* Posts by Chris Gray 1

364 publicly visible posts • joined 8 Jul 2009

Page:

New attack bypasses virtually all AV protection

Chris Gray 1
Go

Memory Attributes

Nice hack! Based on the multi-thread timing issues in an article a couple of weeks ago.

The AV software should not "pass" any code that is in writeable pages, or pages that non-privileged code can change the access of. The first test is fairly easy in Windows, I think, but I don't know about the second.

Leonard Nimoy in 'no more Spock' shock

Chris Gray 1
FAIL

A wee bit late!

Too bad you couldn't have posted this article *before* all of the events that it talks about using future tense.

Nimoy's appearance down in Vulcan made the news throughout Alberta. It looks like a good time was had by all.

(I lived in Vulcan for a couple of years, back when it was famous for its dozen or more grain elevators.)

Gelsinger stuns analysts and colleagues with storage pool plan

Chris Gray 1
Boffin

Not multiple masters

This is a very strange place to be arguing about this kind of technical thing, but the point has been raised.

You are assuming multiple masters. That is incorrect. There are multiple copies, and, depending on the configuration, multiple sites can write, and that can indeed introduce latency to sort it out. But, it is typically not much more than the round-trip time between the two writing sites. I don't think even worst-case was ever more than a second or so, and typically much, much less.

For a while, YY did consider SRDF as a competitor, but it later ended up as more of a partnership thing - each has their advantages, and situations where they are best. Since I left before the joining, I don't really know more on that.

If you want to get interesting, think about allowing multiple writers when the sites are out of communication. Then bring the sites back together. Fun stuff happens, and that's when there can be considerable time to resync things. Depending on how you have configured things, even that doesn't require all reads or writes to be blocked, however (e.g. if you have manually or automatically chosen a master for that situation, it and sites that did not lose communication with it can go ahead as normal, if memory serves me correctly.)

Chris Gray 1
Go

Large block storage only

I worked for YottaYotta for several years, but retired before the EMC buyout, so I'm not fully familiar with how the various aspects have been integrated.

The article correctly states that this is all being done with block storage - the YY back-end that does the long distance coherency is only at the raw data block level - it is not aware of things like files and directories. I don't know the details of how things are being configured, but the YY code can do distributed RAID-1's, so access to data does not need to all go to a single site - multiple copies of blocks can exist at multiple sites.

I also happen to agree with "nematode" - I do not want large corporations getting their grubby hands on my personal data. However, I have no fear that this EMC/YY project is intended to do that. The YY stuff includes expensive hardware to do its work - it does not run on PC's. So, rest easy on that aspect. This stuff will only see your personal data if you give that data to some corporation that happens to use this stuff on their storage network.

Tricorder/Aliens-motion-tracker handscanner kit gets $6m

Chris Gray 1
Go

Software Problem?

Isn't it all just a software problem? Build a gizmo with high sensitivity to electric fields, and some decent directionality. Add in very good motion sensing, so that it can tell which changes in its input are due to its own motion and orientation changes. Have lots of RAM to remember the full sensor values at high frequency for the last couple of minutes. Invent lots of computer algorithms to weed out unwanted signatures (power lines, signature of operator, signature of the device itself and other devices known to be nearby, etc.). More algorithms to dig out the patterns resulting from all sizes of targets. Display the targets discovered by this. Simple. :-) You might have to wait a bit until Intel/AMD/IBM can provide a Teraflop or two in the gizmo.

Hmm. With smart enough software, it likely doesn't need the motion sensing. It can display its results relative to itself, just like the Sci Fi ones do.

CIA-linked startup touts all-seeing eye for net spooks

Chris Gray 1
FAIL

Control of Internet?

I don't like this "IP Confidence System" idea. Imagine that it takes off and they have lots of clients continually asking them "can I trust this IP address?". Now imagine that you are a small commercial website that has somehow been marked as "not trustable". If things have gotten sufficiently far that browsers are asking the trust question, then you are doomed to fail. Mechanisms to get an "untrustable" marking removed will likely be as difficult as getting website ratings changed at Google.

Dear Adobe: It's time for security rehab

Chris Gray 1
Unhappy

@MyHeadIsSpinning

I've had Flashblock for ages. Added NoScript now. However, I don't see that it prevents allowed Flash from doing things. Flash internally has "ActionScript" or whatever they call it, that is based on JavaScript, but it is Adobe's own engine and so will not be affected by NoScript. At least, that's my understanding.

Chris Gray 1
Stop

Flash inherently unsafe?

I took flash off of my Linux box a while ago, but ended up putting it back on because it is so heavily used. It clearly needs fixing.

