Hacker News new | past | comments | ask | show | jobs | submit login

What do you mean by "run completely bare with regards to microcode patches", that they don't apply microcode patches & errata?

Yes, that they did not bring up microcode patches that cover some of Spectre/Meltdown family bugs

Do you have a source for that?

GCP was "fully fixed before it was known" according to the engineers I know there. I find it /highly/ unlikely that they don't have patched microcode.

I mean, the cloud business is the place with the most to lose from these kinds of issues, I am incredibly suspicious of the claim that cloud providers aren't patching their microcode.

Whether it's intels or their own modified variant of microcode I would fully expect them to be patched in some way.

Google's researchers played a big part in discovering / classifying / mitigating the vulnerabilities. They also developed the retpoline pattern. It is very likely that GCP was "fixed before it was known."

Indeed, this is why it's unlikely that hey have the patched microcode.

How do you figure that?

They have much to lose from not applying these mitigations, especially if they're the people spending a fortune to find them.

If the grand-parents claim holds, they wouldn't have needed it because they already implemented a workaround themselves.

I honestly doubt that claim however and haven't heard it before this thread.

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact