Got a lot of justified criticism, because when you dissect a real animal, you learn the difference between the idealized diagrams in books and in this case computer programs, and the real thing. It's very educational, and an essential thing for most healthcare workers to learn sometime or another. Also useful if your path ends up being biology or biomedicine research.
A representative Democracy would have results in Hillary winning the election because she had the majority vote.
When your argument for who would have won the US presidential election includes "majority vote", you've just admitted your ignorance of the presidential election process.
I'm sure he just wants the rules to be whatever will make his team win the next election. His real problem is that his counterfactual makes no sense in the real world, Trump he was campaigning to win, instead of campaigning to get the highest popular vote total. In which case he would have, for example, sought every Red vote he could get in California, instead of writing off the state after the primary season. Hillary was so deluded about the certainty of her win that she redirected resources to run up the popular vote total, not wanting to end up like her husband by winning a plurality but not majority of the votes.
The restrictions on commercial use existed as late as 1994, when the first commercial spam was sent, shortly after the NSF removed the restriction on commercial usage.
The two are only connected in a historical sense, "marks the end of the Net's early period in some views", because the Green Card spammers used USENET, which was then a much greater forum for communications. A lot of of USENET traffic was carried over the Internet using NNTP by then, but doubt the majority.
The NRA isn't even a gun manufacturer lobby anymore. The GOP got high level operatives put into key positions in the NRA and they've morphed into a wholly GOP organization.
That would take some doing, seeing as how the "Winning Team" running it primarily for the benefit of their PR firm Ackerman-McQueen ($$$ in begging snail mail etc.) hasn't changed in decades (well, Chris Cox only became head of the ILA in 2002).
You're butthurt about their supposed "partisianship" because after the pause between 2001 when it was correctly judged that without his gun control positions Gore would have won the election, to after his 2012 reelection Obama had "more flexibility, the party at the national level is now 100% for gun control. Which doesn't given the NRA any choices in their endorsements at the national level.
And this will only get worse as the Democrats plunge ever more left in their current purity spiral.
Evidently this proposed law would require putting a serial number on that piece of metal, which would be entirely useless without reporting it to the government.
It is entirely useless even with reporting to the government. Imagine all DIY gun owners dutifully reporting that they have stamped the serial number "1" onto the appropriate part of their homemade gun.
Heh. But if written properly, the "1" would be preceded by a suffix uniquely identifying the maker. Something like that seems to be in place for the official FFL manufacturers, although they get uniqueness with make + model + maybe caliber + serial number.
These people would be happy to achieve something like that by requiring 3D printers to uniquely identify their output, something that's already done sub rosa with ink-jet and laser printers.
Also, history has shown us over and over again, in many countries, that registration is always followed by confiscation.
In the US too, see for example California's about face on SKS rifles. Which are so old and obsolescent the Feds put them in the Relics and Curios category. I think there are some other examples of this in bi-coastal states, but that's the biggest and clearest example. Only mitigated because you can move your gun or yourself out of the state.
I don't think he has an actual position, he is just working on behalf of the NRA.
More like this is an issue he has limited knowledge of, personal concealed carry license and hopefully familiarly with the gun associated with that (it's limited to one gun in NYC), plus one of his sons is one of us. Following the NRA's lead on issues is the easy although not politically safe thing to do, while he has bigger fish to fry like the economy, foreign policy, and illegal immigration.
"Tricking people into buying guns"?
I think the dynamic is probably different -- more like the world seems a lot more unhinged than it used to be, and so many states now allow concealed carry.
Well, that started in 1987 in Florida, quickly followed by many other states, to the eventual outcome of covering 42 states and 72% of the population. The bulk was early, followed by a long tail of Purple and/or KKK states, and then Illinois by Federal Court order (the only change of the facts on the ground to come out of Heller and MacDonald, aside from the Kabuki in D.C.), Wisconsin and Iowa, in ~2010-11. And this is certainly driving Gun Culture 2.0 as an aging population realizes it really needs concealed carry for protection and keeping the peace (you can see this in the preponderance of gray hairs most any class for it).
