It will be the first white collar job purge of our generation.
There are so many jobs that now can be easily automated or compressed to a fraction of the workforce needed before. Everyone is a prompt engineer now.
Think goverment / banking / insurrance / big companies
Every workload that is based around consent or rules will be impacted.
Even as a developer my leverage for certain task just went up by a huge margin.
The first, really? What about what happened to accountants when spreadsheets and personal computers came along? Or bank tellers when ATMs started popping up? Or even the monks who copied books when the printing press was invented?
There will always be jobs because humans will always have problems we are willing to throw money at to make go away.
All those professions experienced a massive downturn in staff required, but the jobs remained because the technology wasn't good enough that a potential customer could do the high-end tasks by themselves. We're now getting to the point that they can.
I think we will see a couple very big failures when AIs replace people and then we are back to employing people for many of these roles. I don't see any actual need for AIs in many cases, expert systems could do job better and more accurately. And that has been case for decades.
Using DALI as control-bus for our lights with products from Kiteo for tunable white they can go from 1.8k-16k with an CRI > 90 and be dimmable from 1%-100% as added benefit they can display the full RGB level aswell.
HCL is a very niche topic for residential lightning and certainly more expensiv than going with Hue but im betting that high quality HCL will improve our lives especially during winter seasons.
KNX as Cabled Smart Home which talks to the DALI-Bus via a KNX-Dali-Gateway.
And Home Assistant will control the dimming and light temperature via KNX.
You can want loans forgiven and want the system fixed. Where are you getting an observation that, in general, people who want loans forgiven also do not want the system fixed?
Education is not a prime example. Many degrees ARE useless. Paying your own way is a massive incentive to pick a valuable and reasonably priced degree. Many people consider healthcare a human right. Getting to spend 4 years half assedly drawing supply and demand graphs or writing essays about proust is most definitely not!
With our findings, we prove that SEV cannot adequately protect confidential data in cloud environments from insider attackers, such as rouge administrators, on currently available CPUs.
---
It is an interesting attack but is the above goal ever achievable? To protect against adversaries from the inside.
> It is an interesting attack but is the above goal ever achievable? To protect against adversaries from the inside.
People have gotten very close to achieving similar goals.
For example, modern games consoles' anti-piracy measures guard against the device owner who has physical control and unlimited time. [1]
iPhone activation locks likewise prevent stolen phones from being used, even by thieves with physical control and unlimited time.
And neither of the systems rely on the clunky 'brick the device if the case is opened' methods of yesteryear.
(Of course there have also been a great many failed attempts - almost every console since the dawn of time has eventually been hacked, as have things like TPMs and TrustZone, many versions of the iPhone were rooted, etc etc)
There's a significant asymmetry in motivation and resources available to compromise hardware between Jimmy and his Xbox vs. Google and their cloud infrastructure.
Yes, someone with an xbox hack has tens of millions of potential customers who can save $60 a game, with complete physical access to the hardware and no chance of getting fired or arrested.
Whereas someone with a Google cloud infrastructure hardware fault injection attack has only a tiny number of spy agencies or rogue admins as potential customers, the servers are all locked up in data centres, and anyone who got caught making an attack would get fired and/or arrested.
Jimmy is only willing to spend less than he'd spend in the cost of games. Even with a large amount of Jimmys there might not be market without getting the cost of an individual attack low enough.
On the other hand, there for sure is a market for cloud based attacks, and nation states that can apply a stick to go along with the carrot of millions of dollars in "consulting fees".
Especially as we move more key infrastructure into the cloud. If people start trusting these sorts of remote systems with things like financial data, the payoff of a clandestine compromise could be hundreds of billions of dollars.
Doubly true when you consider the history of Google working with the USG.
> It is an interesting attack but is the above goal ever achievable? To protect against adversaries from the inside.
Yes. To expand: to a function on the CPU an administrator is just another user. The Operating System is responsible for managing those designations.
These trusted computing pieces across all kinds of CPUs are specifically aimed at protecting against people with host-root, so it would seem like it's a goal they've set for themselves and should be reasonably achievable.
