[ 3 / biz / cgl / ck / diy / fa / g / ic / jp / lit / sci / tg / vr / vt ] [ index / top / reports / report a bug ] [ 4plebs / archived.moe / rbt ]

Due to resource constraints, /g/ and /tg/ will no longer be archived or available. Other archivers continue to archive these boards.Become a Patron!

/g/ - Technology

View post   

[ Toggle deleted replies ]
File: 106 KB, 250x250, 1511219276071.gif [View same] [iqdb] [saucenao] [google] [report]
64135683 No.64135683 [Reply] [Original] [archived.moe] [rbt]

Retard here.
What's the quick rundown on the Intel shit.

>> No.64135717

It affects everyone, including AMD.

>> No.64135721

All intel cpu even pentium 2 is fuked

Making Damage control saying all arm/amd is affected

>> No.64135722

no it doesn't.

>> No.64135734


>> No.64135742

Ok but what do you mean by fucked

>> No.64135743

Bogdanoffs answer to the
Wait, what was the question?

>> No.64135746


>> No.64135769

the biggest impact is going to be in datacenters since the data flaws affect server CPUs as well. We can expect loss in market share where Intel gets most of its business.

>> No.64135827

hm... we might have a bot.

>> No.64135830

wrong. its intel only

>> No.64135851


meltdown, which is the really scary vulnerability, affects the last 20 years of intel products

amd is not affected by meltdown

>> No.64135960

Two bugs. Both make it possible for a program to read protected information that it shouldn't have access to.

Everyone's up in a craze about the more dangerous one, Meltdown, and patches are rolling out currently for it. Reports are saying that there are performance losses for Intel processors, due to the how the patch works.

The degree of performance loss depends on your workload, but the numbers being thrown around so far suggest anywhere from 'negligible' loss all the way up to 30% performance drops for Intel chips.

It's also very widespread, too, and affects essentially everything all the way back to the original Pentium.

There is a second bug which is harder to make use of, called Spectre. It affects both Intel and AMD, as well as other makes. Unsure about this one yet, since everyone's focused on Meltdown.

>> No.64136086

Does it mean a literal meltdown? Burning out the chipset? Or is it a fancy name

>> No.64136113

Yes, it heats up your processor until it melts.

>> No.64136129

Fancy name.

>> No.64136131
File: 275 KB, 1297x846, file.png [View same] [iqdb] [saucenao] [google] [report]


>> No.64136176

it's referring to Intel's stock value when the full implications of their incompetence goes public after all the datacenters in the world become 60% slower in the blink of an eye

>> No.64136184

Saw this earlier, but good to post nonetheless. This is why I'm not too worried about the performance losses. I'm waiting for the update to hit my system so I can do some testing for myself and see.

>> No.64136196

>everything is about gayms and shitty file compression
basement menchildren get out!

>> No.64136204
File: 94 KB, 814x803, C6762A81-62AD-475D-A8F4-506FDD8FFF38.jpg [View same] [iqdb] [saucenao] [google] [report]


>> No.64136210

disable javascript

>> No.64136220

>Video games

>> No.64136228

Very useful to see if your daily use will be affected by Metldown.

>> No.64136230

Use some common sense. For 90% of the people here, that's all they care about.

>> No.64136232

in a nutshell
>it's fucking nothing

>> No.64136233

There are two vulnerabilities: Meltdown and Spectre
AMD is affected by Spectre (the harder to exploit of the two)
Intel is affected by both

>> No.64136256

morons don't know what caching is and got buttmad

>> No.64136258

What do you do with your home personal computer? Genuinely curious.

>> No.64136282

is this what a happening looks like on /g/? because it's pretty damn amazing

>> No.64136286
File: 6 KB, 275x183, BRAIN THINKING.jpg [View same] [iqdb] [saucenao] [google] [report]

is it menchildren, manchildren, menchild, menchilds, or manchilds?

>> No.64136287
File: 32 KB, 617x1054, phoronix_intel.png [View same] [iqdb] [saucenao] [google] [report]


Spectre 1 has been fixed, Spectre 2 has not yet been proven to work on AMD hardware.


>> No.64136308

maybe being a paid shill.
Anyhow, those "benchmarks" are misleading at best, the problem for Intel isn't some manchildren will get less FPS, it's the server and datacenter that matters.
If /v/ doesn't realize computing exist beyond call of duty it's their problem.

>> No.64136339

No but in theory the exploit can be used to brick your motherboard.

>> No.64136368


>> No.64136371

I use my personal computer to program, compile other software, render videos (from that time your girlfriend went out for girl's night), and trade stocks.

Compiling software just got 30% slower, video rendering is fucked, and I can't trade stock because my bank is 'under heavy load' -- all of these are Intel's fault.

>> No.64136409

While technically correct, this is /g/; nobody shitposting on here has any reason to care about that. What matters to them is what is going to happen to *them* specifically, and that is what we're starting to figure out now.

Show me some vc for your projects.
Your editing portfolio?
What terminal software?

I highly doubt you can. You sit and shitpost on /g/ all day, that's what you do.

>> No.64136441

Show one example of AMD having Spectre v2 on it, i'm fucking waiting

>> No.64136444

>(from that time your girlfriend went out for girl's night)
Why'd you have to add such cringy shit into your post? I forget how young the posters are here sometimes.

>> No.64136510
File: 43 KB, 256x256, Confused High King with Interrogation Marks.png [View same] [iqdb] [saucenao] [google] [report]

I've pretty much got downs.

How does this effect me, as someone who just browses a select few websites and plays some vido gams?

As long as I'm not retarded and download coolmusic.mp3.exe, will anything change for me?

Yes I have intel. I'm on W7 and I have automatic updates off

>> No.64136544

Rogue JavaScript can read your full memory, find right place to Inject data and you are fucked

>> No.64136561

I'm reading what you're typing right now.

>> No.64136574



>> No.64136642


>> No.64137180
File: 7 KB, 267x323, 1500651567607.jpg [View same] [iqdb] [saucenao] [google] [report]

>having js enabled in the first place

>> No.64137206
File: 15 KB, 353x251, 4b8f2111ff516bd2be4f6f915f7aeaf5d50552d5fd0a008663586a6a16d520a6.jpg [View same] [iqdb] [saucenao] [google] [report]

Who could be behind this post?

