Conversation

Notices

1. Embed this notice
   mhoye (mhoye@mastodon.social)'s status on Monday, 15-Dec-2025 12:50:39 JST mhoye

   This both real and a decent metaphor, so it is time for me to re-tell a story.

   Ever heard of The Ping Of Death?

   There was a couple of years there - years, hand to god - where you could throw a single malformed or too-large packet across the network at any IP you could see, and if you malformed it just right for its OS, you could crash the machine. You could kill a Windows machine with one line in cmd.exe.

   It was bad, but almost nobody knows how bad.

   https://mastodon.social/@Natasha_Jay@tech.lgbt/115719291112552201

   • Rich Felker repeated this.
   • Embed this notice
     ✧✦Catherine✦✧ (whitequark@mastodon.social)'s status on Monday, 15-Dec-2025 12:50:37 JST ✧✦Catherine✦✧

     in reply to

     @mhoye anyway, as a matter of principle, i don't think it's reasonable to call abstractions lies. it's a catchy thing to throw out while failing to cope with burnout, but like, my camera didn't ask for "not a Linux machine", it asked for some SCSI, it doesn't give a fuck what provides that SCSI

   • Embed this notice
     mhoye (mhoye@mastodon.social)'s status on Monday, 15-Dec-2025 12:50:38 JST mhoye

     in reply to

     Because you don't have a "network interface card", you have an ARM cpu, maybe even a whole-ass ARM SOC, handling ethernet frames on one side and talking PCI on the other.

     You don't even have SD cards, because "memory cards" don't exist. That terabyte of storage the size of your thumbnail you bought? That's an ARM CPU managing the wear levels on its crap-ass flash backing storage while pretending to be a hard drive on the other side.

     You don't know how many computers are in your computer.

     ✧✦Catherine✦✧ and Rich Felker repeated this.
   • Embed this notice
     ✧✦Catherine✦✧ (whitequark@mastodon.social)'s status on Monday, 15-Dec-2025 12:50:38 JST ✧✦Catherine✦✧

     in reply to

     @mhoye i make a device to hack on these things. i ... don't know how many computers are in my computer, but i know a _lower bound_. also an upsetting amount of them are 8051's. your LCD controller? 8051. that SD card controller? quite probably, 8051 with an accelerator (could be ARM these days). or maybe it's an ARM booted by a 8051, that's a thing too

     Rich Felker repeated this.
   • Embed this notice
     mhoye (mhoye@mastodon.social)'s status on Monday, 15-Dec-2025 12:50:39 JST mhoye

     in reply to

     Because the Ping Of Death was an RCE. If you sent _just the right_ kind of malformed or too large packet - and you cleaned up after yourself - you suddenly had a system where you could basically ask any computer you could see to do whatever you wanted, and it would do that for you and then quietly go on its way.

     I was temping for Global Affairs Canada in the late 90s, then called DFAIT; I got to hang with some old-school-then, semi-retired CSIS sigint guys.

     They thought the internet was great.

   • Embed this notice
     mhoye (mhoye@mastodon.social)'s status on Monday, 15-Dec-2025 12:50:39 JST mhoye

     in reply to

     I'm sure the situation has improved - I don't think winsock.dll or Wolverine have ever had a proper pentest teardown, even for historical amusement's sake - but I have to assume, given that we live in a world where there are no specialized chips anymore, and everything from the boutique brand-namiest NICs to the dodgiest junk you'd find in a Shenzhenese dumpster is a general-purpose CPU running some tiny OS of questinably determinate provenance, that... well, you have to wonder.

     Paul Cantrell repeated this.
   • Embed this notice
     Graham Sutherland / Polynomial (gsuberland@chaos.social)'s status on Monday, 15-Dec-2025 13:40:29 JST Graham Sutherland / Polynomial

     in reply to

     • ✧✦Catherine✦✧

     @whitequark @mhoye some of the MPS polyphase buck controllers now contain a whole customer-programmable MCU. I keep meaning to trawl through leaked motherboard docs to see if I can find one where the vendor made the colossally terrible mistake of attaching the programming interface to the host. fun way to enable permabricking your board.

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Monday, 15-Dec-2025 13:42:02 JST Rich Felker

     in reply to

     • ✧✦Catherine✦✧

     @whitequark @mhoye The problem comes when the thing hidden under the abstraction has gaping vulnerabilities or performance or stability issues...

