The Linkielist

Linking ideas with the world

The Linkielist

Daily Archives: March 19, 2020

no Intel Management Engine: Purism lifts lid on the Librem Mini, a privacy-focused micro PC

Posted on by

Purism has dropped the veil on the latest computer in its privacy-focused lineup – a small form-factor PC designed for space-conscious free software enthusiasts.

Available to pre-order now, the Librem Mini packs an eighth-generation, quad-core Whiskey Lake i7-8565U processor, modified with Purism’s Pureboot technology. At its heart, this aims to minimise any potential third-party interference with the operation of the computer – particularly during the boot phase, where it is potentially vulnerable.

It accomplishes this by thoroughly excising the Intel Management Engine, which Purism regards as an untrustworthy black-box baked into the heart of the processor, along with other software-level approaches. These include the use of the free software Coreboot BIOS, as well as the Purism-developed Heads, which aims to identify potential tampering within the BIOS, Kernel, and GRUB config.

In terms of expansibility, the machine packs a SATA and M.2 slot, and comes with two SODIMM slots, which can be filled with up to 64GB of RAM. There’s no dedicated graphics to speak of, but it does include Intel’s UHD 640 integrated graphics. Aside from a smattering of USB-A and USB-C slots, the Librem Mini also includes both Display and HDMI slots.

There’s also a standard RJ45 Ethernet slot – although you can add WiFi and Bluetooth via an optional Atheros ATH9k jack.

The Librem Mini has a small footprint, measuring just 5 inches across and weighing just 1kg – which is lighter than many laptops.

This machine is the latest in a growing lineup of machines that cater to the privacy-centric punter, including the Librem 13 and 15 laptops. Purism is also in the process of developing a smartphone platform to run on its own Linux-based PureOS operating system, and a baseband fully separate from the CPU. The firm has raised $2 million via crowdfunding for this effort and is expected to ship the first units later this year.

Pre-orders for the Librem Mini are open now. Retailing at $699, the base model packs 8GB of RAM and 256GB of NVMe storage. Units will ship one month after the firm has reached its (relatively modest) $50,000 pre-order goal.

Purism touts the Librem Mini as a potential mini-desktop or media server, although El Reg feels the use-case isn’t really as relevant as the potential customer. Greater awareness of privacy – and the way it’s gradually being eroded – has created an appetite for such devices, as demonstrated by Purism’s previous crowdfunding accomplishments. And if you want to excise a greater control over how you use your computer, this machine will undoubtedly appeal to you. ®

Source: Look ma, no Intel Management Engine: Purism lifts lid on the Librem Mini, a privacy-focused micro PC • The Register

What good is investing in space? NASA Spinoff magazine shows you which technologies have trickled down to everyday life

Posted on by

Since 1976, Spinoff has annually profiled an average of 50 commercial technologies with origins in NASA missions and research. Issues of Spinoff published since 1996 can be read online in HTML or downloaded in PDF. Scanned copies of Spinoff are available in PDF for issues published between 1976 and 1995.

Spinoff 2020

Click here to read online (HTML)

Download a copy of Spinoff 2020 (PDF)

Spinoff 2020 Summary Brochure (PDF)

Spinoff 2020 PowerPoint Presentation (PPT)

Source: NASA Spinoff 2020

On the shoulders of giants: recent changes in Internet traffic

Posted on by

As the COVID-19 emergency continues and an increasing number of cities and countries are establishing quarantines or cordons sanitaire, the Internet has become, for many, the primary method to keep in touch with their friends and families. And it’s a vital motor of the global economy as many companies have employees who are now working from home.

Traffic towards video conferencing, streaming services and news, e-commerce websites has surged. We’ve seen growth in traffic from residential broadband networks, and a slowing of traffic from businesses and universities.

The Cloudflare team is fully operational and the Network Operating Center (NOC) is watching the changing traffic patterns in the more than 200 cities in which we operate hardware.

Big changes in Internet traffic aren’t unusual. They often occur around large sporting events like the Olympics or World Cup, cultural events like the Eurovision Song Contest and even during Ramadan at the breaking of the fast each day.

