• ShortN0te@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    3 months ago

    What a shitty clickbait title.

    virtually all AMD chips dating back to 2006, or possibly even earlier.

    Title could be shorter and more precise while still having the same deeming message.

    • Bitrot@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      0
      ·
      3 months ago

      It’s not just the title that is poorly written. The entire thing is written like “the sky is falling because memory chips and big computer stuff has a broken”.

  • LalSalaamComrade@lemmy.ml
    link
    fedilink
    English
    arrow-up
    0
    ·
    3 months ago

    This is why we need open-source hardware. Close-sourced designs are plagued with so many issues, and I bet some of these flaws have still not been reported.

    • ShepherdPie@midwest.social
      link
      fedilink
      arrow-up
      0
      ·
      3 months ago

      That’s a tall order when a fab costs tens of billions of dollars to operate. Somebody needs to make a lot of dough out of the process.

    • mesamune@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      3 months ago

      Agreed. Im hoping to see more RISC-V processors make it to commercial hardware. We are starting to see it with some experimental single board computers and laptops, but they are still much too slow. But its getting there!

      https://milkv.io/mars#buy might be a good place to start, although im looking for the spec sheet…

      Ive been on the lookout for a “good enough” server with RISC-V. Would love to play around with it.

    • Dudewitbow@lemmy.zip
      link
      fedilink
      arrow-up
      0
      ·
      3 months ago

      they would still be vulnerable. if you only care about security, you would be running a FPGA because anything fully secure would be slow, because speculative execution is inherently full of security flaws, and also the major reason why CPUs have any semblance of performance.

    • CasualTee@beehaw.org
      link
      fedilink
      arrow-up
      0
      ·
      3 months ago

      I don’t think that’s the issue. As said in the article, the researchers found the flaw by reading the architecture documentation. So the flaw is in the design of the API the operating system uses to configure the CPU and related resources. This API is public (though not open source) as to allow operating system vendors to do their job. It usually comes with examples and pseudo code on how some operations work. Here is an example (PDF).

      Knowing how this feature is actually implemented in hardware (if the hardware was open source) would not have helped much. I would argue you are one level too low to properly understand the consequences of the implementation.

      By the vague description in the article it actually looks like a meltdown or specter like issue where some code gets executed with the inappropriate privileges. Such issues are inherent to complex designs and no amount of open-source will save you there. We need a cultural and maybe a paradigm shift on how we design CPU to fully address those issues.

      • ganymede@lemmy.ml
        link
        fedilink
        arrow-up
        0
        ·
        3 months ago

        you make excellent points, but not sure i can agree with your conclusion

        if we had full source a variety of automated analysis and hardening tooling could be applied which is much much more efficient compared to parsing the arch docs.