DDR4 Memory Protections Are Broken Wide Open By New Rowhammer Technique

“An unprivileged application can corrupt data in memory by accessing ‘hammering’ rows of DDR4 memory in certain patterns millions of times a second, giving those untrusted applications nearly unfettered system privileges,” writes long-time Slashdot reader shoor. Ars Technica reports: Rowhammer attacks work by accessing — or hammering — physical rows inside vulnerable chips millions of times per second in ways that cause bits in neighboring rows to flip, meaning 1s turn to 0s and vice versa. Researchers have shown the attacks can be used to give untrusted applications nearly unfettered system privileges, bypass security sandboxes designed to keep malicious code from accessing sensitive operating system resources, and root or infect Android devices, among other things. All previous Rowhammer attacks have hammered rows with uniform patterns, such as single-sided, double-sided, or n-sided. In all three cases, these “aggressor” rows — meaning those that cause bitflips in nearby “victim” rows — are accessed the same number of times.

Research published on Monday presented a new Rowhammer technique. It uses non-uniform patterns that access two or more aggressor rows with different frequencies. The result: all 40 of the randomly selected DIMMs in a test pool experienced bitflips, up from 13 out of 42 chips tested in previous work (PDF) from the same researchers. “We found that by creating special memory access patterns we can bypass all mitigations that are deployed inside DRAM,” Kaveh Razavi and Patrick Jattke, two of the research authors, wrote in an email. “This increases the number of devices that can potentially be hacked with known attacks to 80 percent, according to our analysis. These issues cannot be patched due to their hardware nature and will remain with us for many years to come.”

The non-uniform patterns work against Target Row Refresh. Abbreviated as TRR, the mitigation works differently from vendor to vendor but generally tracks the number of times a row is accessed and recharges neighboring victim rows when there are signs of abuse. The neutering of this defense puts further pressure on chipmakers to mitigate a class of attacks that many people thought more recent types of memory chips were resistant to. In Monday’s paper, the researchers wrote: “Proprietary, undocumented in-DRAM TRR is currently the only mitigation that stands between Rowhammer and attackers exploiting it in various scenarios such as browsers, mobile phones, the cloud, and even over the network. In this paper, we show how deviations from known uniform Rowhammer access patterns allow attackers to flip bits on all 40 recently-acquired DDR4 DIMMs, 2.6x more than the state of the art. The effectiveness of these new non-uniform patterns in bypassing TRR highlights the need for a more principled approach to address Rowhammer.” While PCs, laptops, and mobile phones are most affected by the new findings, the report notes that cloud services like AWS and Azure “remain largely safe from Rowhammer because they use higher-end chips that include a defense known as ECC, short for Error Correcting Code.”

“Concluding, our work confirms that the DRAM vendors’ claims about Rowhammer protections are false and lure you into a false sense of security,” the researchers wrote. “All currently deployed mitigations are insufficient to fully protect against Rowhammer. Our novel patterns show that attackers can more easily exploit systems than previously assumed.”

Read more of this story at Slashdot.

Report: NVIDIA’s ARM Takeover Faces Second Antitrust/National Security Inquiry

The UK’s digital and cultural secretary will instruct the country’s Competition & Markets Authority to conduct “an in-depth inquiry into antitrust concerns” over NVIDIA’s purchase of ARM, reports the Sunday Times, “as well as scrutinise national security fears raised by the takeover….”

Engadget reports:

A second investigation would reportedly last about six months. After that, officials could either block the deal, approve it as-is or require concessions…

The tech firm has focused its energy so far on downplaying concerns about ARM’s neutrality if the deal closes, promising an open licensing model that treats customers fairly.

Any second investigation wouldn’t necessarily spell doom for NVIDIA’s acquisition. It would suggest the government has some qualms, however, and that NVIDIA might have to make some sacrifices. At the least, the company would have to be patient — it wouldn’t get UK approval until 2022 at the earliest, and it would still have to wait for other regulators before finalizing the merger.

In other news, ARM has joined the Rust Foundation.

Read more of this story at Slashdot.

Hydrogen and Hybrids: Toyota CEO Defends Combustion Engines, Saying ‘The Enemy Is Carbon’

This weekend Toyota’s president drove a specially-equipped Corolla powered by an in-house hydrogen engine, reports Bloomberg. “Along with Mazda Motor Corp., Toyota showcased vehicles running on carbon-neutral propellants in a three-hour road race this weekend in Okayama.”

