Unfortunately, often the same people who are opposed to things like what you said “absurdly wealthy against everyone else”; also inadvertently support them and make them absurdly wealthy through things like the various schemes and contracts related to pandemics, climate change, bailouts, welfare/social services, healthcare, immigration, war, etc.
If people wanted to solve this problem, we would need to make all of the things that benefit the wealthy financially but cost the rest of the people immensely, directly payable through direct taxes on income and wealthy of those most responsible and able to affect those matters, i.e., the upper neo-aristocracy.
For example; all the people who benefited most from all the pollution, should now not also be able to profit from the prescribed solutions to the consequences of their actions that just happen to also make them even more absurdly wealthy.
Even more unfortunate though is that many, if not most regular people simply do not understand the abusive relationship they are in with the upper class, so they’ll rationalize and excuse and justify all day long until the cows come home when someone wants to explain to them that being beaten, lied to, and exploited by the upper class is not a sign of love.
Sounds like you and I are in violent agreement. Though I dislike that you seem to begin with halfway lumping me in with the lot you go on to describe.
I’d offer one other dark pattern in the overall dynamic. Some folks, rather than being in denial about their being on the victim end of an abusive relationship, appear to be 100% ok with it as long as they themselves get to bully and exploit others lower down in the hierarchy.
It makes a good case for, among other things, that once the US stops enforcing order on the seas, globally, that there’s going to be at best regional powers looking out for their own interests, only, and widespread piracy where even that is lacking.
Draught is one thing, but if pirates attacking commercial ships aren’t being smacked down that’s pretty alarming and doesn’t bode well.
I read that book and it get so much wrong. Its views on Russia for example have been completely flattened by the Ukraine invasion and response.
Russia has successfully switched to a war economy, US companies that pulled out are co-opted by Russian ones and doing business in a more or less normal manner. Sanctions have failed, and pushed Russia closer to China (not to mention North Korea).
When you view purely through the lens of demography, you can't extrapolate to global politics.
I remember I expected Europe to try the appeasement nonsense that only emboldened the precious century’s fascist expansion effort.
I was surprised and delighted to see any level of resistance, even if it’s only to enable Ukraine to hold the line.
I dunno, friend. No offense, but I’m going to go with the professional geopolitical strategist’s take over yours -especially where I perceive subsequent reality validating his ideas- unless you’ve got comparable creds of your own or more substance to your refution of his ideas.
The problem with Zeihan's predictions is that they are predicated on the assumption that America is retreating from entanglements around the globe. I'm not sure how anybody watching what's happening in Gaza and Ukraine could credibly make that statement.
While cool, technically… From a security perspective today I learned that TrueType fonts have arbitrary code execution as a ‘feature’ which seems mostly horrific.
(Sadly) this is nothing new. Years ago I wrangled a (modified) bug in the font rendering of Firefox [1, 2016] into an exploit (for a research paper). Short version: the Graphite2 font rendering engine in FF had/has? a stack machine that can be used to execute simple programs during font rendering. It sounded insane to me back then, but I dug into it a bit. Turns out while rendering Roman based scripts is relatively straightforward [2], there are scripts that need heavy use of ligatures etc. to reproduce correctly [3]. Using a basic scripting (heh) engine for that does make some sense.
Whether this is good or bad, I have no opinion on. It is "just" another layer of complexity and attack surface at this point. We have programmable shaders, rowhammer, speculative execution bugs, data timing side channels, kernel level BPF scripting, prompt injection and much more. Throwing WASM based font rendering into the mix is just balancing more on top of the pile. After some years in the IT security area, I think there are so many easier ways to compromise systems than these arcane approaches. Grab the data you need from a public AWS bucket or social engineer your access, far easier and cheaper.
For what it's worth, I think embedded WASM is a better idea than rolling your own eco systems for scripting capabilities.
If you think that's bad, until very recently, Windows used to parse ttf directly in the kernel, meaning that a target could look at a webpage, or read an email, and be executing arbitrary code in ring0.
Last I checked there were about 4-10 TTF bugs discovered and actively exploited per year. I think I heard those stats in 2018 or so. This has been a well known and very commonly exploited attack vector for at least 20 years.
I'm pretty sure it can't. There's nothing in a WAV file that's meant to be executed. A quick google turns up a DirectX vulnerability from 2007 (a validation error that's not inherent to the WAV format per se), and a recent case of WAV files being used to conceal malicious payloads (but coupled with a loader).