To me that alone explains most gun demand. And the unhinged part isn't an NRA conspiracy, it's the output of the mainstream media. If anyone is to blame for tricking people, it's the media.
I think our government's domestic reactions to 9/11 were the biggest factor, we weren't asked to do anything more than go out shopping and snitching, we realized we were on our own when it come to self-protection, which continually gets reinforced every time a "known wolf" or unreported prohibited person goes on a rampage. Certainly the gun buying statistics, especially for long guns of military utility, seem to back this. Then Obama turned it up to 11.
The only way I buy into this concept further is that there's just more gun makers and diversity of firearms to choose from. The gun industry was fairly stunted until maybe 20 years ago, dominated by S&W, Colt, Ruger and a small handful of European makers.
You're talking about handguns, right? Because there were and are quite a few more long gun manufacturers, plus surplus, although Cold War stocks have now been emptied. Ah, also include Beretta, they were big back then, and you forgot the Glock monster. But the choice was more constrained, I bought my handguns about 2 decades ago, and small but quality 1911 manufacturers and Beretta were the only companies I recommended at the time for political (Colt, S&W, and Ruger are forever dead to me) and/or safety issues, i.e. just say no to striker handguns for holstering them safely, no external hammer to detect and stop something caught in the trigger guard).
Some, but not all. For instance, the gun manufacturing lobby would probably like more restrictions on private gun sales, though they're very leery of pissing off their customers.
I see absolutely no evidence of that, and I follow the National Shooting Sports Foundation (NSSF), the actual lobby for the nation's "merchants of death" pretty closely. As you note, the reputational damage they would take would be severe (see what we do to "smart gun" companies and anyone who does business with them due to NJ and CA's laws). Only a small fraction of their membership is effected, the retail end which looses some increment of processing money by Federal and almost all state laws not required private sales to do through them, they still get their cut for the original sale after all.
Plus isn't 3D printing still not quite ready for prime time unless you're a pretty serious hobbyist? Not unaffordable, but putzy and technically challenging to produce good output.
Not ready yet, but as the previous poster said give it 10-20 years and it will change. In won't take long before 3d printing metal goes mainstream, and eventually consumer-grade printers will be able to turn out a fairly decent gun. How it eats into gun sales really depends on how mainstream the printers get.
I can't image how long it will take before the quality control of J Random consumer running a metal 3D printer will come anywhere near the professionals, who use less finicky and we can safely assume much cheaper mass manufacturing processes. Right now this is more about sticking it to the man, and in theory having options if the government gets (more) totalitarian.
The ammo is another question, but if you can make gunpowder I don't see why you couldn't print bullet casings too.
Making consistently good smokeless powder is not a trivial thing, there's fewer companies doing that any any other part of the gun industry, except probably primers, which use primary explosives after all and have worse industrial safety records (see the latest Lake City blowup). Note also it's only so consistent, the bulk of their sales are to mass ammo manufacturers who test and adjust the loadings for each lot of powder, consumer reloading powder is from carefully selected, sometimes blended lots that come out "just right". Note also that smokeless powder and primer manufacturers are delighted to sell their products straight to consumers.
Making bullet casings by 3D brass printing... that strikes me as very iffy, the brass is very thin in the walls, the consistency must be very high, and there's literal tons of once fired brass out there for cheap prices. Reasonably high quality bullets can be easily made at home with inexpensive swagging presses and lead plus jacket material, this has been true for decades. Or you can just cast lead bullets.
Not really. Trump has tweeted opposition to lots of things, say illegal immigration. His tweets left no doubt in anybody's mind that he was opposed to it. On this subject he said, "that doesn't make sense." That is not opposition. That is hedging.
