Thread time! Why can't they just quickly patch #meltdown or #spectre and push out another cpu? Why could it possibly take years? Why don't they use AGILE or x/y/z? Lots of reasons:
(note: my goal is not to criticize chip manufacturers - it's to defend the constraints they have)
-
-
Replying to @securelyfitz
All of this is why you're supposed to make chicken bits to disable dubious, dangerous features like the sort of speculative execution that's at fault here.
1 reply 2 retweets 9 likes -
Replying to @RichFelker @securelyfitz
Failure to provide a way to turn off the unsafe features is what's irresponsible here; if they'd done is the safe & responsible way, a microcode update or even flipping a bit in an already-exposed MSR would have fixed it.
2 replies 2 retweets 6 likes -
Replying to @RichFelker
I have to believe there's a chicken bit for turning off speculative execution. But why would you want that, when the available OS level fixes probably provide an order of magnitude better performance? Helping that effort is pretty responsible IMHO.
1 reply 1 retweet 14 likes -
Replying to @securelyfitz
There are no OS level fixes for the most serious problem which is P0's "variant 1", and can't be. It doesn't cross OS/cpu privilege domains.
2 replies 3 retweets 6 likes -
Replying to @RichFelker @securelyfitz
Would seem that only Spectre (Variant 2) actually requires microcode update (technique 2) seems everything else can be mitigated at the OS level https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/Intel-Analysis-of-Speculative-Execution-Side-Channels.pdf …
1 reply 0 retweets 0 likes -
Replying to @pjcampbe11 @securelyfitz
No, variant 1 has no mitigation at all and Intel's position is that it's not a bug. It's also the variant that _all_ oooe cpus are vulnerable to.
1 reply 0 retweets 1 like -
OK, the document you linked suggests a mitigation, but it's a non-solution; it requires all-new software and leaves it unsafe to run existing binaries.
1 reply 0 retweets 1 like
The mitigation also requires individual arch-specific hacks in every piece of software that might ever be affected, at every point where it might be affected. It's not a solution.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.