James Damore's lawyer Harmeet K. Dhillon: "It's acceptable at Google to promote violence against conservatives." She then brings up memes of punching Nazis that are shared on Google's internal forums
So. There you go. Damore thinks Conservatives are Nazis (all the more worrying as he publically identifies with the former.)
Damore is not a good person. He's an extremist who knows how to couch his arguments in a cloak of faux-rationality. Those of us on the left have been trying to warn those of you susceptible to his arguments that he's not actually being honest. Maybe we shouldn't care, but I really don't actually want anyone fooled by this nonsense.
If everyone knew it from the beginning, why has it taken 22-23 years for someone in the CPU design community to let software developers know there's this massive security hole?
In two hours, an Amazon employee will use the Amazon Smartlock(TM) on your front door to enter your house, go to your bathroom, unlock the bathroom with the Amazon SmartBathroomLock, enter, replace the toilet roll on your toilet roll holder, dispose of the empty roll, and spray a deodorizing spray, all while you sit on the toilet and watch.
And it's all part of your Amazon Prime subscription.
Oh, and the other useful feature, before I forget - it supports the screen casting protocols built into Android and Windows. I've found that useful on numerous occasions. You can also generally move a YouTube video playing on your phone to the YouTube app on Roku, but the casting thing is often quicker and you don't have to fiddle around with accounts to make it work.
Seconded. The only complaint I've heard from others (it's not my complaint!) is that it's a poor gaming platform... but if I wanted to play games, I'd get a console.
I have a Premiere+, which supports Ethernet and 4K. The former I find useful, don't have a 4K TV. It's fast, the UI is easy, it's (currently) content provider agnostic, and it plays media from my "WD MyCloud" (or whatever it's called - it's essentially a consumer NAS box with media servers on it) without any problems.
OpenSPARC is open source, the entire reason for the existence of that word was to brand Sun's open-source SPARC project. So, given it's a relatively mature and respected design, you could definitely use OpenSPARC as the basis of an open source CPU design.
The question is really whether the OS hardware community is actually likely to produce something comparable to Intel or AMD, even given a start with the SPARC design. I... don't want to say it's impossible, but it certainly seems somewhat more difficult than producing a better operating system than Microsoft can.
For SPECTRE, the nature of the attack means that programs you expect to be sandboxed in VMs, such as Javascript scripts, may be able to read data outside of their sandboxes if the VM does not specifically address it. So if someone's running a web browser on a SPECTRE-vulnerable ARM CPU, then they're vulnerable if they browse the web if the browser hasn't been SPECTRE hardened.
So saying "You must be running some kind of malware" is misleading. Types of software you run that you would not normally consider a security risk *might* be.
The other side of this is that both Mozilla and Google have released SPECTRE-hardened web browsers, so there's that.
You most certainly can, you just need patched kernels.
Here's a quick summary of the two flaws:
Meltdown: Probably Intel only. Allows user mode programs to access kernel memory. Patchable, but will result in slow downs of up to 30% of applications that use a lot of system calls.
Spectre: Almost all CPUs made in the last two decades. Allows programs to access memory they shouldn't be able to access, but not generally kernel memory. Not patchable, but applications can be written to make it harder to exploit the issue. No major performance problems associated with workarounds.
Set-up requires kernel intervention, but you typically do that at the beginning and then everything else bypasses the kernel so while it's I/O, it's I/O that's not kernel bound.
This is distinct from, say, reading files, where every block of data you read needs kernel intervention.
i7 to i5 isn't really the right comparison. It's more like switching from a 7800rpm to a 5200rpm disk drive. I/O is going to be impacted. AI, physics, and graphics not at all.
From what I can figure out, Spectre can only be mitigated against, it can't be eliminated without hardware design philosophy changes. It'll be very interesting to see the consequences of that.
Yes, you can read from those pointers, but you can't write to those pointers. Both exploits are read-only, they're about trying to extract data from somewhere you shouldn't be able to. But they're still bound by the limits of where the browser is going to allocate JS objects, which is not, obviously, going to be kernel memory.