Not sure about that, because right now and for the medium term making structural gun parts out of consumer grade and price 3D plastic printers generally doesn't make practical sense, they're not strong or durable. The one full Liberator gun design out there precisely fits the niche of the original Liberator, it's a non-durable kludge that besides sticking it to the man is just a tool that could be used to procure "real" firearms from unwary agents of the state. Which is totally not a problem in the US today with its 450-600 million firearms in circulation, compared to Nazi occupied countries where ownership of a gun was punished with summary execution of the owner and his family.
They're also getting somewhat hysterical now that there's the slight possibility that the Supreme Court will have a 5/4 majority against gun control again.
As for "would require weapons to include at least one metal component", that's already existing federal law.
Evidently this proposed law would require putting a serial number on that piece of metal, which would be entirely useless without reporting it to the government. It's likely an attempt to require registration of all DIY "ghost" guns. Which is not quite as bad as a universal registration law which would assuredly kick off Civil War 2.0, but is of course a step in that direction.
if you want any semblance of speed in instructions that access the flags register.
RISC-V got around any issues with the flags register by dispensing with one altogether. They defend this in part by claiming the most popular programming languages don't care about integer overflow and the like, but they also don't provide any other facilities to make it quick to discover that. The people who need to do big integer math are not amused, and I take this as a clear sign it's a "worse is better" architecture.
Given the serious performance hits when [Spectre-class bugs are] fixed, it is likely a deliberate design choice. It was very likely a hack to get around the limits of silicon to squeeze out ever-decreasing performance gains from the complexities of sub-30nm fabrication and the continued support of an aged x86.
The hacks are much older, in x86 it's all based on the 1990s' Pentium Pro, first shipped using a 50 um process, and the basic concept was first developed by IBM in the mid-late 1960s back when they were using individual transistors fabricated on a module. To date no one has demonstrated a faster approach, but as we're seeing more and more that it comes with high security costs.
Indeed. The higher transistor count needed to quickly decode Intel's variable length instructions is now trivially affordable, so ARM processors don't gain much there, and tend to lose it when memory hierarchy performance is factored in.
Except that we should note that "lots more" transistors to decode or otherwise make a CPU run quickly is harmful for energy usage, so ARM still wins in mobile (although some of Intel's issues there are due to it just not seriously pursuing that potentially high volume but low profit margin niche, including developing low cost fab nodes (possibly low power ones as well), note their fairly recently still using TSMC for Altera's lowest cost line of FPGAs). And being able to run at high clock speeds is generally less desirable in mobile, again to conserve on overall system energy consumption, nothing like Moore's Law has every applied to batteries.
I thought risc was the way of the future when it first came out, yet Intel dominates with their fairly complex architecture. Why and are the problems solvable?
RISC really shined during a brief period where there was an extreme premium on getting every part of a CPU on a single die, and memory speeds weren't totally out of wack with CPU speeds. That favored its approach of the minimum number of transistors on a chip and using memory a bit more wastefully than older approaches grounded in the days when memory was both slow and very expensive, e.g. during the transition from core to DRAM.
Now, of course, we can put relative to those days an infinite number of transistors on a die, and memory speeds are again out of wack with CPU speeds. We've got plenty of main memory, but cache is still dear. To the point that pretty much any execution micro-optimization that causes your working set to exceed a level of caching ends up running slower. And Intel's IA-32 macro architecture didn't make any fatal mistakes like e.g. the VAX's so that it could be made to run quickly without insane effort.
The "gadgets" are just convenient snippets of code that the attacker knows is already running in the target machine, like in commonly used DLLs or shared libraries.
Loaded in random memory locations in all modern OSes.
By definition, DLLs and shared libraries must provide a way to call the code that's inside them, no matter where in memory they are located. Randomized memory layouts only increase the difficultly of some sorts of attacks, they are not a panacea.
It's not paranoia, it's been demonstrated on real systems in real time, there was even a good GUI example. These attacks extract useful data at very high rates as these things go, although this initial proof of concept network example is an exception for its slow rate of extraction... but lots of these proofs of concepts have been sped up as they get explored. That it can be done at all is a big wakeup call.
