3174 posts • joined 1 May 2015
Re: The justice system really has money to waste?
"anti-hate-crime laws don't need repealing, they just need to be applied with something which seems to be missing... Common sense."
That sounds like "unequal application of the law" to me. If a law is to be enforced, it's enforcement needs to be equal, blind to circumstance, and consistent.
Otherwise, it's "banana republic" time - you pissed off "dear leader" and so he'll actually ENFORCE THE LAW on YOU.
Wait a minute... this sounds familiar... something about 'executive orders'... recent history...
A guidance system could be an RPi with a 9-axis IMU and GPS module attached... and open source software to power it. Convenient for hobbyists, but that's what terrorists are doing, apparently, by repurposing hobby equipment as weapons of terror. I could cobble one together myself [and probably write the guidance control software for it]. I'm very familiar with IMUs and GPS because of a customer project I've been working on for a while, and it wouldn't take a "schmott guy" very long to figure out how to build something evil with the same tech. (yeah, 'Nize hat').
And the bombs were probably stolen or purchased via the black market.
Re: Talking to the Hand
"Using innocent, sensible phrases that mean something else entirely"
That's OLD SCHOOL! Key words and tricky phrases spoken over radio in the clear is one way that the French Underground communicated with the UK back in WW2 during the occupation.
Or, from the movie 'Hackers' - "It's where I put that thing that one time" (or something like that). Like anyone but an informed insider would know what it means.
Re: Face Palm
"Would someone please tell me why we keep putting Directors in the FBI that don't understand the most simple concept of encryption"
A _LOT_ of people over at the FBI, CIA, etc. are OBAKA HOLDOVERS. I think THAT guy is, too.
Now, if Jeff Sessions were making a big push for encryption back doors, I'd be a LOT more concerned. According to the EFF, from a 1 year old article, Jeff Sessions supports them. And the EFF alleges Trump does to, but I don't think that's the case - Trump doesn't speak in black/white ideas, he often voices his inner monologue and people over-react to it.
However, we have not heard ANYTHING since then, to my knowledge, until this one FBI deputy director made some noise, prompting the article.
Keep in mind that Trump is pro-gun and the arguments for strong encryption [protecting your bank accounts and private information] and gun ownership [protecting lives and property] are very much the SAME. Logic concludes that BOTH legal gun ownership AND legal strong encryption [without back doors] are necessary for individuals to be able to protect themselves from crime, AND from potentially oppressive governments. This is the intent of the 2nd ammendment, regardless of how anybody FEELS about it - it's about self defense against oppressive government as well as criminals.
That being said, I don't think Sessions is going to call for encryption back doors. I think he understands the political SUICIDE of doing so. And, I doubt Trump would EVER sign such legislation, for the same reasons. We the people will, of course, keep our eyes on things, because gummints really can NOT be trusted.
Oh, and thanks in advance for the expected downvotes, the usual penalty for stating the truth without the "pretty please with sugar on top" i.e. "no lubrication required"
Re: Money Talks...
"if enough campaign contributors want a backdoor the US politicians will give the FBI a backdoor."
Then open source developers from outside the USA [and perhaps a bunch from WITHIN, using anonymizing networks] would write their own encryption stuff that prevents back-dooring, and now you have "dark net" encryption being used WITHOUT a back door, but only by those with the tech savvy to do so.
In addition, the banking industry and privacy advocates would form an unholy alliance to put a stop to it via a continuous stream of lawsuits.
Consider the history of the DeCSS library for DVD players. That's a good, recent example of what would happen with encryption technology. There will be PLENTY of script-kiddie-friendly utilities available on the dark web. And NONE for the rest of us.
I know politicians are complete idiots but even THEY could realize the obvious in this situation. Just compare it to Marijuana and half of them would "get it".
"The holy trinity of excuses to take peoples privacy"
it's always like that. see icon. (you're welcome, AC, you couldn't assign the proper icon)
Re: get stuffed FBI
"And when criminals also figure out the back door"
that's always the only SANE conclusion anyone can come up with.
