Skip to main content

Posts

The tetraquarks are coming. Or are they?

  There has been grumblings since July that some of the folks over at LHC may have discovered a new fundamental particle: the dicharm tetraquark . From Quanta Magazine: [Igor]  Polyakov went away and double-checked his analysis of data from the Large Hadron Collider beauty (LHCb) experiment, which the Syracuse group is part of. The evidence held. It showed that a particular set of four fundamental particles called quarks can form a tight clique, contrary to the belief of most theorists. The LHCb collaboration reported the discovery of the composite particle, dubbed the double-charm tetraquark, at a conference in July and in  two   papers  posted earlier this month that are now undergoing peer review. Everybody loves a new particle. But early results from the LHC have jumped the gun before. And there is a debate about what exactly the LHC results mean. The leading alternative explanation at this point is the observation detected not a new composite particle but a rare Triangle Singulari
Recent posts

Here is how to mitigate CVE-2021-40444

UPDATE: Microsoft has released a patch for CVE-2021-40444 as of  9-14 ... but that doesn't mean its been installed on your systems yet, so check! The KB varies by distro, but it should be around KB5005565-KB5005568 for recent Windows 10 x64 versions. CVE-2021-40444 is a new remote code execution vulnerability in Windows that involves embedded ActiveX controls in Office document files (.doc, .docx, .docm, .dochtml).  All versions of Windows, including Server distros, are impacted. Exploits of this vulnerability are in the wild now. The Windows preview pane plays a role in the vulnerability; I haven't seen an example of the exploit, but Microsoft's recommended steps for mitigation involve disabling the preview pane for relevant file types. No security patch is available yet, but it is possible to mitigate the threat. Below, I've embedded code for a registry key that you can use to automatically patch your Windows 10 PC. The registry key simply automates Microsoft's r

This is a PPTP VPN intervention.

Six years ago (sigh), I wrote but never published this blog post begging users to find an alternative to the PPTP VPN protocol. They were already years out of date at that time. Even today, however, well-known companies like ExpressVPN are still providing PPTP to clients despite the fundamentally insecure nature of these types of tunnels. Consider this an intervention. For years, the Virtual Private Network (VPN) has been a mainstay of those trying to keep snoopers away from their online activities. Its important to keep in mind that a VPN is one part of a secure and private online presence - without complementing the use of a VPN with additional tools and habits, the security offered is more narrow than many users believe. There are two main reasons to use a VPN.  First and foremost, a VPN is a means of encapsulating your network traffic within an encrypted "tunnel". This makes it extremely difficult to see or manipulate that network traffic. This is typically the type of

Electromagnetic eavesdropping is cheap & easy - so why doesn't anyone believe it exists?

Below, I've included what would have been the first post in a series of posts I wrote about the  badBIOS  controversy in October 2013. I found the evidence in support of badBIOS to be unconvincing and I was concerned by how popular badBIOS became despite those obvious shortcomings. This wasn't a situation where an overexcitable press ran with a story that turned out to be inaccurate; the most early and adamant believers in  badBIOS  weren't reporters, they were ITSEC professionals. How were so many of us publicly duped by what was essentially a conspiracy theory? This post doesn't address badBIOS directly. However, badBIOS was presumed to somehow involve the manipulation of computers using acoustic transmissions. This post provides some historical context behind a strain of computer science research in this field and shows how commonly held beliefs about the feasibility of these attacks were generally inaccurate at the time of writing. In future posts I would have explo

PHP empty() and the trouble of passing new zero values in forms

Lets say we have a form. The form is straight-forward: HTML radio buttons that posts to a PHP processing script that saves the results to a database. The radio buttons correspond to bindary responses to questions - Yes/No, True/False. These truth values are mapped to the integers '1' and '0', which are then stored in the database. When such a form is creating new records, this is about as brainless as web-development gets. But things get more complicated when the form is used to update existing records. A useful update form will typically have a few basic features; among them, the option to update all of the data in the form or just some of the data. To do this, we have to check whether a variable is being updated or not. One approach to checking on variable updates is to create an array with all of the variables to be considered, like this:  $stuff = array( 'fee' => $_POST['fee'], 'fi' => $_POST['fi'],

KMS client activation keys - Windows Server 2022, 2019 and 2016

This is the latest update of the list of windows license keys for key management service activation I publish every few years. Reference the KMS activation post I wrote for Windows 2012 for help installing one of the keys (` slmgr /ipk yourkeyhere` from a command prompt as an administrator)   Windows Server Semi-Annual Channel versions Windows Server, version 1909, version 1903, and version 1809 Windows Server, version 1909, version 1903, and version 1809 Operating system edition KMS Client Setup Key Windows Server Datacenter 6NMRW-2C8FM-D24W7-TQWMY-CWH2D Windows Server Standard N2KJX-J94YW-TQVFB-DG9YT-724CC Windows Server LTSC/LTSB versions Windows Server 2022 Windows Server 2022 Operating system edition KMS Client Setup Key Windows Server 2022 Datacenter WX4NM-KYWYW-QJJR4-XV3QB-6VM33 Windows Server 2022 Standard VDYBN-27WPP-V4HQT-9VMD4-VMK7H Windows Server 2019 Windows Server 2019 Operating system edition KMS Client Setup Key Windo

If E.T. phones home, he won't use entagled qubits

I can recall listening to a radio program some 10-15 years ago. The host of the show believed that it would soon be possible to build a faster-than-light communications system using quantum entangled particles, and interviewed several people from a company who were seeking funding to somehow make that happen. But why not?  There would be tremendous value in some sort of "quantum phone" of entangled particles that allowed for transferring messages faster than the speed of light.  Quantum computers are a real thing now. Quantum key distribution could very well revolutionize public key cryptography. Yet if anything, quantum computing is a misnomer because it understates how fundamental quantum mechanics has been on recent technological innovation. Quantum mechanics has been around for a century now and all modern computers rely to some extent on the principles of quantum mechanics to function. But there will be no quantum phone. Let's start by explaining how the quantum ph