Hector Martin

Its hard to thwart an attack or shore up an attack surface you don't even know exists, and hindsight is 20/20. This shit may seem obvious now, but it took a lot of thinkers a lot of time to get here. The thing to do now is think about new, safer paradigms for moving forward.

Instead of adding to security theater noise and calling out specific groups, try to realize that this is not the fault of a specific company, it is the result of an industry filled with brilliance rushing to be the fastest.

Now the silicon industry knows that can't work. Instead of continuing to jump down each other's throats, try to think of ways to shift towards better, safer systems at the architecture level.

Forget Spectre, if you want a better picture of how silicon and hardware vendors treat product security go look at the ME, PSP, BIOS, and BMC bugs from the past year. TL,DR - they haven't been trying very hard.

You missed the point. A lot of those aren't silicon flaws, I'm talking specifically about silicon side channels, but even if they were that kind of attitude doesn't help anyone. As I said, security is hard, and pretending its not just makes you blind to the challenges.

SEV isn't broken because of side-channel attacks that weren't understood until 6 months ago. Ditto the architectual/Si issues in the ME. I see HW/Si issues on a monthly basis, and almost none of them are novel.

You're still missing the point. There are a lot of hardware vulns out there, I know the majority are not side channels. I'm only talking about side channels here, see: "whole new attack surface". Theres a lot to be said for vendor flaws but that's not what I'm talking about here.

Assigning blame here is hard. Si vendors knew about side channels but repeatedly disregarded and downplayed the threat, and underfunded security in general. No one will ever know if Spectre could have been prevented, but the industry didn't even try.