Not only that, but THE CRIMINALS will ALWAYS have their:
a) illegal encryption
b) illegal servers
c) illegal weapons
d) illegal whatever
because they, by definition, do NOT obey the laws that regular people are forced to live under.
Back door effect on fightingcrime: ***Z E R O ***
Back door effect on personal security: *** H U G E ***
say buh-bye to intarweb commerce if a back door evar becomes mandatory. That's like a universal skeleton key to every lock.
Re: This will go off-topic, sorry...
To whom it may concern.
I am most certainly fed up with the people being fed up with others being fed up with being fed up, and I am seriously concerned about this line of commentary.
Signed: B F Problems, Major (U.S. Army, retired)
[need 'Python' icon]
Re: Well there are also missing dBase and Paradox
and Clipper. can't forget Clipper!
and I once saw this pile of garbage called "nutshell" back in the diskette+IBM XT days - it was SO slow, I think a C64 attempting to run Oracle in a VM would be faster...
" Pretty much everyone uses MS SQL in enterprise greenfield sites these days"
*choke* - what? my keyboard! (dammit, grab paper towel and start wiping)
You didn't read in the article where MySQL was #1, did you? (or the linked-to page with "last year's results")
I would normally expect PGSQL to do better than Micro-shaft SQL Server [which I refuse to call "sequel" because it's not a sequel to anything] in that survey from last year, but there seemed to be a dis-representative number of "C-pound" and Java SCRIPT "programmers" that took the survey (see the 'languages' part). And having a dis-representative sample gives you skewed results.
Compare this to the TIOBE index, where C-pound reportedly gets ~2/3 of what C++ gets (3.75% vs 5.60% in the latest) and C leads Java SCRIPT by 11.3% to 3.5%, you can see that they have an INaccurate representation of programmers in general on their survey.
Being that I'd expect SQL Server users to use C-pound and Java SCRIPT more than C, C++, and "regular Java", I think SQL Server's "favorable" position compared to PG and SQLite (and maybe even Oracle) is suspect at best, grossly inaccurate at worst.
Still it's a nice survey of "people willing to take a survey that also read slashdot"
And it _IS_ significant that they left 'Oracle' off of the list on this year's survey.
'completely do away with the old-style Control Panel'
how about "completely do away with the 'the Metro' settings" instead?
too late to edit, I just realized I didn't express myself very well...
They're obviously tracking what you do ON YOUR COMPUTER with an ONLINE DATABASE, otherwise it wouldn't be "across devices". In other words, it's integrated spyware, with YOUR ACTIVITY HISTORY being stored someplace that YOU do not have control over, so that "who knows" can go rifling through it looking for 'whatever' that might hurt you or be used against you at some point, even if it's merely for ADVERTISING to you (I don't care, might as well be Mueller fishing for whatever he can find).
That's what I meant to say. yeah, black helicopters for the spying, and also big brother for the new icon choice.
"I have a crafty way for Microsoft to increase W10's market share by at least 10% in under a month - Include the option of a classic Start menu"
actually, if they ALSO included the option for a 3D skeuomorphic interface, turning off the forced updates, and turning off the ads and tracking, *THAT* would *WORK*!!!
"And also because the market is shrinking as people move of desktop for good"
NO. WRONG. NO, NO, NO! People are *NOT* "moving off of the desktop". People are simply *NOT* *UPGRADING* *THEIR* *DESKTOP* *AND* *NOTEBOOK* *COMPUTERS* in significant enough volume as compared to 10 years ago. This is due to SO many factors, with an end to 'Moore's Law" driving 30% improvements every year. In other words, your 10 year old machine running Windows 7 or Vista is "Good enough" so with a new hard drive or some extra RAM, you're doing just fine with the old box, and EVEN BETTER in many ways because it is _NOT_ Win-10-nic!!!
Market measurements ONLY look at NEW SALES. They don't look at EXISTING INSTALLS.
When people buy slabs and phones, they do NOT replace their DESKTOP machines with them. This was the BIGGEST MARKETING BLUNDER that Micro-shaft made when they went with Windows "Ape" and that major cluster-blank "the Metro" interface, and THEN went with their "one windows" strategy and Win-10-nic [even worse than before].
