* Posts by _LC_

268 posts • joined 22 May 2018

Page:

Can't do it the US way? Then we'll do it Huawei – and roll our own mobile operating system

_LC_

Re: We need the Mozilla / Firefox phone!

That JavaScript crap managed to be far worse than Android.

_LC_

Re: Another operating system?

Android is running atop of Linux.

_LC_
Linux

Question being:

Could it be any more inefficient and bogus (continuously vulnerable, just utter out ‘media-framework’ aloud) than Android?

If it wasn’t for that ton of Apps... Android spyware itself can be considered a pile a crap. Some sort of capability to run Android apps would suffice (as Sailfish-OS does).

Bombs Huawei... Smartphone exploded in my daughter's pocket, seriously burning her, claims dad in lawsuit

_LC_
Angel

Re: They want sued...

Yes, that you thinkered very good. Sank you.

_LC_
Stop

Oh, Huawei is sooo bad and Maduro is staaaarving the population...

It's not that it isn't true, it's just that this is normally not being reported like this (attempting to kill a company).

Pick your favorite brand and add the terms "battery explodes", doing a web-search. Just two examples:

iPhone:

https://www.youtube.com/watch?v=CEVglIJC5o0

iPhone battery explodes in the middle of a store | New York Post

Motorola:

https://www.youtube.com/watch?v=NhSZK43ovpU

Motorola Droid 2 cell phone EXPLODES in mans ear

...

'What's up, Skip?' asks paraglider – before 'roo beats the snot out of him

_LC_

This can be easily spotted:

Skippy was protecting the herd. The attack ended when the herd had passed. Nothing too surprising there, especially considering that Aussies (used to) shoot them for fun.

_LC_

Uhm?

Bats. The only ones. ;-)

Iranian-backed hackers ransacked Citrix, swiped 6TB+ of emails, docs, secrets, claims cyber-biz

_LC_
Joke

Re: Sun Secure Global Desktop

Understandably:

https://www.youtube.com/watch?v=CM-B_KL3PFI

_LC_
Pirate

Aren't you too embarrassed at some point to keep making headlines with propaganda like this?

The Iranians, North Korea - whoever you point the finger at, isn’t it? Guess what? Nobody’s believing any of this anymore.

Resistance is... new style: Samsung says it's now shipping resistive eMRAM for IoT chips

_LC_

Re: Rather useless without a different operating system approach

I'm not surprised. Cassandra wasn't popular either.

_LC_

Re: Rather useless without a different operating system approach

You do, but only partially. While you have random access when reading (thanks to "memory mapping" it is both practical and performant), you don't while writing. There you are still treating it as if it were a tape recorder. ;-)

_LC_

Re: Rather useless without a different operating system approach

"What are you talking about? You seem to be confusing so many things."

Not wanting to offend, still: no - you didn't understand it.

_LC_
Facepalm

Re: Rather useless without a different operating system approach

Spot the troll - beginner's level: 'whataboutery'. *lol*

Just put on your straitjacket.

_LC_
Meh

Rather useless without a different operating system approach

Unless I missed something, we’re still unable to take pieces out of files or add something at the beginning/in the middle. This is, because our systems were based on tape recorders. Adding something in the middle or at the beginning was simply impossible.

Today we have random access SSDs with block-based file-systems and we still treat them like tape recorders. As much as I hate being the Cassandra, just imagine how long it’s going to take before your system will truly utilize something like eMRAM. ;-)

Put down the cat, coffee, beer pint, martini, whatever you're holding, and make sure you've updated Chrome (unless you enjoy being hacked)

_LC_
Mushroom

Don’t you love monopolies?

Google’s engine will soon be in (almost) every browser. What could possibly go wrong?

God DRAM, that's a big price drop: Memory down 30 per cent, claim industry watchers

_LC_
Pint

It’s almost as if somebody hit’em with a (row) hammer. ;-)

The post is required, and must contain letters.

SPOILER alert, literally: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability

_LC_

Re: It's interesting...

Currently ARM servers can handle Internet requests pretty well. In this scenario having plenty of cores and dedicated hardware for the network can get you far. Faster CPUs with fewer cores don't do well here, as they consume too much energy (cooling) and space.

_LC_

Re: I still don't get it

They mention the possibility to combine this with “Row Hammer”. Row Hammer exploits a hardware defect/design fault of dynamic random-access memory (DRAM), which allows you to “flip bits” in memory. If you know WHERE to flip a bit, you can let lose the mentioned hammer. Flipping the right bit can get you access to the entire system. For instance, you can turn a “read-only” page table into a writable one and change system code, etc. pp.

_LC_

Re: Access control and process scheduling issue

"Are you claiming things were safer before we had MMUs?"

I'm claiming that the system (where speculative execution simply ignores big chunks of it) doesn't work.

_LC_

Re: Access control and process scheduling issue

These all came along with the MMU. Remember Intel's domain? DOS.

_LC_

Re: Access control and process scheduling issue

>>But that's what the customers demand: good, safe, fast--all or nothing. Anything who replies, "I'm sorry I can't do that" gets left for the one that says "Can do."<<

Nah, 'the customers' didn't invent the MMU to afterwards ignore it for the sake of speed.

