Skip Navigation

User banner

A Basil Plant

@ ABasilPlant @lemmy.world

Posts
15
Comments
109
Joined
3 yr. ago

InfoSec Person | Alt-Account#2

  • A hot air balloon landed in my back yard.

    Jump

  • Someone in the video also said it looks like Up (at 5:59-ish)

  • A hot air balloon landed in my back yard.

    Jump

  • That's incredible! Makes the transportation nerd in me be fired up with jealousy! And fortunate that no one was hurt, the pilot and the helpers really did a great job jumping your house. Was there any reason they told you why they had to make an emergency landing? Maybe I missed that part.

    But it looks like the gondola is lop-sided from the video. Is that it? Seems like the whole neighborhood came out to watch the spectacle :D

  • Light Years Away (Malmö, Sweden on Film) [OC]

    Jump

  • Thanks for the comment and the sympathies :D

    I hadn't heard that song before... I have now and I love it! The piano is SO good! Thanks for the new tune :)

  • pics @lemmy.world
    A Basil Plant @lemmy.world
    OC

    Light Years Away (Malmö, Sweden on Film)

  • bit rude, innit?

    Jump

  • Is this image AI? the reflections in the window, the perfect snowman, that film grain filter... it looks too perfect to me.

  • pics @lemmy.world
    A Basil Plant @lemmy.world
    OC

    Behold, a flappy duck

  • Immich 2.5 Released With Free Up Space, Web Backups

    Jump

  • Just purchased a server license (for life). Not only is this update jam packed full of nice features, but a lot of their updates are. I've been self-hosting it (on a VPS) for the past year and it's about time I supported them

  • [OC] Reviving and Advancing Page Cache Attacks on Linux (My first publication as a PhD student!)

    Jump

  • [OC] Reviving and Advancing Page Cache Attacks on Linux (My first publication as a PhD student!)

    Jump

  • I’ll be sure to reach out if I find myself being unable to replicate it.

    No worries, and good luck! My email can be found on my website if you want it :D

    I wasn’t even talking about tikzplotlib. It’s just that pgf backend is now supported by matplotlib and you can produce pgf files with.

    Ah... I've think I've heard of it, but I never really registered that. Thanks for the info :D

  • [OC] Reviving and Advancing Page Cache Attacks on Linux (My first publication as a PhD student!)

    Jump

  • I could give you the tikz source of Fig 2 if you'd like. The patterns and colors of the plots took me almost a day to choose. I wanted to go for a color-blind friendly pallette and keep it looking still snazzy. (https://github.com/simon-pfahler/colorblind)

    I'm familiar with matplotlib -> PGFplots (using the Python tikzplotlib library). Unfortunately, I've decided against using it for the paper as it produces quite unmanageable outputs. Especially if I rerun experiments + with new data, and later want to change patterns, colors... It was always more of a hassle. I used it for my Master's thesis.

    Instead, Python program -> show plot -> if okay, generate CSV.

    In LaTeX, have PGFplot code which reads CSV file and generates the data that way. Much, much easier to maintain.

  • [OC] Reviving and Advancing Page Cache Attacks on Linux (My first publication as a PhD student!)

    Jump

  • Thanks for your words!

    Yes! We use TikZ for the diagrams, which can be a nightmare sometimes... but it gets better the more I use it.

    Regarding the plots, we use PGFplots. I often use matplotlib for quick plots while running experiments, but the paper itself uses PGFplots with the data in a CSV for that sweet, sweet scaling when you zoom in.

  • Reviving and Advancing Page Cache Attacks on Linux

    Jump

  • Thanks for the question!

    As long as caches have existed, very similar styles of side channels have been demonstrated since the late 90s. A lot of the terminology we use (flush+reload, flush+flush...) are attack techniques that have been already demonstrated on CPU caches, and these demonstrations are at least a decade old.

    Flush+Reload: https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/yarom

    Flush+Flush: https://gruss.cc/files/flushflush.pdf

    Invalidate+Compare (GPU caches, 2024): https://www.usenix.org/conference/usenixsecurity24/presentation/zhang-zhenkai

    My colleague, Hannes, found similar styles of attacks existed with the Linux DNS cache too: https://hannesweissteiner.com/pdfs/dmt.pdf (also published at NDSS 26!)

