|
Proteus Jones posted:Spectre breaks sandboxes and has access to the *entire* user memspace. The SANS presentation specifically stated Spectre "can only read memory from the current process." I will trust SANS.
|
# ? Jan 5, 2018 01:10 |
|
|
# ? Jun 10, 2024 11:39 |
|
silicone thrills posted:pissing me off: Old dudes being weird. There's this guy retiring after 37 years here. We bought him a fancy pants 15" mbpro and I was configuring it. dude proceeds to tell me how I remind him of his best friends sister that he always wanted to go out with who has the same name as me. i'm just like "uh neat" Report it, even though he's old and leaving. Creepy poo poo should never go unreported.
|
# ? Jan 5, 2018 01:16 |
|
Avenging_Mikon posted:The SANS presentation specifically stated Spectre "can only read memory from the current process." Google Project Zero has a working Spectre-type exploit that reads host kernel memory from guest VM userspace. You could technically make an argument that it's technically the same-process (and, host kernel having access to guest processes' address space is rather helpful for making things work), but I am not sure that lumping that under "current process" is a very helpful way of summarizing things. Similarly for just straight up calling the OS kernel from userspace with no VMs involved. Leaks via the state of branch predictor don't seem like they really need "access to address space" thing, either, as a matter of principle.
|
# ? Jan 5, 2018 01:21 |
|
OddObserver posted:Google Project Zero has a working Spectre-type exploit that reads host kernel memory from guest VM userspace. That sounds Meltdown type, not Spectre. They both use side channels.
|
# ? Jan 5, 2018 01:39 |
|
OddObserver posted:Google Project Zero has a working Spectre-type exploit that reads host kernel memory from guest VM userspace. Nah, that's Meltdown. Avenging_Mikon posted:The SANS presentation specifically stated Spectre "can only read memory from the current process." quote:Finally, we wrote an attacker program that ex- ploits the CPU’s speculative execution feature in order to execute the previously-found sequences as transient in- structions. Using this technique we were able to read the entire victim’s memory address space, including the se- crets stored within it. Bolded sounds like the entire memspace to me. Additionally, there's this bit at the end of Section 7 - Mitigations. quote:More broadly, potential counter- measures limited to the memory cache are likely to be insufficient, since there are other ways that speculative execution can leak information. For example, timing ef- fects from memory bus contention, DRAM row address selection status, availability of virtual registers, ALU ac- tivity, and the state of the branch predictor itself need to be considered. Of course, speculative execution will also affect conventional side channels, such as power and EM. Spectre has broken modern CPU architecture in terms of confidentiality of information. The only real long term fix is a redesign. Google, I've heard, has a promising solution but I haven't had a chance to read up on Google's fix. It's probably something along serialization, but it's probably more because enforcing serialization doesn't appear to clear the registers. Proteus Jones fucked around with this message at 01:51 on Jan 5, 2018 |
# ? Jan 5, 2018 01:42 |
|
Proteus Jones posted:Nah, that's Meltdown. It's not, it's types 1 and 2 here: https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html?m=1 while Meltdown is type 3. Difference is that with meltdown you can read kernel memory entirely from userspace, without the kernel being involved at all (it just needs to be mapped). You can still read kernel memory using Spectre, but you basically have to make an actual syscall while tricking the branch predictor into running, while you're inside the kernel, some code speculatively that has side effects that leak info userspace. This is why mitigation for this particular variant involves either microcode update + OS kernel messing with branch predictor state on boundary crossings, or tricks to prevent prediction of indirect jumps.
|
# ? Jan 5, 2018 01:55 |
|
OddObserver posted:It's not, it's types 1 and 2 here: Ooo. That's clever.
|
# ? Jan 5, 2018 01:57 |
|
Here's detail on Google's Retpoline, which can address Sectre 2. (Spectre 1 still looks to require OS/Kernel patch and/or microcode update) https://support.google.com/faqs/answer/7625886
|
# ? Jan 5, 2018 02:02 |
|
ChubbyThePhat posted:Double post: We're rolling it out and although we've only really been in there for the jumpstart training, it seems loving great. From what I've seen from Mac-enabled MDM stuff, the closer you are to Apple, the better, and they seem pretty drat close. If you only want MDM for iOS devices there may be better options, but if you want to roll to MacBooks, etc. it seems pretty amazing. Jowj posted:For the record - this button is bad to push in a lot of cases. It'll outright break a lot of stuff including jira auth (lol). Some heavy testing seems to be needed to verify compatibility with company workload. loving godammit of course it does. Well, I'll let Security know about it and we'll probably push it to a representative test group of users and I'm sure it will break all of CE's tools and probably gently caress up our own product website but I can say I tried.
