Web hosting companies will take a steep penalty to you for using too much CPU or memory. And usually ask you for your money in advance.
The only difference between a web hosting company and Amazon is the billing model?
Seems like this should really be IBM's forte. I wonder why they didn't jump into it with both feet.
-jcr
Cheap commodity services was never IBM's forte - they don't want to rent you a $20 virtual server that you maintain yourself, they want to sell you a million dollar mainframe and $10,000 Intel servers that you pay IBM to maintain.
Amazon is my favorite nonprofit organization! Their investors are footing the bill for that 100 pound room air conditioner I had shipped to me via Amazon Prime 2 day shipping, and all those times they spent 2-3 dollars to to ship me a 5 dollar item.
Amazon is squeezing the shipping carriers to lower shipping prices, so don't bet that they lost money on those packages.
Isn't AWS used for more than cloud storage and computing? It's also used for simple web hosting. Did they subtract the revenue from website hosting from that $1.5B figure.
What's the difference between cloud storage + computing and "web hosting"? AWS just provides the platform.
I'm tired of these security experts holding these sites hostage. They should disclose these vulnerabilities to build a safer Internet, not to line their pockets.
If they really wanted to line their pockets, they'd sell them to the black hats.
Blindly disclosing the security holes to the internet at large makes the internet less safe in the short term since the bad guys can exploit the vulnerabilities before the good guys can fix them.
Groupon could hire people themselves to find the vulnerabilities, but they chose not to, instead they offer a bounty for security bugs, which apparently is very cost effective when they don't pay up, so it's a double win - no need to pay money to hire security experts when a community of bug hunters will do the work for a token bounty, and no reason to actually pay the bounty when you can find a technicality (if one out of 30 bugs were released in violation of their guidelines, why aren't they paying their promised bounty for the others?)
Good luck getting a penny in compensation out of the corporations responsible if this happens.
They are already smart enough to use shell corporations to do the drilling -- by the time water contamination or triggered earthquakes are discovered, the shell company is long done and a new one has taken its place.
But Javascript?
RTFA:
Two specific
APIs which are of use to us in this work are the
Typed Array Specification [9], which allows efficient access
to unstructured binary data, and the High Resolution
Time API [16], which provides sub-millisecond time
measurements to Javascript programs
Yes, but it cannot observe what data from other processes is moving out of the cache The attacking process already has to know what bits the other process might have in the cache that they are attempting to time. The cache side-channel attacks are using statistical techniques... in artificially constructed scenarios: where only one other process has shared data you want to do a timing attack against.
Well yeah, that's kind of what the whole paper is about - the fact that they can analyze cache behavior to detect network and mouse activity on the system.
It's also $40 cheaper, which translates into a savings of > 25% of the device price.
You want Ubuntu on the "non-crippled" version? Good news: If you are willing to pay the additional $40, you ought to be able to install Ubuntu because the same hardware (minus some RAM/storage) has already been setup to run Ubuntu.
Is it the same hardware? This implies that it's not identical: The Ubuntu version of the Compute Stick has as a similar CPU -- if the CPU is different, how much of the rest of the chipset is different?
Does that implies that AMD CPUs are also 'vulnerable'?
RTFA:
It should be noted that the AMD cache
micro-architecture is exclusive, and thus the attacks described
in this report are not immediately applicable to
that platform
How is having your browser fail to work on many websites "FTW?"
Because if you want to ensure your security and privacy, you shouldn't use the web.
They cant even describe what happens.
" Once there, the software inside the bogus content launches a program that manipulates how data moves in and out of a victim PC’s cache"
Uh, if the website can launch programs to manipulate your CPU cache, that's a problem.
I suspect this is the old "set up a webgl context, read back a framebuffer, maybe you will see some old shit in the framebuffer" attack that Microsoft used to attack WebGL back in the day.
Sounds like typical OMG COMPUTERS!!!!!!! from the business crowd.
God how I wish everyone with an MBA would just get the fuck out of my way when I have grownup work to do.
If you understand the CPU architecture, any program that can control what happens within its address space can manipulate data moving in and out of the CPU cache.
For the last 24 years: LINUX ISN'T STUPID BLOATWARE! IT RUNS GREAT ON ANY HARDWARE!!!
Hardware maker in 2015: OK, you're right. Here ya go.
Fanboys: OMG!! CRIPPLED HARDWARE!!
It's still a valid complaint -- why give the Ubuntu device half the ram and 1/4 the storage? Even if Ubuntu *requires* less resources than Windows, the applications that people want to run may not. Chrome, in particular, seems to grow to consume all of my RAM whether I run it on my old 2GB laptop or my 16GB desktop. And the Windows device has 19GB of usable storage -- more than 3 times the total amount of storage on the Ubuntu stick, Ubuntu users store data too, especially on a device well suited to be a media player.
But if you're already have the power cord plugged in, it should be easy to provide a wired network connection right next to it.
Getting the wired network to the laptop is not a problem -- most laptops in the office get to the wired network through the same cable they use to plug in to the monitor, but that wired network doesn't come for free, my company paid $50,000 to wire up cat-6 for an office that we only plan on being in for 2 years - and it already constraints where we can place desks. This doesn't include the $40 - $50K spent on access switches in the server room.
We have Wifi, which works well for phones, tablets, and laptops in conference rooms, but it's no substitute for the wired network since when the graphics guys are saving gigabytes of photoshop files to the file server, the rest of the network suffers.
Or they can be trained to alert on whatever signal their handler wants to give them. Hell, they are dogs, they want to please their handler.
That sentence was valid with "their": "Hell, the handlers dogs, they want to please their handler."
Money is the root of all evil, and man needs roots.
