Contributed by rueda on from the moronoculture dept.
A message to tech@ from Philip Guenther (guenther@) provides the first public information from developers regarding the OpenBSD response to the recently announced CPU vulnerabilities:
So, yes, we the OpenBSD developers are not totally asleep and a handful of us are working out how to deal with Intel's fuck-up aka the Meltdown attack. While we have the advantage of less complexity in this area (e.g., no 32bit-on-64bit compat), there's still a pile of details to work through about what has to be *always* in the page tables vs what can/should/must be hidden.
Read it and weep…
(Comments are closed)
By Noryungi (noryungi) firstname.lastname@example.org on
To me, the "money quote" from the above mail was the following:
"We have received *no* non-public information. I've seen posts elsewhere by other *BSD people implying that they receive little or no prior warning, so I have no reason to believe this was specific to OpenBSD and/or our philosophy."
Let that sink in for a moment: none of the BSDs has been warned in advance. None. The only people to get information are Microsoft, Apple and probably Red Hat and other largish Linux distros... Even though Intel knew of these flaws since June 2017.
OpenBSD devs only got information because of the noise on the Linux Kernel mailing lists. This is a disgusting and irresponsible attitude from the people at Intel and other companies.
Is this how "minority" operating systems are going to be treated in the future? I hope not.
By the way, Matthew Dillon of DragonflyBSD had some choice words for Intel : http://lists.dragonflybsd.org/pipermail/users/2018-January/313758.html
By Bobby Foster (babymild) email@example.com on
interesting timeline for Ubuntu here: https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown?_ga=2.256521547.1351854662.1515382986-1697653471.1514323332