Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It's not just about security. These bugs are going to impact customers' performance by up to 30% or more and that can't be fixed. This is a huge deal for cloud providers' revenue.

The class action lawsuits are only just being filed within the past few days.

If you already know the outcome of these lawsuits, you should probably contact the lawyers and judges to let them know. /s



Well, since Google knew about this bug across the boundaries of a few quarterly reports so far, and hasn't signaled radical departures in their operational expenses, and has specifically said the impact on them was smaller than many expected [1]... I'd say we know the outcome already.

[1] https://www.theverge.com/2018/1/4/16851132/meltdown-spectre-...


Knowing about the bug != having all of their systems patched.

Also, I shouldn't have to point this out, but not everyone runs the same systems in the same fashion.

Lastly not only has everyone not patched their systems yet, but patches for many people don't even exist at this point:

https://techcrunch.com/2018/01/08/intel-ces/

I'm not trying to say it's going to be the worst case scenario, but I am saying it's extremely foolish to pretend that you can predict anything until people actually start patching their systems.

Time will tell, and it's best in every scenario to refrain from making gigantic blanket assumptions based on almost no data points.


Google said they've finished patching, and it was all done before the bug became public.

That means the people who have the best information about mitigating this issue have a fix that apparently has minimal performance impacts on their cloud workloads, and I suspect their cloud customer SLO's would be taking a shitkicking if that weren't actually true.


> That means the people who have the best information about mitigating this issue have a fix that apparently has minimal performance impacts on their cloud workloads

Could Google not just have found a mitigation with non-negligible performance impact, and made a behind the scenes change to the actual hardware resources assigned at each vCPU level to mask the average impact, eating the cost in the short term (while evening it out in the long term by delaying price decreases they would otherwise implement)?


More likely, Google made their own mitigations, that they're keeping for their own competitive advantage.

They've had a lot more time with the problem than anyone else has, and billions of dollars to gain by solving it better than anyone else.

If they had a 15-30% loss of performance in their 3+GW of infrastructure, it would almost certainly cause a significant dip in their quarterly results, and they would want to warn the markets about that well in advance to soften the blow.


Funny what they posted today:

https://techcrunch.com/2018/01/11/google-claims-its-spectre-...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: