WTF Bites
-
From now on, every time I'll be waiting for my PS4 to load something from the HD, I'll swear like a sailor
-
@twelvebaud So, they have a SATA connector in there... and connect the HDD via USB.
In which world does this make any sense?
-
In which world does this make any sense?
Sony's. They rejected our reality and substituted their own.
-
@raceprouk said in WTF Bites:
Sony's. They rejected our reality and substituted their own.
They should rename themselves "Sorry"
-
@twelvebaud So, they have a SATA connector in there... and connect the HDD via USB.
In which world does this make any sense?
The same world where putting a rootkit on music CDs was considered a wise business decision.
-
That's 8 hours for 291 GB over a Gigabit network. Jesus Fucking Christ.
Odds that every packet is bouncing thru their servers...
No, the traffic monitor on my router doesn't show anything on that level.
If I do a rough back-of-the-napkin calculation 291 GB in 8 hours is roughly 10 Mbit/s.
I think that number has some meaning for network cards, doesn't it?
Maybe I should switch to the WLAN?
Maybe you can try with this ?
-
That's 8 hours for 291 GB over a Gigabit network. Jesus Fucking Christ.
Odds that every packet is bouncing thru their servers...
No, the traffic monitor on my router doesn't show anything on that level.
If I do a rough back-of-the-napkin calculation 291 GB in 8 hours is roughly 10 Mbit/s.
I think that number has some meaning for network cards, doesn't it?
Maybe I should switch to the WLAN?
Maybe you can try with this ?
No, won't work because this is part of the setup. I cannot start anything yet.
-
Other WTFs from that talk:
- The "Aeolia" southbridge isn't a southbridge the way we think of it. It's a full-on ARM SoC running FreeBSD. So your PS4 isn't reading from the hard drive over USB, it's reading from another totally separate computer on the same board that's reading the hard drive over USB.
- Sony has no idea how PCI works. In a nutshell, rather than have the southbridge pretend to be a couple different devices each doing their one function, you have 32 copies of the same southbridge, which do seven different normalish functions plus another function that's "all the extra functions I couldn't fit, lol." And all interrupts come from the "all the extra functions I couldn't fit, lol" function, which you have to ask what the real interrupt is.
- The PS4 has HDMI out. Its graphics processor supports one HDMI head and one DisplayPort head. A sane person would just run wires from the HDMI pins on the APU directly to the HDMI port. Sony decided to use a DisplayPort video capture/HDMI transcoder chip instead.
- The transcoder chip doesn't just start working from boot. It has to be configured first. Over I2C. By way of going back to the southbridge. Not with "put message" and "get message", but with wire-level nanosecond-level commands for driving the bus, because "I2C is too slow otherwise".
- 16 megabytes of video RAM.
-
@twelvebaud Fun talk. After talking to some gamedevs, it seemed like the PS4 was the less fucked-up alternative in this generation, but maybe that's not the case. (In the PS3 era, the SPUs seemed to be really widely loved.)
-
@twelvebaud said in WTF Bites:
Other WTFs from that talk:
- The "Aeolia" southbridge isn't a southbridge the way we think of it. It's a full-on ARM SoC running FreeBSD. So your PS4 isn't reading from the hard drive over USB, it's reading from another totally separate computer on the same board that's reading the hard drive over USB.
- Sony has no idea how PCI works. In a nutshell, rather than have the southbridge pretend to be a couple different devices each doing their one function, you have 32 copies of the same southbridge, which do seven different normalish functions plus another function that's "all the extra functions I couldn't fit, lol." And all interrupts come from the "all the extra functions I couldn't fit, lol" function, which you have to ask what the real interrupt is.
- The PS4 has HDMI out. Its graphics processor supports one HDMI head and one DisplayPort head. A sane person would just run wires from the HDMI pins on the APU directly to the HDMI port. Sony decided to use a DisplayPort video capture/HDMI transcoder chip instead.
- The transcoder chip doesn't just start working from boot. It has to be configured first. Over I2C. By way of going back to the southbridge. Not with "put message" and "get message", but with wire-level nanosecond-level commands for driving the bus, because "I2C is too slow otherwise".
- 16 megabytes of video RAM.
enum x86_hardware_subarch { X86_SUBARCH_PC = 0, X86_SUBARCH_LGUEST, X86_SUBARCH_XEN, X86_SUBARCH_INTEL_MID, X86_SUBARCH_CE4100, X86_NR_SUBARCHS, };
Well, that's, um...clever.
