@Fuego New exploit class?
@Fuego Wouldn't shock me. Lots of optimizations fall into a general pattern of short-circuiting what a system's been told to do with something else that provides the same output in less time through side effects. Those side effects have predictable impacts on the system that are invisible to the software, and thus can be leveraged to permit operations the software can't prevent.
@literorrery @Fuego I think this honestly holds true in systems design as a whole
@literorrery even apart from those side effects, optimizations are using some extra information to make these short circuit decisions so you can always infer the information. Further, you can sometimes control the short circuit if you can influence the extra information.
@Fuego So, what you're saying is that there are multiple avenues for an attacker to exploit the concept of optimization, because optimization represents the system interacting with stuff outside the software's control while reporting to the software that everything is normal. And any gap between what a system does and what it reports it did is a potential vector. And that's how we get Twitch Plays Amazon, or whatever the next TASBot masterpiece is.
@Fuego abolish all CPUs with suspiciously high IPC counts! repent of your branch predicting devilry, and bask in the saving grace of the [earliest] 68K!
@ddipaola if you want to be all "I'm switching off intel!" because of meltdown thats pretty much where you need to be. Somewhere prior to the first mips chips.
@Fuego but seriously, we should go back in time and male sure Motorola got the IBM PC CPU contract instead of Intel (or at least the SNES one). 68K is best CISC
@ddipaola its all the same - our fundamental understanding of optimizations contains the flaw - not a particular implementation
(also sparc was the best)
@literorrery it just lets you use known classes in very flexible ways.
i'm convinced every optimization allows for some attacker control or theft of information at this point.