Andrew Ulysses Baker

@failrate
12 Followers
40 Following
223 Posts
Programmer and tinkerer
Andrew Ulysses BakerApr 3, 2023
Hovav ShachamApr 3, 2023

I guarantee that this is the wildest paper you’ll read all year. Drewes et al., “Pentimento: Data Remanence in Cloud FPGAs,” https://arxiv.org/abs/2303.17881

We find that a remote attacker can recover “FPGA pentimentos” — long-removed secret data belonging to a prior user or proprietary design image on a cloud FPGA. Just as a pentimento of a painting can be exposed via infrared imaging, FPGA pentimentos can be exposed via signal
timing sensors instantiated on a remote cloud FPGA. The sensitive data constituting an FPGA pentimento is imprinted to the device through bias temperature instability effects on the underlying transistors. We demonstrate how this slight degradation can be measured using a time-to-digital converter when an adversary programs one into the target cloud FPGA. This technique allows an attacker to ascertain previously safe information, after it is no longer explicitly present, on cloud FPGAs. Notably, it can allow an attacker to (1) extract proprietary details or keys from an encrypted FPGA design image available on the AWS marketplace and (2) recover information from a previous user of a cloud-FPGA. Both threat models are experimentally validated on the AWS F1 platform.

Pentimento: Data Remanence in Cloud FPGAs

Cloud FPGAs strike an alluring balance between computational efficiency, energy efficiency, and cost. It is the flexibility of the FPGA architecture that enables these benefits, but that very same flexibility that exposes new security vulnerabilities. We show that a remote attacker can recover "FPGA pentimenti" - long-removed secret data belonging to a prior user of a cloud FPGA. The sensitive data constituting an FPGA pentimento is an analog imprint from bias temperature instability (BTI) effects on the underlying transistors. We demonstrate how this slight degradation can be measured using a time-to-digital (TDC) converter when an adversary programs one into the target cloud FPGA. This technique allows an attacker to ascertain previously safe information on cloud FPGAs, even after it is no longer explicitly present. Notably, it can allow an attacker who knows a non-secret "skeleton" (the physical structure, but not the contents) of the victim's design to (1) extract proprietary details from an encrypted FPGA design image available on the AWS marketplace and (2) recover data loaded at runtime by a previous user of a cloud FPGA using a known design. Our experiments show that BTI degradation (burn-in) and recovery are measurable and constitute a security threat to commercial cloud FPGAs.

arXiv.org
Andrew Ulysses BakerMar 3, 2023
ProPublicaMar 3, 2023

How to File Taxes for Free Without TurboTax
--

Don’t get tricked into paying to file your taxes this year. Here’s how to find the truly free filing options offered by the IRS Free File program.

#TurboTax #Intuit #Taxes #IRS

https://www.propublica.org/article/how-to-file-taxes-for-free-without-turbotax?utm_medium=social&utm_source=mastodon&utm_campaign=mastodon-post

How to File Taxes for Free Without TurboTax

Don’t get tricked into paying to file your taxes this year. Here’s how to find the truly free filing options offered by the IRS Free File program.

ProPublica
Andrew Ulysses BakerFeb 20, 2023
VissFeb 20, 2023
Andrew Ulysses BakerFeb 17, 2023
BrianKrebsFeb 17, 2023

From OpenSecrets.org: TurboTax parent company Intuit is pouring more money than ever into lobbying amid push for free government-run tax filing.

https://www.opensecrets.org/news/2023/02/turbotax-parent-company-intuit-is-pouring-more-money-than-ever-into-lobbying-amid-push-for-free-government-run-tax-filing/

TurboTax parent company Intuit is pouring more money than ever into lobbying amid push for free government-run tax filing - OpenSecrets News

Intuit spent more than $3.5 million on federal lobbying in 2022 — a new record for the leading tax prep company, which owns TurboTax.

OpenSecrets News
Andrew Ulysses BakerFeb 17, 2023
VissFeb 17, 2023
if you are uncomfortable with the responsibility of running on prem gear, deferring that responsibility to a cloud vendor doesnt "make it better".
Andrew Ulysses BakerFeb 15, 2023
Rudy RuckerFeb 15, 2023
My short short SF story about 1967, the cosmic wall, and Sylvia dying. In Nature, no less!
https://www.nature.com/articles/d41586-023-00411-8
Who do you love?

The correct use of feedback.

Andrew Ulysses BakerFeb 14, 2023
Casey LissFeb 14, 2023

I take a couple issues with this, but overall, it was really well done. 😆

https://geoff.greer.fm/2023/02/08/gasoline-car-review/

Gasoline Car Review

I recently purchased a Mazda Miata. This car is interesting because instead of running on electricity, it is powered by a combustible liquid called gasoline. The vehicle has an engine that mixes the…

Andrew Ulysses BakerFeb 13, 2023
Alice Averlong🏳️‍⚧️Feb 13, 2023

I've uploaded Microsoft Publisher 1.0's clipart (in CGM, SVG, and PNG format) to the internet archive. 121 vector images.

https://archive.org/details/microsoft-publisher-1.0-clipart

Microsoft Publisher 1.0 Clipart : Microsoft : Free Download, Borrow, and Streaming : Internet Archive

This is an export of all the clip-art included with Microsoft Publisher 1.0.The original files were CGM files, which were then converted to SVG and PNG...

Internet Archive
Andrew Ulysses BakerFeb 11, 2023
Rami IsmailFeb 11, 2023
Ah, I've been informed that I'm finally going to lose my verified checkmark because of *checks notes*... corruption, corruption being *checks notes*... being a random dude people follow for videogame development nonsense
Andrew Ulysses BakerFeb 10, 2023
r҉ustic cy͠be̸rpu̵nk🤠🤖Feb 9, 2023
Current mood