Another devastating CPU attack has been discovered
It feels like years ago that Meltdown and Spectre were discovered, the two groundbreaking CPU attacks that changed the industry and forced Intel to admit major manufacturing flaws over the space of a decade.
Now there's another attack that's similar, with a less catchy name: Speculative Store Bypass. Essentially, it's similar to the Spectre attack from earlier this year in that it attacks the way in which your CPU executes commands ahead of time in order to appear faster.
The best, brief explanation I saw for how these attacks work was on Twitter earlier this year, from none other than Scott Hanselman:
Explaining #Meltdown to non-technical spouse.Â
âYou know how we finish each otherâs...â
âSandwiches?â
âNo, sentences. But you guessed âsandwichesâ and it was in your mind for an instant. And it was a password. And someone stole it while it was there, fleeting.â
âOh, that IS bad.â
The bad news is that this new exploit requires a new firmware update for CPUs that will impact performance, again. This time around it's optional, and disabled by default, because those that are most likely to be affected are not desktop users but enterprise.
Speculative attacks like this are dangerous for enterprise users because they may run many individual secure virtualized workloads, like Amazon's Web Services, and a speculative attack could allow a virtual machine to overflow and access data beyond its container.Â
While this is exceedingly unlikely, it's still a concern, and infrastructure providers are likely frustrated with diminishing performance from their existing hardware; particularly because this patch may be up to 8 percent overall reduction in performance.
Intel, for its part, plans fixes in future versions of CPUs that will ship at the end of 2018. But still, this type of attack is unlikely to go away any time soon, particularly as Microsoft is offering $250K for anyone who finds a similar bypass.
Adobe acquires Magento commerce
E-commerce is hot, and Adobe wants a piece of it: the company acquired Magento's store platform for a solid $1.68 Billion to get into the game against Shopify.
Here's the thing: I suspect Adobe is about to realize what it's wading into. I've used and supported Magento in the past, and its 2.0 platform is a technology disaster, requiring expensive hosting and specialized developers to work with it.Â
A quick search for Magento slow or Magento sucks reveals thousands of people complaining about a sprawling, confusing platform that's difficult to reel in, with unexpected breaking changes in point releases and many more issues.
Magento makes Wordpress look like a modern system, and to fix it, I believe that Adobe will need to invest heavily in retooling the platform to simplify and streamline the codebase.Â
The reason Shopify has seen so much success is that it has a small learning curve and takes the burden off of the store owner. Magento puts the burden squarely on the store owner as well as the cost.
What's incredible to me is that the e-commerce space isn't teeming with alternatives to both Shopify and Magento. Somehow, there's only a handful of decent options in the space these days â which explains why Shopify's share price has doubled over the last year.
With so few options in the market it makes sense why Adobe would want a piece of the action; to target enterprises who want to host their own store, something that Shopify is not able to do. But still, please don't use Magento.
Tab Dump
Netflix lands a deal with the Obamas
A huge, exclusive deal with the Obamas will see a number of new shows in collaboration with Netflix. This is a wild win for the company, and I'm so curious what will come of it.
Most of those GDPR emails are unnecessary and maybe even illegal