pelya

But it’s very convenient! When you have a BSOD, you don’t need your core dumped, you simply unplug your DRAM+ and send it to Microsoft using paper mail.

It’s way less expensive for state-sponsored hackers to blackmail your country’s official to leak backdoor keys than try to break the unbreakable crypto using a nuclear-powered GPU farm.

Saving arbitrary metadata is the exact use case for pickle module, you just put it together with your numpy array into a tuple. jpeg format has support for storing metadata, but they are an afterthought like .mp3 tags, half of applications do not support them.

I can imagine multichannel jpeg to be used in photo editing software, so you can effortlessly create false-color plots of your infrared data, maybe even apply a beauty filter to your Eagle Nebula microwave scans.

What, pickle.dump your enormous Numpy array not good enough for you anymore? Not even fancy zlib.compress(pickle.dumps(enormousNumpyArray)) will satisfy you? Are you a scientist or a spectral data photographer?

That’s because the article that started the whole argument tried very hard to present an expected behavior for embedded chips as a security hole.

Should have used three spreadsheets. Excel tends to run slowly when a spreadsheet has more than a million cells in it.

There was no mention of over-the-air exploit, so eh.

Anyway, having direct unprivileged R/W access to platform memory is indeed a security hole, no matter the vendor.

It is not. ESP32 is an embedded chip with less than one megabyte of RAM. It cannot run apps or load websites with any malicious code, it only runs the firmware that you flash on it, nothing else, and of course your firmware has full access to every chip feature. If your firmware has a security hole, it’s not the chip’s fault.

It’s ultimately a question of money. Older guys with software engineering degrees and fancy salaries can spend their weekends doing free community service in the form of open-source development. Younger people have to worry about job and rent and bills, they simply don’t have that kind of free time.

Add to that the growing complexity of the software. Something that could be done by an university student before, like writing an OS from scratch, won’t be nearly as useful as it would in the '90-s, because it was already done before, now you have multiple OSes to choose from. And joining an existing software project is hit-or-miss, some are inclusive and some are an old boy club where you need to know the secret rules.

You simply need to accept the risc.