>> No.64137217
File: 18 KB, 261x181, 1421468497753.jpg [View same] [iqdb] [saucenao] [google] [report]

ty for this

>> No.64137228
File: 90 KB, 633x746, file_5.png [View same] [iqdb] [saucenao] [google] [report]

Not gayman here for the assmad

>> No.64137252

my computers are both old I have q6600 and fx6350 am fucked? do I need to download anything to fix it?

>> No.64137296

>first reply again
Pretty funny shill

>> No.64137310

Exploitable through Javascript which means it would be very easy for someone to hack your stuff if you don't update

>> No.64137374

It's too late, kiddo, you've already been hacked ;)

>> No.64137390

You are as valuable has you have always been exploits are every where. You just know about this one. You will be fine.

>> No.64137479

inb4 this was an NSA exploit and just now someone found it. Just like juniper finding their backdoor.

>> No.64137671

I don't know about Windows but it seems the more syscalls you have the more you're hurt.
You might also find lots of performance degradation for the kernel itself.

So for most applications this will barely matter. I've always perceived code that does lots of syscalls as inherently uninterested in performance. Kernels having to isolate their own memory I could only speculate on.

Overall this looks very bad for Intel though, that's probably a much bigger factor than the actual performance impact. It destroys trust in them as a secure platform for people who really care about this. How old this is is especially bad.
With how virtual machines for servers is pretty much the only way we do server hosting now it's pretty major on that front. Performance there matters a lot for the companies hosting the VMs. You'll probably not see any difference as a customer though.

>> No.64137683

>I'm on W7 and I have automatic updates off
You face greater threats already.

>> No.64137732
File: 26 KB, 600x610, 1302809172318.jpg [View same] [iqdb] [saucenao] [google] [report]

>> No.64137756
File: 1.63 MB, 1415x2326, 2018-01-03-15-18-07.png [View same] [iqdb] [saucenao] [google] [report]


>> No.64137761

Only the simplest patchable Spectre attack affects AMD, the other two do not.

>> No.64137786

It's not the exploits you know about you should be worried about. Exploits have always been around.

>> No.64137791
File: 173 KB, 396x385, 254673568.png [View same] [iqdb] [saucenao] [google] [report]

>mfw I don't care

Building a server machine what kind of flashy shit should I put in it ?

>> No.64137816


>> No.64137843

No it's a big thing. Just not for gaymers.
Regardless you should be considering Ryzen as your next purchase. Just read Agners Ryzen tests and his manual. It's pretty clear cut.

>> No.64137850
File: 63 KB, 499x523, 3574368.jpg [View same] [iqdb] [saucenao] [google] [report]

Nah my nigga that shit is too weak I am thinking Quantum processors for cpu and vga
I mean't flashy lights n maybe like a smoke machine and strobe lights or some shit.

>> No.64137866
File: 65 KB, 744x687, 124234534.png [View same] [iqdb] [saucenao] [google] [report]

though I could certainly make use of them.
what would be comparable ? ?

>> No.64137898
File: 298 KB, 654x639, 15101592520326.png [View same] [iqdb] [saucenao] [google] [report]

sorry to hijack the thread op.

>> No.64137906

>I'm on W7 and I have automatic updates off
the absolute state of gamer retards

>> No.64137912
File: 61 KB, 1000x800, 1506616670826.jpg [View same] [iqdb] [saucenao] [google] [report]

as my gift to you

>> No.64137931

Pajeet please. This is not effectively achieving your goals.

>> No.64137984

None of those is IO intensive. Post IO benchmarks

>> No.64138021

All three attacks rely on a side channel element. AMD is immune to meltdown because privileged memory addresses immediately rejected before entering the execution stage at all. Spectre v1 uses a similar OOE/line cache attack which simply searches for kernel pages by repeatedly injecting eBPF bytecode which runs speculatively during a misprediction until cached kernel memory is detected and then can be completely dumped. Spectre v2 demonstrates that an attack can be executed from a guest kernel on the HOST kernel by recovering branch predictor history buffers within a root run hypervisor allowing hypercalls (e.g. KVM acceleration, Xen).

For sure meltdown is the easiest to access because it is possible from Ring 3 directly and not from guessing addresses thrown from kernel context bytecode interpreters or root privileged VMs. The other two do present alarming problems with the aggressive and potentially unsafe way all processors are designed.

>> No.64138042

English, doc.

>> No.64138097
File: 11 KB, 478x97, amd.jpg [View same] [iqdb] [saucenao] [google] [report]

Linux kernel patch

>> No.64138116

lmao just sort your shit to not cache miss

>> No.64138126

Has nothing to do with this you fucking moron.

>> No.64138143

>which runs speculatively during a misprediction

>> No.64138193
File: 1.34 MB, 1294x1222, milkwalker.png [View same] [iqdb] [saucenao] [google] [report]

>be a company
>release first desirable product in years in a market that you have been clawing away at after decades of shrewd business practices by your competitor
>its revealed your competitor's product is dangerous and broken
>its revealed your competitor's product has 3 major faults that the only known fixes are to make them preform worse
>competitor issues statement it is working with other companies to fix the products they and YOU made
>issue a statement that your products are not dangerous and broken in these ways
>vendors don't care and nerf everything anyway
>your competitor gets off scott-free using FUD
epic timeline.

>> No.64138205

They can't do that, it goes against the narrative.

>> No.64138208

>these bugs coming to light now
Is there any evidence anyone's exploited them?

>> No.64138233


>> No.64138371
File: 19 KB, 300x300, jackie-chan.jpg [View same] [iqdb] [saucenao] [google] [report]

>root run hypervisor

>> No.64138465

javascript control is better


>> No.64138520
File: 54 KB, 679x758, 1515028545376.jpg [View same] [iqdb] [saucenao] [google] [report]


>> No.64138583

What's the name of the fucking update for Win10?

>> No.64138594
File: 65 KB, 679x711, 1515046611979.jpg [View same] [iqdb] [saucenao] [google] [report]


>> No.64138620

Should I stay away from browsing manga websites for now

>> No.64138632
File: 283 KB, 1024x1099, 1511726702227.png [View same] [iqdb] [saucenao] [google] [report]


>> No.64138683
File: 248 KB, 680x486, hiroshimanagasaki.png [View same] [iqdb] [saucenao] [google] [report]

Thanks for the spoon feed, I only wish I was lurking /g/ like I usually do when this broke.

