Please create an account to participate in the Slashdot moderation system


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Hopefully this doesn't result in (Score 1) 72

There are a number of alternatives -- flushing the BTB on ring switch seems a reasonable starting point. It should eliminate most privilege escalations.
Making the address randomization affect bits outside the range seen by the BTB indexing scheme would also make the attack much more difficult. This would require some non-trivial OS kernel changes

The BTBs themselves can be multi-level and pretty large -- they could form part of a process context, but they'd add several kbytes to it. There is no hardware support to save/restore this resource, and it'd have to be *fast* to be of any use. For paranoid people, flushing the BTB on every process (not thread) switch would pretty much stop this attack in its tracks, with a small performance penalty.

It's not clear that making the BTB part of the process context would make things faster overall -- you'd get better prediction, and worse ctx switch overhead. It's not clear to me which would win.

Comment Re:Dumb pipe (Score 1) 225

Let me fix that for you;

-- Rightscorp ALLEGES copyright infringement (with little or no evidence to back up the assertion)
-- Rightscorp notifies ISP, claiming airtight proof, when all they have is some tracker somewhere saying that your IP was part of a swarm at some (unverified) time.
-- ISP tells user to knock it off
-- User continues infringing (assuming they were, or not) and Rightscorp allegedly identifies it again.
-- Rightscorp notifies ISP
-- ISP tells Rightscorp to piss off with their unproven assertions with no evidence.

Comment Data Driven? Bullshit. (Score 3, Insightful) 213

In North America our justice systems are not Data Driven, and they never will be -- they are Revenge Driven. If we were to be Data Driven, we would have a system like Norway -- where recidivism is dramatically lower than what we have here.

The only way to make such a thing happen here would be to persuade the prison industrial complex that it would be more profitable that way. Of course they believe the opposite is true -- lower recidivism would mean fewer prisoners, and that means lower profits.

Comment Re:More specifically, Rice's theorem applies... (Score 1) 116

Indeed they are key -- what they mean is that even if you can come up with an algorithm to prove a property for *all* existing programs, it is possible (and in practice usually *trivial*) to construct a program where that algorithm will provably fail. Remember hackers need only find one hole to siphon off your ether.

This system (or any currency for that matter) needs a mechanism for defining, detecting and reversing fraud, and unmasking those perpetrating it. You have to assume it's only a matter of "when", not "if" fraud will take place.

Computability theory is *fun* :-)

Comment Re:Would using the Rust prog lang have avoided thi (Score 1) 116

Mod parent up.

So long as the contract language used by Etherium is Turing-complete, they're pretty much doomed to having this sort of thing repeating. To their credit, they have mechanisms to, through community consensus, block and reverse these thefts.
(A good currency design should be tolerant of fraud -- assume it will happen, and have in place mechanisms for detecting and reversing it.)

In support, I give you Rice's Theorem;

"there exists no automatic method that decides with generality non-trivial questions on the behavior of computer programs."

Comment Microsoft (and google, apple and the rest) (Score 1) 73

STOP watching/tracking what I'm doing with my computer -- it's creepy as fuck!

(Switched to Mac years ago, not going back to windows and it's "telemetry". Not so sure of Apple either, but at least they claim to not track users and collect data on them -- their business model (currently) is selling shiny toys -- not selling data. And they have been pushing back on surveillance in the courts and their encryption is good. Filevault should be on by default.)

Slashdot Top Deals

Old programmers never die, they just become managers.