When you buy an ARM processor, you expect to buy an ARM processor and you buy an ARM processor for real.
When you buy a MIPS processor, you expect to buy a MIPS processor and you buy a MIPS processor for real.
When you buy a modern x86 processor, you expect to buy an x86 processor, BUT you buy a RISC processor for real, with a shiny hardware emulation of the x86 platform.

This weekend I participated to a conference, and one of the speakers presented his opinion that any modern x86 CPU is terrible wrong by design and "they" sell us sh*t since 20 years ago.

You know what should be "a modern x86 CPU" for real, as the hardware engineers agree in private?

Imagine the flagship being something containing 4096 cores of a 64-bit enabled i586, running somewhere at 2GHz.

Do Spectre or Meltdown require physical access to a device in order to exploit it? In this case, I wouldn't worry much, as I have a vicious guard wife. Or, are there ways of using these exploits over a network--definitely more cause for alarm.

It seems that network exploits are conceivable: --on page 12 of https://spectreattack.com/spectre.pdf

Guess its time to go back to locked filing cabinet with attack wife...

Let's put straight: it is about anything which can be loaded/downloaded from a remote, then executed in your own computer.

Not limited to, but mainly that could be some javascript from a malicious website, some "innocent" browser extension, or even the usual suspect: a vicious Flash.

BTW, Meltdown is also named with affection: root-o-matic via browser.

1 members found this post helpful.

That is true, but AMD was still notified of the Spectre vulnerability back in June, so they've been selling affected products since then without notifying the public. Intel has done the same, but they're affected by both Spectre and Meltdown.

1 members found this post helpful.

From my interpretation of it Linus is quite right to be annoyed.

*car analogy*

Intel want to continue shipping cars with known safety problems, there are fixes, traction control, electronic stability control, anti-lock brakes etc etc.

But switching all those on would mean their cars would no longer be the fastest in the land and fuel economy would suffer too.

Their solution is to ship the cars with all that switched off and ask you instead, if you care about your safety, remember to press that green button when you start your car.

*/car analogy*

What court in any land would hold that that is a responsible approach?

Safety defaulting to on is simple common sense

Intel appear to be trying to shift the responsibility for the performance impact onto the OS.

Slow computer? Blame Linux/Microsoft/Apple

5 members found this post helpful.

Agreed, there is lot to be disappointed with how this was handled by hardware companies. Again, I think the specs should be made public domain to help mitigate this from happening again. The more people that can view them the more likely issues can be found and solved, I do not trust the hardware companies to inform the public of their shortcomings.

Responsible? Intel CEO sold all stocks he could as soon as the bugs were acknowledged, I mean what's this company?

not to be too tin foil hat about this, but I oddly remember something about 4 years ago or so about chip makers putting backdoors in compliments of three letter US agencies....perhaps just perhaps this was done for that reason or perhaps they have so many intentional holes that this is just one of many....

PS: I also appreciate Linus' candour and honesty.

Ref:
https://techgage.com/news/amd-and-in...ps-nsa-inside/
https://forums.evga.com/NSA-could-ha...-m1989153.aspx

1 members found this post helpful.

I'll have to point this out.
I think that anyone with such high level skill in kernel should have seen this problem long ago. Willing to bet he in fact wrote code on this issue as part of a feature.

2 members found this post helpful.

you really think its a case of CYOA (for non military "cover your own a*s")?

I think computers are inherently insecure, software has imperfections, and so these things should not be given features and put into places where they aren't necessarily needed: https://www.forbes.com/sites/andygre.../#136a3496228c

As for the places that are needed, I think its time for open source hardware!

Definitely not an expert. I tend to side with Linus Torvalds, he is an expert. His non PC "the patches are COMPLETE AND UTTER GARBAGE" resinates with me. To the point, I like that. I think this Spectre/Meltdown mess is a lot of gloom and doom posturing.

There have been many gloom and doom events over the past few years, not a single one of them has affected me. So I'm not about to hit the panic button. In fact I am quite amused over the hub-a-bub over this. I will upgrade my kernel as I always do, but I am in no rush to buy new gear. Heck, I still have a P4 machine running Widows XP I am not loosing sleep over this and I simply trust Patrick Volkerding and Linux Torvaids to do the right things. If the right things require new gear, well I guess I just live with that fact. I seriously doubt I will be affected by this latest threat anyway.

1 members found this post helpful.

Actually, this should be illegal. Should be classified as "insider trading" ...

2 members found this post helpful.

I was happy to see that documented on Wikipedia.

It is illegal. No doubt about it. If he isn't prosecuted it is because the system has become completely corrupted. Look at what happened to the bankers responsible for the 2007/8 financial disaster, nothing.

2 members found this post helpful.