I hope I understand your question correctly.
The request asks for something in protected memory and also asks for something based off a portion of the protected memory (like the first byte). The system denies access to the request then puts both results in cache.
The attacker then asks for a byte of memory similar to the second request, which the system tries to get from cache but then goes to memory since it wasn't in cache. The attacker doesn't want that result so cancels the request and asks for another byte similar to the second request. That process repeats until the system says "Hey this byte is in my cache" and gives the result back to the attacker. That let's the attacker know what the first byte of that protected memory was. The attacker then repeats that whole process until they've read the entire protected memory, which is at a rate of 1500/bytes a second.
It never gets the actual protected memory from the cache.
Containers are an abstraction that exist using cgroups and namespaces for isolation. They use the hosts' kernel, it's not virtualized. Containers are only limited by the capabilities of namespaces and cgroups, unlike vms.
You might be dismissing microservices too quickly. They do have overhead but so does any level of abstract; the benefit of them though is clear separation of responsibilities between services and residency(Swarms, clusters, etc). Both can be achieved with Vms but VMs weren't built with these goals in mind
Nah, that is separate physical machines. For VMs it's more like a multitenant toaster colo, with every toaster in its own asbestos cage, but sharing power and network^Wbread. For containers, it's like putting them all in one house but putting a fuse and RCD on every toaster. A traditional server is building a custom house each time and the toasters are all plugged into the same socket.
I'm not sure the toaster analogy will gain mass acceptance.
What if you're hosting toasters owned by people who might be rude teenagers who want to set any house with a rival toaster in it on fire?
When Docker can safely protect a Minecraft server in one container from a local DoS attack coming from a bot running in a sibling container, I'll reconsider using VMs. :P
Don't go poacher hunting yourself, arm and pay some locals to do it - help the community and all that, discourage the kind of desperation that leads to poaching in the first place.
I'm game. Let's go protect the wildlife. Though the best course of action would be finding ways to temper demand for poached animals. Easier said than done I know.
I doubt you'd get busted for passing off fake ivory even without such a change, probably not many people want to out themselves as an ivory buyer to authorities and media.
Education might also help rhinos from losing their tusks. Too many believe that the tusks help verility of all things. Without sounding ethnocentric these cultural beliefs are harmful and incongruent or unbecoming of an educated society
I agree, this is crucial information for assessing the incident. Autodrive crashes are going to be greater than zero, the important question is are they going to be less than manual driving?
