Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Wednesday January 17 2018, @07:51PM   Printer-friendly
from the oughta-be-a-law dept.

Vox Media website theverge.com reports that Rep. Jerry McNerney (D-CA) wants answers about the recent computer chip chaos.

Congress is starting to ask hard questions about the fallout from the Meltdown and Spectre vulnerabilities. Today, Rep. Jerry McNerney (D-CA) sent a letter [(pdf)] requesting a briefing from Intel, AMD, and ARM about the vulnerabilities’ impact on consumers.

[...] The two vulnerabilities are “glaring warning signs that we must take cybersecurity more seriously,” McNerney argues in the letter. “Should the vulnerabilities be exploited, the effects on consumers’ privacy and our nation’s economy and security would be absolutely devastating.”

Privately disclosed to chipmakers in June of 2016, the Meltdown and Spectre bugs became public after a haphazard series of leaks earlier this month. In the aftermath, there have been significant patching problems, including an AMD patch that briefly prevented Windows computers from booting up. Intel in particular has come under fire for inconsistent statements about the impact of the bugs, and currently faces a string of proposed class-action lawsuits relating to the bugs.

Meltdown can be fixed through a relatively straightforward operating-system level patch, but Spectre has proven more difficult, and there have been significant patching problems in the aftermath. The most promising news has been Google’s Retpoline approach, which the company says can protect against the trickiest Spectre variant with little negative performance impact.

The letter calls on the CEOs of Intel, AMD, and ARM to answer (among other things) when they learned about these problems and what they are doing about it.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by legont on Wednesday January 17 2018, @09:04PM (6 children)

    by legont (4179) on Wednesday January 17 2018, @09:04PM (#623805)

    Who is more dangerous - an engineer who designed a faulty bridge or a computer "architect"? Congress should as a bare minimum require licenses for developing software similar to engineers, doctors, and most importantly dentists. Existing "dentists" with at least 10 years of American experience shall be granted the license. Moreover, the association of such programmers shall decide how much foreign workers certification shall cost. Say 5 years 50K per year for now? That would put a nice floor under our compensation packages.

    --
    "Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by PartTimeZombie on Wednesday January 17 2018, @09:16PM (3 children)

    by PartTimeZombie (4827) on Wednesday January 17 2018, @09:16PM (#623811)

    Your suggestion sounds a lot like the Medieval Guilds, and they wound up opponents of innovation and often ran cartels. [wikipedia.org]

    • (Score: 2) by legont on Wednesday January 17 2018, @09:37PM (1 child)

      by legont (4179) on Wednesday January 17 2018, @09:37PM (#623825)

      No matter what label is attached to it, but that's how professionals work in this country. Programmers so far are not professionals and that's why we have all this. Yes, I know that every new profession started this unlicensed way but ones it became important it had to be licensed.

      BTW, no, I don't believe they will do it - not until after the blackout. But the blackout could happen anytime and just may be it is in progress and the spectre exploit is in the wild wiping out everything in sight as we speak. Who knows... what I think is that the crash will look exactly like it looks right now. The bugs have all the necessary properties.

      --
      "Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
      • (Score: 0) by Anonymous Coward on Wednesday January 17 2018, @10:40PM

        by Anonymous Coward on Wednesday January 17 2018, @10:40PM (#623873)

        Programmers so far are not professionals and that's why we have all this.

        No, it is electronic engineers who design the chips that are at the centre of this. The programmers are the ones who have spent the past 6 months creating the workarounds (not "fixes", despite what Intel would have you believe) for these insecure chip designs.

    • (Score: 0) by Anonymous Coward on Wednesday January 17 2018, @11:10PM

      by Anonymous Coward on Wednesday January 17 2018, @11:10PM (#623894)

      Screen Actor's Guild
      Writer's Guild
      Maintenance Engineer's Union
      Welder's Union
      Machinist's Union
      etc.

      We have Guilds today, some of them named as such, some of them not. Some actually invest time in innovation, while others spend time in legislation.

      The real problem here has nothing to do with certifying professionals in the field. It has to do with public documentation, review, quality assurage, and then periodic public audits after the fact.

      Without all these steps and probably a few I forgot practiced regularly and frequently, we will never be able to trust hardware, software, or standard engineering or common practices and procedures basically anywhere.

  • (Score: 1) by tftp on Wednesday January 17 2018, @11:07PM (1 child)

    by tftp (806) on Wednesday January 17 2018, @11:07PM (#623893) Homepage

    Congress should as a bare minimum require licenses for developing software similar to engineers, doctors, and most importantly dentists.

    Don't know about licensing of dentists. However licensing of coders will not have any effect simply because they are not the deciding force in any project. If they say "stop, we must rewrite the existing code from PHP to Forth to improve safety" they will be asked to do what they are told or quit.

    Most software is designed for speed, cost and functionality. Optimizations like security are left for later (a.k.a. never.) You cannot do that when you design a bridge. The professional engineer has the law on his side, the management has no power to force the engineer to produce a defective construction. But consequences of a defective, insecure code are next to zero - just issue a patch if you are generous. The typical response is to upgrade to the new version. It might have a different set of bugs.

    • (Score: 2) by legont on Wednesday January 17 2018, @11:37PM

      by legont (4179) on Wednesday January 17 2018, @11:37PM (#623905)

      Yes, current software age is very similar to times when cold was treated by a mixture of cocaine and morphine. It is very effective - costs and otherwise - and enjoyable. Unfortunately, those times are gone. Similarly "free" approach to software development will be gone one day.

      BTW, when Congress says "fix it or we will" I suspect it's what they mean. I also suspect it is the main reason why say Google calls his workers engineers and develops certification programs. When the shit hits the fan Google wants to be prepared.

      --
      "Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.