Kernel, Programming, and Standards
-
Kernel Space
-
Wired ☛ ‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections
Security flaws in your computer's firmware, the deep-seated code that loads first when you turn the machine on and controls even how its operating system boots up, have long been a target for hackers looking for a stealthy foothold. But only rarely does that kind of vulnerability appear not in the firmware of any particular computer maker, but in the chips found across hundreds of millions of PCs and servers. Now security researchers have found one such flaw that has persisted in AMD processors for decades, and that would allow malware to burrow deep enough into a computer's memory that, in many cases, it may be easier to discard a machine than to disinfect it.
-
University of Toronto ☛ How Linux kernel driver modules for hardware get loaded (I think)
Once upon a time, a long time ago, the kernel modules for your hardware got loaded during boot because they were listed explicitly as 'load these modules' in configuration files somewhere. You can still explicitly list modules this way (and you may need to for things like IPMI drivers), but most hardware driver modules aren't loaded like this any more. Instead they get loaded through udev, through what I believe is two mechanisms.
-
-
Programming/Development
-
The Register UK ☛ Agile is killing software innovation, says Moxie Marlinspike
Marlinspike opened the second day of Black Hat with a talk that was ostensibly supposed to be a fireside chat with Black Hat founder Jeff Moss, but the Signal founder stole the show with an opening chat laying out a case for reclaiming the "magic" of software development that's been lost after 20 years. That loss, he argued, was due to stuffing developers into "black box abstraction layers" that strip them of the freedom needed to be innovative.
-
Uwe Friedrichsen ☛ The long way towards resilience - Part 1
Which leads to the third question. Quite often, people are not actually interested in resilience if they talk about resilience (especially in the context of IT). There are several prototypical evolution steps companies go through on their journey towards resilience. However, depending on the task at hand, it may be perfectly fine to stop your journey at one of the interim steps. Of course, this is not actual resilience what they achieved in such a situation but it may be completely sufficient to solve their task.
This blog series is based on a presentation, I gave a few times (see, e.g., the J On the Beach 2024 recording). In its core, the post series follows the same storyline as the presentation. However, it dives deeper into the topic and (hopefully) fills the blanks, the presentation had to leave due to time and scope restrictions.
As all this would be way too long for a single blog post, I split it up in several posts: [...]
-
Daniel Fedorin ☛ Implementing and Verifying "Static Program Analysis" in Agda, Part 2: Combining Lattices
In the previous post, I wrote about how lattices arise when tracking, comparing and combining static information about programs. I then showed two simple lattices: the natural numbers, and the (parameterized) “above-below” lattice, which modified an arbitrary set with “bottom” and “top” elements (⊥ and ⊤ respectively). One instance of the “above-below” lattice was the sign lattice, which could be used to reason about the signs (positive, negative, or zero) of variables in a program.
At the end of that post, I introduced a source of complexity: the “full” lattices that we want to use for the program analysis aren’t signs or numbers, but maps of states and variables to lattice-based descriptions. The full lattice for sign analysis might something in the form:
Info≜ProgramStates→(Variables→Sign)
Thus, we have to compare and find least upper bounds (e.g.) of not just signs, but maps! Proving the various lattice laws for signs was not too challenging, but for for a two-level map like InfoInfo above, we’d need to do a lot more work. We need tools to build up such complicated lattices.
-
Daniel Fedorin ☛ Implementing and Verifying "Static Program Analysis" in Agda, Part 3: Lattices of Finite Height
The formalization I settled on is quite similar to the informal description: a lattice has a finite height of length hh if the longest chain of elements compared by (<)(<) is exactly hh. There’s only a slight complication: we allow for equivalent-but-not-equal elements in lattices. For instance, for a map lattice, we don’t care about the order of the keys: so long as two maps relate the same set of keys to the same respective values, we will consider them equal. This, however, is beyond the notion of Agda’s propositional equality (_≡_). Thus, we we need to generalize the definition of a chain to support equivalences. I parameterize the Chain module in my code by an equivalence relation, as well as the comparison relation R, which we will set to < for our chains. The equivalence relation _≈_ and the ordering relation R/< are expected to play together nicely (if a < b, and a is equivalent to c, then it should be the case that c < b).
-
Andrew Healey ☛ Generating Mazes — Andrew Healey
I've been reading about mazes and how to generate them. The type of mazes I'll be talking about are 2D grids of connected cells. They're perfect mazes (i.e. there is exactly one unique path between any two cells aka a uniform spanning tree). I'll refer to the connections between cells as edges. An edge can be created between a cell and any of its neighbors (up, right, left, down). When two cells don't share an edge, there is a wall between them. While generating a maze, if a cell isn't reachable, I'll render it dark.
-
Python
-
Juha-Matti Santala ☛ Rotating turn order with deque
A while back in the spring I was in a technical job interview where I was tasked to implement a Kimble game engine. While the idea didn’t unfortunately pop into my head during the interview, when I was revising my approach later, I realized that deque is a nice data structure for rotating turn order.
-
Juha-Matti Santala ☛ Debug with pdb and breakpoint
Python comes with good tools in its standard library for debugging software. Debugging is a topic very close to my heart. I have been writing and talking and workshopping about debugging for years. Last year, I gave a series of talks titled Debugging Python that I also wrote in blog form. I've also written debugging newsletter Syntax Error that you can check out if you want to learn more about debugging.
This blog post focuses on The Python Debugger that is part of the standard library.
-
-
-
Standards/Consortia
-
Cory Dransfeldt ☛ A feed for everything and everything in a feed
At the moment my site has 6 different feeds. 5 RSS feeds, an ICS feeds and JSON versions of the 5 RSS feeds. I was asked how they're put together and, well, it's a bit involved.
-
The Register UK ☛ ICANN approves use of .internal domain for your network
Picking a string dedicated exclusively to internal networks was the alternative. After years of consultation about whether it was a good idea – and which string should be selected – ICANN last week decided on .internal. Any future applications to register it as a global TLD won't be allowed.
-