[sarcasmic]

Not sure if the comparison to Conway's Law works. The key goal of layering is abstraction, so that one can be productive without having to know details about the layers below, but much of optimization is about exploiting details in the layers below for gain. Clearly, these goals are in conflict.

After posing a hypothesis, the post talks about security and process isolation. But the problems raised aren't in line with the hypothesis: the challenge in these cases isn't "insufficient communication" between the levels of the stack, but rather a discrepancy between the abstraction's actual behavior vs. a human's desires and expectations about big-picture topics.

These abstractions often compromised by information leakage through side effects that executing code can observe or deduce, leading to the class of vulnerabilities that have long been around, but have received far more attention since Spectre.

Protecting against timing attacks and other side-channel attacks requires the observable state of the system to not vary due to execution in a different security domain. Timing attacks are particularly frustrating, because processes can estimate their execution time even without external timers, so it can compare the time taken between different calls. Cryptographic operations often take special care to avoid leaking information through timing, but the same discipline isn't commonplace in system calls or userland code. And shared caches will leak info in timing but greatly improve performance.

Hardware isolation is an effective solution for curbing timing attacks for systems that don't communicate over a network. It's not sufficient in the case of networked systems, because the network and its connections form another source of observable state that's likely full of unrelated side-effects.

[laughinghan]

> the challenge in these cases isn't "insufficient communication" between the levels of the stack, but rather a discrepancy between the abstraction's actual behavior vs. a human's desires and expectations about big-picture topics

Isn't the thesis of the post that that exact discrepancy is due to insufficient communication between the people at different levels of the stack?

An abstraction is an interface between two levels of the stack, right? I think the thesis of the post is that the exact discrepancy you describe, between the abstraction's actual behavior and the desires and expectations of the people one level up, is due to insufficient communication between the people one level up and the people implementing the abstraction's actual behavior, which due to Conway's Law are separate groups of people.

You mention "information leakage", but that's leakage between software components at different levels of the stack; perhaps you have that confused with the "insufficient communication" referred to by the post, which is between groups of people at different levels of the stack?