|
Software mitigations are an unsustainable path
Fortunately or unfortunately, our offensive research advanced much faster than our defensive research, and we quickly discovered that software mitigation of all possible leaks due to Spectre was infeasible. This was due to a variety of reasons. First, the engineering effort diverted to combating Spectre was disproportionate to its threat level. In V8 we face many other security threats that are much worse, from direct out-of-bound reads due to regular bugs (faster and more direct than Spectre), out-of-bound writes (impossible with Spectre, and worse) and potential remote code execution (impossible with Spectre and much, much worse). Second, the increasingly complicated mitigations that we designed and implemented carried significant complexity, which is technical debt and might actually increase the attack surface, and performance overheads. Third, testing and maintaining mitigations for microarchitectural leaks is even trickier than designing gadgets themselves, since it’s hard to be sure the mitigations continue working as designed. At least once, important mitigations were effectively undone by later compiler optimizations. Fourth, we found that effective mitigation of some variants of Spectre, particularly variant 4, to be simply infeasible in software, even after a heroic effort by our partners at Apple to combat the problem in their JIT compiler.
Fortunately, one of their existing features that has long been sponsored by DRAM manufacturers - isolation via a zillion processes - does appear to work.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, weighing all things in the balance of reason?
Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful?
--Zachris Topelius
Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies.
-- Sarah Hoyt
|
|
|
|
|
I read it as "Why the Hell should we invest on keeping our users safe, when our people can spend that time on screwing advertising bucks out of them by finding new ways to steal their personal data?"
I'm pretty sure that if we went through what they spend all their money on, my interpretation will turn out to be the correct one.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
Quote: ...of all possible leaks... (my emphasis)
With a straw man like that, you can say anything.
|
|
|
|
|
I think the key point is in this sentence : Quote: the engineering effort diverted to combating Spectre was disproportionate to its threat level. I agree fully. In my opinion Spectre poses no threat worth worrying about. That's because it can only acquire random data on a random basis. You/we are far better off taking steps to prevent malware from executing in the first place than worrying about that.
"They have a consciousness, they have a life, they have a soul! Damn you! Let the rabbits wear glasses! Save our brothers! Can I get an amen?"
|
|
|
|
|
As the blog post explains, if a password is never stolen, there's no need to expire it. And if a password is suspected to be stolen, you would want to act immediately, not wait until the expiration date. Forced updates also lead to more users writing their passwords down or forgetting them altogether. Plus, as Microsoft puts it, "if your users are the kind who are willing to answer surveys in the parking lot that exchange a candy bar for their passwords, no password expiration policy will help you."
So, does anyone know where the candyman is? I'm asking for a friend.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, weighing all things in the balance of reason?
Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful?
--Zachris Topelius
Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies.
-- Sarah Hoyt
|
|
|
|
|
Jes' correctin' whut done needs correctin'
So they've finally caught up on what the non-stupid amongst us knew thirty years ago.
My gast could not be less flabbered.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
One group less... I hope IT Chiefs, IT Hotlines and moron Webmasters are next
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
Quote: lead to more users writing their passwords down
That's the best form of security. I have well over 100 accounts with passwords; either it's P@ssword! or writing them all down (albeit in a secure place.)
|
|
|
|
|
Last week, after seven years of work, Nintendo fan ZeroPaige finally released a working port of Super Mario Bros. for the Commodore 64. Just Nintendo things.
|
|
|
|
|
I'm not sure what shocks me more, that someone is willing to spend seven years to recreate Super Mario or that there's apparently a thriving C64 hobbyist scene
And come on, Nintendo, it's not like you're losing sales over this or it costs you anything or whatever, so why take it down AFTER SEVEN YEARS OF HARD LABOR?!?!
|
|
|
|
|
Actually, if Nintendo did nothing they could lose their trademark.
|
|
|
|
|
Not sure how, but that's perverse
I mean, there's plenty of fan fiction, fan art, fan everything (not for Mario specifically, but for any fictional character).
|
|
|
|
|
I couldn't write jokes this funny.
Mind you, I'm not Japanese, and I don't do jokes.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
Windows 7 users have started to report the appearance of a pop-up message from Microsoft informing them that support for the operating system is coming to an end. Goodbye my friend will I ever love again
|
|
|
|
|
|
For two periods last year, those using preview builds of Windows 10 could access a feature called Sets: a tabbed interface that was eventually to allow tabs to be put in the titlebar of just about any window. Come. We will honour Sets memory. *grabs kazoo*
|
|
|
|
|
Let's get real, here.
As ms currently is, they'd have F***ed it up really badly, so we're better off using third-party stuff, anyway/
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
Don't bother with Stardock's Groupy. It causes far more problems with Excel than it ever solves. Could be a good product, but low levels of service and denial of the problem means updates don't exist
|
|
|
|
|
Okidoki; a different third-party product.
Thanks for the tip.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
That seems like a feature I have no interest in. I usually want to see the various command windows at the same time. The same with multiple explorer windows. I would rather be able to have the explorer work like the old file manager did with views of two drives open in the same window. For this reason, I still use the old file manager. It's been released as open source and I built it as a 64-bit app. It has some warts but it works well for 98% of what I need to do.
"They have a consciousness, they have a life, they have a soul! Damn you! Let the rabbits wear glasses! Save our brothers! Can I get an amen?"
|
|
|
|
|
There's a set of H-series processors for laptops and a complete range of desktop processors across the Celeron, Pentium, and Core brands, from i3 all the way to i9. Intel was so preoccupied with whether or not they could, they didn't stop to think if they should.
|
|
|
|
|
I hope they have installed a good ventilator too, just in case it melts-down
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
Some Microsoft employees are criticizing the company's efforts to increase hiring from under-represented demographics to make its staff more diverse, according to messages leaked to Quartz. It takes a special sort of person to think, "you know what would be really good for my career? penning a complaint about how our company is too diverse, and then putting my name on it."
|
|
|
|
|
too much diversity?
Caveat Emptor.
"Progress doesn't come from early risers – progress is made by lazy men looking for easier ways to do things." Lazarus Long
|
|
|
|
|
Quote: Threads started by an as-yet unnamed female program manager and posted on the internal Yammer message board in January and April assert that white and Asian men are being penalized or overlooked because of hiring practices that reward managers for hiring people outside of those groups. Penalizing certain groups of people based on their colour and / or ethnicity (as the article suggests) is surely racist. Hire the best, irrespective of their race, religion or ethnicity.
"There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult." - C.A.R. Hoare
Home | LinkedIn | Google+ | Twitter
|
|
|
|