<pie_>
i think i may have seen something about that actually...
<rqou>
the tl;dr was essentially that the prefetch opcodes never raise privilege exceptions
<pie_>
anyway this is very interesting
<rqou>
but they take different amounts of time depending on if you have access to the memory or not
<pie_>
rqou, was this a timing attack?
<pie_>
ah yep :)
<rqou>
e.g. something that requires the cpu to walk all page tables takes much much longer than something that doesn't
* qu1j0t3
is impressed
<pie_>
i wonder if there's a list of such goofs somewhere for some nice reading
<rqou>
there is the super disorganized CVE database :P
<pie_>
i almost asked if they do hardware but i guess this is softwareish
<rqou>
which iirc had a CVE of its own a number of years back :P
<pie_>
haha
<rqou>
iirc somebody found an XSS in it
<pie_>
oh i thought they gave the disorganization a cve, nevermind i get it
<felix_>
i was more thinking of an fpga frying bitstream, but yeah, poking stuff in the system via busmastering will probably result in more interesting stuff...
<rqou>
the ingenuity of XSS attacks is quite impressive sometimes
<cr1901_modern>
prefetch opcode?
<rqou>
somebody XSSd a large number of dns querying websites by putting HTML in a TXT record
<cr1901_modern>
Bleh, I don't have the bandwidth to ask about the last hour of convo tonight lmao
<pie_>
i think i saw a talk with very nice slides by that gruss fellow on cache ?side channel? attacks
<rqou>
oh side channel attacks exist everywhere :P
<rqou>
azonenberg: i wonder if the fpga boards allow for new side channel/data exfiltration attacks?
<pie_>
this looks fun
<rqou>
or are they probably in a rack all by themselves?
<pie_>
rqou, im curious about EM crosstalk possibilities
<pie_>
idk if you could like...make a really long trace inside an fpga or something
<pie_>
on that note i feel dumb, fpga dies are still generally pretty small no?
<azonenberg>
pie_: nope, lol
<azonenberg>
Not small
<pie_>
hm ok. i wasnt sure
<azonenberg>
Making "long traces" is unlikely as they're all buffered
<pie_>
long trace as in antenna, but you probably got that
<azonenberg>
But an xc7a200t die is on the same OOM size as a typical x86 chip
<azonenberg>
i got to decap a blown stratix V once
<azonenberg>
it was HUGE
<azonenberg>
i have made entire PCBs smaller than the ide, lol
<azonenberg>
die*
<pie_>
heh, and thats why theyre expensive, yield baby
<pie_>
i think i asked you about this once before actually
<azonenberg>
at least 25x30 mm
<pie_>
im not familiar with radio stuff yet so i dont know how big of an antenna youd need to do "things"
<pie_>
but yeah you said buffered and what
<rqou>
it's hilarious how amazon rolls out this service to assist machine learning or whatever and all we can think of doing is finding footguns and exploits :P
<pie_>
:D
<pie_>
we are strange men in a strange land
<pie_>
we have a peculiar taste for fun
<pie_>
maybe its the only way we dont go crazy because of how broken everythig is
<pie_>
:P :/
<pie_>
then again youd know more about that than me
<pie_>
rqou, well they probably wipe everything somehow but on that note, i wonder if you could achieve persistence and get it to do stuff for you for free :P
<pie_>
those are orthogonal actually
<rqou>
persistence is quite unlikely
<pie_>
yeah i dont think so either. its too obvious to miss
<rqou>
especially since xilinx has a prog_b pin that automatically deconfigures everything
<pie_>
i see
<azonenberg>
and i can only assume they dont have any boot flash
<azonenberg>
Or if they do its a basic "PCIe bitstream loader" design with WP strapped off
rah has quit [Ping timeout: 240 seconds]
rah has joined ##openfpga
<digshadow>
diamondman: I'm probably going to get a platform cable 2 that work is tossing
<digshadow>
so if you need to borrow it for testing let me know
<digshadow>
also for anyone local
<digshadow>
a bunch of related xilinx jtag adapters
<digshadow>
not sure if that's useful to anyone
<digshadow>
ie the flying leads it comes with
tecepe has quit [Remote host closed the connection]
<digshadow>
can bring it to next mtvre if someone is interested
<rqou>
i'm interested in one if it isn't a parallel port one
<rqou>
my father has one of the xilinx parallel port cables lying around (the one that can't go down to 1.8v)
<balrog>
rqou: I've got some of the old usb ones lying around
digshadow has quit [Quit: Leaving.]
maaku has quit [Quit: No Ping reply in 180 seconds.]
tecepe has joined ##openfpga
maaku has joined ##openfpga
DocScrutinizer05 has quit [Ping timeout: 264 seconds]
DocScrutinizer05 has joined ##openfpga
maaku has quit [Quit: No Ping reply in 180 seconds.]
maaku has joined ##openfpga
maaku has quit [Ping timeout: 260 seconds]
maaku has joined ##openfpga
maaku has quit [Quit: No Ping reply in 180 seconds.]
