Author here. I made this demo and a related matrix-matrix multiplication demo [1] back in 2015 for Robert van de Geijn's Linear Algebra: Foundations to Frontiers MOOC class [2]. In the light of Spectre attack and recent browsers' changes to reduce precision of timers, I remembered of this project, and decided to check if it still works now, 3 years later. Surprisingly, it still works well!
Could you make the website viewable without JavaScript?
Edit: I think the downvotes are unjustified. For clarification, if that wasn't clear by context, I don't expect to get the JavaScript test results from my computer while viewing the website without JavaScript. Demanding that would obviously be nonsense. Rather than that I assume there is information on that website that is interesting to read even without using JavaScript personally. Or is using JavaScript now a requirement to learn about JavaScript?
I didn't know what to expect to see. I vaguely assumed to see some text and data. That's why I carelessly formulated my question like I did. Still, I think the difference is small and my question wasn't extraordinary.
I use uMatrix, this site just shows up as a white page until I allow it to load some JS from a third party. Once I allow the JS, I see a graph that gets built without any explanation of what that graph means.
I consider it an unacceptable form of code deployment. It's unsafe in the computing sense, and leads to a ecosystem where users are less and less in control of the software they use.
The CPU is advertised as 6 MB L2 cache[0] but it has "L1 = 4 x 32 KB 8-way set associative data caches and L2 = 2 x 3 MB 12-way set associative caches (each L2 cache is shared between 2 cores)"[1].
You can clearly see the constant time access to L1 cache up to 32KB. Then grows to (linear?) access time up to 2MB (where it still fits in one of the L2 caches) and then again a different (log-like?) function from there on.
So, who thought it was a great idea again to use a mechanism intended for document transfer to run unsigned, unaudited code on just about every client in the world?
That's because companies want to keep making money by using data from users they would never give otherwise and by keeping control over the software people depend upon after it was clear that free software won on the users computers.
The most unreflected thing is that people now even use these technologies for their private projects. HTML must be further developed, or some alternative be designed.
To be fair the problem is not related to web browsers. It's more about running code in general.
I start to realize that running someone else's code means trusting the developer. No matter the amount of sandboxing and the layers of abstraction, eventually his code will be able to run as root using exploits that are yet to be discovered.
I would argue it is very much related to web browsers. Sure, your torrent-engine or audio-player can be vurnerable as well, but how likely is that? If this would be the case, I'd say that the developers of this audio-player have seriously fucked up, essentially have allowing the third party to run an arbitrary code on your PC — something is doubtfully necessary for an audio-player. The most important question would be — what do you have installed? And, sure, it could potentially be all kinds of malware, but then chances are you are fucked anyway — because installing a software, ironically, requires much more trust than opening a web-page.
But in reality you (and billions of people around the world) have this thing called web-browser with JS enabled, where opening a simple text-document is basically indistinguishable from running a BTC-miner for the end-user. All these people are fucked right now and have been left to hang. All they can do is to ignore the news and hope it will just go away.
It did seem to me a viable solution some 10-15 years ago, in the time of Web2.0. Now, after mobile apps have spread around the world — I reconsidered. Having an app is just better even if it's just the HN-reader. Even better, if it would be a single app for some common "news-aggregator-protocol", to fetch content from HN, reddit, etc. But it is not only not the case — I heard people say that this attitude is "killing the web". Well, if so, fuck you, web should be killed. It should have never existed at all in the form we currently have.
Sure, but until the advent of JS you at least knew whose code you were going to run. Now you are more or less required to run untrusted code just to get through daily life.
And web platform people remain convinced that HTTPS transport encryption is sufficient to protect everyone, even though desktop app, OS, and bootloader people have been doing code-signing for something like two decades.
Yeah, they did exactly that. But it was too late. And we've really lost the battle when browser vendors (one of whom has vested interest in advertisements and tracking) overtook the HTML standard from W3C.
If you're pure, you don't care about getting soaked. You do it, because you believe it's the right thing to do, even if people joke about you and you don't make big money.
Sad outcome: realizing that 99% of the people in our field don't care about freedom or privacy, and are willing to actively work against these ideas as long as it is beneficial for their yearly bonus or their next valuation round.
I'd like to see some text explaining what I'm looking at.
Based on the title, it's something to do with cache latency, but that doesn't really help me. What exactly is it measuring? How does it perform this measurement? What are the limitations of this technique? What are the wider implications of this? What uses does it have, both potentially nefarious ones and potentially beneficial ones?
Okay, so how can we deactivate ASM.js and WebAssembly? (in the light of Meltdown and Spectre)
The config in Chrome is broken, WebAssembly cannot be deactivated anymore with chrome://flags/#enable-webassembly , setting it to "deactivated" and it's still active.
The source code is available on GitHub [3].
[1] https://maratyszcza.github.io/laff-demos/dgemm.html
[2] https://www.edx.org/course/linear-algebra-foundations-fronti...
[3] https://github.com/Maratyszcza/laff-demos