Thread time! Why can't they just quickly patch #meltdown or #spectre and push out another cpu? Why could it possibly take years? Why don't they use AGILE or x/y/z? Lots of reasons:
(note: my goal is not to criticize chip manufacturers - it's to defend the constraints they have)
-
-
Replying to @securelyfitz
All of this is why you're supposed to make chicken bits to disable dubious, dangerous features like the sort of speculative execution that's at fault here.
1 reply 2 retweets 9 likes -
Replying to @RichFelker @securelyfitz
Failure to provide a way to turn off the unsafe features is what's irresponsible here; if they'd done is the safe & responsible way, a microcode update or even flipping a bit in an already-exposed MSR would have fixed it.
2 replies 2 retweets 6 likes -
Replying to @RichFelker
I have to believe there's a chicken bit for turning off speculative execution. But why would you want that, when the available OS level fixes probably provide an order of magnitude better performance? Helping that effort is pretty responsible IMHO.
1 reply 1 retweet 14 likes -
Replying to @securelyfitz
There are no OS level fixes for the most serious problem which is P0's "variant 1", and can't be. It doesn't cross OS/cpu privilege domains.
2 replies 3 retweets 6 likes -
Replying to @RichFelker
Remember the iphone battery deal last month? Imagine the outcry if Intel pushed patches that dropped your cpu to 5 % of it's current performance. I think others might value the trade-off differently from you.
2 replies 1 retweet 15 likes -
Replying to @securelyfitz
They don't have to push a patch to do that. Just expose the MSR and document it and let users do it if they want to.
1 reply 1 retweet 9 likes -
Replying to @RichFelker
Fair request. I just doubt that anyone would use it...
1 reply 1 retweet 10 likes -
Replying to @securelyfitz
I would, and anyone with security requirements harder than their performance requirements should until they can install suitable replacement hardware.
2 replies 2 retweets 24 likes -
Replying to @RichFelker @securelyfitz
The real issue here is: Users don't care. . For an example how a low level security issue in widespread hw plays out in the real world, look at the mirai bug & bot net in router SW
2 replies 1 retweet 3 likes
Public health & self-defense are always entirely separate issues. You can legitimately criticize obstruction of the latter even when it wouldn't help the former.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.