Welcome to The Breakfast Club! We’re a disorganized group of rebel lefties who hang out and chat if and when we’re not too hungover we’ve been bailed out we’re not too exhausted from last night’s (CENSORED) the caffeine kicks in. Join us every weekday morning at 9am (ET) and weekend morning at 10:00am (ET) (or whenever we get around to it) to talk about current news and our boring lives and to make fun of LaEscapee! If we are ever running late, it’s PhilJD’s fault.

Joan of Arc is born; Samuel Morse demonstrates the telegraph to the public; Commercial airplane completes first round-the-world flight; Figure skater Nancy Kerrigan is attacked; Dizzy Gillespie and Rudolf Nureyev die.

You’ll never get mixed up if you simply tell the truth. Then you don’t have to remember what you have said, and you never forget what you have said.

Sam Rayburn

Continue reading

Welcome to The Breakfast Club! We’re a disorganized group of rebel lefties who hang out and chat if and when we’re not too hungover we’ve been bailed out we’re not too exhausted from last night’s (CENSORED) the caffeine kicks in. Join us every weekday morning at 9am (ET) and weekend morning at 10:00am (ET) (or whenever we get around to it) to talk about current news and our boring lives and to make fun of LaEscapee! If we are ever running late, it’s PhilJD’s fault.

Elian Gonzales decision; First female U.S. governor inaugurated; Sonny Bono dies; Pete Rose admits to betting on baseball; Bruce Springsteen’s first album debuts.

If you are sure you understand everything that is going on, you are hopelessly confused.

Walter F. Mondale

Continue reading

LePage sends welfare cash to after-school programs to curb ‘out-of-wedlock pregnancies’
By Matthew Stone, Bangor Daily News
January 4, 2018

This school year, Gov. Paul LePage’s administration is spending $1.7 million on after-school programs that once would have gone to low-income families with children in the form of cash assistance.

The administration has described the change as a way to “better support our youth,” but anti-poverty program experts decried it as an ineffective way to keep kids clothed and fed at a time when the rate of Maine children living in deep poverty has been rising.

“After-school programs don’t pay the rent, and they don’t keep kids in underwear. They don’t keep the parents in underwear,” said Luke Shaefer, an associate professor of social work at the University of Michigan and coauthor of the book “$2.00 a Day: Living on Almost Nothing in America.”

A BDN review of state contracting documents shows more than a dozen nonprofit organizations are receiving more than $1.7 million this school year from the federally funded Temporary Assistance for Needy Families, or TANF, grant. The Maine Department of Health and Human Services has awarded more than 80 percent of the funds without using the state’s formal competitive bidding process, the documents show.

Grifters gotta Grift.

But the after-school programs account for less than 2 percent of the LePage administration’s reworked spending of the $78.1 million TANF grant the state receives each year. Instead, the administration is tapping much of the unused federal funding so it can avoid using state taxpayer funds.

A BDN review in June showed the state planned to spend most of the funds — after paying for cash benefits for the remaining TANF beneficiaries, employment services and administrative expenses — on pre-existing state social service obligations to free up the state funds normally devoted to those expenses. Those expenses accounted for a third of the LePage administration’s planned TANF spending for this fiscal year.
…
A DHHS spokeswoman didn’t directly address questions from the BDN about how the department ensured it was supporting the highest-quality after-school programs with TANF, the number of children served by the after-school programs receiving TANF funds, the number of kids who wouldn’t be able to participate in after-school programs if not for the TANF funding, and the analysis DHHS used to decide how it would spend the state’s TANF grant.

“DHHS is committed to helping families and youth,” DHHS spokeswoman Emily Spencer wrote in an email. “Before and after school programming is a proven strategy to help boost academic performance and reduce risky behaviors. We encourage innovative, community based programming that keeps our youth engaged and away from behaviors that can have negative consequences which can follow them for a lifetime. These programs meet the goals of TANF and, more importantly, they keep kids off the streets — safe and engaged in positive behaviors.”

In response to its request for youth program proposals, DHHS didn’t receive many bids from outside of southern Maine, so the department has awarded more than 80 percent of the funds for after-school programs without using the state’s formal, competitive bidding process, according to state contracting documents.

That’s how Fair Haven Camps in the rural Waldo County town of Brooks became the site of one of the TANF-funded after-school programs.

