Here's how you protect completely against meltdown: map only user accessible data into the address space. Now that's not really possible so let's continue: also map a trampoline memory area for the kernel. That area contains a small amount of code that aren't safety critical (reading it will not expose protected data) and a minimal map so that the kernel can load a completely different virtual memory mapping. That map could be somewhat interesting in theory but in practice not. If security is absolutely critical the kernel map it can be placed in a fixed location.
System call: go to kernel mode and branch to the trampoline area. Load the new virtual memory map (via the MOV CR3, xxx instruction) - the kernel now have a map that includes the user mode data/code and private internal data. It can do any work it want to without Meltdown being a problem as it is the kernel and already can read all data it want to. Then the kernel jumps back to the trampoline area still in kernel mode and switches back to the user memory map. It then returns to user mode.
The only problem is that changing the VM mapping is expensive and that code optimized for the assumed processor behavior will not run.
The other problem that can be patched according to my post is the software based protection. There the problem is that checks can be bypassed and leak data to the software protected code. The solution is rewriting checks with code that doesn't use speculation, fairly trivial in theory.
The rest I claimed _can't_ really be patched in software. One can slap patches on certain sensitive checks or do a general pessimization of all compiler generated code however that isn't a realistic solution.
Send your thanks to Intel as it is they who created the mess in the first place.
We have a model where the hardware is expected to conform to the specification. That specification includes: do not allow unprivileged code to access privileged data.
So Linux, Windows and all other x86 systems using protected mode (~all in use) design their system taking advantage of that fact by mapping privileged data into the virtual address space. This also works in all other current processor architectures: Power, MIPS, ARM, Itanium, SPARC, und so weiter.
But Intel _did_ allow unprivileged code to access privileged data when doing speculative execution. This means unprivileged code can read all memory mapped into the virtual address space. So one of the fundamental foundations* of modern OS design is suddenly not valid anymore.
This isn't an easy problem to solve. It have to be solved as quickly as possible (as every Intel system for a very long time is open to attack otherwise) but involves complicated changes in the basic system and have to be made reasonably effective. (* intentional)
Are you 10? You made a claim so it is you that support that (ridiculous) claim. State what software for Linux provides the required functionality or just shut up.
Meltdown can be totally protected against in software however with a significant performance impact.
Spectre can be divided into two kinds of attacks: . One kind that bypass protection checks (range checks etc.) used to create software based virtual machines. These can be protected against in software. . One kind that use shared branch prediction state between an attacker and a victim to influence speculative execution when running the victim code, this can be used to extract data that can be exfiltrated through a shared cache. This is in general not possible to patch in software.
Good program design have nothing to do with this. That's the whole problem with these speculative vulnerabilities: the code that one write isn't necessarily the code that the processor executes. One have to write bad code taking microarchitectural design into consideration to protect against attack.
The Spectre exploits didn't need a multi-processor system to work and assumed the attacker and the victim ran on the same processor. This means cache coherency isn't relevant.
It is possible that these exploits use cache coherency to extract data, however with the small crumbs of information leaked about them it seem at least some of them involve bypassing the protection of virtual machines.
If you really don't think drug companies under FDA regulation are better equipped to do trials as safe as possible than amateurs disregarding safety entirely in order to earn easy money...
I must say your sober, polite and factual text have made me realize what I fool I have been all my life. I'll now convert and spend my remaining time in a monastery contemplating over these truths.
Did that sound logical to yourself before you posted? It obviously isn't.
If the presence of autopilot makes the driver worse in any way, even reducing reaction time in the order of tenth of a second, it can absolutely be more dangerous.
And we know from Tesla's own released data that the reaction time in many people is increased, in some to extreme levels (the fellow deciding sitting in the passenger seat while the autopilot controlled the car).
You obviously don't understand the problems with asbestos. And you'd have to show the (for me) new data that shows graphene as having damaging effects when inhaled greater than the standard "embeds in lungs" materials. Because the problem with asbestos and beryllium particles aren't that they just embed in lungs.
A lot of hot moist air coming from your direction, do I also detect some alcohol?
I own my computer. I also own my own body. I may not be able to tinker with everything in my computer but the same applies to my body. IOW bogus.
No these problems/vulnerabilities aren't intentional. Anybody with a working brain would understand that but as you seem to lack that part: these fall out perfectly logically when tracking the progress of processor design, also adding a problem intentionally means giving up ones market share.
That someone with resources can find a problem is just hand waving. Complex systems have more chances to leak information, processors and computers are very complex beasts so yes statistically it is probable that given enough resources some kind of vulnerability can be found. But that doesn't make them practically exploitable, that doesn't create exploits that aren't there in the first place, that obviously do not make any vulnerability exploitable remotely (ludicrous idea!).
We know how to make secure chips and there are research done in that area. So absolutely wrong.
In short a bunch of inane ramblings. I do hope you can blame the alcohol.
