Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
LaurieWired Profile picture
@lauriewired
Nov 4, 2024 4 tweets 2 min read Read on X
Linux has a new(ish) syscall you should know about.

mseal ("memory sealing") locks memory regions against modification. Many shellcode techniques are blocked since executable permissions can’t be added to sealed memory.

Here’s how it works: Image
mseal adds a VM_SEALED flag to memory regions, stopping attackers from using syscalls like mprotect and munmap to alter permissions or remap memory.

This hardens against common exploits by ensuring protected memory stays intact during runtime. Image
The syscall proved...controversial.

(read the linux mailing list on the subject, it's a doozy)

Linus criticized mseal's implementation as “nonsensical” for its inconsistent application of sealing rules across memory operations. Thankfully, they eventually came to a consensus. Image
mseal is now available in kernel 6.10+

To use it, apps need to seal sensitive memory regions via direct syscall invocation.

It's not an automatic process, but it's an interesting new tool that I hope to see more of, especially in highly targeted applications like web browsers Image

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with LaurieWired

LaurieWired Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @lauriewired

LaurieWired Profile picture
Feb 13
CPUs are getting worse.

We’ve pushed the silicon so hard that silent data corruptions (SDCs) are no longer a theoretical problem.

Mercurial Cores are terrifying because they don’t hard-fail; they produce rare, but *incorrect* computations! Image
*When* exactly the problem occurred is hard to pinpoint.

The possibility was brought up at the Dependable Systems and Networks conference in 2008.

The first real SDC disclosure happened in 2021 with Meta. Google and Alibaba also confirmed later. Image
Perhaps more terrifying is that cores can *become* mercurial over time.

Chips are pushed so hard that electromigration aging can make compute “more wrong”.

No one knows for sure what process node started the phenomenon...but it's statically likely to be 14nm or 7nm. Image
Read 4 tweets
LaurieWired Profile picture
Feb 12
If you take a picture of a Raspberry Pi 2 with a strong flash it will reboot.

A specific power regulator (U16) was chip-scale packaged to save on cost and die space.

Since the silicon is basically naked, a xeon flash can cause a massive (but very short) current spike. Image
Image
Naked silicon (specifically, WLCSP) isn’t “bad” per se; it’s heavily used in mobile phones.

The thing is…phones are usually sealed. The Pi is an exposed development board.

Don't blame the engineers too hard, Apple actually had a similar issue with the iPhone 4 (back glass). Image
Image
The fix for the RPi is a bit obvious of course.

either:

1. don’t do that (take pictures with high powered flash inches away)
2. if you must…put a little blu-tak, nail polish, or other opaque inert substance on U16
Read 4 tweets
LaurieWired Profile picture
Jan 12
Dolphin’s dev blogs are some of the best technical writing on internet and not enough people read them.

My favorite is their “Ridiculous Ubershader”.

Pre-Compilation of the GameCube’s graphical effects is impossible:

5.64 x 10^511 possible states! So what do you do? Image
Image
Just-In-Time compilation *sucked*.

I mean, it “worked”…but every time a new graphical effect appeared, you had to:

Translate into shader code
Ask Driver to Compile
PAUSE the game to finish compilation
Resume and draw frame
The solution they developed was insane.

Emulate the Gamecube’s rendering pipeline (as in, the actual hardware circuits) *inside* of a pixel shader.

Turns out, it’s easier to just “pretend” to be a real GameCube GPU.

It took 2+ years, and a massive amount of effort. Image
Image
Read 4 tweets
LaurieWired Profile picture
Jan 6
2026 is the year Linux finally catches up to...UNIX.

No, seriously. Tiered memory architectures were solved in UNIX decades ago.

The era of pretending "all RAM is equal" is becoming unaffordable.

Thankfully, software is getting pretty clever: Image
Transparent Page Placement (TPP) is the modern linux equivalent of a very old idea.

Remember earlier in my series where we talked about CXL, and the latency penalty?

Turns out, having the Kernel place rarely accessed pages in the slower bucket (CXL) works pretty well. Image
The whole point of course is to get the best bang for the buck.

Not all memory needs to be fast.

If the OS handles it, and it's otherwise transparent to the user...why not? Especially with the current shortages.

Meta upstreamed the patch into the 5.18 Linux Kernel. Image
Read 4 tweets
LaurieWired Profile picture
Nov 13, 2025
The world’s first microprocessor is *NOT* from Intel.

But you won’t find it in many textbooks.

It was a secret only declassified in 1998; for good reason.

The Garrett AiResearch F14 Air Data Computer was ~8x faster than the Intel 4004, and a year earlier! Image
Image
The F14 used variable-sweep wings.

With the performance envelope the Navy wanted, humans wouldn’t be able to activate it fast enough…much less do the math in their head!

A custom air data computer was created, doing polynomial-style calculations on sensor input. Image
Image
Ray Holt, lead designer of the F14 computer, wanted to publish an article about the chip in Computer Design magazine.

1971 - Denied Publication, US Navy Classified.
1985 - Tried again, denied again. Still Classified.
1997 - Examined, cleared for public release 1998. Image
Image
Read 4 tweets
LaurieWired Profile picture
Nov 1, 2025
A Spooky Unix story for Halloween.

A new programmer accidentally ran “rm -rf *” as root, on one of the main computers at UoM.

He stopped halfway, but /bin, /etc, /dev, and /lib were gone.

What followed was one of the most insane live recoveries in computer history: Image
Image
A single Emacs session was still open, with a root shell.

Many student’s PhD thesis work was on the box. Every basic tool, ls, cd, mkdir, etc was already wiped.

The last tape backup was a week ago. Any downtime was unthinkable. Image
Image
*Assuming* you could copy or recover any tools, they needed a place to put them.

How do you rename /tmp to /etc…without mv?

Don’t forget; you can’t even compile code.

Remember that single Emacs session? Yeah, time to break out some raw VAX assembly. Image
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(