In the summer, Fair Haven Camps is a Christian overnight camp. This fall, for the first time, it welcomed 17 students from Mount View Middle School in nearby Thorndike after school each day for outdoor activities in wilderness survival, arts and crafts, and lessons in financial literacy provided by volunteers from Bangor Savings Bank.
…
A “Charitable Choice” provision that applies to the 1996 federal law that created TANF allows states to issue public funds to religious organizations such as Fair Haven Camps as long as the organizations don’t use those funds to pay for what federal regulations label “inherently religious activities.”
…
The proportion of Maine children living in deep poverty — with family incomes of half the federal poverty level or less — grew 1.1 percentage points between 2011 and 2015, to 8 percent, while it grew 0.2 percentage points nationally, to 9.5 percent, according to calculations from the Maine Center for Economic Policy that used three-year averages from U.S. Census data to calculate poverty rates.

Research available on safety net programs that bolster family income — the sort of assistance that has ended for the more than 8,000 Maine families since 2012 — shows that they contribute to improved school performance for the children in those families as well as improved health and long-term earning power.

Which is hungrier, my stomach or my soul? Hot dog!

Dizzy? You probably have Carbon Monoxide poisoning. You should call the Fire Department and EMS.

Not many people know it, but the Fuhrer was a terrific dancer.

Treasonous

Domestic Violence

Happy Shoveling! Remember when snow days used to be cool?

Welcome to The Breakfast Club! We’re a disorganized group of rebel lefties who hang out and chat if and when we’re not too hungover we’ve been bailed out we’re not too exhausted from last night’s (CENSORED) the caffeine kicks in. Join us every weekday morning at 9am (ET) and weekend morning at 10:00am (ET) (or whenever we get around to it) to talk about current news and our boring lives and to make fun of LaEscapee! If we are ever running late, it’s PhilJD’s fault.

Israeli Prime Minister Ariel suffers a stroke and lapses into a coma; the inventor of braille is born; Jesse Ventura sworn in as Minnesota’s governor, poet T.S. Eliot dies.

I am a man of fixed and unbending principles, the first of which is to be flexible at all times.

Everett Dirksen

Continue reading

As you read this article, replace every mention of ‘Malware’ with ‘Government Surveillance’ and every mention of ‘Hacker’ with ‘NSA’.

‘Kernel memory leaking’ Intel processor design flaw forces Linux, Windows redesign
By John Leyden and Chris Williams, The Register
2 Jan 2018

A fundamental design flaw in Intel’s processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug.

Programmers are scrambling to overhaul the open-source Linux kernel’s virtual memory system. Meanwhile, Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch Tuesday: these changes were seeded to beta testers running fast-ring Windows Insider builds in November and December.

Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we’re looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model. More recent Intel chips have features – such as PCID (Process-Context Identifiers) – to reduce the performance hit. Your mileage may vary.

Similar operating systems, such as Apple’s 64-bit macOS, will also need to be updated – the flaw is in the Intel x86-64 hardware, and it appears a microcode update can’t address it. It has to be fixed in software at the OS level, or go buy a new processor without the design blunder.

Details of the vulnerability within Intel’s silicon are under wraps: an embargo on the specifics is due to lift early this month, perhaps in time for Microsoft’s Patch Tuesday next week. Indeed, patches for the Linux kernel are available for all to see but comments in the source code have been redacted to obfuscate the issue.

However, some details of the flaw have surfaced, and so this is what we know.

It is understood the bug is present in modern Intel processors produced in the past decade. It allows normal user programs – from database applications to JavaScript in web browsers – to discern to some extent the layout or contents of protected kernel memory areas.

The fix is to separate the kernel’s memory completely from user processes using what’s called Kernel Page Table Isolation, or KPTI. At one point, Forcefully Unmap Complete Kernel With Interrupt Trampolines … was mulled by the Linux kernel team, giving you an idea of how annoying this has been for the developers.

