On 2018-01-06, Ian Kelly wrote:
>
>> > Furthermore, I'd like to know if Python can mitigate hardware-specific
>> > timing attacks.
>>
>> For CPython, probably not. Anything that Cpython tried to do could be
>> trivially defeated by using something like ctypes to make calls to
>> arbitrary machine
On Sat, Jan 6, 2018, 4:45 PM Grant Edwards
wrote:
> On 2018-01-06, Etienne Robillard wrote:
> >
> >
> > Le 2018-01-06 à 15:49, J.O. Aho a écrit :
> >> On 01/06/18 13:43, Etienne Robillard wrote:
> >>> My understanding of this vulnerability is that speculative indirect
> >>> calls in Linux kernel
On 2018-01-06, Etienne Robillard wrote:
>
>
> Le 2018-01-06 à 15:49, J.O. Aho a écrit :
>> On 01/06/18 13:43, Etienne Robillard wrote:
>>> My understanding of this vulnerability is that speculative indirect
>>> calls in Linux kernel can be used to extract/filter memory content via
>>> side-channel
On 01/06/2018 10:23 PM, Etienne Robillard wrote:
> It's unclear to me whether AMD CPUs are affected by theses design flaws.
As far as I understand, AMD (and possibly ARM) is unaffected by Meltdown
(except for possibly some very new processors). It seems like basically
all modern out of order proce
Le 2018-01-06 à 15:49, J.O. Aho a écrit :
On 01/06/18 13:43, Etienne Robillard wrote:
My understanding of this vulnerability is that speculative indirect
calls in Linux kernel can be used to extract/filter memory content via
side-channels.
Not just Linux, but all other OS:es, Microsoft and Ap
On 01/06/18 13:43, Etienne Robillard wrote:
> My understanding of this vulnerability is that speculative indirect
> calls in Linux kernel can be used to extract/filter memory content via
> side-channels.
Not just Linux, but all other OS:es, Microsoft and Apple been patching
in secret as they have
On Fri, Jan 5, 2018 at 1:15 AM, Etienne Robillard
wrote:
> Forwarding this thread to the CFFI developers...
>
> Re Paul: Thanks for your feedback.
>
> My intended audience are developers who can use hg to fetch/build source
> code without pip.
>
> Best regards,
>
> Etienne
>
I'd like to underst
On Wednesday, January 3, 2018 at 1:11:31 PM UTC-5, Skip Montanaro wrote:
> The zipfile module is kind of cool because you can access elements of
> the archive without explicitly uncompressing the entire archive and
> writing the structure to disk. I've got some 7z archives I'd like to
> treat the s
> Have you looked at libarchive (https://pypi.python.org/pypi/libarchive)?
Thanks, was completely unaware of its existence. I will take a look.
I've been repackaging the 7z archives as zips, but the result is 3-5x
larger.
Skip
--
https://mail.python.org/mailman/listinfo/python-list
My understanding of this vulnerability is that speculative indirect
calls in Linux kernel can be used to extract/filter memory content via
side-channels.
So, is it time to implement --enable-retpoline to CPython ? [1]
Etienne
1.
https://www.bleepingcomputer.com/news/google/google-unveils-new
Hi all,
What do you think about the latest Spectre/Meltdown security flaw found
in Intel processors and Apple smartphones?
Are Python 2.7 and 3.6 affected by speculative execution side-channel
attacks when using the Linux kernel and Intel CPUs?
Best regards,
Etienne
--
Etienne Robillard
On 2018-01-03 12:10:22 -0600, Skip Montanaro wrote:
> The zipfile module is kind of cool because you can access elements of
> the archive without explicitly uncompressing the entire archive and
> writing the structure to disk. I've got some 7z archives I'd like to
> treat the same way (read specifi
github?
On Fri, Jan 5, 2018 at 8:27 PM, Kim of K. wrote:
>
> "Background
>
> We feel that the world still produces way too much software that is
> frankly substandard. The reasons for this are pretty simple: software
> producers do not pay enough attention [...]"
>
>
> quote from http://texttest
in 788357 20180105 132921 Kevin Walzer wrote:
>On 1/1/18 11:45 AM, X. wrote:
>> Ulli Horlacher:
>>> I have to transfer a python 2.7 CLI programm into one with a (simple) GUI.
>>> The program must run on Linux and Windows and must be compilable with
>>> pyinstall, because I have to ship a standalon
14 matches
Mail list logo
