Meltdown, Spectre, and why hardware can be correct yet insecure

The recent Meltdown and Spectre attacks have exposed, or at least emphasized, a fundamental problem with the conventional approach to computer security at the hardware level. Both of these attacks rely on side channels in conventional processor designs. By exploiting these side channels, an untrusted program can learn the contents of the operating system kernel's memory or … Continue reading Meltdown, Spectre, and why hardware can be correct yet insecure

Advertisements

A pet peeve about hash tables

The hash table is a wonderful data structure. Unfortunately no one wraps it in the right abstraction. Typically, hash table implementations do some hashing internally, which is insufficient unless you're hashing pointers, and wastes time if you're already providing a good hash function. But how do you know if your hash function is good enough? … Continue reading A pet peeve about hash tables

Deserialization considered harmful: the security case for persistent objects

I've done a fair amount of work on persistent object systems, starting with the Thor distributed storage system and more recently, the Fabric system. I used to think the point of persistent object systems was to make programming easier. Lately I think security might be an even stronger argument. For programmers, the great thing about persistent … Continue reading Deserialization considered harmful: the security case for persistent objects

Strategic voting and the Republican primary

I've been interested in voting methods (algorithms for deciding who wins an election) for some time. The standard voting method (plurality) has long been criticized for being subject to vote splitting and other anomalies that cause the results of an election not to correctly represent the consensus opinion of the electorate. From the polling, the problems … Continue reading Strategic voting and the Republican primary

Why Good Programmers are Master Architects, Negotiators, Gardeners, and Detectives

Good Programmers are Master Architects Good programmers understand that they are building a complex structure with layers stacked upon other layers. They think critically about their design, and they know they need a strong, reliable foundation to support their work. Since their systems have many interdependent parts, they design carefully to limit these dependencies so that failures and … Continue reading Why Good Programmers are Master Architects, Negotiators, Gardeners, and Detectives