Micro-shaft is WRONG about the market. Plain and simple. And that's why Win-10-nic is FAILING. When Win "Ape" and WIndows 7 machines were next to one another on the display shelf, guess which one was selling? You got it, Windows 7. Micro-shaft doesn't LIKE us rejecting their "shove it up our rectum" operating system, and so they SHUT DOWN ALL OTHER ALTERNATIVES. Now it's "take Win-10-nic or we shove it up your ass" for a new computer. Nobody likes having computers and operating systems shoved up their ass. A lot of people just tolerate it, or don't care enough. Maybe they like it who knows. Whatever tips their trigger.
At any rate, if Win-10-nic were so popular, then WHY! MUST! MICRO-SHAFT! ADVERTISE! IT! ???
"The main reason that it is gaining ground is that you can't buy a new consumer computer without the win10 crap on it."
and the 2nd reason is that it's getting difficult to locate a version of Win 7 that is legal to use...
/me wonders if a Meltdown/Spectre fix for Win 7 will _EVER_ be released... thus forcing everyone into Win-10-nic
Re: It's an OS not an Ecosystem
if it's an "ecosystem", then my privacy has become an ENDANGERED SPECIES
Re: "sending activity history to Microsoft's servers"
42th upvote. you're welcome
trying failing so hard, Microsoft."
fixed it for ya. you're welcome.
obviously they're tracking what you do ONLINE, otherwise it wouldn't be "across devices"
Re: Who didn't see this coming?
"For only $99/year we can keep your PC uptodate."
Linspire tried that, and it failed. but it was nice, for a while, being able to purchase inexpensive PCs with Linspire pre-loaded. [then I would put Debian on them]
Re: Who didn't see this coming?
"I wonder how long it'll be before there's a monthly subscription charge"
'Not Soon Enough' as far as Micro-shaft is concerned
Re: and not based on their individual merits?
You'd think he'd be able to find a job based on his "merits"
well, not having seen the guy's resume, who knows. I'd suggest that he leave silly valley and go to Texas. Silly Valley has probably labeled him "troublemaker", and there's no casting couch big/wide enough for him to get his 'favor' back. OK that last part was kinda, bad. coat, please.
Re: I am confused
well, NO discrimination is the best idea, but if you do THAT, and the hiring environment is basically what Damore said it is [mostly white men applying], then you're gonna get sued, regardless, because, lawyers and insane people who can't simply ACCEPT that they don't discriminate [until they HAVE to discriminate, because,REVERSE discrimination, which is PROBABLY true in this case, out of self preservation].
That being said...
If employees could be discriminated against for their POLITICS, they should just shut the hell up about it when at work. After all, business is business, and politics is politics. Happy customers/employers keep you employed and are more likely to give you raises.
And then as long as "the workplace" doesn't use what you say on line ON YOUR OWN TIME [assuming it disagrees with them\ and you're not violating any laws or revealing trade secrets, if they were to discriminate against you BECAUSE of your 'after work' politics, they'd be "sue-able" I'm pretty certain. And the lawsuit would be completely justified.
Anyway, my $.10 . It's not so bad being a techno-whore. If the guy with the money that hires me is a total lefty, I'll just say "yes, sir" and shut the hell up if he says something "left-ish". He's paying the bills, after all.
So - did Damore possibly INVITE the discrimination from past behavior? Just curious...
Re: They have a case?
'This is sort of like the dotcom era patents that were basically "X, but on the web" and more recently "X, but on a phone".'
Next might be "X but IN! SPACE!!!"
getting coat, now...
Re: WD firmware version
'Goodbye "cloud" I'm done with you.'
Sadly that may be the only alternative...
Still, it would seem to me that *maybe* an 'Open NAS' or equivalent might work on those drives...
(has anyone tried to load it?)
If another OS _can_ be loaded on those devices, maybe THAT is the fix?
it's the 21st century and they're still...
and they're STILL hard-coding back doors into their stuff, EVEN THOUGH it has been proven time, and time, and time, and time, and time ... again that DOING! THAT! IS! BONEHEADED! STUPID!!!
