Announcement

Collapse
No announcement yet.

Google Engineers Are Becoming Concerned Over Some Arm Platforms Lacking Spectre V2 Mitigations

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Google Engineers Are Becoming Concerned Over Some Arm Platforms Lacking Spectre V2 Mitigations

    Phoronix: Google Engineers Are Becoming Concerned Over Some Arm Platforms Lacking Spectre V2 Mitigations

    As a result of at least "a few AArch64 platforms" lacking firmware support for mitigating Spectre Variant Two, Google engineers are evaluating the possibility of Retpolines for the 64-bit Arm architecture...

    http://www.phoronix.com/scan.php?pag...-AArch64-Retpo

  • #2
    Good. Or just one up Microsoft and Amazon (who both have their own in house Arm SOCs) and sell Google branded ARM/RISC-V/power10 SOCs so device makers have better choices.

    Comment


    • #3
      Originally posted by elatllat View Post
      Good. Or just one up Microsoft and Amazon (who both have their own in house Arm SOCs) and sell Google branded ARM/RISC-V/power10 SOCs so device makers have better choices.
      I'm all for that, btw. But I need to say that making a processor that runs comparably fast to existing mass-market ones is soo tough ... You can easily spend a lot of money and end up with something subpar.

      I'd say that the best way to implement a good microarchitecture is to hire Jim Keller. https://en.wikipedia.org/wiki/Jim_Keller_(engineer)

      The only ARM microarchitecture that stands up to the x86 microarchitectures and doesn't fall on its face - well, he did it, at Apple.

      Comment


      • #4
        Proper approach would still be disabling all mitigations on all platforms and imprisoning those who exploit the vulnerabilities. It's a crime after all, in most countries.

        You don't stop selling knives because some people use them to kill. You don't lock cars to 10 km/h because some people cause accidents.

        Comment


        • #5
          Originally posted by eydee View Post
          Proper approach would still be disabling all mitigations on all platforms and imprisoning those who exploit the vulnerabilities. It's a crime after all, in most countries.

          You don't stop selling knives because some people use them to kill. You don't lock cars to 10 km/h because some people cause accidents.
          Yep, let's also get rid of login passwords and door key locks while we are at it, and simply imprison everyone who enters someone else's account or home.

          Comment


          • #6
            Originally posted by eydee View Post
            You don't stop selling knives because some people use them to kill. You don't lock cars to 10 km/h because some people cause accidents.
            You don't restrict access to war/militar-grade weapons in USA because of mass/school shooting
            😅

            Comment


            • #7
              Originally posted by eydee View Post
              Proper approach would still be disabling all mitigations on all platforms and imprisoning those who exploit the vulnerabilities. It's a crime after all, in most countries.

              You don't stop selling knives because some people use them to kill. You don't lock cars to 10 km/h because some people cause accidents.
              Yeah, but practically there is no way to achieve that, so you need to do it the other way.

              Originally posted by andrei_me View Post
              You don't restrict access to war/militar-grade weapons in USA because of mass/school shooting 😅
              In my opinion the United States act really stupid on that matter.

              Comment


              • #8
                Originally posted by eydee View Post
                Proper approach would still be disabling all mitigations on all platforms and imprisoning those who exploit the vulnerabilities. It's a crime after all, in most countries.

                You don't stop selling knives because some people use them to kill. You don't lock cars to 10 km/h because some people cause accidents.
                Are you 12?

                Comment


                • #9
                  Originally posted by eydee View Post
                  Proper approach would still be disabling all mitigations on all platforms and imprisoning those who exploit the vulnerabilities. It's a crime after all, in most countries.

                  You don't stop selling knives because some people use them to kill. You don't lock cars to 10 km/h because some people cause accidents.
                  Im sorry but this is a rather naive approach. I would like this to be possible.

                  But you know that in the world there is not a real common legislation.

                  if someone is hijacking your phone in the US from outside lets say China...Pakistan or any other country which has no agreement on extradition...especially in such "minor" case. Do you really think that diplomats will waste the time on that even if they know who did it?
                  As long as there are no life at stake or millions in $$ the chance of success is rather low.

                  You can't stab an US citizen on USA property if you are in china (don't start creative ways to make it possible). But if you commit this crime in the US - you will be easily arrested and treated according to the local legislation.

                  Concerning the phone example - how do you prepare the lawsuite ..US law? Chinese Law? or maybe Cayman Islands Law ..is this somehow tied to British law ...still EU law or special zone? because the hijacker was using a botnetwork there? I'm sure it will be very difficult to find a reasonable priced lawyer who is even capable to process this kind of inquiry. Lets say you found one....Will China give the Network traffic data of the hijackers to foreigners ...I highly doubt it. How about the Caymans? I doubt it. So you have to file the case locally and try to prove that they have some botnetwork running. Try to do this from outside.

                  If this would be that easy I'm sure we would have less millionaires/companies hiding their money and that is far more attractive to US authorities because they could gain billions instead of "just being fair-minded" and doing it for the sake of justice.

                  edit: besides some tactical knives or knives with the intention used against humans are forbidden. Same with not safe cars (at least here in germany)
                  Last edited by CochainComplex; 05-30-2020, 07:37 AM.

                  Comment


                  • #10
                    Let's stop having secrets on computers.

                    Comment

                    Working...
                    X