1 |
On Sunday, 8 March 2020 19:04:02 GMT Rich Freeman wrote: |
2 |
> On Sun, Mar 8, 2020 at 10:23 AM Rudi <rudi@×××××.net> wrote: |
3 |
> > While I usually side with AMD for their contributions to the Open |
4 |
> > Sourced community, I'm going to go out on a limb and say that even |
5 |
> > though they're funded by Intel the fact that they've been keeping the |
6 |
> > specifics quiet proves that they're trying to help rather than smear |
7 |
> > the name of AMD. |
8 |
> |
9 |
> IMO all responsible disclosure only makes everybody safer, so if Intel |
10 |
> wants to fund making my AMD CPUs safer, I'm all for that. If these |
11 |
> researchers can find a flaw and report it, somebody else could find it |
12 |
> and not report it. |
13 |
|
14 |
Quite! Early disclosure and more importantly a quick mitigation to discovered |
15 |
vulnerabilities is what is desired/required. Spats between the marketing |
16 |
departments of the oligopoly of hardware manufacturers is of little interest |
17 |
to me. |
18 |
|
19 |
|
20 |
> > Hopefully this doesn't cause as much of a recoil as the Spectre/Meltdown |
21 |
> > mitigations. What % of performance was lost for those? 20? |
22 |
> That's the key. While vulnerabilities should be avoided as much as |
23 |
> possible, the fact is that almost all software and hardware ends up |
24 |
> having them. The real issues are: |
25 |
> |
26 |
> 1. Does the vendor provide a mitigation in a timely manner? |
27 |
> 2. Is the mitigation free (ie software/etc)? |
28 |
> 3. Does the mitigation have any kind of long-term negative impact? |
29 |
|
30 |
It would also be nice if said vendor(s) are not imposing a lack of patches and |
31 |
microcode to force users in early obsolescence of their kit, just to boost |
32 |
their profits. |
33 |
|
34 |
|
35 |
> With meltdown the issue was #3. Right now we don't have any |
36 |
> mitigation, though I can't really speak to how fast is fast enough. |
37 |
> Now that this is disclosed they should push to get this fixed ASAP. |
38 |
|
39 |
Thankfully AMDs are not affected by meltdown. :-) |
40 |
|
41 |
Anyhow, AMD have issued a disclaimer saying this recently published 'Take A |
42 |
Way' vulnerabilities "are not new speculation-based attacks ..." |
43 |
|
44 |
https://www.amd.com/en/corporate/product-security |