Re: Paper Trail
uploading it to a cloud
As in "set fire to it"?
- need - more - coffee -
450 posts • joined 30 Jan 2015
uploading it to a cloud
As in "set fire to it"?
- need - more - coffee -
Surely it's horses for courses.
I can say with complete confidence that horses are not much use in the North Sea.
I am somewhat less confident that Windows is suitable for "real work". Fake work, maybe.
Except that "out of order" cpus do not inherently have a predictable instruction execution time, even in a single thread environment, and Intel's threads are "virtual" ie not dedicated - which is where these bugs originate - which means if the CPU is hard at work on multiple threads, unless you have control over what all of them are doing, timings are being actively randomised,<p>
I am not saying "don't panic" I am saying "you only need to panic a small amount, and quite slowly" - there is time for a cup of tea first.<p>
OTOH, since Intel did this deliberately, you might want to go to another supplier next time.
Am I being naïve?
Yes. This is a privacy case. If there is a list of victims contact details and back accounts, and the penalty for leaking them is not up to a fraction of a chocolate bar for each offence, then obviously, those details will be sold within the hour.
I have just developed some software of my own. It cost me $37, and it was delivered on time and to spec. But I don't work for Ocado or the government.
I was using BSD in 1977 so was I, but it was not free in those days. You paid quite a lot for the licence (or some else did - in my case GEC).
Free distribution was normal before Bill Gates. Its a simple as that.
He wrote a famous letter saying "the programmer deserves to be paid" a few months after he ripped off the author of what he renamed to DOS.
and you pay people based on their WORK QUALITY
Then how do you explain Windows?
Open source is a totalitarian dream. It means you can't have competitive advantages
So there's only one Linux distribution, and the BSDs are not different operating systems?
More and more developers just reuse some bad library, or copy shitty code.
Would not dispute that shitty developers have shitty processes, and expose their shitty code to public view, for others to copy. But eventually, some of it gets fixed.
I think you will find that closed source is far worse - not only is shitty open source code copied without crediting the actual authors, it is not updated when the open source version is fixed.
Because writing their own code is too expensive and time consuming. affects closed source every bit as much as open source - probably more so - many open source contributors write the code because they want the code, and then open source it so others will help maintain it. (I speak for myself here). Closed source code is just not fixed. (Have you ever phoned in a bug report to MS and got a fix?)
So roughly the equivalent of "a slap on the wrist with a soft pillow".
(Sounds like the potential title of a reggae song by Si Cranstoun. - maybe I need more coffee).
the skeletons are coming home to roost.
featuring Wallace and Gromit?
For reliability you want your VMs spread across hosts and data centers.
For security, you might not!
If your organisation is big enough to have more than one building, you can have a server closet in each. Hell, if you are a CEO, you probably have several closets big enough to hold a rack full of servers, and desperately need a reason why your entire mansion should be tax deductable expense: put an Enterprise scale server in one and network it to your galactic HQ. It justifies the cost of food for the enormous, man eating dog you need for security. Saves on the heating bill too! With some creative accounting, it probably even covers a pink pony for your daughter as well.
(But remember 77dB is QUITE LOUD!)
You might as well just use... your own server.
That was the "Halt and Catch Fire" instruction.
Very useful in military applications where you did not want you software leaking from chips with on board ROM.
I have Several Thinkpads with Linux and/or OpenBSD on - are you sure they are safe?
(I doubt this fix will be enough to make Windows secure).
Use your password manager (e.g. Keepass) to generate 'passwords' for these fields and store the questions and answers in the notes box attached to username and password.
You are ignoring the people using Meltdown to access your password manager. This is not a good plan. Use Post-it notes. The old ways are the best!
June is still earlier than October
Not in Intel's world, evidently.
Any news on Sparc V9 running OpenBSD?
Fork Handles to you sir!
You can't really replace multiple large screen setups with a tablet.
Well may be you can't and I can't, but PHBs and MBAs are quite capable of it. That is how they justify those huge bonuses.
Ten year old screens can to 1280x768*, just like the new ones, and the 10 year old cases are a lot more robust than most of the modern junk. I can see why people are not in a rush to upgrade.
* or you can get a netbook with an 800x600 screen from PC world if you are really desperate.
Does Intel actually have a department dedicated to finding bugs<P>
Possibly. The problem would appear to be that they have a great many departments dedicated to implementing bugs.
I think you fail to realise that Google search results are "personalised" based on browsing history. (Same applies to the original complainant).
However, I fail to see why Google stops at throwing the developer off. Surely they should be reported to the police for exposing the youth of today to reality
Throughout 99.9% of their existence, humans have lived a subsistence life. Surely they can return to that while the rich reap the rewards of the system they have gamed to their advantage?
Of course they can - provided the population returns to what it was 2,000 years ago. (ie 99.9% of the population dies).
The only negative i see is that the further robotisation of the workforce sucks for the people who lose their jobs. Everyone else benefits.
You are correct - but it is a matter of proportion - like if 99% have no jobs (and not much food), and 1% that is everybody else has all the robots, then the people without jobs may decide that "it sucks" is not how they want their life - and, guess what, they can make their own robot, called "Madame la Guillotine" and address the problem in the traditional way.