   • Embed this notice
     ✧✦Catherine✦✧ (whitequark@mastodon.social)'s status on Monday, 15-Dec-2025 13:46:36 JST ✧✦Catherine✦✧

     in reply to

     • Rich Felker

     @dalias @mhoye this doesn't really with there being an abstraction or not.

     e.g. the ever-popular FX2LP chips had a "non-abstraction" implementation of USB (instead of a CPU doing it, it's all done completely in hard logic) with functionality which, were it undocumented, would be considered a backdoor (always-on USB request that can stop the CPU and write anywhere in system memory)

     sometimes baking stuff into the silicon is a good idea! sometimes it's just a way to make bugs unfixable though.

   • Embed this notice
     ✧✦Catherine✦✧ (whitequark@mastodon.social)'s status on Monday, 15-Dec-2025 13:49:22 JST ✧✦Catherine✦✧

     in reply to

     • Rich Felker

     @dalias @mhoye (come to think of it, I think the concept of "storage device" is inherently an abstraction. bits aren't physical, so _anything_ you will do to store them will eventually "leak", the question is when, not if)

   • Embed this notice
     Alien software, human hardware (mavu@mastodon.social)'s status on Monday, 15-Dec-2025 19:11:40 JST Alien software, human hardware

     in reply to

     • ✧✦Catherine✦✧

     @whitequark @mhoye "it's a catchy thing to throw out while failing to cope with burnout,"
     Oof :D

   • Embed this notice
     ✧✦Catherine✦✧ (whitequark@mastodon.social)'s status on Monday, 15-Dec-2025 19:42:45 JST ✧✦Catherine✦✧

     in reply to

     • Alien software, human hardware

     @mavu @mhoye look i've been there

   • Embed this notice
     Alien software, human hardware (mavu@mastodon.social)'s status on Monday, 15-Dec-2025 20:58:54 JST Alien software, human hardware

     in reply to

     • ✧✦Catherine✦✧

     @whitequark @mhoye its fine, i just thought it was very funny :)

   • Embed this notice
     ✧✦Catherine✦✧ (whitequark@mastodon.social)'s status on Tuesday, 16-Dec-2025 22:55:32 JST ✧✦Catherine✦✧

     in reply to

     • Ignas Kiela
     • Wolf480pl
     • Rich Felker

     @ignaloidas @wolf480pl @mhoye @dalias I would expect that to be inessential to reading the data

   • Embed this notice
     Ignas Kiela (ignaloidas@not.acu.lt)'s status on Tuesday, 16-Dec-2025 22:55:34 JST Ignas Kiela

     in reply to

     • Wolf480pl
     • Rich Felker
     • ✧✦Catherine✦✧

     @wolf480pl@mstdn.io @mhoye@mastodon.social @whitequark@mastodon.social @dalias@hachyderm.io ah, no, apparently they do have some sort of RFID chip in them with 32k of storage

   • Embed this notice
     Wolf480pl (wolf480pl@mstdn.io)'s status on Tuesday, 16-Dec-2025 22:55:36 JST Wolf480pl

     in reply to

     • Ignas Kiela
     • Rich Felker
     • ✧✦Catherine✦✧

     @ignaloidas
     yeah the last one with removable media was DVD... or maybe some recent LTO
     @mhoye @whitequark @dalias

   • Embed this notice
     Ignas Kiela (ignaloidas@not.acu.lt)'s status on Tuesday, 16-Dec-2025 22:55:36 JST Ignas Kiela

     in reply to

     • Wolf480pl
     • Rich Felker
     • ✧✦Catherine✦✧

     @wolf480pl@mstdn.io @mhoye@mastodon.social @whitequark@mastodon.social @dalias@hachyderm.io tapes are still fully analog on the removable side afaik, and are still used a fair bit

   • Embed this notice
     Wolf480pl (wolf480pl@mstdn.io)'s status on Tuesday, 16-Dec-2025 22:55:38 JST Wolf480pl

     in reply to

     • Rich Felker
     • ✧✦Catherine✦✧

     @whitequark @dalias @mhoye
     We used to be able to remove the physical medium from a storage device and put it in another compatible storage device.

     It probably had a bunch of drawbacks, but AFAIU it was less wormable

   • Embed this notice
     Ignas Kiela (ignaloidas@not.acu.lt)'s status on Tuesday, 16-Dec-2025 22:55:38 JST Ignas Kiela

     in reply to

     • Wolf480pl
     • Rich Felker
     • ✧✦Catherine✦✧

     @wolf480pl@mstdn.io @whitequark@mastodon.social @dalias@hachyderm.io @mhoye@mastodon.social eh, I don't think that's been universal for the past 20 years at least? Besides storage mediums designed for portability, essentially every permanently installed storage device has stored metadata about the storage medium not on the storage medium itself, but on another, easier to interface with storage medium.
     
     And even with storage made for portability - if it's designed with an electrical interface - it almost unavoidably contains some processing inside of it too, because you want to minimize the number of contacts in your connector.