eigenform

One of those drivers that refuses to let faster cars pass

wwhat the

Blog: Exploiting Retbleed in the real world TL;DR We’re sharing details of exploiting Retbleed in a realistic, well-secured setting. Retbleed is a CPU vulnerability discovered in 2022 by ETH Zürich researchers which affects modern processors, p...

🔥 🔥 🔥

kinda tangential but: apart from the undercurrent of anthropogenic climate change, i wonder whether or not there are any meaningful correlations between the 2022 tonga eruption and anomalies in the recent/coming years

screenshot of part of apple's mac store configuration screen: Chip (Processor) Which chip is right for you? Apple M4 Max chip with...

I'm glad they clarify "Chip (Processor)" otherwise I might've thought they were talking about a tasty snack

hopefully unrelated to speculative store bypass disable, otherwise things are gonna get confusing

holy smokes bsky.app/profile/weat...

"Reverse faulting events of the size of the July 29, 2025, earthquake are typically about 130 km by 65 km in size (length x width)." goddamn..

(this is apparently false! the actual paper describes a case where STLF occurs for a faulting load and matches a store queue entry written by a privileged store - then you infer the value by timing instrs dependent on the load)

alias gs='git status ' 🫵

started watching foundation and god i love lee pace

speculatively fetching and executing a beer 🤙

😠

do i know any people who:
(a) have modern web development experience
(b) like #GlasgowInterfaceExplorer or just want to do something fairly simple and useful
(c) want to work with me on a new piece of the project?

Figure 3. from the paper "Take A Way: Exploring the Security Implications of AMD’s Cache Way Predictors"

figure from the paper (for comparison to the `inp_diff` field in the previous image) \o/ neat!

Command-line output showing consistent miss address buffer (MAB) allocations for a load instruction caused by L1D way predictor misses on a Zen 2 core. Each line in the output represents a pair of virtual addresses whose micro-tag is colliding, necessarily resulting in a misprediction. The `inp` fields are bits in the addresses used as input to a simple hash function which associates each virtual address to the cache way used in the previous load from that address. The `inp_diff` fields visually show us which pairs of bits are being XORed together!

false alarm, i was apparently only iterating through 12 bits instead of all 16 bits of input! \o/ i think this works

wikichip down again? v.v

maybe i should be randomizing the high bits or something, kinda just ignoring them

(the SOG mentions that fill requests should occur in either case when the utag is wrong, so i dont think it's because i'm failing to miss/hit in L2...)

*also it should happen when i flip bit 19 but it doesnt? :^(

adding a thing to `perfect` for trying to create zen2 l1d way predictor misses, but it seems like MAB allocs for the loads only occur reliably when xoring bits 15/20, 16/21, 17/22, and 18/23 yields 1? but the takeaway paper mentions the hash includes bits 12/27, 13/26 and 14/25 too? wuhhh

i guess this is basically: you can make inferences based on L1 utag hits and stlf hits?

at least theres no *values* leaking here afaict www.amd.com/content/dam/...

i dont usually do hats.. but maybe i should??

it me

happy sunday bsky

so trueeee

longjmp implies the existence of floatjmp and doublejmp

this kind of dense, walkable control flow graph is illegal to build in most american compilers

they should make longjmp2, a new and more fucked up longjmp variant