These two bugs (Meltdown and Spectr) are really very speculative things. It is like when human beings became aware of astroid orbits they thought that earth is in danger of being hit by one. Now that is indeed a theoritical possibility but what are the chances? These two bugs have been existent for 20 years and there is no known exploits of them. In the GitHub demos also they mention that the demos will work only if "For this demo, you either need the direct physical map offset (e.g. from demo #2) or you have to disable KASLR by specifying nokaslr in your kernel command line." - So you basically start with a broken system to exploit these bugs.
This is literally a PoC. It's too late for the standard "I can't imagine how to exploit this so surely it cannot be done" fallacy. You are looking at an example of how to do it.
If you don't know the difference between the existence of an earthbound asteroid and the existence of people who write computer viruses, I don't know what to tell you.
>These two bugs have been existent for 20 years and there is no known exploits of them.
They don't exactly leave behind a lot of telltale signs.
This is also the kind of bug that is so broad (read access to everything on almost any machine you can execute code on) that a large subset of those equipped to discover it would have kept their mouths shut.
> So you basically start with a broken system to exploit these bugs.
A lot of systems were broken in the time before KASLR came along
Attacks are not asteroids: attackers constantly improve them to bypass improved defenses, and the "improbability" of an attack is no defense. Bypassing KASLR with these attacks is easy and real attackers will do it.
I think you're being harshly down-voted without people explaining why.
For a start - this is hardly a remote possibility when we already have proof of concepts like the linked repo.
Secondly - your analogy makes no sense. The only way to make it make sense is add that we also know there is an entire spacefaring group of mercenaries whose entire hobby and/or job is deliberately throwing asteroids in Earths general direction.
> The only way to make it make sense is add that we also know there is an entire spacefaring group of mercenaries whose entire hobby and/or job is deliberately throwing asteroids in Earths general direction.
Maybe there is, but they are hilariously incompetent?
Nah, they're really far away, and there's an accumulated round-off error in their distance conversion between bloits (used by the client) and metrons (used by the subcontractor), so they're shooting at a target a quarter of a light-year away, and won't realize it for another 500 years.
> This demo uses Meltdown to leak the (secret) randomization of the direct physical map. This demo requires root privileges to speed up the process. The paper describes a variant which does not require root privileges.
but I don't know how much allowing it to sudo speeds up the process.
Not sure why this is being downvoted because ime there are typically very many immigrants in start ups and running them. Myself included. Although, I'm also in a flyover state these days.
One have to be skeptical about the motivation behind the timing of this release specially coming so soon after AWS releasing Deeplens yesterday in reinvent 2017.
1) Cancer , heart disease health related problem.
2) Depression
3) Poverty
4) Violence (how about a magic shield)
etc etc .. there are tons of real life problem that are yet to be solved and NEED to be solved for survival of human kind. Just open your heart and eyes and you will find.
Sri Ramakrishna said that all religions are just different path to the same divinity. Just like we call water by different names in different languages but ultimately they all mean the same liquid that quenches thirst , similarly different religions also lead to the same quenching of our spiritual thirst. Sri Ramakrishna not only said that but he practiced reaching enlightenment through different religions.
This is a very bad idea .. there is no need for so many people to sit in one place and terrible for housing and commute. Amazon should come up with a better idea .. this is so not like Amazon.
Isn’t it more efficient for cities to have density like this? For example, you could triple the city busses to a specific location during work hours, a many-to-one relationship rather than many-to-many.
Only if affordable housing is enabled through policy. Otherwise Amazon is just creating a company town bubble within a town, driving up housing costs with the salaries they pay their workers.
I hope they flip the table, declare all proposals inadequate and build their own damn town. Negotiate directly with a state or the feds for land and do everything the way they want it.
If Musk can die on Mars, Bezos can damn well own a county.
Cute idea, but they've said their #1 priority is to be somewhere where talent wants to live, ideally complementary with Seattle:
> “Not everybody wants to live in the Northwest,” Wilke said. “It’s been terrific for me and my family, but I think we may find another location allows us to recruit a different collection of employees.”
Newville is a great place to live. Brand new infrastructure, good schools, and the kind of stores that cater to People Like Us. Sure, it's not the most exciting sort of place, but it's great for kids and families. And Big City is only two hours away, easily close enough when you want something different.
