Go Back   Freethought Forum > The Marketplace > Computers & Technology

Reply
 
Thread Tools Display Modes
  #1  
Old 01-03-2018, 07:43 AM
ceptimus's Avatar
ceptimus ceptimus is offline
puzzler
 
Join Date: Aug 2004
Location: UK
Posts: XVMMDCCLXXXIX
Images: 28
Default Latest Intel security flaw in the news

This looks like a big one. All Intel processors from the last ten years or so are affected. Microsoft, Apple and Linux are all pushing out security updates over the next few days to work around the flaw. This will result in a performance hit of a few percent up to as much as thirty percent depending on the application. AMD processors aren't affected.

My understanding is that the flaw allows applications to probe kernel memory in a round-about way and this allows data from different processes to be read by other applications. In principle this could allow some code running in a browser to read passwords and similar being used by other programs running at the same time. Linus has christened the Linux kernel update with the acronym FUCKWIT. He's obviously not amused.
__________________
Reply With Quote
Thanks, from:
Ari (01-03-2018), But (01-04-2018), Ensign Steve (01-08-2018), Kamilah Hauptmann (01-03-2018), Kyuss Apollo (01-09-2018), lisarea (01-03-2018), Qingdai (01-29-2018), SR71 (01-07-2018), The Man (01-03-2018)
  #2  
Old 01-03-2018, 09:15 AM
JoeP's Avatar
JoeP JoeP is online now
Solipsist
 
Join Date: Jul 2004
Location: Kolmannessa kerroksessa
Gender: Male
Posts: XXXVMMV
Images: 18
Default Re: Latest Intel security flaw in the news

No links? references? citations? photos, even?
__________________

:roadrun:
Free thought! Please take one!

:unitedkingdom:   :southafrica:   :unitedkingdom::finland:   :finland:
Reply With Quote
  #3  
Old 01-03-2018, 09:20 AM
JoeP's Avatar
JoeP JoeP is online now
Solipsist
 
Join Date: Jul 2004
Location: Kolmannessa kerroksessa
Gender: Male
Posts: XXXVMMV
Images: 18
Default Re: Latest Intel security flaw in the news

A quick search on "linus fuckwit" suggests he likes to use that term quite often.

Meanwhile
'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign • The Register
Quote:
At one point, Forcefully Unmap Complete Kernel With Interrupt Trampolines, aka FUCKWIT, was mulled by the Linux kernel team, giving you an idea of how annoying this has been for the developers.
__________________

:roadrun:
Free thought! Please take one!

:unitedkingdom:   :southafrica:   :unitedkingdom::finland:   :finland:
Reply With Quote
Thanks, from:
Ari (01-03-2018), ceptimus (01-03-2018), chunksmediocrites (01-06-2018), Kamilah Hauptmann (01-03-2018), SR71 (01-07-2018), The Man (01-03-2018)
  #4  
Old 01-03-2018, 09:25 AM
JoeP's Avatar
JoeP JoeP is online now
Solipsist
 
Join Date: Jul 2004
Location: Kolmannessa kerroksessa
Gender: Male
Posts: XXXVMMV
Images: 18
Default Re: Latest Intel security flaw in the news

Technical guessulation and specwork ...

python sweetness — The mysterious case of the Linux Page Table...
__________________

:roadrun:
Free thought! Please take one!

:unitedkingdom:   :southafrica:   :unitedkingdom::finland:   :finland:
Reply With Quote
Thanks, from:
Ari (01-03-2018), mickthinks (01-03-2018), The Man (01-03-2018)
  #5  
Old 01-03-2018, 04:38 PM
ceptimus's Avatar
ceptimus ceptimus is offline
puzzler
 
Join Date: Aug 2004
Location: UK
Posts: XVMMDCCLXXXIX
Images: 28
Default Re: Latest Intel security flaw in the news

AMD shares are up 7% and Intel shares down 4%. The CEO of Intel is rumored to have recently sold a huge part of his Intel stock. This is insider trading in some form and sucks.

