Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
https://git.kernel.org/…/ke…/... sure some of you are working on the patches already, if you are then lets connect cause, I am an ardent researcher for the same as of now.
So here it goes:
As soon as kernel page table isolation(KPTI) bug will be out of embargo, Whatsapp and FB will be flooded with over-night kernel "shikhuritee" experts who will share shitty advices non-stop.
1. The bug under embargo is a side channel attack, which exploits the fact that Intel chips come with speculative execution without proper isolation between user pages and kernel pages. Therefore, with careful scheduling and timing attack will reveal some information from kernel pages, while the code is running in user mode.
In easy terms, if you have a VPS, another person with VPS on same physical server may read memory being used by your VPS, which will result in unwanted data leakage. To make the matter worse, a malicious JS from innocent looking webpage might be (might be, because JS does not provide language constructs for such fine grained control; atleast none that I know as of now) able to read kernel pages, and pawn you real hard, real bad.
2. The bug comes from too much reliance on Tomasulo's algorithm for out-of-order instruction scheduling. It is not yet clear whether the bug can be fixed with a microcode update (and if not, Intel has to fix this in silicon itself). As far as I can dig, there is nothing that hints that this bug is fixable in microcode, which makes the matter much worse. Also according to my understanding a microcode update will be too trivial to fix this kind of a hardware bug.
3. A software-only remedy is possible, and that is being implemented by all major OSs (including our lovely Linux) in kernel space. The patch forces Translation Lookaside Buffer to flush if a context switch happens during a syscall (this is what I understand as of now). The benchmarks are suggesting that slowdown will be somewhere between 5%(best case)-30%(worst case).
4. Regarding point 3, syscalls don't matter much. Only thing that matters is how many times syscalls are called. For example, if you are using read() or write() on 8MB buffers, you won't have too much slowdown; but if you are calling same syscalls once per byte, a heavy performance penalty is guaranteed. All processes are which are I/O heavy are going to suffer (hostings and databases are two common examples).
5. The patch can be disabled in Linux by passing argument to kernel during boot; however it is not advised for pretty much obvious reasons.
6. For gamers: this is not going to affect games (because those are not I/O heavy)
Meltdown: "Meltdown" targeted on desktop chips can read kernel memory from L1D cache, Intel is only affected with this variant. Works on only Intel.
Spectre: Spectre is a hardware vulnerability with implementations of branch prediction that affects modern microprocessors with speculative execution, by allowing malicious processes access to the contents of other programs mapped memory. Works on all chips including Intel/ARM/AMD.
For updates refer the kernel tree: https://git.kernel.org/…/ke…/...
For further details and more chit-chats refer: https://lwn.net/SubscriberLink/...
~Cheers~
(Originally written by Adhokshaj Mishra, edited by me. )
23 -
I'm fairly certain my boss'.....boss (didn't want to count them.. it's high up the chain, and slightly lateral) thinks I'm incredibly weird. I have too many sports injuries to be fully functional and they all flare up while I'm sitting at my desk. To offset this, I stand up or walk around while on the phone, and occasionally stretch.
These stretches are for hip and it band, usually, which are a bit more involved, so of course he ONLY fucking walks into the damn office while I'm stretching. (Image search for hip stretch).
To top it off, I have an unfortunate colored ointment for the pain in my elbow that i was applying today while stretching, and im scared to know what he was thinking before he realized what was actually going on. Imagine hip stretching (this one with leg on desk) while rubbing milky sort of clear ointment into skin...
Sir, if you're reading this, I promise I'm not actually that weird at work, you just have shitty timing.5 -
The story of how I got my dream job.
I was working for a company with a job I got just after graduating university. It was ok, not very exciting tech but I learned a lot by just surrounding myself with professional code monkeys. I was there for about a year when my company bought parts of another company and there was talk about people getting fired. This made me worried since I was the last one to get hired, so I started looking around for other jobs. I received this e-mail from a company saying they were looking for interns, what a coincidence! I adjusted my CV and sent it in.
--A few weeks pass--
It's Friday and I'm at a dinner party, it's 10pm and someone is calling me. I pick up and it's a recruiter from this company. I get very nervous but the alcohol helps me keep my cool, I pass the initial idiot test and they invite me for an interview. Yay!