Toyota’s hydrogen-powered car underscores the automaker’s belief that a wide variety of vehicle types — including hybrids and hydrogen-powered cars, in addition to electric vehicles — will play a role in decarbonizing its fleet over the coming decades. That puts the company in contrast to others, such as General Motors Co., Jaguar Land Rover and Volvo Car AB, which say they’ll sell only EVs two decades from now. “The enemy is carbon, not internal combustion engines,” Toyoda said at a briefing Saturday. “We need diverse solutions, that’s the path toward challenging carbon neutrality.”

Toyota says that that different emissions-reducing car technologies are needed for different regions of the world. EVs are a good option for places like Europe, where batteries can be charged with electricity derived largely from renewable sources, the automaker says. Other options, such as hydrogen or hybrids, may be a better fit in other regions.

The technology is separate from the company’s other big bet on hydrogen — hydrogen fuel cells such as those that power the Mirai passenger car. While fuel cells use the chemical reaction between hydrogen and oxygen to generate electricity, which in turn runs a motor, the hydrogen engine burns the element just like gasoline. Traditional engines only need to be tweaked in minor ways, such as changing out the fuel supply and injection systems, to make them capable of running on hydrogen, Toyota Chief Engineer Naoyuki Sakamoto said in a briefing last month. That also makes the technology a way to save some of the hundreds of thousands of jobs making parts related to combustion engines that are predicted to disappear in Japan if the automotive sector makes a full shift to EVs, according to Toyoda.

Read more of this story at Slashdot.

Will Self-Driving Cars Be Able to Handle… Bears?

A wild bear broke into a parked car looking for food. This set AI pundit Lance Eliot a-thinking…

The AI driving system of a self-driving car is always intact. A parked self-driving car is immediately able to become a moving car…. If the self-driving car is making use of its object detection system, even though the autonomous vehicle is parked, the AI driving capability would be alerted at [a hypothetical] pending crash that is about to occur… Depending upon what the AI developers anticipated, the AI driving system might activate the self-driving car and attempt to quickly drive away from the converging human-driven car.

For most makers of self-driving cars, this is an obscure "edge" case. But Eliot imagines a world where a self-driving car is parked next to a forest…

The human hiker has left the autonomous vehicle and has trekked somewhere deep in the woods. A bear meanders into the parking lot, looking for a free meal. If the AI driving system is using its object detection features, the bear would likely be detected. When the bear decides to wander directly toward the self-driving car, the AI driving system might activate the autonomous vehicle and drive away from the bear.

It is unclear if the bear will somehow divine that the self-driving car is capable of moving on its own accord… After a while, it seems plausible to suggest that bears will be concerned that those free meal containers (on wheels) seem to move away upon the bear approaching. This will possibly discourage some bears and they will steer clear of parked cars. Other bears might turn this into a game. Kind of hide-and-seek, of sorts. Approach a car, it moves away. Fun! Walk over to the car and see which way it goes next. A grand old time in the parking lot, that’s for sure.

And as long as we’re telling shaggy bear stories…
The odds are that self-driving cars will be designed differently on the interior than are conventional human-driven cars. For example, there is no need for a steering wheel and nor any need for the pedals. Those will no longer be included. The interior is opened up to allow for perhaps swiveling seats, possibly reclining seats so that you can sleep on a long journey inside a self-driving car. Given that type of interior, the bear is bound to find things a lot more comfortable inside a self-driving car than a conventional human-driven car. The next thing you know, bears will fall in love with self-driving cars, doing so because it is a quiet, spacious, and secure place to rest and relax. No need to worry about predators getting at the bear while relishing the plush and roomy interior….

A second question is whether the bears might figure out how to communicate with the AI driving system. You know, bears are pretty sharp. Perhaps a truly enterprising bear could convince the AI to take the bear for a cozy ride while inside the self-driving car.

Don’t be especially surprised if you start to see bears riding around in self-driving cars.

And please remember, you heard about it here, first.