There's a proof of concept for Spectre written in Javascript, and would only be good for scanning the browser's memory for things like saved passwords.
That's not good, but it's in line with the quote, that the JS implementations of the exploits wouldn't be able to break out of the user's browser.
Try as I might, I can't see a way to exploit Meltdown with JS, as that requires being able to tell the browser to address memory it would never normally address. JS just doesn't have that capability.
There are two classes of exploit, Meltdown and Spectre, with at least three methods to use them to bypass the security of the addressed system, two of which address the same class which in turn rely upon the same design flaw. He dug, he just didn't use the same definition of "exploit" you're using.
It is certainly true that two of the three methods rely on a design flaw exploitable by the Spectre class of exploits, that applies to almost all current CPU families. That said, the consensus seems to be that Spectre is much, much, harder to exploit than Meltdown.
Anything that involves a lot of I/O calls with lots of small files is going to suffer, and that includes the thing that people do most on their PC â" web browsing. It's going to punch compiles right in the nuts.
Yeah, just to try to get some ballpark figures I loaded Slashdot.org (which ought to be fairly light) and Cracked.com (which is the worst website in the world for loading umpteen billion objects) into Edge (which doesn't have AdBlock) - Cracked loaded 739 objects, but even Slashdot, loading the newest dup of this article which has hardly any comments, resulted in 233 requests.
Both Google and Mozilla have apparently already released changes to their browsers to make it physically impossible to even use timing attacks in Javascript pages. So if you're running the latest browsers, disable Flash, and are otherwise unlikely to download and run untrusted third party executables then it's unlikely Meltdown can be exploited with an unpatched kernel. But I also know I'm in a minority for wanting that option.
But, hey, does it matter now, I mean, nobody's even got a fix planned for Spectre, so we're all fucked anyway, patched kernel or not.
Given the type of workaround, where the user is using a plain old web browser, I really don't think Google are going to block it. It would be setting a precedent I don't think they'd want to set. It's one thing to block custom apps they have little control over, quite another to ban access via the standard, supported, way of accessing their content.
They're pissed at Amazon, sure, but even non-cooperation has its limits.
Try a newer Roku. I bought a Roku stick two years ago, and loved it, but certain applications seemed to be ridiculously slow, and others, such as Netflix, started off OK but just became unusable over time.
So we bought a newer standalone Roku, a Roku Premiere+ (sadly discontinued but I'm sure you can find the current equivalent on their site), and it was like night and day. The responsiveness is perfect now. Plus this model you can connect to the Internet using Ethernet rather than Wi-fi (less interference, and using powerline ethernet you don't have much extra wiring.)
I have to admit to finding the improvement in speed absurd, the user interfaces aren't that complex, a Commodore Amiga should be able to render them quickly, but I suspect they're written in Javascript and HTML, using 17 layers of frameworks, all probably by contractors who have never heard of "for()" loops and have no idea why they'd want to use one...
Since large fractions of all systems run the exact same OS images, people DO know much of the system state ahead of time.
I'm trying to think of any situation where that might happen. Even in corporate Windows environments, they moved away from identical images a long time ago (not through choice either.)
The exception, like I said, are Chromebooks, one of the few cases where you can realistically say that almost everyone with a certain User agent string will be running an almost identical environment.
You also don't need to know much about leaked kernel information to make use of it. In a scattershot approach, you try whatever bits you infer to decrypt data. If you're lucky, you find a match. If you attack thousands of systems, you're likely to get lucky.
Honestly, I think you're looking at more than thousands, I think this is a tens of millions thing (even if you know 90% of this stuff ahead of time, you're talking about timing attacks, those aren't easy, and you don't know 90% of this stuff ahead of time)
We're also looking at an attack that hasn't been done before. Most of the exploitable information that hackers are interested in has nothing to do with stuff only available via the kernel. Why have we not seen these kinds of attacks before? [Because they're f---ing almost impossible, that's why!]
