> * Programming language implementations cannot establish confidentiality on today's hardware
> * Don't run untrusted code in the same process with secrets it could steal
Does anyone know whether other applications that embed scripting languages and run untrusted code (e.g. games that embed Lua[JIT]) are also moving towards a multi-process architecture?
It's not that bad for newly designed languages or for languages willing to break compatibility. There are multiple approaches that can be used to protect from Spectre within the same process, plenty of ideas floating around.
It's called typoglycaemia. I actually wrote a library the other day that will jumble up text in typoglycaemic fashion, mainly because I was bored but also because I want to try it out when having arguments <cough> sorry, healthy debate on social media <cough, cough> as (apparently) it changes the mode of thinking the reader uses:
> In a final study, Gervais and Norenzayan used an even more subtle way of activating analytic thinking: by having participants fill out a survey measuring their religious beliefs that was printed in either clear font or font that was difficult to read. Prior research has shown that difficult-to-read font promotes analytic thinking by forcing participants to slow down and think more carefully about the meaning of what they are reading. The researchers found that participants who filled out a survey that was printed in unclear font expressed less belief as compared to those who filled out the same survey in the clear font.
 Typoglycaemic https://github.com/yb66/typoglycaemic
 How Critical Thinkers Lose Their Faith in God, Daisy Grewal, May 1, 2012, Scientific American https://www.scientificamerican.com/article/how-critical-thin...
Edit: one day I'll remember which bits of markdown work on HN. That day is not today.
- Spectre is a well known vulnerability in speculative execution
- I know that speculative execution bugs had compiler workarounds involving how you do your jumps (retpoline etc.)
- "language implementer" is a common synonym or overlapping term with "compiler author"
I certainly understand how someone might read 'lanugage' and be thrown off by it, but I don't think it's as objectively terrible, or even weird, a typo as you're making it out to be.