maaku has joined ##openfpga
DocScrutinizer05 has quit [Disconnected by services]
DocScrutinizer05 has joined ##openfpga
DocScrutinizer05 has quit [Disconnected by services]
DocScrutinizer05 has joined ##openfpga
maaku has quit [Ping timeout: 260 seconds]
amclain has quit [Quit: Leaving]
maaku has joined ##openfpga
eric_j_ has quit [Ping timeout: 256 seconds]
maaku has quit [Ping timeout: 260 seconds]
maaku has joined ##openfpga
eric_j_ has joined ##openfpga
maaku has quit [Quit: No Ping reply in 180 seconds.]
maaku has joined ##openfpga
digshadow has joined ##openfpga
digshadow1 has joined ##openfpga
digshadow has quit [Read error: Connection reset by peer]
maaku has quit [Quit: No Ping reply in 180 seconds.]
maaku has joined ##openfpga
maaku has quit [Quit: No Ping reply in 180 seconds.]
eric_j_ has quit [Ping timeout: 248 seconds]
eric_j_ has joined ##openfpga
maaku_ has joined ##openfpga
maaku_ has quit [Quit: No Ping reply in 180 seconds.]
maaku_ has joined ##openfpga
maaku_ has quit [Quit: No Ping reply in 180 seconds.]
maaku_ has joined ##openfpga
maaku_ has quit [Quit: No Ping reply in 180 seconds.]
maaku_ has joined ##openfpga
maaku_ has quit [Quit: No Ping reply in 180 seconds.]
maaku has joined ##openfpga
maaku has quit [Quit: No Ping reply in 180 seconds.]
maaku has joined ##openfpga
maaku has quit [Quit: No Ping reply in 180 seconds.]
maaku has joined ##openfpga
maaku has quit [Ping timeout: 260 seconds]
<mIKEjONE1>
holy shit did you guys see the amazon ultrascale virtex clusters?
<mIKEjONE1>
I think they're going to cost $5-10/hr
<azonenberg>
mIKEjONE1: Thats a pretty fair price given that the FPGA is around $30K per chip
<azonenberg>
and yeah we were talking about it earlier
<rqou>
it = "how to pwn it" :P
maaku has joined ##openfpga
digshadow1 has quit [Ping timeout: 244 seconds]
digshadow has joined ##openfpga
<rqou>
also VU9P is $30K wtf
maaku has quit [Client Quit]
<rqou>
what is the intended market segment of such a chip?
<azonenberg>
ASIC prototyping, i think
<azonenberg>
or heavy HPC
maaku has joined ##openfpga
jn__ has quit [Ping timeout: 260 seconds]
jn__ has joined ##openfpga
kuldeep has quit [Read error: Connection reset by peer]
kuldeep has joined ##openfpga
pie_ has quit [Ping timeout: 240 seconds]
pie_ has joined ##openfpga
<mIKEjONE1>
AI and HFT stuff as well
Bike has quit [Quit: sicken]
<mIKEjONE1>
am I high or are these almost identical projects?
<rqou>
i thought the username was familiar and it seems he's the xqemu xbox emulator guy (http://xqemu.com/)
<rqou>
anyone willing to tell me about the backstory and (lack of?) connections between geohot, "iphone dev team", fail0verflow, and any console "scenes?"
<rqou>
i know geohot did some early iphone jailbreaking/unlocking and the ps3 ram glitch attack
<whitequark>
it's -10°C outside and the central heating and hot water supply are off
<whitequark>
$100_emoji
<azonenberg>
whitequark: o_O
<azonenberg>
This is in .ru not .hk right?
<whitequark>
former yes
<azonenberg>
i didnt think it got that cold in hk
<whitequark>
-10°C in hk would mean literal apocalypse
<azonenberg>
Lol
<rqou>
lol
<whitequark>
as every pipe bursts and roads become unusable
<whitequark>
previous winter it snowed for the first time in iirc 120 years?
<whitequark>
i think?
<rqou>
snow in hk?
<whitequark>
yep
<whitequark>
it was below zero too
<rqou>
anyways, nobody willing to talk about drama today/tonight? :P
<whitequark>
i know nothing about george hotz or stefan esser
<whitequark>
and i like it this way
<rqou>
lol
<rqou>
i'm just continually noticing how small and interconnected all the "let's hack things" people are
<azonenberg>
rqou: its a small community indeed
<azonenberg>
i mean the siliconpr0n IRC is 43 people and that includes some duplicates and one literal zombie (bushing)
<rqou>
is siliconpr0n affiliated with fail0verflow in any way?
<rqou>
other than having overlap in people that is?
