Brief items

Deprived of these shields against adversarial interoperability, Usenet's network effects were used against it. Despite being dominated by the backbone cabal, Usenet had everything the alt. hierarchy needed to thrive: the world's total population of people interested in using the Internet to socialize; that meant that the creators of alt. could invite all Usenet users and to expand their reading beyond the groups that met with the cabal's approval without having to get the cabal's permission. Thanks to the underlying design of Usenet, the new alt. groups and the incumbent Usenet newsgroups could be seamlessly merged into a system that acted like a single service for its users.

If adversarial interoperability still enjoyed its alt.-era legal respectability, then Facebook alternatives like Diaspora could use their users' logins and passwords to fetch the Facebook messages the service had queued up for them and allow those users to reply to them from Diaspora, without being spied on by Facebook. Mastodon users could read and post to Twitter without touching Twitter's servers. Hundreds or thousands of services could spring up that allowed users different options to block harassment and bubble up interesting contributions from other users -- both those on the incumbent social media services, and the users of these new upstarts. It's true that unlike Usenet, Facebook and Twitter have taken steps to block this kind of federation, so perhaps the experience won't be as seamless as it was for alt. users mixing their feeds in with the backbone's feeds, but the main hurdle – moving to a new service without having to convince everyone to come with you – could be vanquished.

In this work, we perform a black-box timing analysis of TPM 2.0 devices deployed on commodity computers. Our analysis reveals that some of these devices feature secret-dependent execution times during signature generation based on elliptic curves. In particular, we discovered timing leakage on an Intel firmware-based TPM as well as a hardware TPM. We show how this information allows an attacker to apply lattice techniques to recover 256-bit private keys for ECDSA and ECSchnorr signatures. On Intel fTPM, our key recovery succeeds after about 1,300 observations and in less than two minutes. Similarly, we extract the private ECDSA key from a hardware TPM manufactured by STMicroelectronics, which is certified at Common Criteria (CC) EAL 4+, after fewer than 40,000 observations.

No, no, no, no. I'd been meaning to write a separate blog post for a while about this, but there are a few folks out there pushing for the idea that "data" should now be considered a form of "intellectual property," with the originator holding some sort of property right over it. It's a horrible idea. Take two horribly misunderstood and abused areas -- intellectual property law and privacy -- and awkwardly mash them together and pretend it will actually help? Come on. If we've learned anything about trying to build property rights over information, it's that it creates all sorts of awful unintended consequences. Adding those to data will make them much worse.

I mean, given how many copyright, patent, and trademark trolls already exist, aren't folks super excited about the ability to soon deal with data or privacy trolls as well? It'll be a real blast. But what it won't do is actually protect anyone's privacy. Nor will it allow them to "share in the economic value generated by their data."

In summary: closed-source code is more annoying to improve, but that doesn't mean it's impossible. Also, strange Russians on forums make everything easier.

The requirement from Google has caused mild panic among silicon suppliers and ODMs, as they’re having to actually interact with an open source upstream project and a slightly grumpy maintainer that wants to know lots of details about hardware that doesn’t implement one of the dozens of existing protocols that fwupd supports. These are companies that have never had to deal with working with "outside" people to develop software, and it probably comes as quite a shock to the system.