[Cryptography] Buffer Overflows & Spectre
Henry Baker
hbaker1 at pipeline.com
Mon Nov 19 09:50:30 EST 2018
Is it just me, or does anyone else feel a deep sense of betrayal and irony?
We in computer science have spent 50+ years advocating proper code hygiene in which every array reference is properly bounds-checked to avoid the dreaded *buffer overflow*.
We've beaten up on languages such as C & C++ for their bad hygiene, and attempted to steer students towards modern languages which are *safe by design*, because they obsessively and anally check every array reference.
What has it netted us?
We've been undone by our own hardware, which *ignores* our *explicit instructions* to check every array reference -- e.g., Spectre.
Isn't it time for a *class action lawsuit* against every CPU vendor?
This is not just *negligence*, but outright *fraud*, because the CPU violates its own advertising !
It is as if an automobile manufacturer put a Spectre-like bug in our automobile braking systems which occasionally ignored the brake pedal because it adversely affected gas mileage. Who cares about a few "accidental" deaths here and there, if the manufacturer can claim a few percentage points additional gas mileage?
***What the CPU manufacturers have done is every bit as bad as the auto manufacturers did to *cheat the emissions testing*! ***
More information about the cryptography
mailing list