[talk] Intel vulnerability discussion

George Rosamond george at ceetonetechnology.com
Wed Jan 17 16:54:00 EST 2018


Charles Sprickman:
> 
>> On Jan 17, 2018, at 4:24 PM, George Rosamond <george at ceetonetechnology.com> wrote:
>>
>> There was a conference call yesterday regarding the Intel chip security
>> issues. Ike of NYC*BUG and Ed Maste of FreeBSD among others.
>>
>> Here's the audio if anyone's interested:
>>
>> https://drive.google.com/file/d/1fkNfl1RTGiEFZ8PzjW_GTu3F1VK6WFp_/view
>>
>> https://www.gotostage.com/channel/92a6c9fc676543d68250ef5376dcfd90/recording/f80d33a2702145cab2178bbb1e8ea98e/watch?login=corporate&tos=true <https://www.gotostage.com/channel/92a6c9fc676543d68250ef5376dcfd90/recording/f80d33a2702145cab2178bbb1e8ea98e/watch?login=corporate&tos=true>
> 
> Without having listened to it yet, I’ll tell you one thing that really pisses me off about
> this…  It’s like a flashback to the ‘oughts - Linux guys get a TON of advance notice 
> - FreeBSD gets, what, a week or a few days?
> 
> In the old days I was also pissed about the *BSD red-headed stepchild treatment
> by vendors, but with FreeBSD specifically and the Foundation being a legit entity
> that can sign NDAs and the like, I don’t know what the excuse is today for not
> giving FreeBSD (or other *BSDs) more advance notice.  Really disappointing.

I don't know about NetBSD, but I believe that OpenBSD didn't get any
notification, and FreeBSD had enough time to do a press release. DragonFly?

Ultimately, you'd expect more transparency from Intel in the future. But
that same expecter would be deluding themselves.

So whatever the various memes about OpenBSD not being "trustworthy"
about keeping it quiet until public disclosure, I think their attitude
is an antidote, not a problem.

And what about Intel's collaborators/abettors in this?

g



More information about the talk mailing list