MOV with an immediate value is even worse! Outlaw them all!
Having said that - sometimes the kernel does have a right to prevent user space applications shooting themselves in the foot (e.g. trapping out-of-bounds memory accesses), it is possible to make an argument that - if the intel generator were to proved to be compromised - that the kernel should intervene and prevent it.
Do you think a kernel that can intercept and correct FDIV calls on broken chips should let userspace blindly just receive unwanted results from said instruction?
In the rdrand case, the userspace program wants a random number. If rdrand is buggy, and does not return that, then how is that different from the FDIV case?
And if you want to prevent the kernel from ever being started that way just compile it out by disabling this Kconfig option with make-menuconfig, or similar:
config ARCH_RANDOM
def_bool y
prompt "x86 architectural random number generator" if EXPERT
---help---
Enable the x86 architectural RDRAND instruction
(Intel Bull Mountain technology) to generate random numbers.
If supported, this is a high bandwidth, cryptographically
secure hardware random number generator.
Agree. I have a similar perspective. I was once hired to do the work of half a dozen people. I had to once explain to my boss's boss's boss that my negative productivity (as measured by "metrics") was because I was *undoing* the work of half a dozen people. The negative productivity programmer does exist, and can be lethal in quantity.
One guy *can* be worth 10 numbnuts, but GPP explicitly said "average" not "bottom of the heap". The source you link to even supports the fact that the top of the heap are only about two and a bit times as productive as the average. Add to that the fact that prima donnas can be positively damaging to anything apart from their own personal pet projects, and the "Rockstar" really isn't that great a deal at all. The only thing one 150k a year guy is good for is one-man projects.
I'm lucky to work with a bunch of right-hand-side-of-the-bell-curve engineers who all like cooperating and sharing information, and are never afraid to ask for additional input - nobody thinks of themself as, or wants to be, a rockstar, and that's about the best scenario you can hope for.
His laptop breaking brought about 0.0001% of the actual work on linux to a halt, if that. Every linux developer continued developing as normal. Every code reviewer continued reviewing code as normal. Every subsystem maintainer kept maintaining their subsystem as normal. Every automatic test built robot kept automatically doing build tests as normal. People who desperately needed the patches that Linus was going to push put, if they really were that desperate, would have just pulled them from linux-next, or the relevant subsystem maintainer's tree, or, *most likely*, would already have them!
Are you attempting to claim the prize for the person with the least understanding of the Distributed Source Code Control System in use?
There was absolutely no code on his system that wasn't on between dozens and thousands of other systems depending on its age.
Just read TFA: "I had pushed out _most_ of my pulls today". His "pulls" are code that is *elsewhere*. He's just a conduit (and gatekeeper) between a few dozen elsewheres and a server with a fat pipe. And by the construction of the system, it really shouldn't matter how those pulls ordered. (If there'll be a merge conflict one way round, there'll be a merge conflict in other permutations too.)
However, if you look at even successful IT companies, well established ones, you'll find that 90% of their individual projects fail (many fail to even make it to mark it, some flop once they're there). If the startup is focussed on one single thing, then its failure rate is just the same as any other company's, it's just that the whole company fails when that single product/service fails.
I guess I should be happy that I'm at about 2/15 success rate, it's just a shame that the technically better products weren't the ones that were a hit in the market.
I hope your sarcasm is understood, it's a dangerous technique to use on the internet.
However, there's an interesting twist to the pcode vs. native code dichotomy, from reverse engineering standpoint, as anyone who's well versed in the brain-mangling line noise that calls itself the IOCCC will know. One of the best obfuscations is to embed an interpreter into your code, and then do all the hard work in the bytecode.
Sounds remarkably like security through obscurity to me. With the predictable outcome.
You have no right to feel secure if you only think you're secure assuming noone else examines your source code. http://en.wikipedia.org/wiki/Kerckhoffs%27s_principle
False. Things which were true in the past, but not now, are false. He is not a top ranking policeman any more than George Bush is the US president.
For reference, he's the cunt who tried to prevent an investigation into the shooting of an innocent Brazillian electrician in cold blood by his poorly-trained (but apparently the best you've got) underlings who thought he was a middle-eastern terrorist bomber.
Everything this man says about secrets is tainted. He's Captain Coverup.
