If we want the metaverse to be useful, anyway

The metaverse. Everyone’s talking about it, major companies are working on the hardware to access it, and it increasingly seems like it could eventually be the next major communication platform on the scale of the world wide web.

But if you ask Intel, ‘eventually’ is still a long way off.

In its first real statement since everyone started chiming in on the metaverse after Facebook’s rebrand, Intel says that for immersive computing to really hit its stride, we will need a 1000x increase in computation efficiency from today’s very best tools.

Specifically, Raja Koduri, a senior VP at Intel, writes:

“Truly persistent and immersive computing, at scale and accessible by billions of humans in real time, will require even more: a 1,000-times increase in computational efficiency from today’s state of the art.”

He later adds that aside from hardware, we will need new software architectures and algorithms to make the metaverse a reality.

Of course, there’s no clear-cut threshold for how much computing power the metaverse will require. Some would say the metaverse already exists in a rudimentary form.

But Koduri’s statement brings up an important point: for the metaverse to provide convincing social interactions to a wide group of people, it’s likely we’ll need an enormous improvement in processing efficiency.

If we want the metaverse to be more than what amounts to VR and AR massively-multiplayer games — especially if we want to access the metaverse on wearable, practical devices — we simply need a lot more power.

Koduri is envisioning a metaverse that is more than basic avatars, describing encounters in the metaverse that would include “convincing and detailed avatars with realistic clothing, hair and skin tones – all rendered in real-time and based on sensor data capturing real-world 3D objects, gestures, audio and much more; data transfer at super-high bandwidths and extremely low latencies; and a persistent model of the environment, which may contain both real and simulated elements.”

It’s hard enough to manage all that with a spec’d out gaming PC and state-of-the-art hardware, let alone the all-in-one devices that’ll presumably power the metaverse of the future. Moreover, Koduri doesn’t even think hardware alone will be able to reach that 1000x number — at least not any time soon — instead suggesting that AI and software improvements will make up the gap.

Of course, realistic depictions of people and environments are only one part of the puzzle; one could argue that a far more important piece is creating the standards the metaverse will need to work. Still it’s refreshing to hear someone acknowledge that even if the metaverse is our inevitable destination, we’ve still got a long way to go.

via thenextweb

Cybersecurity researchers have disclosed a security flaw in the Linux Kernel's Transparent Inter Process Communication (TIPC) module that could potentially be leveraged both locally as well as remotely to execute arbitrary code within the kernel and take control of vulnerable machines.

The heap overflow vulnerability "can be exploited locally or remotely within a network to gain kernel privileges, and would allow an attacker to compromise the entire system," cybersecurity firm SentinelOne said in a report published today and shared with The Hacker News.

TIPC is a transport layer protocol designed for nodes running in dynamic cluster environments to reliably communicate with each other in a manner that's more efficient and fault-tolerant than other protocols such as TCP. The vulnerability identified by SentinelOne has to do with a new message type called "MSG_CRYPTO" that was introduced in September 2020 and enables peer nodes in the cluster to send cryptographic keys.

While the protocol has checks in place to validate such messages after decryption to ensure that a packet's actual payload size doesn't exceed that of the maximum user message size and that the latter is greater than the message header size, no restrictions were found to be placed on the length of the key (aka 'keylen') itself, resulting in a scenario where "an attacker can create a packet with a small body size to allocate heap memory, and then use an arbitrary size in the 'keylen' attribute to write outside the bounds of this location."

There is no evidence that the flaw has been abused in real-world attacks to date, and following responsible disclosure on October 19, the issue has been addressed in Linux Kernel version 5.15 released on October 31, 2021.

"The function tipc_crypto_key_rcv is used to parse MSG_CRYPTO messages to receive keys from other nodes in the cluster in order to decrypt any further messages from them," Linux kernel maintainers sai\d in a fix pushed late last month. "This patch verifies that any supplied sizes in the message body are valid for the received message."

"While TIPC itself isn't loaded automatically by the system but by end users, the ability to configure it from an unprivileged local perspective and the possibility of remote exploitation makes this a dangerous vulnerability for those that use it in their networks," SentinelOne researcher Max Van Amerongen said.

via thehackernews

Facebook's newly-rebranded parent company Meta on Tuesday announced plans to discontinue its decade-old "Face Recognition" system and delete a massive trove of more than a billion users' facial recognition templates as part of a wider initiative to limit the use of the technology across its products.

The Menlo Park tech giant described the about-face as "one of the largest shifts in facial recognition usage in the technology's history."