The Internet was built to cope with an ever changing environment. In fact, it was literally created, tested, debugged and designed to deal with changing load patterns.

Over the last few weeks, the Cloudflare Network team has noticed some new patterns and we wanted to share a few of them with you.

Entire countries are watching their leaders

Last Friday evening, the US President announced a State of Emergency in the United States. Not so long after, our US data centers served 20% more traffic than usual. The red line shows Friday, the grey lines the preceding days for comparison.

On the Sunday, March 15, the Dutch government announced on the radio at 1730 local time closures of the non-essential business (1630 UTC). A sharp dip in the regular Sunday traffic followed:

The French president made two national announcements, on March 12 (pink curve) and March 16 (red curve) at 2000 local time (1900 UTC). The lockdown announcement on March 16 caused French traffic to dip by half followed by a spike:

Evolution of traffic in quarantine

Italy has seen a 20-40% increase in daily traffic since the lockdown:

With universities closing, some national research networks are remaining (almost) as quiet as a weekend (in purple). Current day in red and previous days in grey (overlaps with previous week):

The Internet Exchange Points, a key part of the Internet infrastructure, where Internet service providers and content providers can exchange data directly (rather than via a third party) have also seen spikes in traffic. Many provide public traffic graphs.

In Amsterdam (AMS-IX), London (LINX) and Frankfurt (DE-CIX), around 10-20% increase is seen around March 9th:

In Milan (MXP-IX), the Exchange point shows a 40% increase on Wednesday, 9th of March 2020, the day of the quarantine:

In Asia, in Hong Kong (HKIX), we can observe a faster increase since the end of January which likely corresponds to the Hubei lockdown on the January 23:

The emergency has a non-negligible impact on Internet services and our lives. Although it is difficult to quantify exactly the increase, we observe numbers from 10% to 40% depending on the region and the state of government action in those regions.

Even though from time to time individual services, such as a web site or an app, have outages the core of the Internet is robust. Traffic is shifting from corporate and university networks to residential broadband, but the Internet was designed for change.

Check back on the Cloudflare blog for further updates and insights.

Source: On the shoulders of giants: recent changes in Internet traffic

Tesla Told Employees to Show Up for Work on Wednesday Despite Shelter-in-Place Order

Posted on by

Electric car company Tesla asked employees to show up to work on Wednesday despite the ongoing coronavirus pandemic, including at its sprawling Fremont, California, production facility, according to emails obtained by CNBC.

[…]

According to CNBC, in an email to workers on Wednesday, Tesla North America HR leader Valerie Workman wrote the company had received “conflicting guidance from different levels of government.” But she suggested that many Tesla jobs are “essential,” mirroring the language of the shelter-in-place order and ignoring a clear directive from the Alameda County Sheriff’s Office that only “minimum basic operations” can continue.

“There are no changes in your normal assignment and you should continue to report to work if you are in an essential function: production, service, deliveries, testing and supporting groups as discussed with your manager,” Workman wrote. She added that Tesla workers would not be penalized for using paid time off if they do not feel well or are “reluctant to come to work.”

According to the Los Angeles Times, Tesla CEO Elon Musk—who is not a doctor or public health expert, but has fought claims of unsafe conditions at Tesla facilities for years—downplayed concerns about the virus in a Monday email to staff. Musk wrote “My frank opinion is that the harm from the coronavirus panic far exceeds that of the virus itself” and stated his belief that covid-19 cases “will not exceed 0.1% of the population.”

“I will personally be at work, but that’s just me,” Musk wrote. “I’d rather you were at home and not stressed, than at work and worried.”

Sgt. Ray Kelly, a spokesman for the Alamedia sheriff, told CNBC that “Our directive was clear” and trying to prevent a slump in production does not constitute an essential service. Many other automakers including General Motors, Ford, and Fiat Chrysler have temporarily suspended U.S. car production on a rotating basis.

According to Bloomberg, an Alameda County spokesperson said that Tesla is preparing to reduce staffing at the facility by 75 percent, though the company didn’t reply to their request for comment.

