Tab Content
  • ClaytonB's Avatar
    01-14-2018, 12:55 AM
    Also, a quick note about "backdoors". If you are an ordinary PC user, you should never operate under the assumption that "my computer is secure" because... it isn't. These latest attacks have nothing to do with that. If the NSA or somebody at that scale wants inside your PC, they're in, just like that and they don't have to use academic timing attacks to do it. The best overall description is "push-button access". We know this is the case thanks to the Snowden disclosures, among other whistleblowers.
    62 replies | 946 view(s)
  • ClaytonB's Avatar
    01-14-2018, 12:49 AM
    I did a more detailed write-up on the Meltdown/Spectre attacks here. tl;dr: This entire class of attacks can be mooted by restricting user-space software from having access to high-precision timers (timestamp-counters) or slowing the timers (obscuring microarchitectural timing) or fuzzing the timers (same thing, different method). If you are running user software in a virtual container, you can defend against all these attacks by changing one setting (timestamp-counter scaling) without any kernel update or CPU patch. You won't find this fact mentioned anywhere. Fixes that require "re-architecting CPUs" are nonsense-on-stilts.
    62 replies | 946 view(s)
  • ClaytonB's Avatar
    01-10-2018, 12:26 AM
    No advantage. The IRS issued a tax rule, so let's all pack up and go home folks.
    62 replies | 1370 view(s)
  • ClaytonB's Avatar
    01-04-2018, 04:33 PM
    Absolutely, everybody should be taking safety precautions. What bothers me most about the news coverage is that this is being covered as though the chip designers are being "blind-sided" by some kind of "discovery" within the chip. Chip designers are well aware of these dangers and, to an extent, so are software designers. There is actually an entire field of research devoted to it. This isn't quite fake news, but it's taking a proof-of-concept that demonstrates a pretty arcane vulnerability (that exists in any CPU) and says, "See, we broke the CPU". In fact, the demonstrated exploits still require the attacker to have access to information that she probably can't get at runtime (precise location(s) of branches and other timing-sensitive instructions in the targeted code). Ironically, closed-source OS's like MSwin, iOS and so on are probably less vulnerable to this kind of attack for exactly this reason. In other words, Linus might want to back off on the afterburners on this particular issue lest he end up with egg on his face.
    62 replies | 946 view(s)
  • ClaytonB's Avatar
    01-04-2018, 12:52 AM
    The conditions required for these kinds of attacks in the wild are very difficult to achieve. These are very "academic" problems. But they do point at a general vulnerability in using (literally) opaque hardware - there is no way to audit the hardware itself short of roundabout software-testing methods. Software cannot protect itself from compromised hardware. That said, there's way too much FUD on this particular headline. Source: myself; this is my field (CPU architecture).
    62 replies | 946 view(s)
  • ClaytonB's Avatar
    12-31-2017, 12:57 AM
    Totally not super-creepy at all.
    13 replies | 331 view(s)
  • ClaytonB's Avatar
    12-25-2017, 11:05 AM
    OMG, here come the just-price theorists with their lawsuits. Two articles I stumbled on, recently: Anti-poverty activist files $1 billion class-action lawsuit over bread price-fixing scheme Computer latency: 1977-2017 The first link happens to correlate well with this outrage over Apple's products as if the obvious solution to the problem isn't to just use some other product available on the market. Consumer choice is the fuel that drives the discipline of the free market - when enough consumers abandon your product(s), you can go bankrupt, the ultimate disciplinary measure of the market. The State's central-planning interventions in the free market are always either redundant or damaging. The second link shows that the problem of product slowness is affecting many products across the board and, in fact, Apple's devices are consistently among the most responsive devices out there. This is probably why people noticed the effects of this safety measure so easily - it's inconsistent with Apple's usual UX quality. I have long noticed the increasing latency in my own devices. The link explores some of the problems but the real issue is that manufacturers have been "persuaded" to design their devices with gaping backdoors called "updates" - all these uncontrolled, conflicting updates are slogging devices down to a crawl. You can test an update across a "representative set" of machines but, unless you're Apple, you cannot test it across all machines. And, of course, the "representative set" is always defined in terms of late models, old devices are defined to be "deprecated" so the effects of updates on old machines is simply ignored. This is why your Windows 7 desktop with a 4 gigahertz processor takes a noticeable 500-3000 milliseconds to respond to a user input from standby at the lockscreen.
    16 replies | 505 view(s)
No More Results
About ClaytonB

Basic Information

Statistics


Total Posts
Total Posts
117
Posts Per Day
0.05
General Information
Last Activity
01-20-2018 02:07 PM
Join Date
10-30-2011
Referrals
0

11-04-2017


No results to display...
Page 1 of 3 123 LastLast

01-21-2018


01-04-2018


12-31-2017


12-23-2017


12-21-2017


12-20-2017


12-10-2017


12-09-2017


12-06-2017


12-05-2017


12-04-2017


12-03-2017



Page 1 of 3 123 LastLast