This page on VM side channel attack mitigations is scary: https://github.com/firecracker-microvm/firecracker/blob/master/docs/prod-host-setup.md
Using the Linux KVM API seems easy enough, but we have all this hidden danger now.
@kosinus Not really surprising to me. If Spectre/Meltdown communicates anything to us it's that software sandboxes don't really work. Not that we really have anything better in many circumstances.
You could design it so the only thing you can Time is the input (the Functional Reactive Paradigm). Or you can schedule the output.
As for caches I'm not really clear what would help or hurt. But I think keeping the young generation entirely in per-core caches would help.
FLOSS.social was launched on 1 April 2018 as a Mastodon instance for people who care about, support, or build Free, Libre, and Open Source Software (FLOSS). Of course, discussions aren't limited to just FLOSS -- let's share our unique interests! English is preferred for maximum conversation opportunities within the FLOSS community, but it is not required. Respect is required, however: Users on FLOSS.social agree to abide by the Contributor Covenant Code of Conduct. This service was installed and is maintained in part by Masto.Host with equipment located at OVH. You can support this instance financially through the Monthly Supporter Program, processed through CommitChange using the free software Houdini Project.