-
@timebandit said in WTF Bites:
@coldandtired the 240v circuit is actually 2 x 120v. The dryer is connected to a single 240v plug. If it needs 120v internally, it can extract it from the 240v easily.
North American single family homes typically have two hot wires (120V each) and a neutral, fed to them from a transformer. Hot to neutral is 120V (for lights, small appliances, etc.), and hot to hot is 240V (for electric ovens, dryers, other heavy frickin' loads). You're welcome.
-
@timebandit said in WTF Bites:
@coldandtired the 240v circuit is actually 2 x 120v. The dryer is connected to a single 240v plug. If it needs 120v internally, it can extract it from the 240v easily.
North American single family homes typically have two hot wires (120V each) and a neutral, fed to them from a transformer. Hot to neutral is 120V (for lights, small appliances, etc.), and hot to hot is 240V (for electric ovens, dryers, other heavy frickin' loads). You're welcome.
But only if it's been wired up that way. Most typical wall outlets aren't....
-
hot to hot is 240V
It's a two phase system?
I am used to European system, which is three-phase, so hot-to-hot is √3 times hot-to-ground only.
-
@twelvebaud So, they have a SATA connector in there... and connect the HDD via USB.
In which world does this make any sense?
The harddrive is a standard laptop SATA drive. Why would they connect a SATA drive over USB to a southbridge with a SATA controller?
-
@tsaukpaetra said in WTF Bites:
@timebandit said in WTF Bites:
@coldandtired the 240v circuit is actually 2 x 120v. The dryer is connected to a single 240v plug. If it needs 120v internally, it can extract it from the 240v easily.
North American single family homes typically have two hot wires (120V each) and a neutral, fed to them from a transformer. Hot to neutral is 120V (for lights, small appliances, etc.), and hot to hot is 240V (for electric ovens, dryers, other heavy frickin' loads). You're welcome.
But only if it's been wired up that way. Most typical wall outlets aren't....
Right. Most wall outlets have one hot, one neutral and one ground, so you get only 120V. Generally, only heavy loads get two hots (and specialized outlets), although there are (very rare) exceptions.
-
It's a two phase system?
It's split phase:
Since the two phasors do not define a unique direction of rotation for a revolving magnetic field, a split single-phase is not a two-phase system.
That being said, some large residential buildings are fed by three-phase. In that case, hot to hot could be 208V (120 * sqrt(3)) instead of 240V. Many if not most large appliances have the ability to adapt to the lower voltage.
-
@lolwhat Isn't it 415V? The three phases shouldn't be split, no?
-
@lolwhat Isn't it 415V?
Nope. 208Y/120.
-
Isn't it 415V?
I think that's the European 3-phase voltage level, which is double what the Americans use. (Double the voltage, half the current.)
-
@dkf No, European is 230V single phase, 400V three-phase. It's not exactly double, you see.
Also, Czech used to be 220V/380V before they increased it a bit to match the EU. Devices are generally designed to handle anything 220–240V/380–415V to cope.
-
@lolwhat I thought that if normally you transform to 240V and split, it would use the three unsplit 240V phases, but they can obviously simply be transformed to unsplit 120V.
-
@dkf No, European is 230V single phase, 400V three-phase. It's not exactly double, you see.
There's quite a wide tolerance; 415V is within it.
-
@lolwhat I thought that if normally you transform to 240V and split, it would use the three unsplit 240V phases, but they can obviously simply be transformed to unsplit 120V.
Whatever happens in the transformer, the secondary hots are 208V phase-to-phase and 120V phase-to-neutral. It's the most common three-phase service under North American electrical standards.
-
Naïve : "What does usage access mean? I bet that Help button will explain it."
Thanks, Google. You fucks.
-
@heterodox said in WTF Bites:
Naïve : "What does usage access mean? I bet that Help button will explain it."
Thanks, Google. You fucks.
Oh? So they're taking Microsoft's approach of "Just
BingGoogle for the answer"?Edit: looking at the equivalent screen (and going one bit farther down since I don't have a button)
Apparently it's analytics access?
-
@raceprouk said in WTF Bites:
grabs a and books a plane to wherever Sony's HQ is
Good. Remember to set up a reminder for a monthly repeat. There's always a reason to LART Sony.
And then the murders began.
Infected with Sony ManiaThat's my hatchethog!
-
-
@ben_lubar said in WTF Bites:
LART
Live Action Role-Trumpet?
