Meltdown is very easy to exploit, and doesn't need heavy CPU usage (well, the
obvious exploit is dumping all of kernel data space, which might be somewhat
slower than a memcpy() of that data. :-)
Essentially, you run a loop that uses speculative memory tests to load a unique
userspace cache l
Sent: Mon, Aug 13, 2018 at 11:45 pm
To: "dpr...@deepplum.com"
Cc: "Dave Taht" , cerowrt-devel@lists.bufferbloat.net,
"bloat"
Subject: Re: [Bloat] [Cerowrt-devel] fcc initial comments due sept 10
On Fri, 10 Aug 2018, dpr...@deepplum.com wrote:
> Now 25 Mb/se
Just to remind everyone, "Broadband" is a term invented by the cable industry
to describe "bundled cable TV, phone, and Internet", pretty much "aka DOCSIS".
The confidence game played on America was to promote the idea that the US would
deliver Broadband across the entire country (particularly r
pm
To: dpr...@deepplum.com
Cc: "Toke Høiland-Jørgensen" , "Daniel Ezell"
, "Cake List" ,
cerowrt-devel@lists.bufferbloat.net
Subject: Re: Re: [Cerowrt-devel] expressobin
On Wed, Aug 1, 2018 at 5:49 AM dpr...@deepplum.com wrote:
>
> Yeah. Small FF 2 port Celeron board i
Please note that my comments are from someone who, unlike Edge Security, has
been involved in secure systems design off and on since 1973, not 2003 which is
the level of expertise claimed by Edge Security. And I think I am the first
person to write an automated system kernel exploit generation t
I don't like complexity invading the kernel, personally. But it's Linux's
monstrous kernel these days. We also seem to have user code being executed in
the kernel (eBPF), another very risky thing regarding security, especially.
The kernel mode of a system has incredible and universal power over
Yeah. Small FF 2 port Celeron board is what I use. And I have a 4 port Atom
that runs like a bat out of hell.
Currenty fiddling with Xilinx Dev boards, just put packet processing in FPGA
for Cake, and no problem with 2.5 - 10 Gb/sec. Just need a free piece of low
level SFP+ interfacing logic.
Why 3 ports?
Other than what?
-Original Message-
From: "Dave Taht"
Sent: Tue, Jul 31, 2018 at 11:17 pm
To: "Outback Dingo"
Cc: "Outback Dingo" , "Cake List"
, cerowrt-devel@lists.bufferbloat.net
Subject: Re: [Cerowrt-devel] [Cake] expressobin
On Tue, Jul 31, 2018 at 8:10 PM Outback Di
uly 2018 at 08:15, Dave Taht wrote:
> On Thu, Jul 26, 2018 at 9:48 AM dpr...@deepplum.com
> wrote:
> >
> > How would one get Linux Foundation to raise money to sponsor a router
> software initiative?
>
> We tried. Personally, having bled out mentally and financial
How would one get Linux Foundation to raise money to sponsor a router software
initiative?
I can see that all the current network product OEMs might mass up to kill it or
make it fail. Kind of like coreboot vs. UEFI.
But maybe Facebook or Amazon or Google - dedicated white-box fan companies -
Embedded Linux is still a mess.
I've been putting some serious (hacking) effort into RISC-V, using the near
desktop class HiFive Unleashed board. The vendor (SiFive) and the RISC-V guys
use buildroot! There is a coreboot project, but nothing for the actual hardware
exists... Just a lashup for a
The FCC wants to throw people like you in jail, you know. The rules allowing
them to do so are coming into force.
-Original Message-
From: valdis.kletni...@vt.edu
Sent: Wednesday, July 25, 2018 3:14pm
To: "Dave Taht"
Cc: cerowrt-devel@lists.bufferbloat.net
Subject: Re: [Cerowrt-devel] So
The best is the enemy of the pretty good.
Isn't there some cumulative lag under load statistic that can be maintained by
a pinger sampling lag as a function of current rate (upload and download)? The
Pinger would only ping when load is above a threshold, and only count data as
valid if load dur
good rant!
