Discover and read the best of Twitter Threads about #Meltdown
Most recents (18)
Today's Twitter threads (a Twitter thread).
Inside: The real scandal is overclassification; The Australian Chokepoint Capitalism Tour; and more!
Archived at: pluralistic.net/2023/01/30/i-c…
#Pluralistic 1/
Inside: The real scandal is overclassification; The Australian Chokepoint Capitalism Tour; and more!
Archived at: pluralistic.net/2023/01/30/i-c…
#Pluralistic 1/
The real scandal is overclassification: I'd explain it, but I'd have to kill you.
2/
2/
The Australian Chokepoint Capitalism Tour: Brisbane, Melbourne, Sydney and Canberra (twice!).
3/
3/
Here are 11 reasons why we should use #HyperDbg, the differences between HyperDbg and #WinDbg, and how HyperDbg will change our debugging/reversing journey.
A thread (24 tweets) 🧵:
A thread (24 tweets) 🧵:
1. !epthook/!epthook2: a.k.a hidden hooks, HyperDbg implements classic EPT hook (!epthook) combined with old detour methods (!epthook2). It's super fast and invisible! By looking at the memory, neither the operating system nor the application ever understands that /
there is a hook.
docs.hyperdbg.org/commands/exten…
docs.hyperdbg.org/commands/exten…
docs.hyperdbg.org/using-hyperdbg…
2. !monitor: HyperDbg simulates hardware debug registers but this time without any limitation in size and transparent from the operating system.
Imagine you can get notified about /
docs.hyperdbg.org/commands/exten…
docs.hyperdbg.org/commands/exten…
docs.hyperdbg.org/using-hyperdbg…
2. !monitor: HyperDbg simulates hardware debug registers but this time without any limitation in size and transparent from the operating system.
Imagine you can get notified about /
MELTDOWN: SENSACIONALISMO APOCALÍPTICO
En mayo de 2022, @netflix estrenó la serie documental #Meltdown («Accidente Nuclear») sobre el accidente de Three Mile Island (EEUU, 1979). En un HILO, realizado en colaboración con @jjnucleares, analizamos la veracidad de la serie.
En mayo de 2022, @netflix estrenó la serie documental #Meltdown («Accidente Nuclear») sobre el accidente de Three Mile Island (EEUU, 1979). En un HILO, realizado en colaboración con @jjnucleares, analizamos la veracidad de la serie.
EPISODIO 1
Una serie documental que pretende ser rigurosa explicando un accidente nuclear, debería mostrar la secuencia de eventos. En su lugar, #Meltdown se centra en el testimonio de personas que no estaban en la central y en referencias a una película anterior al accidente.
Una serie documental que pretende ser rigurosa explicando un accidente nuclear, debería mostrar la secuencia de eventos. En su lugar, #Meltdown se centra en el testimonio de personas que no estaban en la central y en referencias a una película anterior al accidente.
Repasemos primero los hechos tal y como ocurrieron y su relación con la película, «El síndrome de China», estrenada 12 días antes del accidente. La propia película y la mala gestión de la comunicación contribuyeron enormemente a la psicosis creada.
#Meltdown|s bei autistischen Kindern sind kein (!) Erziehungsfehler, sie sind keine Trotzreaktion und es ist auch keine Bockigkeit. Autistische Kinder setzten Meltdowns nicht ein, um ihrem Willen durchzusetzen. Man muss sie nicht ständig in Situationen bringen,
1/
1/
in denen sie lernen müssen, was auszuhalten, um sie dahingehend abzuhärten. Man muss sie also nicht ständig als erzieherische Maßnahme antriggern.
Meltdowns sind das Ergebnis von Reizüberflutung und Überforderung. Kinder brauchen dann Hilfe und keine Erwachsenen, 2/
Meltdowns sind das Ergebnis von Reizüberflutung und Überforderung. Kinder brauchen dann Hilfe und keine Erwachsenen, 2/
die sie zusätzlich stressen u. den Meltdown vielleicht sogar noch anheizen.
Rückzug, reizarme Umgebung, das Kind und ggf andere schützen, erreichbar sein, aber möglichst wenig reden u. anfassen.
Eltern brauchen Bestärkung u. keine Pädagog•innen, die sie belehren.3/3
#Autismus
Rückzug, reizarme Umgebung, das Kind und ggf andere schützen, erreichbar sein, aber möglichst wenig reden u. anfassen.
Eltern brauchen Bestärkung u. keine Pädagog•innen, die sie belehren.3/3
#Autismus
Beste zorgverleners,
Ik zie veel tweets en zelfs hele draadjes voorbij komen waarin de meest foute, kortzichtige, egoïstische en soms ronduit schandalige uitspraken worden gedaan over #vaccinaties door uw collega’s.
Ik ga daar niet rechtstreeks op reageren. (sorry @kobus5)
Ik zie veel tweets en zelfs hele draadjes voorbij komen waarin de meest foute, kortzichtige, egoïstische en soms ronduit schandalige uitspraken worden gedaan over #vaccinaties door uw collega’s.