Do you mean “adversaries from the inside” could be more detailed to create reasonable limitations on access and resources as imposed by external systems (eg cameras, guards, searches) securing the machines?
> It is an interesting attack but is the above goal ever achievable? To protect against adversaries from the inside.
No, safe execution of untrusted code is impossible by the very definition, not without undoing 40 years of IC design practices.
It's an almost physical limitation which makes it very hard to compute something without some electromagnetic leakage from/to the die.
Take a look on secure CPUs for credit cards. They have layer, upon layers of anti-tampering, anti-extraction measures, and yet TEM shops in China do firmware/secret extraction from them for $10k-$20k
It is very hard to perform a physical process while making it impossible to observe it. Similarly it is very difficult to have some object with permanent physical properties that you (the chip) can measure yourself, but no one else can, like a cloud of electrons trapped on an island, or a metal connection between two places.
>> It is an interesting attack but is the above goal ever achievable? To protect against adversaries from the inside.
> No, safe execution of untrusted code is impossible by the very definition
I think this is more about data processing while hiding the data from whoever operates the hardware. Homomorphic encryption could be a partial answer to that.
The idea is to use a special encryption scheme (and associated operations). If I take 50 numbers and multiply them by two before asking you to add them, I'll just have to divide the result by two to get the correct answer, and you won't see the data nor the result. Of course, actual schemes are more complex than that.
What is a TEM shop? Curious about this topic, the threat model for some chips in the secure payments space assumes a secret value much higher than $10k for something like a root encryption key that blows open the payment processing security of multiple cards.
Also, just because something is physically possible, doesn't mean that the barriers to doing so are irrelevant. If it costs you $10k to unbrick a locked & stolen iPhone, then those countermeasures have likely succeeded at their intended purpose. This is why threat models try to quantify the time and/or monetary value of what they're protecting.
A single facility for TEM comes with $10,00,000+ pricetag, and usually they amount to few dozens per a developed country, in use in places like universities, and research institutes.
China has probably more of them than the rest of the world combined.
That the CPU should be able to cryptographically prove that a VM has been setup without any interference from an inside attacker who controls the hardware.
At the very least, SEV massively raises the barrier to such attacks. It's now beyond the ability of a rogue administrator or technician, requiring complex custom motherboards. But a well-funded inside attacker can target something with high enough value.
> It's now beyond the ability of a rouge administrator or technician, requiring complex custom motherboards
The end of the abstract explicitly refutes this. It is claiming that a software-only solution, using keys derived with this technique, can pretend to be a suitable target to migrate a secure VM to, which then allows the rogue admin to inspect or modify anything in the VM.
A bit unclear from the abstract whether the keys they learned how to derive (and the secret material they're derived from) are per individual chip or for all chips ever produced. If it's the former, that means the rogue admin still needs to electrically mess with the hardware once.
The part about "without requiring physical access to the target host" would seem to imply that they only need access to a machine on their end for some attacks.
This still excludes wide ranges of possible rogue admin attacks.
As a minimum, it takes shutting down and powering down the physical machine, then starting it up, which would not go unnoticed in highly controlled environment where SEV makes most sense.
One potential use of SEV is to provide a secure environment to run a VM at an untrusted provider. That provider could do lots of things with funky motherboards and forced migrations without notice by their clients.
If it's an insider attack on company owner and operated hardware, there's always some reason to have a long downtime, and you can piggyback on that to attack the CPUs... Or just put it in a new system and use the migration setup.
Suggested downtimes, organic or sabotage up to attacker's timeline:
HVAC failure: have to shut down many/most/all servers to manage temperatures until HVAC techs can fix.
Automatic transfer switch failure: these things love to fail at the same time as a utility failure, and aren't always easy to bypass.
it does mean though that a system integrator could extract the keys ahead of time, likely without any way to know this has happened. adding a way to generate a new key or otherwise rotate the key material should fix that issue though.
My understanding is that this is part of the threat model of TEEs (Trusted Execution Environment). Whether or not this will ever be achievable is a different story.
