Details
-
Skillscss, js, jquery, php (laravel).
-
Locationgermany
Joined devRant on 2/16/2017
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
Me: IT call center.
Lady: Hi! I cant access the shared folder!
Me: Ok. I'll try and help you out. Whats happening when you click on it?
Lady: ok ok... {clicks}... Now it's asking me to entered my password. Should I enter it?
Me: Do you know it?
Lady: Yeah.
Me: yeah try entering it.
Lady: YES. That worked! Thank you so so much!!!
Me: No problem. Have a good day!13 -
Okay, this is a rather technical rant and I am sure some of you are working on the patches already, if you are then lets connect cause, I am an ardent researcher for the same as of now.
So here it goes:
As soon as kernel page table isolation(KPTI) bug will be out of embargo, Whatsapp and FB will be flooded with over-night kernel "shikhuritee" experts who will share shitty advices non-stop.
1. The bug under embargo is a side channel attack, which exploits the fact that Intel chips come with speculative execution without proper isolation between user pages and kernel pages. Therefore, with careful scheduling and timing attack will reveal some information from kernel pages, while the code is running in user mode.
In easy terms, if you have a VPS, another person with VPS on same physical server may read memory being used by your VPS, which will result in unwanted data leakage. To make the matter worse, a malicious JS from innocent looking webpage might be (might be, because JS does not provide language constructs for such fine grained control; atleast none that I know as of now) able to read kernel pages, and pawn you real hard, real bad.
2. The bug comes from too much reliance on Tomasulo's algorithm for out-of-order instruction scheduling. It is not yet clear whether the bug can be fixed with a microcode update (and if not, Intel has to fix this in silicon itself). As far as I can dig, there is nothing that hints that this bug is fixable in microcode, which makes the matter much worse. Also according to my understanding a microcode update will be too trivial to fix this kind of a hardware bug.
3. A software-only remedy is possible, and that is being implemented by all major OSs (including our lovely Linux) in kernel space. The patch forces Translation Lookaside Buffer to flush if a context switch happens during a syscall (this is what I understand as of now). The benchmarks are suggesting that slowdown will be somewhere between 5%(best case)-30%(worst case).
4. Regarding point 3, syscalls don't matter much. Only thing that matters is how many times syscalls are called. For example, if you are using read() or write() on 8MB buffers, you won't have too much slowdown; but if you are calling same syscalls once per byte, a heavy performance penalty is guaranteed. All processes are which are I/O heavy are going to suffer (hostings and databases are two common examples).
5. The patch can be disabled in Linux by passing argument to kernel during boot; however it is not advised for pretty much obvious reasons.
6. For gamers: this is not going to affect games (because those are not I/O heavy)
Meltdown: "Meltdown" targeted on desktop chips can read kernel memory from L1D cache, Intel is only affected with this variant. Works on only Intel.
Spectre: Spectre is a hardware vulnerability with implementations of branch prediction that affects modern microprocessors with speculative execution, by allowing malicious processes access to the contents of other programs mapped memory. Works on all chips including Intel/ARM/AMD.
For updates refer the kernel tree: https://git.kernel.org/…/ke…/...
For further details and more chit-chats refer: https://lwn.net/SubscriberLink/...
~Cheers~
(Originally written by Adhokshaj Mishra, edited by me. )23 -
Boss: “Our YouTube channel doesn’t look at all like our website.”
Me: “I’ve made it look as close to our branding as YouTube allows for with its limited editing controls.”
Boss: “This is unacceptable. I expected more from you.”
Me: “I cannot accept the blame for this. YouTube is setting the design parameters for all channels and I can only do so much.”
Boss: “You can call the YouTube, can’t you? Why didn’t you call them?”
Me: “.......and ask them....what?”
Boss: “You don’t ask! You tell! Our company has been around for 140 years. Our brand name carries that weight. They’ll change their design to what we need if you’re assertive enough.”
Me: “Ma’am, that’s just not how this works. That’s not how any of this works.”50 -
Watched this movie called Unthinkable where the guy who is supposed to defuse the bomb is typing gibberish into Excel 😂😂😂21
-
So I learned something today. Always disable guest sessions in your Linux machine in a work environment.
Walked away from my pc to talk to a fellow Linux engineer.
Came back to a screen with pornhub and porn playing.
"wait how the hell? I locked my pc...?!?"
"ever heard of guest sessions mate? 😆"
😓
*silently disables guest sessions*
Well okay learned that one the hard way 😅30 -
“My Boss arrived at work in a brand new Ferrari.
I told him: “Wow that’s a nice car”.
He replied:
“If you work hard, put all your hours in, and strive for ''Excellence'', I'll get another one next year”.”
Source:
Reddit
My boss arrived at work in a brand-new Lamborghini. • r/Jokes3 -
We all have that kind of friend who is losing his shit , screaming , swearing , crying , whenever the code doesn't work as planned.16
-
Honestly: I love my job. Every day. I get paid to do what I love to do. And when I get home after sometimes 11 hours of work, I turn on my notebook to do exactly what I did at work - just as a relaxation method.5
-
I don't understand why so many people fight this war of tabs vs spaces. My colleagues elegantly solved the problem just not using indentation at all36
-
This guy at my last internship. A windows fanboy to the fucking max!
He was saying how he'd never use anything related to Linus Torvalds because he hated him for creating Linux.
Two seconds later I saw him initializing a new git repo.
I was standing there like:
*should I tell him?*
😅😆70 -
Fixed this assholes phone for her... she proceeds to take the phone and say “thanks for fixing it, it was kind of you to do it for free!”
Uhm, ex-fucking-cuse me?! I run a business, not a god damned charity.
She got me my fucking money.108 -
My dumb CEO just hired an even dumber CTO. The new CTO asked me the following questions...
1. What is GitHub?
2. What is JSON?
3. What’s an array?
4. What is Get and what is Post?
5. When an iPhone is offline, can it call an API on our server to tell us it’s offline?
6. I know you’ve spent 11 month the writing this backend in PHP but can you change it to Java now?
Me: Why?
Dumb CTO: Because it’s better.
Me: How?
Dumb CTO: because it is.
7. I know you’ve started to rewrite this codebase I Java but can you convert it to Node.JS now?
Me: Why?
Dumb CTO: Because Facebook uses it.
8. What is MySQL? Why aren’t you using a database instead?
9. What does NULL mean?
Somehow, I doubt that asshole is remotely qualified for the job.
Fakin shyt for brains.180 -
Apple rejected my app, because they throught there was a frickin Windows phone on my loading screen.
How insecure can you be?30