back to article IBM Power9 processors beset by Cardiac Osprey data-leaking flaw as Spectre still haunts speculative chips

IBM Power9 processors, intended for data centers and mainframes, are potentially vulnerable to abuse of their speculative execution capability. The security shortcoming could allow a local user to access privileged information. On Thursday IBM published a security advisory that explains, "IBM Power9 processors could allow a …

  1. Version 1.0 Silver badge
    Childcatcher

    It's the world we live in

    Everything out there has "features" and performance "enhancements" that are designed to make the items easier to sell because of the features and performance, it's not just processors, it's exploding cell phones, automobiles (self-driving), airplanes (self-diving), burning door-bells etc etc etc.

    Building something that works solidly is not important these days, building something that you can sell quickly is far more important, where is our world going (icon)?

    1. Anonymous Coward
      Anonymous Coward

      Re: It's the world we live in

      General state of Engineering is less what engineers would build but rather what they are allowed to.

      What do you expect when money people make all the decisions

      Shame that being qualified to run a tech company is not a requirement outside of France because too many products from elsewhere are crap in a sparkly wrapper that only looks like it can do the job

      1. Anonymous Coward
        Anonymous Coward

        Re: It's the world we live in

        What else do you expect when it takes money (and not much else is accepted) to pay the Bill's, get necessary equipment, and keep the lights on?

      2. Anonymous Coward
        Anonymous Coward

        Re: It's the world we live in

        Sure. I assume you've never bought cheap stuff over the Internet because your local shop was a few dollars more?

        1. Doctor Syntax Silver badge

          Re: It's the world we live in

          I used to buy stuff from the local shop for more pounds because buying stuff over the internet took too long. Unfortunately, by the power of the leveraged buy-out, my local Maplin is no more. And conversely I find myself wasting time going to a local shop* when it would be quicker to have gone to the net first because the local shop doesn't have whatever it is I'm looking for anyway.

          *Although recently a local shop did point me to https://www.screwsline.co.uk/ when they didn't have what I needed.

          1. Version 1.0 Silver badge

            Re: It's the world we live in

            Buy something from a local shop and if there are any issues then you will usually get immediate support and even refunds or product replacement ... buy on-line and if there are any problems then you will have to live with them or "just return the item" and start all over again trying to find something that works.

            On-line sales are much easier for the seller than the user, sellers don't care.

  2. man_iii

    Blues of Computing

    I am sure just as Software requirements drives hardware development and vice versa as hardware limitations "inspire" software features. ... I would have hoped that at least engineers would keep that in mind and design systems with robustness and consistency.

    Speculative execution and branch prediction for common or repeateable code seems normal until you realise root level commands and userid pwds are also "predictable" :-P

    1. Anonymous Coward
      Anonymous Coward

      Re: Blues of Computing

      Unfortunately people seem to "realise" every 10 years and then forget again. There were a whole bunch of timing attacks against RSA processing in the early 2000s. All variants of "this takes longer to process/causes more cache swaps"...

      1. amanfromMars 1 Silver badge

        Re: Blues of Computing

        There were a whole bunch of timing attacks against RSA processing in the early 2000s. All variants of "this takes longer to process/causes more cache swaps"... .... Anonymous Coward

        And all still continually just dredging swamps, AC, for the pimping and pumping of rotten to the core dumps. No wonder so many systems have a real bad case of the clap happy blues. ........ stuck in a stinking rut with nothing attractive to offer and with no defences against that which, and those who have.

  3. The Count Is Dead

    Is the media ready to admit

    That the Spectre and Meltdown type attacks are not solely and Intel problem but that they effect AMD and Power as well? They are fundamental to modern day CPU architecture.

  4. sitta_europea

    "The only potential problem is that this may affect performance. ..."

    Tell me about it.

    When Debian released fixes for SPECTRE and MELTDOWN the performance of the E3815 processors in my customers' Intel NUCs fell off a cliff.

    Not just a few percent, not even a few tens of percent, but between two and three orders of magnitude!

    The users would click an icon and then go have coffee to wait for the response.

    To make the devices usable again I had to compile custom kernels for them.

    1. Claptrap314 Silver badge

      If you actually were losing 2-3 orders of magnitude worth of performance, then you were hitting some secondary problems.

      But, as I said when this came out, a 90% loss is entirely likely under a significant set of circumstances. "Flushing the L1" is HUGELY expensive--and I have doubt about the claims in the added paragraph.

      This class vulnerability is endemic to speculative execution that is worth anything (that is, if it includes speculative loads) in anything resembling current architecture.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020