dChan
Anonymous ID: a33c31 Jan. 4, 2018, 2:51 a.m. No.240474   🗄️.is 🔗kun   >>0482 >>0485 >>0489 >>0491 >>0500 >>0673 >>0905 >>1031 >>1043

I’m taking a break from the raw Q text file mega-project to explain this, because I personally cannot see this NOT turning the world on its freaking ear in the coming months. This could EASILY redefine life on Earth in our current culture, and I would be shocked if we don’t start seeing that happen almost immediately. It will begin as a trickle and quickly turn into a torrent.

 

If a CPU exploit exists, you can bet your grandmother it's going to be used to the hilt. And currently there is no defense against Spectre, the first exploit. (Two exist; I'll cover the second as soon as I've read up on it.)

 

This includes browsers; testers have successfully breached ALL security protocols via Javascript, meaning they can read the memory of your entire computer from a web page. To my knowledge this is the first time this has ever become possible.

 

Every CPU – ARM (mobile devices), Intel, AMD, and probably all others – uses something called “branch prediction” to speed up handling. Put into layman’s terms … when a program is executing, conditional branches are very frequent. Programs are constantly saying “if condition a is true, go execute this code; if not, go execute that code.” The problem is that memory access in any computer is the big bottleneck. It can and often does required hundreds of “clock cycles” (electronic pulses occurring at a given rate) to read or write memory. While that memory access is being waited on, the processor would normally go into an idle state until the results of the memory access return. When branch prediction was introduced, the CPU would (based on built-in hardware logic) pre-execute one or the other potential branches, and store the results on-chip. When the memory read came back, if the tested (speculative) branch was true, then the CPU will have saved oodles of time by already having executed that code. Big speed-up.

 

What the Spectre flaw does – and it’s a design level flaw, not specific to any processor – is use that speculative execution to access memory it can’t normally access. Since the instructions to access illegal parts of memory (memory off limits to a user-level app such as the web browser) are not yet known to be illegal (the processor hasn’t checked legality yet), any memory address – off limits or not – is read. It may be in the CPU’s cache, so that read will return long before the read that triggered the whole speculative process is done. The whole thing gets complicated; in the end it’s that pre-read-to-test that is later retrieved from the onboard registers, or memory, or cache, of the CPU and voila, a program has everything it wants. Even the browser.

 

This is read-only. But no information is safe.

 

This redefines ALL of cloud computing, governmental and corporate security, you name it. People are not stupid; ingenious workarounds to protect against this will surface as fast as problems do and probably even faster.

 

The world of computer security is like the spy game: it’s an eternal cat-and-mouse game that will never end. The good guys always win, but sometimes damage is done before they do. Be aware that the problem is out there, and places like Eastern Europe probably already have boiler rooms filled with developers exploiting these flaws to the hilt.

 

The other flaw – Meltdown – will be covered after I read up on it.

Anonymous ID: a33c31 Jan. 4, 2018, 3:13 a.m. No.240527   🗄️.is 🔗kun

>>240491

 

Yes, but it goes from bad to worse because there is no mechanism in place to turn it off. I suppose it's much like the original 80286 chip being unable to return from protected mode: the designers figured "who would EVER want to do that?" and they included no circuitry to disable it. This is why all the talk is being thrown around about a 30% slowdown, or billions of dollars and many months to redesign CPU's from the ground up. And that's what would need to be done; ALL results from branch prediction would have to be inaccessible to any and all parts of the CPU. The entire prediction mechanism would have to be a hardware version of a subroutine: its internals off limits to the entire CPU; it takes in a code stream and returns yea or nay. Big, big, big project to do this redesign. It won't be on our doorsteps tomorrow.

Anonymous ID: a33c31 Jan. 4, 2018, 5:09 a.m. No.240813   🗄️.is 🔗kun

>>240810

 

Nevermind, I'm in idiot mode; I have something like 4 threads open in 4 browser tabs and I was probably trying to post to the wrong one.

Anonymous ID: a33c31 Jan. 4, 2018, 5:09 a.m. No.240814   🗄️.is 🔗kun

It sounds ridiculous, but …

 

I'm revamping the raw Q text files. Many tens of hours of work in this.

 

I'm also posting more detailed info on the Spectre and Meltdown vulnerabilities in all CPU's.