Update: 3/18/2010 at 9:25 p.m. ET: Per the LA Times, Tesla said it had 2,500 workers on site on Wednesday, about 25 percent of the factory’s normal workforce.

Kelly told the Times that the county “had a good conversation with Tesla today. They understand our position. The county explained they cannot continue their business as usual. They have to go on a minimum operations basis.”

Kelly added that as of Wednesday “it sounds like they’re still making cars,” but that “Tesla is not going to decide what the law is.” If the company continues production despite the workforce reduction the Fremont Police Department may get involved, he added.

Source: Tesla Told Employees to Show Up for Work on Wednesday Despite Shelter-in-Place Order

7.5-Inch E-Ink Display Is Powered Completely By NFC

Posted on by

NFC is usually only used to for quick text transfers, like a tap-and-pay transaction at a register or a quick data transfer from an NFC sticker. A company called “Waveshare” is really pushing the limits of NFC, though, with a 7.5-inch e-ink display that gets its data, and its power, from an NFC transfer. The $70 display doesn’t have a battery and doesn’t need a wired power connection. E-paper (or e-ink) displays have the unique property of not needing power to maintain an image. Once a charge blasts across the display and correctly aligns pixels full of black and white balls, everything will stay where it is when the power turns off, so the image will stick around. You might not have thought about it before, but in addition to data, NFC comes with a tiny wireless power transfer. This display is designed so that NFC provides just enough power to refresh the display during a data transfer, and the e-ink display will hold onto the image afterward.

NFC data transfers max out at a whopping 424 kbit/s. While that’s enough for an instant transfer of credit card data or a URL, the 800×400 image the display needs will take several seconds. Waveshare says the display takes five seconds just to refresh, and that doesn’t count the data transfer, which will vary depending on how complex your image is. The video shows a start-to-finish refresh that takes 10 seconds. If you want to use a phone, an Android app will convert your image into several different black-and-white styles and beam it to the display. Sadly, there’s no iOS app yet. iOS apps didn’t have the ability to write to NFC devices for the longest time. Writing to NFC was added with the launch of iOS 13, which only happened a few months ago.

Source: 7.5-Inch E-Ink Display Is Powered Completely By NFC – Slashdot

HP printers try to send loads of data back to HP about your devices and what you print

Posted on by

NB you can disable outgoing communication in the public network using windows defender by using the instructions here (HP).

They come down to opening windows defender firewall, allowing an app or feature through windows defender firewall, searching for HP and then deselecting the public zone.

At first the setup process was so simple that even a computer programmer could do it. But then, after I had finished removing pieces of cardboard and blue tape from the various drawers of the machine, I noticed that the final step required the downloading of an app of some sort onto a phone or computer. This set off my crapware detector.

It’s possible that I was being too cynical. I suppose that it was theoretically possible that the app could have been a thoughtfully-constructed wizard, which did nothing more than gently guide non-technical users through the sometimes-harrowing process of installing and testing printer drivers. It was at least conceivable that it could then quietly uninstall itself, satisfied with a simple job well done.

Of course, in reality it was a way to try and get people to sign up for expensive ink subscriptions and/or hand over their email addresses, plus something even more nefarious that we’ll talk about shortly (there were also some instructions for how to download a printer driver tacked onto the end). This was a shame, but not unexpected. I’m sure that the HP ink department is saddled with aggressive sales quotas, and no doubt the only way to hit them is to ruthlessly exploit people who don’t know that third-party cartridges are just as good as HP’s and are much cheaper. Fortunately, the careful user can still emerge unscathed from this phase of the setup process by gingerly navigating the UI patterns that presumably do fool some people who aren’t paying attention.

But it is only then, once the user has found the combination of “Next” and “Cancel” buttons that lead out of the swamp of hard sells and bad deals, that they are confronted with their biggest test: the “Data Collection Notice & Settings”.

