I have a straightforward critique of your Hyperthreading jihad: you aren't addressing attacks that normal users face, you aren't even resolving the attacks you're address completely (but rather hacking up the kernel and crippling the architecture), and you're breaking shit while you do it (your "Core Solo").
You have a bunch of responses to that critique, the majority of which have nothing to do with my argument ("breaking FreeBSD in order to create an incomplete solution to timing attacks is a bad idea"), but rather are about how important YOUR work and YOUR paper is, and how I'm consistently getting the chronology wrong by suggesting you have any predecessors.
You published your paper in May '05. Osvik presented his work in March '05. The only publically available copy of your paper doesn't cite Osvik et al. Citations predate the web. What's the problem? You can't seem to support your claim about my chronology mistakes with evidence.
You claim that your work was so important that Intel tried to stop you from publishing it. Speaking as someone who has actually been stopped from publishing a security result: I call bullshit. You published anyways. How serious could the threat have been? Support your claim with evidence.
I don't know what the "field of comparative open source project management" means. Neither do you. But you did get on kernel traffic and you did pick a fight with Linus and you did do it because he dared suggest that your hack not be mainlined into Linux. How has your verbal dodge mitigated the appearance that your goal was to get attention, and not to save the world?
I believe you didn't take a job in the period you described. My wording was unclear. You don't need to support the claim that you were unemployed with evidence. What I meant was: you haven't supported the claim that your goal wasn't a publicity attack with evidence.
Conceding that your word on crypto is more authoritative than mine doesn't imply I'm conceding that I don't know how your cache timing attack works. Side channel attacks aren't constrained to cryptography; I used one in 1997 to detect promiscuous sniffers on general purpose operating systems remotely. Moreover, I'm not sure that quoting Osvik, Tromer, and Shamir contradicting you directly counts as "floundering". Maybe it does, and, once again, maybe you could try backing up your claim with evidence instead of ad-hominem.
Finally, "demonstrating" an attack that everyone seems to have known about months before your demonstration makes you Alec Muffett, not Paul Kocher. I don't know what writing your own vanity crypto library instead of working to fix OpenSSL makes you. Tom St. Denis maybe? Great paper, Colin. I'm sure they'll teach it in University. Can you go find some integer overflows now, or at least leave the kernel alone?
Josh Daymont
· 3 years ago
Can't we all just get along?
Alec Muffett
· 1 year ago
>Finally, “demonstrating” an attack that everyone seems to have known about months before your demonstration makes you Alec Muffett, not Paul Kocher.
Blimey, Tom - what on earth did I do to become a byword?
I can't recall ever making a claim that I had invented something /old/, although not infrequently I've helped to make things more "accessible"...
All Comments
http://www.daemonology.net/blog/2006-04-28-my-v...
You have a bunch of responses to that critique, the majority of which have nothing to do with my argument ("breaking FreeBSD in order to create an incomplete solution to timing attacks is a bad idea"), but rather are about how important YOUR work and YOUR paper is, and how I'm consistently getting the chronology wrong by suggesting you have any predecessors.
You published your paper in May '05. Osvik presented his work in March '05. The only publically available copy of your paper doesn't cite Osvik et al. Citations predate the web. What's the problem? You can't seem to support your claim about my chronology mistakes with evidence.
You claim that your work was so important that Intel tried to stop you from publishing it. Speaking as someone who has actually been stopped from publishing a security result: I call bullshit. You published anyways. How serious could the threat have been? Support your claim with evidence.
I don't know what the "field of comparative open source project management" means. Neither do you. But you did get on kernel traffic and you did pick a fight with Linus and you did do it because he dared suggest that your hack not be mainlined into Linux. How has your verbal dodge mitigated the appearance that your goal was to get attention, and not to save the world?
I believe you didn't take a job in the period you described. My wording was unclear. You don't need to support the claim that you were unemployed with evidence. What I meant was: you haven't supported the claim that your goal wasn't a publicity attack with evidence.
Conceding that your word on crypto is more authoritative than mine doesn't imply I'm conceding that I don't know how your cache timing attack works. Side channel attacks aren't constrained to cryptography; I used one in 1997 to detect promiscuous sniffers on general purpose operating systems remotely. Moreover, I'm not sure that quoting Osvik, Tromer, and Shamir contradicting you directly counts as "floundering". Maybe it does, and, once again, maybe you could try backing up your claim with evidence instead of ad-hominem.
Finally, "demonstrating" an attack that everyone seems to have known about months before your demonstration makes you Alec Muffett, not Paul Kocher. I don't know what writing your own vanity crypto library instead of working to fix OpenSSL makes you. Tom St. Denis maybe? Great paper, Colin. I'm sure they'll teach it in University. Can you go find some integer overflows now, or at least leave the kernel alone?
Blimey, Tom - what on earth did I do to become a byword?
I can't recall ever making a claim that I had invented something /old/, although not infrequently I've helped to make things more "accessible"...