Details
-
AboutStudent. Stargazer. Programmer.
-
SkillsDart/Flutter, Ruby
-
LocationMalaysia
-
Website
-
Github
Joined devRant on 5/3/2017
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
Hello devRant,
I'm new in your community. Okay, not completely new because I try to introduce me in the community and now I think, I know how devRant works and what I could do here.
But who I am?
I'm David from Germany. I'm a hobby developer. I develop lots of stuff, Alexa Skills, Google Actions, Mobile Application for Android and Websites. I'm in a one team member "team"🤣. I develop the background and I "try"😉 to develop the foreground. I develop since 6-7 years and I start with HTML (I know it's not a programming language) but next to HTML I learned CSS. Now, I could programm in CSS, JS, PHP, MySQL, JAVA, C++, PHYTON and I hope I don't forget a language.
But the main question: Why I joined to the devRant community?
The main reason is that I want to see jokes meme and interesting topics. The secondary reason is that I hope I could learn English in a different way. I hope I'm not the worst English speaker/writer.
26 -
It happens... but sometimes you have to, to get to the next level. It's called stepping out of your safe zone.
4 -
When will Google understand what an ecosystem means ?
Love it or hate it. What makes Apple devices homely is the ability to build a banded and consolidated associative user space that feels the same anytime on any platform. Crafting an ecosystem might be a daunting task , and requires adaptive and perfective rework through a long period. But it pays of , just like apples utility app suite does today. It was a journey to get it right.
Now we have Google , a company that is confused most of the time , releasing new apps everytime they have new feature in mind. According to me , Google did a phenomenal job in building hangouts and Allo , hangouts was a huge step forward from gChat , and Allo was way ahead of its time for a fun and innovative IM app. But what's the need for 2 different apps ? One has video calling , text messaging , group sharing , everything the Allo had.
Then all of a sudden you get Google Duo " The best ever video calling app " Why wasn't this integrated with hangouts and marketed the same way ?
Trial and error is one thing , this seems a lot like the lack of effort in architecting coaction and a well designed internetworking application framework. A lot of unnecessary choices have led to the shutting down of majority of their apps. Allo and hangouts included , but all this would have been unnecessary if the goal was to always build upon iteratively.
While I believe Allo was marketed as a cross platform chat application unlike hangouts , an integration plan could have always circumvented this issue.
I have to talk about another one of Google's failed efforts in recognition of potential , the hello app , but this rant has gone a bit too far already. So I'll post 6 hours later 😅
Well I'll always have the hope to see Google integrate the best of their ideas in a more relaxed and realised structure than what exists today. :)
13 -
As a long-time iPhone user, I am really sorry to say it but I think Apple has completed their transition to being a company that is incompetent when it comes to software development and software development processes.
I’ve grown tired of hearing some developers tell me about Apple’s scale and how software development is hard and how bugs should be expected. All of those are true, but like most rules of law, incompetence and gross negligence trumps all of that.
I’m writing this because of the telugu “bug”/massive, massive security issue in iOS 11.2.5. I personally think it’s one of the worst security issues in the history of modern devices/software in terms of its ease of exploitation, vast reach, and devastating impact if used strategically. But, as a software developer, I would have been able to see past all of that, but Apple has shown their true incompetence on this issue and this isn’t about a bug.
It’s about a company that has a catastrophic bug in their desktop and mobile platforms and haven’t been able to, or cared to, patch it in the 3 or so days it’s been known about. It’s about a company, who as of a view days ago, hasn’t followed the basic software development process of removing an update (11.2.5) that was found to be flawed and broken. Bugs happen, but that kind of incompetence is cultural and isn’t a mistake and it certainly isn’t something that people should try to justify.
This has also shown Apple’s gross incompetence in terms of software QA. This isn’t the first time a non-standard character has crashed iOS. Why would a competent software company implement a step in their QA, after the previous incident(s), to specifically test for issues like this? While Android has its issues too and I know some here don’t like Google, no one can deny that Google at least has a solid and far superior QA process compared to Apple.
Why am I writing this? Because I’m fed up. Apple has completely lost its way. devRant was inaccessible to iOS users a couple of times because of this bug and I know many, many other apps and websites that feature user-generated content experienced the same thing. It’s catastrophic. Many times we get sidetracked and really into security issues, like meltdown/spectre that are exponentially harder to take advantage of than this one. This issue can be exploited by a 3 year old. I bet no one can produce a case where a security issue was this exploitable yet this ignored on a whole.
Alas, here we are, days later, and the incompetent leadership at Apple has still not patched one of the worst security bugs the world has ever seen.
81 -
Okay, this is a rather technical rant and I am sure some of you are working on the patches already, if you are then lets connect cause, I am an ardent researcher for the same as of now.
So here it goes:
As soon as kernel page table isolation(KPTI) bug will be out of embargo, Whatsapp and FB will be flooded with over-night kernel "shikhuritee" experts who will share shitty advices non-stop.
1. The bug under embargo is a side channel attack, which exploits the fact that Intel chips come with speculative execution without proper isolation between user pages and kernel pages. Therefore, with careful scheduling and timing attack will reveal some information from kernel pages, while the code is running in user mode.
In easy terms, if you have a VPS, another person with VPS on same physical server may read memory being used by your VPS, which will result in unwanted data leakage. To make the matter worse, a malicious JS from innocent looking webpage might be (might be, because JS does not provide language constructs for such fine grained control; atleast none that I know as of now) able to read kernel pages, and pawn you real hard, real bad.
2. The bug comes from too much reliance on Tomasulo's algorithm for out-of-order instruction scheduling. It is not yet clear whether the bug can be fixed with a microcode update (and if not, Intel has to fix this in silicon itself). As far as I can dig, there is nothing that hints that this bug is fixable in microcode, which makes the matter much worse. Also according to my understanding a microcode update will be too trivial to fix this kind of a hardware bug.
3. A software-only remedy is possible, and that is being implemented by all major OSs (including our lovely Linux) in kernel space. The patch forces Translation Lookaside Buffer to flush if a context switch happens during a syscall (this is what I understand as of now). The benchmarks are suggesting that slowdown will be somewhere between 5%(best case)-30%(worst case).
4. Regarding point 3, syscalls don't matter much. Only thing that matters is how many times syscalls are called. For example, if you are using read() or write() on 8MB buffers, you won't have too much slowdown; but if you are calling same syscalls once per byte, a heavy performance penalty is guaranteed. All processes are which are I/O heavy are going to suffer (hostings and databases are two common examples).
5. The patch can be disabled in Linux by passing argument to kernel during boot; however it is not advised for pretty much obvious reasons.
6. For gamers: this is not going to affect games (because those are not I/O heavy)
Meltdown: "Meltdown" targeted on desktop chips can read kernel memory from L1D cache, Intel is only affected with this variant. Works on only Intel.
Spectre: Spectre is a hardware vulnerability with implementations of branch prediction that affects modern microprocessors with speculative execution, by allowing malicious processes access to the contents of other programs mapped memory. Works on all chips including Intel/ARM/AMD.
For updates refer the kernel tree: https://git.kernel.org/…/ke…/...
For further details and more chit-chats refer: https://lwn.net/SubscriberLink/...
~Cheers~
(Originally written by Adhokshaj Mishra, edited by me. )
23
