Hacker News new | past | comments | ask | show | jobs | submit login
What Spectre Means for Lanugage Implementers [video] (youtube.com)
42 points by cmeiklejohn 88 days ago | hide | past | web | favorite | 17 comments



> Conclusion:

> * Programming language implementations cannot establish confidentiality on today's hardware

> * Don't run untrusted code in the same process with secrets it could steal

I understand that because of this, browsers are moving towards running untrusted JavaScript code in separate processes, so that confidentiality is provided by process boundaries.

Does anyone know whether other applications that embed scripting languages and run untrusted code (e.g. games that embed Lua[JIT]) are also moving towards a multi-process architecture?


> I understand that because of this, browsers are moving towards running untrusted JavaScript code in separate processes, so that confidentiality is provided by process boundaries.

Google was moving on that feature before Spectre. Confidentiality is a rather strong word here. Web pages literally include random 3rd party code to run within the same process and that isolation on top of process boundaries doesn't address that, it's only addressing some hypothetical threat of a tab or a child frame stealing data and I'm not sure whether they even isolate child frames (EDIT: they try). A tab stealing data is too remote of a possibility if at all practical and 3rd party child frames are usually created by 3rd party javascript already running within process boundaries, so no confidentiality there. It's possible that some 3rd parties may want to sandbox the code they let other 3rd parties run in your browser, but that does nothing to guarantee any confidentiality.

It's not that bad for newly designed languages or for languages willing to break compatibility. There are multiple approaches that can be used to protect from Spectre within the same process, plenty of ideas floating around.



Doesn't Spectre work across process boundaries?



No. Meltdown allows for reading kernel memory, subverting traditional memory isolation techniques. Spectre abuses speculative execution to perform side-channel attacks to leak information in general, including across process boundaries.


Only tangentially related: what does Spectre means for single address space OSs (Midori, Singularity)?


It's game over for them, until hardware offers mechanisms to close these side channels.


That's a very weird typo for language. Usually we can tell what word was meant if some letters are missing from what I understand, but for some reason this one was surprisingly bad.


> Usually we can tell what word was meant

It's called typoglycaemia. I actually wrote a library[0] the other day that will jumble up text in typoglycaemic fashion, mainly because I was bored but also because I want to try it out when having arguments <cough> sorry, healthy debate on social media <cough, cough> as (apparently[1]) it changes the mode of thinking the reader uses:

> In a final study, Gervais and Norenzayan used an even more subtle way of activating analytic thinking: by having participants fill out a survey measuring their religious beliefs that was printed in either clear font or font that was difficult to read. Prior research has shown that difficult-to-read font promotes analytic thinking by forcing participants to slow down and think more carefully about the meaning of what they are reading. The researchers found that participants who filled out a survey that was printed in unclear font expressed less belief as compared to those who filled out the same survey in the clear font.

[0] Typoglycaemic https://github.com/yb66/typoglycaemic

[1] How Critical Thinkers Lose Their Faith in God, Daisy Grewal, May 1, 2012, Scientific American https://www.scientificamerican.com/article/how-critical-thin...

Edit: one day I'll remember which bits of markdown work on HN. That day is not today.


I felt there was enough context to parse correctly because:

- Spectre is a well known vulnerability in speculative execution

- I know that speculative execution bugs had compiler workarounds involving how you do your jumps (retpoline etc.)

- "language implementer" is a common synonym or overlapping term with "compiler author"


oh, very clever


wait, we're making a joke about "lanugage" being a result of out-of-order execution, right?


I literally didn't realise there was a mistake until I read your comment. It's just two adjacent letters that have been swapped.

I certainly understand how someone might read 'lanugage' and be thrown off by it, but I don't think it's as objectively terrible, or even weird, a typo as you're making it out to be.


If you look at it in isolation, it's really bad. In the context of a sentence, though, I didn't notice it. OP must be a slow reader.


"LANugage" would be a perfectly cromulent name for a LAN network optimization and metrics tool.


People would misspell it all the time, though.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: