Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
https://git.kernel.org/…/ke…/... sure some of you are working on the patches already, if you are then lets connect cause, I am an ardent researcher for the same as of now.
So here it goes:
As soon as kernel page table isolation(KPTI) bug will be out of embargo, Whatsapp and FB will be flooded with over-night kernel "shikhuritee" experts who will share shitty advices non-stop.
1. The bug under embargo is a side channel attack, which exploits the fact that Intel chips come with speculative execution without proper isolation between user pages and kernel pages. Therefore, with careful scheduling and timing attack will reveal some information from kernel pages, while the code is running in user mode.
In easy terms, if you have a VPS, another person with VPS on same physical server may read memory being used by your VPS, which will result in unwanted data leakage. To make the matter worse, a malicious JS from innocent looking webpage might be (might be, because JS does not provide language constructs for such fine grained control; atleast none that I know as of now) able to read kernel pages, and pawn you real hard, real bad.
2. The bug comes from too much reliance on Tomasulo's algorithm for out-of-order instruction scheduling. It is not yet clear whether the bug can be fixed with a microcode update (and if not, Intel has to fix this in silicon itself). As far as I can dig, there is nothing that hints that this bug is fixable in microcode, which makes the matter much worse. Also according to my understanding a microcode update will be too trivial to fix this kind of a hardware bug.
3. A software-only remedy is possible, and that is being implemented by all major OSs (including our lovely Linux) in kernel space. The patch forces Translation Lookaside Buffer to flush if a context switch happens during a syscall (this is what I understand as of now). The benchmarks are suggesting that slowdown will be somewhere between 5%(best case)-30%(worst case).
4. Regarding point 3, syscalls don't matter much. Only thing that matters is how many times syscalls are called. For example, if you are using read() or write() on 8MB buffers, you won't have too much slowdown; but if you are calling same syscalls once per byte, a heavy performance penalty is guaranteed. All processes are which are I/O heavy are going to suffer (hostings and databases are two common examples).
5. The patch can be disabled in Linux by passing argument to kernel during boot; however it is not advised for pretty much obvious reasons.
6. For gamers: this is not going to affect games (because those are not I/O heavy)
Meltdown: "Meltdown" targeted on desktop chips can read kernel memory from L1D cache, Intel is only affected with this variant. Works on only Intel.
Spectre: Spectre is a hardware vulnerability with implementations of branch prediction that affects modern microprocessors with speculative execution, by allowing malicious processes access to the contents of other programs mapped memory. Works on all chips including Intel/ARM/AMD.
For updates refer the kernel tree: https://git.kernel.org/…/ke…/...
For further details and more chit-chats refer: https://lwn.net/SubscriberLink/...
~Cheers~
(Originally written by Adhokshaj Mishra, edited by me. )
23 -
So I spent 4-5 weeks explaining how shit the current code base was, implemented gulp tasks to lint js, CSS etc, written shed loads of coding standards and best practices to follow. At this point everyone was onboard with the changes and thought brilliant were going to start getting some good code coming out of this team.
I go on holiday for a week, come back and fucker has ignored the documentation disabled the linters in the gulp tasks and the code is back to square one SHIT!!
Plus everyone still committing to master!!!!
Why do I bother!!6 -
WordPress related, get ready for some disgust.
So today early in the morning my boss forwarded me an email from a client, it was about a bug, and asked me if I can have a look at it and fix it.
"Yaay, WordPress!" I thought and opened the page containing the mentioned bug. She wrote that in the italian version of the page, users can select dates in the calendar, which should be disabled, like in the german version.
So yeah, I opened the code. Everything in the function looked perfect. Really. And the Data was also correctly set in the backend of WP.
The function was only 3 lines of code:
- Get the german post ID of the current post (german or italian) by its ID (using a Polylang function)
- Get an Advanced Custom Fields field by name and from a post with the ID from before
- json_encode its content and echo it to a JS var for initialization and later use in some AngularJS.
No fucking missing semicolon, it was fucking perfect like a sunset with your soulmate.
So I tried to find the bug with my personal way of debugging:
"Shitstream Debugging"
When a creek suddenly is full of water mixed with shit, walk upstream through the turds until you reach clear water. This is where the bug is.
=> So I first looked at the HTML source: Turds.
=> Then the ACF field content: Still turds.
=> Then the ID of the german post: Shit stain and turds (var_dump: null)
=> Please god at least $post->ID? Nope, fart smell and turds.
=> Nothing more to check: Clear fucking water and the flowery smell of 99 devVirgins
So it replaced $post->IT with get_the_ID() and it worked like a charm.
Afterwards I feel stupid, but $post->IT worked all the times before...
Conclusion:
FUCK YOU WORDPRESS YOU UGLY PIECE OF HUMAN-CENTIPEDE-PROCESSED-DOGFART.
Thanks for your patience.
Only one beer was sucked dry during the writing of this fucking rant.2 -
wrote some JS to make sure that eForm fields which are hidden/disabled via checkboxes are nullified before the form submission. Checking the request and the fields are definitely empty. But the tester says the data is still appearing in the DB. So i am moving immediately to Nepal where i intend to live as a goat.
