frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Intel and AMD standardise ChkTag to bring Memory Safety to x86

https://community.intel.com/t5/Blogs/Tech-Innovation/open-intel/ChkTag-x86-Memory-Safety/post/1721490
73•ashvardanian•6d ago

Comments

sparkie•6d ago
Sparse on details.

Presumably will be based on the existing Linear Address Masking/Upper Address Ignore specs, which are equivalent, and will be similar to CHERI.

If so it needs to be opt-in or at least opt-out per process, because many language runtimes use these pointers bits to optimize dynamic types, and would suffer a big performance hit if they were unable to use them.

monocasa•1h ago
Not a whole lot of language runtimes (if any) really depend on upper address ignore.

AFAIK, AMD only added it in Zen4.

fooker•19m ago
Lua does
erichocean•16m ago
The JVM does with the ZGC garbage collector, did a really nice talk on it recently. [0]

[0] https://www.youtube.com/watch?v=y_QeST7Axrw

wbl•1h ago
Dynamic types have classically used the lower bits freed by alignment constraints. If I know a cons cell is 16 bytes then I can use the low 4 bits of an address to store enough type info to disambiguate.
monocasa•1h ago
Depends on the architecture. Top bit usage lets you do what the hardware thinks if as an 'is negative' check for very cheap on a lot of archs for instance.
themafia•1h ago
Is it a guarantee that a 16 byte object would be 16 byte aligned?
ComputerGuru•56m ago
No. It depends on the object.
vidarh•28m ago
Not in general, but it is a guarantee a runtime where all allocation are 16 byte cons cells can choose to make quite trivially.
bluGill•18m ago
If you implement malloc you can do that. The os generally gives you 4k (or other number in that range) at a time and malloc subdivides it.

language runtimes can call malloc whatever they want.

IshKebab•1h ago
I highly doubt this is anything like CHERI. More likely it's their version of ARM MTE.
georgeburdell•2h ago
I wonder what happened that Apple/ARM has implemented something similar at nearly the same time. https://security.apple.com/blog/memory-integrity-enforcement...
astrange•2h ago
Intel already tried it once in 2019, failed and had to remove it.

https://en.wikipedia.org/wiki/Intel_MPX

jpecar•1h ago
Afaik Intel's first foray into this territory was their i960mx which ended up in F-22.
monocasa•1h ago
Even before then the iAPX432 had object capability security wrt its memory.
monocasa•1h ago
I remember playing with it and finding out it was slower than just manual bounds checks in front of every memory access.
noir_lord•2h ago
Don't think it was any one thing so much as it makes a whole bunch of attacks more difficult - security is a perpetual arms race after all.
fweimer•2h ago
Arm MTE is much older. Android already supported it with a limited number of devices: https://developer.android.com/ndk/guides/arm-mte

There is server hardware out there now that in theory can support MTE, but I don't know if there's commercial support for it. MTE needs to be set up by the firmware, it's not purely an OS/kernel matter.

preisschild•1h ago
GrapheneOS (hardened Android distribution) also has it enabled by default for the base OS and user-installed Apps that support it (you can also force it for all apps) on 8th Gen Google Pixels and newer

Interesting thread:

https://grapheneos.social/@GrapheneOS/113223437850603601

superkuh•2h ago
I hope there are OS level (ie kernel build options) to turn this kind of thing off or just ignore the 'tags'. I know it's important for corporate use cases and monetary transactions and all that, but on my personal computer I use for fun I want to be able to peek and poke.
muricula•2h ago
Is there a whitepaper or ISA manual change describing the feature?
haunter•2h ago
ChkTag doesn't exist yet, they are working on it
LoganDark•1h ago
So they really did see Apple announce MIE and rush to come up with something similar.
pizlonator•2h ago
It’s just probabilistic memory safety, at best

Still cool, but not a replacement for memory safety language implementations.

cogman10•2h ago
Garbage article.

