←back to thread

The world could run on older hardware if software optimization was a priority

(twitter.com)
837 points turrini | 1 comments | 13 May 25 10:31 UTC | HN request time: 0.239s | source
Show context
titzer ◴[13 May 25 12:05 UTC] No.43971962[source]
I like to point out that since ~1980, computing power has increased about 1000X.

If dynamic array bounds checking cost 5% (narrator: it is far less than that), and we turned it on everywhere, we could have computers that are just a mere 950X faster.

If you went back in time to 1980 and offered the following choice:

I'll give you a computer that runs 950X faster and doesn't have a huge class of memory safety vulnerabilities, and you can debug your programs orders of magnitude more easily, or you can have a computer that runs 1000X faster and software will be just as buggy, or worse, and debugging will be even more of a nightmare.

People would have their minds blown at 950X. You wouldn't even have to offer 1000X. But guess what we chose...

Personally I think the 1000Xers kinda ruined things for the rest of us.

replies(20): >>43971976 #>>43971990 #>>43972050 #>>43972107 #>>43972135 #>>43972158 #>>43972246 #>>43972469 #>>43972619 #>>43972675 #>>43972888 #>>43972915 #>>43973104 #>>43973584 #>>43973716 #>>43974422 #>>43976383 #>>43977351 #>>43978286 #>>43978303 #
ngneer ◴[13 May 25 12:38 UTC] No.43972246[source]
I agree with the sentiment and analysis that most humans prefer short term gains over long term ones. One correction to your example, though. Dynamic bounds checking does not solve security. And we do not know of a way to solve security. So, the gains are not as crisp as you are making them seem.
replies(3): >>43972540 #>>43972554 #>>43989097 #
fsflover ◴[14 May 25 20:53 UTC] No.43989097[source]
> And we do not know of a way to solve security.

Security through compartmentalization approach actually works. Compare the number of CVEs of your favorite OS with those for Qubes OS: https://www.qubes-os.org/security/qsb/

replies(1): >>43991031 #
ngneer ◴[15 May 25 01:42 UTC] No.43991031[source]
Playing devil's advocate, compare their popularity. You may have fallen prey to the base rate fallacy.
replies(1): >>43992387 #
fsflover ◴[15 May 25 06:31 UTC] No.43992387[source]
https://forum.qubes-os.org/t/are-we-safe-because-we-re-a-rel...

tl;dr: Qubes security relies on Xen, which is quite popular. But even Xen has more vulnerabilities than Qubes thanks to a clever design: https://www.qubes-os.org/security/xsa/#statistics.

replies(1): >>43998248 #
1. ngneer ◴[15 May 25 19:06 UTC] No.43998248[source]
Touché