My bytecode compiler is finally emitting instructions and has some passing tests.
Lamont Granquist
@lamont_granquist
- 0 Followers
- 39 Following
- 25 Posts
Principal Software Engineer. ex-Chef ex-Amazon ex-System Engineer. Cave Diver. EBFG/STID.
@webjedi Clouds have the problem that they do have potential attackers crawling around on virtual machine instances due to the business model. And it is rational for some entities to need to protect again nation states. They should also be deploying zero trust security models.
And based on my experience at Amazon (although this is very outdated at this point though) their zero trust deployment is probably less advanced than one would guess.
@webjedi It is more that for those attacks to happen someone already needs to be in your network and have already compromised a host. And the stark reality of most companies is that it is all hard outer-wall and chewy-center security at best. Once an attacker has a host there's probably a hundred easier internal exploits than all of these. Just break root on the box or any other box, and go surfing around to find which keys own the whole kingdom. Probably don't need to rowhammer anything.
@pburkholder So far all I can tell you is that you won't go wrong by starting to watch them all in order, which is just logical.
@webjedi Spectre, Meltdown and Rowhammer were also exploits that seemed to me to be in about the same bucket. Stuff that the Gov and FAANGs and cloud really needed to remediate, but that the vast majority of businesses would never get attacked with. Of course the surface area of companies getting attacked by nation states might be getting bigger over time now.
@webjedi Heartbleed was always heavily theoretical rather than practical and like improving the pick proofing of your doorlocks when the glass window next to the door could probably be smashed into.
The exploit was the first to be so highly publicized with its own custom emoji. Exploits did have clever names back in the 90s but they didn't make the new york times.
Because of the publicity it had to be remediated, and that caused the heavy impact and the supply chain scrutiny.
Decolonial AtlasA 20-year-long Indigenous-led movement to undam the Klamath River just won the largest river restoration project in history! FERC unanimously voted Thursday to remove the four lower Klamath dams starting next year! The salmon are coming home for the first time since 1918.
Rust is interesting because you can't just leave some junk you've built up (say bytecode) on an object (say your compiler) and then start playing around with it like the caller owns it all, just willy-nilly...
@daniel someone needs to invent a nice short quippy meme for this like "sealioning", so this bullshit can just get shouted down.
