Details
-
About[DEAD ACCOUNT] Doc reader expert.Please send help. Cyberbully. I am back. I hate myself.
-
SkillsBash, Brainfuck, C, C++, CSS, Electronics, HTML, Irony, Java, Javascript, jQuery, Machine Learning, Markdown, Matlab, Octave, PHP, Python, Reactjs, Sarcasm, SQL, VHDL
-
LocationFrance 🇫🇷 is my city
-
Website
-
Github
Joined devRant on 8/28/2016
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
rant && dev && education
So I just interviewed this guy for admission into our bootcamp and because he has raised some red flags before, I asked him to just write a factorial function and he chose HTML to do it. I told him he can certainly try thinking that maybe he doesn't know that whatever you write inside script tag is actually JavaScript. He went on to do this. What bothers me is he have a computer science diploma.
Till now I have just heard of these people but always taught those are just marketing or some person who think that just because they here HTML with some other programming language. BUT THIS IS SOME NEXT LEVEL SHIT.
78 -
Did anybody else know that putting comments in your HTML creates an EMPTY TEXT NODE IN THE DOM?
REAL helpful information when you have to GATHER EVERY ELEMENT WITH TEXT INSIDE OF IT!
WHY WOULD HTML EVEN BE LIKE THIS? IT'S A COMMENT! WHY DOES IT HAVE ANY EFFECT, even if it's minimal, ON THE DOM WHATSOEVER, THIS DOESN'T MAKE SENSE!
4 -
Okay, this is a rather technical rant and I am sure some of you are working on the patches already, if you are then lets connect cause, I am an ardent researcher for the same as of now.
So here it goes:
As soon as kernel page table isolation(KPTI) bug will be out of embargo, Whatsapp and FB will be flooded with over-night kernel "shikhuritee" experts who will share shitty advices non-stop.
1. The bug under embargo is a side channel attack, which exploits the fact that Intel chips come with speculative execution without proper isolation between user pages and kernel pages. Therefore, with careful scheduling and timing attack will reveal some information from kernel pages, while the code is running in user mode.
In easy terms, if you have a VPS, another person with VPS on same physical server may read memory being used by your VPS, which will result in unwanted data leakage. To make the matter worse, a malicious JS from innocent looking webpage might be (might be, because JS does not provide language constructs for such fine grained control; atleast none that I know as of now) able to read kernel pages, and pawn you real hard, real bad.
2. The bug comes from too much reliance on Tomasulo's algorithm for out-of-order instruction scheduling. It is not yet clear whether the bug can be fixed with a microcode update (and if not, Intel has to fix this in silicon itself). As far as I can dig, there is nothing that hints that this bug is fixable in microcode, which makes the matter much worse. Also according to my understanding a microcode update will be too trivial to fix this kind of a hardware bug.
3. A software-only remedy is possible, and that is being implemented by all major OSs (including our lovely Linux) in kernel space. The patch forces Translation Lookaside Buffer to flush if a context switch happens during a syscall (this is what I understand as of now). The benchmarks are suggesting that slowdown will be somewhere between 5%(best case)-30%(worst case).
4. Regarding point 3, syscalls don't matter much. Only thing that matters is how many times syscalls are called. For example, if you are using read() or write() on 8MB buffers, you won't have too much slowdown; but if you are calling same syscalls once per byte, a heavy performance penalty is guaranteed. All processes are which are I/O heavy are going to suffer (hostings and databases are two common examples).
5. The patch can be disabled in Linux by passing argument to kernel during boot; however it is not advised for pretty much obvious reasons.
6. For gamers: this is not going to affect games (because those are not I/O heavy)
Meltdown: "Meltdown" targeted on desktop chips can read kernel memory from L1D cache, Intel is only affected with this variant. Works on only Intel.
Spectre: Spectre is a hardware vulnerability with implementations of branch prediction that affects modern microprocessors with speculative execution, by allowing malicious processes access to the contents of other programs mapped memory. Works on all chips including Intel/ARM/AMD.
For updates refer the kernel tree: https://git.kernel.org/…/ke…/...
For further details and more chit-chats refer: https://lwn.net/SubscriberLink/...
~Cheers~
(Originally written by Adhokshaj Mishra, edited by me. )
23
