From owner-freebsd-questions@freebsd.org Sun Feb 4 11:15:32 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4BCC5ECAE8C for ; Sun, 4 Feb 2018 11:15:32 +0000 (UTC) (envelope-from kremels@kreme.com) Received: from mail.covisp.net (www.covisp.net [65.121.55.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id EA7E07A936 for ; Sun, 4 Feb 2018 11:15:30 +0000 (UTC) (envelope-from kremels@kreme.com) From: "@lbutlr" Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Subject: Re: Response to Meltdown and Spectre Date: Sun, 4 Feb 2018 04:15:23 -0700 References: <23154.11945.856955.523027@jerusalem.litteratus.org> <5A726B60.7040606@gmail.com> <92120E50-19A7-4A44-90DF-505243D77259@kreme.com> <044e62f7-69ca-71fe-34a8-5c5cafc06f08@yahoo.com> To: Freebsd Questions In-Reply-To: <044e62f7-69ca-71fe-34a8-5c5cafc06f08@yahoo.com> Message-Id: X-Mailer: Apple Mail (2.3445.6.9) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Feb 2018 11:15:32 -0000 On 2018-02-02 (04:18 MST), Paul Pathiakis via freebsd-questions = wrote: >=20 > On 02/01/2018 22:14, @lbutlr wrote: >> On 1 Feb 2018, at 16:04, Adam Vande More amvandemore@gmail.com> = wrote: >>> On Thu, Feb 1, 2018 at 3:48 PM, @lbutlr wrote: >>>=20 >>>> the trouble is that AMD's behavior has been at least as bad as = Intel's, if >>>> not worse, in regards to Meltdown, >>>>=20 >>> Can you explain what provoked this assertion? >> First, they violated (not technically, but they made it bloody = obvious) the NDA so that the flaw was widely discovered a week early by = adding a comment to a meltdown patch that lead every expert int he field = straight to the vulnerability: "The AMD microarchitecture does not allow = memory references, including speculative references, that access higher = privileged data when running in a lesser privileged mode when that = access would result in a page fault." >>=20 >> Second, they initially claimed they were would not release any = firmware because they were entirely immune, which was untrue. >>=20 >> They were almost immediately proved to be vulnerable to some of the = flaws. >>=20 >> Third, while Intel released (and continues to release) detailed = technical information, AMD released PR statements. >>=20 >> Honestly, as bad as Intel has looked in the last month, AMD looks = worse since they'd behaved like children. >>=20 > This is the exact opposite of what I have seen/read. What NDA is = this? Really? > "A week early"? Again, this was found out about in June of last year = to affect intel architecture. A flaw that existed for over 10, if not = 20 years. They did not release the information, Google researchers and = other independents did.... I included the comment that AMD made in code to mitigate Meltdown that = was so obvious that it led multiple teams of people to figure out what = the problem was before the planned release of mitigation. AMD claimed they were immune or nearly immune to Meltdown AND Spectre. = This is not true, they are vulnerable to Spectre and eventually admitted = it. --=20 "Last night - you were unhinged. You were like some desperate, howling demon. You frightened me. - Do it again!"