>> No.64138688

computers are 100% obsolete now
buy an abacus

>> No.64138717

doesn't the nsa have a treasure trove of zero days they're just sitting on?

>> No.64138733


What's the name of the fucking update for Win10?
>What's the name of the fucking update for Win10?
What's the name of the fucking update for Win10?
>What's the name of the fucking update for Win10?
What's the name of the fucking update for Win10?
>What's the name of the fucking update for Win10?

>> No.64138759

Spectre is INCREDIBLY hard to implement. It's based on artifacts left behind by the type of branch optimization and speculative execution that modern chip architecture uses, allowing people to guess the timing of memory references. You can use this to guess the functions that the underlying code uses, and in turn guess the data that is being returned.

THAT'S SO HARD TO DO, especially when you're operating on a non familiar system.

That's why people aren't exactly freaking out about Spectre.

>> No.64138783


>> No.64138791

You shouldnt go to them in the first place, lame weeaboo.

>> No.64138877 [DELETED] 

So, it's nothing. Just install the patches.

>> No.64138889

And for Windows 7?

>> No.64138905

What about older architectures?

>> No.64138908

This. People freaking out about javascript implementations forget that you have the V8 engine introducing latencies of it's own. It's like they never worked with the language before

>> No.64138910

Fucking upgrade to Windows 10.

>> No.64139024

Basically Meltdown allows for privileged memory to be exposed by loading kernel memory references into CPU registers and executes an incoming instruction that loads probed data into cache. The reason the CPU does this without causing the program the crash as would be in normal cases is because instructions don't necessarily execute sequentially on modern processors; by executing certain instructions ahead in a conditional which is believed to be more likely executed, there is potential speedup.
Spectre also exploits this by loading out-of-bound addresses from kernel context or loading foreign data pointers into the branch target buffer (a buffer containing what the CPU believes is the next set of instructions to execute next) in a root run VM.

Misprediction does NOT arise from a cache miss. A cache miss will halt the instruction to wait for the MMU to feed it data. Branch misprediction AND BTP (target prediction) explicitly predetermine conditional execution by feeding the target address next into the pipeline - a misprediction would mean that the pipeline is cleared and the new branch must be fed in. The exploits rely on loading the payload into cache (in Meltdown and Spectre v1) because the speculated branch has preloaded the following instruction into cache and executed - however, in Spectre, additionally, it is possible to measure the amount of time the speculative branch takes as the saturated cache line loads an out of bounds memory offset to rebuild the memory map and determine the address of the kernel. With this OOB bypass, you can then dump kernel memory.

Yes, those programs are not syscall heavy and so the performance should remain roughly the same.

With a large number of instructions you can still discern with the Chrome performance timer the behavior of the CPU with the use of shared array buffers. Google will be updating Chrome to mitigate this at the cost of SAB and a performance cost.

>> No.64139038
File: 100 KB, 288x288, death is certain.jpg [View same] [iqdb] [saucenao] [google] [report]

>What's the quick rundown on the Intel shit.

>> No.64139059

you stupid faggot, you should be downloading them instead of reading them off a site
mangatraders still exist

>> No.64139078

>recommending moving to a malicious operating system to fight a malicious exploit

>> No.64139163

But measuring the memory reference timings is so so so ambiguous. Building a memory map by timing the returns appears to me to be an almost impossible task in an unfamiliar system. Similarly, I understand that using POSIX safe functions is good form when writing for portability, but it always struck me as overkill.

Give me a reasonable example of a time when memory reference timing was used to a negative.

>> No.64139223

How would this affect me, personally? If I do not update and just ignore all of this and so avoiding the performance hit, what kind of danger, exactly, would I be in and how?

>> No.64139326

Dumb normalfag.

>> No.64139382
File: 150 KB, 198x328, 1514231965285.png [View same] [iqdb] [saucenao] [google] [report]

In the 1.5 days or so I've gone unpatched can my computer still be considered safe or it might as well be physically in the hands of criminals? I've been doing basically nothing but watching Hidamari Sketch and playing Blazblue those past few days.

>> No.64139420

What are the effects and what programs can read what data?

>> No.64139421
File: 1.60 MB, 200x151, shits on fire yo.gif [View same] [iqdb] [saucenao] [google] [report]

All your system credentials and keys stolen and complete pwnage of your machine, all from a small slice of javascript on a webpage.

>> No.64139425

>>64138143 here
I see. Thank you. I've been reading the paper and your explanation is really good. Now I understand why they mentioned buffer overflows. The issue is that the speculated branch has access into kernel memory, correct?

Optimization is truly the root of all evil.

>> No.64139433

javascript malware can now bypass all security on your OS and basically gain administrator rights to do whatever the fuck it wants.

you may potentially be safe when firefox/chrome updates their browsers, but you'll still be wide open to untrusted executables.

basically means all anti virus/os protections are useless at the moment.

>> No.64139450

won't the microsoft patch fix this vulnerability though?

>> No.64139462
File: 906 KB, 500x282, 1514750961583.gif [View same] [iqdb] [saucenao] [google] [report]

>windows, mac, linux
>os, device, kernel

>> No.64139690

yes it would be much easier to understand if they listed NT, XNU, Linux

>> No.64139788

The fix needs to be specific to the motherboard manufacturer, right? I have an itx board that doesnt appear to have been addressed yet.

>> No.64139797


>> No.64139831
File: 81 KB, 244x274, Intel glue fanboy.png [View same] [iqdb] [saucenao] [google] [report]

Except it doesn't affect AMD.

>> No.64139842

>javascript malware can now bypass all security on your OS
we Runescape botnet now

>> No.64139846

except it does

>> No.64139926

Since nobody actually cared to read the academic papers and, those who did and post here, clearly lack and academic background to understand them, here's a quick rundown.

incorrect and badly formatted.
>Spectre 1 has been fixed
>Spectre 2 has not yet been proven to work on AMD hardware.
Almost correct.

>> No.64139929

Nope. But if you want to get semantic, only v1 on certain older CPUs.

>> No.64139952

Academics please respond.