_LC_
Holmes

Re: The Current Spectre / Meltdown Mitigation Overhead Benchmarks On Linux 5.0

I remember the first patches hitting me (Intel) hard. I was running stuff in a VM and it suddenly felt like the handbrake was on.

Don't be mislead by the average penalties of those mitigations. It depends mostly on what you are doing - and in some cases, you're fûcked!

_LC_
Alert

The Current Spectre / Meltdown Mitigation Overhead Benchmarks On Linux 5.0

Michael has done some benchmarks to show the impact of Spectre mitigations (hint: Linux usually handles this better than Windows and others). Check out the results on:

https://www.phoronix.com/scan.php?page=article&item=linux50-spectre-meltdown&num=1

In the Netperf benchmark, Intel’s 8086K performs less than 1/8th – in other words: without mitigations (which is how Intel benchmarks them;-) the processor would be more than eight times faster!

... and there are more to come.

Huawei, your way, whichever way. We're cool with being locked out, defiant biz insists

_LC_
Thumb Down

Re: They are not going to just tell you

You're right, "it sounds exactly like racist BS". ;-)

Huawei to the danger zone, ride into the danger zone... Chinese giant denies America's secrets theft, fraud charges

_LC_
Thumb Down

Re: They are doing them for Tappy? FFS

"... Huawie smartphone were failing at a huge rate - more so than any competITor. ..."

Are you quoting from Snow White and the Seven Dwarfs?

_LC_

Re: They are doing them for Tappy? FFS

Yes, indeed. A German tech-magazine mentioned that they had built such a robot themselves without much fatigue (for testing phones). They also dismantled the allegations. They were old and mostly ridiculous (sods).

Jeez, what a Huawei to go: Now US senators want Chinese kit ripped out of national leccy grid

_LC_

Re: Just to set the record straight ...

"...Nobody in the US paid all that much attention to the supposed name change, other than the Press..."

And you don't see that as a problem? ;-)

_LC_
Facepalm

Re: No Paranoia Required

You missed the meeting:

https://vimeo.com/237489146

_LC_
Thumb Up

So true.

I can confirm this. Chinese could not identify what is being sold here (Germany) by "Chinese restaurants".

_LC_
Mushroom

They praise the competition while they're ahead

They praise the competition while they're ahead, crushing developing countries into the ground. Oh, but beware - thy shall never get ahead of them or else... :-P

Ready for another fright? Spectre flaws in today's computer chips can be exploited to hide, run stealthy malware

_LC_
Thumb Down

Huh?

"Requires the machine to be compromised first..."

No, they don't. JavaScript will do fine, WebAssembly even better.

Besides, this also affects hosters. They often run a multitude of installations, separated virtual environments, on one machine... Universities, schools, ...

_LC_
Boffin

How would it go away?

“…just won't quietly die in the IT world”

The hardware is bogus. Not only do you get to keep your expensive junk, which they sold you under false pretense (MMU, multiuser system capabilities, VM addons, etc.), but you can acquire new expensive hardware that is just as faulty as the one you got. Thereby, the faults stick around - surprise!

Data-spewing Spectre chip flaws can't be killed by software alone, Google boffins conclude

_LC_
Alert

As a programmer

As a programmer I feel the urge to oppose this “there is no alterative” non-sense. When it comes to number crunching on the big irons, speculative execution doesn’t get you much.

When it comes to the normal user and your everyday experience, better code could easily speed up the performance by a factor of ten and more.

In the recent years we have seen software becoming slower and slower. It is almost as if chip makers ordered their minions to apply handbrakes everywhere.

The new Gnome has introduced JavaScript on the desktop. It’s everywhere now. The new Gnome was so slow that they received tons of complains. This, running on 3-4 GHz CPUs with 4-16 cores, is sheer insanity! KDE has its python crap everywhere.

Wherever you look, programmers are trying to slow down your everyday experience. Just look at Android. Their phones now have eight cores and four GB of RAM or more. Some people say that you shouldn’t buy a phone with less than two GB, because “multitasking” isn’t going to work well, otherwise.

Those phones are yesterday’s workstations. They are running a system that is so inefficient that it hogs gigabytes of memory and needs gigahertz to display the system interface without excessive delays. It’s a joke.

We don’t need super-fast processors for typical usages. Better programming can speed up your experience more than a liquid hydrogen cooled super processor could. As a conclusion, we don’t need bogus processors. We could do very well without them.

_LC_

In-order architectures (without speculative execution), such as most embedded devices.

_LC_

Re: Paranoia about the NSA.....

Intel ME runs an entire system that can access everything WITHOUT YOUR control. The NSA (and others) have everything they ordered with Intel & co.

I'm afraid that Spectre comes due to simple cheating. They made their processors faster. All they had to do, was remove a little safety here and there. ;-)

_LC_
Pint

Re: Hang on a mo

Huh?

_LC_
Devil

"While browsers have got their act together..."

This, coming from Google. Why am I not surprised? For the normal user, the 'we execute everything from everywhere' browsers are actually the biggest problem. Nice try, though. :-P

'This collaboration is absolutely critical going forward'... One positive thing about Meltdown CPU hole? At least it put aside tech rivalries...

