Paul Walker on 7 Jan 2018 12:45:16 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] It's the final meltdown!! (Security vulnerabilies)

https://www.wired.com/story/meltdown-spectre-bug-collision-intel-chip-flaw-discovery/

An interesting article on the topic... primarily about the prevalence of parallel discovery of bugs and vulnerabilities - a form of convergence.

On Sun, Jan 7, 2018 at 11:34 AM, Walt Mankowski <waltman@pobox.com> wrote:
On Sun, Jan 07, 2018 at 11:09:15AM -0500, Aaron Mulder wrote:
> On Sun, Jan 7, 2018 at 9:40 AM, Paul Walker <pjwalker76@gmail.com> wrote:
> > I have a question: Is this vulnerability the unforeseen outcome of a
> > particular design choice, or is it a particularly nasty example of "code and
> > fix"?

> So one of the issues goes sort of like this:
> * CPU can't tell what sequence of operations is coming next, but it
> has some free time, so it takes a best guess
> * CPU charges ahead with operations based on that guess, at least
> doing something potentially useful in its free time
> * CPU later discovers its guess was wrong, and discards all the work it did

In other words, it's the former. CPUs have been doing these sorts of
optimizations for a long time, and they finally figured out ways to
exploit them.

Walt

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug


___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug