutions developed directly for cars were not suitable as they were optimized to operate over too short distances. Therefore, new versions of one pair of Ethernet were needed for new applications. This story goes through a wide range of all the new single-pair Ethernet standards and related technical details.
Link to article: https://www.uusiteknologia.fi/2020/11/18/yhden-johdinparin-ethernet-liitanta-autoon-ja-tehtaaseen/

Old 80s Usenet content published on-line again!

Most of this is from before my time in Usenet. I started using BBSs in the late 80s and Usenet in 1989.

Interesting coincidence that just two months ago I found some old 3.3″ ‘floppy disks’ from early 1990′s with saved Usenet material that seemed relevant of that time. Thought of looking what was in there some day with USB floppy drive… but maybe the data is already saved.

I was pretty active on Usenet on 90s and early 2000. I even maintained (and still host) two Usenet group FAQs: sfnet.harrastus.audio+video usein kysytyt kysymykset (FAQ) and sfnet.harrastus.elektroniikka usein kysytyt kysymykset. I also had some of my own Usenet mini archive of some interesting posts. Around 2009 my interest in Usenet groups had faded because I felt their usefulness had faded.

Vice reports:

2.1 Million of the Oldest Internet Posts Are Now Online for Anyone to Read
https://www.vice.com/en/article/pky7km/usenet-archive-utzoo-online

Jozef Jarosciak just put millions of early Usenet posts on a browsable archive for the first time.

Around 2.1 million posts from between February 1981 and June 1991 from Henry Spencer’s UTZOO NetNews Archive are archived at the Usenet Archive for anyone to browse at
https://www.usenetarchives.com/groups.php?c=utzoo&p=0

This latest archive-dump is part of an even larger project by Jarosciak. He launched the Usenet Archive site last month, as a way to host groups in a way that’d be independent of Google Groups, which also holds archives of newsgroups like Usenet. It’s currently archiving 317 million posts in 10,000 unique Usenet newsgroups.

The site at https://UsenetArchives.com id free of charge and free of advertising access to archives of BIG-8 and other Usenet text newsgroups.

ZDNet found that projects like the OpenSSL encryption software library, automation software Ansible, Microsoft’s PowerShell scripting language, the P5.js JavaScript library, and many others are looking at changing the name of their default source code repos, in a bid to stamp out racially-charged and slavery-related terms.

In the newest issue have written articles on many high tech topics (text in Finnish with short introduction in English). Earlier issues have been published as an electronic magazine that looks like a regular printed magazine, but this newest issue is published in normal web pages format. Newest issue Uusiteknologia 1/2020 was published yesterday evening.

This issue has two articles written by me:

https://www.uusiteknologia.fi/2020/05/27/uusiteknologia-1-2020-sisalto/

TEEMAJUTTU: VAARALLISIA VIRHEITÄ MIKROPIIREISSÄ = Micro-circuit errors and vulnerabilities

“Over last couple of years, information on security holes in processors made by Intel in particular have become widespread. But security holes have also been found in other manufacturers’ chips: processors, memory circuits, programmable logics and various interface chips. The security provided by the operating systems of computers and many embedded systems is largely based on the use of memory protection. Memory protection provided by the CPU memory management unit can be used to prevent applications from accessing each other’s memory areas or the operating system’s memory area. But this memory protection is not always 100 percent effective in many popular processors. You can find more about this topic in the link bank published online in Uusiteknologia.fi 1/2020 www-magazine (LINK).”

Kortillinen tekoälyä sulautettuihin = Artficial intelligence is also coming into embedded systems

“Artificial intelligence will be seen even more more often an important part of the future of the Internet of Things and, for example, robots and development of autonomous vehicles. The need to process data more and more where data is being created, is taking machine learning and artificial intelligence to ever smaller devices. We gathered here article on basic information about artificial intelligence. In addition, we present seven processor cards with can be used to implement the first practical artificial intelligence controls. You can find more about New Technology 1/2020 via the link bank (LINK).”

In the newest issue have written articles on many high tech topics (text in Finnish with short introduction in English). The new number has been published as an electronic magazine that looks like a regular printed magazine.

I have written to two articles to this newest issue. The first article is about eSIM technology and second is about IoT security.

5G and IoT will use eSIM article tells tht classic plastic SIM card hardly disappears very suddenly, though eSIM is becoming more common. In some devices there can be both options built-in: eSIM is integrated into device and there is also option to install a separate SIM card to the device.

One eSIM chip embedded inside the device (smart phone, tablet or IoT) typically contains one or several carrier profiles, bootstrap code and network switching and a SIM applet for controlling which carrier profile to use. An eSIM with megabyte memory size can be used to store up to ten operator profiles.

The eSIM chips are commonly available with 132 kilobytes to two megabytes memory sizes.

The SIM card is renewing again when 5G services are coming up. ETSI and 3GPP have defined the needed UICC configurations. A 5G SIM card can be removable SIM, M2M-SIM or eSIM. Besides physical format, telecommunication companies have to consider three different types 5G SIM card options: “transitional”, “recommended” and “low power”. Low Power SIM is designed specially designed for the Internet of Things devices. It contains most of the recommended SIM card features, but some privacy features are left off.

Safer IoT with new technologies tells that the new Internet of Things applications will place great demands on micro-controllers in the near future.
The Internet of Things market will grow in the next few years. By 2020, there are estimated to be 20-30 billion networked devices in the world. At the same time, the security requirements for IoT devices growth.

In many cases previous micro-controller generations cannot meet all the new security demands by themselves, so new hardware
solutions and smarter code are ABI Research has predicted thatthe market for secure micro-controllers will grow to $ 1.2 billion over the next couple of years.

Safer IoT with new technologies article take a look at some examples of embedded solutions for IoT applications and how they have implemented security into their solutions. The included examples illustrate how things are handled with security-enabled micro-controllers, single board computers, and cloud services.

You can find links related to articles at links page.

There are many companies that make up some bogus pseudo scientific claims to sell products. This article gives an example about a company selling expensive stickers as solution for people afraid of the irrational “dangers of electromagnetic radiation”.

The article lists the hallmarks of pseudo-scientific products for you to become a more savvy consumer. If you can’t find any empirical information yourself, do your own tests!