Anybody got a CLUEBAT for these idiots?
There may have once been a reason for this, for vertical market systems NOT on the internet, so you could go to a customer site and un-brick "whatever they did to it". Since the 90's, that has become *INCREDIBLY* *STUPID* to do. A physical reset button with a 'password reset' command of some kind would be a better idea, but NOOooo they had to do a BACK DOOR with a HARD CODED USER/PASS combo.
Nice. Job. Not!!!
putting a fueling station into orbit
something that a "super-heavy" might be really good for...
if travelling to Mars or the moon becomes more common, it's a fair bet that ships (yes ships) would want to refuel in low earth orbit, and how do you get the fuel "up there"? With super-heavy boosters!
Also components for building a REAL space station, like the one we see in the 2001 movie, would requier "super heavy" boosters.
Note I'm suggesting a Falcon Super-Heavy here because 70 tons is kinda small when it comes to things like fuel and water+supplies for space hotels and interplanetary travel.
Q: how many additional boosters can you strap onto a Falcon Heavy before it can't handle the load?
A: let's find out! [but first, get the Heavy off of the ground, and launch something more useful than a car]
EFF appearance of impropriety
Considering what the article said about the EFF, I have to wonder if the appearance of impropriety, i.e. taking money from Google (and maybe Facebook), and then declaring that there are no privacy violations with either of these [both known to hoover up our information and track us], even though it's always "opt out" and never "opt in". And in some cases I suspect there _IS_ no 'opt out'. Youtube is apparently NOT complying with privacy settings when you select "do not track", as one example, so when I look at embedded youtube on a web page, I often see a 'privacy settings' warning [I didn't want autoplay videos anyway, so it's just as well].
The message I typically see looks like this (in lieu of the embedded video):
"This embedded content is from a site (www.youtube.com, flickr.com, etc) that does not comply with the Do Not Track (DNT) setting now enabled on your browser." And there is a button to view the embedded content.
(this was on a site that apparently serves up that particular warning if it detects you selected "do not track" options in the browser)
OK, so _HOW_ can Google (owner of youtube) get any kind of FAVORABLE acclaim from EFF regarding privacy, when they (allegedly) do NOT comply with the 'do not track' policy you select in the browser???
Or, the site that serves up that particular warning ought to stop misleading people... assuming they're NOT correct (and I suspect they _ARE_ correct).
Methinks there is a foul smell in the air, and it's not a good one for privacy for the individual.
I like a lot of what the EFF does and stands for. Some of it irritates me. If sending them money could sway their position on a few things, then I might consider it, if I _HAD_ that kind of money, at any rate...
Re: "They also tend to swallow Micro-shaft's coolaid, i.e. ".Not" "C-pound" and "UWP"."
"Actually, they don't - some small shop do, but big ones don't - and that's always been a thorn in MS side."
I would *REALLY* *LIKE* to see more evidence of that (what YOU said), because it's what I _WANT_ to hear, but I have been hearing nothing but the MS coolaid mantra for so long that maybe my perception of this situation is off... because the perception Micro-shaft wants people to have is that it "everyone" is doing it Micro-shaft's way [whatever that might be this month] and as such, if you're not on the SAME bandwagon, you're an old, stick-in-the-mud, obstructionist dinosaur that should have gone extinct already.
Re: lack of good tools for GUI development
"The Visual Studio debugger is light years ahead of GDB in every way possible. And has been for decades."
not really. gdb was intended to have a wrapper around it, as I understand. It's a lot like the old codeview application, but simpler. Also similar to the way kernel debugging works, for those of us who've done that.
DevStudio's debugging interface isn't any better than 'ddd' as far as I am concerned. In fact, I think it's HARDER to use DevStudio nowadays (compared to '98 which was probably the BEST version for people who like to type and not mousie-clickie every damn thing), with the way the hotkeys and toolbars and displayed source files have been screwed all to hell (as far as I can tell, anyway). It was MUCH easier (and saner) in "the old days".
If you've ever used 'ddd' (a GUI wrapper around gdb) you'll see an example of GUI integration around gdb, which is as good as anything else as far as I'm concerned.