Ik ga daar niet rechtstreeks op reageren. (sorry @kobus5)
Waarom niet?
Omdat ik mezelf daarin niet vertrouw. Ik ben eerder zo’n discussie aangegaan en mijn zelfbeheersing verloren. Dat leidt af van de discussie, en dat wil ik niet. (plus dat ik tegen de verkeerde uitviel, wil ik ook niet).
Omdat ik mezelf daarin niet vertrouw. Ik ben eerder zo’n discussie aangegaan en mijn zelfbeheersing verloren. Dat leidt af van de discussie, en dat wil ik niet. (plus dat ik tegen de verkeerde uitviel, wil ik ook niet).
Maar ik wil toch snel een paar punten te weerleggen. En u verzoeken er in uw discussies rekenschap mee te houden dat de mensen die u zo makkelijk aan de kant schuift (of hun geliefden) hier ook meelezen.
.@Adamprice is completely wrong about livestock pasture. It is, in almost all cases, a net carbon source, not a sink: fcrn.org.uk/sites/default/… #ClimateDebate
@Adamprice Hurray for Corbyn, promoting #rewilding!
@Adamprice Decarbonise all flights by 2040, @NicolaSturgeon?!! It's stupid, physically-impossible claims like this that create cynicism and confusion
THREAD: Body Language Analysis No. 4401 Nancy Pelosi's and Donald Trump's 'Meltdown Meeting' #DonaldTrump
#NancyPelosi #Meltdown #MeltdownMeeting #NancysPoint #BodyLanguage #BodyLanguageExpert #Nonverbal #EmotionalIntelligence
#NancyPelosi #Meltdown #MeltdownMeeting #NancysPoint #BodyLanguage #BodyLanguageExpert #Nonverbal #EmotionalIntelligence
1/ Earlier this week, a short, abbreviated analysis of this image was tweeted. What follows is a much more in-depth analysis of Donald Trump, Nancy Pelosi, and the others in the room.
2/ When a person has little or no empathy — and/or when they're far from their emotional baseline, their ability to interpret how others will view an event becomes dramatically distorted.
MORALE BOOST There is quite a bit of Remain despair on my timeline today… Don’t be down: the cabal is on the ropes, and we’re winning this. (short thread) #RuleOfLaw #JohnsonMustGo #JohnsonOut 😠✊🇪🇺🇪🇺🇪🇺🇪🇺🇪🇺
There is no room for complacency: we must focus and redouble the fight, but we’re now in the endgame of the disgraceful Johnson regime. They will try all the nasty tricks they can, but they are losing and they know it. #RuleOfLaw #JohnsonMustGo 🤓 🇪🇺🇪🇺🇪🇺
Consider: does a triumphant Prime Minister, in command of the agenda and masterfully executing his diabolical plans, have an angry meltdown in the voting lobby in Parliament..? 😃 #meltdown #JohnsonMustGo 🇪🇺
[THREAD sorry]
So @smealum's #defcon #buttplug talk is done.
Piecing together what I can from slides posted to Twitter since going to Defcon would requires leaving the house.
AFAIK, our software is not affected by this specific exploit chain.
Info and some thoughts follow.
So @smealum's #defcon #buttplug talk is done.
Piecing together what I can from slides posted to Twitter since going to Defcon would requires leaving the house.
AFAIK, our software is not affected by this specific exploit chain.
Info and some thoughts follow.
I will warn that this thread will be painfully technical.
If you're following me for intimate UI/UX contexts and don't wanna see a bunch of talk about OS API models and firmware and what not, feel free to mute this thread, I'll tag everything from here out with #meltbutt too.
If you're following me for intimate UI/UX contexts and don't wanna see a bunch of talk about OS API models and firmware and what not, feel free to mute this thread, I'll tag everything from here out with #meltbutt too.
Speculative Side-Channel Attacks is misleading terminology and usually used incorrectly. We should all avoid using it and @intel, you should avoid using it too. Not only because it is misleading, but because it hinders successful communication on mitigations.
Let me elaborate:
Let me elaborate:
A side-channel attack uses measurements of side effects to gather enough *meta data* (power consumption, runtime, cache state, etc) to *infer* secret information.
#meltdown #spectre #zombieload and related attacks and variants do not leak meta data. They leak the actual data.
#meltdown #spectre #zombieload and related attacks and variants do not leak meta data. They leak the actual data.
There is no need to infer secret information from meta data, there is no meta data involved. Hence, they are *no side-channel attacks*.