In summary, HP wants its printer to collect all kinds of data that a reasonable person would never expect it to. This includes metadata about your devices, as well as information about all the documents that you print, including timestamps, number of pages, and the application doing the printing (HP state that they do stop short of looking at the contents of your documents). From the HP privacy policy, linked to from the setup program:

Product Usage Data – We collect product usage data such as pages printed, print mode, media used, ink or toner brand, file type printed (.pdf, .jpg, etc.), application used for printing (Word, Excel, Adobe Photoshop, etc.), file size, time stamp, and usage and status of other printer supplies. We do not scan or collect the content of any file or information that might be displayed by an application.

Device Data – We collect information about your computer, printer and/or device such as operating system, firmware, amount of memory, region, language, time zone, model number, first start date, age of device, device manufacture date, browser version, device manufacturer, connection port, warranty status, unique device identifiers, advertising identifiers and additional technical information that varies by product.

HP wants to use the data they collect for a wide range of purposes, the most eyebrow-raising of which is for serving advertising. Note the last column in this “Privacy Matrix”, which states that “Product Usage Data” and “Device Data” (amongst many other types of data) are collected and shared with “service providers” for purposes of advertising.

HP delicately balances short-term profits with reasonable-man-ethics by only half-obscuring the checkboxes and language in this part of the setup.

At this point everything has become clear – the job of this setup app is not only to sell expensive ink subscriptions; it’s also to collect what apparently passes for informed consent in a court of law. I clicked the boxes to indicate “Jesus Christ no, obviously not, why would anyone ever knowingly consent to that”, and then spent 5 minutes Googling how to make sure that this setting was disabled. My research suggests that it’s controlled by an item in the settings menu of the printer itself labelled “Store anonymous usage information”. However, I don’t think any reasonable person would think that the meaning of “Store anonymous usage information” includes “send analytics data back to HP’s servers so that it can be used for targeted advertising”, so either HP is being deliberately coy or there’s another option that disables sending your data that I haven’t found yet.

I bet there’s also a vigorous debate to be had over whether HP’s definition of “anonymous” is the same as mine.

I imagine that a user’s data is exfiltrated back to HP by the printer itself, rather than any client-side software. Once HP has a user’s data then I don’t know what they do with it. Maybe if they can see that you are printing documents from Photoshop then they can send you spam for photo paper? I also don’t know anything about how much a user’s data is worth. My guess is that it’s depressingly little. I’d almost prefer it if HP was snatching highly valuable information that was worth making a high-risk, high-reward play for. But I can’t help but feel like they’re just grabbing whatever data is lying around because they might as well, it might be worth a few cents, and they (correctly) don’t anticipate any real risk to their reputation and bottom line from doing so.

Recommended for who?

Source: HP printers try to send data back to HP about your devices and what you print | Robert Heaton

NASA makes their entire media library publicly accessible and copyright free

Posted on by

No matter if you enjoy taking or just watching images of space, NASA has a treat for you. They have made their entire collection of images, sounds, and video available and publicly searchable online. It’s 140,000 photos and other resources available for you to see, or even download and use it any way you like.

You can type in the term you want to search for and browse through the database of stunning images of outer space. Additionally, there are also images of astronauts, rocket launches, events at NASA and other interesting stuff. What’s also interesting is that almost every image comes with the EXIF data, which could be useful for astrophotography enthusiasts.

When you browse through the gallery, you can choose to see images, videos or audio. Another cool feature I noticed is that you can narrow down the results by the year. Of course, I used some of my time today to browse through the gallery, and here are some of the space photos you can find:

What I love about NASA is that they make interesting content for average Internet users. They make us feel closer and more familiar with their work and with the secrets of the outer space. For instance, they recently launched a GIPHY account full of awesome animated gifs. It’s also great that photography is an important part of their missions, and so it was even before “pics or it didn’t happen” became the rule. The vast media library they have now published is available to everyone, free of charge and free of copyright. Therefore, you can take a peek at the fascinating mysteries of space, check out what it’s like inside NASA’s premises, or download the images to make something awesome from them. Either way, you’ll enjoy it.

[NASA Image and Video Gallery via SLR Lounge; Credit: NASA/JPL-Caltech]

Source: NASA makes their entire media library publicly accessible and copyright free – DIY Photography