Tech Billionaires Auctioning Twitter ‘Follows’ To Advance K-12 CS Education

theodp writes: Leading entrepreneurs and luminaries representing a swath of the technology sector are uniting to voice their support for Code.org and Hour of Code in a call for increased computer science access and equitable representation of women and people of color across the industry,” Code.org announced Thursday. “For a limited time from November 9 through December 2, a collective of leaders — including Marc Benioff, Stacy Brown-Philpot, Mark Cuban, Reid Hoffman, Ashton Kutcher, Ellen Pao, Jennifer Tejada, and more — are offering supporters the unique opportunity to receive an elusive Twitter “follow” from one of them, and at the same time, make a meaningful impact in advancing computer science education, particularly for young women and students from groups underrepresented in computer science.” Valued at $2,500-$5,000, the tech billionaires and others’ Twitter ‘follows’ are being auctioned by Charitybuzz.

Read more of this story at Slashdot.

Microsoft Is Very Determined That Kids Will Learn To Code Using Minecraft

theodp writes: On Tuesday, Code.org announced that the new activities for kids in this year’s Hour Of Code will include yet another Minecraft-themed tutorial from Code.org Diamond Supporter Microsoft, making it seven years in a row that the best-selling videogame of all time has ‘headlined’ the Hour of Code during the holiday buying season. Going into the Hour of Code in 2018, Microsoft boasted that 100+ million Minecraft Hour of Code tutorials had already been logged by students.

In this year’s Hour of Code: TimeCraft tutorial, kids will “learn basic coding concepts to correct mysterious mishaps throughout history!” An accompanying one-size-fits-all lesson plan for ages 6-18 instructs students to: “Experience a choose-your-own-adventure game, exploring key moments in human achievement. Using your coding superpowers, save the future by solving mysterious mishaps in time.” Among other things, the coding challenges have K-12 students travel back in time to save Jazz from a kazoo future, prevent the Great Pyramids from being built as cubes, save the Great Wall of China from destruction by pandas, and wipe the frown off of the Mona Lisa. New this year, Microsoft notes, is that educators can sign up to have a Microsoft Education Expert lead their classroom through an Hour of Code lesson with Minecraft, thanks to the magic of Microsoft Teams Live Events.

Read more of this story at Slashdot.

Microsoft Makes Visual Studio 2022 and .NET 6 Generally Available

On November 8, Microsoft made generally available to users worldwide its latest versions of Visual Studio and .NET. Users can download Visual Studio 2022 and .NET 6 starting today. From a report: Visual Studio 2022 is the first release of a 64-bit version of Visual Studio. By making Visual Studio 64-bit, officials said that they expect the release to better use all system resources, especially when working with more complex solutions over longer periods. According to Microsoft, during early VS 2022 testing, customers were able to run the VS IDE for days, even with solutions containing 700 or more projects.

Visual Studio 2022 also includes a number of edits and debug improvements. It also provides Hot Reload, which allows developers to edit their source code while their apps are running in Visual Studio 2022 and from the .NET CLI. , It also has Live Preview capabilities and cross-platform testing on Linux, among other new and improved features. Visual Studio 2022 is available for immediate download. The release notes for Visual Studio 2022 v.17 are here.

Read more of this story at Slashdot.

Will Self-Driving Cars Be Able to Handle… Bears?

A wild bear broke into a parked car looking for food. This set AI pundit Lance Eliot a-thinking…

The AI driving system of a self-driving car is always intact. A parked self-driving car is immediately able to become a moving car…. If the self-driving car is making use of its object detection system, even though the autonomous vehicle is parked, the AI driving capability would be alerted at [a hypothetical] pending crash that is about to occur… Depending upon what the AI developers anticipated, the AI driving system might activate the self-driving car and attempt to quickly drive away from the converging human-driven car.

For most makers of self-driving cars, this is an obscure "edge" case. But Eliot imagines a world where a self-driving car is parked next to a forest…

The human hiker has left the autonomous vehicle and has trekked somewhere deep in the woods. A bear meanders into the parking lot, looking for a free meal. If the AI driving system is using its object detection features, the bear would likely be detected. When the bear decides to wander directly toward the self-driving car, the AI driving system might activate the autonomous vehicle and drive away from the bear.

It is unclear if the bear will somehow divine that the self-driving car is capable of moving on its own accord… After a while, it seems plausible to suggest that bears will be concerned that those free meal containers (on wheels) seem to move away upon the bear approaching. This will possibly discourage some bears and they will steer clear of parked cars. Other bears might turn this into a game. Kind of hide-and-seek, of sorts. Approach a car, it moves away. Fun! Walk over to the car and see which way it goes next. A grand old time in the parking lot, that’s for sure.

