intel actually has the longest errata lists bc complexity. If security were the real reason, they'd remove intel.
-
-
the idea is, one platform less to test. Huge relief to the whole pipeline, negligible cost. Security QA is costly.
1 reply 0 retweets 0 likes -
My real concern was: what are they gonna do if an Intel CPU has NaCl-security-relevant errata? Blacklist Intel too?
1 reply 0 retweets 1 like -
The current approach flat-out _doesn't work_ if they ever actually run into a relevant 0-day.
1 reply 0 retweets 0 likes -
A workable approach can certainly include more fine-grained white-/black-listing based on family ID etc.
1 reply 0 retweets 0 likes -
But right now, none of that kind of logic exists. No good. Once you need it, you want it battle-tested already!
1 reply 0 retweets 0 likes -
The *last* thing you want for security is to have to roll out untested extra infrastructure on a 0-day patch.
1 reply 0 retweets 0 likes -
there have been errata that gce/azure/aws have had to push patches for but afaik NaCl hasn't done anything...
1 reply 0 retweets 0 likes -
..about some of those. There's a reason literally every Google platforms person I talked to thought this was dumb
1 reply 0 retweets 0 likes -
as far as anyone can tell, someone talked themselves into a corner and now they won't back down
1 reply 0 retweets 2 likes
also, the idea that they've actually tested every stepping they're compatible with (or even most) is silly
-
-
Nu, it's a world of tradeoffs. You can always be purist, and tell they haven't tested the exact die you're holding. But in practice they'd serve their customers better by investing more in the common case and not supporting rare cases. Garage treats rare cars worse than common.
0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.