Skip to content. | Skip to navigation

Personal tools
Log in
You are here: Home - Blog

Can recompiling the kernels with LFENCE mitigate spectre and meltdown?

Posted by admin |

Daniel J. Bernstein on Twitter:

Even with today's ludicrously bloated kernels, I'm skeptical about the idea that speculative execution _in the kernel_ seriously helps computer performance. Has anyone measured overall slowdown from recompiling kernel branches to use LFENCE with new (fully serializing) microcode?

Jan 14, 2018 12:15

L4Linux — Linux ontop of a microkernel

Posted by admin |

Untested by me, but I wonder if it is less susceptible to the meltdown and spectre attacks, at least some aspects of them.


Welcome to L4Linux!

Read more: Link - L4Linux

Jan 08, 2018 12:55

Notes on the meltdown and spectre exploits

Posted by admin |

These are my notes for personal use on 2018-01-05, check authoritative sources and do not rely on what is written here.

As of today, here is a good source:

General strategy

Run sensitive stuff on dedicated computers

Google Chrome

Enable site isolation



Firefox 57 and onwards has a kind of timing resolution mitigation, which should help a bit.


Linux distros may have patched some already in December. Unclear right now how much it helps.

Brutally honest notes from the Xen project on these exploits, worth reading


SP1, "Bounds-check bypass": Poison the branch predictor, such that
operating system or hypervisor code is speculatively executed past
boundary and security checks.  This would allow an attacker to, for
instance, cause speculative code in the normal hypercall / emulation
path to execute with wild array indexes.

SP2, "Branch Target Injection": Poison the branch predictor.
Well-abstracted code often involves calling function pointers via
indirect branches; reading these function pointers may involve a
(slow) memory access, so the CPU attempts to guess where indirect
branches will lead.  Poisoning this enables an attacker to
speculatively branch to any code that exists in the hypervisor.

SP3, "Rogue Data Load": On some processors, certain pagetable
permission checks only happen when the instruction is retired;
effectively meaning that speculative execution is not subject to
pagetable permission checks.  On such processors, an attacker can
speculatively execute arbitrary code in userspace with, effectively,
the highest privilege level.


There is no mitigation for SP1 and SP2.

SP3 can be mitigated by running guests in HVM or PVH mode.


There is no available resolution for SP1 or SP3.

We are working on patches which mitigate SP2 but these are not
currently available.

Jan 05, 2018 12:30

How I got my Microsoft Bluetooth 3600 mouse to work on Ubuntu 17.10

Posted by admin |

Now I do not know if or why this did the trick, but following the instructions here:

echo "options iwlwifi bt_coex_active=0"|sudo tee --append /etc/modprobe.d/iwlwifi.conf

then you should restart your computer or you can reload your wifi modules. Again in one line:

sudo rmmod iwlmvm iwlwifi && sudo modprobe iwlmvm

…gave a lot of new devices discovered in bluetoothctl, among which I could pair and trust the mouse. This issue was driving me nuts btw.


[NEW] Device CE:AB:BA:AB:87:87 BluetoothMouse3600

pair CE<tab completion><return>

trust CE<tab completion><return>

Here is some explanation but seems to go the other way…

Dec 21, 2017 09:55

My favorite image viewer on Linux

Posted by admin |

…is Gwenview. Had forgotten the name, so it took me a bit of searching to find it and install it again. It has function keys for moving and copying images, which makes sorting easier. It also has of course a slideshow.


I just found one called geeqie that seems to do the same things, but also allows you to tag images into six categories with keypad 1-6, and then do stuff with a tagged set of images..

Dec 19, 2017 10:00

Pipelines in Kotlin (first steps)

Posted by admin |

I cannot lie, I like pipelines. They make a program easy to understand, and you get functional programming for free. And parallelization. So how do you do it in Kotlin? In Javascript I use the Bluebird library, which has some extra goodies too. But since I am now looking into Kotlin, what's the deal there?

