Profile cover photo
Profile photo
Philipp Kern
283 followers -
SRE, Coffee addict, Debian developer
SRE, Coffee addict, Debian developer

283 followers
About
Posts

Nicht nur hat die Bahn den Fernverkehr runtergefahren, sondern auch HAFAS? Die App wirft erstmal eine Null Pointer Exception (die zum Glück gefangen und angezeigt wird), weil sie auf den Fall wohl nicht vorbereitet ist.
Add a comment...

Post has attachment
Falls sich jemand gewundert hat "und wie findet Microsoft eigentlich heraus, ob mein Anti-Viren-Programm mit den Meltdown/Spectre-Fixes kompatibel ist" für den hat https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892 die Antwort: "Due to an issue with some versions of Anti-Virus software, this fix is only being made applicable to the machines where the Anti virus ISV has updated the ALLOW REGKEY." Die müssen alle ein Update pushen, das den angegebenen Registry-Key setzt. 🤦
Add a comment...

Post has shared content
http://pythonsweetness.tumblr.com/post/169217189597/quiet-in-the-peanut-gallery has been talking about an upcoming Intel Kernel vulnerability.

https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/ expands on this, and links to https://cyber.wtf/2017/07/28/negative-result-reading-kernel-memory-from-user-mode/

That article discussses a hypothetical instruction sequence such as

1. Mov rax, [somekerneladdress]
2. And rax, 1
3. Mov rbx,[rax+Someusermodeaddress]

Instruction 1 tries to read some kernel mode byte from user mode. By default that's mapped, but because it's protected, it will eventually fail.

Instruction 2 AND's that byte with 1, so RAX is 0 or 1 depending on Somekerneladdress containing an even or odd value. As long as Instruction 1 has not failed, instruction 2 is being speculatively executed.

Instruction 3 calculates some address as Someusermodeaddress or Someusermodeaddresss+1 depending on the outcome of Instruction 2. When execution of Instruction 3 begins, either Someusermodeaddress or Someusermodeaddress+1 is being loaded into the cache.

Then Instruction 1 fails, and because Instruction 2 is dependent on that, also fails. And because 3 is dependent on Instruction 3, that one fails, too. All of that is rolled back, successfully and correctly.

Except the cache.

So it's either Someusermodeaddress or Someusermodeaddress+1 that's primed in the cache, depending on the content of a memory location that we are not allowed to see.

And we can detect that.

We get a device that very slowly can read the content of arbitrary memory locations in the kernel, from user mode.

A PoC from Javascript in a browser exists.

So a web server can read, slowly, and at horrible cost, arbitrary bytes from your kernel memory.

That's not just a KASLR problem. Shit's on fire.
Add a comment...

Post has shared content
Also more discussion in the comments to the post I actually attempted to share but can't: https://plus.google.com/+YonatanZunger/posts/Gj8j3gEnY1K
Interesting to read and consider, especially the whole discussion around friend zoning and different expectations between men and women
PhotoPhotoPhotoPhotoPhoto
12/21/17
5 Photos - View album
Add a comment...

Post has shared content
Auch toll der Kommentar von +Jürgen Christoffel​, dass das ja dann alle "Wirkstoffe" unendlich potenziert enthalten sind.
Add a comment...

Post has shared content
Bin erst halb durch, aber schon zufrieden. Fefe erklärt - weitgehend zutreffend - warum man ein Monorepo will, wie und warum man Software-Abhängigkeiten pflegt, was an Docker eine gute Idee ist und was man lassen sollte…
Add a comment...

Wireguard feels like the best VPN since sliced bread. Instantaneous reconnect just like mosh. The one thing that I think it doesn't handle yet (at all) is switching between IPv4 and IPv6. But even the hotel in an AirBnB had v6 these days and the tunnel to my home server just worked transparently without any cat herding. :>
Add a comment...

Post has attachment
I think that sums it up pretty nicely. (Spoiler alert, in case you care. ;)
Add a comment...

Post has shared content
Those numbers really seem unreasonably high. You'd think that this would push more people with some additional SSH latency down the pipe over the edge where they consider the experience unusable.
Dan Luu has measured your computers keyboard processing pipeline and found it wanting. https://danluu.com/input-lag/
Photo
Add a comment...

Was Skype always this aggressive with advertisements? And the only recourse is to add DNS-based blocks for their ad servers? Because there's no way to pay for it either? I mean, not that care for once in a blue moon use, but then why not just use Hangouts...
Add a comment...
Wait while more posts are being loaded