Meltdown and Spectre are security flaws that gained widespread media coverage in the first days of 2018. Most coverages of these flaws fall either into the category "Intel caused a terrible security bug, all hope is lost!" (AKA we are going to die!) or "By priming the BPU of the CPU a malicious process can read out of bounds memory via speculative code execution" (AKA white noise to most people). With these slides I fill the hole between we are going to die! and white noise.
Contrary to other security bugs these flaws are
- hardware, not software based
- the direct consequence of years of performance improvements
- extremely widespread because they affect (nearly all) computer systems, including mobile phones
This is for "normal people". With these slides I fill the hole between we are going to die! and white noise. You, the reader, will understand what went wrong, how it went wrong, and why this is bad. I will try to minimise the computer specialists words to an absolute minimum. Promised!
- FrOSCon 2018 (recording)
- 18. Gulaschprogrammiernacht (CCC Karlsruhe) (recording)
- German Perl Workshop 2018
Here are some slides from the presentation (keynote, PDF, html).