Java itself now has streams, but Kotlin's support for pipelines predate Java's. Many types can be pipelined in Kotlin, but in Java they need to converted to streams. Kotlin's pipelines are eager, unless you convert them to sequences, in which case they match the lazy evaluation of Java streams. Here is a Kotlin program that seems to work:

package se.webworks.pipes

fun main(args: Array<String>) {
    val myList = listOf("a1", "a2", "b1", "c2", "c1")

            .filter({ s -> s.startsWith("c") })
            .map( { emBiggen(it) })
            .forEach({s-> println(s) })

fun emBiggen(thing: String): String{

    return thing.toUpperCase()


"it" is the default variable where things end up if you do not specify. I like that. Very Hypertalk-y.

I learnt it all here

What I am wondering now, is if you can curry functions, so that you can pre-configure them with some parameters already in the pipeline. Maybe just removing the brackets and have a function return a function will do the trick?

We will see…

Why pipelines then? As Walther Bright, creator of the D language wrote:

With these thoughts in mind, I look back at all my failures at reusable code and notice something else: It looks nothing at all like: source → algorithm → sink. In fact, it looks like a bunch of nested loops. The source data enters at the top, and gets swirled around and around in ever smaller and tighter loops, and leaves via the sink in the center of that maelstrom.

Read more: Link - Component Programming in D | Dr Dobb's




Dec 03, 2017 10:20

Setting up Kotlin on Ubuntu 17.10

Posted by admin |


  • Use Oracle's Java, OpenJDK does not work with IntelliJ on Ubuntu 17.10
  • Install Maven
  • Start project in IntelliJ via Maven

Longer explanation

First install maven. It is in the Ubuntu repositories, so easy step.

sudo apt install maven

Download IntelliJ. Kotlin is included in IntelliJ, so no need to download it separately. You need to install the JDK from Oracle, because IntelliJ doesn't understand Openjdk (or the OpenJDK JDK is incomplete) on Ubuntu 17.10 at this point in time.

Place it somewhere and then tell IntelliJ where it is, you can download it and e.g. move it to /usr/local/lib/jvm.


Screenshot from 2017 12 03 18 11 52
Click to view full-size image…
Size: 161.0 kB

Dec 03, 2017 06:20

Getting identical Argon2i hashes with C reference, Rust, Kotlin/Java, python/libsodium & javascript

Posted by admin |

How do you know the Argon2i library you are using is giving you the correct hash? One way to boost confidence is to see if independent implementations yield the same result.

Below first going through configuration differences, then showing an example of an identical configuration for the five Argon2i implementations, yielding the same hash:



  • Web interface to a pure javascript/wasm implementation at, based on a slightly modified version of the reference implementation
  • PyNaCl-1.2.0 for Python3, using libsodium
  • The argon2 command line tool in Ubuntu 17.10, version 0~20161029-1, based on the reference implementation
  • Pure Java implementation by Andreas Gadermaier, version 0.1
  • Rust implementation rust-argon2 by SRU-Systems, version 0.3.0

Different numerical versions of Argon2 yield different results

All above implementations above conform to the hash yielded according to version 0.13 of Argon. However only one of the libraries explicitly state so, rust-argon2. Kudos to SRU systems! You can change the version of Argon2 used in rust-argon2, and with version 0.10 you get this hash (for the same parameters):


The Argon2 paper states in its change log for what's new in version 1.3:

• The blocks are XORed with, not overwritten in the second pass and later

It seems to me that being explicit with what version you are using, or even be aware of that there are different version yielding different results, is a pretty big deal. Your password checking or keystretching may otherwise become quite infuriating and stressful.

There is another Rust implementation of Argon2 Argon2rs, that yields the 0.10 hash in the version available at 0.2.5 at the time of this writing . There is work underway to conform argon2rs also to the 0.13 standard.


The following parameters give the same hash for all five listed implementations. The argon2i version was used, since it is available in all.