Having said that, the "arbitrary code" found in TrueType is not really arbitrary either - it's not supposed to be able to do anything except change the appearance of the font. From a security standpoint, there's no theoretical difference between a WAV and a TTF font - neither can hurt your machine if the loader is bug-free. Practically speaking though, a font renderer that needs to implement a sort of virtual machine is more complex, and therefore more likely to have exploitable bugs, than a WAV renderer that simply needs to swap a few bytes around and shove them at a DAC.
No, TTF is fully turning complete. Maybe I should have specified that in the original post. WAV is just "vibrate speaker this way" over and over again.
I realize this, but the fact that the format is "Turing complete" doesn't actually have any direct bearing on whether it's exploitable. Because the input to a TTF engine is not actually x86 machine code, it's misleading to frame it as "arbitrary code in ring0". It's not arbitrary - it can't do anything unless the TTF engine has bugs. And any format loader can have exploitable bugs, not just Turing complete ones.
Security wise, Turing completeness doesn't matter[note]. All that really matters is that the implementation of the format is complex. H264 is not Turing complete, but it is complex, and thus a frequent source of vulnerabilities. Conversely you could probably put a toy Brainfuck interpreter in ring0 and, with moderate care, be confident that no malicious Brainfuck code can take over your system.
[note] It matters a little bit if you consider it a "security" problem that you lose any guarantees of how long a file might take to load. A malicious file could infinite loop, and thus deny service. But then again, this isn't restricted to Turing complete formats - a zip bomb can also deny service this way.
It's technically not arbitrary. There is a stack, of sorts, but IIRC it has a depth of six or so, by default. You can do cool stuff with font shaping, but you can't easily execute arbitrary code.
Certain design tools type sites like Canva or Pitch allow you to upload fonts and obviously control the content. They are frequently used by phishers to make official looking phishing pages on a trusted source, leading to a cat and mouse game where the companies try to catch phishing like indicators in the content and flag them up for human review or block immediately.
In that case being able to show arbitrary other text would definitely be a hindrance because the scanning software typically looks at the data stored in the database. However I think you don't need a Turing machine to exploit this — you could have a single ligature in a well crafted font produce a full paragraph of text.
Perhaps there's an alternative vector where someone's premade font on a site that doesn't allow font uploading can be exploited to make arbitrary calculations given certain character strings. Maybe bitcoin mining, if you could find a way to phone home with the result
If you can trick someone into installing the font, you can now control what they read. Unfortunately a lot of hacks involve the user doing something dumb and avoidable.
If this font format is successful, then given enough time, it will become legacy. People won't be as vigilant about it, and they won't understand the internals as well. This is why TIFF-based exploits became so common 20-30 years after TIFF's heyday.
> Not really, no more so than a random webpage running js/WASM in a sandbox.
... except that it can happen in non-browser contexts.
Even for browsers, it took 20+ years to arrive at a combination of ugly hacks and standard practices where developers who make no mistakes in following a million arcane rules can mostly avoid the massive day-one security problems caused by JavaScript (and its interaction with other misfeatures like cookies and various cross-site nonsense). During all of which time the "Web platform" types were beavering away giving it more access to more things.
The Worldwide Web technology stack is a pile of ill-thought-out disasters (or, for early, core architectural decisions, not-thought-out-at-all disasters), all vaguely contained with horrendous hackery. This adds to the pile.
> The only output from the WASM is to draw to screen.
Which can be used to deceive the user in all kinds of well-understood ways.
> There is no chance of a RCE, or data exfiltration.
Assuming there are no bugs in the giant mass of code that a font can now exercise.
I used to write software security standards for a living. Finding out that you could embed WASM in fonts would have created maybe two weeks of work for me, figuring out the implications and deciding what, if anything, could be done about them. Based on, I don't know, a hundred similar cases, I believe I probably would have found some practical issues. I might or might not have been able to come up with any protections that the people writing code downstream of me could (a) understand and (b) feasibly implement.
Assuming I'd found any requirements-worthy response, it probably would have meant much, much more work than that for the people who at least theoretically had to implement it, and for the people who had to check their compliance. At one company.
So somebody can make their kerning pretty in some obscure corner case.
It's still horrible, not in a (direct) security but in an interop sense: Now you have to embed an entire WASM engine, including proper sandboxing, just to render the font correctly. That's a huge increase of complexity and attack surface.
Normalizing the complexity doesn't make it go away.
Ideally, I'd like not to execute any kind of arbitrary code when doing something mundane as rendering a font. If that's not possible, then the code could be restricted to someting less than turing complete, e.g. formula evaluation (i.e. lambda calculus) without arbitrary recursion.
The problem is that even sandboxed code is unpredictable in terms of memory and runtime cost and can only be statically analyzed to a limited extent (halting problem and all).
Additionally, once it's there, people will bring in libraries, frameworks and sprawling dependency trees, which will further increase the computing cost and unpredictability of it.
