[serf]

>They acted in good faith.

That's new for a company, and it's not indicated by their PR spin right now.

What I think happened : a company produced a product with a problem. Probably not out of malice, but ignorance.

One of two things happened after, which can kill the 'good faith' argument ; the problem was found internally and hushed, or the problem was found externally and minimized to reduce financial burden arising from fixing the problem and the PR related.

We have no way of knowing how well it was known about internally, but we can all see the PR going on from Intel right now, and I hope i'm not the only one who reads into those press releases to establish intent.

[djsumdog]

Well this type of attack has been theoretical for years. The Project Zero referenced some papers from the mid-2000s that talked about it. But the implementation, even today, isn't exactly trivial.

Modern processors are insanely complex systems. Branch prediction, out of order execution, hardware virtual memory management, hardware virtualization, etc. Not to mention that these are side-channel attacks. It's not a direct vulnerability, it requires executing some code and measuring timing very precisely; similar to and oscilloscope and a very expensive safe.

Of course Intel is going to be spinning this however they can for damage control. That's what PR departments do. I still doubt engineers at Intel really thought this attack was plausible, or else they wouldn't have been engineering chips this way for the past decade.

[wyager]

> Modern processors are insanely complex systems.

And until we align their market incentives properly, silicon vendors are going to continue to ignore this fact when it comes to verification. Intel is especially bad here; they’ve had an unreasonable number of hardware bugs in recent years.

[krylon]

> The Project Zero referenced some papers from the mid-2000s that talked about it.

http://www.daemonology.net/papers/htt.pdf

[snuxoll]

Intel got a report about this vulnerability from Google in July. Intel's CEO decided to sell stock in November, scheduling the sale in October. Intel also decided to pull the Coffee Lake desktop launch in from early 2018 all the way back to the start of Q4 2017 to try stop the momentum AMD was building with Ryzen, while knowing this vulnerability was present - they're still planning on launching Cascade Lake the first half of this year and god knows if meltdown will be fixed in it or not.

Right now, I think the problem started out of ignorance - but they have abused Google's policy of responsible disclosure to hide the flaw as long as they could and take advantage of their market position while the unknowing public kept buying their products. Now they are pulling the four D's of propaganda in their PR statements all while we are seeing huge performance deltas in graphs from Epic and more?

This is straight up deceptive, I'm glad I switched back to AMD with my new gaming rig and I already have plans in the works to purchase multiple EPYC servers with our datacenter move starting next month.