Slashdot Mirror


User: sjames

sjames's activity in the archive.

Stories
0
Comments
34,276
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 34,276

  1. Re:"Hardcoded"? on Western Digital 'My Cloud' Devices Have a Hardcoded Backdoor (betanews.com) · · Score: 3, Insightful

    Hard coded means written into the software as opposed to being user configurable. So the author is correct and you were wrong.

    Hardcoded is why it takes a firmware update to change it rather than go to setup page x and uncheck the box next to "big security hole".

  2. Re:Open hardware is going to be hard on OpenBSD's De Raadt Pans 'Incredibly Bad' Disclsoure of Intel CPU Bug (itwire.com) · · Score: 1

    there already existed a libc, compiler toolchain, shell, and a vast suite of programs people already wanted to use.

    All created by those free software fans that "lacked the large corporate structure needed to produce anything as complex as an OS".

    And a CPU architecture is the same. It's not enough to have a nice core, you have to also have cache, a system bus interface, a RAM interface, clock distribution, MMU, and so on. None of that stuff is easy or fun.

    And yet, RISC-V exists.

  3. Everyone running an intel CPU will suddenly discover that they have 5-30% less processor than they paid for. In many cases, that difference would have resulted in going with the AMD processor. That is a real economic harm that deserves compensation.

    That doesn't mean justice will be done, the courts often bend over backwards and grab their ankles for large corporations, but morally and ethically, Intel owes a lot of people a pile of cash.

  4. Re:Lot of speculation in his dire statement on OpenBSD's De Raadt Pans 'Incredibly Bad' Disclsoure of Intel CPU Bug (itwire.com) · · Score: 2

    Risk isn't just a matter of how likely the discovery is, but how serious it is and how widespread the negative impact is. Given that Meltdown affects a huge population, even a tiny chance of discovery represents a huge risk, Intel doesn't want to do a recall since even chipzilla would be sunk by the cost. There's a big risk for you. Next time you consider Intel, just remember, you bought intel before and right now they're pointing at you and saying "HA-HA".

    Care to spin the wheel again?

  5. Re:Open hardware is going to be hard on OpenBSD's De Raadt Pans 'Incredibly Bad' Disclsoure of Intel CPU Bug (itwire.com) · · Score: 3, Interesting

    Of course, when Linux was new the argument was that an OS was just too big for a bunch of Free Software fans to manage. Only a big corporate structure could support development of anything as complex as an OS.

    Open hardware is harder, but probably not impossible. It isn't a magic cure all, but it would tend to be free of corporate decisions like "we need 10% more performance, cheat here and nobody will notice" simply due to the open nature.

    The patent swamp is a problem for that, but given how dependent the world is on secure digital hardware now, it's time to review the patent system. It may even become politically possible since it's to the point now where non-free hardware is hindering corporate profits.

  6. Re:This Will Go Nowhere on Intel Hit With Three Class-Action Lawsuits Over Meltdown and Spectre Bugs (theguardian.com) · · Score: 1

    It does not. It was originally claimed that the memory protection was complete. It is obviously not.

  7. Re:This Will Go Nowhere on Intel Hit With Three Class-Action Lawsuits Over Meltdown and Spectre Bugs (theguardian.com) · · Score: 1

    Exactly this. The "cheating" is fine as long as the ultimate machine state is truly indistinguishable from what it would be without cheating from the viewpoint of the executing code. Meltdown is a case where that does not hold true, and even worse, can be forced reliably.

  8. Re: If only I know who to short ... on How a Researcher Hacked His Own Computer and Found One of the Worst CPU Bugs Ever Found (reuters.com) · · Score: 1

    By level, I mean in terms of security.

  9. Re:If only I know who to short ... on How a Researcher Hacked His Own Computer and Found One of the Worst CPU Bugs Ever Found (reuters.com) · · Score: 2

    No, I was considering that. If My company uses a public cloud, one of those bad actirs MIGHT end up running in another VM on the same machine my VM is running on. If instead, I run on a server I actually own and use exclusively, even if I run several VMs, I can KNOW that the bad guy is NOT also running a VM on that server. At worst, another department in the same company might have a VM on the same hardware with me.

    So if security is a concern at all, avoiding outsourcing VMs to the cloud is the right strategy.

  10. Re:If only I know who to short ... on How a Researcher Hacked His Own Computer and Found One of the Worst CPU Bugs Ever Found (reuters.com) · · Score: 2

    That would be exactly opposite of the right strategy. As bad as information leaks between processes can be, it's worse when those other processes are owned by a different entity. Who would you rather be potentially able to read your banking details, a family member or some random guy whose name you don't know who could be living anywhere in the world?

  11. Re:If only I know who to short ... on How a Researcher Hacked His Own Computer and Found One of the Worst CPU Bugs Ever Found (reuters.com) · · Score: 4, Insightful

    Actually, AMD is significantly harder to exploit than Intel. The performance crushing patch simply brings the Intel processor level with AMD.

