While all is 'calm and steady and boring' with the next kernel, Linux creator Torvalds tells an Open Source Summit crowd exactly how he feels about almost everything else.
In addition, hardware developers reinvent old ways of doing things and only learn by making all the same mistakes that have been made before. It's sad, but true.
This same criticism is validly launched at software devs all the time lol.
One thing I've anecdotalally seen and heard is hardware guys indicating that something is rock solid and solved because it's old, so building on top of it isn't a problem. Obviously we have to build on the old to get to the new, but if we just skip auditing hardware due to age we end up deploying vulnerable hardware globally. Spectre and Meltdown are an interesting example where I've heard from at least one distinguished professor that "everyone" believed branch prediction design/algorithms were essentially done. Was it adequately assessed from a security POV? Clearly not, but was it assessed from a security POV in general? I have no idea, but it would be nice as a tech enthusiast and software guy to see the other side of the fence take these things seriously in a more public way, in particular when it comes to assessing old hardware for new attack vectors.
Spectre and Meltdown are an interesting example where I’ve heard from at least one distinguished professor
that “everyone” believed branch prediction design/algorithms were essentially done.
Interesting to hear this.
Was it adequately assessed
from a security POV? Clearly not, but was it assessed from a security POV in general?
I have no idea, but it would be nice as a tech enthusiast and software guy to see the other side of the
fence take these things seriously in a more public way, in particular when it comes to assessing old hardware
for new attack vectors.
This same criticism is validly launched at software devs all the time lol.
One thing I've anecdotalally seen and heard is hardware guys indicating that something is rock solid and solved because it's old, so building on top of it isn't a problem. Obviously we have to build on the old to get to the new, but if we just skip auditing hardware due to age we end up deploying vulnerable hardware globally. Spectre and Meltdown are an interesting example where I've heard from at least one distinguished professor that "everyone" believed branch prediction design/algorithms were essentially done. Was it adequately assessed from a security POV? Clearly not, but was it assessed from a security POV in general? I have no idea, but it would be nice as a tech enthusiast and software guy to see the other side of the fence take these things seriously in a more public way, in particular when it comes to assessing old hardware for new attack vectors.
Interesting to hear this.
Right.