Upon doing more research I am noting in regards to my previous post about vendors who claimed to solve the problem by doubling the RAM refresh rate in their firmware that according to [1] it only postpones the problem rather than eliminating it.
[1] https://googleprojectzero.blogspot.de/2015/03/exploiting-dram-rowhammer-bug-...
On 12/14/2018 03:20 AM, Nico Huber wrote:> On 07.12.18 22:46, Taiidan@gmx.com wrote:
rowhammer is almost entirely a laptop problem or for that matter anything that uses SODIMM's due to their high density.
That doesn't seem right. Can you give any examples of chips commonly used on SO-DIMMs that can't be found on DIMMs?
Ahhh good point commodity parts.
I had the feeling you find the same chips on both. SO-DIMMs often host
16 chips. If you'd
want the same capacity on a DIMM with less chip density, you'd need 32 chips (or physically bigger chips). Never seen that (though didn't look for it either).
I had read it somewhere awhile back when the problem first appeared stating that it didn't appear as much in desktops and servers due to lower density RAM which made sense to me considering the size difference I also tested my various home computers and only my laptops had a problem not the desktops/servers (all have ecc but it didn't show any errors) so I figured that it was an accurate statement. This shows the value of going back to quickly research something before providing the statement (and having others who aren't me to review!)
On 12/14/2018 12:21 PM, ron minnich wrote:
So, at first we have a non-specific ad-hominem attack:
I want people to get the best advice possible (hence my list of alternative sources) and while I can cite examples I am prohibited from potentially starting arguments about them so I do not want to.
To me providing good advice is important since someone reading it could be facing a life or death situation such as a journalist in a hostile country and why I always apologize and note a correction if I give wrong advice. I am also a better sysadmin than I am a programmer so I concentrate on my strong points.
On Fri, Dec 7, 2018 at 1:53 PM Taiidan@gmx.com Taiidan@gmx.com wrote:
I would like to note that company has provided poor security advice on a variety of occasions
followed by poor security advice:
rowhammer is almost entirely a laptop problem or for that matter anything that uses SODIMM's due to their high density.
which is immediately disproven with a 3 term search on google: https://cloud.google.com/blog/products/gcp/7-ways-we-harden-our-kvm-hypervis...
"The Google Project Zero team led the way in discovering practical Rowhammer attacks against client platforms. Google production machines use double refresh rate to reduce errors, and ECC RAM that detects and corrects Rowhammer-induced errors."
so, please all, no ad-hominem attacks, and if you're going to make a technical claim, please be ready to provide justification.
I had read it in a whitepaper somewhere and I am attempting to find out where.
That is a good idea to have a citation on hand for claims like this and I will do so from now on as if I were editing the wiki.
thanks
ron
If a post of mine is not acceptable then I encourage you or others to exorcise your right to deny it as sometimes I do not realize what is and what isn't considered okay.