Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Comment Re:Just hide the sensitive bits (Score 1) 289

The meltdown fix is basically removing the kernel address from the userspace and impose checks on what the userland is trying to access, so it can not even reference it. Also it will flush the cache on every switch from the kernel to userland and from the userland to the kernel (not sure about this one), so the cache is empty if someone tried to read any data from it. This will fix the meltdown problem, but impose a big performance lost...

sprectre fix is still unknown, but it probably should fix this method, but later someone find a alternative method of doing the same attack... that is why they say that it may haunt you again...

Comment Re:True Scope Of Problem (Score 1) 289

exactly... but even desktop users... they can read private keys, passwords, authentication cookies, credit card info... anything that is stores in memory for each process. browsers are probably the most dangerous target here right now... and anything that may load plugins or external code

Comment Re: True Scope Of Problem (Score 1) 289

Sprectre fix is still not public, only the meltdown is!
The meltdown fix (isolate the kernel and userland ram and flush the cache on switcthing) is knows because it was merged in the linux kernel... all OS should do a similar fix to the linux and this fix should be final.

the spectre, should be adding some random delays and some more checks, so it's hard to impossible to abuse it... but the data is still in the cache, so there might exist other calls/methods that may also need those delays and checks... that is why it may haunt you, as later someone may discover another method of doing the same side channel attack

Comment Re:Microcode update? (Score 2, Interesting) 289

the fix will mitigate the threat... for the intel, the fix will clear the cache after any jump between kernel and userland, so it gives a big performance hit when that happen... there is no microcode that can solve this, its the hardware design in the intel that is broken, it only check if the branch is invalid AFTER loading it.
AMD is immune to the meltdown because the hardware detects the invalid branch BEFORE loading it

So without hardware change from intel, you will either have the full performance, but insecure system, or a secure system, but a big performance loss.

They may want to optimize, by avoiding the cache cleanup in some situations... but i'm not seeing any and if they exist, should be corner cases

Comment Re: I'm confused by this. (Score 1) 289

while spectre fix aren't released yet, it should have simple workarounds (compared with the meltdown) that screw the timings and make THIS side channel attack lot harder if not impossible... what may haunt you is that there may exists OTHER methods of doing the side channel attacks, as the info is still there

Comment Re:FUCKWIT (Score 1) 416

on linux, you can disable it, if you want (at boot time)... but you do run code from internet all the time, you have javascript in browsers, you install updates and several other "minor" actions that actually run something in your machine

So if you want to be safe and still keep your performance, buy AMD ;)

Comment Re:Nice (Score 1) 289

IF someone complains that taxes money is badly spend and that the governments are broken and corrupt, i would agree!
IF someone complains that people should not country pay taxes, that the government is useless and that local taxes are better, they are looking only to their own belly and ignoring the reality and all the world history. I dare those that say that to live in any failed state for one year to understand why.

Comment Re:Nice (Score 1) 289

that is your problem, you want free stuff, you only look to yourself, and forget everything around you

1-if government didn't exist, companies where not forced to give electricity to everyone, there would be people without it just because there is not enough profit to build centrals or extend lines to "just few people"... you still have to pay, but at least you can have it... try going to Somalia and get some water and electricity, even paid, and check the end result
2-sure, sure, i'm sure that you pay your local cops, judge, buildings, prisions... try going to Somalia and ask for justice... they will give you a ak47 justice
3- again, you have roads because they are required by the government and you are forced to pay...without policy and justice, nobody would pay and you would have no maintained roads... check those somalia roads and highways!
4-just like the wild west, you pay the sherif ... that many times is just a old bandit... or like south of Italy, where you pay the mafia... byt anyway, is that enough? if there is a riot, what you do? if there is a huge problem, fires, terrorist attack, would your tiny police be able to handle it? of course not. Security forces have a huge machine behind and you can always recruit call up the army... that you also pay

notice that i agree that most government are broken and waste too much money... but they are required and for it to work, everyone needs to pay taxes. The more people pay taxes, the lower taxes are. When rich companies and rich people avoid tax, is everyone else that needs to pay more
and finally remember: "a stopped clock is right twice a day"

Comment Re:How is this not fraud? (Score 2) 289

different fiscal IDs are awesome, you can have a local google company claim no profit for the datacenter... and that datacenter only have the expenses income from the USA google fiscal ID , so they pay low taxes... and having a external company with a different ID transferring money to that country, convert it to the local coin/make payments for fake service/"whatever is the financial loop of the year" and then transfer again to another (tax heaven) place. In this case, internal EU transfers between Ireland and Netherlands aren't taxed and converting the money pay only minimal taxes

Comment Re:Nice (Score 1) 289

yep, right, so you have no roads, no electricity, no laws, no justice, no security, no water, nothing... welcome to the wild west!! do you like living in a place like that? move to some war country, local war lord ruler or no ruler at all and see if you like it.

just because your government is broken, do not mean that all of then are... or that even a broken government maintain many things you take as granted.
and no, private sector will not solve everything, that way you would only have water, electricity in big cities... mostly as you have now with the cable companies

Comment Re:Not even enforceable (Score 1) 152

Actually they can detect the same way... energy usage ...
small setups undetected, but they will mine little. Big setups will eat lot of energy, so they can be detected if they check that...
mining also require more cooling than pot, so check who is buying AC systems when there is little food and you can find then too.

Slashdot Top Deals

We must believe that it is the darkest before the dawn of a beautiful new world. We will see it when we believe it. -- Saul Alinsky