• hungrybread [comrade/them]@hexbear.net
    link
    fedilink
    English
    arrow-up
    6
    ·
    8 months ago

    In addition, hardware developers reinvent old ways of doing things and only learn by making all the same mistakes that have been made before. It’s sad, but true.

    This same criticism is validly launched at software devs all the time lol.

    One thing I’ve anecdotalally seen and heard is hardware guys indicating that something is rock solid and solved because it’s old, so building on top of it isn’t a problem. Obviously we have to build on the old to get to the new, but if we just skip auditing hardware due to age we end up deploying vulnerable hardware globally. Spectre and Meltdown are an interesting example where I’ve heard from at least one distinguished professor that “everyone” believed branch prediction design/algorithms were essentially done. Was it adequately assessed from a security POV? Clearly not, but was it assessed from a security POV in general? I have no idea, but it would be nice as a tech enthusiast and software guy to see the other side of the fence take these things seriously in a more public way, in particular when it comes to assessing old hardware for new attack vectors.

    • lemmyreaderOP
      link
      fedilink
      English
      arrow-up
      4
      ·
      8 months ago

      Spectre and Meltdown are an interesting example where I’ve heard from at least one distinguished professor that “everyone” believed branch prediction design/algorithms were essentially done.

      Interesting to hear this.

      Was it adequately assessed from a security POV? Clearly not, but was it assessed from a security POV in general? I have no idea, but it would be nice as a tech enthusiast and software guy to see the other side of the fence take these things seriously in a more public way, in particular when it comes to assessing old hardware for new attack vectors.

      Right.