I saw that as well. I'm always a bit skeptical about some of these theoretical attacks. IMO there should be a "degree of difficultly" (of sorts) assigned to these hardware issues. Then you can decide on a risk strategy.
Multicore really introduced a lot of issues. For those that can remember, when a process owned the whole (single) processor things seemed bit simpler. In any case, I believe XCD summs up the issue quite nicely https://xkcd.com/538/ -- Doug > Hi all, > > This is a few days old now, but it passed me by until now. > > https://www.tomshardware.com/news/intel-arm-new-spectre-flaws,37436.html > > The things that caught my eye were: > >> The researchers noted in their paper that currently no effective static >> analysis or compiler instrumentation can even detect or mitigate Spectre >> 1.1. > > and > >> What the researchers are actually implying is first that software >> mitigations largely depend on app developers to implement them, which >> means >> that most applications wonât be protected, if history is any guide; >> second, >> hardware changes will be necessary for true long-term fixes that can >> stop >> Spectre flaws from appearing. > > I will be interesting to see what happens around this one, as they say > that if > we don't get hardware fixes we could face decades of different variations > on > this as software folks play whack-a-mole. > > So the two HPC related issues that come to mind will be: > > 1) It'll be interesting to see what performance impacts hardware fixes for > this > class of attacks will be, and whether we see vendors decide that the only > way > to really avoid them is to drop speculative execution. Perhaps if that > penalty is large then would vendors look to have separate processor lines, > one > set with speculative execution for performance (but without protection) > and > one for security instead? > > 2) Will people start to look at delaying purchasing decisions until it > becomes > clearer how the chip vendors are going to deal with this? > > This might be a more pressing concern for the cloud crowd given the higher > immediate exposure, but even in HPC we can't avoid the need to address > this in > some way (even if it's just "we did a risk assessment and we judge it to > be a > low risk"). > > Currently these new vulnerabilities are demonstrated on Intel & ARM, it > will > be interesting to see if AMD is also vulnerable (I would guess so). > > cheers! > Chris > -- > Chris Samuel : http://www.csamuel.org/ : Melbourne, VIC > > _______________________________________________ > Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing > To change your subscription (digest mode or unsubscribe) visit > http://www.beowulf.org/mailman/listinfo/beowulf > > -- > MailScanner: Clean > > -- Doug -- MailScanner: Clean _______________________________________________ Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
