Do the individual requests in a batch influence each-other?
Not in a floating point non-deterministic kind of way, where exact ordering might introduce some non-determinism (begin position 5th versus being position 10th in the batch lets say).
I'm asking in a semantic way, can context from one request leak into another because they are in the same batch?
Yes if you enable Hyper-V the main Windows installation is running under a hypervisor, but it's running with nearly complete access to the physical hardware.
Even before the virtualization-based security feature was introduced this has been the Hyper-V architecture, on server and client SKUs. The management OS is referred to as the "parent partition" or "root partition," and it runs on top of the hypervisor: https://learn.microsoft.com/en-us/virtualization/hyper-v-on-...
It's various pieces are called Virtualization Based Security/Core Isolation/Hypervisor-Protected Code Integrity
> Virtualization-based security, or VBS, uses hardware virtualization and the Windows hypervisor to create an isolated virtual environment that becomes the root of trust of the OS that assumes the kernel can be compromised.
> While VBS greatly improves platform security, VBS also changes the trust boundaries in a Windows PC. With VBS, the Windows hypervisor controls many aspects of the underlying hardware that provide the basis for the VBS secure environment. The hypervisor must assume the Windows kernel could become compromised by malicious code, and so must protect key system resources from being manipulated from code running in kernel mode in a manner that could compromise security assets.
As far as I know, this doesn't limit CPUs to 8th Gen and newer. Neither does VT-x and the other requirements.
Furthermore, there are supported ways of disabling VBS entirely so the gimped version of Windows 11 that doesn't use VBS you'd get for installing it on older hardware wouldn't be that different from an install you'd disable VBS on to get 15% better performance in video games.
Sigh. Storing nuclear waste is actually pretty cheap. After being removed from the reactor it is put into a pool for a while until it isn't so radioactive and then it is put into dry cask storage. Long term it can and should be stored in a deep geological repository like Finland is doing. A surcharge of 0.1 cent per KWh is applied to all nuclear power to pay for the decommissioning of reactors.
You mean how Finland is planning on doing. It's still not doing it.
> In March, Finland successfully completed the first test of its encapsulation plant, which, if finished, will become the world's first permanent underground storage facility for radioactive waste.
These are local escalation of privilege exploits (becoming root from a regular user), not remote code execution. Escalation of privilege bugs are a dime a dozen.
I think this also requires user (i.e. unprivileged) namespaces since you have to manipulate traffic control queue disciplines (tc qdisc). You normally need to be root to do this, so it's only useful as an escalation if you can do it within a namespace or you can convince some root daemon to do the qdisc manipulation for you (I think unlikely?).
User namespaces opened up an enormous surface area to local privilege escalation since it made a ton of root-only APIs available to non-root users.
I don't think user namespaces are available on android, and it's sometimes disabled on linux distributions, although I think more are starting to enable it.
Yes, and most software runs on a host operating system. Vulnerabilities in the software of 3rd party developers aren’t in scope, even if it extends the kernel. Some networking tasks are delegated to the kernel, but almost all of the really risky stuff is not in the core kernel.
And you are getting something valuable in return. It's probably a good trade for many, especially when they are doing something like summarizing a public article.
I'm not so sure. I have agents that do categorization work. Take a title, drill through a browse tree to find the most applicable leaf category. Lots of other classification tasks that are not particularly sensitive and it's hard to imagine them being very good for training. Also transformations of anonymized numerical data, parsing, etc.
Reading between the lines on this announcment, it sounds like a plan to uncouple the mechanism of msix/appx and Windows packages from the policy of the App Store.
WinUI3 (if anyone ever bothers to use it, including Microsoft) already distributes its library dependency this way, as a store package.
>(if anyone ever bothers to use it, including Microsoft)
I think this is a large part of the problem, within the range of applications MS offers there's range of ways they get distributed, installed and managed. Will office use it? How about visual studio, teams, various windows components? It'd be more 'sit up and listen' interesting if MS committed to using it themselves, showed it works for a range of use cases and was great at doing it.
Office has long been the special case inside Windows Update (or Microsoft Update in the years where the brand changed whether you had Office installed or not), since the earliest days of Windows Update. Windows Update started as Office Update in the Office 97 era before becoming an out-of-the-box Windows thing in Windows 98, as I recall it. (The internet doesn't seem to have images of the Office 97 "Office Update" tool, so either my memory is foggy or it truly was short-lived enough that the general internet and Wikipedia have forgotten it.) In Windows 8 and 10 Microsoft tried to move Office updates into the Store and were mostly successful just about the time that the Office team decided they were bored with the Store and moved back "home" to Windows Update (or Microsoft Update, I suppose, if you insist).
If Office is no longer the special case in Windows Update and more applications can use it, that would be interesting. A lot of third party drivers have already been using it more, and that also seemed a special case before. Opening it up as a platform for any third party seems like a long time coming.
(Visual Studio is an interesting case, too, because some of it has always had security updates in Windows Update, but yet more of it is not updated that way than is. Originally the border lines were "owned by Windows components" versus "Visual Studio owned components" but those lines have become so blurry, especially in the .NET 5+ era where Windows no longer owns anything about .NET, but Windows Update still serves critical security patches.)
Also, the App Store "policies" have been hugely relaxed for years and allow general Win32 apps with no more sandboxing than usual from any other way of installing the app.
Not in several years, no. MSIX, since it was renamed that, supports nearly the full gamut of MSI (just specified in XML directly instead of an ancient, deprecated Microsoft JET database file format and modern ZIP instead of the ancient Windows CAB archive format), and classic-style Win32 apps can be installed with no more of a sandbox than is usual from a raw MSI install rather than an MSIX install.
Not in a floating point non-deterministic kind of way, where exact ordering might introduce some non-determinism (begin position 5th versus being position 10th in the batch lets say).
I'm asking in a semantic way, can context from one request leak into another because they are in the same batch?
reply