arene_base provides low level C++ facilities to help development of safety critical software in compliance with Woven by Toyota's C++ development best practices.
Correct, that was my intent - Ben isn't the proper channel as he is just an engineer responding to comments here. Stuff like this is serious and so should be escalated.
Nothing. This isn't something that is even tracked. AI usage is obviously encouraged but HR has far better things to do than go gather this kind of data.
Internally, depending on what product is being worked on teams will have different development flows and different usage points of AI. For things like VSCode, teams have freedom on how they use it completely.
QNX is heavily used in industries where functional safety or particular high assurance models are required.
Sure FreeRTOS has a SafeRTOS mode, but its not sufficiently functional for a modern ADAS stack or complex robotics systems. QNX is used in all major automotive companies around the world for a reason, and a crucial part of NVIDIA's DriveOS stack.
"Microsoft made both changes in response to antitrust concerns from the European Commission. Led by Symantec, the world's largest antivirus software maker, security companies had publicly criticised Microsoft over both Vista features and also talked to European competition officials about their gripes."
Perhaps reactive, but there were definitely conversations between EU and MS.
As someone that watched the video (and directly worked on this stuff during my time at MS), I think Marcus has no idea on how the OS vendors relationships work with governments. He misses the fact that if Windows releases user-level APIs that provide similar functionality, it would break existing functionality and force a migration.
For the example he uses patch guard, existing functionality did not break anywhere as significant as say would evicting drivers from the kernel.
Windows does have the ability to have sovereign builds (and has had this since 2016?), but the capability wasn't present when the decision was made (in 2006). Windows build is complex and tightly coupled with performance testing, telemetry collection, etc and at the time this decision was made, not feasible to do.
Reversing a change from 2006 would likely bring anti-trust action from the remainder of the world immediately, as that change from 2006 is relied on by everyone else globally today.
The EUs stance isn't bad either, as MS has a competitor in this space that also relies on a kernel driver (MDATP does use a kernel driver) and it is unlikely MS would remove its own competitor from the kernel (at least this item was not discussed during my time at MS and I was in the security space of Windows).
As someone that worked at MS, on a team that worked directly on this issue (among other things) some years ago, MS did figure out better solutions and did discuss it with industry.
Kaspersky was running an SSL/TLS Proxy in the kernel IIRC and didn't want to have to move it elsewhere due to the fact it would require them to rework their product quite a bit.
The solutions MS (we) proposed were agnostic and overall better, the anti-malware industry simply doesn't want to make the changes as these things do impose technical work on existing products.
So the grandparent poster has a fundamental misunderstanding of how Windows works, and why CrowdStrike has a kernel driver in the first place.
Microsoft has long desired to kick AV vendors out of kernel space and has even attempted to do so prior, however because of its dominant position in the market, it is unable to do so. I was at MS when an iteration of this effort was underway, and the EU said no.
See, Windows is a highly regulated OS today, and making a change like kicking out AV vendors from the kernel runs afoul of antitrust laws.
Microsoft also has ELAM: https://learn.microsoft.com/en-us/windows-hardware/drivers/i... which is a rootkit / bootkit defensive mechanism. A defect in the definition files (as noted in the twitter thread) is what caused the crash in an ELAM driver. CrowdStrike obviously was not following the required process for ELAM drivers.
This makes it something that the average person cannot do; you're suggesting something that already requires more time and resources than 75% of the population has access to.
If you're serious about this than go talk to a non-tech person and tell them to self-host email and see how they do. Look at their challenges, build a solution and then offer it.
Of course, but it that’s good in most cases as then you don’t get an overreaction.
The right people will read it (Chattr.ai’s customers) and respond . Right now everyone looks at it and some CISO will overreact and make everyone go check their Firebase configurations which may likely be a non-value add.
No, as company employee is directly tied to and the responsibility of the company.
These companies are responsible for their employees behavior and data but they are not responsible for nor legally liable for (in most cases, some exceptions apply) the actions of a third party that they have retained to help with hiring.
In fact the contract they have with said third party likely absolves them of any liability.
The title should be: I owned an AI startup via Firebase misconfiguration.
You can even name the startup if you want. That’s not flashy though and this person wants marketing.