Thread time! Why can't they just quickly patch #meltdown or #spectre and push out another cpu? Why could it possibly take years? Why don't they use AGILE or x/y/z? Lots of reasons:
(note: my goal is not to criticize chip manufacturers - it's to defend the constraints they have)
-
-
Remember the iphone battery deal last month? Imagine the outcry if Intel pushed patches that dropped your cpu to 5 % of it's current performance. I think others might value the trade-off differently from you.
-
They don't have to push a patch to do that. Just expose the MSR and document it and let users do it if they want to.
-
Fair request. I just doubt that anyone would use it...
-
I would, and anyone with security requirements harder than their performance requirements should until they can install suitable replacement hardware.
-
The real issue here is: Users don't care. . For an example how a low level security issue in widespread hw plays out in the real world, look at the mirai bug & bot net in router SW
-
Public health & self-defense are always entirely separate issues. You can legitimately criticize obstruction of the latter even when it wouldn't help the former.
End of conversation
New conversation -
-
-
Would seem that only Spectre (Variant 2) actually requires microcode update (technique 2) seems everything else can be mitigated at the OS level https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/Intel-Analysis-of-Speculative-Execution-Side-Channels.pdf …
-
No, variant 1 has no mitigation at all and Intel's position is that it's not a bug. It's also the variant that _all_ oooe cpus are vulnerable to.
-
OK, the document you linked suggests a mitigation, but it's a non-solution; it requires all-new software and leaves it unsafe to run existing binaries.
-
The mitigation also requires individual arch-specific hacks in every piece of software that might ever be affected, at every point where it might be affected. It's not a solution.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.