That said, let's address this:
In summary, you're just way too overconfident. It only takes one really smart person to package up a hard-to-execute attack and make it conveniently available to everyone else.
I think it's reasonable to be confident that my own environment is highly unlikely to be breached by an insane timing based system that requires full knowledge of exactly what versions of everything I'm running, and has Linux's kernel address randomization to deal with too.
And that's what I was asking about. I want to know if it's possible to disable this because making web browsers or games run 30% more slowly because of an almost impossible to exploit bug is absurd.
Over confident? No. The amount of hoops someone has to jump through to create a useful Javascript-based exploit is absurd for this. There are easier ways of getting someone's SSH keys. Hollywood's magic USB drives are more realistic and practical than anything described here. It'd be a whole lot easier to send something as a.exe that downloads automatically and wait for 1% of users to click on it, than try to craft a timing attack that only affects 0.00001% of desktops.
The only way this could remotely work is if you know absolutely everything about the machine state ahead of time. It might work if you've imaged your victim's PC (in which case, why bother?), or I guess if you have a huge amount of the general state information about the browser, but it's certainly not going to distribute any useful information done as a distributed attack to fish for information to random strangers.
This is paranoia several levels deep and it's going to cause more harm than good if we let it continue. Realistic attacks on people using Javascript are impossible. It's not credible that anyone is going to get an SSH private key or other critical piece of information via this hack via Javascript, or other successfully sandboxed system, except if there's a genuine flaw in the implementation. And those flaws would be significantly more worrying than this kernel memory issue is to 99% of computer users.
I can see good reasons to be concerned about this on my VPSes, and on my private server-of-servers, but it's hard to see a realistic attack on my desktops.
Irony: if your suggestion that timing attacks could work is true, then the one desktop system I can see being vulnerable would be Chromebooks.
Also: If someone has authority over you, then a certain about of distrust is OK. If someone is an authority in their academic field, then that's an entirely different definition of the term "authority" and it actually implies that their opinion is valuable and is respected by people who know what they're talking about.
It's annoying seeing two completely different definitions mixed up. Though not new, we used to see the same thing with the word "sharing" rather a lot.
Slashdot Mirror
Republicans keep claiming liberals are calling them Nazis, but this from Ryan Mac of Buzzfeed news:
So. There you go. Damore thinks Conservatives are Nazis (all the more worrying as he publically identifies with the former.)
Damore is not a good person. He's an extremist who knows how to couch his arguments in a cloak of faux-rationality. Those of us on the left have been trying to warn those of you susceptible to his arguments that he's not actually being honest. Maybe we shouldn't care, but I really don't actually want anyone fooled by this nonsense.
Can't you just reverse the polarity?
If everyone knew it from the beginning, why has it taken 22-23 years for someone in the CPU design community to let software developers know there's this massive security hole?
In two hours, an Amazon employee will use the Amazon Smartlock(TM) on your front door to enter your house, go to your bathroom, unlock the bathroom with the Amazon SmartBathroomLock, enter, replace the toilet roll on your toilet roll holder, dispose of the empty roll, and spray a deodorizing spray, all while you sit on the toilet and watch.
And it's all part of your Amazon Prime subscription.
This is good news for Bitcoin.
Oh, and the other useful feature, before I forget - it supports the screen casting protocols built into Android and Windows. I've found that useful on numerous occasions. You can also generally move a YouTube video playing on your phone to the YouTube app on Roku, but the casting thing is often quicker and you don't have to fiddle around with accounts to make it work.
Seconded. The only complaint I've heard from others (it's not my complaint!) is that it's a poor gaming platform... but if I wanted to play games, I'd get a console.
I have a Premiere+, which supports Ethernet and 4K. The former I find useful, don't have a 4K TV. It's fast, the UI is easy, it's (currently) content provider agnostic, and it plays media from my "WD MyCloud" (or whatever it's called - it's essentially a consumer NAS box with media servers on it) without any problems.
Love it.
OpenSPARC is open source, the entire reason for the existence of that word was to brand Sun's open-source SPARC project. So, given it's a relatively mature and respected design, you could definitely use OpenSPARC as the basis of an open source CPU design.
