The latest computer security threats to you are “Spectre” and “Meltdown”, according to Nicholas Weaver on Lawfare. What to do?
Lawfare readers should respond in two ways: keep their operating systems up to date and, critically, install an ad-blocker for your web browser. (Here are guides on how to do so in Chrome and Firefox.) In fact, a proper response to Spectre should involve ad-blocking on all government computers. Other than that, don’t worry.
I really should try that, since I use Firefox and Vivaldi, the latter of which is a Chrome-derived browser.
So what’s going on?
Modern computers are incredibly complicated but almost all the performance comes from attempting to exploit two concepts: caches and parallelism. And modern computer security often rests on a principle of isolation, blocking the ability of one program to learn or affect what else is happening on the computer. Spectre and Meltdown exploit breaches of isolation due to the interaction of caches and some parallelism features.
And then some high-level technical stuff.
Back when I was studying and working with Mythryl, the person leading that work was the late Cynbe ru Taren. I recall his analysis of how functional programming’s treatment of data would affect performance in a program designed to take advantage of multiple CPUs (cores) in a computer: because the data was not variable, it did not have to be copied to each core that might access it every time it changed. He felt that would be a tremendous boost to performance. I don’t believe he ever sat down and proved it, but it seemed quite reasonable to me, although my thread programming, which can involve the implicit use of available CPUs, has been very limited.
Which leaves me to wonder: if we changed common programming practice to move to functional languages that, by and large, don’t use variables, could we dispense with hardware optimizations which lead to security holes?
