Gonna say this one time.
I don’t post this stuff because I am looking for someone to tell me there’s not a scholarly article, or a deeper dive. I post it because of trends I have seen in the reporting of day to day events, and emerging threats.
I didn’t get here on scholarly articles on emerging threats
As this one gets closer to being truly weaponized… You need to know that SPECTRE and Meltdown cannot be patched..
@thegibson we have to tools to solve these problems, but I’ve had little luck convincing anyone with the resources to get it done that it’s real.
These two are just the beginning, and as long as we rely on static logic we’ll have computers that can’t be fixed.
I wrote a (weirdly patriotic?) post about using FPGA to solve this and many other systemic vulnerabilities our computers have, but I’m not sure how to push it forward.
SPECTRE depends on changing between user and kernel modes of operation. The idea is to exploit failed speculation into kernel space. Under these conditions, you're still running in user-space, but the caches now have privileged information in them. How much depends on which paths were speculated in the kernel, and flushing those cache lines in favor of new user-mode content takes time. Hence, the timing side-channel.
With a compiler for a VLIW architecture, this can't occur, because speculation never happens across a privilege boundary. The cache is always hot with the working set of the process currently running.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!