Huh. So, the Android team just decided that because closing high-resolution side channels is hard, no one needs CPU utilization information for apps on their phone any more?
-
-
It is relatively plausible that they’re putting out a panic patch because mobile is dreadfully affected.
-
No, this was with Oreo as a whole, and it doesn't feel like an emergency mitigation. And second+ granularity buckets aren't conceivably a side channel.
-
I've been arguing for coarse grain time buckets against side channels for years, so I don't disagree. But Android's almost certainly rife with thousands of variations of attacks here. Coarse grain reactions also include turning it off until you understand it better.
-
Yeah. I don't get the feeling that's what they're doing, though.
-
On what grounds? Not like there's exactly a constituency around making perf optimization harder. Privacy's what came up back when I was dealing with this in Firefox.
-
In some of the bug threads, they explicitly rejected even many-second bucketed stats.
-
At the end of the day we have a bug class where threading and context switching themselves are more likely than not to be unsafe on present hardware. There's a lot of skepticism about any provable assertions in today's designs. Overcaution to be expected.
-
It's not clear to me, from the timing, that this was actually about speculative exec vs. leaking other app activities.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.