Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 4 Jan 2018 09:42:43 -0600
From:      "Joey Kelly" <joey@joeykelly.net>
Cc:        "freebsd-security@freebsd.org" <freebsd-security@freebsd.org>
Subject:   Re: Intel hardware bug
Message-ID:  <a820fb1c455a6c8e5ca9f8906c84e3ef.squirrel@safegreet.com>
In-Reply-To: <20726.1515042417@segfault.tristatelogic.com>
References:  <20726.1515042417@segfault.tristatelogic.com>

next in thread | previous in thread | raw e-mail | index | archive | help

>
> In message <2347560.AJVtGcUuTT@elisha.atlnet>,
> Joey Kelly <joey@joeykelly.net> wrote:
>
>>...
>>No, I mean their lame excuses, dances around the truth, claiming many
>> other
>>platforms AND OPERATING SYSTEMS do it too. 'Tain't so. This is hardware,
>> INTEL
>>hardware, and not an OS problem...
>
> While it is clearly true, even from the current very preliminary reports,
> that
> this is indeed a hardware issue, rather than an OS issue, you may want to
> reserve
> judgement about the possibility that this thing is confined only to Intel
> hardware.

Hmm... others have my opinion too, it seems:
https://www.theregister.co.uk/2018/01/04/intel_meltdown_spectre_bugs_the_registers_annotations/

>
> Intel, of course, has said that they believe that this bug may also affect
> AMD and also ARM CPUs.  (But then they would say that, wouldn't they?)
> But
> AMD, for its part, has already put out a public statement saying that
> their
> CPUs are not affected.
>
> So now, the other shoe that we should all be expecting to drop, any time
> now,
> is some public statement from ARM Holdings, PLC.  If one has already been
> issued
> by that company, then Google News doesn't seem to be giving me any easy
> way to
> find it, and there is nothing of relevance on the ARM corporate web site
> (www.arm.com).  So I suspect that they haven't said anything yet, which is
> itself a rather ominous data point.
>
> If it turns out that this same bug, or same sort of bug, also affects
> ARM-based
> chips, then that is quite possibly an even bigger deal than the already
> obvious
> Intel cataclysm.
>
>
> Regards,
> rfg
>
>
> P.S.  It occured to me today just how much this bug, and the still-fresh
> WPA2
> insecurities, are likely to cost -- said costs to be paid by an entire
> planet's
> worth of both individuals and businesses.  I believe that it may be a
> conservative
> estimate to say that each one of these cock ups may cost the global
> economy
> something in the range of tens of billions of dollars, or perhaps even
> more.
>
> Immediately following on the heals of this thought, a somewhat humorous
> idea
> occured to me...
>
> These days we have bug bounty programs which pay people to find bugs, in
> particular,
> security-rlated bugs.  And perhaps as a result, nowadays we have a bumper
> crop of
> them to deal with.
>
> In contrast to that, for the past many decades, at least, in my country,
> at least, when there is an excess of some commodity... e.g. wheat, or
> corn,
> or some such thing... the government pays farmers to NOT grow that
> specific
> commodity.
>
> Given the gigantic global costs resulting from these ever-more-horrendous
> bugs
> that clever researchers are out there discovering, nowadays, on a regular
> basis,
> perhaps we should be paying people to NOT find bugs.  That might be more
> cost
> effective, in the long run.
>
> And there is some precedent for this kind of counter-intutive reward
> system,
> and not just in the field (excuse the pun) of agricultural commodities...
>
>     https://www.washingtonpost.com/local/paying-criminals-not-to-commit-crime-may-not-be-so-funny-after-all/2016/02/08/151ab936-cea3-11e5-b2bc-988409ee911b_story.html
>
>     http://www.foxnews.com/politics/2016/08/24/one-california-city-is-paying-people-not-to-commit-crimes.html
>
>     http://www.guns.com/2017/09/01/sacramento-city-council-approves-1-5-million-program-to-combat-gun-violence/
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to
> "freebsd-security-unsubscribe@freebsd.org"
>


-- 
Joey Kelly
Minister of the Gospel and Linux Consultant
http://joeykelly.net
504-239-6550



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a820fb1c455a6c8e5ca9f8906c84e3ef.squirrel>