exrook | 2 years ago | on: Lingua::Romana::Perligata – Perl for the XXIimum Century (2017)
exrook's comments
exrook | 2 years ago | on: There's a new way to flip bits in DRAM, and it works against the latest defenses
For those interested, the key takeaway from this IMO is that by issuing many sequential reads, the memory controller will hold a target row open for an extended amount of time to service the consecutive accesses.
This is in contrast to the original rowhammer attack, which issues accesses such that target rows are repeatedly opened and closed to trigger bitflips in neighboring rows.
By stretching out the row open time to 30ms (!), the authors claim they are able to reliably trigger bitflips with a single row opening in 13% of tested rows at 50°C[1]. Some rows in certain chips can be flipped with access times of under 10ms[2].
At more realistic row open times of 7.8 - 70us, there seems to be a 1/x relationship between row open time and number of activations required, they cumulative amount of time the row needs to be held open for to trigger a flip seems to remain fairly constant (around 50ms total from my very approximate estimations). Note that the attack needs to be executed in under 64 ms total, otherwise the automatic DRAM refresh will reset any progress made.
The authors demonstrate this attack with a userspace program that maps a 1 GB hugepage to be able to directly manipulate the lower 30 physical address bits[3], although they don't seem to provide the row open times they end up being able to achieve in practice.
The attack code itself: https://github.com/CMU-SAFARI/RowPress/blob/main/demonstrati...
https://arxiv.org/pdf/2306.17061.pdf [1] pg 5. obsv. 2 [2] pg 6. obsv. 6 [3] pg 11. sec 6.1
exrook | 2 years ago | on: Firefox may soon reject Cookie prompts automatically
Try adding the EasyList Cookie List[0] to your adblocker to block them all.
It's present in the uBlock Origin filter list settings under Annoyances but not enabled by default. HN readers may also find some of the other default disabled filter lists interesting such as the AdGuard URL Tracking Protection list which strips tracking parameters from URLs.
exrook | 3 years ago | on: Overwatch 2 will require a phone number to play
I'm not sure where your getting this from, a phone number is _optional_ for CSGO, adding one is said to improve your "trust factor"[0], theoretically improving your matchmaking experience.
I don't believe TF2 has any sort of phone number system that I'm aware of. If there is one, it doesn't seem to function very well given the bot invasion over the last few years.
I can't speak to dota 2 as I've never played it.
[0] https://help.steampowered.com/en/faqs/view/00EF-D679-C76A-C1...
exrook | 5 years ago | on: Where Everything Went Wrong: Error Handling and Error Messages in Rust (2020)
I'm confused, have you found the try operator ("?") insufficient for your use cases? I believe it does what you are describing, ex:
fn process_file(p: Path) -> Result<String, io::Error> {
let file = File::open(p)?; //Return err if file can't be opened
let mut out = String::new();
file.read_to_string(&mut out)?; // Return err if read fails
out
}
[0] https://doc.rust-lang.org/nightly/unstable-book/language-fea...
exrook | 5 years ago | on: Nevada bill would allow tech companies to create governments
Also see Alaska's unorganized borough:
exrook | 5 years ago | on: Ask HN: Favorite Music to Program To?
Liquid drum and bass mixes
exrook | 5 years ago | on: Metal Monolith in Utah Gone
> I bought the camera used recently and didn’t update the exif date in the camera. I uploaded it on Wikipedia and I’m cool with it without copyright. The image is for the people. Patrickamackie2 (talk) 05:39, 28 November 2020 (UTC)patrickamackie
https://en.wikipedia.org/w/index.php?title=Talk:Utah_monolit...?
exrook | 5 years ago | on: Sentimental Versioning
Could you expand on this a bit more? That's certainly the impression I have of semver.
exrook | 5 years ago | on: Google’s Supreme Court faceoff with Oracle was a disaster for Google
I'd highly encourage anyone interested in this case to hear the oral arguments for themselves, you can listen to them here: https://www.c-span.org/video/?469263-1/google-v-oracle-ameri...
While I believe that it would be better for society if the court sides with Google, I personally think that APIs can be a creative work, and thus would have copyright protection under the law. However one of Google's arguments is that Oracle is trying to use copyright to acquire a patent-like right, referencing the case of Baker v. Selden[0]. Despite being from 1879(!) I found this case to be especially relevant and I'm quite interested to see how the court will consider it into their opinion.