I think another reason is more important, as quoted from ( http://lists.llvm.org/pipermai... ): "... The last drop was llvm associating itself with an organization that openly discriminates based on sex and ancestry (1,2). This goes directly against my ethical views and I think I must leave the project to not be associated with this...."
My personal opinion: It is sadly becoming more common to support people with some "sexual identity" or some specific genetic lineages ("races") while not being a _general_ support of underrepresented or disadvantaged groups. That's just sexist and racist, no way to sugar coat that. Do your part and don't associate or support extremists.
"Facebook is investigating a claim that an employee potentially used access granted by their job to stalk women online, the social media giant confirmed..."
"Facebook is investigating" "confirmed": Facebook confirms that it investigates - fact. " a claim that an employee potentially used access granted by their job to stalk women online": Claim - not fact.
So no we aren't. But now it gets _more_ complicated!
_We_ don't have to agree with things posted here. _We_ don't have to believe what the blurb says. _We_ don't have to believe the claim. _We_ don't have to believe Facebook.
And as why this is on/. - well people here like stories about how Facebook abuses their position or in this case _potentially_ abuses their position.
This got long but only as you obviously need this explained as simple as possible.
You don't need toilets, showers, indoor cooking, freezers, telephones or electricity either. Or why not mention the #1 modern life problem (IMHO): Television including the modern streaming services, what a waste of time.
It's one thing to not like some crap about something but there's no need to go full blown luddite.
Oh. I thought we were talking about the world. You know, with the development of the drug _not_ being done in the US, most humans _not_ living in the US, most HIV/AIDS patients _not_ being in the US....
Manufacturing and selling disks with software he didn't have the right to have in the first place. Is it so bloody hard to understand?
Selling as in making them to earn money.
Selling them as original - LEGAL - discs with extra effort spent to make them as close as possible to the original - LEGAL - discs so that their customer wouldn't complain.
Why is the last part so important? Because they wanted to sell their discs as original - LEGAL - discs to people that wanted original - LEGAL - discs.
This is a standard scumbag as all other for-profit software pirates. Nothing makes this special. Just someone that takes something they don't own nor have right to redistribute to sell to others.
Slashdot Mirror
These flaws? Meltdown is one flaw.
Here's how you protect completely against meltdown: map only user accessible data into the address space. Now that's not really possible so let's continue: also map a trampoline memory area for the kernel. That area contains a small amount of code that aren't safety critical (reading it will not expose protected data) and a minimal map so that the kernel can load a completely different virtual memory mapping. That map could be somewhat interesting in theory but in practice not. If security is absolutely critical the kernel map it can be placed in a fixed location.
System call: go to kernel mode and branch to the trampoline area. Load the new virtual memory map (via the MOV CR3, xxx instruction) - the kernel now have a map that includes the user mode data/code and private internal data. It can do any work it want to without Meltdown being a problem as it is the kernel and already can read all data it want to. Then the kernel jumps back to the trampoline area still in kernel mode and switches back to the user memory map. It then returns to user mode.
The only problem is that changing the VM mapping is expensive and that code optimized for the assumed processor behavior will not run.
The other problem that can be patched according to my post is the software based protection. There the problem is that checks can be bypassed and leak data to the software protected code. The solution is rewriting checks with code that doesn't use speculation, fairly trivial in theory.
The rest I claimed _can't_ really be patched in software. One can slap patches on certain sensitive checks or do a general pessimization of all compiler generated code however that isn't a realistic solution.
Understand now?
So are you dishonest or stupid? Hard to tell those apart sometimes.
Send your thanks to Intel as it is they who created the mess in the first place.
We have a model where the hardware is expected to conform to the specification. That specification includes: do not allow unprivileged code to access privileged data.
So Linux, Windows and all other x86 systems using protected mode (~all in use) design their system taking advantage of that fact by mapping privileged data into the virtual address space. This also works in all other current processor architectures: Power, MIPS, ARM, Itanium, SPARC, und so weiter.
But Intel _did_ allow unprivileged code to access privileged data when doing speculative execution. This means unprivileged code can read all memory mapped into the virtual address space. So one of the fundamental foundations* of modern OS design is suddenly not valid anymore.
This isn't an easy problem to solve. It have to be solved as quickly as possible (as every Intel system for a very long time is open to attack otherwise) but involves complicated changes in the basic system and have to be made reasonably effective.
(* intentional)
Are you 10? You made a claim so it is you that support that (ridiculous) claim.
State what software for Linux provides the required functionality or just shut up.
Heretic? Idiot. Some difference even though you perhaps (being a heretic) not knowing it.
Actually you got the two things switched:
Meltdown can be totally protected against in software however with a significant performance impact.
Spectre can be divided into two kinds of attacks:
. One kind that bypass protection checks (range checks etc.) used to create software based virtual machines. These can be protected against in software.
. One kind that use shared branch prediction state between an attacker and a victim to influence speculative execution when running the victim code, this can be used to extract data that can be exfiltrated through a shared cache. This is in general not possible to patch in software.
