HackerTrans
トップ新着トレンドコメント過去質問紹介求人

Bulat_Ziganshin

no profile record

コメント

Bulat_Ziganshin
·先月·議論
No, but LPDDR means soldered, there are no LPDDR dimms
Bulat_Ziganshin
·先月·議論
They didn't say that Mediatek made the cpu sores. Grace is NVidia's own cpu arm cores. I bet that Mediatek made other parts of SoC necessary for a notebook
Bulat_Ziganshin
·先月·議論
I think that Nvidia made GPU and CPU, and Mediatek made other parts of SoC necessary for a notebook. Grace is Nvidia's own CPU ARM core
Bulat_Ziganshin
·7 か月前·議論
They compare HGEMM implementations. At least CUBLAS has HGEMM functions.

HGEMM means half-precision (i.e. FP16) general matrix multiplication
Bulat_Ziganshin
·2 年前·議論
my understanding is that any Debian/RPM-based Linux running sshd would become vulnerable in a year or two. The best equivalent of this exploit is the One Ring.

So the really strange thing is why they put so little effort into making this undetectable. All they needed was to make it use less time to check each login attempt.
Bulat_Ziganshin
·2 年前·議論
Collin worked on XZ and its predecessor ~15 years. It seems that he did that for free, at least in recent times. Anyone will lose motivation to work for free over this period of time.

At the same time, XZ became a cornerstone of major Linxus distributions, being systemd dependency and loaded, in particular, as part of sshd. What could go wrong?

In hindsight, the commercial idea of Red Hat, utilizing the free work of thousands of developers working "just for fun", turned out to be not so brilliant.
Bulat_Ziganshin
·2 年前·議論
many people are patriots of their countries. if state agency would approach them proposing to have paid OSS work and help their country to fight terrorism/dictatorships/capitalists/whatever-they-believe, they will feel like killing two birds with one job
Bulat_Ziganshin
·2 年前·議論
if I got it right, the attack uses glibc IFUNC mechanism to patch sshd (and only sshd) to directly run some code in liblzma when sshd verifies logins.

so the problem is IFUNC mechanism, which has its valid uses but can be EASILY misused for any sort of attacks
Bulat_Ziganshin
·2 年前·議論
because in order to put backdoor into xz executable, you need to infect its sources. and in order to infect the sources, you need to use a similar technique to hide the modification
Bulat_Ziganshin
·2 年前·議論
i think it's American trauma. outside of the Western hemisphere, sexist and racist jokes are just jokes
Bulat_Ziganshin
·2 年前·議論
xz is a data compression tool, so it's natural to have compressed files for (de)compression tests.

these files are also useful to check that the library we just built works correctly. but they aren't necessary for installation.

we may have more sophisticated procedures that will allow us to use some parts of distribution only for tests. This may significantly reduce an attack vector - many projects have huge, sophisticated testing infrastructure where you can hide the entire Wikipedia.