Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 03 Jan 2018 21:06:57 -0800
From:      "Ronald F. Guilmette" <rfg@tristatelogic.com>
To:        "freebsd-security@freebsd.org" <freebsd-security@freebsd.org>
Subject:   Re: Intel hardware bug
Message-ID:  <20726.1515042417@segfault.tristatelogic.com>
In-Reply-To: <2347560.AJVtGcUuTT@elisha.atlnet>

next in thread | previous in thread | raw e-mail | index | archive | help

In message <2347560.AJVtGcUuTT@elisha.atlnet>, 
Joey Kelly <joey@joeykelly.net> wrote:

>...
>No, I mean their lame excuses, dances around the truth, claiming many other 
>platforms AND OPERATING SYSTEMS do it too. 'Tain't so. This is hardware, INTEL 
>hardware, and not an OS problem...

While it is clearly true, even from the current very preliminary reports, that
this is indeed a hardware issue, rather than an OS issue, you may want to reserve
judgement about the possibility that this thing is confined only to Intel hardware.

Intel, of course, has said that they believe that this bug may also affect
AMD and also ARM CPUs.  (But then they would say that, wouldn't they?)  But
AMD, for its part, has already put out a public statement saying that their
CPUs are not affected.

So now, the other shoe that we should all be expecting to drop, any time now,
is some public statement from ARM Holdings, PLC.  If one has already been issued
by that company, then Google News doesn't seem to be giving me any easy way to
find it, and there is nothing of relevance on the ARM corporate web site
(www.arm.com).  So I suspect that they haven't said anything yet, which is
itself a rather ominous data point.

If it turns out that this same bug, or same sort of bug, also affects ARM-based
chips, then that is quite possibly an even bigger deal than the already obvious
Intel cataclysm.


Regards,
rfg


P.S.  It occured to me today just how much this bug, and the still-fresh WPA2
insecurities, are likely to cost -- said costs to be paid by an entire planet's
worth of both individuals and businesses.  I believe that it may be a conservative
estimate to say that each one of these cock ups may cost the global economy
something in the range of tens of billions of dollars, or perhaps even more.

Immediately following on the heals of this thought, a somewhat humorous idea
occured to me...

These days we have bug bounty programs which pay people to find bugs, in particular,
security-rlated bugs.  And perhaps as a result, nowadays we have a bumper crop of
them to deal with.

In contrast to that, for the past many decades, at least, in my country,
at least, when there is an excess of some commodity... e.g. wheat, or corn,
or some such thing... the government pays farmers to NOT grow that specific
commodity.

Given the gigantic global costs resulting from these ever-more-horrendous bugs
that clever researchers are out there discovering, nowadays, on a regular basis,
perhaps we should be paying people to NOT find bugs.  That might be more cost
effective, in the long run.

And there is some precedent for this kind of counter-intutive reward system,
and not just in the field (excuse the pun) of agricultural commodities...

    https://www.washingtonpost.com/local/paying-criminals-not-to-commit-crime-may-not-be-so-funny-after-all/2016/02/08/151ab936-cea3-11e5-b2bc-988409ee911b_story.html

    http://www.foxnews.com/politics/2016/08/24/one-california-city-is-paying-people-not-to-commit-crimes.html

    http://www.guns.com/2017/09/01/sacramento-city-council-approves-1-5-million-program-to-combat-gun-violence/



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20726.1515042417>