vivster said:
In my opinion all of that hullabaloo about Meltdown and Spectre is completely overblown, as are Linus' rants. I don't think CPU designers deliberately took security risks in their designs and I also don't think that AMD designers avoided that technology specifically to mitigate security risks. It's just something that CPUs evolved with. It's just impossible for humans to design something as complex as processors without any flaws or potential future risks. So instead of screaming at each other we should come to the table together and work on a proper solution instead playing the blame game. I mean recently they discovered a problem with WPA2, which is about the same scale as Intel CPUs. The vulnerability was in the protocol itself and not the software. So instead of everyone starting to rant abut the incompetent IEEE and their design, people just went and fixed the issue in software. Sure, it's easier to fix than Spectre 2 but at the same time Spectre 2 is also extremely difficult to exploit. |
I think Linus' rant was pretty mild to be honest. You have a widely publisized problem with hundreds of millions of CPU's and what is Intel's solution? An optional flag at the compiler level. That's pure and utter incompetence. Linus isn't wrong to doubt if Intel even wants to really "fix" the issue. Sure, newer PC's won't be affected (but everything that's out now will be). But having such a security hole that remains open is not a good thing. Intel had 6 months to sit with the captains of industry and the Linux engineers, and they came up with probably the semi-worst solution to a big problem.