And as long as we’re telling shaggy bear stories…
The odds are that self-driving cars will be designed differently on the interior than are conventional human-driven cars. For example, there is no need for a steering wheel and nor any need for the pedals. Those will no longer be included. The interior is opened up to allow for perhaps swiveling seats, possibly reclining seats so that you can sleep on a long journey inside a self-driving car. Given that type of interior, the bear is bound to find things a lot more comfortable inside a self-driving car than a conventional human-driven car. The next thing you know, bears will fall in love with self-driving cars, doing so because it is a quiet, spacious, and secure place to rest and relax. No need to worry about predators getting at the bear while relishing the plush and roomy interior….

A second question is whether the bears might figure out how to communicate with the AI driving system. You know, bears are pretty sharp. Perhaps a truly enterprising bear could convince the AI to take the bear for a cozy ride while inside the self-driving car.

Don’t be especially surprised if you start to see bears riding around in self-driving cars.

And please remember, you heard about it here, first.

Bitcoin White Paper’s 13th Anniversary Celebrated with Decentralized Pizza (and Gilbert Gottfried)

Today the iconic Bitcoin white paper “celebrates thirteen years of financial disruption,” notes Cointelegraph, “after being first published on Oct. 31, 2008, by an anonymous person or entity named Satoshi Nakamoto.” (Here’s a 2013 story from Slashdot about version 0.3.)
Cointelegraph writes:

The white paper, titled Bitcoin: A Peer-to-Peer Electronic Cash System, foresaw the need for a peer-to-peer online payment system that is self-governing, secure and limited in quantity. The Bitcoin network was launched on Jan. 3, 2009, with each Bitcoin priced at $0.0008…. Today, Bitcoin maintains a stable trading value well above $60k after experiencing a gradual appreciation of 7,749,999,900% since its launch.

Cointelegraph celebrated the anniversary by embedding a video of the original bitcoin white paper being read by comedian Gilbert Gottfried — but they weren’t the only ones. Entrepreneur/investor Anthony Pompliano celebrated with the return of what he describes as a decentralized pizzeria” named Bitcoin pizza. (An interactive online map shows participating locations around the U.S.A. where pizzas can be ordered with cash or with 0.0003 BTC — either through the web site or through the Uber Eats app.)

“If you want to pay for your pizza in bitcoin, I will gladly take your bitcoin,” Pompliano says in a video posted to Twitter. “I don’t think that you should use your bitcoin to buy the pizza — but we now accept bitcoin.” The five available topping combos even have bitcoin-themed names like “No Keys, No Cheese” and “Satoshi’s Favorite” — and the pizzas are all delivered in a special commemorative bitcoin-themed pizza box. “Every single dollar that I make from this, I donate to bitcoin developers,” Pompliano explains in the video. “I make zero dollars from Bitcoin Pizza.”

“And we’re going to keep building this until eventually we are the single largest independent pizza chain in the United States. And then after we become the single largest independent pizza chain in the United States, we’re going to turn around, and then we’re going to go international.”

A Cryptocurrency-Trading Hamster Beats Warren Buffett’s Performance – and the S&P 500

“What if we told you there was a hamster who has been trading cryptocurrencies since June — and recently was doing better than Warren Buffett and the S&P 500?” asks NPR:

Meet Mr. Goxx, a hamster who works out of what is possibly the most high-tech hamster cage in existence.

It’s designed so that when Mr. Goxx runs on the hamster wheel, he can select among dozens of cryptocurrencies. Then, deciding between two tunnels, he chooses whether to buy or sell. According to the Twitch account for the hamster, his decision is sent over to a real trading platform — and yes, real money is involved.
Last Monday, after 100 days the hamster’s portfolio was up 48%, reports one site, “before Bitcoin tumbled, which brought the rest of the crypto market down with it.” But the hamster’s portfolio is still up nearly 30% since he started trading in June, the article points out, “outperforming Bitcoin, the S&P 500, and even Warren Buffett’s Berkshire Hathaway.”

The hamster’s business partner adds that profits aren’t yet enough to cover the initial investment on Mr. Goxx’s cage. And there’s other issues…
“Since Mr. Goxx is an honorable business rodent, he must calculate with about 35% tax being subtracted on all his returns, so there is still some work left before he can really talk about making money.”