If you read and understand the previously mentioned original Google Project Zero paper, "Variant 1: Bounds check bypass" "Theoretical explanation", you'll understand that the cache is just a tool, used for timing side channel attacks. The data of interest is in main memory, the attacks probe protected main memory a bit or so at a time, by performing actions only allowed by speculative execution that either place other data in the cache, or don't. Then they read that data, if they get it back quickly, it was in the cache, if not, it wasn't, each read determining based on the timing whether a bit in main memory was set or not.
Your misunderstanding seems to come from not groking that the cache is just a tool for timing side channel attacks, the memory of interest effectively stays in main memory the whole time (in truth, it's of course fetched into the cache hierarchy in the first part of the probing cycle, but that's not relevant to the attack). You must understand this concept, or take the papers on faith, or not, as you choose.
So basically once you've got arbitrary code execution on the remote machine, you can do what ever you want?
On we have to assume all of the fastest CPUs, that do out of order processing including speculative execution. The speculative execution allows setting up side channel attacks like cache timing, and this can, depending of the details, allow you to cross many protection boundaries, between user processes, user to kernel (and not just Meltdown), different threads that were in theory sandboxed (why Chrome is now burning a bit more memory to keep sites in separate processes), even to peek into Intel Software Guard Extension enclaves.
It's hard to exaggerate just how bad this can be; basically, run as little untrusted code on your machine as possible. I.e. as little website JavaScipt as possible, I use uMatrix with some extra severe settings in addition to uBlock Origin (ad blocker). For financial stuff, I spin up a single instance of Firefox and close it when finished. Etc.
For this sort of attack though the network, at first thought, you want defense in depth, so an enemy has to get past a firewall first. Many of those are standardized by ISPs, but there's every chance the lower end ones aren't using out of order processors. Or see the Raspberry Pis, they use older super-scalar but not out of order CPUs.
You use the smashed stack to execute the gadgets, their being picked as such because they're executable bits of code that can be strung together with the smashed stack into what you want. And since you can execute Turing complete programs using ROP, you can probably arrange for something interesting to be unveiled in cache timing attacks, side channels created by speculative execution that out of order CPUs use to run fast.
You use your ROP code to arrange stuff to be in the cache, or not, and then read that memory and time the access. In the example I looked at in detail, just one bit at a time of the data of interest, see the original Google Project Zero paper, the "Variant 1: Bounds check bypass" "Theoretical explanation", it's a nice, very clear example.
Read the Wikipedia article further, the start of a ROP attack required exploiting a bug in the code of the target machine like a stack buffer overrun. Which is woefully easy, especially on Windows, which is also a primary target due to its ubiquity. The gadgets are required because execution on the stack is now generally disallowed.
[...] a computer security exploit technique that allows an attacker to execute code in the presence of security defenses such as executable space protection and code signing.
In this technique, an attacker gains control of the call stack to hijack program control flow and then executes carefully chosen machine instruction sequences that are already present in the machine's memory, called "gadgets"....
The "gadgets" are just convenient snippets of code that the attacker knows is already running in the target machine, like in commonly used DLLs or shared libraries.
didn't one of them just get an $8 billion fine for price fixing flash products?
Ummm, no? I don't remember it (it would be a really big thing, enough to cost them the opportunity to build or upgrade a fab line), couldn't find it using Bing or Google.
Do tariffs have something to do with this? If they do, at what point does smuggling start happening?
The tariffs are only on trade between the PRC and the US, and since Samsung and SK Hynix in Korea have over 80% of the DRAM market, Micron's 17% probably isn't that significant. (Figures from here.)
Slashdot Mirror
Got a lot of justified criticism, because when you dissect a real animal, you learn the difference between the idealized diagrams in books and in this case computer programs, and the real thing. It's very educational, and an essential thing for most healthcare workers to learn sometime or another. Also useful if your path ends up being biology or biomedicine research.
