I was one of those who called "no way" at first, but just yesterday I found this quote [danluu.com] from an Intel engineer. It was originally posted in a reddit thread [reddit.com] but has since been deleted - but not before being confirmed by other former engineers at Intel.
As someone who worked in an Intel Validation group for SOCs until mid-2014 or so I can tell you, yes, you will see more CPU bugs from Intel than you have in the past from the post-FDIV-bug era until recently.
If I may, I'd have to call this an anecdote rather than a quote. The description is from years after the Intel meeting, and doesn't have direct quotes of speech or writing of the personnel involved in the policy change.
With that understood about the anecdote's provenance, it is _completely_ believable. It is precisely the sort of mandate that can save a company in the short term, preserving the jobs and careers and technological development the company is doing, at the risk of a deadly failure down the road. It's the sort of business risk assessment that occurs on an annual basis when testing standards and guidelines are set. It also occurs on a daily basis when security practices are created: do we accept the risk of a breach today, while this is unpatched, versus the risk of service failure or loss of business during system updates?
"I bet they were instructed to ignore the risk" (Score:5, Interesting)
I was one of those who called "no way" at first, but just yesterday I found this quote [danluu.com] from an Intel engineer. It was originally posted in a reddit thread [reddit.com] but has since been deleted - but not before being confirmed by other former engineers at Intel.
Re:"I bet they were instructed to ignore the risk" (Score:3)
If I may, I'd have to call this an anecdote rather than a quote. The description is from years after the Intel meeting, and doesn't have direct quotes of speech or writing of the personnel involved in the policy change.
With that understood about the anecdote's provenance, it is _completely_ believable. It is precisely the sort of mandate that can save a company in the short term, preserving the jobs and careers and technological development the company is doing, at the risk of a deadly failure down the road. It's the sort of business risk assessment that occurs on an annual basis when testing standards and guidelines are set. It also occurs on a daily basis when security practices are created: do we accept the risk of a breach today, while this is unpatched, versus the risk of service failure or loss of business during system updates?
Re: (Score:3)