Like, cool, you guys are starting to talk about a new instruction set that will make C safe somehow. Yet you failed provide an ounce of detail for how you'll accomplish that.

This might as well been a "And we'll make our CPUs 10x faster and they'll use 10x less power!". Or "Future CPUs will have a 10ghz clock speed!"

Again, who is this article for? The government maybe to assure them that x86 will take cyber security seriously?

xattt•2h ago
> Future CPUs will have a 10ghz clock speed!

Glad to see Tejas finally making it to see the light of day! Can’t wait to pair it with my Larrabee GPU in my BTX case.

cogman10•1h ago
I'm happy another old hardware nerd got that dated reference :D.

I was convinced back in the day that Larrabee would change the world. It seemed like such an amazing technology especially since multi-core CPUs were just starting to take off in consumer hardware.

fooker•16m ago
Given that this technique is used in production for all current gen Iphones should tell you this isn't vaporware.
monocasa•1h ago
> This is a general data security concern, including for AI data, which governments have urged companies to defend against.

Had to find some way to use "AI" in a press release, less the stock gods get angry and vengeful.

pixelpoet•1h ago
lest*: https://en.wiktionary.org/wiki/lest
monocasa•57m ago
As your citation says, lest is an Old English contraction of 'less [pronoun that starts with th]'.
ummonk•39m ago
Then write "less that the" if you prefer not to use the contraction.
zdw•46m ago
Now they just need to agree to implement ECC everywhere instead of using it as a product differentiator, so we can reduce the amount of random issues caused by memory and bus errors.
packetlost•41m ago
This is already the case in DDR5.
ploxiln•34m ago
Not really. ECC memory will have an extra ram chip, and store an extra bit per byte or so, for that error detection/correction. DDR5 only has error-correction bits added to the bus, regular DDR5 doesn't have extra chips/bits for error correction of the data while it is stored.

But also, what you really want is ECC that reports all the way up to the OS the corrected and un-corrected bits. This is how you know if it's on the edge, becoming a real problem. Otherwise, it works fine until it doesn't shrug which is the same as regular normal memory.

I think the ECC added to the DDR5 bus is kinda just enough to get the higher data-rate signaling to be as reliable as DDR4. It's nice for marketing to put ECC on the DDR5 box but it's not more robust than DDR4.

timschmidt•19m ago
This is an oft-repeated misunderstanding. DDR5 memory uses error correcting codes internally to correct on-die errors, but this does not defend against errors on busses between the DIMM and memory controller. For that the old scheme of extra chips to store additional ECC data is still the only way.
tdullien•30m ago
With all the negative comments here: This is existing technology on ARM64 (MTE) and on modern iPhones (https://security.apple.com/blog/memory-integrity-enforcement...).

For a good intuition why this (coupled with instrumenting all allocators accordingly) is a game-changer for exploitation, check https://docs.google.com/presentation/d/1V_4ZO9fFOO1PZQTNODu2...

In general, having this come to x86 is long-overdue and very welcome.

Claude Code on the web

https://www.anthropic.com/news/claude-code-on-the-web
286•adocomplete•4h ago•170 comments

Intel and AMD standardise ChkTag to bring Memory Safety to x86

https://community.intel.com/t5/Blogs/Tech-Innovation/open-intel/ChkTag-x86-Memory-Safety/post/172...
73•ashvardanian•6d ago•38 comments

AWS Multiple Services Down in us-east-1

https://health.aws.amazon.com/health/status?ts=20251020
1510•kondro•15h ago•1745 comments

BERT is just a single text diffusion step

https://nathan.rs/posts/roberta-diffusion/
326•nathan-barry•8h ago•81 comments

Production RAG: what I learned from processing 5M+ documents

https://blog.abdellatif.io/production-rag-processing-5m-documents
266•tifa2up•7h ago•73 comments

Alibaba Cloud says it cut Nvidia AI GPU use by 82% with new pooling system

https://www.tomshardware.com/tech-industry/semiconductors/alibaba-says-new-pooling-system-cut-nvi...
300•hd4•10h ago•210 comments