I'm sure he just wants the rules to be whatever will make his team win the next election. His real problem is that his counterfactual makes no sense in the real world, Trump he was campaigning to win, instead of campaigning to get the highest popular vote total. In which case he would have, for example, sought every Red vote he could get in California, instead of writing off the state after the primary season. Hillary was so deluded about the certainty of her win that she redirected resources to run up the popular vote total, not wanting to end up like her husband by winning a plurality but not majority of the votes.
The two are only connected in a historical sense, "marks the end of the Net's early period in some views", because the Green Card spammers used USENET, which was then a much greater forum for communications. A lot of of USENET traffic was carried over the Internet using NNTP by then, but doubt the majority.
That would take some doing, seeing as how the "Winning Team" running it primarily for the benefit of their PR firm Ackerman-McQueen ($$$ in begging snail mail etc.) hasn't changed in decades (well, Chris Cox only became head of the ILA in 2002).
You're butthurt about their supposed "partisianship" because after the pause between 2001 when it was correctly judged that without his gun control positions Gore would have won the election, to after his 2012 reelection Obama had "more flexibility, the party at the national level is now 100% for gun control. Which doesn't given the NRA any choices in their endorsements at the national level. And this will only get worse as the Democrats plunge ever more left in their current purity spiral.
tl;dr: This is how you get more Trump.
Heh. But if written properly, the "1" would be preceded by a suffix uniquely identifying the maker. Something like that seems to be in place for the official FFL manufacturers, although they get uniqueness with make + model + maybe caliber + serial number.
These people would be happy to achieve something like that by requiring 3D printers to uniquely identify their output, something that's already done sub rosa with ink-jet and laser printers.
In the US too, see for example California's about face on SKS rifles. Which are so old and obsolescent the Feds put them in the Relics and Curios category. I think there are some other examples of this in bi-coastal states, but that's the biggest and clearest example. Only mitigated because you can move your gun or yourself out of the state.
More like this is an issue he has limited knowledge of, personal concealed carry license and hopefully familiarly with the gun associated with that (it's limited to one gun in NYC), plus one of his sons is one of us. Following the NRA's lead on issues is the easy although not politically safe thing to do, while he has bigger fish to fry like the economy, foreign policy, and illegal immigration.
Well, that started in 1987 in Florida, quickly followed by many other states, to the eventual outcome of covering 42 states and 72% of the population. The bulk was early, followed by a long tail of Purple and/or KKK states, and then Illinois by Federal Court order (the only change of the facts on the ground to come out of Heller and MacDonald, aside from the Kabuki in D.C.), Wisconsin and Iowa, in ~2010-11. And this is certainly driving Gun Culture 2.0 as an aging population realizes it really needs concealed carry for protection and keeping the peace (you can see this in the preponderance of gray hairs most any class for it).
I think our government's domestic reactions to 9/11 were the biggest factor, we weren't asked to do anything more than go out shopping and snitching, we realized we were on our own when it come to self-protection, which continually gets reinforced every time a "known wolf" or unreported prohibited person goes on a rampage. Certainly the gun buying statistics, especially for long guns of military utility, seem to back this. Then Obama turned it up to 11.
You're talking about handguns, right? Because there were and are quite a few more long gun manufacturers, plus surplus, although Cold War stocks have now been emptied. Ah, also include Beretta, they were big back then, and you forgot the Glock monster. But the choice was more constrained, I bought my handguns about 2 decades ago, and small but quality 1911 manufacturers and Beretta were the only companies I recommended at the time for political (Colt, S&W, and Ruger are forever dead to me) and/or safety issues, i.e. just say no to striker handguns for holstering them safely, no external hammer to detect and stop something caught in the trigger guard).
I see absolutely no evidence of that, and I follow the National Shooting Sports Foundation (NSSF), the actual lobby for the nation's "merchants of death" pretty closely. As you note, the reputational damage they would take would be severe (see what we do to "smart gun" companies and anyone who does business with them due to NJ and CA's laws). Only a small fraction of their membership is effected, the retail end which looses some increment of processing money by Federal and almost all state laws not required private sales to do through them, they still get their cut for the original sale after all.
