markbetz.net

In web design (or more generally: user-interface design) you will often hear the terms “content” and “presentation.” These terms are useful devices for classifying the stuff that shows up on a web page when we browse to a URL, or on an application’s user interface. Content is the stuff you want to see, whether it is a number representing an account balance, or an image representing a funny moment in time. Presentation is the way in which that stuff is… er… presented on the web page. If the account number is shown in boldface Verdana 10pt with a 1px red border around it, or if it is displayed in Courier 12pt bereft of adornment, it is still the same account number. Only the way in which the user views it has changed. This factoring into data, function, and views has roots that stretch well back into the history of human development across many disciplines, including my own: software engineering. In fact, the evolution of “document” structure on the Internet parallels in many webways the evolution of structured, and later object-oriented and component-based, techniques for architecting software systems. Just as early unstructured programming languages tended to result in “spaghetti code” that carelessly interleaved data and the functions that operated on it into a single view, so did early HTML documents tightly weave content and presentation. Many still do, including the one that you are reading now. Continue Reading »

A prof by the name of Colin Percival of Simon Fraser University in British Columbia has published a 12-page paper (PDF here) that shows how simultaneous execution of threads in the Intel Pentium hyperthreading model can lead to compromised security. If you can stomach wading through the details, it makes for a fascinating journey through processor internals. It helps if you can read assembly code and understand encryption. What he demonstrates is basically this: in the Pentium model simultaneously executing threads share access to the level 1 and level 2 memory caches. In the simplest exploit Professor Percival shows that two threads can use the timing of reads and writes from these caches to communicate bits between themselves at up to 400 kilobytes per second. That’s a fairly high-bandwidth channel, but the threads have to cooperate. In the piece de resistance he shows that a spy thread, working without the knowledge of the thread it is watching, can use the timing effects of level 2 cache misses to infer certain characteristics of the data being operated on, including important parts of the modulo arithmetic used in OpenSSL encryption key processing.