| 1 |
On Sun, Mar 8, 2020 at 10:23 AM Rudi <rudi@×××××.net> wrote: |
| 2 |
> |
| 3 |
> While I usually side with AMD for their contributions to the Open |
| 4 |
> Sourced community, I'm going to go out on a limb and say that even |
| 5 |
> though they're funded by Intel the fact that they've been keeping the |
| 6 |
> specifics quiet proves that they're trying to help rather than smear |
| 7 |
> the name of AMD. |
| 8 |
|
| 9 |
IMO all responsible disclosure only makes everybody safer, so if Intel |
| 10 |
wants to fund making my AMD CPUs safer, I'm all for that. If these |
| 11 |
researchers can find a flaw and report it, somebody else could find it |
| 12 |
and not report it. |
| 13 |
|
| 14 |
> Hopefully this doesn't cause as much of a recoil as the Spectre/Meltdown mitigations. What % of performance was lost for those? 20? |
| 15 |
|
| 16 |
That's the key. While vulnerabilities should be avoided as much as |
| 17 |
possible, the fact is that almost all software and hardware ends up |
| 18 |
having them. The real issues are: |
| 19 |
|
| 20 |
1. Does the vendor provide a mitigation in a timely manner? |
| 21 |
2. Is the mitigation free (ie software/etc)? |
| 22 |
3. Does the mitigation have any kind of long-term negative impact? |
| 23 |
|
| 24 |
With meltdown the issue was #3. Right now we don't have any |
| 25 |
mitigation, though I can't really speak to how fast is fast enough. |
| 26 |
Now that this is disclosed they should push to get this fixed ASAP. |
| 27 |
|
| 28 |
-- |
| 29 |
Rich |
Archives