I can't image how long it will take before the quality control of J Random consumer running a metal 3D printer will come anywhere near the professionals, who use less finicky and we can safely assume much cheaper mass manufacturing processes. Right now this is more about sticking it to the man, and in theory having options if the government gets (more) totalitarian.
Making consistently good smokeless powder is not a trivial thing, there's fewer companies doing that any any other part of the gun industry, except probably primers, which use primary explosives after all and have worse industrial safety records (see the latest Lake City blowup). Note also it's only so consistent, the bulk of their sales are to mass ammo manufacturers who test and adjust the loadings for each lot of powder, consumer reloading powder is from carefully selected, sometimes blended lots that come out "just right". Note also that smokeless powder and primer manufacturers are delighted to sell their products straight to consumers. Making bullet casings by 3D brass printing ... that strikes me as very iffy, the brass is very thin in the walls, the consistency must be very high, and there's literal tons of once fired brass out there for cheap prices. Reasonably high quality bullets can be easily made at home with inexpensive swagging presses and lead plus jacket material, this has been true for decades. Or you can just cast lead bullets.
Not sure about that, because right now and for the medium term making structural gun parts out of consumer grade and price 3D plastic printers generally doesn't make practical sense, they're not strong or durable. The one full Liberator gun design out there precisely fits the niche of the original Liberator, it's a non-durable kludge that besides sticking it to the man is just a tool that could be used to procure "real" firearms from unwary agents of the state. Which is totally not a problem in the US today with its 450-600 million firearms in circulation, compared to Nazi occupied countries where ownership of a gun was punished with summary execution of the owner and his family.
As law professor Glenn Reynolds AKA the Instapundit has pointed out, they have all the justification they feel they need, "the point of gun control is to humiliate and grind down flyover people and demonstrate that the Ruling Class is ultimately the, well, Ruling Class" .
They're also getting somewhat hysterical now that there's the slight possibility that the Supreme Court will have a 5/4 majority against gun control again.
Evidently this proposed law would require putting a serial number on that piece of metal, which would be entirely useless without reporting it to the government. It's likely an attempt to require registration of all DIY "ghost" guns. Which is not quite as bad as a universal registration law which would assuredly kick off Civil War 2.0, but is of course a step in that direction.
RISC-V got around any issues with the flags register by dispensing with one altogether. They defend this in part by claiming the most popular programming languages don't care about integer overflow and the like, but they also don't provide any other facilities to make it quick to discover that. The people who need to do big integer math are not amused, and I take this as a clear sign it's a "worse is better" architecture.
The hacks are much older, in x86 it's all based on the 1990s' Pentium Pro, first shipped using a 50 um process, and the basic concept was first developed by IBM in the mid-late 1960s back when they were using individual transistors fabricated on a module. To date no one has demonstrated a faster approach, but as we're seeing more and more that it comes with high security costs.
Indeed. The higher transistor count needed to quickly decode Intel's variable length instructions is now trivially affordable, so ARM processors don't gain much there, and tend to lose it when memory hierarchy performance is factored in.
Except that we should note that "lots more" transistors to decode or otherwise make a CPU run quickly is harmful for energy usage, so ARM still wins in mobile (although some of Intel's issues there are due to it just not seriously pursuing that potentially high volume but low profit margin niche, including developing low cost fab nodes (possibly low power ones as well), note their fairly recently still using TSMC for Altera's lowest cost line of FPGAs). And being able to run at high clock speeds is generally less desirable in mobile, again to conserve on overall system energy consumption, nothing like Moore's Law has every applied to batteries.
RISC really shined during a brief period where there was an extreme premium on getting every part of a CPU on a single die, and memory speeds weren't totally out of wack with CPU speeds. That favored its approach of the minimum number of transistors on a chip and using memory a bit more wastefully than older approaches grounded in the days when memory was both slow and very expensive, e.g. during the transition from core to DRAM.
