I suspect that we could persuade those caches to flush to RAM, simply by exhausting the number of possible lines for that address - if the cache is set-associative. Of course modern processors have multiple levels of cache, so that makes it harder.
Hi AC,
This is sort of self-contradictory, so I don't really need to respond to it directly. I just want to point one thing out. I can't afford to work for any company as less than a C-level employee. It would be a salary cut from my current business.
Not to mention that I'd not like it.
An AC talking about balls. Pathetic.
Right. I didn't even bother responding to the taunts.
Coward really means coward. I am sorry for the folks who are afraid that their employer will take a dislike of what they post, but for them we have handles.
I can't say I'm happy about what's happened to Debian. Having Ubuntu as a commercial derivative really has been the kiss of death for it, not that there were not other problems. It strikes me that the kernel team has done better for its lack of a constitution and elections, and Linus' ability to tell someone to screw off. I even got to tell him to screw off when he was dumping on 'Tridge over Bitkeeper. Somehow, that stuff works.
IMO, don't create a happy inclusive project team full of respect for each other. Hand-pick the geniuses and let them fight. You get better code in the end.
This actually has something to do with why so many people hate Systemd. It turns out that Systemd is professional-quality work done by competent salaried engineers. Our problem with it is that we're used to beautiful code made by geniuses. Going all of the way back to DMR.
It really does look like Jomo did post this article, and it refers to another article of his.
What isn't to like about Ubuntu is that it's a commercial project with a significant unpaid staff. Once in a while I make a point of telling the unpaid staff that there really are better ways that they could be helping Free Software.
It's just that I object folks who would be good community contributors being lured into being unpaid employees instead.
Say how do feel about idiots working for corporations contractually enmeshed with the US military-industrial-surveillance complex. Why no spittle-laced hate for them?
The GNU Radio project was funded in part by a United States intelligence agency. They paid good money and the result is under GPL. What's not to like?
Keep all of the idiots that want to work for a millionare for nothing. Fire the others.
Anyone with sense has by now joined a non-profit project.
Linus is doing systems level work. At systems level work, there are a lot of mediocre and bad programmers who use the common language of C++. Those who know c well are unlikely to be the mediocre and bad programmers.
That is really a truism across all fields and languages.
In the business world with business logic, there are a lot of mediocre and bad programmers who use the common language of Java. You can filter out many of them by adding a skill requirement of some other less-used languages inside that realm of business software development.
In a field where everyone is doing Ruby development and you don't want mediocre/bad Ruby programmers? Require them to also demonstrate proficiency in another language.
In a field where everyone is using C#? Require them to also demonstrate proficiency in C++ or some other language.
If you only require a single thing you can get unskilled individuals with only a single skill. If you require multiple skills you are more likely to get more talented individuals, since the talented, higher producers tend to pick up a wide range of skills.
Not quite. That only applies if the government wrongfully acquired the documents, knew they were wrongfully obtained, and used them anyway. It is typically avoided by claiming they didn't realize they were wrongfully obtained and they were acting in good faith.
Wikimedia learned of the violations through legally available public documents.
The violations were more than just eavesdropping. The publicly available leaked documents claim the NSA falsified records and used the Wikipedia trademarks to help claim the validity of the pages. Even if part of the suit gets dropped, portions of it document clear civil violations.
While the government can do quite a lot to lie and convince others they are not the government, the Lanham Act is clear that the federal government is liable at the very least for their spying program disrupting the site and using their marks. Specifically in 15 USC 1114, it is against the law for "any person" to reproduce, counterfeit, copy, or imitate a registered mark when it is likely to cause confusion, or to cause mistake, or to deceive. Deception is exactly what the government did. The law continues: the term "any person" includes the United States, all agencies and instrumentalities thereof, and all individuals, firms, corporations, or other persons acting for the United States and with the authorization and consent of the United States, and any State, any instrumentality of a State, and any officer or employee of a State or instrumentality of a State acting in his or her official capacity. The United States, all agencies and instrumentalities thereof, and all individuals, firms, corporations, other persons acting for the United States and with the authorization and consent of the United States, and any State, and any such instrumentality, officer, or employee, shall be subject to the provisions of this chapter in the same manner and to the same extent as any nongovernmental entity.
That is quite clear, law twice declares that nobody in government is immune from that law. They stated it twice, just to be clear that it applies to everyone in government.
Compare-and-exchange and mfence would be doing cache flush all of the way to RAM and global cache line invalidation, wouldn't they? So, they can potentially be used to hammer too.
Multi-threaded programs really do need those cache flushes to implement their interprocessor communications, don't they? It seems to me that they would be the ones most likely to hit this problem.
It has yet to be established whether hammer techniques can result in a correct data+ECC pattern. If so, it should be possible to permute the memory in a way that defeats this, either on the memory module or the memory controller.
That would make a good research paper for someone.
Yes, you beat me to it. A correctly-configured ECC motherboard with real ECC memory would defeat this. Watch out for fake ECC memory that just simulates the correction bits.
Once memory starts being vulnerable to row interference, having a machine without ECC becomes much more dangerous, regardless of this exploit.
Yet another reason to push shared providers for ECC memory. The error correcting memory is so far not vulnerable to this attack, all the researchers that have tried it report that ECC memory identifies and corrects the corruptions. Of course some attackers may have found a way, but ECC minimizes the risk
Amazon says it uses ECC in their AWS machines, but other big hosts like Equinix say that ECC memory is "available". Be careful about your hosting, folks.
Say "twenty-three-skiddoo" to logout.