-
Just disabled JS in my browser. It required adding devrant to allowlist though, but otherwise so far so good. Especially on garbage sites like wired: no more popups, no cookies, no tracking, no yOu'Ve ReaChEd yOuR dAiLy lImIt bs…1
-
I hate how React is used almost everywhere nowadays. Especially when single-page applications are used for purposes that don't actually benefit from them.
Perhaps I'm just old-fashioned, but I want websites to work even with client-side JS disabled. At least sites like Amazon don't rely on it, and work just fine. Progressive enhancement is the way to go.4 -
Just had an argument (with myself ;)) whether to write a completely server rendered site or a js app.
The only stas I have manged to find is from 2010 saying potentially 2% of users could have js disabled.
Why cannkt I find newer stats :/4 -
<!doctype confusedRant 😕>
Plot: we need to release our website in two weeks which holds at least a thousand pages. All these pages are manually migrated from the old website, which doesn't have a database. Current status: 650 pages/1000 are completed, 40 different templates need to be adapted. I'm alone on these templates, my colleagues create the pages and fill the new database
So I'm working on the templates a WebDev coded for our website on a licensed CMS, and had this decently simple html block that looks like a square and consisting of roughly this (Emmet style):
a.area > blockquote > strong.title + p
After adding another <a> element inside the p, I noticed that my <a> wouldn't display and bust the whole look of the square.
Just for more details, the CSS the dev made is ultra specified (meaning each element is too precisely "described" : div.class .child .child2 { /* styles */ } when it could be .class .child2 for example). Also, the templates he made need to be compatible with any "module" the website has, thus the need of this high specificity
So I fired up the DevTools to check what happened, and had:
Expected: a.area > blockquote > strong.title + p > a
Actual result: some new a.area were wrapping the <strong>, the <p> and the <a> I just added. The source code was not showing any of this but just the rules I initially wrote - the expected result
Wtf?! I thought the JS the dev made was adding elements. I disabled said JS, and bam, these a.area were still wrapping everything!! What black magic would add these stupid tags I never asked for.
So I went looking in the CSS files in case some wizardry was happening, but everything was OK.
I tried changing my structure, changing tag (swapping a.area to p.area or without .area), HTML just said "nope, have those please".
Eventually I rewrote my own module out of frustration after three quarters of an hour fiddling with this stupid "module". I hate losing time for such shenanigans and under a lot of pressure because of deadlines.
Still haven't figured why those <element>.area would wrap everything out of nowhere...3 -
iOS 14, two thoughts.
1. It manipulates people. They added app gallery and now when you try to delete app it asks you if it should rather hide it into the app gallery, exploiting your hoarder bias so you have more apps and thus more notifications if you haven't disabled them. That's a no from me.
2. It fixed a LOT of bugs and annoyances. I quit next js because of the exact same thing being important to me — they were busy doing only the new features to constantly pitch and lure investors, they never responded to issues and never fixed anything. I'm happy that Apple realizes that it's important to fix bugs.
Overall I'm happy. My iPhone X is pretty old already (87% battery capacity remaining) but it's much faster with iOS 14 than with iOS 13. The main thing is reduced latency pretty much everywhere. Especially the screenshots, I'm barely detecting the click and the screenshot is already done. No perceivable latency if you ask me. New refreshed look is amazing, backside tap actions are cool, new music app is amazing.
People tell me that apple is forcing you to buy new gadgets with updates but explain to me then WHY my old iphone X got much faster with new iOS? That's a contradiction. If I buy a new iPhone it'll be because of dead battery (that's physics and not exclusively Apple issue) or just because I want 120hz and lidar bokeh.13 -
I was trying to set up my own "cloud" for iot experiments. I planned to use Intel Edison with mqtt broker (using mosca) and a node js app for providing API for mobiles and browser. And also to do other book keeping.
I spent the half day trying figure how to expose these servers to internet.
I configured ddns in noip.com and ddns settings configured to it in my router.
Port forwarded to the local server services I needed.
And then tested. Worked perfectly on any device in my router connected network. Tested on mobile network. Bam! It fucking doesn't work.
Then connected another router.
Double port forwarded. Again worked perfectly on router network. And failed on mobile.
Tested if ddns is right. Did nslookup it was fine as fuck.
Then disabled port forwarding. Did dmz. Nope. Nadda. No luck.
Then scratched my head so hard that I lost more already losing hairs.
Then remembered about router hardware firewall. Disabled it.
Tested
And there it didn't work.
My dreams shattered like a fucking deer hit by car on highway.
Didn't work.
Then I see the IP pointing to my router in nslookup. Its 172.20.xx.xx. Its a fucking private IP.
My Asshole ISP is running another private network behind firewall. Which I fucking can't port forward
Now I think how much of a noob and idiot I am. Fuck this shit. Fuck all of these shit.
I am going for SaaS option for mqtt broker.
(Or help me?)
Once again.
Asshole ISP.
Fuck your firewall.
(PS: I had test the next day. FML)2
Top Tags
Weekly Rant
View