  12. But for those users that do have such a workload and cared enough to use SSD will be devistated by the performance loss.

  13. It might be hard to prove in court, but given Intel's past behavior w/ the Intel compiler, it likely was intentional dirty pool.

  14. Re:five to 30 per cent slow down on 'Kernel Memory Leaking' Intel Processor Design Flaw Forces Linux, Windows Redesign (theregister.co.uk) · · Score: 2

    This is a good point. If the machine lives in a protected environment where only approved software is used by authorized users, disabling the fix to avoid the slowdown might be the right thing.

    But I'm pretty sure the slowdown in this case isn't FUD. Otherwise we'd hear Intel loudly denying it by now.

  15. Re:five to 30 per cent slow down on 'Kernel Memory Leaking' Intel Processor Design Flaw Forces Linux, Windows Redesign (theregister.co.uk) · · Score: 3, Insightful

    They don't have a choice. The cost is quite believable since the workaround involves mapping the kernel in and out of the process space for every system call. Keeping it mapped in and keeping the page tables hot in the cache helps performance a lot.

    The real fix involves new silicon.

  16. Re:In all fairness... on 'Kernel Memory Leaking' Intel Processor Design Flaw Forces Linux, Windows Redesign (theregister.co.uk) · · Score: 5, Insightful

    That bolster's AC's point. It looks like the Intel guys were going to cripple performance for everyone until the patch from AMD removed the unnecessary crippling from AMD processors.

  17. Actually, it's a reference to a hex value that could trigger a nasty Pentium bug.

  18. Re:Great, I work with lowlife pervs on Tech Bros Bought Sex Trafficking Victims Using Amazon and Microsoft Work Emails (newsweek.com) · · Score: 1

    Your points are why I support the basic income. Once we reach the point that nobody goes without food, clothing, shelter, and health care, work environments will necessarily shift in such a way that the people working can honestly be said to be there willingly. Perhaps by distributing the more odious duties more evenly, perhaps by paying enough that people find the exchange equitable. It would also apply more pressure to have machines do the less pleasant work.

    We're starting to see it now. For example, garbage collector is a much less unpleasant job when it mostly consists of driving the truck and using a joystick to grab the cans with a hydraulic arm while still sitting in the truck.

  19. Re:Great, I work with lowlife pervs on Tech Bros Bought Sex Trafficking Victims Using Amazon and Microsoft Work Emails (newsweek.com) · · Score: 1

    When I take a taxi or buy a burger, I am not served by someone who was beaten, shipped over in a cargo hold, beaten some more, and told they will never be free unless they keep quiet and turn their paychecks over to their pimp. I do care if the people are there by their free will or as a result of human trafficing.

  20. You don't think they'd be at all interested in information that helps them make sure they're at the right place?

    Even the pizza guy wants confirming information.

  21. Re:Parents need to as well on Efforts Grow To Help Students Evaluate What They See Online (apnews.com) · · Score: 1

    Might want to a little more charitable about the liver or one day someone will decide nobody pays for your heart problem because you refused to have a healthy drink from time to time. Besides, people who fry their livers drinking tend not to get a replacement liver anyway, they're considered a poor risk. The understanding that everyone has their own faults and follies is well understood across a wide variety of beliefs both religious and secular. Also the idea that sometimes bad things happen to good people.

  22. Right, there were many good reasons to not take the call at face value. That doesn't mean ignore it entirely, it means go investigate. It certainly does not mean go shoot the first person who opens the door.

    Notably, the approach you suggest was already tried and it got an innocent man killed. Why, when blessed with 20/20 hindsight you still advocate such a foolish approach is beyond me.

  23. Re:PROPERTY on 2018 Is the Last Year of America's Public Domain Drought (vice.com) · · Score: 3, Insightful

    That's because you aren't also claiming the right to keep me from saying 'nice house' and building one just like it for myself.

    If you want to write your great novel and lock it in a vault, passing it to your descendants, you're free to do so. Nobody will legally cut the vault open and abscond with your only copy.

    If you choose, you may accept copyright which means that for a limited time (which exceeds your lifetime), society will grant you the exclusive right to make copies. Your descendant doesn't lose the right to make copies after the copyright expires, it's just that the government will no longer prevent others from doing so as well.

  24. Re:We've put the cops in an impossible situation on Kansas Swatting Perpetrator 'SWauTistic' Interviewed on Twitter (krebsonsecurity.com) · · Score: 1

    That hasn't even been the case in the U.S. for very long. Multi-generation homes used to be the norm here as well.

    What makes him a man-child is that he gets crazy upset over a couple dollar bet in a video game, swats people and thinks it's funny, and denies all responsibility when the swatting he caused goes wrong and kills someone. Part of growing up is developing a sense of proportion and the understanding that actions have consequences.

  25. And all of that is a problem. It SHOULD have caused a pause. When police take drastic action at the wrong house, people get hurt or die. Doesn't it seem worthwhile to avoid that?