|
# ? Jan 5, 2018 02:28 |
|
Inspector_666 posted:I will say I have come within a tenth of a second of standing up and breaking my keyboard across my knee and/or face at least 5 times in the last two days. We have like 50 Dell keyboards as spares, my helpdesk guy and I did a "stress relieving" session where we just broke like ten of them I half with our bare hands.
|
# ? Jan 5, 2018 03:27 |
|
Jamf is an A+ fantastic product. It’s as good of a management suite as you’re going to get on any platform. Nothing comes close for MacOS.
|
# ? Jan 5, 2018 03:56 |
|
Not even sure which thread is the best one to post Meltdown/Spectre poo poo in, but maybe don't update your SCCM servers yet: https://twitter.com/djammmer/status/949122372384141312?s=03 (This guy is the program manager for SCCM at Microsoft.)
|
# ? Jan 5, 2018 15:59 |
|
In the year of the lord two thousand and eighteen, Microsoft still won't shrink a loving volume if there are bits of files at the end of the partition? Are you loving kidding me? I have to defrag my SSD because of this poo poo? *Edit* It was because of a system restore. My point still stands: why the gently caress can't they just move that poo poo when you shrink a volume? FlapYoJacks fucked around with this message at 16:24 on Jan 5, 2018 |
# ? Jan 5, 2018 16:16 |
|
JAMF is not a bad product and I actually like their Casper suite. I have the CMA and CCA which we got through their classes they put on. It was a really nice overview. Pissing me off today: Server team took a hard look at permissions and decided to lock down on how much people can actually do. Don't think it got thought out too much since we can no longer add machines to our domain. Radio silence from them so far on what they will want us to do with 300 machines at our location alone up for replacement.
|
# ? Jan 5, 2018 16:18 |
|
Ratmtattat posted:JAMF is not a bad product and I actually like their Casper suite. I have the CMA and CCA which we got through their classes they put on. It was a really nice overview. The other thing is the Jamf community is pretty fantastic, as is their internal support.
|
# ? Jan 5, 2018 17:12 |
|
ratbert90 posted:In the year of the lord two thousand and eighteen, Microsoft still won't shrink a loving volume if there are bits of files at the end of the partition? Are you loving kidding me? I have to defrag my SSD because of this poo poo? That poo poo’s hard man. You have to, like, move things. And maybe update file pointers? Like, I totally don’t think it will EVER be possible.
|
# ? Jan 5, 2018 19:57 |
|
Sirotan posted:Not even sure which thread is the best one to post Meltdown/Spectre poo poo in, but maybe don't update your SCCM servers yet: This is useful, thanks.
|
# ? Jan 5, 2018 21:04 |
|
I love explaining that an office full of people streaming fullscreen video through an RDP session means you need to throw away your ideas about how much traffic you can expect to generate. Bonus for using older RDP protocols that don't understand what video content is so just refreshes a full 1080p stream 30 times a second.
|
# ? Jan 5, 2018 22:23 |
There hasn’t been a peep about the bug in my organization.
|
|
# ? Jan 5, 2018 23:45 |
|
skooma512 posted:There hasn’t been a peep about the bug in my organization. We've been too busy working on trying to get back up and running after the winter storm knocked out one of our critical data centers yesterday! Yaaaaay!
|
# ? Jan 6, 2018 00:52 |
|
All our desktop staff is running around in a tizzy, but those of us in servers are kicking back with business as usual. All our stuff is self-hosted, locked down, and restricted access. Anyone that exploits the cpu vulnerabilities is going to be an employee and will be in a world of poo poo if they get caught.
|
# ? Jan 6, 2018 00:59 |
|
A vendor just sent me an email titled "Make file delivery great again" and I replied back that their domain was going on our blacklist.
|
# ? Jan 6, 2018 01:13 |
|
Dick Trauma posted:A vendor just sent me an email titled "Make file delivery great again" and I replied back that their domain was going on our blacklist. Did you site why? It's important that they know or they wont realize it and think you only think of them as spam.
