Intel design flaw

Fri Jan 5 04:08:37 PST 2018

On Thu, Jan 04, 2018 at 10:03:00AM -0800, Ryan Carboni wrote:
> https://lkml.org/lkml/2018/1/3/797
> 
> A *competent* CPU engineer would fix this by making sure speculation
> > doesn't happen across protection domains. Maybe even a L1 I$ that is
> > keyed by CPL.
> 
> https://news.ycombinator.com/item?id=10518480
> 
> Aye, too many people have this defeatist attitude that since perfect
> > security will never be possible, therefore the only valid solution is
> > reactive security (bug-patch cycles). Patch dependence is considered too
> > entrenched for making some changes like replacing ambient authority with
> > capabilities, using failure-oblivious computing [1] to redirect invalid
> > reads and writes, using separation kernels, information flow control,
> > proper MLS [2], program shepherding for origin and control flow monitoring
> > [3] and general fault tolerance/self-healing [4].

> > I used to look up to Linus Torvalds as many did, but am increasingly
> > beginning to see him as a threat to the advancement of the industry with
> > his faux pragmatism that has led him to speak out against everything from
> > security to microkernels and kernel debuggers.

And debugged copyleft licenses.

But, oh he's pragmatic alright - pragmatic is of course contextual,
and Linus' (and the majority of the subsystem maintainers) pragmatism
puts performance above most other things - although it could also be
reasonably argued that functionality is put over most other
considerations - lack of performance is of course a "lack of
functionality", and bugs are another type of lack of functionality;

this is a very utilitarian (i.e. “pragmatic”) approach, but to the
detriment of security, and also to the detriment of moral principles
- that bug in the GPL 2 which effectively allowed for the proprietary
appropriation of $2 trillian of values from the free/libre software
ecosystem over the last two decades (into Googoyle, Twatter,
Facesluts, Amazon and many other centralisations and hoarding of code
in the pursuit of money, co-opting authority and dashing rights and
freedoms on the sociopathic alter of "shareholder profit imperative".

Well, sheeeiiit. What do we expect when the most prominent one,
Linus, proclaims in every interview ever that freedom and liberty are
political and so "I don't want to get involved in that shit, just
gibs me dat code already, it's useful and this "free software"
development model makes lots of really cool code and gibs me lots of
shiny things".

Except $2 Trillian dollars of shiny things value is locked up in
corporate structures owned and controlled by (((certain individuals
with an extremist ideology, authoritarian bent and tribal
consciousness whom we are getting somewhat familiar with these
days))).

And freedom is looking more like 1984 and The Ministry of Truth every
week.

<sarcasm> Yeah, like, thanks, Linus - ’cause who needs freedom,
          right?
<sarcasm/>

> > [1] https://www.doc.ic.ac.uk/~cristic/papers/fo-osdi-04.pdf
> > [2] http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.52....
> > [3] https://www.usenix.org/legacy/events/sec02/full_papers/kiria...
> > [4] https://www.cs.columbia.edu/~angelos/Papers/2007/mmm-acns-se...