I go to work on Monday and in a 1-on-1 and I tell my boss about the upcoming interview, he gives me a high-five :)
The interview is approaching and I'm feeling that I'm about to get sick, I refuse to believe this so I start taking a lot of medicine (painkillers, cough medicine etc.). I feel a bit better and thank the gods for medication.
--D-day--
I wake up, put on my nicest clothes and get on the train. I had one hour to spare just in case, which was well needed because the fucking train is late by 30 minutes. I'm still heavily medicated because of my ongoing fever. When I arrive I basically have to run there and somehow I manage to pick up a coffee on the way there which I devour in two seconds. I'm ready for the interview!
Some guy meets me in reception and the first thing he says is "My colleague doesn't speak our language so we'll have to speak english". This is fine, I speak good english but I was not prepared for this so it caught me off-guard and made me even more nervous. We get in and start talking. Things are going OK despite my numbed brain. I try to make eye-contact to make a good impression with the foreign engineer but he keeps staring somewhere which is making me nervous.
We get to the technical part on a whiteboard and this is where my brain decides to stop communicating. I'm presented a simple task which I'm struggling with finishing, and I feel the embarrassment coming over me. "NOOOOO THIS IS MY DREAM JOB, THIS CANNOT BE HAPPENING!" I'm thinking to myself. After making myself look like a complete arsehole for some time we wrap it up and just before I step out the door I say to the engineer "You should checkout my Github page, I have lots of interesting stuff there" and he says "I'll be sure to do that" but I don't believe him.
I leave the office in fury (of myself) and make my way to the train station and even though it's the middle of the day I quickly devour two beers to calm my nerves and make me feel a bit better. I was so damn disappointed in myself, I wasted the opportunity of a lifetime! I go back home to my regular (now shitty) job.
--Two days later--
I get a call from an unknown number. I pick up the phone and it's the same recruiter guy. "So how did you think it went?" he says. "To be honest, I think it went really bad", I replied. "What? Really? Because they loved you, you got the job". (this was an obvious recruiter lie) "... wat, are you sure you called the correct person?" I said and he just laughed. The day after I quit my old job the whole department gets fired - such impeccable timing.
--A few months later--
I finish my internship and they want to keep me. I'm so happy. The engineer that was in the interview works on my team. I ask him "Why did you hire me? You know as well as I do that my interview was horrible". It turns out he _did_ look at my Github profile and that's how he knew I could write code. I also heard later that for my position there was about 2000 applicants and somehow I made the interviews.
I still work there today and I couldn't be happier (Sorry for the long text).3 -
Want to make someone's life a misery? Here's how.
Don't base your tech stack on any prior knowledge or what's relevant to the problem.
Instead design it around all the latest trends and badges you want to put on your resume because they're frequent key words on job postings.
Once your data goes in, you'll never get it out again. At best you'll be teased with little crumbs of data but never the whole.
I know, here's a genius idea, instead of putting data into a normal data base then using a cache, lets put it all into the cache and by the way it's a volatile cache.
Here's an idea. For something as simple as a single log lets make it use a queue that goes into a queue that goes into another queue that goes into another queue all of which are black boxes. No rhyme of reason, queues are all the rage.
Have you tried: Lets use a new fangled tangle, trust me it's safe, INSERT BIG NAME HERE uses it.
Finally it all gets flushed down into this subterranean cunt of a sewerage system and good luck getting it all out again. It's like hell except it's all shitty instead of all fiery.
All I want is to export one table, a simple log table with a few GB to CSV or heck whatever generic format it supports, that's it.
So I run the export table to file command and off it goes only less than a minute later for timeout commands to start piling up until it aborts. WTF. So then I set the most obvious timeout setting in the client, no change, then another timeout setting on the client, no change, then i try to put it in the client configuration file, no change, then I set the timeout on the export query, no change, then finally I bump the timeouts in the server config, no change, then I find someone has downloaded it from both tucows and apt, but they're using the tucows version so its real config is in /dev/database.xml (don't even ask). I increase that from seconds to a minute, it's still timing out after a minute.
In the end I have to make my own and this involves working out how to parse non-standard binary formatted data structures. It's the umpteenth time I have had to do this.
These aren't some no name solutions and it really terrifies me. All this is doing is taking some access logs, store them in one place then index by timestamp. These things are all meant to be blazing fast but grep is often faster. How the hell is such a trivial thing turned into a series of one nightmare after another? Things that should take a few minutes take days of screwing around. I don't have access logs any more because I can't access them anymore.