>> No.64139975

>all this "proof"

>> No.64140021


Not an anon thats posted on this thread but the academic papers you speak of, is it related to the 2016 blackhat report that's been floating around?

>> No.64140022


What is KB for windows and can it be downloaded and installed individually?

>> No.64140024

>javascript malware can now bypass all security on your OS
Post proof. It's a third day but nobody can provide any proof on this. The shit is made up.

>> No.64140037

Not ready yet.

>> No.64140077

You are all fucking assholes shilling AMD instead of helping our fellow faggot

It's basically a 5% (Some say 50 or 25%, but the 5% was confirmed by an intel employee) performance hit on everything with intel in it because there's a design flaw which theoretically allows anything to bypass the kernel and talk directly with the hardware. Since it's hardware based, the fix can only be applied using software. Software fix makes I/O slower but more secure. Servers and data centers will be the most affected as their only job is I/O.

Of course, the fix - not the bug - will affect everything, including AMD. If you have an Intel CPU then if you don't get the fix anything including shitty javascript can skip the kernel and run as an administrator.

>> No.64140080
File: 897 KB, 800x430, 64FE9DDF-DBE4-48F4-A955-D015BB39F941.gif [View same] [iqdb] [saucenao] [google] [report]

>can’t lose productivity if it’s a Core 2 Duo

>> No.64140087

Meltdown are Intel exclusive

>> No.64140174

5% eh
https://twitter.com/grsecurity/status/948170302286172160 more like 65

>> No.64140234

I don't know anything about the PC stuff but this does not look good...

>> No.64140241

So for Intel to fix this they have to make a new cpu layout right?

>> No.64140252

The last time they tried that it did not go so well.

>> No.64140269

please respond I still don't know what to do. I don't want to get computer aids.

>> No.64140305

also the computer with the intel cpu is still on xp. it's an old pc I kept around for compatibility with older games and stuff. since there's probably not going to be a fix for it can I just never go on the internet with it and be safe?

>> No.64140321

just say it doesn't affect Ryzen so they can't worm their way out of it

>> No.64140322

yes you're fucked, what part of ALL INTEL SHITS SINCE 1995 IS AFFECTED do you not understand?

>> No.64140359

if that old XP pc is just for old gaymen, then you can limit what you do on it internet-wise, eg don't be logging on to critical shit from that pc....maybe that would work?

>> No.64140406

More accurately, Spectre 1 is scheduled to be fixed by AMD, so this will make AMD invulnerable to all three provided no one can come up with SP2/Variant 2 on AMD hardware.

I wonder how all the advertised encryption for Zen CPUs has worked out, does Spectre return garbage data because of said enryption?

>> No.64140439

>Of course, the fix - not the bug - will affect everything, including AMD
Not anymore because Linus declined jew bribes
Well it still may affect amd to some degree because the fix was made in a hurry and probably not all the changes are configurable, but it won't be as dramatic as intel wanted it to be for amd.

>> No.64140445

So for us retarded non-enterprise faggots, what kind of shit's going to see the biggest hits out of this and what won't? Is any generally heavy CPU shit like video encode/decode fucked? Or is the worst shit just going to be database shit and stuff?

>> No.64140448
File: 53 KB, 563x268, DSpf9XAX4AAikB4.jpg [View same] [iqdb] [saucenao] [google] [report]

>complains about shills
>literally parroting shill propaganda
there are 2 different sets of bugs, only one of them requires a solution that causes a 30-60% slowdown, and that one strictly affects Intel and they can't fix it via firmware update.

AMD is affected by a different bug that doesn't have the large performance penalty solution, and it can be patched via firmware update anyway.

you can scream and shout "IT AFFECTS BOTH" all you want, but it's completely misleading.

>> No.64140451
File: 105 KB, 820x602, 1497925037039.jpg [View same] [iqdb] [saucenao] [google] [report]

another retard here who fell for the Enterprise 2016 ltsb meme
will we get an update too? when?

>> No.64140455

Spectre 1 only happen on FX pro and apu, it using custom bios setting.

>> No.64140489

Well they will definitely address the issue in the new stepping, for sure. But it was already fixed in software anyway. Same thing as linux segfaults on ryzen, it was indeed hardware bug of early batches but was patched in kernel anyway.

>> No.64140494

Just disable the JS in your browser. Use Noscript/Umatrix (google on how to disable js by default with it) and you'll be fine as long as the admins of the websites you visit and enable js for aren't dicks enough to insert malicious code (wouldn't trust Hiro on that though).

>> No.64140514

absolutely nothing u gaymer


>> No.64140524












>> No.64140542

The meme you fell for was intel, senpai.

>> No.64140550


can you tell me if running a fresh install of 17.10 ubuntu is safe enough on a computer with intel cpu? should i enable the tick box for intel microcode in additional drivers setting?

besides enabling ufw is there anything else i need to do? do i need a bleeding edge kernel? like enable the 'proposed' package tree?

>> No.64140552

Why should I
I run Ryzen

>> No.64140567

>can you tell me if running a fresh install of 17.10 ubuntu is safe enough
go and get openpepe
I mean opensuse
that or clover os

>> No.64140585


now is not the time for epeen comparing and distro wars

i just want to know how to avoid getting pwned not get memed with a meme distro

>> No.64140618

actually now is absolutely the time for choosing a distro that doesn't have systemdicks
make a live USB and test out an OS right fucking now, it's as easy as choosing the USB stick with the OS on it from the bootloader

>> No.64140656

is just not using a web browser or downloading anything enough or do I need to do something in network configuration to prevent it from connecting to the internet? I would just unplug it, but I want to be able to transfer stuff to my other computer.

so what do I have to do to fix shit on my computer with the amd?

>> No.64140659

Well they haven't released a patched kernel for 16.04 LTS so I can't imagine they'd done so for 17.10

>> No.64140674

What do I do tho?

>> No.64140711

you shouldn't be on FX anymore when Ryzen stomps on it

>> No.64140735

Install TempleOS


>> No.64140736

I can't upgrade because it's a new socket and I'm too poor to replace everything. also fuck windows 10.

>> No.64140752


okay well what about the intel microcode driver? should i enable that or disable?

>> No.64140767

Where did this bug come from? Was it here all along? If so why didn't anyone know about it since apparently it effects every CPU since 1995.