Where 'ddd' falls apart is when you set a breakpoint during event handling from X11 from within the SAME desktop as the process being debugged. Basically there's a lock on the X server so everything freezes up due to the 'deadlock'.
So, there are 2 basic solutions to that: a) use a separate desktop (which I already do) for the debugging session, and b) fix the interface (i.e. re-write your own gdb wrapper) so that it unlocks the X server across debug breakpoints. Managing the 2nd option may require some clever hacking. But I intend to give it a good try anyway.
The X11 library has a locking mechanism for multiple threads accessing the X server, mainly XLockDisplay() and XUnlockDisplay() (if you initialize it for threaded behavior; I keep the events in the main thread to avoid problems). Additionally, you can lock/unlock the server itself via XLockServer and XUnlockServer (you sometimes need to do this with certain operations, like mouse-dragging). These may be implicit with certain kinds of X11 library calls and event handling itself. So if I spend some time digging through the X11 library I bet I'll find something _like_ this being used during event processing, locking the X server (or the library) for concurrency reasons. I would then intercept that when I hit a breakpoint, shut it off while in the debugger GUI, and re-do the state prior to returning to the program.
So yeah once that's solved, everything's good again, you can debug in X11 and Micro-shaft can keep their bloatware developer studio and any incarnations they attempt to make runnable on Linux.
[and I doubt Wayland would "fix" anything, either - it would probably make things WORSE]
Re: Drinking the Koolaid?
"when those behind it take weird decisions, such as removing menu icons and mnemonics"
Ack. I concluded that the gnome 3 dev team is a closed "in a bubble world" set of millenial-minded "developers" that fall into the following traps:
a) they like the 2D FLATSO because THEY *FEEL* it is "cool" or something...
b) they "feel" they know better than YOU do how to use YOUR computer
c) they are 4-inchers - i.e. they do MOST things on a 4" screen
d) they lack the experience that resulted in the original 'WIMP' solution (like using DOS systems for years).
e) they INSIST on FORCING people to use THEIR way [i.e. they're ARROGANT ELITISTS]
only a very young person would even DARE to use 'soft color on white' for a user interface, because "pretty much" everyone over 35 needs glasses to even SEE that, let alone the low contrast color-only distinction. Keep in mind that rods are more common than cones in the retina, but rods respond to luminocity, and cones to color, so people over 35 generally need some pretty THICK glasses to read text that is light blue on white... and only a CHILDISH IDIOT would _INSIST_ on that in the FIRST place! Right 'Australis' inventors? Right, Chrome "developers"? Right, Micro-shaft?
Gnome 3's devs are WAY too much like the arrogant idiots (that horked up Win-10-nic) over at Micro-shaft, for this very reason. WAY too many similarities.
It's why Mate forked, why Devuan exists, and why there is so much OUTRAGE every time you mention gnome 3, systemd, or wayland.
Re: Adobe Creative Suite on Linux...
"QT as the GUI framework then?"
works for me! then, it would be totally cross-platform. and commercially supported.
"It's because they don't know any better?"
more like, commercial software vendors don't know any better [and do not produce Linux versions]. They also tend to swallow Micro-shaft's coolaid, i.e. ".Not" "C-pound" and "UWP"...
collective wisdom in the decision-making positions seems to be lacking, yeah.
lack of good tools for GUI development
I've been working (for years) on a decent tool for GUI development with X11. If I could get paid for it I'd have it done by end of 2018...
(the intent is to have a Win32 layer so the same code builds/runs on both windows AND with native X11 libs).
My main motivation for NOT using GTK is the way it handles dialog boxes and edit windows. I don't like it. Instead I'm doing something that uses native X11 calls. The edit window is about half-working, the clipboard works properly, most of the dialog box features work, but it lacks completion of the edit window [including a working undo buffer], some dialog box features, a dialog box graphical layout editor, property sheets for configuring the application, a refactor tool, integrated gdb debugging, something to work around X11 server lockup if you break in the middle of an X11 call, and the "wizards".
yeah a lot left to do, but I could STILL do a basic dialog box application with it right now...
the intent is to make it work like devstudio, without the crappy/irritating interface - more focused on typists and power users instead of VB "programmers".
