Hacker News new | past | comments | ask | show | jobs | submit login

Do their customers want high-assurance? As I posted elsewhere, corporate IT is sophisticated enough to know the risks, and they chose to enable AMT widely. Does the level of demand make it profitable enough to justify doing? Personally I would pay a good amount for high-assurance systems - or even subsystems, as in this case - but my budget isn't unlimited. More than a small cost would be hard to sell to management, which as we all know often budgets little attention to security, much less money.

OTOH, there is a good argument that vendors know the risks much better than their customers can, and that they have a responsibility to protect their customers from dangerous options. But even that depends on the cost; everything can be made safer for greater expense. I wonder if this qualifies.




"Do their customers want high-assurance?"

Their customers prefer highly-privileged code not get hacked vs get hacked. Intel knows their dominant position with lockin to x86 code lets them ignore customers' preferences if they deliver something useful. It's an oligopoly effect.

It's actually AMD I normally suggest should compete on flexibility or security. They need the money more. ;)


> Their customers prefer ...

Sure they prefer it. I prefer a soup-to-nuts high-assurance personal laptop, or a private 747, but I'm not willing to pay for them. I know my laptop can be exploited. My point is that it's an economic question, not one of technical specifications.

> Intel knows their dominant position with lockin to x86 code lets them ignore customers' preferences if they deliver something useful. It's an oligopoly effect.

To a degree. Customer could use their TPMs for many of the same functions as ME, or get third party devices for out-of-band remote control like AMT. Intel just needs to make it good enough, but that's the 'intentional', so to speak, design of marketplaces.

I would love it if AMD took the opportunity, and security became a competitive arms race between them.


It is economic issue. Unfortunately, the incentives work against it on supply side since they maximize profit even to detriment of users. The oligopolies universally supply garbage that suits them. If it's quality or security, customers often just get used to the problems. That lowers demand side. Differentiating firms can show up but will be niche unless latching onto something big. I thought about Java, C#, or Go CPU's at one poing for application servers. Different front end with safety/security checks on top of high-performance design probably. Can't be sure on economics of it, though.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: