Re: [9fans] Spectre and Meltdown

2018-01-15 Thread Jules Merit
srv ieee-754 trouble, GDS-II stream On Mon, Jan 15, 2018 at 4:51 PM, Jules Merit wrote: > 23hiro now has dead 46 planberries, no see front > c h ke > > On Fri, Jan 12, 2018 at 3:45 AM, hiro <23h...@gmail.com> wrote: >> Cool, so we now have a lot of wifi support

Re: [9fans] Spectre and Meltdown

2018-01-15 Thread Jules Merit
23hiro now has dead 46 planberries, no see front c h ke On Fri, Jan 12, 2018 at 3:45 AM, hiro <23h...@gmail.com> wrote: > Cool, so we now have a lot of wifi support in total. never imagined that. > > There's prism(Lucent WaveLAN), Ralink RT2860, Ralink RT3090, a bunch > of intels, AND that rpi. >

Re: [9fans] Spectre and Meltdown

2018-01-15 Thread cinap_lenrek
> As far as I can remember plan9 flush tables very often and clearly > separate kernel memory pages and user space memory. no. the kernel is mapped in each user process but with PTEUSER bits clear (owner bit) in the pte so user process cannot access it (but with meltdown, it can). -- cinap

Re: [9fans] Spectre and Meltdown

2018-01-15 Thread Giacomo Tesio
2018-01-10 17:59 GMT+01:00 : > wait and see if all these scrambled together mitigations actually work. Sorry if this is a dumb question, but the descriptions I read of the mitigations taken in Linux for Meltdown (in particular kernel page-table isolation) sound really

Re: [9fans] Spectre and Meltdown

2018-01-12 Thread hiro
Cool, so we now have a lot of wifi support in total. never imagined that. There's prism(Lucent WaveLAN), Ralink RT2860, Ralink RT3090, a bunch of intels, AND that rpi. IIUC only the wavelan stuff has hardmac, so no wifi.c -> no wpa2 there.

Re: [9fans] Spectre and Meltdown

2018-01-11 Thread Richard Miller
> when did you implement wifi on the rpi?! Late 2016. And yes, it works with wpa2 (thanks to cinap's aux/wpa).

Re: [9fans] Spectre and Meltdown

2018-01-11 Thread Rui Carmo
If that’s working with WPA2, I’m interested too. > On 11 Jan 2018, at 09:35, hiro <23h...@gmail.com> wrote: > > when did you implement wifi on the rpi?! >

Re: [9fans] Spectre and Meltdown

2018-01-11 Thread hiro
when did you implement wifi on the rpi?!

Re: [9fans] Spectre and Meltdown

2018-01-10 Thread Skip Tavakkolian
yes; i had forgotten about that. fortunately there's the ethernet port. https://www.blackhat.com/docs/us-17/thursday/us-17-Artenstein-Broadpwn-Remotely-Compromising-Android-And-iOS-Via-A-Bug-In-Broadcoms-Wifi-Chipsets.pdf On Wed, Jan 10, 2018 at 3:46 PM, Richard Miller <9f...@hamnavoe.com>

Re: [9fans] Spectre and Meltdown

2018-01-10 Thread Bakul Shah
On Wed, 10 Jan 2018 23:46:47 + Richard Miller <9f...@hamnavoe.com> wrote: Richard Miller writes: > > rpi3 is a safe choice > > Safe against spectre perhaps, but there are interesting remote attacks > against the firmware in the bcm43xx wifi engine. I wouldn't want to bet > on plan 9's

Re: [9fans] Spectre and Meltdown

2018-01-10 Thread Richard Miller
> rpi3 is a safe choice Safe against spectre perhaps, but there are interesting remote attacks against the firmware in the bcm43xx wifi engine. I wouldn't want to bet on plan 9's immunity to some variant of broadpwn.