Re: Example in today's news: Unimpressed by Gnome
THAT explains it! @#$$%(*#@$&* WAYLAND!!! (that thing needs to *DIE* by being *MURDERED* *TO* *DEATH* and *BURNED* *WITH* *FIRE*)
Wayland: NUKE IT 'TILL IT GLOWS, then SHOOT! IT! IN! THE! DARK!!! (and buried under tons of concrete in a grave next to systemd)
Re: Unimpressed by Gnome
ACK on the influence by Gnome 3 "developers" on Mate. I have trouble running certain mate applications (like pluma, for one) when I do the following:
su - differentuser
it gripes like hell at me and won't load the settings properly. same with Atril.
Additionally, if I'm running a fluxbox desktop via tiger VNC (so I can user vncviewer and debug X11 applications from within a GUI without the server hanging) and I run 'mate-terminal' I can't save the settings, nor can I run it without the "--disable-factory" paremeter [or it crashes]. this is on FreeBSD by the way, and this USED to work PERFECTLY a couple of years ago with gnome 2 and so I have to ask, W.T.F.? dd the Mate devs _DO_ to make *THIS* a problem, now? I suggest they followed _SOMETHING_ _CRAPPY_ that the Gnome 3 "developers" did, probably with gsettings or systemd or both.
Re: Example in today's news: Unimpressed by Gnome
"GNOME 3.28 Removes Option to Put Icons on the Desktop"
Then *WHY* *HAVE* *A* *DESKTOP* if you can't put icons on it? What ARE you going to put on it, *ADS*???
Re: So, 2018 will be the year of the Linux desktop because of Gnome?
ACK - the button-icon-menu (think 'Unity' yeah) interface that 'droid is famous for works very well on phones and devices (like slabs) without keyboards. Once you have a mouse and keyboard, it *STINKS*.
Apple has OS/X _and_ iOS with different interfaces that make sense for the use case. "Everybody Else" (Especially Micro-shaft) needs to STOP IT with the "one interface" crap.
If 'droid had a MATE-LIKE interface on the desktop, though, I'd be VERY happy with it! That assumes it's not 2D FLATSO. 2D FLATSO is a _major_ DEAL BREAKER with me. But Google has a history of that with Chrome. So I doubt their internal culture of arrogance would excrete ANYTHING ELSE...
Unity would be a "poor win 8.0 clone"
(or maybe the other way around? I think Unity came first...)
"This piece sound like a panegyric to Gnome"
right, and I was thinking about Mate (and why I use Mate instead of Gnome 3) while reading it...
Cinnamon seems to have the best "windows-like" appearance, and Mate the best overall [my $.10 worth]. Gnome 3 is what the millenial "shove it up your rectum" types *FEEL* we should have. Same *kinds* of people seem to drive Firef*x Australis and Chrome's UI.
nevermind "the rest of us" particularly power users...
"The floor of the Senate"
"The floor of the Senate" (and/or the House of Representatives) is where all of this should have been decided in the FIRST place.
Having an executive branch LEGISLATE is JUST WRONG. That's effectively what 'net neutrality' was when Obaka's administration's FCC people tried it.
Bureaucracies are supposed to IMPLEMENT and ENFORCE, not legislate.
If the Senate and H.R. pass net neutrality, and Trump signs it, it will become law.
If they do not pass it, it SHOULD NOT BE IMPLEMENTED by the F.C.C. or any OTHER agency (thus circumventing the legislature).
That's how "separation of powers" are SUPPOSED to work. it's why I'm glad Pai SCRAPPED it.
windows forced-update blues
to the tune of "I Dream of Jeannie"
Here comes another... Blue Screen
Looks like another... Blue Screen
Windows forced-update blues!
Nice! Job! There! Micro-shaft!
a quick google search shows that there are 3.5Ghz 64-bit quad core Athlons out there... not exactly 90's tech.
Re: Data breeches
(voice of Samuel L. Jackson) "Honey? WHERE is my CYBER SUIT?"
