Hacker News new | ask | show | jobs
by mrweasel 1057 days ago
You could also read it as "Other operating systems are way to quick to adopt new features without fully considering the security ramification".

Software running on OpenBSD can clearly use AVX, but the kernel and core OS doesn't yet, which security wise seems to be the smart move.

Look at SMT, that's still disabled on OpenBSD I believe, which indicate that Intel and AMD have yet to devise a way of implementing it safely. You can enable it, if you need the speed more than security, but I doubt that many does.
1 comments
tiffanyh 1057 days ago
>"Software running on OpenBSD can clearly use AVX, but the kernel and core OS doesn't yet, which security wise seems to be the smart move."

That's not accurate. OpenBSD does use AVX, it's just very minimal.

What's the "smart move" then here? That OpenBSD just never got around to implementing AVX more thoroughly?

If you're implying that OpenBSD had always considered AVX a security issue, then why are they still having to patch for it (and why did they adopt some use of it)?

Skimming through various OpenBSD mail list, I can't find any past threads discussing their concerns about AVX prior to ZenBleed.

https://www.openbsd.org/mail.html

link
mrweasel 1057 days ago
> That OpenBSD just never got around to implementing AVX more thoroughly?

Realistically that probably the right answer, they didn't have the developers nor did they priorities going in and just retro-actively fitting AVX in everywhere where it could potentially help with speed. The "smart choice" deliberately or not, is to not just jump onto everything new but adopt new features at a slower pace.

My reaction was towards against stuff like this:

> I get frustrated because many times OpenBSD is immune to security vulnerability simply because they don't implement modern tech advancements like AVX.

I don't get that. Sure part of it is might not getting around to implementing it, but there's also an implicit choice in not just going in and adopting new features everywhere just because you might need it. OpenBSD developers doesn't seem to have viewed AVX as being something that needed to be prioritized. Otherwise it would have been in more places.

But you're right, they do use AVX, that's clearly a mistake on my part.

link
tiffanyh 1057 days ago
FWIW, my original post was mainly fueled by the fact that AVX was announced in 2008 and in both Intel & AMD chips by 2011.

So it’s not like AVX is a “new” development. It’s 12-years old.

(Not directing these comments at you. Just trying to expanded upon what drove my original post)

https://en.m.wikipedia.org/wiki/Advanced_Vector_Extensions

link
mrweasel 1057 days ago
That's honestly also a little older than I expected. It is a little weird I'll admit. It would be interesting to know if the slow adoption in OpenBSD is deliberate or done on purpose.
link