That's why I care so much about WebAssembly (and other sandbox) features that can set a strict limit on the amount of memory and CPU that the executing code can access.
Exactly that! And speaking of quotas, nobody can explain, why Ethereum Virtual Machine-like quotas were not enforced in the standard.
Imagine that you download a .odt/docx/pdf form with embedded font in LibreOffice in 2025. You start to type some text... And font start to saturate FPU ports (i.e. div/sqrt) in specific pattern. Meanwhile some tab in browser measures CPU load or port saturation by doing some simple action, and capture every character you typed.
While neat in a "because we can" kind of sense, it really is maddening: Have we gone "compute-mad" and will end up needing a full-fledged VM to render ever-smaller subsets of UI or content until ... what?
What is the end game here?
It is kind of like a "fractal" attack surface, with increasing surface the "deeper" one looks into it. It is nightmarish from that perspective ...
I’m open to your idea, but can you explain in technical terms why a wasm sandbox is invulnerable to the possibility of escape vulnerabilities when other flavors of sandboxes have not been?
I read this book at a friend’s recommendation in 2014 after nearly a decade of frequent episodes of debilitating back pain (also diagnosed as a her herniated disc).
Gave it an honest try because I figured I couldn’t lose- Either at home or I could make fun of my buddy for recommending nonsense.
Genuinely life changing for me.
Ever since, on the rare occasions when it does flare up again I reflect on the ideas from the book and apply them. Works amazingly well.
Yep, I also have recurrences. They coincide perfectly with stress. Now instead of thinking I am
physically falling apart, I focus on the idea that I am
emotionally falling apart. :) Works so much better!
Around a dozen years ago, my business was designing building and supporting physical infrastructure for startups.
One company was humming along nicely on $4000 of used hardware and a $2000 a month cage in a Colo facility.
Their business had ramped up and got some funding, so we got them another 60k worth of hardware in nother facility.
They onboarded still more customers to where they needed a few thousand dollars worth of SSDs to keep up with their random io demands.
But their new VC-installed CTO was like… No! We spent all this money on hardware and it’s not doing what we need it to! That’s crap! We’re gonna move to the cloud and save money.
So they moved to Amazon.
Their first month’s bill was $50,000. And it only went up from there.
The cloud is dandy for small workloads. But where you’ve got a consistently large workload the break even point on owning your hardware is a lot lower than most people think, even factoring in infra management expenses.
> Their first month’s bill was $50,000. And it only went up from there.
Well, I've read it's not uncommon to have salaries of 200-500k USD/year per programmer, on that scale may be it doesn't matter is it 50k spending on infra or 100k . For others such extra spending is _something_ though.
50k*12=600k, equivalent to 1-3 SWE employees; practically not even a single small team. It's nothing.
Individual contributors see these numbers and act like it's some huge amount of money but in the grander scheme of things when you're approving budgets for multiple teams of senior SWEs and other roles, it doesn't even register.
I’ve seen ICs lose promotions they were on course for and get wrecked on their bonuses for losing track of a single $50k/mo cluster in AWS and leaving it running though unused. At a FAANG company.
So, ICs who sweat that kind of waste are right to do so. If management sees that someone thinks 50k/mo is no big deal to squander, bet your ass there’s a good chance they’ll take at least a month’s worth out of that person’s annual bonus since that kind of money matters so little to them.
I’ll bet this isn’t apples to apples comparison and the bill was for a lot more resources.
Ec2 or Ecs Clusters per developer, leave experimental shiny cloud service running … etc
One morning a few years ago as I was getting ready to get in the shower a spam call comes in to my landline. I don’t remember the exact bogosity but I think it was the ol’ your computer has a virus thing. When he asks for payment I say I will get my credit card but it is down in my car and will he wait? He agrees and damned if he wasn’t still waiting for me when I got out of the shower 20 minutes later.
My personal best was 2 hours and 10 minutes before it was me that got sick of playing them.
After that I put the "This Number Out of Service" tones (http://www.k3pgp.org/telezap.htm) on my answering message. That knocked out a lot of the spam diallers.
Usually I don't answer any number that's not on my contacts list, and let them go to voice-mail. If they really need me, they'll leave a message.
I do that too. I even got an app that does this automatically. I just get a silent notification afterwards, it's great. It's very rare that I'm expecting a call from someone I don't know already, so there's no problem.
Unfortunately, not everyone has this privilege -- people who work with sales, for instance.
You are a hero. We need a personally secretary app that would identify spam calls and keep them waiting forever, plying To Elise music in the background.
https://github.com/mrash/fwknop
And what have you got to protest against DoS attacks on your packet inspection mechanism?