Hi all, This is a few days old now, but it passed me by until now.
https://www.tomshardware.com/news/intel-arm-new-spectre-flaws,37436.html The things that caught my eye were: > The researchers noted in their paper that currently no effective static > analysis or compiler instrumentation can even detect or mitigate Spectre > 1.1. and > What the researchers are actually implying is first that software > mitigations largely depend on app developers to implement them, which means > that most applications won’t be protected, if history is any guide; second, > hardware changes will be necessary for true long-term fixes that can stop > Spectre flaws from appearing. I will be interesting to see what happens around this one, as they say that if we don't get hardware fixes we could face decades of different variations on this as software folks play whack-a-mole. So the two HPC related issues that come to mind will be: 1) It'll be interesting to see what performance impacts hardware fixes for this class of attacks will be, and whether we see vendors decide that the only way to really avoid them is to drop speculative execution. Perhaps if that penalty is large then would vendors look to have separate processor lines, one set with speculative execution for performance (but without protection) and one for security instead? 2) Will people start to look at delaying purchasing decisions until it becomes clearer how the chip vendors are going to deal with this? This might be a more pressing concern for the cloud crowd given the higher immediate exposure, but even in HPC we can't avoid the need to address this in some way (even if it's just "we did a risk assessment and we judge it to be a low risk"). Currently these new vulnerabilities are demonstrated on Intel & ARM, it will be interesting to see if AMD is also vulnerable (I would guess so). cheers! Chris -- Chris Samuel : http://www.csamuel.org/ : Melbourne, VIC _______________________________________________ Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
