Incidentally, Spectre and Meltdown are making me really grateful I took 6.004 and http://csg.csail.mit.edu/6.S078/6_S078_2012_www/ … at MIT. It's a much more visceral "I could have made that mistake" having actually implemented a branch predictor in Bluespec/Verilog.
-
Show this thread
-
Replying to @lizthegrey
My visceral reaction is "uhg, why are hardware people so ignorant about the concept of privilege domains?" The whole concept of speculative loads from speculative addresses is a huge red flag.
1 reply 0 retweets 1 like -
Replying to @RichFelker
Hah, I imagine hardware people have all kinds of gripes about the ignorance of software people too :)
1 reply 0 retweets 0 likes -
Replying to @lizthegrey
Yes, but it's not our job to be making the reliable foundation upon which everything they do depends.
1 reply 0 retweets 0 likes -
Replying to @RichFelker @lizthegrey
One thing's for sure though - infosec ppl really should delve into understanding hardware more.
1 reply 0 retweets 1 like -
Replying to @RichFelker @lizthegrey
I'd say 9/10 serious infosec peeps would respond to "it does speculative loads from speculative addresses" with a "holy fucking W T F ?!?!" and at least 5/10 would find vulns once being aware of that.
1 reply 0 retweets 1 like -
Replying to @RichFelker @lizthegrey
I think that's hindsight bias talking. https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html … lists references starting from http://www.cs.binghamton.edu/~dima/micro16.pdf … where serious infosec folks broke *parts* of speculative execution without realizing they could actually read data with it.
1 reply 0 retweets 3 likes
Yes but that's the complex BTB stuff. "Variant 1" (bounds check bypass) is much more obvious once someone tells you cpus are doing something that idiotic.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.