FLOP abuses the LVP in a way that allows the attacker to run functions with the wrong argument—for instance, a memory pointer rather than an integer.
is this a vulnerability in the software? So patching this won’t require disabling speculative execution?
Some browsers such as cromite disable JIT compilation and WebAssembly by default. Allowing you to opt-in to enable these features on a site by site bases.
JIT and WebAssembly have been the source of many high profile CVE in browser recently including the one mentioned in the post (well, this one is on Safari’s Chrome).
relevant research
\ here you dropped an arm
¯\_(ツ)_/¯
Oh wow, I have always thought the y stands for “yes to any questions”
turns out it has a --noconfirm
Should have read the man page…
-y, --refresh
Download a fresh copy of the master package databases (repo.db) from the server(s)
defined in pacman.conf(5). This should typically be used each time you use
--sysupgrade or -u. Passing two --refresh or -y flags will force a refresh of all
package databases, even if they appear to be up-to-date.
Noob here what is the difference?
also why would an extra but the same character y make a difference? Is that common in the arch linux ecosystem?
What’s the issue with WebGL and WASM? I don’t want to use a plugin to be able to view 3d model, run Figma, play browser game, view WebVR content, …
This is how I remembered it. I always see Elop as a trojan horse from Microsoft