There are also rumors that Intel insiders have known about the flaw for at least the last five years but have been told to keep quiet "while a solution is sought." The fact that Microsoft, Linux, and Apple have been secretly working on a work-around for the last few months probably means that Intel have now given up on the idea of fixing the problem by a processor microcode update.

There either has been, or has threatened to be, some kind of security exploit based around the hardware flaw - and the details about that were likely to leak into the public domain eventually.
__________________
Reply With Quote
Thanks, from:
Ari (01-03-2018), But (01-04-2018), chunksmediocrites (01-06-2018), Crumb (01-03-2018), JoeP (01-03-2018), Kamilah Hauptmann (01-03-2018), Kyuss Apollo (01-09-2018), SR71 (01-07-2018), The Man (01-03-2018)
  #6  
Old 01-03-2018, 08:29 PM
Ari's Avatar
Ari Ari is offline
I read some of your foolish scree, then just skimmed the rest.
 
Join Date: Jan 2005
Location: Bay Area
Gender: Male
Posts: XMDCCCLV
Blog Entries: 8
Default Re: Latest Intel security flaw in the news

Not mentioned yet is that every intel processor is going to take a 15-30% performance hit. Which annoying for the average user means giant cloud services that use intel just lost 30% of the capability over night. The reason for the hit is the patch is a work around, sacrificing clock cycles to make sure things are secure.
Reply With Quote
Thanks, from:
chunksmediocrites (01-06-2018), Crumb (01-03-2018), Kamilah Hauptmann (01-03-2018), lisarea (01-03-2018), The Man (01-04-2018)
  #7  
Old 01-03-2018, 10:50 PM
ceptimus's Avatar
ceptimus ceptimus is offline
puzzler
 
Join Date: Aug 2004
Location: UK
Posts: XVMMDCCLXXXIX
Images: 28
Default Re: Latest Intel security flaw in the news

I did mention it in the OP. I think the performance hit is being hyped right now. Once the patches have been rolled out, I'm sure we'll see "before and after" benchmarks that measure the actual performance hit for various types of application.
__________________
Reply With Quote
Thanks, from:
Ari (01-04-2018), chunksmediocrites (01-06-2018), JoeP (01-04-2018), Kamilah Hauptmann (01-03-2018), SR71 (01-07-2018), The Man (01-04-2018)
  #8  
Old 01-04-2018, 12:39 PM
But's Avatar
But But is offline
This is the title that appears beneath your name on your posts.
 
Join Date: Jun 2005
Gender: Male
Posts: MVDCCCLXXIII
Default Re: Latest Intel security flaw in the news

Bah. I was going to say that I'm glad I don't use Intel processors, but I just bought a laptop that has one.
Reply With Quote
  #9  
Old 01-05-2018, 01:12 PM
JoeP's Avatar
JoeP JoeP is online now
Solipsist
 
Join Date: Jul 2004
Location: Kolmannessa kerroksessa
Gender: Male
Posts: XXXVMMV
Images: 18
Default Re: Latest Intel security flaw in the news

Moar:
Meltdown and Spectre: ‘worst ever’ CPU bugs affect virtually all computers | Technology | The Guardian

Which talks about 2 separate issues (and gives them names!!!!) - and suggests that ARM and AMD chips are not completely in the clear.
__________________

:roadrun:
Free thought! Please take one!

:unitedkingdom:   :southafrica:   :unitedkingdom::finland:   :finland:
Reply With Quote
Thanks, from:
But (01-06-2018), ceptimus (01-05-2018), chunksmediocrites (01-06-2018), Crumb (01-05-2018), lisarea (01-05-2018), mickthinks (01-05-2018), The Man (01-05-2018)
  #10  
Old 01-06-2018, 06:02 PM
ceptimus's Avatar
ceptimus ceptimus is offline
puzzler
 
Join Date: Aug 2004
Location: UK
Posts: XVMMDCCLXXXIX
Images: 28
Default Re: Latest Intel security flaw in the news

__________________
Reply With Quote
Thanks, from:
But (01-06-2018), ChuckF (01-07-2018), lisarea (01-07-2018), The Man (01-07-2018)
  #11  
Old 01-07-2018, 05:40 PM
Corona688's Avatar
Corona688 Corona688 is offline
Forum Killer
 
