On Sat, Jan 6, 2018 at 11:21 PM, Jules Merit
wrote:
I suppose it's one of those "If you have to ask..." things but can
anyone explain (any of) Jules Merit's posts for me?
Cheers,
Pete
wait and see if all these scrambled together mitigations actually work.
9front is not in the business of selling shared computing environments
(or sell executable javascript ads) to untrusted strangers.
that was never really safe to begin with. there will be bugs in software
and hardware. and
mark v shaney
On Wed, Jan 10, 2018 at 3:51 PM, Peter Hull wrote:
> On Sat, Jan 6, 2018 at 11:21 PM, Jules Merit
> wrote:
> I suppose it's one of those "If you have to ask..." things but can
> anyone explain (any of) Jules Merit's posts
good advice. i agree with the wait-and-see. i'm not convinced that this
issue is solvable.
using pip, npm and all the other ways of importing random code from
who-knows-where is insanity and plan9 systems (mostly?) avoid this practice.
having dedicated auth and fs servers (don't allow cpu'ing)
this is different. the side channel attack is easy and completes in milliseconds. it is not related to the expressiveness of js.- erik
i think "javascript in the browser" is implied here. and that is a HUGE
gate to close.
fortunately, we don't have such browsers in plan9 :)
On Wed, Jan 10, 2018 at 11:41 AM, Erik Quanstrom
wrote:
> to be fair, this vulnerability can be exploited with plain old
all binaries on any repo (9p.io, 9front.org, bell-labs.com) are taken on
faith to be safe; but it applies there too.
does anyone read all the various rc scripts carefully?
On Wed, Jan 10, 2018 at 12:30 PM, wrote:
> yeah, and javascript was NEVER dangerous before. like
to be fair, this vulnerability can be exploited with plain old _javascript_.On Jan 10, 2018 11:32, Skip Tavakkolian wrote:good advice. i agree with the wait-and-see. i'm not convinced that this issue is solvable.using pip, npm and all the other ways of importing random
yeah, and javascript was NEVER dangerous before. like it never
would steal your passwords or exploit bugs in the monstrosity
called a webbrowser. or ave bugs in the jit. all was perfectly
safe until now :-) we can perfectly trust the dozens of megabytes
injected from whoever pays the advertisement
Yea, TRUE story.
Sorry for noise.
2018-01-07 2:21 GMT+03:00 Jules Merit :
> AM,
> molly pot, Hollywood 666
> James Thomas Inferno plan9 doom
> E3M8 .dis
>
> On Dec 31, 2017 3:20 AM, "Andrew Wingorodov" wrote:
>
>> True story
>>
If your processor isn't affected, microcode patching and os work-around is
not needed. For example, intel atom d525, amd athlon 64 x2, arm7 (rpi's),
mips are fine.
On Jan 4, 2018 5:50 AM, "G B" wrote:
With the release of information about Spectre and Meltdown, and that
yep. i mentioned npm, but there are a few more.
On Wed, Jan 10, 2018 at 12:56 PM, Erik Quanstrom
wrote:
> it is also exploitable in node.js.
>
> On Jan 10, 2018 12:52, Skip Tavakkolian
> wrote:
>
> i think "javascript in the browser" is
it is also exploitable in node.js.On Jan 10, 2018 12:52, Skip Tavakkolian wrote:i think "_javascript_ in the browser" is implied here. and that is a HUGE gate to close.fortunately, we don't have such browsers in plan9 :)On Wed, Jan 10, 2018 at 11:41 AM, Erik Quanstrom
> all binaries on any repo (9p.io, 9front.org, bell-labs.com) are taken on
> faith to be safe; but it applies there too.
> does anyone read all the various rc scripts carefully?
how's that comparable? the broken promise is that web
code will be contained in the browser tab so nobody needs
to
> rpi3 is a safe choice
Safe against spectre perhaps, but there are interesting remote attacks
against the firmware in the bcm43xx wifi engine. I wouldn't want to bet
on plan 9's immunity to some variant of broadpwn.
On Wed, 10 Jan 2018 23:46:47 + Richard Miller <9f...@hamnavoe.com> wrote:
Richard Miller writes:
> > rpi3 is a safe choice
>
> Safe against spectre perhaps, but there are interesting remote attacks
> against the firmware in the bcm43xx wifi engine. I wouldn't want to bet
> on plan 9's
If Intel sells you lemons, make lemonade (ok, ok, at least a whiskey sour).
I myself welcome our new speculative overlords, and look forward to new
interesting predictions, and perhaps even a renewed interest in
single-address space systems, since that's what we've got.
On 10 January 2018 at
we foolishly assumed that intel and other cpu manufacturers would not do
stupid things, out of self interest, if nothing else.
stupid things like put a whole processor hidden inside every cpu since
pentium, running minix that "manages" what you thought was "your" cpu.
stupid things like have (and
yes; i had forgotten about that. fortunately there's the ethernet port.
https://www.blackhat.com/docs/us-17/thursday/us-17-Artenstein-Broadpwn-Remotely-Compromising-Android-And-iOS-Via-A-Bug-In-Broadcoms-Wifi-Chipsets.pdf
On Wed, Jan 10, 2018 at 3:46 PM, Richard Miller <9f...@hamnavoe.com>
19 matches
Mail list logo