I'm not at all familiar with the Xbox One, but this is a feature that's generally available if you're designing "closed" hardware like a console. Most SoC these days have some sort of security processor that runs in its own little sandbox and can monitor different things that suggest tampering (e.g. temperatures, rail voltages, discrete tamper I/O) and take a corrective action. That might be as simple as resetting the chip, but often you can do more dramatic things like wiping security keys.
But this exploit shows that it's still almost impossible to protect yourself from motivated attackers with local access. All of that security stuff needs to get initialized by code that the SoC vendor puts in ROM, and if there's an exploit in that, you're hooped.
This attack is on the early models that didn't have those protections enabled. The researcher surmised that later models do indeed have anti-glitching mechanisms enabled.
I've been working 4/10 schedule (4 days, but 10 hours/day, so I still work 40 hours). It's a HUGE perk, and is the biggest thing keeping me at my current job.
Honestly I think the dirty secret is most peoples work output, especially in white collar work, is not linear. I'm willing to bet if you are even able to quantify your output (I don't believe most people can do that unless they are merely a fungible cog in some production process), you'd get the same exact amount of work done in a year working 4 10s or 4 8s or 4 5s I'd even bet.
Think of the classic case of the deadline and what it actually means. Case A, you didn't procrastinate. You took plenty of time to think on the problem, work on a solution at an unhurried pace, put it aside, come back to it, and solve it before it is due. And then, it is done.
Case B, you did procrastinate. You have no time at all to think all day, you immediately do and iterate. Four hours later you've sprinted and delivered. And then, it is done, same as it would have been if you didn't procrastinate, maybe 10 fold reduction in time.
And that is worst case examples. Typical case is probably somewhere between these A and B, but the point is non linear time to output.
Happiest and most productive I've ever been was working 4/10 with a start time at 2 p.m. No morning sluggishness walking into work after lunch, zero-traffic commute, off Fridays so I'd still have a social life far, far away from morning people. Dated a nurse who also worked night shifts and just went on weekday lunch dates or closed down bars.
First time around, luck mostly. Happened to get hired by a company that switched to this schedule. I eventually left for higher pay (but gave up my Fridays). Eventually got laid off, and a friend who was still there managed to get me a spot back on her team. By that time, they'd embraced remote work during Covid and decided to keep it permanently.
Granted, I could probably be making way more if I were to leave - I took a pay cut when I went back the second time. But at this point in my career, I value the 4/10 and lower stress job (no on-call rotation) more.
Even the EU initiative Wero requires Google or Apple. You can't even use it on a desktop pc and you're not even allowed to have developer options on. Ridiculous. I've never seen any app that is so strict.
That's not exactly right, Wero the app is not Wero the payment system. Banks and payment processors are expected to integrate Wero the same way they do with iDeal and similar systems. So ultimately if your bank's app doesn't require attestation you will be able to use Wero through it.
Weird, because Wero is an internationalization of the dutch iDeal and that worked fine without any apps. You clicked ‘continue to bank’, select your bank, and then login on the bank web portal.
American here who values individual liberties greatly. I know things are politically tense at the moment, but I’m not sure I understand this popular contemporary sentiment.
I’ve always believed governments and companies should be regarded with fairly low trust, and the behavior of big tech companies and some recent government actions are great examples why.
But what disappoints me a bit about this moment is (the perhaps inevitable?) response to nationalism with more nationalism.
Just as I didn’t seek to punish the EU over authoritarianism in Hungary and Poland, I feel the current moment has many responding to the symptoms instead of the sources of the problems. This is not a defense of policies I believe concern you, it’s a question of priorities.
I think the author of the article got it right. Because in addition to privacy, I believe one should be able to navigate the internet freely without a mandate to do business with monopolistic dominant companies, which includes rights like ownership of your data.
I don't think this is about the current situation in the US.
Big US tech companies are infamous for not following the EU's data protection rules, and they wouldn't even able to, because some US regulations (I think PRISM, FISA and others) are incompatible with the requirements of EU GDPR.
This dates back at lest to Snowden leaks and the invalidation of EU-US data protection agreements by Schrems judgments.
Ironically it was quiet enough in our previous apartment, but moving to a house we now have the neighbor using their awfully loud snow-spitting machine before 6AM after snowy nights... (And it snows a lot)
Noise is one of the things that improved moving to an apartment for me. We've got bylaws about noise with quiet periods, bans on bothersome noise, a smoking ban and a (loud) pet ban. We also have better windows that block noise, and decent noise insulation in the floors despite the hard flooring.
Compared to suburbia where neighbours started mowing at 7am, loud parties went late into the night and dogs barked all day, it's oddly quiet.
I don't see how this would bypass the need for a warrant. It'd allow for picking the lock rather than breaking it when you _do_ have a warrant (and whoever has the key isn't available or isn't cooperating).
I have seen cops use lockpicking guns while serving warrants. I would much rather them do that then break the door down. Hopefully projects like this can make this better. Even though it’s cool enough on its own to exist just because
Even if the person is stone guilty I don’t think the police should be willy nilly destroying property in the process of serving a warrant.
I know much of the focus is rightly on increasing accountability for the damage done to humans, but I always cringe at the thought of how much damage they can cause while performing a search. Imagine if your kid, or roommate had a warrant and they came in, smashed all your drywall and left you with the bill.
> I would much rather them do that then break the door down
The fact that law enforcement isn't responsible for damages during a search is problematic. When it's done somewhere when they've screwed up the address is even worse. "oops, sorry" should not be enough.
Ah, that leaves us where we are now: able to recognize excessive force and excessive damage, but lacking the ability to punish the people responsible, who also decide not to pay victims anything.
I could potentially see value in a car with a smaller built-in battery for use around town, and an empty space for a larger battery, that you rent from swap stations for longer road trips. Of course, that doesn't work with anything on the road today.
reply