Would you buy/use a computer that ran 3x slower than modern machines if it were more secure (less vulnerable to side-channel attacks)?

@lxoliva had some compelling words about this at LP2019:


I don't know if your comment related at all to Spectre, but---if all the software running on your system is free software, what is there to fear? And I agree.

The biggest trouble is that people often run non-free and untrusted code all of the time in their web browsers, and don't see it as a software freedom or security issue. It's important to recognize it for what it is---untrusted, unsigned, ephemeral software---if you're going to consider security tradeoffs when it comes to certain mitigations. I personally don't run JS at all, even if it's free, with very few exceptions, because it's unsigned.

@mikegerwitz @lxoliva I'm glad you ack'ed the "not signed" aspect; regarding the nonfree vs free software: mark the metadata of javascript as librejs compatible, then perform a read or write attack against the system. (Heck, it even *could* be free software compliant; most likely the target isn't checking the licensing situation when they're under such attack, but it's also trivial to lie about it.)

@mikegerwitz @lxoliva However, we shouldn't believe that just because something is free software that it is trustworthy, or that we have the capacity to fully audit our software systems for security. The sad reality is that people run way too much code to be able to trust or audit systems, and Ka-Ping Yee's thesis showed that if an attacker wants to add vulnerabilities to (even free) software, even the best programmers won't detect it zesty.ca/pubs/yee-phd.pdf


@mikegerwitz @lxoliva At any rate, defense in depth. Free software helps, but we shouldn't be saying "well, we're not going to be bother with these other (critical) layers because we're just focusing on this one layer."

Also as someone who wants to build a decentralized, free software powered distributed game where you can safely run other peoples' game code, heck yeah I want to be sure that it doesn't open my system to attacks.

· · Web · 1 · 0 · 0
@mikegerwitz @cwebber it's not just about being free software, you have to actually know that it does what you wish, which requires auditing by a trusted party. truth is we've long known about side-channel attacks that allow information leaks. s&m aren't the first nor the last of these, and some are deemed unfixable, so if you wish to run untrusted code on your system, you'd better not have information you wish to keep private on it
Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!