On Sun, Mar 8, 2020 at 10:23 AM Rudi <r...@nmare.net> wrote: > > While I usually side with AMD for their contributions to the Open > Sourced community, I'm going to go out on a limb and say that even > though they're funded by Intel the fact that they've been keeping the > specifics quiet proves that they're trying to help rather than smear > the name of AMD.
IMO all responsible disclosure only makes everybody safer, so if Intel wants to fund making my AMD CPUs safer, I'm all for that. If these researchers can find a flaw and report it, somebody else could find it and not report it. > Hopefully this doesn't cause as much of a recoil as the Spectre/Meltdown > mitigations. What % of performance was lost for those? 20? That's the key. While vulnerabilities should be avoided as much as possible, the fact is that almost all software and hardware ends up having them. The real issues are: 1. Does the vendor provide a mitigation in a timely manner? 2. Is the mitigation free (ie software/etc)? 3. Does the mitigation have any kind of long-term negative impact? With meltdown the issue was #3. Right now we don't have any mitigation, though I can't really speak to how fast is fast enough. Now that this is disclosed they should push to get this fixed ASAP. -- Rich