Aras Pranckevičius is a user on You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.
Aras Pranckevičius @aras

Wondering if there was a security thing with that wide-sweeping changes as /#meltdown; I don't remember any.

All OSes are scrambling to patch their kernels, browsers to patch their JITs and disable features (like threading), compilers adding flags to make virtual calls more expensive to mitigate, etc. etc.

Interesting and scary all at once :)

@aras Popcorn time. Some men just like to watch the world burn 😆

@aras Apparently the Intel CEO started selling stock :P.

@aras What I'm wondering is how/when CPUs won't be vulnerable to these kind of attacks, and we can turn off the workarounds. Obvious things like not caching speculative loads would be even worse for performance.

@jessehall Yeah, good question. Basically boils down to, do you want fast (everything that made CPUs faster in last 20 years, besides clock speed), or do you want secure?

I guess good thing is, things like Spectre don't affect majority of the code/programs. Only things that potentially cross privilege domains or "other things that should not be seen".

@aras Imagine being one of the people who knew about this over the holidays, eating your turkey knowing what was in store 😶

@sinbad @aras I imagine you've both read the papers they released explaining them?

I've only skimmed them but the outside-the-box-ness of these hardware exploits is kinda terrifying!

@darbotron @sinbad Yeah. Fascinating work by the security researchers though. The most basic variant of Spectre is "kinda completely obvious" in retrospect, a bit amazing how it went unnoticed ever since speculative execution started to be a thing (1995s?).

@aras @sinbad I always think that's a good sign of a truly clever discovery - once you see one they're usually super obvious & hard to believe no-one saw them before...

@aras Should have never moved away from real mode. But the name was obviously too much of a clue! :)

@aras I guess Pentium FDIV bug was quite costly - but definitely dwarfed by this one.. since 1995 they say

@aras The scary bit is how many machines will actually get those fixes :)