HackerTrans
TopNewTrendsCommentsPastAskShowJobs

Bulat_Ziganshin

no profile record

comments

Bulat_Ziganshin
·bulan lalu·discuss
No, but LPDDR means soldered, there are no LPDDR dimms
Bulat_Ziganshin
·bulan lalu·discuss
They didn't say that Mediatek made the cpu sores. Grace is NVidia's own cpu arm cores. I bet that Mediatek made other parts of SoC necessary for a notebook
Bulat_Ziganshin
·bulan lalu·discuss
I think that Nvidia made GPU and CPU, and Mediatek made other parts of SoC necessary for a notebook. Grace is Nvidia's own CPU ARM core
Bulat_Ziganshin
·7 bulan yang lalu·discuss
They compare HGEMM implementations. At least CUBLAS has HGEMM functions.

HGEMM means half-precision (i.e. FP16) general matrix multiplication
Bulat_Ziganshin
·2 tahun yang lalu·discuss
my understanding is that any Debian/RPM-based Linux running sshd would become vulnerable in a year or two. The best equivalent of this exploit is the One Ring.

So the really strange thing is why they put so little effort into making this undetectable. All they needed was to make it use less time to check each login attempt.
Bulat_Ziganshin
·2 tahun yang lalu·discuss
Collin worked on XZ and its predecessor ~15 years. It seems that he did that for free, at least in recent times. Anyone will lose motivation to work for free over this period of time.

At the same time, XZ became a cornerstone of major Linxus distributions, being systemd dependency and loaded, in particular, as part of sshd. What could go wrong?

In hindsight, the commercial idea of Red Hat, utilizing the free work of thousands of developers working "just for fun", turned out to be not so brilliant.
Bulat_Ziganshin
·2 tahun yang lalu·discuss
many people are patriots of their countries. if state agency would approach them proposing to have paid OSS work and help their country to fight terrorism/dictatorships/capitalists/whatever-they-believe, they will feel like killing two birds with one job
Bulat_Ziganshin
·2 tahun yang lalu·discuss
if I got it right, the attack uses glibc IFUNC mechanism to patch sshd (and only sshd) to directly run some code in liblzma when sshd verifies logins.

so the problem is IFUNC mechanism, which has its valid uses but can be EASILY misused for any sort of attacks
Bulat_Ziganshin
·2 tahun yang lalu·discuss
because in order to put backdoor into xz executable, you need to infect its sources. and in order to infect the sources, you need to use a similar technique to hide the modification
Bulat_Ziganshin
·2 tahun yang lalu·discuss
i think it's American trauma. outside of the Western hemisphere, sexist and racist jokes are just jokes
Bulat_Ziganshin
·2 tahun yang lalu·discuss
xz is a data compression tool, so it's natural to have compressed files for (de)compression tests.

these files are also useful to check that the library we just built works correctly. but they aren't necessary for installation.

we may have more sophisticated procedures that will allow us to use some parts of distribution only for tests. This may significantly reduce an attack vector - many projects have huge, sophisticated testing infrastructure where you can hide the entire Wikipedia.