Join Date: Aug 2004
Posts: MVCII
Default Re: Latest Intel security flaw in the news

I can't remember the last time I even saw AMD anything for sale. Maybe this will help.
__________________
Reply With Quote
Thanks, from:
The Man (01-07-2018)
  #12  
Old 01-07-2018, 07:26 PM
SR71's Avatar
SR71 SR71 is offline
Stoic Derelict... The cup is empty
 
Join Date: Sep 2011
Location: The Dustbin of History
Gender: Male
Posts: VMCCXXXIX
Blog Entries: 1
Images: 2
Default Re: Latest Intel security flaw in the news

Quote:
Originally Posted by But View Post
Bah. I was going to say that I'm glad I don't use Intel processors, but I just bought a laptop that has one.
Me too. :sadcheer:
__________________
Chained out, like a sitting duck just waiting for the fall _Cage the Elephant
Reply With Quote
  #13  
Old 01-07-2018, 08:42 PM
SR71's Avatar
SR71 SR71 is offline
Stoic Derelict... The cup is empty
 
Join Date: Sep 2011
Location: The Dustbin of History
Gender: Male
Posts: VMCCXXXIX
Blog Entries: 1
Images: 2
Default Re: Latest Intel security flaw in the news

I heard on NPR that it will be a few years to nearly a decade to design and field processors that eliminate the exploitable fault.

:???:
__________________
Chained out, like a sitting duck just waiting for the fall _Cage the Elephant
Reply With Quote
Thanks, from:
But (01-08-2018), ceptimus (01-07-2018), lisarea (01-07-2018), The Man (01-07-2018)
  #14  
Old 01-08-2018, 09:50 AM
Kamilah Hauptmann's Avatar
Kamilah Hauptmann Kamilah Hauptmann is offline
Shitpost Sommelier
 
Join Date: Mar 2016
Posts: XVMCMXXIII
Default Re: Latest Intel security flaw in the news