-Original Message-
From: "Dave Taht"
Sent: Tuesday, June 19, 2018 3:33pm
To: "dpr...@deepplum.com"
Cc: cerowrt-devel@lists.bufferbloat.net, "bloat"
Subject: Re: Invisibility of bufferbloat and its remedies
Well, I ranted: http://blog.cerowr
ss was at the core
of the Internet.
-Original Message-
From: "Jonathan Morton"
Sent: Monday, June 18, 2018 7:17pm
To: "dpr...@deepplum.com"
Cc: "Dave Taht" , cerowrt-devel@lists.bufferbloat.net,
"bloat"
Subject: Re: [Bloat] Invisibility of buffer
m with Bufferbloat.
Comcast, on the other hand, has been slow-rolling DOCSIS 3.0, because their
customers on DOCSIS 2.0 are just ordering faster service tiers to overcome the
Bufferbloat in their DOCSIS 2 CMTS's.
-Original Message-
From: "Dave Taht"
Sent: Monday, June 18, 2
https://www.cordcuttersnews.com/3-easy-tips-to-fix-constant-buffering/
It's distressing how little the tech press understands the real problem.
Of course, cable companies like Charter and ATT who have mostly DOCSIS 2 gear
deployed can't admit to their plant being bloat-causing.
In fact it prote
hat while it may be that *geosynchronous equatorial orbit* is very
tightly occupied, most MEO and LEO space is not densely occupied at all.
-Original Message-----
From: "Christopher Robin"
Sent: Monday, March 12, 2018 1:34pm
To: "dpr...@deepplum.com"
Cc: cerowrt-devel@lists.bu
Well, that may be the case, but it's a non-scalable and highly corruptible
system. IMO it's probably unnecesary, too. Space is actually quite big.
-Original Message-
From: "Jim Gettys"
Sent: Monday, March 12, 2018 12:26pm
To: "Dave Taht"
Cc: cerowrt-devel@lists.bufferbloat.net
Subject
This is fascinating. Could it be that the idea of "open networks of satellites"
are going to start to play the role of WiFi or UWB? Scalable sharing of orbital
space, using a simple cooperative protocol? In other words, the first step
toward what Vint Cerf championed as the "Interplanetary In
This is one of things that is happening. Question is what would be the right
approach? Mozilla also seems to be hacking away with little architectural
thinking. Under the theory that you don't need a theory, just "good code".
What could go wrong?
How did we get Spectre in every processor imple
Even the Intel meltdown cannot reach between VMs that use hardware virtual
memory.
Relax, Dave.
The cloud now mostly uses hardware VMs. AWS old Xen instances, and containers
are subject to bad meltdown cloud attacks across containers.
Sad about ARM, but ARM servers are pretty rare at this tim
the exits!
Summary: hardware virtualization appears to be a pragmatic form of isolation
that works. And thus many cloud providers are fine.
-Original Message-----
From: "Jonathan Morton"
Sent: Friday, January 5, 2018 9:07am
To: "Dave Taht"
Cc: "dpr...@deeppl
As I continue to study the Spectre bug, I read the Project Zero post about
POC's they developed for Spectre.
[
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
](
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
)
e of least privilege".
-Original Message-
From: "Dave Taht"
Sent: Thursday, January 4, 2018 5:04pm
To: "dpr...@deepplum.com"
Cc: "Joel Wirāmu Pauling" , "Jonathan Morton"
, cerowrt-devel@lists.bufferbloat.net
Subject: Re: [Cerowrt-devel] KASLR: Do w
e heavy hitting NVF appliances tend to be large and span multiple
compute hosts (and therefore are the only tenannts on those computes) - this
isn't always the case.
It's a problem in that if you can get onto the hypervisor even as an
unprivileged user you can read out guest sto
Containers and kernel namespaces, and so forth are MEANINGLESS against the
Meltdown and Sceptre problems. It's a hardware bug that lets any userspace
process access anything the kernel can address.
-Original Message-
From: "Joel Wirāmu Pauling"
Sent: Thursday, January 4, 2018 4:52pm
T
Hmm... protection datacentres tend to require lower latencies than can be
achieved running on hypervisors.
Which doesn't mean that some datacenters don't do that.
As far as NFV is concerned, Meltdown only breaks security if a userspace
application is running on a machine where another user h
28 matches
Mail list logo