Whenever a running program needs to do anything useful – such as write to a file or open a network connection – it has to temporarily hand control of the processor to the kernel to carry out the job. To make the transition from user mode to kernel mode and back to user mode as fast and efficient as possible, the kernel is present in all processes’ virtual memory address spaces, although it is invisible to these programs. When the kernel is needed, the program makes a system call, the processor switches to kernel mode and enters the kernel. When it is done, the CPU is told to switch back to user mode, and reenter the process. While in user mode, the kernel’s code and data remains out of sight but present in the process’s page tables.
…
At best, the vulnerability could be leveraged by malware and hackers to more easily exploit other security bugs. However, there are companies out there who are trying to fix this with the help of vulnerability services similar to https://www.digitaldefense.com/solution-overview/scan/ to safeguard their programmes.

At worst, the hole could be abused by programs and logged-in users to read the contents of the kernel’s memory. Suffice to say, this is not great. The kernel’s memory space is hidden from user processes and programs because it may contain all sorts of secrets, such as passwords, login keys, files cached from disk, and so on. Imagine a piece of JavaScript running in a browser, or malicious software running on a shared public cloud server, able to sniff sensitive kernel-protected data.

Specifically, in terms of the best-case scenario, it is possible the bug could be abused to defeat KASLR: kernel address space layout randomization. This is a defense mechanism used by various operating systems to place components of the kernel in randomized locations in virtual memory. This mechanism can thwart attempts to abuse other bugs within the kernel: typically, exploit code – particularly return-oriented programming exploits – relies on reusing computer instructions in known locations in memory.

If you randomize the placing of the kernel’s code in memory, exploits can’t find the internal gadgets they need to fully compromise a system. The processor flaw could be potentially exploited to figure out where in memory the kernel has positioned its data and code, hence the flurry of software patching.

However, it may be that the vulnerability in Intel’s chips is worse than the above mitigation bypass. In an email to the Linux kernel mailing list over Christmas, AMD said it is not affected. The wording of that message, though, rather gives the game away as to what the underlying cockup is:

AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against. The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault.

A key word here is “speculative.” Modern processors, like Intel’s, perform speculative execution. In order to keep their internal pipelines primed with instructions to obey, the CPU cores try their best to guess what code is going to be run next, fetch it, and execute it.

It appears, from what AMD software engineer Tom Lendacky was suggesting above, that Intel’s CPUs speculatively execute code potentially without performing security checks. It seems it may be possible to craft software in such a way that the processor starts executing an instruction that would normally be blocked – such as reading kernel memory from user mode – and completes that instruction before the privilege level check occurs.

That would allow ring-3-level user code to read ring-0-level kernel data. And that is not good.

The specifics of the vulnerability have yet to be confirmed, and this discussion of its severity is – aptly enough – speculation, but consider this: the changes to Linux and Windows are significant and are being pushed out at high speed. That suggests it’s more serious than a KASLR bypass.

Translated from GobbletyGeek what that means is that Spy Programs and more destructive Viruses like Ransomware and those that trash your Hard Drive just for sport can easily (well, you have to know what you’re doing) take complete control of your computer whenever you merely visit a web site.

But that’s old news you say?

Here’s what’s new- Operating Systems and Anti-Virus Programs can’t do a damn thing about it without slowing down your computer from 5% to 30% because it’s built into the CPU!

Now do I really believe the NSA and Intel conspired to insert this vulnerability in the Silicon?

Let me put it this way, at best Intel has been cheating to make its hardware appear faster than it is. That’s the charitable explanation.

Me? I’m solid AMD and have been for decades. Intel sucks.

What can you do? Well, Linux already has a patch in the latest kernel, Microsoft is coming soon. Apple macOS hardly seems to have noticed, but it’s not a company focus and Apple is notoriously close mouthed about these kind of things so who knows.

All of these “fixes” slow down your computer though. Us AMD types will notice no change at all.

Welcome to The Breakfast Club! We’re a disorganized group of rebel lefties who hang out and chat if and when we’re not too hungover we’ve been bailed out we’re not too exhausted from last night’s (CENSORED) the caffeine kicks in. Join us every weekday morning at 9am (ET) and weekend morning at 10:00am (ET) (or whenever we get around to it) to talk about current news and our boring lives and to make fun of LaEscapee! If we are ever running late, it’s PhilJD’s fault.

Washington’s army routs the British in the Battle of New Jersey; Manuel Noriega surrenders to U.S. forces; Jack Ruby dies; Author J.R.R. Tolkien is born

The world has never yet seen a truly great and virtuous nation because in the degradation of woman the very fountains of life are poisoned at their source.

Lucretia Mott

Continue reading