Spectre NG - ... "but wait, there's more"

What is the context here? And where is that from?

These are just older intel graphics driver vulnerabilities.
Not relevant here.

New flaws and even more patches - “Spectre Next Generation” is just around the corner.

Uhm, yeah. That is what this is about.
Coffee?

The latest info should pop up soon.

It is so much more civil and boring when it is not.
“Intel cannot fix this so we are 1 giving one day notice and opening it to the public”
“Intel stock will be worth zero”

I did read somewhere intel believes in can fix half in the 90 days and the rest in 180 days. If true and their given the time. It is business as usual.
Microsoft committed to pushing microcode bypassing MB vendors. I assume Linux will as well. How that goes will be interesting.

No doubt they can fix it, that was never really in question. The question is how much performance they need to sacrifice to do it.

In a twist of events that will surprise literally no one…

Dammit Wesley!

AMD weren’t susceptible to Meltdown. And they weren’t “as susceptible” to spectre as intel.

So… in other words - its a functionality bug. You can slice it any way you want, but the security boundary is not being enforced, when the CPU is designed and marketed as being capable of enforcing security boundaries.

If my code (for example) does something unexpected because of a problem with the Windows provided libraries, it’s still a bug. I can’t pass it off as not a bug because historical reasons that i don’t want to deal with. It is still a bug and one way or another needs to be fixed.

Not a surprise. My haswell refresh box was randomly powering down hard throughout March due to bungled Windows 10 / microcode patches.

Was fine in april
Upgraded to 1804 on the weekend and the random power downs are back.

Box has been 100% stable in the past, and still is under Linux.

This will hurt intel a bit. Right of the heels of “We just fixed our new line of CPUs”, this drops. Now they can’t sit on their hands for 6 months and hope no one notices! The proverbial cat is out of the bag early.

its not really a functionality bug as the code is doing what its designed todo and the problem lies with the CPU. Spectre attacks the very process of boundary checking by using side channels attacks against speculative execution. You just watch what the cpu does and how long each action takes to happen. Some actions take longer todo certain things than others.

So you can force the cpu to check if some memory equals something and if it is true then it will take slightly longer then if it was false even though you dont have access to it in the first place. This is means its near impossible to fix without changing silicon because the CPU is “working as intended” and it exploits that.

i.e., hardware bug

intel may claim working as intended, but it simply is not. they’re just playing language games to attempt to avoid a lawsuit.

it is intended to provide process isolation and vm isolation at the hardware level. it leaks info. that isn’t intended behaviour. thus, it is a bug.

no matter what linguistic gymnastics intel want to play.

working as designed maybe, but not as intended.

yes and no. more of a side effect thats being exploited than a bug. either way its going to take almost a entire silicon redesign to properly fix it. Not a fix were gonna see until about 10-15 years from now probably since that takes alot of time and money

Think 3-5 years.

Yeah, that’s a fair way to put it.

that would be nice but im not expecting it. i would suspect that to be just a simple fix though