    The one really big difference between the page-cache side channel and other side channels is the "monitor" primitive. There are methods that the OS provides which directly report the presence of a page in cache. These are syscalls like mincore (mitigated in 2019), preadv2 + rwf_nowait (unmitigated), and cachestat (mitigated in 2025).

    With these syscalls, we don't even have to rely on timing information (is page access fast -> cached; is it slow -> not cached). These syscalls really set the page-cache side channel apart because you can nondestructively figure out whether a page is in cache.

    The page-cache side channel was first explored in 2019. It was explored on Linux but also on Windows by my advisor et al.: https://gruss.cc/files/pagecacheattacks.pdf

    Hope this answers your question :D

  • Reviving and Advancing Page Cache Attacks on Linux

    Jump

  • Thanks for cross-posting and tagging me!

  • Linux @lemmy.ml
    A Basil Plant @lemmy.world
    OC

    Reviving and Advancing Page Cache Attacks on Linux (My first publication as a PhD student!)

    snee.la /posts/eviction-notice/

  • Help me ditch windows?

    Jump

  • Debian is rock-solid stable, but lacks newer packages. It's great for a server, not so great for [...] general computing.

    What the fuck??? I've been daily driving Debian for years now on my personal laptops, desktop, mini PC, and mutliple servers. I've found and reported Linux kernel vulnerabilities on my trusty Debian systems.

    What do you mean it's not so great for general computing? What can't you do with Debian computing-wise that you can do with other distros? The only issues I've ever had was with some LaTeX packages being older versions. You just get that from CTAN and install that manually.

    This is such a ridiculous comment. What do you do on a server that's not general computing? You're doing a subset of general computing??? How does a fucking distro actively prevent you from doing general computing???

  • A Collection of Christmas Ornaments [OC]

    Jump

  • Thank you for the comment!

    Most of the beautiful hardwork was done by the store - I just pointed, zoomed, focused, and shot. It doesn't feel like I did much to the already existing grandeur.

  • pics @lemmy.world
    A Basil Plant @lemmy.world
    OC

    A Collection of Christmas Ornaments

  • TIL 95% of Americans don't get the minimum recommended amount of fiber

    Jump
  • Deleted

    Permanently Deleted

    Jump

  • It really is

    Jump

  • Hackers can steal 2FA codes and private messages from Android phones

    Jump

  • Hackers can steal 2FA codes and private messages from Android phones

    Jump

  • OSS PDF editor/markup software recommendations

    Jump

  • If the reports are somewhat technical (written with Latex for example), check out sioyek: https://sioyek.info/. It's a PDF reader mainly for academic use.

    Sioyek has made reading and reviewing papers SO much easier and it's really, really convenient... once you get the hang of it. It takes a bit of time to get used to all the things, but it's worth it. I also review students' theses with it. Highlighting colors and adding comments is super easy (select text, h+g (green highlight), type comment).

    If you have want to export your notes and comments, you will need this script though: https://github.com/ahrm/sioyek/blob/main/scripts/embedded_annotations.py

  • Technology @lemmy.world
    A Basil Plant @lemmy.world

    An 800 Star Repository Just Went Private

    snee.la /posts/800-star-repo/
  • Asklemmy @lemmy.ml
    A Basil Plant @lemmy.world

    Do you use "mould" or "mold"?

  • 30 Rock @dubvee.org
    A Basil Plant @lemmy.world

    What do elites do when they screw up?

  • linuxmemes @lemmy.world
    A Basil Plant @lemmy.world

    Arch users trying to print files

  • Programmer Humor @programming.dev
    A Basil Plant @lemmy.world

    Mcafee accidentally made users call the devs of SQLite and complain.

  • Linux @lemmy.ml
    A Basil Plant @lemmy.world

    How System Requests Work and How to Add Your Own SysReq

    snee.la /posts/sysrq/
  • Science Memes @mander.xyz
    A Basil Plant @lemmy.world

    Slightly less than two drinks = positive effect on programming ability

  • Mildly Infuriating @lemmy.world
    A Basil Plant @lemmy.world

    Nature Valley: 10 bars in 5 packs

  • Cybersecurity - Memes @lemmy.world
    A Basil Plant @lemmy.world

    Your password must also not contain the following character combinations: script, select, insert, update, delete, drop, --, ', /*, */.

  • Firefox @lemmy.ml
    A Basil Plant @lemmy.world

    How to un-tiny scrollbars in Firefox

    snee.la /ramblings/scrollbars/