> Terrorists are a sometimes-maybe-sorta threat. Government is much more terrifying because it is always there protecting itself rather than its citizens.
And have you compared their funding? Orders of magnitude difference. In addition, one of them throws you in prison if you *don't* fund them. More civilised than kneecapping, but ultimately not much different.
At some point you're going to realise that the "love it or leave it" loons are actually right, and you should leave it.
When I was a young kid, and I first heard "literally", I presumed it was something to do with "literature", stuff like Harper Lee or Shakespeare - i.e *fiction*. It must have taken years before I actually checked its dictionary meaning (its literal meaning, one might say), and had quite a shock. Now, every time I see someone "misuse" the word, I initially think "no it wasn't, you're exaggerating ", and then think back and mellow to a "well, you might imagine a diarist (or journalist) writing that" stance, and let it pass. Language changes; this isn't the grossest perversion of the language that I've seen.
Have some respect, that's your government you're insulting! http://geke.us/GS.html
(OT - And incidentally, in case anyone interprets my.sig as being anti-Obama, I first set it while Bush was in power, and just never got round to changing it. For obvious reasons.)
Perkele's harder to translate into English, being the name of an pagan god. So you'd probably want it to be something that offends Church of England sensibilities through blasphemy. I can't think of anything apart from "Hell!" that fits that description at the moment, but that's not really any good as the Finns have "Helvetti" for precisely that meaning. I'm not sure how much the Finns distinguish "perkele" from "saatana" = "satan". It's worth asking a Finn.
Slashdot Mirror
> NSA would need a CA under their control
What makes you think they don't have a dozen already?
MOV with an immediate value is even worse! Outlaw them all!
Having said that - sometimes the kernel does have a right to prevent user space applications shooting themselves in the foot (e.g. trapping out-of-bounds memory accesses), it is possible to make an argument that - if the intel generator were to proved to be compromised - that the kernel should intervene and prevent it.
Do you think a kernel that can intercept and correct FDIV calls on broken chips should let userspace blindly just receive unwanted results from said instruction?
In the rdrand case, the userspace program wants a random number. If rdrand is buggy, and does not return that, then how is that different from the FDIV case?
And if you want to prevent the kernel from ever being started that way just compile it out by disabling this Kconfig option with make-menuconfig, or similar:
config ARCH_RANDOM
def_bool y
prompt "x86 architectural random number generator" if EXPERT
---help---
Enable the x86 architectural RDRAND instruction
(Intel Bull Mountain technology) to generate random numbers.
If supported, this is a high bandwidth, cryptographically
secure hardware random number generator.
No need to delve into C at all.
Cairo! http://www.youtube.com/watch?v=1Cwyq3XWeHE
Any *street legal* Ferrari, definitely.
And after he dies, several thousand people make a claim to his estate...
Then buy a ZR1 that costs 1/20th of a Veyron, and can still go faster than this Ferrari.
Agree. I have a similar perspective. I was once hired to do the work of half a dozen people. I had to once explain to my boss's boss's boss that my negative productivity (as measured by "metrics") was because I was *undoing* the work of half a dozen people. The negative productivity programmer does exist, and can be lethal in quantity.
So very wrong.
One guy *can* be worth 10 numbnuts, but GPP explicitly said "average" not "bottom of the heap". The source you link to even supports the fact that the top of the heap are only about two and a bit times as productive as the average. Add to that the fact that prima donnas can be positively damaging to anything apart from their own personal pet projects, and the "Rockstar" really isn't that great a deal at all. The only thing one 150k a year guy is good for is one-man projects.
I'm lucky to work with a bunch of right-hand-side-of-the-bell-curve engineers who all like cooperating and sharing information, and are never afraid to ask for additional input - nobody thinks of themself as, or wants to be, a rockstar, and that's about the best scenario you can hope for.
His laptop breaking brought about 0.0001% of the actual work on linux to a halt, if that. Every linux developer continued developing as normal. Every code reviewer continued reviewing code as normal. Every subsystem maintainer kept maintaining their subsystem as normal. Every automatic test built robot kept automatically doing build tests as normal. People who desperately needed the patches that Linus was going to push put, if they really were that desperate, would have just pulled them from linux-next, or the relevant subsystem maintainer's tree, or, *most likely*, would already have them!