In his arguments, Oracle's lawyer argues that declaring code is not distinguishable from implementing code and thus deserves all the same copyright protections. As a programmer I find this argument quite unconvincing, as there is clearly a technical distinction in many systems, see: .h files, dynamic linking, etc.
exrook | 5 years ago | on: Linux kernel in-tree Rust support
> That precludes GC
This isn't the case, there are tracing garbage collectors implemented as libraries [1][2], and there is consideration being made for supporting tracing GC in the language and stdlib [0]. As well as reference counted GC having been available in stdlib for a long time [3] (similar to C++'s std::shared_ptr)
[0] https://github.com/rust-lang/rfcs/blob/master/text/1398-kind...
[1] https://manishearth.github.io/blog/2016/08/18/gc-support-in-...
exrook | 5 years ago | on: Port knocking
Nope, no support needed. SSLH will proxy SSL traffic to whatever other SSL service you have running (nginx, openvpn, etc.), and send the SSH traffic to openssh. It look like it even supports recognizing plain HTTP traffic as well and proxying it accordingly.
exrook | 5 years ago | on: A non-moral dilemma about cheating, but it brings up some points (2019)
Why not instead modify the test so that it more accurately measures the capabilities of interest instead?
Such as in your elevator example, make it so that the operation of the elevator is tested with a heavy load approaching the desired safety factor, and evaluating the performance under this heavier than normal load? The idea being that the only way to "cheat" is to design a better elevator that can still meet the requirements.
Of course the reason this isn't done is because of the extra cost of performing a more comprehensive test, but given how much students are paying for education, surely we could make some improvements over the status quo.
I can't help but draw comparisons to SpaceX's starship development process vs that of the more traditional aerospace manufacturers. There isn't any way for the engineers to cheat because their work is tested under the target conditions and either passes[0] or fails[1][2]. The goal being to achieve the most efficient design that still meets requirements.
[0] https://twitter.com/elonmusk/status/1259344535991140352
exrook | 5 years ago | on: Safeboot: Booting Linux Safely
Well there is POWER[0], not that it's a very affordable choice, the cheapest motherboard + cpu costing $1,732.07
exrook | 5 years ago | on: Humans Not Invited
My first thought was that maybe this was some sort of anti-captcha where the images were adversarial examples that a neural network would classify as a shopfront?
However from the comments here it seems to be less involved than that to get past the challenge, does anyone else know what the actual test is?
exrook | 5 years ago | on: OFFSystem
I don't think we are in any disagreement that whoever is uploading the data "owns" the data. The interesting idea is that the entity storing the bytes has 0 information about the data they represent, in the information theoretic sense, since they can decrypt the data to any value by choosing a sufficient key.
This is not true for most other encryption schemes where the encrypted data has enough structure to it that theoretically it could be retrieved without the key, although the whole point of the encryption is that this isn't a practical undertaking.
exrook | 5 years ago | on: OFFSystem
I think the distinction this protocol makes is that by using XOR as the "encryption" method, given any input block you can choose a "key" to decrypt with to produce any other output block. A block in isolation provides zero information to the downloader.
I think it could be argued that it is the knowledge of which blocks to combine is where the actual data is being stored, and maybe that's where the copyright owners could stake a claim.
exrook | 6 years ago | on: TRRespass: Rowhammer against DDR4
Check out Permutation City by Greg Egan for some inspiration ;)
exrook | 6 years ago
This is why many new reactor designs do not use water as coolant but instead molten salt[0] or inert gas[1], to avoid the risk of steam explosion. This alone does not make those reactors inherently safe but it can help keep radioactive material from being violently spread outside the reactor in the event of catastrophic failure.
exrook | 6 years ago | on: Two new ways to read a file quickly
I don't know if this is what you were thinking of, but capnproto[0] does exactly that with a promise like interface.
Actually this may be the paper you were referencing, from the bottom of the capnproto page:
> Cap’n Proto’s RPC protocol is based heavily on CapTP[1], the distributed capability protocol used by the E programming language[2]. Lots of useful material for understanding capabilities can be found at those links.
[0] https://capnproto.org/rpc.html
page 1
[0] https://web.archive.org/web/20010111052400/http://www.csse.m...
[1] https://metacpan.org/release/DCONWAY/Lingua-Romana-Perligata...