Nando Sola @mr_solo@mastodon.social

"Sysadmins needed to create MBR partitions and then nest disklabel partitions inside those MBR partitions.²

² In the quarter century since then, the BSD community has spent innumerable work-hours explaining and then justifying that decision. Learn from our pain. Don’t port your OS to commodity hardware."

#af3e

a type of problem that a quantum computer can solve but that any possible future classical computer cannot

https://www.quantamagazine.org/finally-a-problem-that-only-quantum-computers-will-ever-be-able-to-solve-20180621/

https://newsroom.intel.com/news-releases/intel-ceo-brian-krzanich-resigns-board-appoints-bob-swan-interim-ceo/

The given excuse is there was a past consensual relationship with an employee, violating internal rules against fraternization.

Thank you #OpenBSD for disabling HyperThreading on Intel. I could not agree more.

HyperThreading was a mis-guided attempt at improving performance of Java threads by copying the SPARC processors without having the SPARC architecture… as usual with these marketing-driven issues it is coming back to bite Intel (and us…).

I never, literally never, ran a piece of code benefitting from HyperThreading nor ever heard anyone brag about it.

Paper about #LazyFP Intel CPU flaw is out:
“LazyFP: Leaking FPU Register State using Microarchitectural Side-Channels”

https://blog.cyberus-technology.de/images/lazyFP.pdf

More details about the #LazyFP Intel CPU issue. Affected OSes:
- Linux (mostly pre 4.4.y, y < 138)
- FreeBSD
- Windows
- KVM when run on affected Linux kernel versions
- All Xen versions and generally all hypervisors that employ lazy FPU switching

Affected CPUs:
- Verified on the Intel Core microarchitecture from Sandy Bridge to Skylake
- State of other processors unclear

There are also attack details, at least for one of three variants they discovered.

http://blog.cyberus-technology.de/posts/2018-06-06-intel-lazyfp-vulnerability.html

On May 3rd heise rumours about 8 more spectre type bugs: https://heise.de/-4040648

It took an unknown amount of time to puzzle out the FPU problem (CVE-2018-3665).

After that it took Philip Guenther 2 weeks to fix it.

It took Colin Percival 5 hours to weaponise it.

Responsible disclosure means that certain people can fix their shit in their own time, disclose the vuln and leave the rest hanging.

I guess some people have a responsibility towards their stock options.

"Speculating about Intel" by Theo de Raadt. A lunchtime BoF at #BSDCan

Yes, it will be livestreamed.

http://www.bsdcan.org/2018/schedule/events/1035.en.html

Another good reading list this Friday from Bruce Lawson: http://www.brucelawson.co.uk/2018/reading-list-200/

Good 29A mirror with all zines present + intact http://dsr.segfault.es/stuff/website-mirrors/29A/main.html

#Ruby Web Application Security Defense in Depth by Jeremy Evans. Video isn't available afaik but all slides include the speaker's notes. https://code.jeremyevans.net/presentations/rubyhack2018/index.html#1 #OpenBSD

I've been active as a professional since the 90s. I saw #Microsoft at the height of their predatory practices. I saw the Ballmer years.

Even so, the reactions around their acquiring #Github feel like hysteria and histrionics.

Run your projects where you will. I use Gitlab for my own things. But do it because you evaluate the trade-offs and choose, not because you get swept up in some meme.

You may find the alternatives aren't as stable, usable or available as you'd expect.

"Damn, this centralized tool with paid premium features we blindly rely on has been bought by Microsoft, so let's move to this other centralized tool with paid premium features."

See, that's why we can't have nice things on the Internet.

I just realized: Electron is a #github project. Microsoft now owns the software tool that many developers were counting on opening up cross-platform development (though it's open source). Any thoughts on how that plays into all this?

This is a note to people moving their repositories blindly to Gitlab.org: do you know Google is actually a huge investor in Gitlab?

The issue is not about Microsoft buying Github. The issue is about centralization and silos.

You do not solve that by moving your data from one silo to another.

You solve that by relying on small providers you can trust, or by becoming a provider yourself.