"But they use flush+reload". Sure, but that doesn't make the attack a side-channel attack. Let's assume the following:
"But they use flush+reload". Sure, but that doesn't make the attack a side-channel attack. Let's assume the following:
April is #AutismAwarenessMonth
Everyday, I would try to post something from our #autismjourney to spread #awareness #AutismAwareness #autismfamilies
Everyday, I would try to post something from our #autismjourney to spread #awareness #AutismAwareness #autismfamilies
How do you know if your child loves you/hates you, needs you/doesn’t care about you, is hungry/hurting etc? In #autism we usually guess the need of the child depending upon the intensity of the #meltdown or tantrum. #AutismAwareness #AutismAwarenessMonth #AutismFamilies @yaps9
Avani (my daughter) hadn’t started talking till 2 years of age. That got us worried and we were soon given the diagnosis that our child is on #autismspectrum Although she has speech, am still waiting for her to say ‘mumma’ minus any demand. #AutismAwareness #AutismAwarenessMonth
From what I understand, the latest #OpenBSD vs #Intel thing went a little bit like that:
- OpenBSD: Can we be a part of this rumored Intel bug embargo?
- Intel: No. Go away.
- OpenBSD: Can we be a part of this rumored Intel bug embargo?
- Intel: No. Go away.
- OpenBSD: dev do their homework, fix FPU bug, publish patch.
- Theo (at @BSDCan): we are worried, we don't have access to info. Please help us.
- Intel: publishes official advisory: intel.com/content/www/us…
- Theo (at @BSDCan): we are worried, we don't have access to info. Please help us.
- Intel: publishes official advisory: intel.com/content/www/us…
Now everybody and their dogs are going crazy over #OpenBSD developpers doing their jobs , correcting stuff and "violating"an embargo... That they were *never* a part of. Because Intel did not want them to receive information!
Thread time! Why can't they just quickly patch #meltdown or #spectre and push out another cpu? Why could it possibly take years? Why don't they use AGILE or x/y/z? Lots of reasons:
(note: my goal is not to criticize chip manufacturers - it's to defend the constraints they have)
(note: my goal is not to criticize chip manufacturers - it's to defend the constraints they have)
Let's start with a standard software product many are familiar with and work off that. First, every time you hit 'build' it's called a 'stepping', costs millions of dollars & takes several months. If you want a profitable product, you may only get 10 chances to press 'build'.
On top of that, half those 'builds' are not 'full layer steppings' meaning you can't change any logic gates, just how they're connected. Even with a full layer stepping you can't shuffle stuff around anywhere like you can with library files and whatnot.
Here's my layman's not-totally-accurate-but-gets-the-point-across story about how #meltdown & #spectre type attacks work:
Let's say you go to a library that has a 'special collection' you're not allowed access to, but you want to to read one of the books. 1/10
Let's say you go to a library that has a 'special collection' you're not allowed access to, but you want to to read one of the books. 1/10
You go in and go to the librarian and say "I'd like special book #1, and the Sue Grafton novel that corresponds to the first letter of page 1 of that book." 2/10
The librarian dutifully goes and gets special book #1, looks at page 1, sees 'C', and also grabs 'C is for Corpse', and comes back to the desk, but does not show you the books. 3/10
Here are a few insights on the #Meltdown and #Spectre vulnerabilities based on my recent @RANDCorporation research. /1 rand.org/pubs/research_…
First, this is yet another reminder that vulnerabilities can last a long time (our data showed vulnerabilities lasted 6.9 years before being publicly disclosed) and have a low chance of being discovered (5.7% per year). /2
Explainer on #Spectre & #Meltdown:
When a processor reaches a conditional branch in code (e.g. an 'if' clause), it tries to predict which branch will be taken before it actually knows the result. It executes that branch ahead of time - a feature called "speculative execution".
When a processor reaches a conditional branch in code (e.g. an 'if' clause), it tries to predict which branch will be taken before it actually knows the result. It executes that branch ahead of time - a feature called "speculative execution".
The idea is that if it gets the prediction right (which modern processors are quite good at) it'll already have executed the next bit of code by the time the actually-selected branch is known. If it gets it wrong, execution unwinds back and the correct branch is executed instead.
What makes the processor so good at branch prediction is that it stores details about previous branch operations, in what's called the Branch History Buffer (BHB). If a particular branch instruction took path A before, it'll probably take path A again, rather than path B.
Some of you might be hearing about #Spectre and #Meltdown today, which allow memory from other processes and the kernel itself to be read. They exploit CPU designs.
I'm still doing my reading, but a good place to start if you're technically inclined is spectreattack.com
I'm still doing my reading, but a good place to start if you're technically inclined is spectreattack.com
Spectre involves training the CPU to speculatively run invalid code in the victim's address space, and then using a side-channel (such as cache timings) to infer details about the victim's memory.
It affects at least AMD, Intel and ARM CPUs
The sample exploit reads 10KB/s.
It affects at least AMD, Intel and ARM CPUs
The sample exploit reads 10KB/s.
Spectre also includes sample code for breaking out of the JavaScript sandbox on chrome.
It's very, very clever.
It's very, very clever.
A huge hardware BUG hit all Intel CPU x86. A software patch for Linux is ready. We are testing it and will start to deploy it in the next hours.
Maximum tomorrow, a new kernel will be proposed for all customers VPS, PCI, Baremetal. We will upgrade all the images for Public Cloud, Private Cloud, VPS.
