It's not exactly rocket science to add a "browser app" to the Steam system to use certain web sites in an appliance-ish mode, but it's not great for general purpose browsing.
A slightly more advanced browser frontend that offered an experience comparable to Edge on Xbox would be very nice.
> According to The Cybersec Guru, this is an unpatchable problem for Sony, because these keys cannot be changed and are burned directly in the APU.
I'm just speculating at this point, but what could prevent Sony from anticipating this exact situation and burning several keys in the APU? I mean, eFuse is not exactly a new technology. That way, once a key is leaked, Sony could push a firmware update switching the APU to a new key which hasn't been leaked yet.
I have seen some manufacturers enroll multiple manufacturer keys, probably with this notion, but this isn’t useful against almost any threat model.
If keys are recovered using some form of low level hardware attack, as was almost surely the case here, the attacker can usually recover the unused key sets too.
If the chip manufacturing provisioning supply chain is leaky the new keys will probably be disclosed anyway, and if the key custody chain is broken (ie, keys are shared with OEMs or third parties) they will definitely be disclosed anyway.
Wouldn't the other reason to have multiple manufacturer keys, be to guard against them losing the private key for one in a way that means they can't sign anything any more?
I mean, sure, but to what end does that madness lead? Who backs up the backups?
Usually this is to allow different departments / divisions / customers (in the case of an OEM model) to all sign code or encrypt binaries, although this is likewise a bit off as each enrolled key increases the amount of material which is available to leak in the leak model. Or to allow model line differentiation with crossover.
A TPM is a form of HSM (Hardware Security Module).
HSMs come in all sizes, from a chip in your phone (secure element) or even a dedicated part of a SoC chip, to a big box in a datacenter that can handle tons of requests per second.
The idea is having dedicated hardware to protect the private key material. This hardware can execute signing operations, so it can use the key but it can't share the key material itself. It is usually also physically hardened with techniques to extract said keys, like sidechannel attacks based on power draw, X-ray inspection, decapping etc.
The story implies that these are signing keys, so there is no reason for the private halves to be present in the product's silicon in any form. If these were encryption keys stored in a TPM, they'd have been extracted not leaked.
Yes, but console vendors generally prefer not to allow downgrades.
So if v1 is signed by key A, v2 is signed by key B and invalidates key A; a console that installs v2 wouldn't be able to install v1 after, but that's not a problem for Sony.
But, I'm not sure how many companies would be able to manage their keys properly to ensure that someone with access to key A doesn't have access to key B.
If these are asymmetric key pairs and the device side key was extracted from the device... Switching keys wouldn't help, and it's not a huge deal by itself --- having the device side key doesn't allow you to make a firmware image the device would accept.
Fun fact, the Nintendo Switch blows fuses [0] when they do a patch that’s for security/jailbreaking. If I recall there’s something like 12 or 16 fuses they can employ over the life of the product to ensure you can’t rollback updates that prevent piracy. Nvidia builds these fuses into the board.
So if you’ve blown 4 fuses you can’t do a patch that requires only 2 fuses to have blown, it’s a pretty wild solution.
It isn't that wild; the typical name for it is anti-rollback, and you probably have at least one device that implements it. Most Android devices have anti-rollback efuses to prevent installing older versions of the bootchain\bootloader; they might still allow you to downgrade the OS (depends on the vendor, if memory serves). Instead of using efuse counters, anti-rollback counters can also be implemented by Replay Protected Memory Block (RPMB), which is implemented by many flash storage (eMMC often supports RPMB, but other storage types can as well). It is possible to implement anti-rollback mechanisms on x86_64 by utilizing a TPM [0], but as far as I know, only Chrome OS does this.
Wouldn't it be great if companies spent the time and effort needed for all these wonderful things that prevent the owner from using the hardware they own how they see fit and instead invested the resources into making the product better ?
All this is basically a fragile anti-user timebomb that will only generate more avoidable e-waste eventually.
Yeah, that shouldn't happen (although I think I've seen reports of eFuses blowing spontaneously as well as eFuses self-repairing)
If your console blows a fuse before Nintendo intends to, you won't be able to install firmware until a firmware is released that will run with that number of fuses blown. And, depending on how things are implemented, you might not be able to run the firmware that you have either.
Here's an excerpt about the anti-rollback feature from Nvidia's docs on how the Tegra X1 SoC in the switch 1 boots [0] (called Tegra210 in the document)
> By default, the boot ROM will only consider bootloader entries with a version field that matches the version field of the first entry, and will stop iterating through the entries is a mismatch is found. The intent is to ensure that if some subset of the bootloader entries are upgraded, and hence the version field of their entries is modified, then the boot ROM will only boot the most recent version of the bootloader. This prevents an accidental rollback to an earlier version of the bootloader in the face of boot memory read errors, corruption, or tampering. Observe that this relies on upgraded bootloader entries being placed contiguously at the start of the array.
They're on the die. efuses existed on the ps3 and 360 too.
The 360 used them to prevent downgrades, but the ps3 used all of theirs to store bluray drive keys.
I've tried several different mics but eventually settled on a wired headset and Revelator io44 audio interface. The latter one is a goofy brick but it has a TRRS audio jack and built-in DSP so I don't have to fiddle with loopbacks, DAWs and VSTs.
And if I'm not able to lug that brick I can just plug the headset directly into my laptop.
Seems like it doesn't properly handle mouse events on Safari in macOS and only shows "frames with no pointer events". I assume it's because "pointerrawupdate" event is not supported there.
