Archive for November, 2016

Where Has the Java PermGen in Java8 Gone?

November 30, 2016

Java 8 is released since 2014. If you are working in an enterprise oriented company, chances are you are only now getting experience with usage of Java 8. You may ask yourself what this warning is telling you.

VM warning: ignoring option MaxPermSize=128M; support was removed in 8.0

Why is PermGen gone? An article of infoq.com tells you something of the reasoning behind this change.

Attention riseup.net users! Your data and communucation may not be safe anymore…

November 24, 2016

Popular provider of web tools for activists and anarchists and backbone of much infrastructure for internet freedom, Riseup.net has almost certainly been issued a gag order by the US government.
[…]
My read is that Riseup is complying with the gag order while fighting the surveillance demanded in court. Riseup is made up of long-time anarchist activists who would feel obliged to go to prison rather than collaborate in snitching out others. However there is a small chance someone could crack from threats of decades in prison. Additionally there’s a much more substantive chance that regardless of their optimism Riseup may soon be forced to close everything down.
Riseup’s Canary Has Died – C4SS

Long story short: There exists a high possibility that the riseup servers and their infrastructure is compromised. The given links also suggests some actions to be taken to recover from the loss of riseup as a trustworthy source for communication services…

(If you want a description and summary in german of what this is all about, you can look there).

Howto access git via ssh behind a corporate proxy

November 22, 2016

If you are working behind a proxy and have to access git repositories on the internet via ssh (e.g. github), then you sooner or later (probably sooner) find out that this will not work out of the box. This is because you need to proxy your ssh connection. This summary on stackoverflow explains how to do this in a short but comprehensible manner.

 

In search of your soul mate?

November 15, 2016

Lots and lots of songs and movies tell us: There is one person in the world who is your soul mate. A person who understands you and completes you. If you happen to believe this or want to make fun of this theory (read: criticize this thinking) , I have something written/drawn and something sung for you.

On what if? Randall Munroe answers the question “What if everyone actually had only one soul mate, a random person somewhere in the world?” in a funny and witty way.

[…] The odds of running into your soul mate are incredibly small. The number of strangers we make eye contact with each day is hard to estimate. It can vary from almost none (shut-ins or people in small towns) to many thousands (a police officer in Times Square). Let’s suppose you lock eyes with an average of a few dozen new strangers each day. (I’m pretty introverted, so for me that’s definitely a generous estimate.) If 10% of them are close to your age, that’s around 50,000 people in a lifetime. Given that you have 500,000,000 potential soul mates, it means you’ll only find true love in one lifetime out of ten thousand. […]

Also there is the song “If I Didn’t Have You” from Tim Minchin which perfectly sums up this topic.

Hardware based exploit: Rowhammer

November 10, 2016

The Rowhammer exploit is at least known since 2014 but only in the last months it seems that this exploit may be found out in the wild.

Row hammer (also written as rowhammer) is an unintended side effect in dynamic random-access memory (DRAM) that causes memory cells to leak their charges and interact electrically between themselves, possibly altering the contents of nearby memory rows that were not addressed in the original memory access. This circumvention of the isolation between DRAM memory cells results from the high cell density in modern DRAM, and can be triggered by specially crafted memory access patterns that rapidly activate the same memory rows numerous times.
[…]
Memory protection, as a way of preventing processes from accessing memory that has not been assigned to each of them, is one of the concepts behind most modern operating systems. By using memory protection in combination with other security-related mechanisms such as protection rings, it is possible to achieve privilege separation between processes, in which programs and computer systems in general are divided into parts limited to the specific privileges they require to perform a particular task. Using privilege separation can also reduce the extent of potential damage caused by computer security attacks by restricting their effects to specific parts of the system. [wikipedia]

In other words: Switching to another operating system or patching it may not solve the problem, because the root of the problem lies in the memory chips every which computer contain. An article on wired.com describes it like this

Both of those new attacks use a technique Google researchers first demonstrated last March called “Rowhammer.” The trick works by running a program on the target computer, which repeatedly overwrites a certain row of transistors in its DRAM flash memory, “hammering” it until a rare glitch occurs: Electric charge leaks from the hammered row of transistors into an adjacent row. The leaked charge then causes a certain bit in that adjacent row of the computer’s memory to flip from one to zero or vice versa. That bit flip gives you access to a privileged level of the computer’s operating system.

lwn.net is reporting that linux kernel developers are trying to mitigate the exploit.

An intriguing alternative turned up on the linux-kernel list, though its nature wasn’t immediately clear. Pavel Machek asked a question that raised some eyebrows: “I’d like to get an interrupt every million cache misses… to do a printk() or something like that.” Developers naturally wondered what he was up to. The answer turns out to be an in-kernel Rowhammer defense.