This update was fun. (Ran into this.)

~~~

Symptom:
Windows Update History reports that KB4054517 failed to install because of Error 0x80070643.

Workaround:
Even though the update was successfully installed, Windows Update incorrectly reports that the update failed to install. To verify the installation, select Check for Updates to confirm that there are no additional updates available.

You can also type About your PC in the Search box on your taskbar to confirm that your device is using the expected OS build.

Microsoft is working on a resolution and will provide an update in an upcoming release.
__________________
Peering from the top of Mount Stupid

:AB: :canada:
Reply With Quote
Thanks, from:
ChuckF (01-09-2018)
  #15  
Old 01-08-2018, 12:52 PM
ceptimus's Avatar
ceptimus ceptimus is offline
puzzler
 
Join Date: Aug 2004
Location: UK
Posts: XVMMDCCLXXXIX
Images: 28
Default Re: Latest Intel security flaw in the news

Eben Upton (Raspberry Pi founder) posted a good explanation of the processor flaws and why the Raspberry Pi is immune (basically because it uses an older version of the ARM core that doesn't do any/as much speculative execution as more modern Intel/AMD/ARM chips).

Why Raspberry Pi isn't vulnerable to Spectre or Meltdown - Raspberry Pi

Although all the newer chips from all the manufacturers are vunerable to some extent, it's still Intel chips that have the greatest vulnerabilities and will slow down the most when patches are applied to work around the flaws. The only real answer to the security problem without slowing things down is a complete redesign of the way speculative execution (hence 'Spectre') is carried out by all modern multi-core chips. This will likely take years.
__________________

Last edited by ceptimus; 01-08-2018 at 01:03 PM.
Reply With Quote
Thanks, from:
Ari (01-08-2018), ChuckF (01-09-2018), Corona688 (01-09-2018), Crumb (01-08-2018), fragment (01-09-2018), JoeP (01-08-2018), Kamilah Hauptmann (01-08-2018), lisarea (01-08-2018), Qingdai (01-29-2018), specious_reasons (01-08-2018), SR71 (01-13-2018), The Man (01-08-2018)
  #16  
Old 01-08-2018, 12:57 PM
JoeP's Avatar
JoeP JoeP is online now
Solipsist
 
Join Date: Jul 2004
Location: Kolmannessa kerroksessa
Gender: Male
Posts: XXXVMMV
Images: 18
Default Re: Latest Intel security flaw in the news

Great explanation.
__________________

:roadrun:
Free thought! Please take one!

:unitedkingdom:   :southafrica:   :unitedkingdom::finland:   :finland:
Reply With Quote
  #17  
Old 01-09-2018, 05:04 AM
Kamilah Hauptmann's Avatar
Kamilah Hauptmann Kamilah Hauptmann is offline
Shitpost Sommelier
 
Join Date: Mar 2016
Posts: XVMCMXXIII
Default Uh oh

__________________
Peering from the top of Mount Stupid

:AB: :canada:
Reply With Quote
Thanks, from:
Ari (01-09-2018), BrotherMan (01-09-2018), ceptimus (01-09-2018), Crumb (01-09-2018), curses (01-09-2018), JoeP (01-09-2018), Kyuss Apollo (01-09-2018), lisarea (01-09-2018), Pan Narrans (01-09-2018), Sock Puppet (01-09-2018), Stormlight (01-29-2018), The Man (01-09-2018), Zehava (01-09-2018)
  #18  
Old 01-09-2018, 08:39 PM
ceptimus's Avatar
ceptimus ceptimus is offline
puzzler
 
Join Date: Aug 2004
Location: UK
Posts: XVMMDCCLXXXIX
Images: 28
Default Re: Latest Intel security flaw in the news

Microsoft's Spectre And Meltdown Patches For Windows Are Bricking Some AMD PCs | HotHardware

Headline says it all. Apparently the systems with the (old) AMD processors that are being bricked aren't vulnerable to the flaws in the first place - so they don't even need patching! Microsoft have now put a brake on the update so that it aborts if it recognizes certain non-Intel microprocessors.

I love the comment complaining to Microsoft that says, "I understand that making the machine unbootable is the best protection from remote exploitation, but I would rather have the OS working."

There's also some trickiness about certain anti-virus software preventing the update from being applied - the only Windows PCs I use have the standard Microsoft anti-virus stuff (defender or Security Essentials) so they've been okay. :crossed:
__________________
Reply With Quote
Thanks, from:
Ari (01-09-2018), BrotherMan (01-10-2018), But (01-09-2018), Crumb (01-09-2018), JoeP (01-09-2018), lisarea (01-09-2018), ShottleBop (01-10-2018), slimshady2357 (01-10-2018), SR71 (01-13-2018), Stormlight (01-29-2018), The Man (01-15-2018)
  #19  
Old 01-14-2018, 11:45 PM
Corona688's Avatar
Corona688 Corona688 is offline
Forum Killer
 
Join Date: Aug 2004
Posts: MVCII
Default Re: Latest Intel security flaw in the news

Quote:
Originally Posted by Ari View Post
Not mentioned yet is that every intel processor is going to take a 15-30% performance hit.
