There's another way to explain the UB: IIRC, any value when stored to a _Bool is supposed to be converted to 0 or 1. The memset() bypasses this rule, boom.
I'm not an expert, but roughly know the numbers. Usually with password-based key derivation, one would increase resource needs (processor time, memory demand) to counter brute forcing. Not an option for a human brain, I guess.
So the key would have to be longer. And random or a lot longer. Over 80 random bits is generally a good idea. That's roughly 24 decimal digits (random!). I guess about 16 alphanumerical characters would do to, again random. Or a very long passphrase.
So either remember long, random strings or doing a lot more math. I think it's doable but really not convenient.
I'm confused, is it bare metal or is it an EFI application? (bare metal used to mean that something can run without services, like those that UEFI provides)
Tested with WebKit and Gecko. Apparently the position gets fixed up at runtime if JavaScript is enabled. But why have dynamic elements with CSS if you need JavaScript to fix it?
This, having the whole physical memory mapped all the time, reminds me of a another issue that was exploitable in KVM hypervisors [1]. I wonder what is the reason to have it all mapped? Not everybody seems to do it.
Hmmm, it's pretty clear but why the reminder? I read the article hoping to find some enlightenment, something that we can actually do (better) with this information in mind. But I still miss it. Does anybody know?
I got to know UNIX (or rather Linux) about 12 years later. And TBH, I wasn't very impressed. I was like "oh, you have to do all that on the console". That's how green I was :D But then it caught me, and about a month later it was more "WOW, you can really do everything on the conole!"
What eventually helped me to really get into things was Linux From Scratch. If anyone wants to learn how a modern system works under the hood, and like those guys in the article know the very basic, minimal things that keep a system running, I can recommend it very much: https://linuxfromscratch.org/
If you are looking for an open-source compiler, many distros (e.g. Archlinux, Debian and derivatives) bootstrap a full GCC (GNU compiler collection). Sometimes you have to install a particular packet, e.g. `gnat` or `gcc-ada`. There's also a language-specific packet tool `alire` that seems to aim to be somewhat like cargo. It can also install toolchains, IIRC.
Thanks! would be interesting to know how this is in other countries.
I don't think an implementation has to be about copyright infringement by the training itself, though. Like you say, it can also be about materials produced. And my question is really if people would like it, not how feasible it is to implement.
Notice how they say "quantum advantage" not "supremacy" and "a (big) step toward real-world applications". So actually just another step as always. And I'm left to doubt if the classic algorithm used for comparison was properly optimised.