IBM Power9 processors beset by Cardiac Osprey data-leaking flaw as Spectre still haunts speculative chips IBM Power9 processors, intended for data centers and mainframes, are potentially vulnerable to abuse of their speculative execution capability. The security shortcoming could allow a local user to access privileged information. On Thursday IBM published a security advisory that explains, "IBM Power9 processors could allow a …
Everything out there has "features" and performance "enhancements" that are designed to make the items easier to sell because of the features and performance, it's not just processors, it's exploding cell phones, automobiles (self-driving), airplanes (self-diving), burning door-bells etc etc etc.
Building something that works solidly is not important these days, building something that you can sell quickly is far more important, where is our world going (icon)?
General state of Engineering is less what engineers would build but rather what they are allowed to.
What do you expect when money people make all the decisions
Shame that being qualified to run a tech company is not a requirement outside of France because too many products from elsewhere are crap in a sparkly wrapper that only looks like it can do the job
I used to buy stuff from the local shop for more pounds because buying stuff over the internet took too long. Unfortunately, by the power of the leveraged buy-out, my local Maplin is no more. And conversely I find myself wasting time going to a local shop* when it would be quicker to have gone to the net first because the local shop doesn't have whatever it is I'm looking for anyway.
*Although recently a local shop did point me to https://www.screwsline.co.uk/ when they didn't have what I needed.
Buy something from a local shop and if there are any issues then you will usually get immediate support and even refunds or product replacement ... buy on-line and if there are any problems then you will have to live with them or "just return the item" and start all over again trying to find something that works.
On-line sales are much easier for the seller than the user, sellers don't care.
I am sure just as Software requirements drives hardware development and vice versa as hardware limitations "inspire" software features. ... I would have hoped that at least engineers would keep that in mind and design systems with robustness and consistency.
Speculative execution and branch prediction for common or repeateable code seems normal until you realise root level commands and userid pwds are also "predictable" :-P
There were a whole bunch of timing attacks against RSA processing in the early 2000s. All variants of "this takes longer to process/causes more cache swaps"... .... Anonymous Coward
And all still continually just dredging swamps, AC, for the pimping and pumping of rotten to the core dumps. No wonder so many systems have a real bad case of the clap happy blues. ........ stuck in a stinking rut with nothing attractive to offer and with no defences against that which, and those who have.
"The only potential problem is that this may affect performance. ..."
Tell me about it.
When Debian released fixes for SPECTRE and MELTDOWN the performance of the E3815 processors in my customers' Intel NUCs fell off a cliff.
Not just a few percent, not even a few tens of percent, but between two and three orders of magnitude!
The users would click an icon and then go have coffee to wait for the response.
To make the devices usable again I had to compile custom kernels for them.
If you actually were losing 2-3 orders of magnitude worth of performance, then you were hitting some secondary problems.
But, as I said when this came out, a 90% loss is entirely likely under a significant set of circumstances. "Flushing the L1" is HUGELY expensive--and I have doubt about the claims in the added paragraph.
This class vulnerability is endemic to speculative execution that is worth anything (that is, if it includes speculative loads) in anything resembling current architecture.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