Show HN: I created a cross-platform GUI for the JJ VCS (Git compatible)

https://judojj.com
37•bitpatch•7h ago•5 comments

My trick for getting consistent classification from LLMs

https://verdik.substack.com/p/how-to-get-consistent-classification
38•frenchmajesty•1w ago•12 comments

A laser pointer at 2B FPS [video]

https://www.youtube.com/watch?v=o4TdHrMi6do
116•thunderbong•1d ago•13 comments

Code from MIT's 1986 SICP video lectures

https://github.com/felipap/sicp-code
67•felipap•3d ago•4 comments

x86-64 Playground – An online assembly editor and GDB-like debugger

https://x64.halb.it/
88•modinfo•5h ago•7 comments

TernFS – an exabyte scale, multi-region distributed filesystem

https://www.xtxmarkets.com/tech/2025-ternfs/#posix-shaped
82•kirlev•5h ago•6 comments

Today is when the Amazon brain drain sent AWS down the spout

https://www.theregister.com/2025/10/20/aws_outage_amazon_brain_drain_corey_quinn/
112•raw_anon_1111•2h ago•32 comments

How to stop Linux threads cleanly

https://mazzo.li/posts/stopping-linux-threads.html
156•signa11•5d ago•55 comments

Art Must Act

https://aeon.co/essays/harold-rosenberg-exhorted-artists-to-take-action-and-resist-cliche
9•tintinnabula•3d ago•0 comments

Optical diffraction patterns made with a MOPA laser engraving machine [video]

https://www.youtube.com/watch?v=RsGHr7dXLuI
99•emsign•6d ago•17 comments

The scariest "user support" email I've ever received

https://www.devas.life/the-scariest-user-support-email-ive-ever-received/
95•hervic•5d ago•66 comments

Postman which I thought worked locally on my computer, is down

https://status.postman.com
117•helloguillecl•7h ago•62 comments

iOS 26.1 lets users control Liquid Glass transparency

https://www.macrumors.com/2025/10/20/ios-26-1-liquid-glass-toggle/
120•dabinat•3h ago•97 comments

Space Elevator

https://neal.fun/space-elevator/
1436•kaonwarb•18h ago•330 comments

Servo v0.0.1

https://github.com/servo/servo
442•undeveloper•10h ago•133 comments

J.P. Morgan's OpenAI loan is strange

https://marketunpack.com/j-p-morgans-openai-loan-is-strange/
173•vrnvu•3h ago•117 comments

Docker Systems Status: Full Service Disruption

https://www.dockerstatus.com/pages/incident/533c6539221ae15e3f000031/68f5e1c741c825463df7486c
320•l2dy•15h ago•122 comments

The longest baseball game took 33 innings to win

https://www.mlb.com/news/the-longest-professional-baseball-game-ever-played
28•mooreds•5d ago•47 comments

When a stadium adds AI to everything, it's worse experience for everyone

https://a.wholelottanothing.org/bmo-stadium-in-la-added-ai-to-everything-and-what-they-got-was-a-...
89•wawayanda•3h ago•45 comments

DeepSeek OCR

https://github.com/deepseek-ai/DeepSeek-OCR
842•pierre•16h ago•217 comments

Show HN: Playwright Skill for Claude Code – Less context than playwright-MCP

https://github.com/lackeyjb/playwright-skill
129•syntax-sherlock•11h ago•39 comments

Show HN: EloqDoc: MongoDB-compatible doc DB with object storage as first citizen

https://github.com/eloqdata/eloqdoc
26•iamlintaoz•1d ago•18 comments

Peanut allergies have plummeted in children

https://www.nytimes.com/2025/10/20/well/peanut-allergy-drop.html
91•JumpCrisscross•4h ago•79 comments

Pointer Pointer (2012)

https://pointerpointer.com
220•surprisetalk•1w ago•28 comments