Response to Meltdown and Spectre
pathiaki2 at yahoo.com
Fri Feb 2 11:18:32 UTC 2018
On 02/01/2018 22:14, @lbutlr wrote:
> On 1 Feb 2018, at 16:04, Adam Vande More amvandemore at gmail.com> wrote:
>> On Thu, Feb 1, 2018 at 3:48 PM, @lbutlr <kremels at kreme.com> wrote:
>>> the trouble is that AMD's behavior has been at least as bad as Intel's, if
>>> not worse, in regards to Meltdown,
>> Can you explain what provoked this assertion?
> First, they violated (not technically, but they made it bloody obvious) the NDA so that the flaw was widely discovered a week early by adding a comment to a meltdown patch that lead every expert int he field straight to the vulnerability: "The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault."
> Second, they initially claimed they were would not release any firmware because they were entirely immune, which was untrue.
> They were almost immediately proved to be vulnerable to some of the flaws.
> Third, while Intel released (and continues to release) detailed technical information, AMD released PR statements.
> Honestly, as bad as Intel has looked in the last month, AMD looks worse since they'd behaved like children.
This is the exact opposite of what I have seen/read. What NDA is this?
"A week early"? Again, this was found out about in June of last year to
affect intel architecture. A flaw that existed for over 10, if not 20
years. They did not release the information, Google researchers and
other independents did....
Again, they stated the are immune to all variants of 1 and almost
non-zero potential to the other. They have not changed this story at
all. Again, proving what they stated is just someone doing due
diligence and they made a public statement as to which ones that could
under the right 'blue moon' circumstances MIGHT be exploited. Their
statement is that they would do 'what is necessary' to mitigate ANY risk
from them no matter how small.
Intels patches have 'bricked' processors. Yes, made them totally
unusable as they rushed them out the door. They pulled them immediately
and told people to destroy them. I consider that 'highly irresponsible'
as their QA is shabby or not-fully encompassing. Intel and AMD cannot
release detailed information as it will make it a lot more obvious as to
hack those ships.
As far as I know, making a user's product useless by bricking them due
to lack of testing was the most irresponsible thing anyone can do and
that wasn't AMD who did it.
Another thing I find disturbing about the situation is that Intel,
already knowing about the vulnerability, pushed out the i9 series
knowing it had the same fundamental flaw and putting more chips out
there with the issue.
Also, firmware is not the only problem but OS memory management is
another issue. TG for FreeBSD and it's proper design and management.
More information about the freebsd-questions