 

The Q material will be made available to everybody as database files, for any software developers who want to integrate them. They will have 100% of the Q material ready to use, with almost guaranteed 100% accuracy.

 

I'm also doing the single-JPG Q map containing all Q postings forever.

 

There will be many updates on these subjects, and there will be more work and contributions after. I'm now planning out a full-scale desktop app (Windows) to search (by a billion criteria) the entire Q database, handle peer-to-peer, encrypted communication real-time between anons (a version of Instant Messenger that's built into the Q search app, but it handles encrypted comm as well as encrypted emails).

 

I'm wondering if I shouldn't be using a trip code, just so there's no confusion about my having some semi-valuable role in here. I have no full time job (and I pay for it dearly) so I'm able to put the required work into this stuff at a level many cannot.

 

Good idea? Bad? I don't want to just jump on and create one; rules state "if you don't need one, don't create one." Thoughts? It's probably not that big of a deal but I thought I'd throw it out there to see what at least a few people think.

Anonymous ID: a33c31 Jan. 4, 2018, 5:15 a.m. No.240829   🗄️.is 🔗kun   >>0881

Meme makers: if you want stills out of a video, I can do that super easy. I use the video editor in Blender, which is very unique in that it works by frame number and not time. Makes it ultra easy to go to a specific point and pull the image.

Anonymous ID: a33c31 Jan. 4, 2018, 5:15 a.m. No.240832   🗄️.is 🔗kun   >>0850

>>240828

 

Yes, and that was probably legit cold weather stuff. I'm about 3 hours from Savannah and we are in the middle of a godawful cold snap, and we just had a ton of rain come through here.

Anonymous ID: a33c31 Jan. 4, 2018, 5:29 a.m. No.240855   🗄️.is 🔗kun

>>240850

 

Well I'm just discovering they hacked THIS board; at least the first Q posts on 8ch/pol are GONE. Not sure WHAT to do. Trying to avoid manual typing at all costs because that's where errors happen.

Anonymous ID: a33c31 Jan. 4, 2018, 6:08 a.m. No.240964   🗄️.is 🔗kun

>>240673

 

They can stall the process but it's hardware based so they're never going to eliminate it. They will probably (I would guess, but it's only a wild guess) modify their compilers to look for and/or disable side channel information reading by an app. Go in at the assembly level and such defenses are useless; they cannot be implemented when the person doing the coding hand-codes every instruction. Any action is better than none, but it is not a permanent fix.

!!/npENXUTtI ID: a33c31 Jan. 4, 2018, 6:21 a.m. No.241031   🗄️.is 🔗kun

Adding a trip code just so I can be identified as harmless.

 

>>240474

 

Part 2: the Meltdown exploit.

 

Essentially it's the same thing as Spectre; the difference being that out-of-order execution is used instead of branch prediction. Closely related. When the CPU would otherwise be idle, typically waiting on the contents of a memory location to be read, it will pick some code stream ahead of the current execution point; one that MIGHT be executed in the near future. It will begin executing that code and discard the results if it turns out it should not have been executed.

 

As with the Spectre exploit, this process loads target memory locations into the CPU in a way that the data can be read by an app. The problem for us humans is that all restrictions on memory - which the modern world relies on completely - are bypassed. Kernel memory - where the operating system lives - is every bit as easily accessible as anywhere else. One app can read the entirety of another's memory. Meaning, a web page can read in everything you're doing on Word or your banking app or anywhere else on your computer. Nothing is off limits.

 

What I'm finding shocking is that it took this long for all this to come out. The explosive release of these "findings" - the Meltdown and Spectre exploits - certainly had to have very specific timing. It could account for an awful lot of intel going public, or it could account for white hat info being hacked by nasty evil black hats. The sky is the limit. What's going to be most interesting is to see how thoroughly these exploits are taken advantage of and how far the game will go as far as mayhem being created - on or off the computer. Time will tell.

WellOk !!/npENXUTtI ID: a33c31 Jan. 4, 2018, 6:26 a.m. No.241057   🗄️.is 🔗kun

>>241043

 

I don't see how this is going to help them. They can't just willie-nillie disable paging, and the way the CPU implements it is set in stone. They can run but they can't hide. There is no virtual memory system they can implement that would be off limits. I suppose they could try something like constantly moving things around, but that would eat up a LOT of CPU time.

 

Oh well … better minds than mine are working on the issue and I have no doubt they'll find a hundred solutions I never thought of.