>> No.64140771

Find the patch then, Microsoft still rolls out XP patches, but here's the catch: it's for fucking businesses only.
>also fuck windows 10.
You can install windows xp on Ryzen, actually, but it's an absolute pain to get working because of missing drivers. Windows 7 is easier to install because AMD has the chipset support surprisingly enough.

>> No.64140779
File: 193 KB, 336x400, 9txbJpfV7G.jpg [View same] [iqdb] [saucenao] [google] [report]


>> No.64140941

There are two flaws, anon.


>> No.64140964

>Was it here all along?
>apparently it effects every CPU
Only intel
>why didn't anyone know about it
Nobody expected intel to be this bad

>> No.64140988

What do I do with windows 7?

No, upgrading to cancer Win8-10 is not an option. Where's my security patch then?

>> No.64141002

have fun

>> No.64141048

>both Firefox and Chrome already have fixes for browser vulnerabilities
>not running them together with noscript

>> No.64141069

bro 1710 sucks ass
1604 works fine
but try both with the live cd first
also use lubuntu and apt-get tlp
we still don't know it will affect us

you can easily use wine for old gayms with dx9

>actually now is absolutely the time for choosing a distro that doesn't have systemdicks
how so?

>> No.64141109

on some tracker or elsewhere ''stolen'' from paid shmuks i mean customers

>> No.64141116

guess it's time to utilize the free w10 upgrade you get for claiming to be handicapped

>> No.64141149

So do you have to download some malware or visit a bad site to become victim to this? Of course I'm going to update, but just wondering if I need to go changing passwords and shit afterwards.

>> No.64141181

>ARM not affected.
I guess the """dumb""" phone posters win again :^)

>> No.64141186

Spectre affects everyone (Intel, AMD and ARM)
Meltdown only affects intel

>> No.64141202

Last time i turned on automatic updates on my win7(pirated) it fucked my pc and kept hanging on shutdown forever, rolling back fixed. So what are the odds i grab this update exclusively from microsoft site and makes my pc release mustard gas?

>> No.64141212

Man you guys are like babys. Disable java and flash plugins run an ad blocker use common sense.

>> No.64141213

>how so?
So that you don't get an "I told you so" a second time when systemdicks blows up. It's the next bomb in the making. Nothing good comes from centralizing your shit like that. It becomes a monster that devours everything.

>> No.64141215

Is encryption affected?

>> No.64141227

>Last time i turned on automatic updates on my win7
Selective updates, you nigger, you can fucking download standalone packages. The windows 7 patch is already available as a standalone.
I bet you didn't turn off updates from services but from the control panel and thought you turned off the service when actually it was ready to run at any time.

>> No.64141237

This drama sure has died down huh. It's like the world is not ending. Even the news fell asleep using worse case scenarios and hyperbolic headlines for clicks.

>> No.64141360

>systemd vulnerability found
>it gets patched

Are you seriously trying to compare a hardware design fault with a potential bug in an open source software?

>> No.64141432

say goodbye to your twitter account

>> No.64141630
File: 22 KB, 699x516, 25552399_1696055083786162_3196588006490543895_n.jpg [View same] [iqdb] [saucenao] [google] [report]

i have no idea what any of that means but fuck it sounds pretty bad there chief

>> No.64141668

Fuck off nerd

>> No.64141689

Oh shit so Core 2 as well. I didn't realize. Somehow I had got it into my head that it was SB and after

>> No.64141706

So from what I've read this will influence IOPS/ I/O stuff with NVMEs mostly so industrial workloads in datacenters and servers?

>> No.64141709 [DELETED] 

Given that no end-users with desktops are affected, could someone post a benchmark results for a Linux distro of their choice? That is where the supposed 30% performance hit is going to happen after installing the patch.

>> No.64141723

Given that no end-users with desktops are affected, could someone post benchmark results for a Linux distro of their choice? That is where the supposed 30% performance hit is going to happen after installing the patch.

>> No.64141724

i never used the browser's "save password" gimmick nor use a password manager
the only thing i have is a paper with all my shit
in the data theft front i'm not that fucked, right?

>> No.64141750

you're actually pretty secure
even the Russians went the paper route a while back

>> No.64141767

If you type in a password and someone installs a keylogger, it won't matter if you didn't save it.

>> No.64141773

you know, these password CIA niggers are relentless.
If they can't read the passwords, they will just break into your home and steal your piece of paper

>> No.64141794

>deal supposedly ended dec 31 2017
>still works
thanks, microsoft

>> No.64141834

but a keylogger is typically easy to detect by any anti malware program, is it not?

jokes on them, i wrote it all in lemon juice (joking ofc)

>> No.64141966



>> No.64141973


>> No.64141984

the problem is that it doesn't need a keylogger program you download and execute, just a simple javascript drive by

>> No.64142018

Patch on Tuesday probably in the (((rollup))

>> No.64142048

Buy ryzen you dumb nigger

>> No.64142054

So my brainlet analogy understanding of meltdown is that it's like asking for the code to the safe while the CPU is distracted and then running away before it realizes it wasn't supposed to tell you that, correct? So what's spectere doing?

>> No.64142086

Meltdown is like you're at a restaurant and you order a hamburger and eat it. Then you give the hamburger back, but you still remember the taste of the hamburger and you walk out without paying.
Using the memories of the taste you can then figure out where the meat for the burger came from

>> No.64142087

>So what's spectere doing?
enabling it

>> No.64142090
File: 48 KB, 800x729, 1502457493616.png [View same] [iqdb] [saucenao] [google] [report]


>> No.64142138

Can we rename meltdown to "memories of beef"

>> No.64142152

How long should it take for intel to make cpus without this security breach?

>> No.64142156

>memories of beef
man, this is a cool name for an exploit

>> No.64142176


>> No.64142193

fucking years, 5 years minimum
they have to go back to basics on this, right back to the drawing board
whatever new architecture they have will be fucked if it's still based on the ghost of pentium pro

>> No.64142210

Will everything be fucked? Will we go on anarchy because the Wall St. computers will be hacked? I'm currently drunk and am fantasizing about a total world meltdown

>> No.64142225

>Will we go on anarchy because the Wall St. computers will be hacked
Nope, they run on gnu/linux. They'll have the patch. http://www.computerworld.com/article/2510334/financial-it/how-linux-mastered-wall-street.html

>> No.64142256

>the quick rundown on the Intel shit
--> >>64127406.