<azonenberg>
No
<azonenberg>
pr0n is dig's website, i am fairly closely tied to it but not officially in charge (not a site admin etc)
maaku has quit [Quit: No Ping reply in 180 seconds.]
maaku has joined ##openfpga
digshadow has joined ##openfpga
pie_ has quit [Ping timeout: 250 seconds]
<whitequark>
ooo heating's back
<balrog>
I've met Stefan Esser twice, lol
<balrog>
he seems alright but very opinionated
<balrog>
though he does get loads of jailbreak-related abuse
<balrog>
heh
massi has joined ##openfpga
<whitequark>
every time I see him say something, I see an asshole with ego the size of a small gas planet
<whitequark>
*maybe* he isn't but I dunno
<balrog>
whitequark: LOL
<balrog>
that's about right, though I know enough other people who are assholes with egos at least as big
<whitequark>
oh absolutely, infosec seems to select for those for some reason
<whitequark>
one reason I try to stay away from it, publicly at least
<balrog>
not necessarily in infosec
<whitequark>
ah
LoveMHz has joined ##openfpga
tecepe has quit [Remote host closed the connection]
Bike has joined ##openfpga
tecepe has joined ##openfpga
amclain has joined ##openfpga
tecepe has quit [Ping timeout: 240 seconds]
maaku_ has joined ##openfpga
maaku has quit [Ping timeout: 260 seconds]
tecepe has joined ##openfpga
maaku has joined ##openfpga
maaku_ has quit [Ping timeout: 260 seconds]
maaku has quit [Read error: Connection reset by peer]
maaku has joined ##openfpga
massi has quit [Remote host closed the connection]
maaku has quit [Quit: No Ping reply in 180 seconds.]
maaku has joined ##openfpga
maaku has quit [Quit: No Ping reply in 180 seconds.]
maaku has joined ##openfpga
<felix_>
the fpga price drops quite a bit when you buy them in volume from xilinx directly. depending on the volume you'll only pay about half to a third of the list price. 10k per chip is still quite some money though
maaku has quit [Read error: Connection reset by peer]
<rqou>
which aspect are you facepalming about? the belief in ghosts, the startup's business model, or the state of HK's housing market in general?
<whitequark>
"The government considered building a controversial suicide theme park about a decade ago to capitalize from Hong Kong’s fear of ghosts, when death by charcoal burning hit its peak."
<whitequark>
nice
<whitequark>
rqou: all of the above
<whitequark>
well, hk's housing market isn't all that worse than moscow's, relatively speaking
<whitequark>
it's pretty hard to surprise me on that front
<rqou>
relevant: my grandmother's place in HK is on a "less-desirable" floor 14
<whitequark>
"You can search for an apartment with specific incidents"
<rqou>
the Cantonese word for the number 14 is phonetically similar to the phrase "definitely will die"
<rqou>
similar phonetically similarly also explains the insane popularity of the number 8
<whitequark>
"4" was just "death" wasn't it?
<whitequark>
and "8" was "rich" or something?
<azonenberg>
So do they skip 14th floors the same way americans skip the 13th a lot?
<rqou>
some places actually do skip 14th floors
<whitequark>
... instead of renting them to foreigners...
<whitequark>
assholes
<pie_>
lol
<azonenberg>
lol
<azonenberg>
actually in the US what some large buildings do, to keep floor numbering sane
<azonenberg>
they have tenant floors on ground...12 and 14+
<azonenberg>
then make 13th a mechanical floor where all the boilers, HVAC gear, etc is
<azonenberg>
i mean it's gotta go somewhere...
mzpx has joined ##openfpga
digshadow has joined ##openfpga
<whitequark>
heh, clever
<rqou>
whitequark: interestingly, the number 8 sounds similar to the word 發 which is used in the phrase 發財 meaning "to get rich" but the word 發 itself just means "to send out/to issue/to develop"
<cr1901_modern>
I thought number 4 was the "death number"
<rqou>
4 sounds similar to the word "to die"
<rqou>
interestingly the traditional 發 was unified with 髮 meaning "hair" to form the simplified character 发
<rqou>
these two characters that got unified have different tones in mandarin
<rqou>
but they're homophones in cantonese
mzpx has quit [Ping timeout: 240 seconds]
<whitequark>
rqou: also "3Y5"
<whitequark>
if we're talking about homophones
mzpx has joined ##openfpga
<rqou>
I'm not actually sure what that is supposed to be a homophone for
<whitequark>
free wifi
<rqou>
wut
<whitequark>
it... makes perfect sense to me
<rqou>
oh in English, not Cantonese :P
<whitequark>
yeah
<whitequark>
I guess you still need a cantonese accent or something
<lain>
oh I see it
<whitequark>
it actually took me a few weeks. but one day i went "three wai five, the hell is that mea... oh."
<lain>
hahah
<rqou>
btw the word for "unlimited" (无限) and the word for "wireless" (无线) are homophones in mandarin for extra fun
<rqou>
so "unlimited internet access" and "wireless internet access" would be homophones
<cr1901_modern>
wai, wye, why *makes a list of all phonetic spellings of "Y"*
<rqou>
btw 3Y5 works better with a cantonese accent
<rqou>
there's no "th" sound in cantonese so i've heard it approximated with an "f" sound
<whitequark>
ahhh
<rqou>
and consonants in the coda of syllables (the "v" sound in "five") tend to get shortened/omitted too