The terror of this isn't that it's so awful, it's that all the little kiddies doing all this jazz for the first time and using all these shit wipe buzzword driven approaches have no fucking clue it's not meant to be this difficult. I'm replacing entire tens of thousands to million line enterprise systems with a few hundred lines of code that's faster, more reliable and better in virtually every measurable way time and time again.
This is constant. It's not one offender, it's not one project, it's not one company, it's not one developer, it's the industry standard. It's all over open source software and all over dev shops. Everything is exponentially becoming more bloated and difficult than it needs to be. I'm seeing people pull up a hundred cloud instances for things that'll be happy at home with a few minutes to a week's optimisation efforts. Queries that are N*N and only take a few minutes to turn to LOG(N) but instead people renting out a fucking off huge ass SQL cluster instead that not only costs gobs of money but takes a ton of time maintaining and configuring which isn't going to be done right either.
I think most people are bullshitting when they say they have impostor syndrome but when the trend in technology is to make every fucking little trivial thing a thousand times more complex than it has to be I can see how they'd feel that way. There's so bloody much you need to do that you don't need to do these days that you either can't get anything done right or the smallest thing takes an age.
I have no idea why some people put up with some of these appliances. If you bought a dish washer that made washing dishes even harder than it was before you'd return it to the store.
Every time I see the terms enterprise, fast, big data, scalable, cloud or anything of the like I bang my head on the table. One of these days I'm going to lose my fucking tits.10 -
Fucking fuckers!!! Why the fuck EVERY time I work from home, there's gotta be some jackass with a leaf blower, drill or chainsaw...4
-
I hate this feeling.
Changing stuff with a greamripers scythe around my neck called doubt because the available data isn't too convincing.
Then having to go big or nothing as it is an ecosystem change (e.g. changing the cipher suites of TLS, changing protocol - e.g. HTTP 1.1 to 2) so it needs to be consistent as otherwise fun stuff could happen (fun as in the grim reaper cuts off my neck except a few centimeters and plays "now your head is off, now your head is on" ).
To top it off - just few seconds after the change has happened people coming up in the support channel.
My hands are - mysteriously - not sweaty then. Rather cold.
Lil prayer to the heavens and getting the whiskey bottle...
Opening an ongoing discussion in support channel....
And they're discussing whether the page needs to have an additional arrow for going back to the last page or if the default page navigation is enough.
Constantly using @all so everyone gets pissed off due to being pinged every few seconds in a channel that was meant for emergency support.
Now my hands go from a dark red to a bright red, my nostrils flare out, my adrenaline goes through the roof and I literally wanna murder people....
Those days.
I hate those days.
And I hate the timing of some people...
Like they're deliberately fucking with me without knowing it, like the universe told them explicitly to do so just to fuck with me.
*gooozfraba*
And of course, everything else is fine and running smooth like butter, except that said discussion now goes on in a total flamewar so I get even more pings.
Sucks to be in management.
You have way to many rooms where people can annoy you.
To top it off - after being grumpy and pissed and angry for people just annoying the fuck out of me, I have to mediate.
Yeah. Cause the usual person is on vacancy.
*slowly strangling the whiskey bottle like homer does with bart*
Turns out after 15 mins listening to enraged UX designer vs Frontend Team Lead that UX designer meant a completely different thing - uploaded wrong screenshot, whole discussion was unnecessary.
*Nah. Fuck it. Drinking whiskey*
Reminding everyone what the fucking frigging support channel is meant for and that penis fights aka who got the longest schlong don't belong there....
"Yeah it was a mistake, but it wasn't so bad"
...
You pinged fucking 32 people like it was the end of the world, you ignorant fucktwads.
For over 5 mins.
For fucking frigging nothing except your tiny dicks and shitty egos.
*Second round of whiskey*
Back to work after a wasted half hour.
What says monitoring?
Ah. Everything's working.
At least luck hasn't failed me.
Good server. Brave server.
Then I hear this lil voice in my head: no.
The servers know your personality.
They're afraid. Terrified.
Somehow that thought makes me giggle always...
Childish? Maybe. But it helps on those days.... Funnily enough, remaining 3 hours noone said anything in any chat channel.
"I wonder why, I wonder how...."... *hum*
Top Tags
Weekly Rant
View