Also it's interesting that with ProMotion enabled it reports 16.67ms per frame (indicating 60Hz redraw rate) in Safari, but in Chrome it's 8.33.
Yes, I rely on pointerrawupdate. Thanks for letting me know! Unfortunately pointermove is typically synced with graphics in my limited experience, and I think I'd rather not show anything than provide wildly inaccurate numbers.
Although it's for gamepads, it's pretty much indispensable in debugging gamepad-related latency issues. For example, I found that my presumably 1000Hz controller can do only 500Hz in ideal conditions and it starts to drop at a much lower distance from the computer than advertised. Neat stuff.
Not all of his translations were nowhere near the original. For example, his translation of Guy Ritchie's Snatch was excellent (in my opinion of course) and is still quoted to this day. I'd say it's the only one that absolutely nails it and then some.
On the other hand, his Lord of The Rings was an "alternative" dub as you described. Didn't watch that one though.
This is better than BFI, although 120Hz demo on my screen looks like it's just alternating two or three parts of the image. Maybe there is a way to use fake interlacing to make it look convincing.
240Hz demo in 144Hz mode looks flickery but much more realistic.
Nope, color bleeding was virtually non-issue with SECAM color encoding. I've grown up in a SECAM country, but we had a lot of PAL content. PAL always looked bad and smudgy in comparison. NTSC was just plain awful and intolerable even by my pre-teen standards.
Are you sure that PAL reception/tapes and possibly "yeah we also do that" PAL implementations were good in your region? I'm from a PAL region and broadcast PAL looked just fine to me. Only VHS PAL looked blurry. VHS's very low horizontal color resolution was a VHS limitation, AFAIK not much to do with how color phase errors were averaged out across lines in PAL vs SECAM.
A comparable option in my opinion would be Minisforum 790S7. They also have a separate mini-ITX motherboard from that one if you want to DIY.
The CPU in it is faster in raw multi-thread performance, single-threaded it's a bit slower, but still quite impressive.
The only problem I had with Minisforum is that they couldn't supply the exact hardware I ordered and their suggested solution was either to wait for 1+ month or get a sligtly different configuration. Two times out of two.
Quality-wise they're pretty good though, no complaints there.
I can't find a Minisforum 790S7 for anywhere near the price of the base model mac mini. I am seeing $459.00 USD and that is "BAREBONE (NO OS/RAM/SSD)" [1]. I am comparing this to the M4 Mac Mini base model, that does indeed come with an OS, RAM, and an SSD[2] at $499 USD.
Welp. You're definitely correct. But that's the only machine in my opinion that comes close (and offers some advantage like a whole PCIe 5.0 x16 slot). There are other mini PCs that are cheaper, some other commenter suggested Beelinks which are also quite popular among enthusiasts, SER8 for example: Ryzen 8745HS, 24 GB RAM and 1 TB SSD for 467 Euro. Seems competitive enough.
Maybe it's not performance-comparable but $284 (BF35 coupon discount from $319 list) for Ryzen 5, 16GB RAM and 1TB SSD [1] in my mind is a good value trade-off versus the Mac Mini. The only thing that gives me pause is the concern expressed by some that Chinese MiniPCs are susceptible to Bios malware. I've looked into Coreboot, Libreboot and System 76 open firmware to mitigate the risk of infected Minisforum firmware but there's always the possibility of it crippling the device which would be a big time-loss more than anything.
Other flavors of malware are easily removed with a quick Windows reinstall before use but potential firmware infections are a good reason to pay more for mainstream PCs.
That's a valid concern but I personally avoid going into this rabbit hole just for the sake of my (already fragile) sanity.
Speaking of issues, the other one with these low cost mini PCs is low-quality SSDs. The one that my UN100D was supplied with was pure garboleum in terms of speed so it had to be replaced.
I've recently bought two minisforum PCs on Amazon. I fully expected the SSD to be garbage and to throw them out. To my surprise, they were decent-ish Kingston TLC PCIE 4.0 SSDs. Definitely not the cheapest SSD on the market.
Beelink EQR6 has an internal PSU and is also quite small, a bit smaller in footprint actually. It even comes with two full-size m.2 slots and expandable RAM.
Mini is great, exceptionally so, I actually just got a rather souped-up one (that's the reason I'm in this thread) but x86 vendors are catching up and there's a certain possibility that more established brands will pick up.
For the base model, but any upgrade on the Mac will kill that advantage instantly. For those keen enough to solder better parts on it the Mac Mini base model is the worst kind of barebone, filled with components that shouldn't even be produced anymore.
> components that shouldn't even be produced anymore
That's kinda harsh. For what it's worth, the base model isn't that bad and the storage can be (theoretically) upgraded down the road, even though it might cost a fair bit more than a standard m.2 SSD.
Sure, in raw compute it's slower than competition, but objectively it's still plenty fast and more trustworthy in terms of reliability.
I can only speak of experience with their UN100D mini PC which I use as a home server in a fairly constrained closet. Not a hot machine by any means, far from that, but the cooling seems pretty decent even for this low power CPU.
BD790i that I just received (didn't even install anywhere) has a rather substantial heatsink over the CPU similar to high wattage GPUs. The chip itself is rated at 55W TDP so it shouldn't be that much of a problem cooling it. The motherboard doesn't come with a fan and I'm definitely not going to spend extra on high-end ones at least just yet.
I don't know anything about the thermals of 790S7's case though. It looks like they gave it at least some thought judging by the duct over the CPU, but how it actually performs I have no idea.
reply