@thegibson log4shell was funny because it was a fundamental broken design.

Similar to Java deserialisation in some way.


Pictured: Me watching everything come tumbling down, tumbling down, tumbling down.

@thegibson Well, they could be. But that would require reworking the entire architecture of most modern CPUs, and like @millihertz was discussing this morning, we're 30 years into lock-in at this point.

@noelle @thegibson @millihertz You wouldn't be able to get the same level of performance though. Both hardware and software mitigations incur a performance hit.

@vertigo @thegibson @millihertz Perhaps! But as tamsyn said: ""all modern CPUs have unfixable security flaws" no, really? well, perhaps it's time to question whether we made a colossal mistake 30 years ago when we all conspired to take the path of letting CPU speed inflate to such a massive multiple of memory speed"

@vertigo @thegibson @millihertz We're already reaching the edge of Moore's Law, if we haven't already; it might be okay if we didn't make Number Go Up for a while?

@noelle @vertigo @TheGibson @millihertz We should never have left the coolcool waters of the M68k processors.

We have sinned.

@craigmaloney @noelle @thegibson @millihertz Single-issue, pipelined RISC with static branch prediction is OK and completely safe. (Static branch prediction basically assumes any backward branch is in a loop and takes the branch by default. Forward and indirect branches are treated normally; that is, they'll flush the pipeline and instruction queue.)

@noelle @thegibson @millihertz Oh, there's no question that we made a mistake of such proportions. 😏 Somehow, we either need to rethink how we write software to overcome Amdahl's Law, or we need to wean people off the performance "drug". Preferably, both!

Sign in to participate in the conversation

A bunch of technomancers in the fediverse. This arcology is for all who wash up upon it's digital shore.