“Safe languages have great engineering benefits and will continue to be the basis for the future, but… on today’s hardware they leak a little.” — @v8js on Spectre
https://v8.dev/blog/spectre https://twitter.com/v8js/status/1120661732836499461 …
-
-
- Još 1 odgovor
Novi razgovor -
-
-
I read the blog and the paper - am I correct in thinking that Site Isolation is the only Spectre mitigation still shipping in Chrome/V8? Reptolines, poison registers etc... aren't used? Is timer precision still degraded?
-
When SI is active, we disable all the other V8-side mitigations. This is handled on a platform level: Android still has the mitigations enabled because no SI yet.
Kraj razgovora
Novi razgovor -
-
-
"the idea that safe languages enforce a proper abstraction boundary [...] has been a guarantee upon which our mental models have been built. It is a depressing conclusion that our models were wrong". Lesson learnt some time ago on
@java. What's depressing is : hardware too leaks!Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
What's the latest on hardware mitigations for Spectre? If it's feasible is there scope for V8 to detect hardware mitigations and omit the software mitigations (restoring full performance)?
-
That's a question best answered by Intel.
Kraj razgovora
Novi razgovor -
-
-
“On all browsers, the resolution of http://performance.now () was reduced (in Chrome, from 5 microseconds to 100)” Don’t you mean increased?
-
an increased resolution has a decreased grain size; it should stand as written
Kraj razgovora
Novi razgovor -
-
-
Tweet je nedostupan.
- Kraj razgovora
-
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
A year with Spectre: a V8 perspective
In which the V8 team details their analysis and mitigation strategy for Spectre, one of the top computer security issues of 2018.