Meltdown and Spectre - hardware security flaws that mean all CPUs will need replacing Page 3

  • Page

    of 8 First / Last

  • b0rk 3 Jan 2018 19:01:36 7,523 posts
    Seen 2 hours ago
    Registered 12 years ago
    /looks over shoulder
  • dominalien 3 Jan 2018 19:05:06 8,407 posts
    Seen 14 hours ago
    Registered 12 years ago
    @mal

    Tom’s is really not the place to go to read about Linux. If you want any concrete info, read Phoronix:

    https://www.phoronix.com/scan.php?page=article&item=linux-415-x86pti&num=1
  • dominalien 3 Jan 2018 19:09:32 8,407 posts
    Seen 14 hours ago
    Registered 12 years ago
    Phoronics also confirms (Linux) gaming is not affected.
  • Dirtbox 3 Jan 2018 19:13:21 89,646 posts
    Seen 34 minutes ago
    Registered 15 years ago
    Good news, cows won't be affected by bird flu.
  • mal 3 Jan 2018 19:19:00 28,819 posts
    Seen 46 minutes ago
    Registered 16 years ago
    Phoronics is a bit too performance focussed for me usually, but I guess this is what we're talking about just at the moment. That Tom's report referenced the phoronix articles.

    I only really care if I can still stream 720p youtube videos on my old netbook. I sometimes have to nuke the browser to do that if it's decided to hog the cpu as is,
  • Dirtbox 3 Jan 2018 19:35:53 89,646 posts
    Seen 34 minutes ago
    Registered 15 years ago
    https://arstechnica.com/gadgets/2018/01/whats-behind-the-intel-design-flaw-forcing-numerous-patches/

    Odd, no one seems to know exactly what the deal is.
  • ResidentKnievel 3 Jan 2018 20:35:46 7,149 posts
    Seen 5 hours ago
    Registered 11 years ago
    https://www.techpowerup.com/240187/amd-struggles-to-be-excluded-from-unwarranted-intel-vt-flaw-kernel-patches

    AMD CPU's set to have their performance screwed by this, too.

    At least they're still secure.
  • Rogueywon Most Generous Forumite, 2016 3 Jan 2018 20:48:10 2,436 posts
    Seen 1 hour ago
    Registered 12 years ago
    Dirtbox wrote:
    https://arstechnica.com/gadgets/2018/01/whats-behind-the-intel-design-flaw-forcing-numerous-patches/

    Odd, no one seems to know exactly what the deal is.
    Not surprising that the exact nature of the vulnerability is being kept under wraps, given that there are quite possibly critical pieces of national security and infrastructure IT sitting vulnerable right now.
  • mal 3 Jan 2018 21:28:45 28,819 posts
    Seen 46 minutes ago
    Registered 16 years ago
    Ah, so they think it's a side-channel attack. Means someone somewhere must have developed an exploit for it. Although if that's the case, I'm rather surprised that javascript can time things accurately enough to pull this off, which it reportedly can.
  • null 3 Jan 2018 21:48:36 706 posts
    Seen 6 hours ago
    Registered 4 years ago
    the implications for desktop and server operating systems aren't so interesting to me compared to what might happen in the network infrastructure space. A lot of that cisco kit in your server room right now is running on Intel. I can't be arsed to check but I assume the other appliance vendors are also running Intel
  • Frogofdoom 3 Jan 2018 22:01:44 6,528 posts
    Seen 5 hours ago
    Registered 6 years ago
    Lots of appliances like load balancers and the likes run on Intel, we used to supply a manufacturer with their hardware. They should be ok as they aren't massively CPU intensive though. A lot of web appliances stick in the shittiest CPU they can as its not a priority. Virtualisation is the big one I think and that's most likely to be the shit storm (although its hypothetical and just my opinion until we have more info)
  • Rogueywon Most Generous Forumite, 2016 3 Jan 2018 22:12:49 2,436 posts
    Seen 1 hour ago
    Registered 12 years ago
    Intel have just put out a statement basically downplaying the issue, (with a bit of blame-sharing for good measure).

    I'd be very, very interested to know how they define "the average user".

    There's also a German site now with some benchmarks for Windows games (and a few other bits of home-user software), showing some (limited) impact on gaming based on the Windows Insider build. Article's in German but benchmarks are still legible even if you can't follow the text. Shows a minimal-to-no impact on in-game performance at 4k (where you'd expect GPU to be the bottleneck anyway), but a more noticable gap at 1080p (where their 1080 Ti powered system is likely hitting more CPU constraints).

    Edited by Rogueywon at 22:13:27 03-01-2018
  • null 3 Jan 2018 22:19:27 706 posts
    Seen 6 hours ago
    Registered 4 years ago
    meh virtualisation is easy to fix, if you're really at peak usage you should already be putting in new tin and vmotioning some load off.

    network security infrastructure is usually a very expensive thing to replace, and doesn't come with nice simple live migration tools built in.
  • elstoof 3 Jan 2018 22:30:45 19,158 posts
    Seen 9 hours ago
    Registered 12 years ago
    Latest macOS update has a fix, and lucky for me my MacBook runs on a Haswell
  • MMMarmite 4 Jan 2018 00:00:06 1,550 posts
    Seen 2 hours ago
    Registered 11 years ago
    @null virtualisation capacity is easy to fix but the security implications of VMs/containers being able to read memory of other VMs/containers on the same host is harder to swallow, especially for AWS who use Intel chips and the Xen hypervisor.