But, I don't think its just a matter of fixing bugs. To my mind, the main problem with it is that it is deliberately going around all restrictions that its hosting environment (usually a browser) might want to put around it. Firefox, for example, lets you control some of the things that JavaScript can do. Where are the controls for what Flash can do? Various versions give you a little bit of control, like turning off access to a camera or microphone. How do I stop it from doing *any* file system access whatsoever? I don't care if it burns CPU - I want it to have no access to anything I care about. But, I doubt Adobe would ever do that, because they *want* it to bypass any protections the browser might try to put in its way. About all that a browser could do would be to put the Flash engine into a very solid OS-supported sandbox. Until Adobe puts reasonable restrictions on it, that's what browser developers should do. At least make that an option!

I have no problem with Flash being a way to play videos and to implement platform-independent games. I doubt I'll ever want to allow it to do anything else, so please, someone, give me a tool that lets me prevent it from doing more. And yes, in an open source world, I could get the source to Firefox and do it myself. However, I'm already working hard on my own to-be-open-source project, and the current Firefox developers could do it much faster and more reliably.

Google to ape Apple with Nexus One 3G patch

Chris Gray 1
Boffin

Same chip/stack?

Do the two devices by chance share some 3G-related hardware (or chip manufacturer's default drivers)? Perhaps the real problem is with it, and custom software patches are needed to make the chip manufacturer's code work better. If so, I imagine there are some chuckles going on in Apple. Likely are anyway!

Ex-AMD exec called own company 'pathetic'

Chris Gray 1
Thumb Down

Disagree

Having worked in the software side of an R&D company, I'll say that trusting a sales person on technical issues (or technical competency) is a bad idea. They will all too often promise customers what they have been told the company cannot deliver in the time stated. Then, when the technical folks say they can't do it, or are forced into doing some half-baked kludge, they get the blame for not producing what was "promised to the customer".

What has AMD done?

- produced and shipped true 64 bit X86 processors. Intel was forced to play catch-up and had to copy AMD's instruction extensions to be compatible.

- produced and shipped processors using integrated memory controllers, which was a big part of Athlon's performance advantage. Again, Intel had to catch up

- produced early true multi-core X86 chips. Intel responded by squishing two chips into one package, and only later had true dual-core chips

And remember, it was Intel that had the infamous floating point bug in their processors, not AMD. (Virtually all CPU chips have bugs, but you usually find out about them from the manufacturer, not by discovering incorrect results!)

Nissan demos leaning e-car

Chris Gray 1

maintainance?

Looks fun to drive, but there are a lot of extra moving pieces. It looks like the front wheels tilt, and all four fenders pivot up and down. It could be a problem to keep it all working properly if you go on a lot of muddy roads.

Clever attack exploits fully-patched Linux kernel

Chris Gray 1
Boffin

gcc flag

Well, this interested me, so I wanted to check. Here is what "info" says about that gcc flag:

-fdelete-null-pointer-checks

Use global dataflow analysis to identify and eliminate useless checks for null pointers. The compiler assumes that dereferencing a null pointer would have halted the program. If a pointer is checked after it has already been dereferenced, it cannot be null.

In some environments, this assumption is not true, and programs can safely dereference null pointers. Use -fno-delete-null-pointer-checks to disable this optimization for programs which depend on that behavior.

Enabled at levels -O2, -O3, -Os.

I don't know the kernel environment, so I don't know what happens on a NULL pointer dereference there. But, with typical user code, what gcc is doing is reasonable, if a bit extreme.

The bug is in the kernel code, where the check is *after* the dereference. Even if the author knows that that works in the kernel environment, I think it is still a bad idea because it is quite non-obvious. If performance is that critical, then add a comment explaining what is going on. Adding the gcc flag to the kernel compile flags will help.

All IMHO of course - I'm not a kernel developer.

NASA data shows 'dramatically' thinned Arctic ice

Chris Gray 1

@ Displacement

Water expands as it freezes to ice. That's why ice floats (its lighter than water). But, there is a lot (most of it) of ice that is above sea level. When it melts, the water runs down into the sea, thus raising the sea level.

New boffinry: North Atlantic could be massive CO2 sink

Chris Gray 1
Stop

Just the iron

To those suggesting chucking things in the ocean: keep in mind that even if this does turn out to be a good thing, its only the iron that is wanted. So, before using this as an excuse to dispose of your unwanted goods, please remove everything that isn't iron, first. This includes paint, oil, grease, artificial rubber, etc.

Not much point in trying to feed plankton if you are poisoning everything.

Page: