By: Björn Ragnar Björnsson (bjorn.ragnar.delete@this.gmail.com), July 2, 2022 6:44 pm
Room: Moderated Discussions
Kester L (nobody.delete@this.nothing.com) on June 29, 2022 1:49 pm wrote:
> https://queue.acm.org/detail.cfm?id=3534854
>
>
>
> Your thoughts on this article? I was under the impression that a lot of the 80s attempts
> at capability machines (or really, anything that wasn't trying to be a glorified PDP-11)
> floundered because of performance and cost issues (i.e. the Intel i432).
>
Poul-Henning is probably a pretty clever guy. But lets get real, there is no
free lunch. Object store? Eventually it's going to go to an array of bits on
an array of RAM chips/modules (ie linear). There is simply no way to rub out
that fact from the Universe. Sure, you can have capability or access rights
associated with an address (and even as part of the address has been tried)
or object but that entails extra bits, extra bits that might save some
page-table levels but at the cost of memory bandwidth and memory efficiency.
Which would benefit who? You? Well, it depends on what you're doing. Stacks
of linked lists? Will they cost less to traverse than page-tables, will it
take less time to get them on or off secondary storage? Overall I'm sceptical.
Well then, what about security? What about it? Extraordinary claims require
extraordinary evidence. How is any of this in and of it self going to defeat
side channel attacks in the future? Oh, you were thinking more of curbing
short-sighted programmers? Well, I defer to Knuth: "Structure is a state of
mind, not a set of rules". I've seen the code that gets written in a
"secure environment" and no, it's way less secure than what's produced
by skilled knowledgeable programmers in a less secure language.
> https://queue.acm.org/detail.cfm?id=3534854
>
>
> The linear address space as a concept is unsafe at any speed, and it badly needs mandatory CHERI
> seat belts. But even better would be to get rid of linear address spaces entirely and go back to
> the future, as successfully implemented in the Rational R1000 computer 30-plus years ago.
>
>
> Your thoughts on this article? I was under the impression that a lot of the 80s attempts
> at capability machines (or really, anything that wasn't trying to be a glorified PDP-11)
> floundered because of performance and cost issues (i.e. the Intel i432).
>
Poul-Henning is probably a pretty clever guy. But lets get real, there is no
free lunch. Object store? Eventually it's going to go to an array of bits on
an array of RAM chips/modules (ie linear). There is simply no way to rub out
that fact from the Universe. Sure, you can have capability or access rights
associated with an address (and even as part of the address has been tried)
or object but that entails extra bits, extra bits that might save some
page-table levels but at the cost of memory bandwidth and memory efficiency.
Which would benefit who? You? Well, it depends on what you're doing. Stacks
of linked lists? Will they cost less to traverse than page-tables, will it
take less time to get them on or off secondary storage? Overall I'm sceptical.
Well then, what about security? What about it? Extraordinary claims require
extraordinary evidence. How is any of this in and of it self going to defeat
side channel attacks in the future? Oh, you were thinking more of curbing
short-sighted programmers? Well, I defer to Knuth: "Structure is a state of
mind, not a set of rules". I've seen the code that gets written in a
"secure environment" and no, it's way less secure than what's produced
by skilled knowledgeable programmers in a less secure language.