Are you attempting to claim the prize for the person with the least understanding of the Distributed Source Code Control System in use?
There was absolutely no code on his system that wasn't on between dozens and thousands of other systems depending on its age.
Just read TFA: "I had pushed out _most_ of my pulls today". His "pulls" are code that is *elsewhere*. He's just a conduit (and gatekeeper) between a few dozen elsewheres and a server with a fat pipe. And by the construction of the system, it really shouldn't matter how those pulls ordered. (If there'll be a merge conflict one way round, there'll be a merge conflict in other permutations too.)
heck, get all modern and fancy, and serve that directory of files using httpd instead.
...
Yet another "yet another..."
Sure, and it's got an 85" 4K screen too, I bet you didn't expect that!
However, if you look at even successful IT companies, well established ones, you'll find that 90% of their individual projects fail (many fail to even make it to mark it, some flop once they're there). If the startup is focussed on one single thing, then its failure rate is just the same as any other company's, it's just that the whole company fails when that single product/service fails.
I guess I should be happy that I'm at about 2/15 success rate, it's just a shame that the technically better products weren't the ones that were a hit in the market.
Fuck, that woooosh just blew my wig off!
I hope your sarcasm is understood, it's a dangerous technique to use on the internet.
However, there's an interesting twist to the pcode vs. native code dichotomy, from reverse engineering standpoint, as anyone who's well versed in the brain-mangling line noise that calls itself the IOCCC will know. One of the best obfuscations is to embed an interpreter into your code, and then do all the hard work in the bytecode.
Reading the paper, googling for the debug hash, lead to this from 2012 which covers a lot of the same ground:
http://archive.hack.lu/2012/Dropbox%20security.pptx
"A critical analysis of Dropbox software security", Florian LEDOUX
Sounds remarkably like security through obscurity to me. With the predictable outcome.
You have no right to feel secure if you only think you're secure assuming noone else examines your source code.
http://en.wikipedia.org/wiki/Kerckhoffs%27s_principle
I can't find a reference to it now, but I'm pretty sure that possession of a London map has been considered as evidence that you might be a terrorist.
False. Things which were true in the past, but not now, are false. He is not a top ranking policeman any more than George Bush is the US president.
For reference, he's the cunt who tried to prevent an investigation into the shooting of an innocent Brazillian electrician in cold blood by his poorly-trained (but apparently the best you've got) underlings who thought he was a middle-eastern terrorist bomber.
Everything this man says about secrets is tainted. He's Captain Coverup.
> Terrorists are a sometimes-maybe-sorta threat. Government is much more terrifying because it is always there protecting itself rather than its citizens.
And have you compared their funding? Orders of magnitude difference. In addition, one of them throws you in prison if you *don't* fund them. More civilised than kneecapping, but ultimately not much different.
At some point you're going to realise that the "love it or leave it" loons are actually right, and you should leave it.
When I was a young kid, and I first heard "literally", I presumed it was something to do with "literature", stuff like Harper Lee or Shakespeare - i.e *fiction*. It must have taken years before I actually checked its dictionary meaning (its literal meaning, one might say), and had quite a shock. Now, every time I see someone "misuse" the word, I initially think "no it wasn't, you're exaggerating ", and then think back and mellow to a "well, you might imagine a diarist (or journalist) writing that" stance, and let it pass. Language changes; this isn't the grossest perversion of the language that I've seen.
Have some respect, that's your government you're insulting! http://geke.us/GS.html
.sig as being anti-Obama, I first set it while Bush was in power, and just never got round to changing it. For obvious reasons.)
(OT - And incidentally, in case anyone interprets my
Because your code is more fragile to misrendering or mistransmission by Slashdot, and MS Exchange, and yahoogroups, and google groups, and ...
The answer to your question was in your parent post, did you not see it?
Fuck ~= vittu, literally cunt, from Swedish fitta
Perkele's harder to translate into English, being the name of an pagan god. So you'd probably want it to be something that offends Church of England sensibilities through blasphemy. I can't think of anything apart from "Hell!" that fits that description at the moment, but that's not really any good as the Finns have "Helvetti" for precisely that meaning. I'm not sure how much the Finns distinguish "perkele" from "saatana" = "satan". It's worth asking a Finn.