I just love reading all the b---s--- on this "anonymous" site. Real easy for competitors to make any sort of comments and claims, bashing competitors, and of course mine could be too. Oracle is always at the top of the list of being bashed cause everyone just loves Larry so much otherwise why even bother spending so much time bashing?
So Its clear that Meltdown and Spectre has taken the world by storm and these are hacks/bugs/design flaws that most vendors knew about over 6 months ago but haven't really made any noise about it until the press, mostly thanks to the Register, decided it was time to air out the dirty laundry and drive up click-revenue during the usually very slow January/February timeframe. Which has forced everyone to react and figure out how to fix this immediately!
Folks, these vulnerabilities have been around for last 6+ years and now all of a sudden, you want a fix tomorrow? Clearly Intel, Linus, Microsoft have all wanted to get "in front" of this, getting free marketing that they're reacted quickly and are seen as the "saviors". But look what it has gotten them? Patches and fixes that have bricked systems, slowed systems down to almost being useless, and have caused myriads of problems/issues because they spent little time testing/verifying/validating across the millions of possible variables involved with these patches. And who are the guinea pigs? We are! Customers are!
So now, its been almost a month since the news was leaked, and everyone is bashing Oracle for not releasing any public statement, no news on how its hardware is impacted, and surprisingly, everyone wondering about SPARC? Gee, if this was a dead architecture, why are so many questioning/commenting that its dead, yet everyone wants to know, is it vulnerable?
Well, if you are an Oracle customer, paying for Oracle support, you’ve all be notified already on what fixes/patches/updates are available for all of Oracle's HW systems including SPARC/Solaris. Some are already available and of course, some, like for Solaris and SPARC are not yet available. Why? Maybe because Oracle likely doesn't want to release fixes prematurely without proper testing so customers do not become the guinea pigs? After all, these vulnerabilities have been around for a while now so probably wise to do critical testing considering most of Oracles customers are running mission critical workloads and clearly cant afford the lame fixes/patches that have been released in the wild by most of the other vendors. And no, SPARC and Solaris is far from dead! There are over a thousand engineers working on SPARC/Solaris today. And whats incredible, is that its one of the only architectures out there that’s not impacted by Meltdown which is the worst of the 3 vulnerabilities! And guess what, Venom, Heartbleed and many other hacks involving memory buffer overflow are also not possible on SPARC due to its Silicon Secured Memory. And when Solaris 11.4 gets released later this year, will be the worlds leading OS to protect/secure systems, years ahead of what Linux or other Unixes will be able to achieve.