A group of chemists at the University of Hawaii published a paper in Organic Letters documenting numerous ways that the math performed by Python differs across the operating systems Python code can be run on (archived). The scripts revealing Pythonistic mathematics to be operating system dependent were intended to process nuclear magnetic resonance spectroscopy data. The scripts were originally described in Nature Protocols in 2014 went so far as to offer differing results across Mac OS X releases. This is far from the first indictment of misapplying computing tools in the modeling of reality.
Microsoft featured speaker and human mushroom Richard Stallman has been targeted for depersoning and eviction at MIT over his defense of Minsky's enjoyment of friendship with Jeffery Epstein (archived, archived). Stallman erred by engaging the new leftist insanity within the pedantic framework of his old leftist insanity. The cultural revolution in the Anglo colonies appears to be continuing its pursuit of passive, derealized purity.
Yet another set of "Baseband Management Controllers" has been documented to compromise the systems in which they are implanted (archived). This latest batch of openings allows access from the network to a "virtual USB hub", and that vitual USB hub allows all of the mischief possible with a physical USB port. Or, almost all of it. The virtual USB port can't be meaningfully plugged with virtual epoxy to the same effect a real port can be plugged with real epoxy.
A defect in the Vim and Neovim text editors has been found which allows the execution of commands when hostile text files are opened though an opening provided by "modelines" functionality intented to specify custom editor options (archived). One again there is no substitute for hygiene to keep the vermin away.
The ROWHAMMER vulnerability in DRAM which allows running processes to fuck with memory allocated to other processes is being developed into reliable side channel leaks reading from memory (archived). The importance of computing hygiene continues to be supported by the unforgiving march of time.
The full text of the academic paper is presented below: Continue reading
More than 50,000 machines running Microsoft SQL server have been captured through a piece of malware calling itself Nanshou (archived). The captured machines have pressed into service of their new masters and made to slave away in the altcoin mines. Microsoft SQL server software listening on a port open to the attacker provides all the opening Nanshou needs to capture root on affected boxes.
Microsoft has announced that while making their newest browser from Google's Chromium code, they will also be including a legacy "Internet Explorer Mode" for "businesses" and South Korea (archived). Apparently Microsoft's accumulated technical debt is so great that in brushing away the mess of its past, it needs to bundle the mess it was trying to escape with the perceived solution.
A mere 15 months after its initial release, a wide variety of weaknesses and leaks have been documented in the WPA3 "secure" Wifi protocol (archived). Problems include handshake trouble, a transition mode allowing reversion to earlier known weak protocols, and a number of side channel leaks.
Jeff Bezos and his beleaguered ex-wife MacKenzie have reached a divorce agreement which will make Jeff's ex the "World's 4th Richest Woman" holding a 4% stake in Amazon valued at ~35 billion USD (archived). MacKenzie declined to take stakes in Jeff's rocket startup Blue Origin or Jeff's troubled Washington Post gossip network. MacKenzie is ceding her stock's voting rights to Jeff for 25 years. The dissolution of the Bezos household comes after Bezos indiscretely dipped into a nearly 50 year old matron behind MacKenzie's back.
Bezos has taken to blaming the House of Saud for hacking his phone and leaking his sexts in recent days (archived).
A remote code execution vulnerability for the .Org WordPress fork has been reported (archived). At the core of this issue is Auttomattic's refusal to have their software do any sort of checking when comments are involved, a flaw which has left the bulk of WordPress blogs open to being used as DDoS participants. Because why would they fix structural problems? Why fix the grave structural problems making the software a public nuissance, when they can wait and patch particular problems only as they are exploited?