CPU and kernel engineers don't have the necessary security mindset
When CPUs and the internet were being designed the level of adoption we are seeing was not anticipated. Similar to how nature engineered humans with lots of potential exploits. Now that we are aware of both the possibility and risk of every single person being exploited simultaneously, we must act accordingly and defend ourselves.
In other words, a huge amount of effort must be put into securing basic infrastrucure (including CPUs), somehow.
So long as humanity continues to be at war, we must continue to act as if that is the case. Kudos to Google for figuring this out. But do you really want the "don't be evil" company that profits almost exclusively based on ads to be your only true line of defense? Do you want it to be your government, versus other governments?
What we have just experienced is a precursor to something deeply terrifying. We must, somehow, act to prevent it.
2 comments
[ 3.5 ms ] story [ 14.1 ms ] threadMore likely than not, the misfeature was a calculated risk, either at inception or after the fact. And I bet Intel has had investigators quietly doing damage control internally for the past several weeks or months in anticipation of subpoenas.
Some ARM CPUs apparently can leak system register values, a much narrower version of the Intel design issue. And I'd bet that was also a calculated risk undertaken at some point in the design phase.
On the flip side, it's not a coincidence that AMD isn't vulnerable like Intel and ARM chips are.
Ultimately I don't think the issue is that people are blind to the problems, it's that they systematically underestimate the potential for exploitation. And ultimately that's because of the economics at play: at the end of the day even if, theoretically, Intel lost some huge class action suit, they'd still probably enjoy a net gain for their misestimation of the risk.
And it's not just Intel. Otherwise good engineers are absolutely confident that containers and VMs provide strong isolation guarantees, despite years of exploits, simply because were the marketing and technical literature completely true and accurate it would make it cheaper and easier to design and deploy software services. It's motivated thinking, not ignorance. Every time these exploits come out nobody is particularly surprised--it's always 100% obvious in retrospect, and it would be 100% obvious prospectively if the incentives were better aligned.