|
# ? Jan 6, 2018 01:34 |
|
skooma512 posted:There hasn’t been a peep about the bug in my organization. That seems weird as poo poo, you'd think your internal security team would at least be making "be careful about your browsing and update your browser asap" kind of noises
|
# ? Jan 6, 2018 01:42 |
|
Drumroll... Much love to the goons/goonettes who’ve been encouraging throughout this. The GOOG interview going sideways was some hand of fate poo poo, I’m very happy with where I’ve landed. (Bonus to the people who repeatedly pointed out that the toxic bro culture was toxic bro culture while I was under heavy Stockholm syndrome.)
|
# ? Jan 8, 2018 10:11 |
|
meanieface posted:Drumroll... Congratulations! I don't honestly remember the context for this but that should never get in the way of good news
|
# ? Jan 8, 2018 14:04 |
|
At what point are you a responsible enough adult, where when you've lived in a place that it snows every winter, that you: Check the weather before you go to bed to see if we're getting snow overnight Set alarm 15 minutes early to account for extra travel time Not show up to work a half hour late with the excuse of "the roads were bad" 1 inch of snow and everyone loses their minds. I understand when we get like 8-10 inches and you can't leave your house, but just because it snowed doesn't mean you can come in whenever you want. I have a guy with a 50 mile commute who was still 2 minutes early.
|
# ? Jan 8, 2018 14:22 |
|
Eh, I've used the snow excuse when I was being lazy and felt like dragging my feet. Sometimes you just wanna slack.
|
# ? Jan 8, 2018 14:30 |
|
Yeah getting in late being an issue seems to be really silly to me past a certain level. If you expect me to answer slack/hipchat/emails at weird hours don’t be weird about start time if I am not missing meetings and getting my work done.
|
# ? Jan 8, 2018 15:35 |
|
Punkbob posted:Yeah getting in late being an issue seems to be really silly to me past a certain level. If you expect me to answer slack/hipchat/emails at weird hours don’t be weird about start time if I am not missing meetings and getting my work done. We don't ask for the first part. These are hourly positions between 8:00 and 4:30. You need to be here at 8:00, and you get to leave at 4:30. If someone comes looking for you at 4:35, "Punkbob is gone for the day" is a perfectly valid response that I give to people all the time. But when we open on Monday and people starting coming in looking for people or help on stuff and nobody's around... "It's 8:25 and nobody has seen Punkbob" is not valid.
|
# ? Jan 8, 2018 15:50 |
|
It did take me an hour today to make a normally 15 minutes commute. Should I have expected that? Yes, but not that bad. The traffic was bumper to bumper all the way. We did get over 15cm of snow, and it was just loving bad. If I would have had a manager to yell at me for it I would have told him to go gently caress himself. I had to shovel my way out of the driveway and take the kid to school (late) and get to work.
|
# ? Jan 8, 2018 15:54 |
|
Bob Morales posted:We don't ask for the first part. These are hourly positions between 8:00 and 4:30. You need to be here at 8:00, and you get to leave at 4:30. If someone comes looking for you at 4:35, "Punkbob is gone for the day" is a perfectly valid response that I give to people all the time. Beep boop, I'm a robot, I will be at work at 8:00:00 AM SHARP, and leave at 4:30:00 PM SHARP. Sounds like a great and fulfilling place to work.
|
# ? Jan 8, 2018 15:57 |
|
As long as someone finishes their tasks and show up in time for meetings or other scheduled stuff, I couldn't care less if they have their rear end in the chair at 8 or not. I not a morning person myself, and if I get into work before 9 it's basically just wasted time because my brain is still in bed.Bob Morales posted:But when we open on Monday and people starting coming in looking for people or help on stuff and nobody's around... "It's 8:25 and nobody has seen Punkbob" is not valid.
|
# ? Jan 8, 2018 16:08 |
|
quote:It did take me an hour today to make a normally 15 minutes commute. Should I have expected that? Yes, but not that bad. The traffic was bumper to bumper all the way. We did get over 15cm of snow, and it was just loving bad. If I would have had a manager to yell at me for it I would have told him to go gently caress himself. I had to shovel my way out of the driveway and take the kid to school (late) and get to work. Wibla posted:Beep boop, I'm a robot, I will be at work at 8:00:00 AM SHARP, and leave at 4:30:00 PM SHARP. If you're an hourly helpdesk/callcenter person, that's how it works. Not everyone gets to be a snowflake and come in when it's convenient for them. Imagine if you're one of our customers, you had an issue over the weekend, you come in to work and call our support line (we offer support from 8:00-5:00) and nobody's here to answer the phone at 8:25. That's cool? You'll just tell your customers that are breathing down your neck that "our vendor isn't there yet, but it's cool you can't expect them to be on time every day lol"
|
# ? Jan 8, 2018 16:10 |
|
Nobody is going to give a poo poo if they're phoning up a company in an area where it recently snowed a ton and they get to be told that whoever they want is running late as a result.