I suspect that Rednecks with guns are more dangerous than French peasants without trousers - Trump may yet be trumped!
I don't want to purchase shit.
Then presumably you wont by anything with "Cloud" in its name or description - it tells you all you need to know.
I would expect a little bit of Quality Assurance
That's OK, we will be off your lawn real soon now.
Computer architecture has historically assumed that you controlled your computer and the workload that ran on it.
Unix has historically assumed it was running on the University computer, and every single intelligent student was hell-bent on hacking it.
Large machines prior to the advent of Wintel faced similar levels of attempted assaults - by people who had detailed knowledge of the architecture - including schematics, and many years of assembler experience with the knowledge that National security was at risk (or possibly CISC :-).
The combination of developments that is Intel, MS, high level languages and the concept of a personal computer mean that machines developed with the security needs of an Apple ][ are now able to exceed the throughput of a Beowolf cluster of Crays.
This took place without anyone thinking there might be a need to re-examine a few assumptions and review security consequences of incremental changes (or they did, and were told to keep their mouths shut).
My memory may be a bit weak in the management areas due to lack of coffee, but AFAICR:
* a Memory Management Unit - everything after the 8086
* a memory cache - everything after the 80386
* a branch predictor - Probably Pentium 1 and up
* Supervisor & User modes - everything after the 8086
I think there is slightly more to the story than what you said. Specifically, the issue
depends on how the MMU works, and how it is used.
I have not been involved in CPU design for over 30 years BUT:
I would not expect user mode code to have any way to be aware of the MMU's internal
* The MMU should disallow access to all virtual pages not in use by the current task.
* Addresses in the current user address space not mapping to physical memory should map to either a virtual address saying "illegal access" or to one saying "You will need to swap me in before you can read me"
* there should be NO way to access physical memory that does not go via the MMU - not even for speculative instruction or data fetch.
The bug reports seem to describe noticing that a speculative fetch that goes unused causes a delay which can be used to identify the value of data FROM THE DELAY. I dont understand this. If the speculative address names is not in cache, then how is fetching it speculatively justified?
Conclusion - This is not MMU - this is cache management - which SHOULD do a similar thing to what the MMU does BUT ISN'T DOING IT. The bug is (partly) that you can read data in the cache that is not yours. This is not really a risk UNLESS: There is some way to find out whose it is.
While MMU pages are normally 4k bytes, cache lines are more like 16 bytes. Fetching 16 bytes from "somewhere", with no way to find (or control) which page of whose address space they belong to is not a significant risk, although obviously undesirable. In normal circumstances, your next attempt to do this would probably fetch from a completely different page in a different task.
Clearly we are not being told the whole truth here.
It seems more like there is a way to FORCE the caching of other people's address spaces and make that visible to you. That gives you security on a level with a Commodore Pet. If so, then yes, Intel may have to replace every CPU since on chip caching (probably Pentium 1).
they could read the entire contents of kernel memory on an AMD chip IFF the Berkeley Packet Filter (BPF) Just-In-Time compiler is enabled in the kernel.
The name "Berkeley Packet Filter" should be a give-away - this is part of the firewall in FreeBSD derived systems, Linux uses a different firewall, as does OpenBSD. This may affect a large number of routers which use BSD derived code - a very high risk since, in most cases, (a) this is not obvious to the owner/user, and (b) they are very unlikely to be patched.
Routers are a great target for malware - because they are Internet connected and always on.
The good news is that this should be easily patched IF the manufacturer is threatened with sufficiently serious consequences - which may or may not include "cruel and inhuman torture" - IANAL.
What we have here is an example of "Dimocracy" government by the dim, of the dim, for the dim!
The CISC vs RISC was about wat is the performance bottleneck: if instruction decode is costly, then RISC is faster, if memory access is the bottleneck, CISC is faster. With pipeline to mitigate instruction decode cost, and cache to mitigate memory access, the decision is less clear.
Throw in out of order and speculative execution, and it all becomes an even bigger muddle,
When Seymour Cray did speculative execution it was limited to 7 instructions, and a context switch would lose the lot anyway. Now, Intel are doing more than 200 instructions, the gravy thickens. What was secure for 7 instructions and no cache is not necessarily secure for 200 and two levels of caching. Someone SHOULD have realised the scale of what can happen in 200 instructions - while checking out that the speculation was logically sound. They had from about 1980 to the present to investigate.
However, all the older CPU designers privy tp discussions about this in the 1980's have now retired - probably in part because "computers are new, and old people won't understand" based age discrimination. (For those who don't know - computers date from 1949 - and some of us still remember the first one - EDSAC 1 and talked to the people who built it).
Allowing bypass of access validity checks in the name of speed was about as sensible as saying "we won't have a store detective in the checkout area because it would increase checkout queues and cost money". Even Poundland knows that is not the way to a successful business.
Are they the ones with pockets big enough for full height 5 1/4" hard drives?
Nonsense. You obviously have no experience of Oracle: Sparc is not susceptible - so pay an extra 30% for no reason at all!
