From Kim Zetter at the New York Times:
https://twitter.com/KimZetter/status/1194374230109868032
When Intel released patch for CPU vulns last May, it said the patch fixed all
the vulns. But researchers at @vu5ec
say this isn't true and Intel knew it. Intel asked them not to disclose this
and to alter conf. paper about the vulns.
“We think it’s time to simply tell the world that even now Intel hasn’t fixed
the problem,” Herbert Bos (@herbertbos
) says. “There are tons of vulnerabilities still left, we are sure. And they
don’t intend to do proper security engineering until their reputation is at
stake.”
https://www.nytimes.com/2019/11/12/technology/intel-chip-fix.html
https://mdsattacks.com/
-
Its worth noting that the lion's share of these vulns are
vendor-specific to Intel. I have long held the position that
Spectre+Meltdown showed AMD x86 to be "substantially" better engineered
with respect to security; I now believe that assessment to be an
understatement.
Competition between Intel and AMD is very asymmetrical, as the former
amounts to a monopoly and the latter is the only one that feels acute
competitive pressure (and hence, AMD has felt a greater need to engineer
responsibly). OTOH, Intel has maintained their position with lazy
engineering shortcuts, rigged benchmarks, and anti-competitive threats
lodged against PC makers. For their threats, the company even announced
it will refuse to pay a hefty EU judgment against them. That is the
"merit" in how they maintain dominance.
Even though I greatly favor the development and promotion of open source
hardware (including CPUs), there are no open alternatives for Qubes
users in the short-mid term. So recognizing that open source is not a
singular guiding principle – that competition is vitally important for
the availability of desirable and safe products – I think it would be
best if the Qubes project and community recognized the situation and
made a modest effort to certify AMD hardware as a safer alternative to
Intel.
--
Chris Laprise, [email protected]
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/85c426f7-7e17-b1ab-87c3-71f92d169955%40posteo.net.
