TIP: Click on subject to list as thread! ANSI
echo: rberrypi
to: MAYAYANA
from: MARTIN GREGORIE
date: 2020-08-28 12:38:00
subject: Re: Spectre / Meltdown
On Fri, 28 Aug 2020 07:54:30 -0400, Mayayana wrote:

> "gareth evans"  wrote
>
> | Is it true that the RPi4 is susceptible to these | security attacks
> but that no previous versions are?
>
>   Simple rule: If you allow javascript or other executable
> code online, you're a sitting duck. If you also store private data on
> your computer, use credit cards online, bank online, etc, you're a
> sitting duck with something to lose.
>
>   That might seem extreme or paranoid, but it's just the
> facts. People want to believe computers can be made safe. Executable
> code cannot be made safe. And these days we're going in the opposite
> direction, toward the cloud model of computing based on corporate
> systems,
> where the network is considered safe while your family or housemates or
> co-workers are considered to be risks.
>
>   When you combine the corporate security model with
> SOHo usage you get crazy risk.

I'm really disapointed that there hasn't been more work done on both
hardware as OS design to make cross-process interference impossible and
to properly implement hardware protection rings to stop application-level
code clobbering the OS and the OS from clobbering to low-level drivers.

This stuff isn't new: systems have been built that way since the early to
mid 70s. Two examples I know of are the ICL 2900 series and the IBM
Future Series.

The ICL 2900 architecture supported all the features I mentioned above.

The IBM implementation didn't have hardware rings of oritection but did
run each process in its own address space. It was initially killed before
being revived as the System/38, which morphed into the AS/400 before
being renamed as the iSeries.

The IBM approach still exists as Power series chips, but the 2900
architecture is now almost irretrievably lost. Pity, because both systems
were almost bulletproof in terms of limiting the damage a piece of bad
code could do.

Linux on X86 chips should be able to provide some protection via the
three protection rings they (used to?) provide, but does Linux use them
to prevent one process clobbering another? I'd hope so, but have never
seen any information about that.


--
Martin    | martin at
Gregorie  | gregorie dot org

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | FidoUsenet Gateway (3:770/3)
SOURCE: echomail via QWK@docsplace.org

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.