Vote 2020 graphic
Everything you need to know about and expect during
the most important election of our lifetimes

Linus Torvalds Is Not Happy About Intel's Meltdown and Spectre Mess

Linus Torvalds in 1999. Photo: AP
Linus Torvalds in 1999. Photo: AP

Famed Linux developer Linus Torvalds has some pretty harsh words for Intel on the fiasco over Meltdown and Spectre, the massive security flaws in modern processors that predominantly affect Intel products.

Advertisement

Meltdown and Spectre exploit an architectural flaw with the way processors handle speculative execution, a technique that most modern CPUs use to increase speed. Both classes of vulnerability could expose protected kernel memory, potentially allowing hackers to gain access to the inner workings of any unpatched system or penetrate security measures. The flaw can’t be fixed with a microcode update, meaning that developers for major OSes and platforms have had to devise workarounds that could seriously hurt performance.

In an email to a Linux list this week, Torvalds questioned the competence of Intel engineers and suggested that they were knowingly selling flawed products to the public. He also seemed particularly irritated that users could expect a five to 30 percent projected performance hit from the fixes.

Advertisement

“I think somebody inside of Intel needs to really take a long hard look at their CPU’s, and actually admit that they have issues instead of writing PR blurbs that say that everything works as designed,” Torvalds wrote. “.. and that really means that all these mitigation patches should be written with ‘not all CPU’s are crap’ in mind.”

“Or is Intel basically saying ‘we are committed to selling you shit forever and ever, and never fixing anything’?” he added. “Because if that’s the case, maybe we should start looking towards the ARM64 people more.”

“Please talk to management,” Torvalds concluded. “Because I really see exactly two possibibilities:—Intel never intends to fix anything OR—these workarounds should have a way to disable them. Which of the two is it?”

As Business Insider noted, as the person in charge of the open-source Linux kernel, Torvalds may be freer to share his opinion on Intel’s explanation for the issue than engineers working for the company’s business partners. Intel is currently being hit by a series of class action lawsuits citing the flaws and its handling of the security disclosure.

Advertisement

While workaround fixes for affected systems—or at the very least, those that are still supported by developers—have begun rolling out, per Wired, they’re far from an ideal solution. Meltdown patches are available for Microsoft, Apple, Google and Linux systems, though Spectre is a far more difficult to resolve vulnerability and it may in fact be impossible to guard against it entirely without replacing hardware. While consumer systems are impacted, enterprise systems like cloud service providers may suffer the biggest performance hits, take the longest to patch, and are the likeliest targets of any malware targeting the exploits.

“One of the most confusing parts of this whole thing is that there are two vulnerabilities that affect similar things, so it’s been challenging just to keep the two separate,” TrustedSec security researcher Alex Hamerstone told Wired. “But it’s important to patch these because of the type of deep access they give. When people are developing technology or applications they’re not even thinking about this type of access as being a possibility so it’s not something they’re working around—it just wasn’t in anybody’s mind.”

Advertisement

[IT Wire/Business Insider]

"... An upperclassman who had been researching terrorist groups online." - Washington Post

Share This Story

Get our newsletter

DISCUSSION

gommerthus
gommerthus

I think if Linus gave a crap outside just the kernel and maybe things like GUI, I think that maybe we could have had a serious contender for the Desktop OS for gaming and entertainment purposes besides just MacOS and Windows(OK Linux-on-the-desktop guys I know you’re here and you’re brandishing your digital weapons).

You’re about to say, well there’s Steam on Linux. It also doesn’t have all the titles. Remember the Steam console? Many other games have an equivalent launcher for Windows and Mac such as Blizzard titles(OK fine - Destiny 2 only runs on Windows).

I don’t know, but I don’t regard him with level of worship that some others might, the father of Linux and all that. I don’t admire him for the way he treats others with his tirades and verbal abuse and his “LOOK MY WAY IS RIGHT AND YOU’RE WRONG” by default, anytime anyone dares to question or wish changes on his holy kernel. And I know he’s gonna say to any of the times there’s been kernel exploits on a child platform or another, that well it wasn’t patched and that has nothing to do with him and he sure doesn’t care.

That’s not the kind of attitude that I’d aspire to be, but that’s just me. People here might disagree, but I don’t like this “I can be a jerk because I’m always right” type of mentality and be rewarded for it.