Message boards :
Number crunching :
Intel security flaw
Message board moderation
Author | Message |
---|---|
Keldon ![]() ![]() ![]() Send message Joined: 28 Nov 17 Posts: 8 Credit: 57,007,955 RAC: 204,411 ![]() ![]() |
For those that have not heard, nearly all Intel CPU chips for the last 10 years have a serious security flaw that cannot be fixed by a firmware update and is having to have an operating system workaround to protect against the flaw being exploited. Linux and Windows patches for the Intel kernel security flaw are said to slow down CPU performance by between 5% to 30%. A Linux patch has already been released and tested on some systems and shows a 5% slow down for some tasks. Ironically the patch is applied irrespective of chip manufacturer meaning the current patch even slows down AMD machines without some setting changes. Anyone know how the patches will affect Seti task speeds? Anyone tested with the Linux patch? The Windows patch may not be out till 16 January so the full details of the flaw are embargoed till then but it does look to be a real bad one. |
![]() ![]() ![]() ![]() Send message Joined: 14 May 99 Posts: 40 Credit: 83,072,330 RAC: 280,506 ![]() ![]() |
Looks like pretty much no gaming hit, so probably the same for us. Phoronix has an initial bench set, with I/O getting hit pretty hard, might be some rough times ahead for Intel. The bug doesn't affect AMD but the initial patch hit all 64bit systems regardless of maker, I suspect AMD will submit a patch in the next day or two to fix that, if they've not already. In any case if one wishes to continue on anyhow (on Linux), the nopti kernel parameter will revert the patch at boot. Windows details won't be out for a couple more weeks. |
Ghia ![]() Send message Joined: 7 Feb 17 Posts: 219 Credit: 19,485,646 RAC: 29,212 ![]() ![]() |
Hehe, I know at least one here who soon will start bashing Intel (and of course continue with his Windows bashing.) There is only one King of Intel bashing.. ;-) Humans may rule the world...but bacteria run it... |
![]() ![]() ![]() ![]() Send message Joined: 14 May 99 Posts: 40 Credit: 83,072,330 RAC: 280,506 ![]() ![]() |
AMD patch is now in: https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?h=x86/pti&id=694d99d40972f12e59a3696effee8a376b79d7c8 |
Sirius B ![]() ![]() Send message Joined: 26 Dec 00 Posts: 20135 Credit: 2,732,990 RAC: 799 ![]() |
Regardless of manufacturer that's bad for computing as a whole. With the world's reliance on computers, it's bad enough having to contend with software flaws but hardware flaws... |
![]() ![]() Send message Joined: 23 Mar 17 Posts: 175 Credit: 4,015,683 RAC: 0 ![]() |
Ah sure it'll be grand...:-) |
![]() ![]() ![]() ![]() Send message Joined: 25 Dec 00 Posts: 24370 Credit: 43,815,463 RAC: 31,117 ![]() ![]() |
AMD patch is now in: Don't you mean the AMD un-patch. AMD's don't have the flaw or need the patch. |
![]() ![]() ![]() Send message Joined: 29 Apr 01 Posts: 6925 Credit: 539,220,852 RAC: 1,515,739 ![]() ![]() |
Correct. The linux kernel for AMD chips needs to have the security flaw patch removed as it is not needed. Unfortunate as they were about to lockdown the latest kernels for no more features added. Seti@Home classic workunits:20,676 CPU time:74,226 hours ![]() ![]() |
Cavalary Send message Joined: 15 Jul 99 Posts: 71 Credit: 6,495,878 RAC: 2,387 ![]() ![]() |
Things are even worse than thought from a security perspective: https://twitter.com/nicoleperlroth/status/948684376249962496 for a summary, NYT article linked there too. So Meltdown affects all Intel CPUs since '95 bar pre-2013 Itanium and Atom and the software fix will result in a hefty performance hit, mainly for I/O operations, and at least in case of Windows (since MS pushed it out already, early) said fix may not be installed for those running certain security software, while Spectre is harder to exploit but affects everything, is a fundamental flaw in CPU design and will be with us for a decade to come, the only real fix being to redesign CPU architecture and replace all CPUs in existence basically. Anyone else have the feeling that we're waking up to a new world again, a heck of a lot more dangerous one? |
![]() ![]() Send message Joined: 11 Sep 99 Posts: 6530 Credit: 191,801,067 RAC: 18,588 ![]() ![]() |
So far the details seem to be that some parts of protected kernel memory can be read. Some sites are reporting that the issue is also present in ARM processors. MS has issued the patch in November to users in the "fast ring" of updates and Apple pushed out an initial patch in early December. SETI@home classic workunits: 93,865 CPU time: 863,447 hours |