Now, of course, we can put relative to those days an infinite number of transistors on a die, and memory speeds are again out of wack with CPU speeds. We've got plenty of main memory, but cache is still dear. To the point that pretty much any execution micro-optimization that causes your working set to exceed a level of caching ends up running slower. And Intel's IA-32 macro architecture didn't make any fatal mistakes like e.g. the VAX's so that it could be made to run quickly without insane effort.
I have shown you, in the Google Project Zero paper. Did you read and understand the section of it I directed you to?
By definition, DLLs and shared libraries must provide a way to call the code that's inside them, no matter where in memory they are located. Randomized memory layouts only increase the difficultly of some sorts of attacks, they are not a panacea.
It's not paranoia, it's been demonstrated on real systems in real time, there was even a good GUI example. These attacks extract useful data at very high rates as these things go, although this initial proof of concept network example is an exception for its slow rate of extraction ... but lots of these proofs of concepts have been sped up as they get explored. That it can be done at all is a big wakeup call.
If you read and understand the previously mentioned original Google Project Zero paper, "Variant 1: Bounds check bypass" "Theoretical explanation", you'll understand that the cache is just a tool, used for timing side channel attacks. The data of interest is in main memory, the attacks probe protected main memory a bit or so at a time, by performing actions only allowed by speculative execution that either place other data in the cache, or don't. Then they read that data, if they get it back quickly, it was in the cache, if not, it wasn't, each read determining based on the timing whether a bit in main memory was set or not.
Your misunderstanding seems to come from not groking that the cache is just a tool for timing side channel attacks, the memory of interest effectively stays in main memory the whole time (in truth, it's of course fetched into the cache hierarchy in the first part of the probing cycle, but that's not relevant to the attack). You must understand this concept, or take the papers on faith, or not, as you choose.
On we have to assume all of the fastest CPUs, that do out of order processing including speculative execution. The speculative execution allows setting up side channel attacks like cache timing, and this can, depending of the details, allow you to cross many protection boundaries, between user processes, user to kernel (and not just Meltdown), different threads that were in theory sandboxed (why Chrome is now burning a bit more memory to keep sites in separate processes), even to peek into Intel Software Guard Extension enclaves.
It's hard to exaggerate just how bad this can be; basically, run as little untrusted code on your machine as possible. I.e. as little website JavaScipt as possible, I use uMatrix with some extra severe settings in addition to uBlock Origin (ad blocker). For financial stuff, I spin up a single instance of Firefox and close it when finished. Etc. For this sort of attack though the network, at first thought, you want defense in depth, so an enemy has to get past a firewall first. Many of those are standardized by ISPs, but there's every chance the lower end ones aren't using out of order processors. Or see the Raspberry Pis, they use older super-scalar but not out of order CPUs.
You use the smashed stack to execute the gadgets, their being picked as such because they're executable bits of code that can be strung together with the smashed stack into what you want. And since you can execute Turing complete programs using ROP, you can probably arrange for something interesting to be unveiled in cache timing attacks, side channels created by speculative execution that out of order CPUs use to run fast.
You use your ROP code to arrange stuff to be in the cache, or not, and then read that memory and time the access. In the example I looked at in detail, just one bit at a time of the data of interest, see the original Google Project Zero paper, the "Variant 1: Bounds check bypass" "Theoretical explanation", it's a nice, very clear example.
Read the Wikipedia article further, the start of a ROP attack required exploiting a bug in the code of the target machine like a stack buffer overrun. Which is woefully easy, especially on Windows, which is also a primary target due to its ubiquity. The gadgets are required because execution on the stack is now generally disallowed.
"Gadget" is a term of art from return-oriented programming; as the good Wiki introduces this:
The "gadgets" are just convenient snippets of code that the attacker knows is already running in the target machine, like in commonly used DLLs or shared libraries.
Ummm, no? I don't remember it (it would be a really big thing, enough to cost them the opportunity to build or upgrade a fab line), couldn't find it using Bing or Google.
The tariffs are only on trade between the PRC and the US, and since Samsung and SK Hynix in Korea have over 80% of the DRAM market, Micron's 17% probably isn't that significant. (Figures from here.)