Show Navigation

Public
- Public
- Network
- Groups
- Popular
- People

Conversation

Notices

Christine Lemmer-Webber (cwebber@octodon.social)'s status on Thursday, 11-Jan-2018 11:25:32 EST Christine Lemmer-Webber

Somber post by @wingo
"Spectre and the End of Langsec" https://wingolog.org/archives/2018/01/11/spectre-and-the-end-of-langsec

In conversation Thursday, 11-Jan-2018 11:25:32 EST from octodon.social permalink
1. clacke (clacke@social.heldscal.la)'s status on Sunday, 14-Jan-2018 19:55:10 EST clacke
  in reply to
  
  > Mathematically, in terms of the semantics of e.g. JavaScript, these attacks should not be possible. But practically, they work. Spectre shows us that the building blocks provided to us by Intel, ARM, and all the rest are no longer "small parts understood entirely"; that instead now we have to do "basic science" on our CPUs and memory hierarchies to know what they do.
  
  > What's worse, we need to do basic science to come up with adequate mitigations to the Spectre vulnerabilities (side-channel exfiltration of results of speculative execution). Retpolines, poisons and masks, et cetera: none of these are proven to work. They are simply observed to be effective on current hardware. Indeed mitigations are anathema to the correctness-by-construction: if you can prove that a problem doesn't exist, what is there to mitigate?
  
  Leaky abstractions everywhere. Hardware was a mistake.
  
  In conversation Sunday, 14-Jan-2018 19:55:10 EST from social.heldscal.la permalink

Jonkman Microblog is a social network, courtesy of SOBAC Microcomputer Services. It runs on GNU social, version 1.2.0-beta5, available under the GNU Affero General Public License.

All Jonkman Microblog content and data are available under the Creative Commons Attribution 3.0 license.

Switch to desktop site layout.