On Sunday, 8 March 2020 19:04:02 GMT Rich Freeman wrote: > On Sun, Mar 8, 2020 at 10:23 AM Rudi <r...@nmare.net> wrote: > > While I usually side with AMD for their contributions to the Open > > Sourced community, I'm going to go out on a limb and say that even > > though they're funded by Intel the fact that they've been keeping the > > specifics quiet proves that they're trying to help rather than smear > > the name of AMD. > > IMO all responsible disclosure only makes everybody safer, so if Intel > wants to fund making my AMD CPUs safer, I'm all for that. If these > researchers can find a flaw and report it, somebody else could find it > and not report it.
Quite! Early disclosure and more importantly a quick mitigation to discovered vulnerabilities is what is desired/required. Spats between the marketing departments of the oligopoly of hardware manufacturers is of little interest to me. > > Hopefully this doesn't cause as much of a recoil as the Spectre/Meltdown > > mitigations. What % of performance was lost for those? 20? > That's the key. While vulnerabilities should be avoided as much as > possible, the fact is that almost all software and hardware ends up > having them. The real issues are: > > 1. Does the vendor provide a mitigation in a timely manner? > 2. Is the mitigation free (ie software/etc)? > 3. Does the mitigation have any kind of long-term negative impact? It would also be nice if said vendor(s) are not imposing a lack of patches and microcode to force users in early obsolescence of their kit, just to boost their profits. > With meltdown the issue was #3. Right now we don't have any > mitigation, though I can't really speak to how fast is fast enough. > Now that this is disclosed they should push to get this fixed ASAP. Thankfully AMDs are not affected by meltdown. :-) Anyhow, AMD have issued a disclaimer saying this recently published 'Take A Way' vulnerabilities "are not new speculation-based attacks ..." https://www.amd.com/en/corporate/product-security
signature.asc
Description: This is a digitally signed message part.
