Thread time! Why can't they just quickly patch #meltdown or #spectre and push out another cpu? Why could it possibly take years? Why don't they use AGILE or x/y/z? Lots of reasons:
(note: my goal is not to criticize chip manufacturers - it's to defend the constraints they have)
-
-
I have to believe there's a chicken bit for turning off speculative execution. But why would you want that, when the available OS level fixes probably provide an order of magnitude better performance? Helping that effort is pretty responsible IMHO.
-
There are no OS level fixes for the most serious problem which is P0's "variant 1", and can't be. It doesn't cross OS/cpu privilege domains.
-
Remember the iphone battery deal last month? Imagine the outcry if Intel pushed patches that dropped your cpu to 5 % of it's current performance. I think others might value the trade-off differently from you.
-
They don't have to push a patch to do that. Just expose the MSR and document it and let users do it if they want to.
-
Fair request. I just doubt that anyone would use it...
-
I would, and anyone with security requirements harder than their performance requirements should until they can install suitable replacement hardware.
-
The real issue here is: Users don't care. . For an example how a low level security issue in widespread hw plays out in the real world, look at the mirai bug & bot net in router SW
-
Public health & self-defense are always entirely separate issues. You can legitimately criticize obstruction of the latter even when it wouldn't help the former.
End of conversation
New conversation -
-
-
It’s an extreme luxury of hindsight to make such bold statements of outrage. If it was just that simple, and this was a reasonable survivability mechanism, I’m pretty sure it would be done (speaking from my experience as
@securelyfitz pseudo-replacement at Intel;P)Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.