Message boards :
Number crunching :
Intel security flaw
Message board moderation
Previous · 1 . . . 3 · 4 · 5 · 6
Author | Message |
---|---|
Kissagogo27 Send message Joined: 6 Nov 99 Posts: 716 Credit: 8,032,827 RAC: 62 |
security is a feeling , not a real fact , if you trust you're secure then why install the patch ? like with cars, without siting belts or air bags , you can drive away with it .. for most people in a personnal environnement , who cares ? that's sound different for professional use indeed ... no patch for my XP with my old XP2800+ on Epox 8RDA3+ with an old Radeon 9500 (R300) it's already slow by the WEB 2.0 "revolution" all old DX9 / Flash 9 optimisations code were deleted from actuals medias .. . no more for W7 or other personal usage ... who cares about me ? really ? H4k3rs ? Cr4K3rs ? for what ? on the other side of the web, passwords/ Credits cards codes were already find by them thru majors web companies ... |
Grant (SSSF) Send message Joined: 19 Aug 99 Posts: 13736 Credit: 208,696,464 RAC: 304 |
From the horse's mouth. For context, on newer CPUs such as on Skylake and beyond, Intel has refined the instructions used to disable branch speculation to be more specific to indirect branches, reducing the overall performance penalty of the Spectre mitigation. Older versions of Windows have a larger performance impact because Windows 7 and Windows 8 have more user-kernel transitions because of legacy design decisions, such as all font rendering taking place in the kernel. We will publish data on benchmark performance in the weeks ahead. Understanding the performance impact of Spectre and Meltdown mitigations on Windows Systems. More on the issue. If there's a bright side to all this, it's that the PCID feature in Intel's x86-64 chips since 2010 can reduce the performance hit from patching Meltdown. (If you have a 32-bit system, you're on your own.) While most casual desktop users and gamers won't notice any prolonged slowdown, or any performance hit at all, people running IO or system-call intensive software, such as databases on backend servers, may notice the difference. Grant Darwin NT |
ML1 Send message Joined: 25 Nov 01 Posts: 20291 Credit: 7,508,002 RAC: 20 |
The Meltdown view according to Intel: Intel Announces 'In-Silicon' Fixes For Meltdown And Spectre Coming This Year, 10nm Update ... Intel's financial performance has always been solid, often led by stellar +60% margins, but this briefing was somewhat different as some predict that the shadow of the Meltdown and Spectre vulnerabilities threaten to blot out some of Intel's black ink. That surely didn't happen, though, as Intel posted record results yet again and its stock is up 4% after hours... ... said the company would begin to ship products with "in-silicon" fixes for the vulnerabilities this year. He did not elaborate, but logically this means that the company will include these fixes in the 10nm generation of products... ... Some analysts are predicting that Intel could experience higher sales as companies refresh their hardware to offset the lost performance from the patches... My personal reading and understanding of all that is that Intel enjoys (or has 'contrived') "stellar +60% margins" (that we overpay for) for a certain critically flawed CPU that Intel then expects us to 'buy again' for further profit... All without any assurance that there are no other security compromises/shortcomings in the name of Marketing and profit. In my humble opinion, all very curiously monopolistic... One NOT to buy into if at all possible... IT is what we allow it to be, Martin See new freedom: Mageia Linux Take a look for yourself: Linux Format The Future is what We all make IT (GPLv3) |
Keith Myers Send message Joined: 29 Apr 01 Posts: 13164 Credit: 1,160,866,277 RAC: 1,873 |
Yes, caveat emptor. Linus Torvalds, the father of Linux posted a public email where he expressed his thoughts on what Intel is doing and the proposed fixes. He calls it "utter garbage" From a thread in the Linux-Kernel forums. restrict/unrestrict Indirect Branch Speculation Seti@Home classic workunits:20,676 CPU time:74,226 hours A proud member of the OFA (Old Farts Association) |
ML1 Send message Joined: 25 Nov 01 Posts: 20291 Credit: 7,508,002 RAC: 20 |
Yes, caveat emptor. Linus Torvalds, the father of Linux posted a public email where he expressed his thoughts on what Intel is doing and the proposed fixes. He calls it "utter garbage" That's since been picked up by The Register and made a little more readable for us mere mortals: 'WHAT THE F*CK IS GOING ON?' Linus Torvalds explodes at Intel spinning Spectre fix as a security feature Patches slammed as 'complete and utter garbage' as Chipzilla U-turns on microcode Intel's fix for Spectre variant 2 – the branch target injection design flaw affecting most of its processor chips – is not to fix it. Rather than preventing abuse of processor branch prediction by disabling the capability and incurring a performance hit, Chipzilla's future chips – at least for a few years until microarchitecture changes can be implemented – will ship vulnerable by default but will include a protection flag that can be set by software. Intel explained its approach... ... The decision to address the flaw with an opt-in flag rather than activating defenses by default has left Linux kernel steward Linus Torvalds apoplectic. Known for incendiary tirades, Torvalds does not disappoint... ... Marketing spin The expectation here, at least on Torvald's part, is that a future chip addressing past flaws should include a flag or version number that tells the kernel it's not vulnerable, so no unneeded and potentially performance-killing mitigations need to be applied. In other words, the chip should indicate to the kernel that its hardware design has been revised to remove the Spectre vulnerability, and thus does not need any software mitigations or workarounds. Intel's approach is backwards, making the fix opt-in... ... Annoyed by this convoluted approach, Torvalds himself suggested Intel's motivation is avoiding legal liability... My personal understanding of that is that Intel's approach is really nasty and leaves a convoluted mess where the default is that all (including all other vendors') CPUs are assumed defective by default so as to be clobbered, but with a 'special Intel boot-time bit-flip for Intel chips' to enable for a 'security enhancement' (rather than simply use a 'bug is fixed' flag as is done for their FDIV and f00f bugs...). Utter vandalism against ALL CPUs! Or at least some bad unnecessarily convoluted code to differentiate what is or isn't 'fixed'... A follow-on fun bit: I want life to be boring, says Linus Torvalds as Linux 4.15 debuts But Linux overlord braces for more Meltdown/Spectre excitement as kernelistas clean up remaining CPU messes Linus Torvalds has hit the Go button on version 4.15 of the Linux kernel, blaming the Meltdown and Spectre CPU design flaws for the [unusual two weeks of] delay and warning of more pain to come as fixes trickle out for silicon architectures... And now for a real mind-bender for part of the fix: What is a retpoline and how does it prevent the recent kernel information disclosure attacks? ... As far as I can piece this together from the limited information at the moment, a retpoline is a return trampoline that uses an infinite loop that is never executed to prevent the CPU from speculating on the target of an indirect jump. The basic approach can be seen in... As always for those articles, the comments make for some very good reading. Warning: Keep your favored beverage well away from anything electronic or electrical whilst imbibing! :-P To summarize my personal reading and personal opinion and personal random understanding: All "very unprofessional" of Intel and a total spin of deception from the Marketing and Legal people to ... cheaply extort yet more cash from their customers. My view is that a better game is not to be a customer of Intel...! There must be some rules/laws/morals against such trickery? Especially so for such essential infrastructure that is critical to our modern livelihoods and daily lives... IT is what we allow it to be... Martin See new freedom: Mageia Linux Take a look for yourself: Linux Format The Future is what We all make IT (GPLv3) |
PhonAcq Send message Joined: 14 Apr 01 Posts: 1656 Credit: 30,658,217 RAC: 1 |
Or, rather than whinging, pouting, baiting, and otherwise speaking and behaving badly, one could, even pseudo-dieties, suggest ways to resolve the issue and overall to improve the technology. "just sayin'" |