Re: [9fans] Spectre and Meltdown

2018-01-10 Thread Charles Forsyth
If Intel sells you lemons, make lemonade (ok, ok, at least a whiskey sour). I myself welcome our new speculative overlords, and look forward to new interesting predictions, and perhaps even a renewed interest in single-address space systems, since that's what we've got. On 10 January 2018 at

Re: [9fans] Spectre and Meltdown

2018-01-10 Thread Skip Tavakkolian
we foolishly assumed that intel and other cpu manufacturers would not do stupid things, out of self interest, if nothing else. stupid things like put a whole processor hidden inside every cpu since pentium, running minix that "manages" what you thought was "your" cpu. stupid things like have (and

Re: [9fans] Spectre and Meltdown

2018-01-10 Thread cinap_lenrek
> all binaries on any repo (9p.io, 9front.org, bell-labs.com) are taken on > faith to be safe; but it applies there too. > does anyone read all the various rc scripts carefully? how's that comparable? the broken promise is that web code will be contained in the browser tab so nobody needs to

Re: [9fans] Spectre and Meltdown

2018-01-10 Thread Skip Tavakkolian
yep. i mentioned npm, but there are a few more. On Wed, Jan 10, 2018 at 12:56 PM, Erik Quanstrom wrote: > it is also exploitable in node.js. > > On Jan 10, 2018 12:52, Skip Tavakkolian > wrote: > > i think "javascript in the browser" is

Re: [9fans] Spectre and Meltdown

2018-01-10 Thread Erik Quanstrom
it is also exploitable in node.js.On Jan 10, 2018 12:52, Skip Tavakkolian wrote:i think "_javascript_ in the browser" is implied here. and that is a HUGE gate to close.fortunately, we don't have such browsers in plan9 :)On Wed, Jan 10, 2018 at 11:41 AM, Erik Quanstrom

Re: [9fans] Spectre and Meltdown

2018-01-10 Thread Skip Tavakkolian
i think "javascript in the browser" is implied here. and that is a HUGE gate to close. fortunately, we don't have such browsers in plan9 :) On Wed, Jan 10, 2018 at 11:41 AM, Erik Quanstrom wrote: > to be fair, this vulnerability can be exploited with plain old

Re: [9fans] Spectre and Meltdown

2018-01-10 Thread Skip Tavakkolian
all binaries on any repo (9p.io, 9front.org, bell-labs.com) are taken on faith to be safe; but it applies there too. does anyone read all the various rc scripts carefully? On Wed, Jan 10, 2018 at 12:30 PM, wrote: > yeah, and javascript was NEVER dangerous before. like

Re: [9fans] Spectre and Meltdown

2018-01-10 Thread Erik Quanstrom
this is different.  the side channel attack is easy and completes in milliseconds.  it is not related to the expressiveness of js.- erik

Re: [9fans] Spectre and Meltdown

2018-01-10 Thread cinap_lenrek
yeah, and javascript was NEVER dangerous before. like it never would steal your passwords or exploit bugs in the monstrosity called a webbrowser. or ave bugs in the jit. all was perfectly safe until now :-) we can perfectly trust the dozens of megabytes injected from whoever pays the advertisement

Re: [9fans] Spectre and Meltdown

2018-01-10 Thread Erik Quanstrom
to be fair, this vulnerability can be exploited with plain old _javascript_.On Jan 10, 2018 11:32, Skip Tavakkolian wrote:good advice. i agree with the wait-and-see. i'm not convinced that this issue is solvable.using pip, npm and all the other ways of importing random

Re: [9fans] Spectre and Meltdown

2018-01-10 Thread Skip Tavakkolian
good advice. i agree with the wait-and-see. i'm not convinced that this issue is solvable. using pip, npm and all the other ways of importing random code from who-knows-where is insanity and plan9 systems (mostly?) avoid this practice. having dedicated auth and fs servers (don't allow cpu'ing)

Re: [9fans] Spectre and Meltdown

2018-01-10 Thread cinap_lenrek
wait and see if all these scrambled together mitigations actually work. 9front is not in the business of selling shared computing environments (or sell executable javascript ads) to untrusted strangers. that was never really safe to begin with. there will be bugs in software and hardware. and

Re: [9fans] Spectre and Meltdown

2018-01-10 Thread Skip Tavakkolian
If your processor isn't affected, microcode patching and os work-around is not needed. For example, intel atom d525, amd athlon 64 x2, arm7 (rpi's), mips are fine. On Jan 4, 2018 5:50 AM, "G B" wrote: With the release of information about Spectre and Meltdown, and that

[9fans] Spectre and Meltdown

2018-01-04 Thread G B
With the release of information about Spectre and Meltdown, and that Microsoft and Linux have released patches for Meltdown and Apple soon to release a patch, I am wondering how Meltdown, or even Spectre, would or wouldn't affect Plan 9 and/or 9front given the use of namespaces.