Murphy/Sod's law (updated) : "If anything can go wrong , it will go wrong - at the worst possible moment".
But if it can't go wrong, not only it will, but probably sooner too.
Its probably wet string, not even copper.
Irish soil, which just happens to be owned by an American company
It looks clear enough to me: America owns Ireland. fight over.
In some parts of London, no one has fixed the potholes since 1937.
And to make matters worse, I was told people have been importing potholes from Ghana to the UK on such a scale that Ghana is suffering a pothole shortage!
You are probably over the age of 40. We all did it that way in the olden days - it was real liberation to not have to use someone else's mainframe. Now, the young whipper-snappers can't do a damned thing, so they "outsource" it.
Using someone else's environment, used to be known as "got you over a barrel".
As a developer, I want control over the environment. How is it less effort to specify what you want to someone else, who then has to convert it into choices from a radio-button list, and then hack what wont fit, than install an OS (40 mins or so, if its not windows), and then install the packages you want (with dependencies) another 40 mins, and then update it when YOU want (type relevant command, drink beverage of choice), compared to attempting to explain by email to someone in another time zone that you specifically did not want PHP upgraded to version 7 in the middle of a user evaluation (or whatever). Its probably quicker to install an OS you are used to, than to read the T&C for some cloudy proposition carefully. Definitely less stressful than explaining to a potential client why the system went berserk during the demo.
You can buy used servers from Ebay for about what you get paid for a day's work. Hell, you can buy a complete Oracle Enterprise scale server for a couple of grand (assuming you can afford the electric bill).
I used to work at PYE TVT in Cambridge. We did not have to wear ties while repairing picture monitors - basically large CRT TVs in metal boxes. Rumour had it that shortly before I arrived, a salesman had turned up and had a look inside one wit its case off. His tie had a gold thread in it, and it touched the 5kV tube anode supply. Loud yell resulted.
As for myself, I was wiring one up - the video cable was 1/2" thick coax with a connector about 1" across on the end, and screwed into the chassis. The other end was connected to a steel frame bolted to the ground, with a huge plaited cable going to grounding rods outside. The mains supply also had a metal connector. On the occasion in question, the connector had been wired up by a colour blind engineer, with the red live wire instead of the green earth connected to the metal cast connector shell. Holding the chassis under my left arm, I grabbed the mains connector - the mains obviously went strait across my chest - and my yell stopped the entire factory! No earth leakage trips in those days! Colour blind electricians ARE a problem.
You forgot to mention: Voice recognition will be a solved problem, and robots will have taken over the world.
And, I wish to point out that your COBOL one has come true: and it probably explains why the banking system is no longer reliable.
I also know from trying to hire people that that skillset is incredibly rare.
The direct consequence of piss-poor pay for 30 years. Assembly language programmers are seen like the scrap metal workers in the engineering industry. Yes, there is a kind of respect, but not real respect, and definitely not the money they would get if seen as the precision machine operators in the development labs that they are.
Disclaimer: I have written assembler for MIPS and Sparc, as well as Intel, and a bunch of 8 bit stuff best forgotten - I have made far more from writing PHP and C++.
One flaw about analyzing 'big data' is that is often actually very disparate data silos that are not easily linked together.
You obviously have very limited experience of SQL and statistics.
The big flaw is "people tell lies" - especially if they thin their data is, or might be, collected.
This should be illegal the same way anything that appears to incentivise truck drivers to go faster or skip on compliance with driving hours is illegal.There probably needs to be a requirement that a DPO is a "fit and proper person" the same way anti-money-laundering regs require it, and a similar regime for auditing as for the above (trained officers in an organisation actively on the prowl).
I was going to stop short of the next one, but my wife just got a letter from Experian "You know your data we lost, well give us some more!": the enforcement officers should be permitted to conduct dawn raids on horseback, with drawn swords - Like the VAT and HMRC officers allegedly are.
WTF are machines handling classified info doing connected to the Internet?
Leaking seams to be the largest part of what they do!
in the 1980's, I worked on the plans for a (post ICL) project based on this work - it was to have had raid-like architecture, with multiple disk drives, each with an "embedded" SQL processor - so instead of a file store, it was a (relational) data store.
As it was British, and ahead of its time, there was insufficient funding and the concept was abandoned in the usual way.
The passengers, thus government, get upset by television reports of grieving widows and children.
So get cracking folks: what we need is Youtube videos of people crying over a BSOD! (or IoT device leaking video of their teenage daughter's bedroom antics live on children's TV). However, Amazon Prime's "let the burglars in" door lock may be a good start.
Less downtime = less cost in the long run
However, if the profit is not there in the end of quarter report, the share price will crash, and that is the end of the corporation. Blame the lack of heavy trading costs for short termism. If you want a decent quality of life and don't want a world of Ponzi, what you need is hefty stamp duties.
Bleed the speculator community to death. It is a sacrifice worth making (and probably even kosher).
In all these case, the lesson most learned was "the strategy of burying our heads in the sand and lying to everyone was a complete success".
I would prefer that to the roll-out of systemd with no testing at all.
Biting the hand that feeds IT © 1998–2018