1 |
On Sun, Mar 8, 2020 at 10:23 AM Rudi <rudi@×××××.net> wrote: |
2 |
> |
3 |
> While I usually side with AMD for their contributions to the Open |
4 |
> Sourced community, I'm going to go out on a limb and say that even |
5 |
> though they're funded by Intel the fact that they've been keeping the |
6 |
> specifics quiet proves that they're trying to help rather than smear |
7 |
> the name of AMD. |
8 |
|
9 |
IMO all responsible disclosure only makes everybody safer, so if Intel |
10 |
wants to fund making my AMD CPUs safer, I'm all for that. If these |
11 |
researchers can find a flaw and report it, somebody else could find it |
12 |
and not report it. |
13 |
|
14 |
> Hopefully this doesn't cause as much of a recoil as the Spectre/Meltdown mitigations. What % of performance was lost for those? 20? |
15 |
|
16 |
That's the key. While vulnerabilities should be avoided as much as |
17 |
possible, the fact is that almost all software and hardware ends up |
18 |
having them. The real issues are: |
19 |
|
20 |
1. Does the vendor provide a mitigation in a timely manner? |
21 |
2. Is the mitigation free (ie software/etc)? |
22 |
3. Does the mitigation have any kind of long-term negative impact? |
23 |
|
24 |
With meltdown the issue was #3. Right now we don't have any |
25 |
mitigation, though I can't really speak to how fast is fast enough. |
26 |
Now that this is disclosed they should push to get this fixed ASAP. |
27 |
|
28 |
-- |
29 |
Rich |