    They’ve now been given names and a website (two separate but similar attacks) - https://spectreattack.com
  • grey_matters 4 Jan 2018 00:21:09 4,334 posts
    Seen 3 minutes ago
    Registered 12 years ago
    Well I'm just glad I still have my trusty Phenom 1055T.

    Yep. Really glad.
  • mal 4 Jan 2018 01:56:52 28,819 posts
    Seen 46 minutes ago
    Registered 16 years ago
    Yeah, and my atom netbook is safe too, although it looks like if I want to keep up with the latest kernel patches, I'll be running these KEPI patches and slowing everything up slightly.
  • null 4 Jan 2018 06:26:38 706 posts
    Seen 6 hours ago
    Registered 4 years ago
    google have said Intel, AMD and ARM are all affected, so there is nowhere to hide.

    edit: just read the WordPress site. Nothing is going to escape the patching for this.

    interesting that they make a point of thanking Intel and ARM for their response but don't mention AMD despite fingering them for Spectre

    Edited by null at 06:33:12 04-01-2018
  • Tonka 4 Jan 2018 08:51:52 26,893 posts
    Seen 15 hours ago
    Registered 14 years ago
    Good thing I mostly use my laptop for Keynote and Chrome. I won't even notice a 30% drop.
  • Dirtbox 4 Jan 2018 08:54:50 89,646 posts
    Seen 34 minutes ago
    Registered 15 years ago
    Nah, AMD aren't vulnerable. https://lkml.org/lkml/2017/12/27/2
  • Tonka 4 Jan 2018 08:58:25 26,893 posts
    Seen 15 hours ago
    Registered 14 years ago
    Or are they..?
    https://googleprojectzero.blogspot.se/2018/01/reading-privileged-memory-with-side.html

    https://twitter.com/rhhackett/status/948654425824022530
  • MrTomFTW Best Moderator, 2016 4 Jan 2018 09:21:53 47,415 posts
    Seen 4 hours ago
    Registered 15 years ago
    What I'm hearing is there's two issues, dubbed Meltdown and Spectre. Meltdown is the Intel issue we've been talking about, Spectre is a problem that's harder to exploit but is due to a fundamental design flaw that effects all chipmakers and effects every processor on the market including AMD and ARM and effects all operating systems. No fix beyond new hardware.
  • MrTomFTW Best Moderator, 2016 4 Jan 2018 09:24:25 47,415 posts
    Seen 4 hours ago
    Registered 15 years ago
    (No link from me, because this is coming from a conversation on going at work which is kinda a lot of people trying to figure out exactly what's going on. The 30% slower fix is Meltdown only we think?)
  • doctor_nick 4 Jan 2018 09:37:40 232 posts
    Seen 9 hours ago
    Registered 12 years ago
    Finally, a sensible fix - just replace your CPUs
  • MrTomFTW Best Moderator, 2016 4 Jan 2018 09:46:17 47,415 posts
    Seen 4 hours ago
    Registered 15 years ago
    Boy I hope every chip maker in the world has the manufacturing capacity for a full recall of every processor they have on the market.

    Errr... We need a new thread title.

    Edited by MrTomFTW at 09:48:03 04-01-2018
  • doctor_nick 4 Jan 2018 09:51:17 232 posts
    Seen 9 hours ago
    Registered 12 years ago
    I think we'll all be learning something from this fiasco, mainly new rude words from Linus to start...
  • Rogueywon Most Generous Forumite, 2016 4 Jan 2018 10:00:42 2,436 posts
    Seen 1 hour ago
    Registered 12 years ago
    @MrTomFTW We can certainly close nominations for "biggest tech story of 2018".
  • Tonka 4 Jan 2018 10:23:45 26,893 posts
    Seen 15 hours ago
    Registered 14 years ago
    A summary site
    https://meltdownattack.com/
  • Tonka 4 Jan 2018 10:40:32 26,893 posts
    Seen 15 hours ago
    Registered 14 years ago
    Wow

    https://twitter.com/misc0110/status/948706387491786752

    This is bigger than when Apple leaked all those celebrity nudes.
  • RelaxedMikki 4 Jan 2018 10:45:17 2,350 posts
    Seen 5 hours ago
    Registered 8 years ago
    doctor_nick wrote:
    Finally, a sensible fix - just replace your CPUs
    Wow. "Replace CPU" is quite the fix.

    Kind of surprised this is not even bigger news. Pretty much every modern CPU is security compromised on a, potentially unpatchable, hardware level?

    //Maybe we should just scrap all this silicon chip stuff and go back to transistors? Part of me has never been comfortable with technology ever since it progressed beyond the level achievable by a single Britsh boffin in his shed... 😜//
  • Page

    of 8 First / Last

Log in or register to reply

Sometimes posts may contain links to online retail stores. If you click on one and make a purchase we may receive a small commission. For more information, go here.