As the article points out, TSA is using this tech to improve efficiency. Every request for manual verification breaks their flow, requires an agent to come address you, and eats more time. At the very least, you ought not to scan in the hopes that TSA metrics look poor enough they decide this tech isn’t practical to use.

I’m curious what issue you see with that? It seems like the project is only accepting unrestricted donations, but is there something suspicious about shopify that makes it’s involvement concerning (I don’t know much about them)?

The reason the article compares to commercial flights is your everyday reader knows planes’ emissions are large. It’s a reference point so people can weight the ecological tradeoff.

“I can emit this much by either (1) operating the global airline network, or (2) running cloud/LLMs.” It’s a good way to visualize the cost of cloud systems without just citing tons-of-CO2/yr.

Downplaying that by insisting we look at the transportation industry as a whole doesn’t strike you as… a little silly? We know transport is expensive; It is moving tons of mass over hundreds of miles. The fact computer systems even get close is an indication of the sheer scale of energy being poured into them.

I don’t believe that explanation is more probable. If the NSA had the power to compell Apple to place a backdoor in their chip, it would probably be a proper backdoor. It wouldn’t be a side channel in the cache that is exploitable only in specific conditions.

The exploit page mentions that the Intel DMP is robust because it is more selective. So this is likely just a simple design error of making the system a little too trigger-happy.

Wow, what a dishearteningly predictable attack.

I have studied computer architecture and hardware security at the graduate level—though I am far from an expert. That said, any student in the classroom could have laid out the theoretical weaknesses in a “data memory-dependent prefetcher”.

My gut says (based on my own experience having a conversation like this) the engineers knew there was a “information leak” but management did not take it seriously. It’s hard to convince someone without a cryptographic background why you need to {redesign/add a workaround/use a lower performance design} because of “leaks”. If you can’t demonstrate an attack they will assume the issue isn’t exploitable.

Having express self-checkoit is great. The Kroger near me went full-self-checkout. They have large kiosks that mimmic the traditional checkout belt kiosks, except the customer scans at the head of the belt and the items move into the bagging area.

If you have a full cart, you scan all the items, checkout, walk to the end of the belt, and bag all of your items. Takes twice as long as bagging while a cashier scans (for solo shoppers), and because of the automatic belt the next customer cannot start scanning until you finish bagging, or their items will join the pile of your items.

It effectively destroys all parallelism is the process (bagging while scanning, customers pre-loading their items with a divider while the prior customer is still being serviced), and with zero human operated checkouts running you get no choice