Let's Encrypt 更新了 ToS

You warrant to ISRG and the public-at-large, and You agree, that before providing a reason for revoking Your Certificate, you will have reviewed the revocation guidelines found in the “Revoking Certificates” section of the Let’s Encrypt documentation available at https://letsencrypt.org/docs/ , and that you will provide Your corresponding revocation reason code with awareness of such guidelines.

You acknowledge and accept that ISRG may modify any revocation reason code provided by You if ISRG determines, in its sole discretion, that a different reason code for revocation is more appropriate or is required by industry standards.

原來有專有名詞：TOCTOU (Time-of-check to time-of-use)

In the context of file system TOCTOU race conditions, the fundamental challenge is ensuring that the file system cannot be changed between two system calls. In 2004, an impossibility result was published, showing that there was no portable, deterministic technique for avoiding TOCTOU race conditions.

Since this impossibility result, libraries for tracking file descriptors and ensuring correctness have been proposed by researchers.

An alternative solution proposed in the research community is for UNIX systems to adopt transactions in the file system or the OS kernel. Transactions provide a concurrency control abstraction for the OS, and can be used to prevent TOCTOU races. While no production UNIX kernel has yet adopted transactions, proof-of-concept research prototypes have been developed for Linux, including the Valor file system and the TxOS kernel. Microsoft Windows has added transactions to its NTFS file system, but Microsoft discourages their use, and has indicated that they may be removed in a future version of Windows.

可以在 Cat5 上面跑 1km 的 Ethernet 標準 10BASE-T1L

Hacker News 上看到「SPEBlox-Long (10BASE-T1L) - 10Mbps, 1km range」這個產品，看到 10BASE-T1L 這個標準還有蠻有趣的，對應的討論在「10mbps over 1km on a single pair of wires (botblox.io)」這邊。

Two new variants of 10 megabit per second Ethernet over a single twisted pair, known as 10BASE-T1S and 10BASE-T1L, were standardized in IEEE Std 802.3cg-2019. 10BASE-T1S has its origins in the automotive industry and may be useful in other short-distance applications where substantial electrical noise is present. 10BASE-T1L is a long-distance Ethernet, supporting connections up to 1 km in length. Both of these standards are finding applications implementing the Internet of things.

DeepMind 的 Player of Games

We introduce Player of Games, a general-purpose algorithm that unifies previous approaches, combining guided search, self-play learning, and game-theoretic reasoning. Player of Games is the first algorithm to achieve strong empirical performance in large perfect and imperfect information games -- an important step towards truly general algorithms for arbitrary environments.

用 PoW 當作防機器人的方式

CAPTCHA 最常用的領域，也就是擋 spam 這件事情來說，PoW 這樣的單一方式應該是不夠，但可以當作綜合方法裡面的一種...

Python 2 的 EoL 日期將會是 2020 年年初

Guido van Rossum (Python 的發明人) 在回覆關於「Python Developer’s Guide — Python Developer's Guide」上面的資訊時的說明... 大約還有一年九個多月的時間。

讀書時間：Spectre 的攻擊方式

Spectre 的精華在於 CPU 支援 branch prediction 與 out-of-order execution，也就是 CPU 遇到 branch 時會學習怎麼跑，這個資訊提供給 out-of-order execution 就可以大幅提昇執行速度。可以參考以前在「CPU Branch Prediction 的成本...」提到的效率問題。

if (false but mispredicts as true)

Suppose register R1 contains a secret value. If the speculatively executed memory read of array1[R1] is a cache hit, then nothing will go on the memory bus and the read from [R2] will initiate quickly. If the read of array1[R1] is a cache miss, then the second read may take longer, resulting in different timing for the victim thread.

if (false but mispredicts as true)
multiply R1, R2
multiply R3, R4

Spectre 論文提到的 mitigation (workaround) 是透過 mfencelfence 強制程式碼的順序，但這表示 compiler 要針對所有的 branch 加上這段，對效能影響應該蠻明顯的：

In addition, of the three user-mode serializing instructions listed by Intel, only cpuid can be used in normal code, and it destroys many registers. The mfence and lfence (but not sfence) instructions also appear to work, with the added benefit that they do not destroy register contents. Their behavior with respect to speculative execution is not defined, however, so they may not work in all CPUs or system configurations.

Google 推出的 Retpoline 則是想要避免這個問題。Google 在「Retpoline: a software construct for preventing branch-target-injection」這邊詳細說明了 Retpoline 的原理與方法，採取的方向是控制 speculative execution：

However, we may manipulate its generation to control speculative execution while modifying the visible, on-stack value to direct how the branch is actually retired.

retpoline_r11_trampoline:
call set_up_target;
capture_spec:
pause;
jmp capture_spec;
set_up_target:
mov %r11, (%rsp);
ret;

讀書時間：Meltdown 的攻擊方式

Meltdown 的論文可以在「Meltdown (PDF)」這邊看到。這個漏洞在 Intel 的 CPU 上影響最大，而在 AMD 是不受影響的。其他平台有零星的消息，不過不像 Intel 是這十五年來所有的 CPU 都中獎... (從 Pentium 4 以及之後的所有 CPU)

Meltdown 是基於這些前提，而達到記憶體任意位置的 memory dump：

• 支援 µOP 方式的 out-of-order execution 以及當失敗時的 rollback 機制。
• 因為 cache 機制造成的 side channel information leak。
• 在 out-of-order execution 時對記憶體存取的 permission check 失效。

out-of-order execution 在大學時的計算機組織應該都會提到，不過我印象中當時只講「在確認不相干的指令才會有 out-of-order」。而現代 CPU 做的更深入，包括了兩個部份：

• 第一個是 µOP 方式，將每個 assembly 拆成更細的 micro-operation，後面的 out-of-order execution 是對 µOP 做。
• 第二個是可以先執行下去，如果發現搞錯了再 rollback。

Meltdown is some form of race condition between the fetch of a memory address and the corresponding permission check for this address.

On Linux and OS X, this is done via a direct-physical map, i.e., the entire physical memory is directly mapped to a pre-defined virtual address (cf. Figure 2).

Instead of a direct-physical map, Windows maintains a multiple so-called paged pools, non-paged pools, and the system cache. These pools are virtual memory regions in the kernel address space mapping physical pages to virtual addresses which are either required to remain in the memory (non-paged pool) or can be removed from the memory because a copy is already stored on the disk (paged pool). The system cache further contains mappings of all file-backed pages. Combined, these memory pools will typically map a large fraction of the physical memory into the kernel address space of every process.

PHP 7.2.0 釋出

PHP 7.2.0 釋出：「PHP 7.2.0 Released」。