>> No.64142264

mind my nagging, but how would that actually work?
i'm not exactly tech literate, but is javascript THAT cucked? i get the kernel stuff, but a driveby keylogger?

>> No.64142276

yes, it's that cucked

>> No.64142290

AMD fanboys sure are desperate.

>> No.64142292
File: 24 KB, 112x112, 1513715393407.png [View same] [iqdb] [saucenao] [google] [report]

I'm also a retard and understand nothing.
So what can I do to be safe? Am I safe? Do I swap out my intel CPU for an AMD?
I use LastPass and lots of cloud programs to store miscellaneous stuff for convenience. You could say my entire life is online somewhere.

Am I fucked? Should I off myself right now?
I just want to play video games.

>> No.64142305


>> No.64142317

How concerned should I be if I only use my pc for basic internet, videogames and occasional porn

>> No.64142336

Make sure you are running latest security updates no matter the OS you are running.

If you have too old OS for security updates, you need to update or else you will be danger to yourself and others.

>> No.64142344

If this affects basically every Intel CPU made in the last 10 or 15 years and nobody noticed until right now doesn't it mean this could be the cause of basically every malware happening in all that time

>> No.64142350

if your PC is connected to TCP/IP you are vulnerable, this applies to every breach, but this is a very very nasty breach since it is at kernel level.

Enjoy bitcoin mining if you don't get security updates.

Oh and one of the sec-risks also influences phones.

>> No.64142354
File: 515 KB, 551x713, 1484726831236.png [View same] [iqdb] [saucenao] [google] [report]

>muh Coffee Lake
Enjoyed the wait, Intelfags?

>> No.64142368

>10-15 years.

>> No.64142372


>> No.64142392

>Intel stock only down by 3%
lmao. there is no hope.

>> No.64142402 [DELETED] 
File: 44 KB, 1214x306, 3t.jpg [View same] [iqdb] [saucenao] [google] [report]

what do

>> No.64142416
File: 46 KB, 714x270, 3r2q3.jpg [View same] [iqdb] [saucenao] [google] [report]

what do

>> No.64142417

Love playing games at a high frame rate. AMD fanboys will never experience this.

>> No.64142432

>ME issue.
Now now anon, that is a THIRD (second Intel) dangerous vulnerability for Intel CPUs, which is a different thing, but you should totally fucking patch it.

>> No.64142451

0. INTEL ME issue (Intel only)
1. Meltdown (Intel "only")
2. Spectre (intel+amd+arm)

and Shintel stock is only down 3% after this crap lomfao

>> No.64142483

I told you idiots like you don't understand the stock market.

>> No.64142510

Well I went to this page
Then here, since my mobo is MSI
And it would appear whatever fix I'm supposed to get isn't compatible with my low end board

>> No.64142531

You might not have ME in your CPU my dude. Like it's disabled.

>> No.64142574

patch for windows 7 when?

>> No.64142616
File: 19 KB, 296x107, 1111.jpg [View same] [iqdb] [saucenao] [google] [report]

Yeah looks like I don't have it

>> No.64142653

Not having ME is a fucking good thing. Rejoice, faggot, not all is broken in your life.

>> No.64142655

There must be an nsa bill being pushed through the senate

>> No.64142693

I'm getting mixed messages here, do I or do I not install this ME driver thing

I'm not sure I can even install it, the only thing I find for it in Intel's website says it's for Intel NUC

>> No.64142718

You don't need it. You're getting a false equivalent message from Intel's program, like that Equifax bullshit program that asked to get your shit fixed even when nothing was wrong and you're not on Equifax.

>> No.64142740

Well then I guess I'll just get the newest windows updates and see how this ends

God damn I was happier not knowing about this

>> No.64142772
File: 22 KB, 260x260, 1514015235769.jpg [View same] [iqdb] [saucenao] [google] [report]

>tfw furiously masturbating to 8008 on my abacus when I shake it too hard and it goes to 7965

>> No.64142776

My dude. There's three things going on if you have Intel CPU. ME has a terrible exploit (what you worried), Kernel has terrible exploit (Spectre & Meltdown). ME is fixed by Intel drivers if you have ME, second one (M&S) will be fixed by OS updates granted you get OS updates.

>> No.64142819
File: 38 KB, 400x232, greysq_lat.gif [View same] [iqdb] [saucenao] [google] [report]





>> No.64142828

It affects on AMD 2, bro

>> No.64142834
File: 46 KB, 789x295, 2123123.jpg [View same] [iqdb] [saucenao] [google] [report]

Actually I just found this

Does this mean I'm safe from the ME issue since my CPU is 4th gen?

>> No.64142848

Well if you don't have ME you really can't be exploited through it can you?

>> No.64142870

Yeah I guess

sorry anon I'm tech retarded

>> No.64142989

Yes, totally made up. Microsoft is desperate trying to push the patch so it's probably nothing serious, right?

>> No.64142992

ok, so what do we call spectre?
I don't actually understand how that one works.

>> No.64143007

>was confirmed by an intel employee
Totally trustful source then.

>> No.64143030

>vendors don't care and nerf everything anyway

Do we have a source on this? Last I heard, the W10 fix only applies to Intel CPUs

>> No.64143046

>mangatraders still exist
That's a lie and you know it. The new MT is completely different and has barely anything on it.

>> No.64143057

It exists
As a giant archive in the torrents that no amerifat can touch because of filesize

>> No.64143088

Everyone's wrong

>> No.64143167


Reminder that these people are not your allies, thanks Bobama

>> No.64143198

You're safe as long as you don't run avengers2.mp4.exe or visit shady russian porn sites loaded with malicious ads and scripts

>> No.64143276

And sites run by a certain nip that randomly injects steange code into them

>> No.64143279

why am I so aroused when seeing this image?

>> No.64143322

>visit shady russian porn sites loaded with malicious ads and scripts
this chinese board already has shady code appended by hirohito

>> No.64143383

>Buy ryzen you dumb nigger
Cute. Especially when you attempt doing that in a third world country.