Re: We have only ourselves to blame
blame the victims. nice. job.
Re: OK, I'll bite
"Get security at the cost of performance by properly flushing the pipelines between task switches."
I would think this should be done within the silicon whenever you switch 'rings'. If not the OS should most definitely do this. Does the instruction pipeline (within the silicon) stop executing properly when you switch rings, like when servicing an ISR? If not, it may be part of the Meltdown problem as well, that is the CPU generating an interrupt, which is serviced AFTER part of the pipeline executes. So reading memory generates a trigger for an ISR, but other instructions execute 'out of order' before actually servicing the ISR...
I guess these are the kinds of architecture questions that need to be asked by Intel (and others), what the safest way is to do a state change within the silicon, and how to preserve (or re-start) that state without impacting anything more than re-executing a few instructions...
So I'm guessing that this would need to happen:
a) pipeline has 'tentative' register values being stored/used by out-of-order instructions, branch predictions, etc.
b) interrupt happens, including software interrupts (executing software interrupts should happen 'in order' in my opinion, but I don't know what the silicon actually does)
c) ring switch from ISR flushes all of the 'tentative' register values, as if those instructions never executed
If that's already happening, and the spectre vulnerabilities can STILL leverage reading memory across process and kernel boundaries, then I'm confused as to how it could be mitigated at ALL...
the whole idea of instruction pipelining and branch prediction was to make it such that the software "shouldn't care" whether it exists or not. THAT also removes blame from the OS, really. But that also doesn't mean that the OS devs should sit by and let it happen [so a re-architecture is in order].
But I wouldn't blame the OS makers at all. What we were told, early on, is that this would speed up the processors WITHOUT having to re-write software. THAT was "the promise" that was broken.
Re: OK, I'll bite
"OS developers decided to begin with that it was worth the risk to gain extra performance by not flushing the pipeline."
read: they used CPU features as-documented to avoid unnecessary bottlenecks
The problem is NOT the OS. It's the CPU not functioning as documented, i.e. NOT accessing memory in which the page table says "do not access it", even if it does so only briefly. The fact that a side-channel method of detecting this successful access exists does not preclude the somewhat lazy method in which Intel's code checks the access flags when out-of-order execution is happening. Security checks should never have been done after the fact, and yet they were.
(my point focuses mostly on meltdown; branch prediction is another animal entirely)
In short, Intel's benchmarks could have been *slightly* faster (compared to AMD, which apparently doesn't have THAT bug) because they delayed the effect of security checking just a *little* bit too long...
fixing that in microcode may not even be possible without the CPU itself slowing down. If AMD's solution was to have more silicon involved with caching page tables so that the out-of-order pipeline's memory access would throw an exception at the proper time, then Intel may have to do some major re-design.
So you could argue that NOT doing these security checks "at the proper time" within the out-of-order execution pipeline may have given Intel a competitive advantage by making their CPUs just 'faster' enough to allow the benchmarks to show them as "faster than AMD".
And it's NOT the fault of OS makers, not even a little. They were proceding on the basis that the documentation represented what the silicon was really doing. And I bet that only a FEW people at Intel knew that the security checks on memory access were being 'delayed' a bit (to speed things up?).
It's sort of like only a FEW people at VW knew that their 'clean diesel' tech relied on fudging the smog checks by detecting that the car was hooked up to a machine and running a smog check, and thus alter the engine performance accordingly so it would pass. THAT gave VW competitive advantage over other car makers. Same basic idea, as I see it.
Re: BIOS updates? What BIOS updates?
"What happened to BIOS initializing enough hardware to load the boot block and then handing everything else off to the OS"
Micro-shaft and DMCA and gummints - OH MY!
I'm happy to see things like "secure boot" and "management engines" and whatnot blowing up in the faces of the designers. Maybe it will *FORCE* them to adopt "the simple solution" instead...
"Known as the Sieve of Eratosthenes."
thanks, I obviously hadn't heard of that one.
Smells of proper scientific research to me
agreed. You sir, deserve a beer, AND upvote number 42!