Are there any takes on MELTDOWN/SPECTRE implications on “cloud compliant” HIPAA regulated applications? My naive/intuitive take: MELTDOWN/SPECTRE means you can’t do HIPAA on cloud/shared servers anymore.
-
Show this thread
-
Somewhere, there might be a group of people frantically trying to get HIPAA compliant applications running on Raspberry Pi clusters?
3 replies 0 retweets 1 likeShow this thread -
I can’t be the first person who’s thought of this.
1 reply 0 retweets 2 likesShow this thread -
Also my understanding is SPECTRE is unpatchable?
3 replies 0 retweets 1 likeShow this thread -
Replying to @hondanhon
My (on vacation, not looking that hard) understanding is that neither are patchable at the CPU microcode level. OSes/VMs will be able to help prevent some exploits. Some apps may need specific protections.
1 reply 0 retweets 0 likes -
Replying to @slightlylate
Yeah, that matches my naive understanding. OS/VM/hypervisor patches help mitigate but do not fully prevent exploitation
1 reply 0 retweets 0 likes
Alex Russell Retweeted
We'll see. Compiler mitigations look promising: https://twitter.com/lcamtuf/status/948972410899845120 …
Alex Russell added,
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
& Web Standards TL; Blink API OWNER
Named PWAs w/
DMs open. Tweets my own; press@google.com for official comms.