* Posts by jch

11 publicly visible posts • joined 3 Apr 2016

SAE says yes to making Tesla EV chargers an American standard


Re: CCS may be a standard, but not a good one

Unless I’m massively wrong, a UK Model 3 has a CCS connector. It definitely fits; if it didn’t a model 3 wouldn’t be able to use a Tesla supercharger which might be considered a bit of a disadvantage.

Let's... drawer a veil over why this laser printer would decide to stop working randomly


Well, you say that but ...

A long time ago there was a PDP11/70 with an intermittent crashing problem. Engineers were called out to scratch their heads, mutter under their breaths, and leave the problem unfixed.

Eventually, by accident, one of the engineers happened to swing the rear door panel of the cabinet out of the way so he could get past. The 11/70 promptly crashed.

It transpired that there was a cable that was disturbed when said panel blew in the aircon breeze. The cable was replaced and all was happy until it rained.

(The machine room was underground and the building covered an old stream which occasionally resurfaced in the far corner)

Stuck inside with nothing to do? Apple fires out security fixes for iOS, macOS, wrist-puters... and something weird called iTunes for Windows


Re: (CVE-2019-19232) that allows commands to be run "as a non-existent user"

I can only think that if you can run a program as a UID that doesn’t exist on a local machine of some sort you can use that to exploit another machine of some kind.

I don’t really believe that this is a vulnerability and it certainly doesn’t deserve its CVSS score.

All good, leave it with you...? Chap is roped into tech support role for clueless customer


Helping out friends

The receptionist and the remaining sysadmin were both friends: I wasn't about to leave them in the lurch. Both had left a few months later.

Linus Torvalds opts for the scream test: Linux kernel syscall tweaked to shut data-leak hole – anyone upset, yell now


Hands up everyone that’s heard of mincore(2)

OK. Anyone who hasn’t used it in anger, please put your hands down.

Who’s left?

The authors of the paper noted that in their admittedly limited test that mincore wasn’t even called once.

I’m sure there is a good use for it, but I’m unsure what.

New side-channel leak: Boffins bash operating system page caches until they spill secrets


Re: Linux patch

Yes, it is a change of semantics. Previously you could find out if someone had recently been looking at, say, /usr/share/dict/words but with the patch you can’t. You can only find out if a file is mapped by a process.

In practice this is not likely to be a big deal: mincore(2) is not exactly heavily used. You can still use mincore(2) to find out if some shared library, for example, is in use because it is mapped. You can’t know whether the pages behind the map are resident or not.


Linux patch

Linux now has a patch: 574823bfab82 ("Change mincore() to count "mapped" pages rather than "cached" pages")

It changes the semantics of mincore(2) to report mapped pages rather than present pages which means that you can no longer use that to determine if a file is present in the cache. You might still be able to mount a timing attack by flushing pages and measuring how long it takes to load the page to determine whether it was present before you loaded it. Whether that makes the attack infeasibly slow I wouldn't like to say.

Systemd kills Deb processes


Re: Why user processes should persist after logout?

I do this regularly. I kick off a long-running compile, for example, then I log out because I'm going home and I'm not going to be logged in.

People have worked like this for a long time and now systemd comes along and says, no you can't do that, you must stay at work until 10pm watching your long running build run.

What struck me as especially stupid was the comment that perhaps system users should be exempt from that policy. What's a system user? The user created for that application software you just installed? You're not retrospectively insisting that application software should have its user's uid < 1000 but those uids are informally reserved for system use, not application use.

systemd needs a dose of real-life -- forcing your own desktop world view on everyone is preternaturally arrogant and stupid.

Microsoft lures top Linux exec from Oracle to Redmond


Re: Open Source?

I've even more sure you're wrong now :)


Re: Open Source?

Wrong on both counts.