|
# ? Jan 8, 2018 16:15 |
|
Bob Morales posted:Did you make an effort to leave early, or did you just leave at the usual time? Or even worse did you walk out the door and start shoveling at the time when you would normally leave? Yes I did wake up an hour early and started doing everything earlier than usual, still, no dice. There were 3 accidents on the road to work, slow moving cars (bumper to bumper), total mayhem. Bob Morales posted:If you're an hourly helpdesk/callcenter person, that's how it works. Which is why I'm thankful for being a normal developer that can work anytime, anywhere and that I don't have to deal with customers. I have no idea how much those callcenter people are being paid, but it is nowhere near enough if you have to be an 8:00 AM robot, no matter what, even if WW3 started in your city. That poo poo kills one's soul.
|
# ? Jan 8, 2018 16:18 |
|
Volguus posted:Yes I did wake up an hour early and started doing everything earlier than usual, still, no dice. There were 3 accidents on the road to work, slow moving cars (bumper to bumper), total mayhem. And you got 15cm, we got 2-3 cm. I said I can understand when we get a lot because like you said it fucks everything up and you don't know what will happen on the roads. Volguus posted:Which is why I'm thankful for being a normal developer that can work anytime, anywhere and that I don't have to deal with customers. I have no idea how much those callcenter people are being paid, but it is nowhere near enough if you have to be an 8:00 AM robot, no matter what, even if WW3 started in your city. And again, these are developer jobs they're just support jobs. You need to be on time just like any other service/labor job.
|
# ? Jan 8, 2018 16:20 |
|
Bob Morales posted:Not everyone gets to be a snowflake and come in when it's convenient for them. I guess the vast majority of people are snowflakes then. And I guess it's impossible to setup forwarding to cell phones (depending on pool size) and have some people work from home either Thanks Ants posted:Nobody is going to give a poo poo if they're phoning up a company in an area where it recently snowed a ton and they get to be told that whoever they want is running late as a result. Basically this.
|
# ? Jan 8, 2018 16:29 |
|
My last job was 8:30 - 5. If me and the other network guy started showing up a few minutes late, we'd get a "Watch your start times" in the weekly meeting. It was salary so there were no pay implications but they were stern about those hours. The benefit was that at 5:01 I was essentially no longer an employee of the company. I was completely free from any work responsibilities until 8:30 the next day. It was a little odd having 100% dichotomy between 'employee' and 'self'. The downside was if there was absolutely nothing to do on a Friday it didn't matter, you had to sit in that stupid chair and find ways to waste your life away while yearning for the clock to turn over. I'd much rather take my current arrangement where I'm responsible for my work, not my time. Work needs to be done at 11 PM? Fine, I can handle that. Phone call at 7 AM? OK, sure. Nothing to do after 12 PM on Friday? Hit me up on email, I'm out of here.
|
# ? Jan 8, 2018 16:29 |
|
|
# ? Jun 10, 2024 11:39 |
|
Bob Morales posted:And you got 15cm, we got 2-3 cm. I said I can understand when we get a lot because like you said it fucks everything up and you don't know what will happen on the roads. Well now, you cannot take snow amount as an absolute number. Here in Ontario, 2cm is not even a thing to talk about. The 15cm (or whatever it was) did entail a warning from Environment Canada. But in places like Texas I would assume 2cm shuts down the entire state. And that's fine because it is not worth it to invest in snow removal equipment if you get 2cm of snow every 15 years. Bob Morales posted:And again, these are developer jobs they're just support jobs. You need to be on time just like any other service/labor job. Yeah, since I never worked at a job where I had to be there at X:00 sharp, I cannot relate. Spoiled? Certainly. Snowflake? Most likely. I would definitely not last 2 days at such a job.
|
# ? Jan 8, 2018 16:45 |