ML1 Send message Joined: 25 Nov 01 Posts: 20291 Credit: 7,508,002 RAC: 20 |
Or, rather than whinging, pouting, baiting, and otherwise speaking and behaving badly, one could, even pseudo-dieties, suggest ways to resolve the issue and overall to improve the technology. "just sayin'" Oh... That's easy: Remove the greedy pressure to: cut corners; compromise; rush with too much haste and too little time to design/test; cook up big numbers for the sake of Marketing; and worse... A start for doing that is to promote some real and fair competition between at least five similarly sized players. And REQUIRE MEANINGFUL STANDARDS for compatibility to remove to abuse of lock-in and monopolistic lock-in. Even add some positive morals? A good start is to expand the use of FLOSS and the adoption of a fully open Meritocracy. But then again, that is a discussion to be taken up over in the politics forum... Please start your thread there? Another angle is just to compare with the background surrounding AMD, ARM, Raspberry Pi, and RISC V... IT really is what we allow it to be, Martin See new freedom: Mageia Linux Take a look for yourself: Linux Format The Future is what We all make IT (GPLv3) |
Gary Charpentier Send message Joined: 25 Dec 00 Posts: 30651 Credit: 53,134,872 RAC: 32 |
Martin, why all that, much simpler, fire the customer, he demands too much. |
ML1 Send message Joined: 25 Nov 01 Posts: 20291 Credit: 7,508,002 RAC: 20 |
This may well make for an interesting twist: Intel alerted Chinese cloud giants 'before US govt' about CPU bugs 'We certainly would have liked to have been notified of this' says Homeland Security ... The disclosure timeline raises the possibility that elements of the Chinese government may have known about the vulnerabilities before US tech giant Intel disclosed them to the American government and the public... ... a leaked memo from Intel to computer makers suggests that notification of the problem for at least one group of as-yet unnamed OEMs took place on November 29 via a non-disclosure agreement... ... Smaller cloud service providers were left playing "catch up." ... "Other folks had a six-month head start,"... All at who's expense and profit?... IT is what we allow it to be... Martin See new freedom: Mageia Linux Take a look for yourself: Linux Format The Future is what We all make IT (GPLv3) |
Mike Send message Joined: 17 Feb 01 Posts: 34258 Credit: 79,922,639 RAC: 80 |
Doesn`t surprise me much Martin. When i read about the chinese hacker group in canada last year which hacked a closed system in less than a minute without any tool all was clear to me. With each crime and every kindness we birth our future. |
kittyman Send message Joined: 9 Jul 00 Posts: 51468 Credit: 1,018,363,574 RAC: 1,004 |
Well, ya gotta ask yourself one question.................... If it took this long for this bug to come to light, how much of a problem is it really? I am thinking that the medicine is worse than the disease here. Meow. "Freedom is just Chaos, with better lighting." Alan Dean Foster |
Mike Send message Joined: 17 Feb 01 Posts: 34258 Credit: 79,922,639 RAC: 80 |
Well, ya gotta ask yourself one question.................... For a private person maybe not for big servers like a cloud and so on. Even tough i dont like how Intel deals with it. I know everything can get hacked but it shouldn`t be that easy. With each crime and every kindness we birth our future. |
Ghia Send message Joined: 7 Feb 17 Posts: 238 Credit: 28,911,438 RAC: 50 |
Well, ya gotta ask yourself one question.................... Well said...but then again, NOW every hacker knows about it and can take advantage of the weaknesses. And of course, conspiracy theories will flourish...I'm sure there will be more :). Humans may rule the world...but bacteria run it... |
Sleepy Send message Joined: 21 May 99 Posts: 219 Credit: 98,947,784 RAC: 28,360 |
I also think for small end users the patch gives more problems than it solves. For big datafarms, with plenty of information about their customers in their databases is of course another story. And to add damage, these contexts seem those more impacted in terms of performance by the patch. Concerning Intel business, my home main PC is 8 years old now. It was a good one, so it is still good enough, but 8 years are 8 years and I was considering its replacement. Given the facts, I think I will wait a little while to allow the dust to settle. This will make no good to Intel's business if I will be not alone doing so. Sleepy |