![]() ![]() ![]() Send message Joined: 29 Apr 01 Posts: 6925 Credit: 539,220,852 RAC: 1,515,739 ![]() ![]() |
It will be interesting to see how fast MS pushes out a software update. Wonder if it will go into the next Patch Tuesday? Or will they get even more proactive and release an imminent patch tomorrow? Same question for the Linux distributions. How much hysteria will this flaw produce? Not a slow tech news day today at all. See that Intel stock got hit with a 3% drop after the announcement and it looks like it is continuing after hours. Would have been nice to have held an Intel short position today before announcement. See that the Intel CEO sold off stock after he was informed of the flaw back in November. Wonder if an insider trading investigation will happen. CES attendees will something to gossip about next week. Seti@Home classic workunits:20,676 CPU time:74,226 hours ![]() ![]() |
Grant (SSSF) Send message Joined: 19 Aug 99 Posts: 10769 Credit: 150,129,044 RAC: 103,424 ![]() ![]() |
AMD patch is now in: Three are 2 different security issues, and AMD (and other manufacturers) are affected by it as well. And even for those that are affected, the impact is very, very variable. Given the time frame to develop the patches, I suspect it will be some time before the true impact is known as they (the programmers) will have more time to work on the patch & work on mitigating it's effects once they are better understood. Researchers reveal Meltdown and Spectre CPU exploits Grant Darwin NT |
![]() Send message Joined: 9 Apr 04 Posts: 7295 Credit: 2,286,585 RAC: 2,486 ![]() ![]() |
theregister.co.uk says that all chips which allow out of order processing are vulnerable. Only immune chips are Itanium and Atom before 2013, because they don't allow out of order processing. Tullio |
Richard Haselgrove ![]() Send message Joined: 4 Jul 99 Posts: 12579 Credit: 131,211,711 RAC: 62,628 ![]() ![]() |
Wonder if it will go into the next Patch Tuesday?The advance 'Update Summary' for this month (which I received by email from Microsoft at 03:12 UTC this morning - about 8 hours ago) suggests that there WON'T be anything. The only critical update seems to be browser-related, not kernel. |
Keldon ![]() ![]() ![]() Send message Joined: 28 Nov 17 Posts: 8 Credit: 57,007,955 RAC: 204,411 ![]() ![]() |
Meltdown and Spectre have their own website which can be found here:- https://spectreattack.com/ |
Keldon ![]() ![]() ![]() Send message Joined: 28 Nov 17 Posts: 8 Credit: 57,007,955 RAC: 204,411 ![]() ![]() |
Good news - Meltdown, which affects almost all Intel chips, should be mitigated by patches and firmware updates with a potential slowdown dependent on activity, yet to be fully ascertained, but which may be reduced over time with more refined patches. Bad news - Spectre, which affects AMD, Arm and others as well as Intel (basically almost every computer, tablet and smartphone in the world), while more difficult to exploit is also proving more difficult to fully patch against so far. Solution from US Government - replace your CPU! https://www.kb.cert.org/vuls/id/584653 With what? Nearly all CPUs in production and development have the Spectre flaw. By implication, if you want to be secure switch off all your computers, tablets and smartphones until about 2021 when CPUs without the flaw may become available in bulk. Oh and don't buy any new ones in the meantime. Although the risk may be very low, we are going to have to live with it for at least a few years. Hopefully patches will be developed which fully mitigate Spectre. Some people are going to have to buy machines knowing they are flawed but many will probably wait. We are going to see a race. Every CPU manufacturer will have to work out how to dump existing pipelines, redesigning, testing and manufacturing completely new CPU designs. They may not all survive the inevitable lawsuits and costs. |
![]() ![]() ![]() ![]() ![]() Send message Joined: 17 Feb 01 Posts: 31556 Credit: 69,732,700 RAC: 29,481 ![]() ![]() |
From Tom Lendacky <> With each crime and every kindness we birth our future. |
Sirius B ![]() ![]() Send message Joined: 26 Dec 00 Posts: 20135 Credit: 2,732,990 RAC: 799 ![]() |
What the big boys said You got to love their PR guys :-) "Intel believes its products are the most secure in the world and that, with the support of its partners, the current solutions to this issue provide the best possible security for its customers." |
Cygnus X-1 Send message Joined: 15 Feb 04 Posts: 61 Credit: 2,379,869 RAC: 1,530 ![]() ![]() |
I wonder if this will lead to an increased popularity for alternative architectures, assuming they are unaffected by these flaws. |
©2019 University of California
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.