This is probably way overblown, as the performance hit happens when switching between userspace and kernel space, and no efficient program is going to spend the majority of its time doing that.
__________________
Reply With Quote
Thanks, from:
Crumb (01-15-2018), Stormlight (01-29-2018), The Man (01-15-2018)
  #20  
Old 01-15-2018, 02:05 AM
Kamilah Hauptmann's Avatar
Kamilah Hauptmann Kamilah Hauptmann is offline
Shitpost Sommelier
 
Join Date: Mar 2016
Posts: XVMCMXXIII
Default Re: Latest Intel security flaw in the news

I7 water cooled user here, I think my CPU fan stays up longer now but I haven't noticed performance issues.
__________________
Peering from the top of Mount Stupid

:AB: :canada:
Reply With Quote
Thanks, from:
The Man (01-15-2018)
  #21  
Old 01-15-2018, 02:31 AM
Dingfod's Avatar
Dingfod Dingfod is offline
A fellow sophisticate
 
Join Date: Jul 2004
Location: Cowtown, Kansas
Gender: Male
Blog Entries: 21
Images: 92
Default Re: Latest Intel security flaw in the news

I use a Chromebox with a Intel Celeron processor, should I be worried? It's still pretty fast for what I do with it.
__________________
Sleep - the most beautiful experience in life - except drink.--W.C. Fields
Reply With Quote
  #22  
Old 01-28-2018, 03:23 PM
ceptimus's Avatar
ceptimus ceptimus is offline
puzzler
 
Join Date: Aug 2004
Location: UK
Posts: XVMMDCCLXXXIX
Images: 28
Default Re: Latest Intel security flaw in the news

Interesting video below.

Chris confirms that even after applying all browser and Operating System patches (which will have happened by now if you have auto-update on) your PCs, tablets and phones still aren't totally secure. His advice is that when entering sensitive data (such as for on-line banking) you should cycle power before and after doing that, and not do any other on-line stuff in the same session that you've entered the sensitive data.

This applies to phones and tablets as well as PCs - most of us don't turn these off normally, partly because it takes them ages to reboot.

Another option is to use a Raspberry Pi for your really sensitive data sessions - the Pi is probably capable of running most browser-based on-line banking things, and it's immune to the Spectre and Meltdown flaws.


Interesting that he says 2018 will be the first year in computing history where, on average, computers become slower. He also predicts that computer and chip manufacturers will use these flaws to drive a marketing surge once new immune processors are developed.
__________________
Reply With Quote
Thanks, from:
Crumb (01-29-2018), JoeP (01-28-2018), Kamilah Hauptmann (01-28-2018), lisarea (01-28-2018), The Man (01-29-2018)
  #23  
Old 01-28-2018, 05:59 PM
JoeP's Avatar
JoeP JoeP is online now
Solipsist
 
Join Date: Jul 2004
Location: Kolmannessa kerroksessa
Gender: Male
Posts: XXXVMMV
Images: 18
Default Re: Latest Intel security flaw in the news

Quote:
Originally Posted by ceptimus View Post
He also predicts that computer and chip manufacturers will use these flaws to drive a marketing surge once new immune processors are developed.
Impossible! What kinds of fiends would do such a thing?
__________________

:roadrun:
Free thought! Please take one!

:unitedkingdom:   :southafrica:   :unitedkingdom::finland:   :finland:
Reply With Quote
Thanks, from:
ceptimus (01-28-2018), lisarea (01-28-2018), The Man (01-29-2018)
  #24  
Old 01-28-2018, 06:56 PM
lisarea's Avatar
lisarea lisarea is offline
Solitary, poor, nasty, brutish, and short
 
Join Date: Jul 2004
Posts: XVMMMDCXLII
Blog Entries: 1
Images: 3
Default Re: Latest Intel security flaw in the news

My processor is old enough that I haven't seen it show up on any of the lists so far. :smugnod:

I also have a spare Raspberry Pi I'm not using in case I do end up needing it. :smugnod: :smugnod:

In conclusion: :smugnod: :lolstossel: :smugnod:

:leafguy:
Reply With Quote
Thanks, from:
BrotherMan (01-29-2018), ceptimus (01-28-2018), Qingdai (01-29-2018), Stormlight (01-29-2018), The Man (01-29-2018)
  #25  
Old 01-29-2018, 11:29 AM
mickthinks's Avatar
mickthinks mickthinks is offline
Mr. Condescending Dick Nose
 
Join Date: May 2007
Location: Augsburg
Gender: Male
Posts: VMMDCCLXXXII
Images: 19
Default Re: Latest Intel security flaw in the news

Mine neither

(:smugnod:)2
__________________
... it's just an idea
Reply With Quote
Thanks, from:
lisarea (01-29-2018)
Reply

  Freethought Forum > The Marketplace > Computers & Technology


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

 

All times are GMT +1. The time now is 09:40 AM.


Powered by vBulletin® Version 3.8.2
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Page generated in 0.44892 seconds with 16 queries