Good program design have nothing to do with this. That's the whole problem with these speculative vulnerabilities: the code that one write isn't necessarily the code that the processor executes. One have to write bad code taking microarchitectural design into consideration to protect against attack.
The Spectre exploits didn't need a multi-processor system to work and assumed the attacker and the victim ran on the same processor. This means cache coherency isn't relevant.
It is possible that these exploits use cache coherency to extract data, however with the small crumbs of information leaked about them it seem at least some of them involve bypassing the protection of virtual machines.
https://www.asus.com/Laptops/R...
ROG - Republic Of Gamers
Ryzen 5 or 7 processor
Radeon RX580
If you really don't think drug companies under FDA regulation are better equipped to do trials as safe as possible than amateurs disregarding safety entirely in order to earn easy money...
https://en.wikipedia.org/wiki/...
A low security facility is probably the most likely choice if convicted.
I must say your sober, polite and factual text have made me realize what I fool I have been all my life. I'll now convert and spend my remaining time in a monastery contemplating over these truths.
I imagine he'd spend time in a relatively nice federal facility in the US.
Did that sound logical to yourself before you posted? It obviously isn't.
If the presence of autopilot makes the driver worse in any way, even reducing reaction time in the order of tenth of a second, it can absolutely be more dangerous.
And we know from Tesla's own released data that the reaction time in many people is increased, in some to extreme levels (the fellow deciding sitting in the passenger seat while the autopilot controlled the car).
...
Or he could just be posting some crap without thinking much about it.
I propose 3 maximum given the 4 color theorem with the additional constraints of this problem. ;P
You obviously don't understand the problems with asbestos. And you'd have to show the (for me) new data that shows graphene as having damaging effects when inhaled greater than the standard "embeds in lungs" materials. Because the problem with asbestos and beryllium particles aren't that they just embed in lungs.
A lot of hot moist air coming from your direction, do I also detect some alcohol?
I own my computer. I also own my own body. I may not be able to tinker with everything in my computer but the same applies to my body. IOW bogus.
No these problems/vulnerabilities aren't intentional. Anybody with a working brain would understand that but as you seem to lack that part: these fall out perfectly logically when tracking the progress of processor design, also adding a problem intentionally means giving up ones market share.
That someone with resources can find a problem is just hand waving. Complex systems have more chances to leak information, processors and computers are very complex beasts so yes statistically it is probable that given enough resources some kind of vulnerability can be found. But that doesn't make them practically exploitable, that doesn't create exploits that aren't there in the first place, that obviously do not make any vulnerability exploitable remotely (ludicrous idea!).
We know how to make secure chips and there are research done in that area. So absolutely wrong.
In short a bunch of inane ramblings. I do hope you can blame the alcohol.
I think another reason is more important, as quoted from ( http://lists.llvm.org/pipermai... ): ..."
"...
The last drop was llvm associating itself with an organization that
openly discriminates based on sex and ancestry (1,2). This goes
directly against my ethical views and I think I must leave the project
to not be associated with this.
My personal opinion:
It is sadly becoming more common to support people with some "sexual identity" or some specific genetic lineages ("races") while not being a _general_ support of underrepresented or disadvantaged groups. That's just sexist and racist, no way to sugar coat that. Do your part and don't associate or support extremists.
Great ideas and people come from all over the world. You'd know that it you weren't a crypto-racist with associated blinders.
Not sure if troll or mentally disturbed creep...
"Facebook is investigating a claim that an employee potentially used access granted by their job to stalk women online, the social media giant confirmed ..."
"Facebook is investigating" "confirmed": Facebook confirms that it investigates - fact.
" a claim that an employee potentially used access granted by their job to stalk women online": Claim - not fact.
So no we aren't. But now it gets _more_ complicated!
_We_ don't have to agree with things posted here.
_We_ don't have to believe what the blurb says.
_We_ don't have to believe the claim.
_We_ don't have to believe Facebook.
And as why this is on /. - well people here like stories about how Facebook abuses their position or in this case _potentially_ abuses their position.
This got long but only as you obviously need this explained as simple as possible.
You don't need toilets, showers, indoor cooking, freezers, telephones or electricity either. Or why not mention the #1 modern life problem (IMHO): Television including the modern streaming services, what a waste of time.
It's one thing to not like some crap about something but there's no need to go full blown luddite.
So you are saying Indian coders are held back by their non-Indian coworkers?
Oh. I thought we were talking about the world. You know, with the development of the drug _not_ being done in the US, most humans _not_ living in the US, most HIV/AIDS patients _not_ being in the US. ...
Manufacturing and selling disks with software he didn't have the right to have in the first place. Is it so bloody hard to understand?
Selling as in making them to earn money.
Selling them as original - LEGAL - discs with extra effort spent to make them as close as possible to the original - LEGAL - discs so that their customer wouldn't complain.
Why is the last part so important? Because they wanted to sell their discs as original - LEGAL - discs to people that wanted original - LEGAL - discs.
This is a standard scumbag as all other for-profit software pirates. Nothing makes this special. Just someone that takes something they don't own nor have right to redistribute to sell to others.