-
@ben_lubar said in WTF Bites:
LART
Live Action Role-Trumpet?
Local Area Retweet?
-
-
Infosec drama of the day (before Equifax, anyway): A SEO expert pretends to be a security expert, demonstrates utter incompetence, proceeds to accuse an actual security expert of DDOSing her to "silence the truth":
https://pbs.twimg.com/media/DJHX6jzW0AAaRIB.jpg:large
(Image from @troyhunt)
The link at the bottom of that screed is https://www.zscaler.com/blogs/research/ssltls-based-malware-attacks, which basically says "more and more malware is using TLS", which does not mean TLS itself is evil.
Bonus: "proof" that TLS is bad. Wat.
-
@dcoder The argument is basically "I can throw a knife through the air, therefore the air is dangerous and vulnerable to attacks and should never be allowed near small children."
-
@ben_lubar said in WTF Bites:
@dcoder The argument is basically "I can throw a knife through the air, therefore the air is dangerous and vulnerable to attacks and should never be allowed near small children."
If the air wasn't allowed near small children, we'd get a hell of a lot more peace and quiet.
-
@pie_flavor said in WTF Bites:
@ben_lubar said in WTF Bites:
@dcoder The argument is basically "I can throw a knife through the air, therefore the air is dangerous and vulnerable to attacks and should never be allowed near small children."
If the air wasn't allowed near small children, we'd get a hell of a lot more peace and quiet.
Bonus: eventually the world would run out of stupid people unless they managed to become anaerobic.
-
@pie_flavor said in WTF Bites:
If the air wasn't allowed near small children, we'd get a hell of a lot more peace and quiet.
Yes, because the sound wouldn't travel in a vacuum.
-
Yesterday near the end of the work day, colleague pointed out to me that we have four logging libraries in the application. Four fucking logging libraries. In one application. All in-house developed and neither of them is particularly good either.
-
we have four logging libraries in the application
With that much logging, you'd better be getting good lumber out!
-
@tsaukpaetra said in WTF Bites:
Edit: looking at the equivalent screen (and going one bit farther down since I don't have a button)
Ah, so yours actually explains things. Good to know Google is regressing in each release (already knew it actually).
-
Bonus: "proof" that TLS is bad. Wat.
I swear I'm trying to understand how the diagram is being (mis) interpreted to demonstrate a vulnerability and I simply can't; it must just be an illustration of what/where TLS is in the stack.
-
@heterodox said in WTF Bites:
it must just be an illustration of what/where TLS is in the stack.
That's what it is.
-
@raceprouk said in WTF Bites:
That's what it is.
Thus the text under the diagram is irrelevant to the diagram itself and completely unfounded? I suppose I get it.
The other alternative I just realized is that it's possible the "Record" in "Record Protocol" is being read as a verb and not a noun, thus "eavesdropping" since you can "record the protocol"... took me at least half an hour to realize that could be what was meant because it's so stupid... yet so plausible, given the substance of other writings. And it would explain why that part was broken out when it didn't have to be to illustrate location in the stack.
If that's what's meant, I imagine you know what to do with the hammer...
-
Heads up: https://developers.google.com/web/updates/2017/09/nic61
New in Chrome 61
The WebUSB API has landed, allowing web apps to access user permitted USB devices.
-
@bb36e Coming soon: Secure USB dongles for Equifax
-
Four fucking logging libraries.
neither of them
Which is it, 4 or 2?
-
Heads up: https://developers.google.com/web/updates/2017/09/nic61
New in Chrome 61
The WebUSB API has landed, allowing web apps to access user permitted USB devices.
It's not that big of a WTF:
- The device should only be accessible to scripts downloaded from a domain whitelisted either by the device itself or in some central whitelist and
- the user has to approve the permission,
which actually seems to be more secure than the current practice of installing unsigned drivers downloaded over unsecured connection directly into the system.
-
Copy-editing is hard, let's go shopping!
-
@bulb I agree that if implemented correctly, this might end up being more secure. But I don't trust anyone to create a bug-free implementation and the fact that every web page is a potential malware source (assuming there is a flaw in the implementation) makes me worried
-
Copy-editing is hard, let's go shopping!
Good editing is an investiage of a bygone era.
-
The WebUSB API has landed, allowing web apps to access user permitted USB devices.
Finally. For bluetooth it already works since January: https://developers.google.com/web/updates/2017/01/nic56#webbluetooth
-
@rhywden "I bought a Sony product and it's shitty."
What a shocker.