Impl. Name Format
argon2-browser salt string
PyNacl salt byte string b"abc"
argon2 CLI <first argument> string
Kotlin/Java <second arg to hash> "abc".toByteArray
rust-argon2 <second arg to hash_raw> byte string b"abc"



Impl. Name Format
argon2-browser iterations number
PyNacl OPS_LIMIT integer
argon2 CLI -t string
Kotlin/Java setIterations integer
rust-argon2 time_cost integer


Impl. Name Format
argon2-browser password string
PyNacl password byte string b"abc"
argon2 CLI <STDIN> string
Kotlin/Java <first arg to hash> "abc".toByteArray
rust-argon2 <first arg to hash_raw> byte string b"abc"

For the argon2 CLI:

echo -n 'password' | argon2 […]


Impl. Name Format
argon2-browser memory number in kibibytes
PyNacl memlimit integer in bytes
argon2 CLI -m string, power of 2 in kibibytes
Kotlin/Java setMemory integer, power of 2 in kibibytes
rust-argon2 mem_cost integer in kibibytes

Memory, as it is called in argon2-browser is called memlimit in pynacl. If you set it to 1024 in argon2-browser, because it is in kibibytes, it should be 1048576 in pynacl, which uses bytes as unit. Google can do the conversion for you.

The argon2 command line tool wants kibibyte powers of 2, so "10" will set it to 2¹⁰ kib which is 1024 kibibytes. Same for Java/Kotlin version.

Octets output length

Impl. Name Format
argon2-browser Hash length number
PyNacl <first argument> integer
argon2 CLI -l string
Kotlin/Java   set to 32 always, maybe?
rust-argon2 hash_length integer


Output in hex format

Impl. How
argon2-browser always in hex
PyNacl key.hex()
argon2 CLI -e
Kotlin/Java always in hex
rust-argon2 hexify yourself

In argon2-browser, it is always in hex, in pynacl it is the .hex() method on the result object. In the argon2 it is hex by default but can be changed to raw bytes with the -r flag. In Java/Kotlin version, it is hex.

Examples of an identical configuration of all

Argon2-web screenshot:

Click to view full-size image…
Size: 34.1 kB

Pure java implemetation called from Kotlin example (thanks to Mikael Ståldal for help on this):

package se.webworks

import at.gadermaier.argon2.Argon2Factory

fun main(args: Array<String>) {
    val password = "masonit".toByteArray()
    val salt = "0123456789ABCDEF".toByteArray()
    val hash = Argon2Factory.create()
            .hash(password, salt)


You can also call the java jar directly with command line arguments:

echo -n "masonit" | java -jar argon2-0.1.jar 0123456789ABCDEF -i -m 10 -p 1 -t 8

Rust example with rust-argon2:

extern crate argon2;
extern crate hex;

use argon2::{Config, ThreadMode, Variant, Version};
fn main() {

let password = b"masonit";
let salt = b"0123456789ABCDEF";
let config = Config {
    variant: Variant::Argon2i,
    version: Version::Version13,
    mem_cost: 1024,
    time_cost: 8,
    lanes: 1,
    thread_mode: ThreadMode::Parallel,
    secret: &[],
    ad: &[],
    hash_length: 32

let hash = argon2::hash_raw(password, salt, &config).unwrap();
    let hex_string = hex::encode(hash);
    println!("{}", hex_string);


argon2 command line tool example:

echo -n 'masonit' | argon2 0123456789ABCDEF -t 8 -m 10

Python code example:

from nacl import pwhash

password = b'masonit'

kdf = pwhash.argon2i.kdf
salt = b'0123456789ABCDEF'

Alices_key = kdf(32, password, salt,
                 opslimit=8, memlimit=1048576 )
Nov 30, 2017 11:15

Happy to live in the EU?

Posted by admin |

Click to view full-size image…
Size: 52.0 kB

Nov 23, 2017 12:11