>> No.64143450

But a solid defense against that was created in a matter of hours the very day it was discovered

>> No.64143497

intel shills, i so fucking hate you right now, pls kys and gtfo my boards reeeeeeeeeeeeeeeeeeeeeeeee

>> No.64143533


>> No.64143534

Where is the patch for windows 8?

>> No.64143565

So are you like okay with AMD shills or?

>> No.64143751

You don't need the patch, pls buy ryzen

>> No.64143765

Its literally fucking nothing, /g/ are just sperging out because they're amd fans



>> No.64143842

Maybe Microsoft is thinking it's close enough to regular monthly patch day that they'll just roll out the fix with the monthly security rollup for win 8 and win 7 next week.

>> No.64143890

>the 5% was confirmed by an intel employee
sounds trustworthy

>> No.64143901

i don't understand how this is a problem for clients
JS is still sandboxed inside the browser so worst case scenario it might get a password or two until the sandbox is emptied?

>> No.64143914


I mean intel

>> No.64143946

too early


you mean console fags?

is os related and patched
nice try

>> No.64143987

Meltdown let you access any memory in system. Sandboxing do nothing against it. It completely bypasses any software defence before OS patch.

>> No.64143996

>>it might get a password or two
>thinking this is remotely acceptable

>> No.64144037

>your gaymes are mostly unaffected
>please ignore the absolute clusterfuck this is creating by the need to get an updated kernel running on every Intel based system of the last decade
back to /v/

>> No.64144038

it lets you READ kernel memory, right?
obviously it's not but the chances of encountering JS that knows exactly where to look for the password that you might or might not enter is low isn't it? i guess you could make a JS keylogger that works as long as the script is allowed to run?

just not understanding how this is being made out to be worse for clients than the NSA backdoors leaked awhile ago. obviously on servers this is terrible.

>> No.64144057

When code is run it is passed to the cpu, due to the nature of meltdown cpu is compromised so when the code is run it can instruct cpu to read code anywhere in memory (outside sandbox)

>> No.64144059

Intel is the new AMD now

>> No.64144075

You got CIA niggered and so did the rest of the world for over 20 years

>> No.64144079

>read kernel memory
>you now have root rights and can change it
Sure, not an issue at all

>> No.64144104

so this does allow you to write to kernel memory? i thought it only allowed you to read it...?

>> No.64144113

>it lets you READ kernel memory, right?
It also lets you read memory from other processes, for example programs such as keypass and lastpass.

>obviously it's not but the chances of encountering JS that knows exactly where to look for the password that you might or might not enter is low isn't it?
Many people use keypass/lastpass or some sort of system password manager (for example keychain on macOS). It's pretty trivial to make code that targets these specific systems, and there are plenty of people who use them.

>> No.64144122

If you can read kernel memory you can get root access. After that you can do whatever you want

>> No.64144184

how? everything i'm reading about this says it lets you read kernel memory; not get root access and do whatever the fuck you want with the machine.

>> No.64144197

ipad pro unaffected. What's a computer?

>> No.64144206

Stop replying to him, he's an idiot. See >>64144113 instead

>> No.64144218

so ironically password manager users are more affected by this than retards that use 2-3 passwords everywhere. thanks for clearing that up.

>> No.64144231

Rundown is intel fucked up big time and are trying to take AMD down with them.

>> No.64144254

Well, in this particular case, yeah. Kernel patch fixes that though.

It can also be used to hijack active sessions though, so it's not merely about passwords.

>> No.64144256

Passwords don't work to well if you can just read them. Their position in memory is randomized, not in the pagetable. And that is what meltdown gives you access to.

>> No.64144281

It's a feature it's real mode for modern CPU intel designed it on purpose and AMD stole it. Use only authentic intel inside (TM).

>> No.64144335

regardless, it's not going to let JS get root access, right? so it's bad, but not nearly as bad as EternalBlue or DoublePulsar were.

>> No.64144345

Not with KPTI enabled

>> No.64144359

How could that in theory happen? Wouldn't you first have to visit an untrusted, malicious website and disable your script blocker for JS to be able to execute anything?

>> No.64144516

Its not just JS, it could be any malicious code. But yes, it obviously needs to run to exploit meltdown.

>> No.64144581

>kernel and run as an administrator.
Like the administrator in user list?

>> No.64144638

the 86 is old the 88 is the latest

>> No.64144665

Sure you do.

>> No.64144667

without the patch JS can cryptolock/get ACE outside the browser by using this?

>> No.64144668
File: 60 KB, 693x663, 1502108236479.jpg [View same] [iqdb] [saucenao] [google] [report]

nice meme source you got here

>> No.64144689
File: 63 KB, 313x230, 1511276272727.png [View same] [iqdb] [saucenao] [google] [report]

So basically this only matters for data centers. For consumers it hardly changes anything and doesn't make any CPU surpass or fall behind another one.

So why do we care again?

>> No.64144692

Yeah, my Ryzen manages to get only 150fps compared to 155 on the 7700K.
It makes me wake up and cry at night.

>> No.64144725

Not just JS but any code that is executed

>> No.64144744

so spectre is just a minor concern?

>> No.64144746


Chance that windows themselves developed it to kill off windows 7 holdouts?

>> No.64144748

Because this is /g/ and not /v/ and fucking up x86 server infrastructure is a topic of interest here

>> No.64144774

Because your average /g/entooman owns datacenters amirite?

>> No.64144775

so >>64144122 was right and meltdown does let you get root access on the machine?

>> No.64144778

So why, from 1995 until today, this flaw was not used and there hasn't been a massive hacking attack happening all over the world were evil hackers steal all the money and waifus?

>> No.64144787

nigga all of these are a concern if the whole web is having a fiasco about this

>> No.64144812

He at the very least relies on their services and maybe even knows how important they are. If he's one of the 3 people on /g/ with a job he may even have to put in extra hours to get thisbshit patched.

>> No.64144859

If you can find the location of the password in question in the kernel side pagetabe, sure. Which shouldn't be to hard since all software security features to prevent that from happenig are useless.

>> No.64144881

JS can just open up a shell whenever it wants?

>> No.64144884
File: 141 KB, 405x490, 1491972205619.png [View same] [iqdb] [saucenao] [google] [report]

>autism, the post

>> No.64144902

Nope, but it can use timed cache attacks to fuck you.

