You know, he's not wrong. This is, in impact, way bigger than Intel's FDIV fiasco and that ended up in recalls.
No it's not. It is more wide spread but it certainly isn't bigger.
- The FDIV scenario could cause a wrong result from a processor. This can merely cause a security breach. - Security can be layered and worked around. A calculator that produces the wrong answer checked by a calculator with the same fault can not work around itself. - This fiasco relies on a targeted attack on a specific user. The FDIV bug is something a user would hit at random (and according to a citation needed quote on Wikipedia would do so
- The FDIV scenario could cause a wrong result from a processor. This can merely cause a security breach.
- The FDIV scenario could merely cause a wrong result from a processor. This can cause a security breach.
FTFY.
- Security can be layered and worked around. A calculator that produces the wrong answer checked by a calculator with the same fault can not work around itself.
The history, and pre-history of man (and other animals) is full of workarounds. No engineer knows the phrase "cannot be worked around", except maybe as a joke.
You also changed the grammar cunningly between the 2 sentences.
1. "Can be layered and worked around" - true for both security and wrong arithmetic answer.
2. "Can not work around itself" : true for both security and wrong arithmetic answer.
Whatever you think of my grammar the fact is that a calculator that miscalculates and then makes decisions on its result is bad. A security vulnerability that requires executing code on the target combined with detailed knowledge of the target system in order to do achieve anything malicious is quite low in the grand scheme of security vulnerabilities. It is not wormable, it is not automatable, and it can be defended against through layered security.
The FDIV bug was far worse, thinking otherwise is extremely
Do you realize you are just restating your opinion, without defending the incorrect assertion that both can be worked around ?
Also, both cannot work around themselves, they need a human to implement the work around once in the program after which the work around is in place until next software update.
No the FDIV bug had no workaround, hence the recall. One could argue that you software workaround would be to not use floating point operations, but that would be quite silly.
Security is a process if you don't already have layered mitigation against Spectre/Meltdown bug then you don't care enough about your security to be concerned about this bug. Spectre/Meltdown is a bug that is present in every machine, but as a security issue will affect very few people.
If you think my assertion is incorrect then you do
Ah, you must be saying "blah blah blah" and that is silly.
Two can play this game, which is a boring one. Come back only of you have a real proof of lack of workaround about one and a real workaround of another in ALL use cases. Not sure you even comprehend this, though.
When you make your mark in the world, watch out for guys with erasers.
-- The Wall Street Journal
"I want repaired processors for free" (Score:5, Insightful)
You know, he's not wrong. This is, in impact, way bigger than Intel's FDIV fiasco and that ended up in recalls.
Re: (Score:2)
You know, he's not wrong. This is, in impact, way bigger than Intel's FDIV fiasco and that ended up in recalls.
No it's not. It is more wide spread but it certainly isn't bigger.
- The FDIV scenario could cause a wrong result from a processor. This can merely cause a security breach.
- Security can be layered and worked around. A calculator that produces the wrong answer checked by a calculator with the same fault can not work around itself.
- This fiasco relies on a targeted attack on a specific user. The FDIV bug is something a user would hit at random (and according to a citation needed quote on Wikipedia would do so
Re: (Score:2)
- The FDIV scenario could cause a wrong result from a processor. This can merely cause a security breach.
- The FDIV scenario could merely cause a wrong result from a processor. This can cause a security breach.
FTFY.
- Security can be layered and worked around. A calculator that produces the wrong answer checked by a calculator with the same fault can not work around itself.
The history, and pre-history of man (and other animals) is full of workarounds. No engineer knows the phrase "cannot be worked around", except maybe as a joke.
You also changed the grammar cunningly between the 2 sentences.
1. "Can be layered and worked around" - true for both security and wrong arithmetic answer.
2. "Can not work around itself" : true for both security and wrong arithmetic answer.
Sou
Re: (Score:2)
Whatever you think of my grammar the fact is that a calculator that miscalculates and then makes decisions on its result is bad.
A security vulnerability that requires executing code on the target combined with detailed knowledge of the target system in order to do achieve anything malicious is quite low in the grand scheme of security vulnerabilities. It is not wormable, it is not automatable, and it can be defended against through layered security.
The FDIV bug was far worse, thinking otherwise is extremely
Re:"I want repaired processors for free" (Score:2)
Do you realize you are just restating your opinion, without defending the incorrect assertion that both can be worked around ?
Also, both cannot work around themselves, they need a human to implement the work around once in the program after which the work around is in place until next software update.
Re: (Score:2)
s/that both can be worked around / that only one can be worked around /
Re: (Score:2)
No the FDIV bug had no workaround, hence the recall. One could argue that you software workaround would be to not use floating point operations, but that would be quite silly.
Security is a process if you don't already have layered mitigation against Spectre/Meltdown bug then you don't care enough about your security to be concerned about this bug. Spectre/Meltdown is a bug that is present in every machine, but as a security issue will affect very few people.
If you think my assertion is incorrect then you do
Re: (Score:2)
Ah, you must be saying "blah blah blah" and that is silly.
Two can play this game, which is a boring one. Come back only of you have a real proof of lack of workaround about one and a real workaround of another in ALL use cases. Not sure you even comprehend this, though.