Dimly Lit Lightbulb 😀 Send message Joined: 30 Aug 08 Posts: 15399 Credit: 7,423,413 RAC: 1 |
This may well make for an interesting twist: I was wondering when you'd pop up with a biased response. Member of the People Encouraging Niceness In Society club. |
ML1 Send message Joined: 25 Nov 01 Posts: 20291 Credit: 7,508,002 RAC: 20 |
I was wondering when you'd pop up with a biased response. Please explain the bias that you see? Are we not at the wrong end of an effective monopoly?? IT is what we allow it to be... Martin See new freedom: Mageia Linux Take a look for yourself: Linux Format The Future is what We all make IT (GPLv3) |
ML1 Send message Joined: 25 Nov 01 Posts: 20291 Credit: 7,508,002 RAC: 20 |
A bit of an update from Intel: Intel Releases Fixed Spectre Patch For Skylake CPUs ... After about two weeks since its last update on the issue, Intel would like us all to know that it hasn’t forgotten about fixing the faulty BIOS updates that were distributed en masse ... If this sounds sarcastic, it’s because it’s hard not to be after reading Intel’s latest progress update on its efforts. Yes, briefly mentioned in there is the statement that Intel has released a fixed microcode update to system OEMs for Skylake CPUs, but the other 65% is just to teach us all ... That statement would be more relevant if the updates didn’t cause said systems to randomly reboot. ... Earlier, we reported that examples of Meltdown and Spectre exploits have already been spotted on the net, so what was once consolation in there being no evidence of Spectre-based exploits might be disappearing. Intel’s microcode updates are given to system OEMs that distribute them to users in the form of system BIOS updates. ... No comment from me lest the Intel fanboys/indoctrinated/faithful/blind or simply those embarrassingly overly overcharged/empoored give a random whimper... :-( IT is whatever we allow it to be... Martin See new freedom: Mageia Linux Take a look for yourself: Linux Format The Future is what We all make IT (GPLv3) |
ML1 Send message Joined: 25 Nov 01 Posts: 20291 Credit: 7,508,002 RAC: 20 |
And as for a little more of the detail of what part of the Intel flaw(s?) it is that has caused such a (IT/Cloud) world tizzy these past few weeks, see this beautifully clear description: Comment: On Understanding Spectre Meltdown CPU Vulnerabilities ... the CPU thinks that both indirect jumps look alike and starts speculatively executing at the usual address where the attacker code jumps... ... but until then speculative execution has executed pieces of code of the attacker's choosing. Code that would never be executed under normal circumstances... ... the CPU confuses them both (in the PDF's slide: ...because the CPU only stores the lower 3 nibbles "0x000" and they are exactly the same)... My reading is that for the Spectre vulnerability, Intel CPUs are vulnerable due to the Intel design/circuitry incompletely testing a cache address. IIRC, that then allows an exploit to be consistently contrived, as demonstrated by a Google example. In contrast, AMD is very much less vulnerable to Spectre due to (IIRC) hashing of ALL the address bits to determine a cache hit. IIRC, the hashing in effect randomizes the addresses to greatly complicate any exploitation for the AMD CPUs. For the Meltdown vulnerability, IIRC, this is far more serious in that all privilege checks/restrictions effectively 'melt away' so that any/all memory locations can be read completely unrestricted, by any software. My understanding is that is unique to Intel's implementation/design. All still a very big OUCH! And this looks set to roll on for some time yet... :-( IT is what we allow it to be, Martin IIRC: If I (personally) Read Correctly (and all just my own personal most humble opinion). Find out for yourself! See new freedom: Mageia Linux Take a look for yourself: Linux Format The Future is what We all make IT (GPLv3) |
©2024 University of California
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.