undefined | Better HN

0 pointspaulmd4y ago0 comments

> x86 is dead, full of security issues

to be clear though: spectre/meltdown are not an x86 issue. POWER, SPARC, and indeed even ARM (although only some of their products have OoO/speculation) were affected as well. There is no magic to ARM that magically makes it secure if you don't protect against side-effecting.

I generally agree with the rest of your points, Microsoft is stuck in legacy hell with x86 and they are stuck with a customer base that specifically values that (everyone else has departed for linux or osx, they have "dead sea effect"ed themselves into a high-maintenance customer base), and they've done a super shitty job in general with 5 different generations of UX lava-layered over the top, and x86 is clearly falling behind in energy efficiency. But security isn't something intrinsic to ARM or x86, you can design a secure x86 processor and you can design an insecure ARM processor.

0 comments

3 comments · 1 top-level

jcranmer4y ago· 2 in thread

> to be clear though: spectre/meltdown are not an x86 issue. POWER, SPARC, and indeed even ARM (although only some of their products have OoO/speculation) were affected as well. There is no magic to ARM that magically makes it secure if you don't protect against side-effecting.

IIRC, M1 was even vulnerable to some of the otherwise Intel-only Meltdown (cross-privilege boundaries) exploits, let alone the more-or-less ubiquitous Spectre (only within same-privilege boundaries) exploits.

paulmdOP4y ago

Meltdown wasn't Intel-only - POWER and ARM A75 were affected as well. Meltdown affected everyone except AMD (who have had a similar issue surface themselves recently with their implementation of the PREFETCH instruction) and SPARC.

https://en.wikipedia.org/wiki/Meltdown_(security_vulnerabili...

You're not in the minority for thinking this, there was some serious journalistic miscarriage there. To a lot of people, Intel and AMD are the whole world and if it doesn't affect AMD then it's Intel-only. Even people in tech journalism.

(thought I remember Oracle eventually admitting SPARC was vulnerable as well but I can't find it so maybe not)

jcranmer4y ago

> You're not in the minority for thinking this, there was some serious journalistic miscarriage there. To a lot of people, Intel and AMD are the whole world and if it doesn't affect AMD then it's Intel-only. Even people in journalism.

As I recall, the initial investigation focused on Intel, AMD, and some ARM implementations, so that was what was reported; I personally didn't attempt to follow up on any subsequent investigations on other architectures, so I was unaware of any specific results on SPARC et al, good or bad.

j / k navigate · click thread line to collapse