>> No.64144931
File: 187 KB, 568x612, 1515005231360.png [View same] [iqdb] [saucenao] [google] [report]

>5% was confirmed by an intel employee
>will affect everything, including AMD

>> No.64144968

>timed cache attacks
aren't those used to get keys? why would you need to do that if you can just lookup the root password?

>> No.64144983

Before today I wasn't even aware that a fucking CPU chip could have any impact on security at all. Is there anything inside a PC that hackers can't use to fuck your shit up? Is there by any chance a brand of RAM sticks that allows them to remote access your bank account? Or a graphic card that allows them to detonate your PC? It feels like real life is turning into some shitty over the top Hollywood hacker movie.

>> No.64144993

>people still trying to pin it on Intel when it is a concept common to modern processors that gave them such speed-ups we take for granted today
Put all your money on graphene boyos, it's gonna moon soon. Silicon has been shit on yet again.

That's JS. It'd need to do that initial step to get to the level of finding passwords.
It needs to jump out the browser sandbox first.

>> No.64145011

hey looki. i have a self affirming and validating benchie too.

>> No.64145039


>> No.64145057



>> No.64145096

Fuck are you on about?
I despise Intel.
It still affects everyone, cunt.

>> No.64145104
File: 127 KB, 657x527, apustaja.gif [View same] [iqdb] [saucenao] [google] [report]

>It needs to jump out the browser sandbox first.
So I guess what I'm not understanding is what the step(s) is/are in between finding the root password and getting outside the browser sandbox to do whatever you want.

Sorry for stupid.

>> No.64145147


>> No.64145158

Use meltdown to get access to the kernel space side of the page table. Find password in page table. Now you're free.

>> No.64145201

So, let me get this straight, what you are saying is AMD processors are inferior because they don't have these massive increases gained by such pipelining?

>> No.64145216

everything has been said in clear terms all over this board, I'll stop replying and simply start to quote relevant posts all around in the hopes it'll trigger intel shills and quicken their nervous ulcer creation process.

>> No.64145250

oh my a circular reference. nice. and so quick

>> No.64145264

lole stay slow, nerd

>> No.64145292

No. They do speculative execution too. They just give you a page fault if a ring 3 application is trying to stick its nose into the kernel space side of the page table.

>> No.64145322


>> No.64145341
File: 23 KB, 600x484, hep heller.jpg [View same] [iqdb] [saucenao] [google] [report]

>Now you're free.
i still don't get it desu
somebody said earlier javascript can't just open up a shell and i don't know enough about it to know how getting the root password allows it break out
>use meltdown to get root password
>now you're free

>> No.64145369

get fucked intel


>calls me a nerd. on /g/
s-should I be be feeling this warm sensation in my chest... i-is it happiness? waaah~ i'm so proud of myself. Thank you for the confidence boost senpai.

>> No.64145419

That's some amazing proof you have there.
I'm awed and amazed at the proofs.

Also why do you keep calling me an Intel shill?
I'm laughing at how much shit they are getting because they are a scummy as fuck company.

>> No.64145474

There is exactly no indication of this. To exploit meltdown, you have to be able to issue loads and stores to specific addresses, and JavaScript can't do that.

>> No.64145522

Literally in their statement. Besides tjay without prefetching and speculative execution performance would drop by at least an order of magnitude.

>> No.64145531

oh, I recongnize this one.
you're nvidia.
those that post speccy with "your own" radeon 290x to bitch about the inferior drivers. I love these guises the most.

you people on a joint task force with intel this week?

>> No.64145548

It can. Every code can. With the root password you're in

>> No.64145570

I don't have a graphics card. (integrated)
Where's that proof tho?

>> No.64145572

How did they use JS for their proof of concept in the first whitepaper on this then?

>> No.64145766

>Facebook filename
Kill yourself, zuckercuck.

>> No.64145939

i figured out why you're here.
you must be tired.


>> No.64145955

THe issue is baked into the silicon

>> No.64145961

So where is your proof you kept going on about?
I showed you mines.
Now show me yours ;)
Oh wait, you have none.

>> No.64146000


>> No.64146022

Those are nice trips, but that isn't proof.

>> No.64146166


>> No.64146209
File: 52 KB, 365x444, 2df32df900.jpg [View same] [iqdb] [saucenao] [google] [report]


+1 this - someone ansr pls

>> No.64146253


you moron ... win 7 is still getting support for 2 years meaning if there was a fix, w7 would get it too

>> No.64146270
File: 1.50 MB, 300x154, make it stick.gif [View same] [iqdb] [saucenao] [google] [report]

keep on trying, ganbatte! faito!

>> No.64146303

I'm not trying anything.
I am waiting for you to post your supposed proof of AMD immunity to Spectre.
You haven't.

>> No.64146323
File: 65 KB, 726x781, holy_sheeeez.png [View same] [iqdb] [saucenao] [google] [report]


you got curious though, proof of what you on about? linus' post? well, he did btfo with that and it was awesome.
here, have another sip of that.

>> No.64146386

That is not proof.
That is just Linus being an ass and pointing it how awful Intel handled the news. (and rightfully so!)
Also, that says ARM, not AMD.
Are you dyslexic as well as dumb?

>> No.64146699
File: 212 KB, 793x307, 1515020469795.png [View same] [iqdb] [saucenao] [google] [report]

you're indeed relentless








what part of the "near zero risk" you don't get?

>> No.64146790

this one has a better technical analysis

>> No.64146869
File: 188 KB, 552x530, b46fa6ee3f.png [View same] [iqdb] [saucenao] [google] [report]


>> No.64146899

Thank you, that's all I fucking wanted man.
I actually want to read this. I ain't no shill.

lmao Intel is hyper-fucked.

>> No.64146961
File: 412 KB, 600x764, chuuni_lewd.png [View same] [iqdb] [saucenao] [google] [report]


>> No.64147030
File: 47 KB, 1024x1024, truth matrix.png [View same] [iqdb] [saucenao] [google] [report]

>> No.64147036

I sure haven't seen any whitepaper that hasn't used C code.

>> No.64147056

we should just stop using CPUs entirely

>> No.64147166

>use qx9660 for years
>people laugh at me for using old architecture
Who's laughing now?

Name (leave empty)
Comment (leave empty)
Password [?]Password used for file deletion.