Date: Thu, 4 Jan 2018 09:42:43 -0600 From: "Joey Kelly" <joey@joeykelly.net> Cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: Intel hardware bug Message-ID: <a820fb1c455a6c8e5ca9f8906c84e3ef.squirrel@safegreet.com> In-Reply-To: <20726.1515042417@segfault.tristatelogic.com> References: <20726.1515042417@segfault.tristatelogic.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > In message <2347560.AJVtGcUuTT@elisha.atlnet>, > Joey Kelly <joey@joeykelly.net> wrote: > >>... >>No, I mean their lame excuses, dances around the truth, claiming many >> other >>platforms AND OPERATING SYSTEMS do it too. 'Tain't so. This is hardware, >> INTEL >>hardware, and not an OS problem... > > While it is clearly true, even from the current very preliminary reports, > that > this is indeed a hardware issue, rather than an OS issue, you may want to > reserve > judgement about the possibility that this thing is confined only to Intel > hardware. Hmm... others have my opinion too, it seems: https://www.theregister.co.uk/2018/01/04/intel_meltdown_spectre_bugs_the_registers_annotations/ > > Intel, of course, has said that they believe that this bug may also affect > AMD and also ARM CPUs. (But then they would say that, wouldn't they?) > But > AMD, for its part, has already put out a public statement saying that > their > CPUs are not affected. > > So now, the other shoe that we should all be expecting to drop, any time > now, > is some public statement from ARM Holdings, PLC. If one has already been > issued > by that company, then Google News doesn't seem to be giving me any easy > way to > find it, and there is nothing of relevance on the ARM corporate web site > (www.arm.com). So I suspect that they haven't said anything yet, which is > itself a rather ominous data point. > > If it turns out that this same bug, or same sort of bug, also affects > ARM-based > chips, then that is quite possibly an even bigger deal than the already > obvious > Intel cataclysm. > > > Regards, > rfg > > > P.S. It occured to me today just how much this bug, and the still-fresh > WPA2 > insecurities, are likely to cost -- said costs to be paid by an entire > planet's > worth of both individuals and businesses. I believe that it may be a > conservative > estimate to say that each one of these cock ups may cost the global > economy > something in the range of tens of billions of dollars, or perhaps even > more. > > Immediately following on the heals of this thought, a somewhat humorous > idea > occured to me... > > These days we have bug bounty programs which pay people to find bugs, in > particular, > security-rlated bugs. And perhaps as a result, nowadays we have a bumper > crop of > them to deal with. > > In contrast to that, for the past many decades, at least, in my country, > at least, when there is an excess of some commodity... e.g. wheat, or > corn, > or some such thing... the government pays farmers to NOT grow that > specific > commodity. > > Given the gigantic global costs resulting from these ever-more-horrendous > bugs > that clever researchers are out there discovering, nowadays, on a regular > basis, > perhaps we should be paying people to NOT find bugs. That might be more > cost > effective, in the long run. > > And there is some precedent for this kind of counter-intutive reward > system, > and not just in the field (excuse the pun) of agricultural commodities... > > https://www.washingtonpost.com/local/paying-criminals-not-to-commit-crime-may-not-be-so-funny-after-all/2016/02/08/151ab936-cea3-11e5-b2bc-988409ee911b_story.html > > http://www.foxnews.com/politics/2016/08/24/one-california-city-is-paying-people-not-to-commit-crimes.html > > http://www.guns.com/2017/09/01/sacramento-city-council-approves-1-5-million-program-to-combat-gun-violence/ > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to > "freebsd-security-unsubscribe@freebsd.org" > -- Joey Kelly Minister of the Gospel and Linux Consultant http://joeykelly.net 504-239-6550
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a820fb1c455a6c8e5ca9f8906c84e3ef.squirrel>