The question is really whether the OS hardware community is actually likely to produce something comparable to Intel or AMD, even given a start with the SPARC design. I... don't want to say it's impossible, but it certainly seems somewhat more difficult than producing a better operating system than Microsoft can.
For SPECTRE, the nature of the attack means that programs you expect to be sandboxed in VMs, such as Javascript scripts, may be able to read data outside of their sandboxes if the VM does not specifically address it. So if someone's running a web browser on a SPECTRE-vulnerable ARM CPU, then they're vulnerable if they browse the web if the browser hasn't been SPECTRE hardened.
So saying "You must be running some kind of malware" is misleading. Types of software you run that you would not normally consider a security risk *might* be.
The other side of this is that both Mozilla and Google have released SPECTRE-hardened web browsers, so there's that.
That's what I said. It'll result in slowdowns of up to 30% of applications that use a lot of system calls, not slowdown 30% of applications.
You most certainly can, you just need patched kernels.
Here's a quick summary of the two flaws:
Meltdown: Probably Intel only. Allows user mode programs to access kernel memory. Patchable, but will result in slow downs of up to 30% of applications that use a lot of system calls.
Spectre: Almost all CPUs made in the last two decades. Allows programs to access memory they shouldn't be able to access, but not generally kernel memory. Not patchable, but applications can be written to make it harder to exploit the issue. No major performance problems associated with workarounds.
Set-up requires kernel intervention, but you typically do that at the beginning and then everything else bypasses the kernel so while it's I/O, it's I/O that's not kernel bound.
This is distinct from, say, reading files, where every block of data you read needs kernel intervention.
i7 to i5 isn't really the right comparison. It's more like switching from a 7800rpm to a 5200rpm disk drive. I/O is going to be impacted. AI, physics, and graphics not at all.
Wait, you're saying Intel did this knowing it was a security risk?
I've not heard that allegation even from Intel's strongest critics. Where is the evidence for this?
A fleet of computer controlled Cesnas.
From what I can figure out, Spectre can only be mitigated against, it can't be eliminated without hardware design philosophy changes. It'll be very interesting to see the consequences of that.
Yes, you can read from those pointers, but you can't write to those pointers. Both exploits are read-only, they're about trying to extract data from somewhere you shouldn't be able to. But they're still bound by the limits of where the browser is going to allocate JS objects, which is not, obviously, going to be kernel memory.
There's a proof of concept for Spectre written in Javascript, and would only be good for scanning the browser's memory for things like saved passwords.
That's not good, but it's in line with the quote, that the JS implementations of the exploits wouldn't be able to break out of the user's browser.
Try as I might, I can't see a way to exploit Meltdown with JS, as that requires being able to tell the browser to address memory it would never normally address. JS just doesn't have that capability.
There are two classes of exploit, Meltdown and Spectre, with at least three methods to use them to bypass the security of the addressed system, two of which address the same class which in turn rely upon the same design flaw. He dug, he just didn't use the same definition of "exploit" you're using.
It is certainly true that two of the three methods rely on a design flaw exploitable by the Spectre class of exploits, that applies to almost all current CPU families. That said, the consensus seems to be that Spectre is much, much, harder to exploit than Meltdown.
Yeah, just to try to get some ballpark figures I loaded Slashdot.org (which ought to be fairly light) and Cracked.com (which is the worst website in the world for loading umpteen billion objects) into Edge (which doesn't have AdBlock) - Cracked loaded 739 objects, but even Slashdot, loading the newest dup of this article which has hardly any comments, resulted in 233 requests.
Both Google and Mozilla have apparently already released changes to their browsers to make it physically impossible to even use timing attacks in Javascript pages. So if you're running the latest browsers, disable Flash, and are otherwise unlikely to download and run untrusted third party executables then it's unlikely Meltdown can be exploited with an unpatched kernel. But I also know I'm in a minority for wanting that option.
