Would you buy/use a computer that ran 3x slower than modern machines if it were more secure (less vulnerable to side-channel attacks)?
[ ] yes, absolutely
[ ] yes, but not for games
[ ] no, I need all the speed
Would you buy/use a computer that ran 3x slower than modern machines if it were more secure (less vulnerable to side-channel attacks)?
[ ] yes, absolutely
[ ] yes, but not for games
[ ] no, I need all the speed
crossposted to https://twitter.com/dustyweb/status/1127222086144020480
Interestingly, the numbers are very different on here than they are on birdsite. Many more people here seem to be willing to take a speed hit for security here than there. Not surprising, I suppose: selection bias.
@mikegerwitz @lxoliva I'm glad you ack'ed the "not signed" aspect; regarding the nonfree vs free software: mark the metadata of javascript as librejs compatible, then perform a read or write attack against the system. (Heck, it even *could* be free software compliant; most likely the target isn't checking the licensing situation when they're under such attack, but it's also trivial to lie about it.)
@mikegerwitz @lxoliva However, we shouldn't believe that just because something is free software that it is trustworthy, or that we have the capacity to fully audit our software systems for security. The sad reality is that people run way too much code to be able to trust or audit systems, and Ka-Ping Yee's thesis showed that if an attacker wants to add vulnerabilities to (even free) software, even the best programmers won't detect it http://zesty.ca/pubs/yee-phd.pdf
@mikegerwitz @lxoliva At any rate, defense in depth. Free software helps, but we shouldn't be saying "well, we're not going to be bother with these other (critical) layers because we're just focusing on this one layer."
Also as someone who wants to build a decentralized, free software powered distributed game where you can safely run other peoples' game code, heck yeah I want to be sure that it doesn't open my system to attacks.
@mikegerwitz @lxoliva I don't think we're disagreeing there. I'm just arguing for a *multi-pronged approach*, and from there I don't understand where the objections are coming from. I have a hard time believing that if we had a community-oriented libre-hardware-design RISC-V machine that was less vulnerable than these side channel attacks that the bunch of us wouldn't advocate that people should use that *and* free software.
@mikegerwitz I wasn't talking about the microcode updates specifically, but I think they're also a good example if you put the non-freeneess aside of the question as I posed it. But for context, what prompted this conversation was a chat on Friam (meeting of some programming language nerds that happens once a week) where Meltdown/Spectre were discussed, and more fundamental cpu architectural changes were proposed (as well as changing some ways we program, because it's Friam)
Mike Gerwitz's GNU Social Instance is a social network, courtesy of Mike Gerwitz. It runs on GNU social, version 1.2.0-beta4, available under the GNU Affero General Public License.
All Mike Gerwitz's GNU Social Instance content and data are available under the Creative Commons Attribution-ShareAlike 3.0 Unported license.