970
this post was submitted on 13 Aug 2023
970 points (99.0% liked)
Technology
59598 readers
3312 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
But that's, like the one place other than games where consumers are looking for performance. What's left, web browsing and MS Office?
I just skimmed through the article and it seems like this vulnerability is only really meaningful on multi-user systems. It allows one user to access memory dedicated to other users, letting them read stuff they shouldn't. I would expect that most consumer gaming computers are single-user machines, or only have user accounts for trusted family members and whatnot, so if this mitigation causes too much of a performance hit I expect it won't be a big risk to turn it off for those particular computers.
Well, that says it all. CPU manufacturers have no incentive at all to secure the computations of multiple users on a single CPU (or cores on the same die)... why would they? They make more cash if everyone has to buy their own complete unit, and they can outsource security issues to 'the network' or 'the cloud'...
Years ago when I was in University this would have been a deathblow to the entire product line, as multi-user systems were the norm. Students logged into the same machines to do their assignments, employees logged into the same company servers for daily tasks.
I guess that isn't such a thing any more. But wow, what a sh*tshow modern CPU architecture has become, if concern for performance has completely overridden proper process isolation and security. We can't even trust that a few different users on the same machine can be separated properly due to the design of the CPU itself?
Are you aware that the majority of cpus sold today go to cloud computing? Believe it or not, but that is an application space with multiple users on the same machine.
Even on a single user machine, multiple users are very much a thing. Even Apple has left behind the DOS-like architecture where everything runs with the same rights. All current systems run with multiple concurrent users, notably root (or the Windows equivalent) and the keyboard operator (as well as dedicated ones for the various services, although that's maybe more a thing in Unix/Linux than Windows).
Good point. But I think performance is still a greater priority for those who make purchasing decisions, rather than basic security, and that's the problem.
Not at the enterprise level.
Security means compliance, which means getting/keeping contracts and not getting sued.
And they care more about performance-per-watt and density.