But, hey, does it matter now, I mean, nobody's even got a fix planned for Spectre, so we're all fucked anyway, patched kernel or not.
Given the type of workaround, where the user is using a plain old web browser, I really don't think Google are going to block it. It would be setting a precedent I don't think they'd want to set. It's one thing to block custom apps they have little control over, quite another to ban access via the standard, supported, way of accessing their content.
They're pissed at Amazon, sure, but even non-cooperation has its limits.
Try a newer Roku. I bought a Roku stick two years ago, and loved it, but certain applications seemed to be ridiculously slow, and others, such as Netflix, started off OK but just became unusable over time.
So we bought a newer standalone Roku, a Roku Premiere+ (sadly discontinued but I'm sure you can find the current equivalent on their site), and it was like night and day. The responsiveness is perfect now. Plus this model you can connect to the Internet using Ethernet rather than Wi-fi (less interference, and using powerline ethernet you don't have much extra wiring.)
I have to admit to finding the improvement in speed absurd, the user interfaces aren't that complex, a Commodore Amiga should be able to render them quickly, but I suspect they're written in Javascript and HTML, using 17 layers of frameworks, all probably by contractors who have never heard of "for()" loops and have no idea why they'd want to use one...
I'm trying to think of any situation where that might happen. Even in corporate Windows environments, they moved away from identical images a long time ago (not through choice either.)
The exception, like I said, are Chromebooks, one of the few cases where you can realistically say that almost everyone with a certain User agent string will be running an almost identical environment.
Honestly, I think you're looking at more than thousands, I think this is a tens of millions thing (even if you know 90% of this stuff ahead of time, you're talking about timing attacks, those aren't easy, and you don't know 90% of this stuff ahead of time)
We're also looking at an attack that hasn't been done before. Most of the exploitable information that hackers are interested in has nothing to do with stuff only available via the kernel. Why have we not seen these kinds of attacks before? [Because they're f---ing almost impossible, that's why!]
That said, let's address this:
I think it's reasonable to be confident that my own environment is highly unlikely to be breached by an insane timing based system that requires full knowledge of exactly what versions of everything I'm running, and has Linux's kernel address randomization to deal with too.
And that's what I was asking about. I want to know if it's possible to disable this because making web browsers or games run 30% more slowly because of an almost impossible to exploit bug is absurd.
Over confident? No. The amount of hoops someone has to jump through to create a useful Javascript-based exploit is absurd for this. There are easier ways of getting someone's SSH keys. Hollywood's magic USB drives are more realistic and practical than anything described here. It'd be a whole lot easier to send something as a .exe that downloads automatically and wait for 1% of users to click on it, than try to craft a timing attack that only affects 0.00001% of desktops.
The only way this could remotely work is if you know absolutely everything about the machine state ahead of time. It might work if you've imaged your victim's PC (in which case, why bother?), or I guess if you have a huge amount of the general state information about the browser, but it's certainly not going to distribute any useful information done as a distributed attack to fish for information to random strangers.
This is paranoia several levels deep and it's going to cause more harm than good if we let it continue. Realistic attacks on people using Javascript are impossible. It's not credible that anyone is going to get an SSH private key or other critical piece of information via this hack via Javascript, or other successfully sandboxed system, except if there's a genuine flaw in the implementation. And those flaws would be significantly more worrying than this kernel memory issue is to 99% of computer users.
I can see good reasons to be concerned about this on my VPSes, and on my private server-of-servers, but it's hard to see a realistic attack on my desktops.
Irony: if your suggestion that timing attacks could work is true, then the one desktop system I can see being vulnerable would be Chromebooks.
Also: If someone has authority over you, then a certain about of distrust is OK. If someone is an authority in their academic field, then that's an entirely different definition of the term "authority" and it actually implies that their opinion is valuable and is respected by people who know what they're talking about.
It's annoying seeing two completely different definitions mixed up. Though not new, we used to see the same thing with the word "sharing" rather a lot.
It's visible to the public, not "open". If it were open, we'd have some say in it (which means it wouldn't be happening.)