Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×

Comment Re:What's a good browser for 2018? (Score 1) 102

by Qzukk (#56003019) Attached to: Chrome 64 Released With Stronger Popup Blocker, Spectre Mitigations

I use Cookie Clicker as my benchmark. Set it to Christmas and turn on audio. Does the reindeer sound play before the reindeer leaves the screen? On Chrome the deer was gone by the time the jingle quit and almost gone by the time it started. On Firefox, the deer was halfway across the screen. Click a wrinkler. Does it respond to every click? Triple click one. Did it pop? It should, but on Chrome it sometimes takes four-five clicks. Get a cookie storm. Does it even react to you clicking the cookies before they disappear?

I'm on Linux with a 4k monitor so maybe there's something with Chrome in that environment, but Firefox does reasonably well.

Comment Re:AMD (Score 3, Insightful) 87

by Qzukk (#55918389) Attached to: Researcher Finds Another Security Flaw In Intel Management Firmware

Getting to the point where I'm going to have to dig out my old VIA-powered Wal-Mart PC to do my banking and such on to ensure security from hackers dropping javascript into my browser.

At the very least, the slow speed means I'll realize pretty quickly when someone is trying to use it to mine cryptocurrencies.

Comment Re:Speculative Memory References and Page Faults (Score 1) 416

mov rax, kerneladdr is the instruction that page used as the exception, which is a page fault and a memory access violation that should segfault. What I was missing is that non-root users can actually trap SIGSEGV (which I should have realized, otherwise SIGSEGV would terminate debuggers too), though the stack overflow pages on this definitely demonstrate it's not simple to come up with a trap that isn't "crash into debugger" or "exit".

Comment Re:Speculative Memory References and Page Faults (Score 1) 416

That's exactly what happens.

cause a page fault, and then

Write a short little helloworld.c that causes a page fault and then prints "Hello World". Let me know what happens to "and then" when you run it as a non-root user.

There's another piece of the puzzle that is still missing/not being talked about. I suspect that this exploit *only* works meaningfully when done in a virtualized guest with a hostile admin/root exploit. My suspicion could work with a root exploit without a VM, but you're already root so why?

Comment Re:This could be massive (Score 4, Interesting) 416

Based on this link from Hacker News: https://cyber.wtf/2017/07/28/n... and the linked email/patch from AMD, it looks like what happens is that AMD checks memory permissions up front before allowing an instruction into the pipeline, while Intel made the memory permission check as a later part of the pipeline, apparently after the memory was accessed and inserted into the cache.

Submission + - AT&T, Comcast Staff Receiving $1k Bonuses; Boeing Pledges $300m Investments (cnbc.com)

Submitted by Anonymous Coward
An anonymous reader writes: CNBC reports that in the wake of the just passed US Federal tax reform that, "AT&T said in a press release Wednesday that it would give more than 200,000 of its U.S. workers who are union members a special bonus of $1,000. The company also increased its capital expenditures budget by $1 billion in the U.S. . . . Comcast NBCUniversal . . . made a similar move: it announced it would give special $1,000 bonuses "[b]ased on the passage of tax reform and the FCC's action on broadband." Those bonuses would apply to more than 100,000 employees that are eligible and not in executive roles." . . . Wells Fargo and Fifth Third Bancorp with both be raising their minimum wage to $15/hr, and Fifth Third will also be paying a bonus. The Daily Caller reports that, "Boeing will put $100 million toward charitable causes in education, projects in Boeing communities, and for veterans and military personnel; $100 million for training and education to help employees grow in careers; and $100 million to improve Boeing facilities."
Privacy

Trump Is Looking at Plans For a Global Network of Private Spies (vice.com) 481

Posted by msmash from the up-next dept.
David Gilbert, writing for Vice: The White House is reportedly looking at a proposal to create a ghost network of private spies in hostile countries -- a way of bypassing the intelligence community's "deep state," which Donald Trump believes is a threat to his administration. The network would report directly to the president and CIA Director Mike Pompeo, and would be developed by Blackwater founder Erik Prince, according to multiple current and former officials speaking to The Intercept. "Pompeo can't trust the CIA bureaucracy, so we need to create this thing that reports just directly to him," a former senior U.S. intelligence official with firsthand knowledge of the proposals told the website. Described as "totally off the books," the network would be run by intelligence contractor Amyntor Group and would not share any data with the traditional intelligence community.
The Internet

Ajit Pai and the FCC Want It To Be Legal for Comcast To Block BitTorrent (theverge.com) 553

Posted by msmash from the inside-Pai's-proposal dept.
Nilay Patel, reporting for The Verge: FCC Chairman Ajit Pai released his proposal to kill net neutrality this week, and while there's a lot to be unhappy with, it's hard not to be taken with the brazenness of his argument. Pai thinks it was a mistake for the FCC to try and stop Comcast from blocking BitTorrent in 2008, thinks all of the regulatory actions the FCC took after that to give itself the authority to prevent blocking were wrong, and wants to go back to the legal framework that allowed Comcast to block BitTorrent.

Slashdot Top Deals

From Sharp minds come... pointed heads. -- Bryan Sparrowhawk

Close