Hector Martin

We're at a turning point now where people are realizing that there's a whole new entire class of attack surface. This happens at least once every five years recently, and tbh it will get worse before it gets better.

Its hard to thwart an attack or shore up an attack surface you don't even know exists, and hindsight is 20/20. This shit may seem obvious now, but it took a lot of thinkers a lot of time to get here. The thing to do now is think about new, safer paradigms for moving forward.

Instead of adding to security theater noise and calling out specific groups, try to realize that this is not the fault of a specific company, it is the result of an industry filled with brilliance rushing to be the fastest.

Now the silicon industry knows that can't work. Instead of continuing to jump down each other's throats, try to think of ways to shift towards better, safer systems at the architecture level.

Forget Spectre, if you want a better picture of how silicon and hardware vendors treat product security go look at the ME, PSP, BIOS, and BMC bugs from the past year. TL,DR - they haven't been trying very hard.

You missed the point. A lot of those aren't silicon flaws, I'm talking specifically about silicon side channels, but even if they were that kind of attitude doesn't help anyone. As I said, security is hard, and pretending its not just makes you blind to the challenges.

SEV isn't broken because of side-channel attacks that weren't understood until 6 months ago. Ditto the architectual/Si issues in the ME. I see HW/Si issues on a monthly basis, and almost none of them are novel.

You're still missing the point. There are a lot of hardware vulns out there, I know the majority are not side channels. I'm only talking about side channels here, see: "whole new attack surface". Theres a lot to be said for vendor flaws but that's not what I'm talking about here.