_LC_

Re: Why don't people patch?

That is from '18 Jan 2018'. It states that:

"Techies are scratching their heads after Red Hat pulled a CPU microcode update ..."

"...stalling on rolling out microcode patches after Intel admitted its firmware caused systems to fall over."

In other words: Intel had release a buggy microcode update, which caused problems. Therefore, some distributions didn't (temporarily) distribute it (until it got fixed).

(The same - buggy - microcode would cause the same problems when installed via BIOS, btw.)

_LC_

Re: Why don't people patch?

"For SPECTRE and Meltdown, there were two levels of mitigation, firmware and software. For Meltdown (IIRC), software mitigations were only partially effective; you needed a firmware update from your hardware vendor for complete prevention."

---

This is misleading. What you call 'firmware' is the microcode. This is CAN be "loaded into the CPU" by the BIOS at each boot, but it's typically done by the operating system (anyhow). For Intel and Linux, for example, the package is called "intel-microcode". Other mitigations are part of the kernel (Linux, Windows, etc.). Others again, get worked into compilers...

That said, if you are using "a typical" operating system, you do not need the fixes for your BIOS.

_LC_

Re: What an absurdity!

"...

1. No car has been hacked in the field by the bad hackers (white hat hackers not included)

2. No one has died."

---

Bold claims. The problematic right here (and thus the appeal for certain "services") is that this doesn't leave any traces. ;-)

_LC_

Re: Why don't people patch?

"So I don't think that particular issue has any motherboard-level ramifications. ...

I may be failing to think of the proper angle."

---

Yes and no. If you are using a 'modern' up-to-date operating system (Linux, BSD, Windows-10, Mac-OS) the mitigations are applied by the operating system. If, however, you want to run something 'out of the ordinary' (or old), which doesn't come with mitigations (OS/2;-) then loading the mitigations via the BIOS would apply them anyhow. Without the BIOS fixes, such a - Weirdo-OS - would be unprotected.

Then again, it has to be said that the current mitigations are far from perfect and likely don't really close even nearly all the holes...

_LC_
IT Angle

Re: Why don't people patch?

I'm getting thumbs down on this??? *lol*

Guys, it's the truth. Look it up. If you don't like it, it ain't my fault...

_LC_

Re: What an absurdity!

"What tosh!

1. There's nothing "cheating" about speculative execution. It turns out it has a huge security downside, but nobody realized that at the time."

---

Right, so you believe that nobody noticed that they were ignoring the MMU - thus treating every system as if it were a single user system running DOS during speculative execution?

You are aware that there are plenty of people involved in such a process? Some of them having intimate knowledge of the CPUs... and you believe that they all failed to see this "little detail"?

_LC_

Re: Why don't people patch?

The patches are usually applied by the operating system (on each boot). This works automatically, unless you specified otherwise.

_LC_
Alert

What an absurdity!

Forcing your software to circumnavigate the hardware bugs, just so they can keep selling them with a 'cheating' speculative execution engine. Yes, it’s cheating. It’s running all the red lights. That’s why it’s so efficient.

Guess what? You are paying triple by circumventing this in software, which makes the whole thing even slower. Yet, Intel keeps publishing benchmarks WITHOUT mitigations enabled; something that should be illegal to begin with.

They are trying to make this look as if something immensely complicated has a few bugs. Shit happens, right? Wrong. This is a fundamental problem. It’s not that they didn’t know they were ignoring the red lights. They simply chose to do so, because cheating can be lucrative. Remember Volkswagen with their "super clean" cars? How did they manage to get them that clean again? Oh yeah, just like Intel managed to get their crappy processors so fast...

You may throw in "But what about the competitors? Didn’t they cheat as well?" Again, just like Volkswagen. The competitors (not all of them) had to follow. It was either that or make it public that they were cheating.

Here’s some insider information for you: With Volkswagen, they tried to make it public since 2007 without avail! Only when a US secret service thought that it was time to punish the Germans, it made the headlines and went to court.

With Intel, it’s the other way round. German "intelligence" is behind "rendering those bugs public" (revenge) and the US is backing Intel. Hence, no refunds and let’s pretend that those "bugs" are unavoidable.

I wish the (compiler) programmers had the guts to refuse, simply telling them that the hardware needs to be replaced.

ACLU: Here's how FBI tried to force Facebook to wiretap its chat app. Judge: Oh no you don't

_LC_
Thumb Down

Re: Read what is going on, not what you assume or want to read into the story.

Martin Luther King Jr. would've been proud of you - NOT!

_LC_
Alien

Let’s reconcile and warn about Huawei for a moment. ;-)

Uncle Sam to its friends around the world: You can buy technology the easy way, or the Huawei

_LC_

Re: What I find amazing

So the media is telling us.

_LC_
Megaphone

Truth in labeling

It's da mob.

Not heard owt bad about Huawei, says EU Commish infosec bod

_LC_

Re: On the other hand...

Trolling 101: pretend to be dumb. ✓

Page:

Biting the hand that feeds IT © 1998–2019