| 1 |
On Sunday, 8 March 2020 19:04:02 GMT Rich Freeman wrote: |
| 2 |
> On Sun, Mar 8, 2020 at 10:23 AM Rudi <rudi@×××××.net> wrote: |
| 3 |
> > While I usually side with AMD for their contributions to the Open |
| 4 |
> > Sourced community, I'm going to go out on a limb and say that even |
| 5 |
> > though they're funded by Intel the fact that they've been keeping the |
| 6 |
> > specifics quiet proves that they're trying to help rather than smear |
| 7 |
> > the name of AMD. |
| 8 |
> |
| 9 |
> IMO all responsible disclosure only makes everybody safer, so if Intel |
| 10 |
> wants to fund making my AMD CPUs safer, I'm all for that. If these |
| 11 |
> researchers can find a flaw and report it, somebody else could find it |
| 12 |
> and not report it. |
| 13 |
|
| 14 |
Quite! Early disclosure and more importantly a quick mitigation to discovered |
| 15 |
vulnerabilities is what is desired/required. Spats between the marketing |
| 16 |
departments of the oligopoly of hardware manufacturers is of little interest |
| 17 |
to me. |
| 18 |
|
| 19 |
|
| 20 |
> > Hopefully this doesn't cause as much of a recoil as the Spectre/Meltdown |
| 21 |
> > mitigations. What % of performance was lost for those? 20? |
| 22 |
> That's the key. While vulnerabilities should be avoided as much as |
| 23 |
> possible, the fact is that almost all software and hardware ends up |
| 24 |
> having them. The real issues are: |
| 25 |
> |
| 26 |
> 1. Does the vendor provide a mitigation in a timely manner? |
| 27 |
> 2. Is the mitigation free (ie software/etc)? |
| 28 |
> 3. Does the mitigation have any kind of long-term negative impact? |
| 29 |
|
| 30 |
It would also be nice if said vendor(s) are not imposing a lack of patches and |
| 31 |
microcode to force users in early obsolescence of their kit, just to boost |
| 32 |
their profits. |
| 33 |
|
| 34 |
|
| 35 |
> With meltdown the issue was #3. Right now we don't have any |
| 36 |
> mitigation, though I can't really speak to how fast is fast enough. |
| 37 |
> Now that this is disclosed they should push to get this fixed ASAP. |
| 38 |
|
| 39 |
Thankfully AMDs are not affected by meltdown. :-) |
| 40 |
|
| 41 |
Anyhow, AMD have issued a disclaimer saying this recently published 'Take A |
| 42 |
Way' vulnerabilities "are not new speculation-based attacks ..." |
| 43 |
|
| 44 |
https://www.amd.com/en/corporate/product-security |
Archives