Oh my, Amiga!
Haha, I was thinking it was time to push the envelope on quantum computing. AI is going to take over the world eventually anyways, so why not give them some help now and welcome our overlords.
If you’re running a digital computer, you have no one but yourself to blame for your security woes. Try getting your virus to run on my analog differential equation solver! I’ll take some slightly limited functionality and the occasional mercury spill over this stuff any day.
I’m posting with mine right now!
Google’s Project Zero in conjunction with academic and industry researchers discovered the flaws and Google says it informed affected companies of the Spectre flaw on 1 June 2017 and later reported the Meltdown flaw on 28 July 2017.
That is more than enough time for Intel’s CEO to not just know about these two security flaws but for some research to be done in order to realize there isn’t any easy fix to Spectre and that Meltdown will result in a CPU slowdown.
In Kremlin, crisis meeting with head of KGB.
V. V. Putin: I have called this meeting because America is making our country a laughing stock. I asked you to submit plans to deal with critical situation in long term. Alexei Stepanovich?
A.S. As you know, Vladimir Vladimirovich, our ability to make computers is way behind the West but our theoreticians are the world’s best. They have come up with a clever way to make computers faster but which has a very subtle, almost undetectable flaw which will eventually enable us to read their contents. Our plan is to infiltrate computing scientists into the top American firms and get them to introduce our method, which is called speculative execution.
V.V. Putin: Interesting but not of obvious practical use. Semyon Dmitrich, your plan?
S.D. Our plan is also computer based. We believe that the United States will rely more and more on its computer networks to send and store information. We wish to introduce our experts into their software companies. They will introduce flaws into networking systems so we will be able to read the contents of their computer without going near them.
V.V. Putin: More interesting.
A.S. But our clever flaw will mean that if they detect what is going on and introduce measures, we will still be able to use our flaw to read their computers. And they will have no idea.
V.V.Putin: This sounds much more interesting. Ivan Denisovich, your idea?
I.D. We follow Marxist-Leninist philosophy and seek to defeat the US by infiltrating the Republican Party. Then we expose the contradictions of capitalism by getting them to elect as President a loudmouthed, incompetent bully who everybody will laugh at.
V.V.Putin: Classical thinking, but hard to believe that the Americans would fall for it.
S.D. But if we were able to read all their computers, we might be able to change things subtly so that this worked. For instance, if we could fool them into using computers as voting machines.
V.V.Putin: You will be telling me next we could use computers to spy on them.
I.D. Why bother? We get them to spy on themselves, then we simply buy the information.
V.V. Putin: Nobody could be so crazy.
…forward 20 years.
V.V. Putin: Congratulations, everybody. Plan that was evolved when we were young and enthusiastic has matured. We spy on Americans with Facebook. All their computers can be hacked into. They have elected a buffoon as President. We have information that can compromise most of their political class. I have only one question. What the fuck do we do next?
You are @Papasan and I claim my £10.
It’s hard to say. Supposedly this particular type of stock dump needs to be arranged well in advance, but on the other hand we’re hearing that the vulnerability was discovered by Google “at some point last year”
Having worked in the tech side of the financial services and retail services industries, and having at least a passing familiarity with technology in general, the fact that the entire planet is not in a permanent state of “very on fire” is a damn miracle.
Oh. There is a betting pool? I am sorry to disappoint you. I am not.
Turns out they were warning labels.
It’s not a betting pool.
The British colloquial phrase “You are (name) and I claim my five pounds” is associated with Lobby Lud, despite being based on a similar idea thought up by a different paper.
What @anon73430903 said, plus @Papasan is often doing whatever it is “right now”
Roger that!
Dang. You seem optimistic. I hope these cloud providers are doing everything you think they are.
Any machine you share with others will share all sorts of resources. As well as the pre-fetch caches and stuff like that, you will share the disk fetch latency times (which might tell you where the head was) the GPU temperature (which tells you how much work it has done lately), the clock (which tells you how loaded the system is. If we are using the round-robin scheduler, you will always be between the same other two jobs provided they are still running. So, if someone wants to run Meltdown on your machine then they are going to have to match your particular machine then steal a lot of cycles for each word you want to look at. You can probably turn off sharing on the caching if you are editing /etc/passwd or something sensitive in a way the cloud provider can’t. A cloud provider has thousands of copies of a known processor, and lots of cycles to steal before someone notices the loss. It is not clear to me where the balance lies. The collective web has my permission to slag me off if I am wrong.
I am personally glad the nice guys have told is about this. I would imagine the attacks have a very distinctive signature, so you may be able to detect it on unmodified hardware.
Optimism is what I have control over :P.
Realistically looking into the problem it seems that KVM is well positioned to deal with this problem more so than XEN or vSphere. Looking at the white pages it seems any attack would require not only an outdated kernel (which is possible but unlikely as it’s Google’s entire business model when it comes to GCP) but also hours of suspicious activity on a typically IaaS hardware.
I understand the concern over trust but realistically modern application are so complicated (I’m talking Nextflix scale things) that you need to outsource some responsibility. I’m comfortable with the likes of AWS and Google dealing with hypervisor level security.
That said: Google did let their load balancer service go down for 18 hours in a row last year…
I’d like to read a scifi novel set in the upper left quadrant.
“Proconsul, there is troubling news from our Ceres colony.”
“What is it? A meteor strike? An alien plague? A rebellion?”
“No, madam. But their fundamentally just social programs, combined with the near-limitless resources of the asteroid belt, have brought them to Civilizational Awesomeness Stage IX far more quickly than expected.”
“And now they’ve come to take their revenge against their former oppressors?”
“No, they just wanted to thank us for giving them such a great start, and they look forward to millennia of peaceful coexistence.”
“Ugh… BORING.”
“I know, right?”
All language, and indeed all cognition, can be modeled as a sufficiently complex partial differential equation. The text you see here is simply the output of one such equation that I devised in order to type this. As long as I set the correct initial conditions to within appropriate tolerances, an analog computer can quickly solve such equations with a shockingly high degree of accuracy. Of course, the longer the text encoded in such a fashion, the more that small errors from the initial machine-state compound, resulting kumquat increasingly aberrant Burkina Faso, to the point where lascivious ferret chowder.