It's not plug-and-play. It still needs a custom firmware:
"(...)The presented methods allow us to deploy a custom SEV firmware on the AMD-SP, which enables an adversary to decrypt a VM's memory.(..)"
Voltage glitching is no double-click. It would be a huge embarrassment to AMD if just double-click defeated the secure processor's firmware authentication. This requires electrically messing with the power supply of the processor.
So this means the secure VM feature is secure up to the threat model of someone able to crack open the hardware.
Honestly that's kind of what I would have expected. Just making it almost impossible to get VM memory remotely by owning the hypervisor is pretty good and reduces your attack surface to people who can get into the data center and have electronics expertise.
While its goals are a bit different from confidential computing, people saying "no" here have apparently never heard of the Xbox One. More generally, securing a device against its physical owner is notoriously difficult. Tony Chen gave a talk about how the Xbox One was secured against physical attack: https://www.youtube.com/watch?v=U7VwtOrwceo
Chen makes it very clear that their threat model only includes attacks costing less than the attach rate of the system (about $600). He doesn't consider it an achievable goal in the general case.
does anyone actually use SEV in cloud environments? My impression was that its lineage (my understanding it's basically AMD's intel-SGX) is to enable DRM for stuff like netflix. I know for a time there was a lot of talk about using SGX in the cloud, but I was under the impression that the trust in SGX has been eroded over time to the point where no one thinks it's a good idea.
SEV is completely different from SGX, and doesn't (currently, to my knowledge) have an equivalent on Intel chips that are currently on the market. Google Cloud's confidential compute feature makes use of SEV under the covers.
I've only spun up a SEV instance for the novelty but am considering using it for things like hashicorp vault where performance isn't critical but extra privacy assurance is nice.
Fundamentally, though, system security hasn't caught up with the promise of SEV. It's far more likely that a VM will be compromised by 0-day attacks than insiders at the cloud companies. But if you really need to run a secure kernel on someone else's machine then SEV is the way of the future. This includes using SEV on-premises against hardware attacks. I've wanted hardware RAM encryption for a decade or two to avoid coldboot attacks and similar hardware vulnerabilities.
One reason they dont give up citizenship is that you are "declared" death and the IRS will come an collect there share. It can become quite expensiv for expats.
Very interessting that i`m on the opposite side of many comments.
For the startup we just founded i was able to crank out a mobile app in less then 3 months without prior mobile or dart experience. Its fast and just works from day one. Certainly something i can recommend for every Fullstack Dev out there who wants to add mobile to his portfolio as 95% of all apps can easily be done in flutter.
The widget aproach for mobile is fantastic cant say it will work the same on the web but certainly on the desktop.
One thing flutter needs is time, that certain champions will be chosen by the comunity (state managment etc.) - see react
But is has a vibing ecosystem that especially empoweres people outside the western world to create beautifully widgets.
Probably the best invention i added to my tool belt for a long time.
Never was i able to move so quickly to style components in a way that works and you only have to learn one set of keywords. Reminds me a little bit of vim learn once apply everywhere :).
Went the same route with WSL2 as nearly everything i need for my daily programming tasks just works and having windows just an alt+tab away for games / office etc. makes it more pleasant to use.
Maybe i`m just getting old and dual booting etc. isn`t my thing anymore but i don`t see myself setting up another distro anytime soon after 20 years.
> Bankruptcies aren't that bad - usually companies are not dissolved, but go through restructuring and gain a new management team (which one, knowing there is no bailout in the future, will plan better for emergencies like this one).
That is what i was thinking lately too. We have bankruptcy procedures for a reason, big companies wont disappear they will be restructured and continue to exist and shareholders can decided with their pockets if they want to refinance a certain business. Going back to its intended way that "shareholder value" is a two way street. It cant always be sunny.
Changing the incentive structure would benefit us all.
And probably the best thing to get everything back on track is pumping money through the population and not single big entities.
Think goverment / banking / insurrance / big companies
Every workload that is based around consent or rules will be impacted.
Even as a developer my leverage for certain task just went up by a huge margin.