From mboxrd@z Thu Jan  1 00:00:00 1970
From: Pjotr Prins <pjotr.public12@thebird.nl>
Subject: Re: Meltdown / Spectre
Date: Tue, 16 Jan 2018 11:04:06 +0100
Message-ID: <20180116100406.GA19565@thebird.nl>
References: <87lghapeu5.fsf@gmail.com> <87incc6z9o.fsf@gmail.com>
	<87fu7g436e.fsf@fastmail.com> <87vagad3xx.fsf@netris.org>
	<87tvvukqct.fsf@gmail.com> <87efmy9bml.fsf@hyperbola.info>
	<4b496567-2d50-6973-0eda-7c18946dac1b@platen-software.de>
	<CAE4v=pj7azvDfVPFY0D=3vEg3Hu0LBRF60S4v-VSRVt5ROFH2w@mail.gmail.com>
	<20180115080745.GA12963@thebird.nl> <871siqv6t3.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:36194)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <pjotr2017@thebird.nl>) id 1ebO9U-0002Yy-AM
	for guix-devel@gnu.org; Tue, 16 Jan 2018 05:07:41 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <pjotr2017@thebird.nl>) id 1ebO9O-0006Gc-Fs
	for guix-devel@gnu.org; Tue, 16 Jan 2018 05:07:32 -0500
Content-Disposition: inline
In-Reply-To: <871siqv6t3.fsf@gnu.org>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Mike Gerwitz <mtg@gnu.org>
Cc: Guix-devel <guix-devel@gnu.org>

On Mon, Jan 15, 2018 at 10:08:56PM -0500, Mike Gerwitz wrote:
> On Mon, Jan 15, 2018 at 09:07:45 +0100, Pjotr Prins wrote:
> > GNU Guix, however, by virtue of being a GNU project is hampered by its
> > free software credentials.
> 
> "hamper" isn't a good word to use to describe the FSDG:

Shackled then ;)

I do think these breaches can lead to serious exploits, even though
taking over a computer (which is the real concern) may be very hard to
achieve and may never happen reading 'random' data. Intels management
system is a much worse and direct threat. Addressing the meltdown/spectre
breach is a good thing, but maybe a bit overrated as a threat if I
understand it correctly.

The good news, still, is that this may lead to new hardware. The time
should be close that it becomes feasible to design open hardware CPUs
and have them distributed at some scale. Security may be a great
driver. I'll buy them even if they are half the performance
of Intel offerings. Especially when they use a lot less power. There
is a nice market for that.

Pj.