Quantcast
[ 3 / biz / cgl / ck / diy / fa / g / ic / jp / lit / sci / tg / vr / vt ] [ index / top / reports / report a bug ] [ 4plebs / archived.moe / rbt ]

Due to resource constraints, /g/ and /tg/ will no longer be archived or available. Other archivers continue to archive these boards.Become a Patron!

/g/ - Technology


View post   

[ Toggle deleted replies ]
File: 119 KB, 1059x737, DSqreVPVQAAs5Xq.jpg [View same] [iqdb] [saucenao] [google] [report]
64147078 No.64147078 [Reply] [Original] [archived.moe] [rbt]

Oh shit even CERT brings the only Solution

>> No.64147204
File: 164 KB, 413x352, 1500920156842.png [View same] [iqdb] [saucenao] [google] [report]
64147204

>>64147078
>>64147078
WHAT THE FUCK INTEL

>> No.64147222

>>64147078
nice bug. this is the solution to dropping computer sales.

>> No.64147256

>>64147222
> People wont buy our stuff, lets introduce a flaw since 1995 so that people have to buy our competitors stuff!

Youre a special kind of stupid, intel level stupid id say

>> No.64147289

Meltdown solution is a software patch. Spectre (the one that affects ARM and AMD too) has no solution besides mitigation techniques.

>> No.64147308
File: 104 KB, 803x688, 157.jpg [View same] [iqdb] [saucenao] [google] [report]
64147308

>>64147078
WE MUST REPLACE 90% OF ALL COMPUTERS SINCE 1995

>> No.64147324

RISC-V here I come

>> No.64147328
File: 9 KB, 320x180, mqdefaultr.jpg [View same] [iqdb] [saucenao] [google] [report]
64147328

>>64147256
I would have said nvidia level myself.

>> No.64147329
File: 48 KB, 498x456, 1513037985264.jpg [View same] [iqdb] [saucenao] [google] [report]
64147329

>>64147078
oh shiiiiiiit

>> No.64147358
File: 150 KB, 1075x707, LELLLL.jpg [View same] [iqdb] [saucenao] [google] [report]
64147358

>>64147078
OH SHIT
I thought this is shop but its actually real

>> No.64147361
File: 5 KB, 227x297, 1439767672462.png [View same] [iqdb] [saucenao] [google] [report]
64147361

>>64147078
all according to plan, now watch as the dumb goyim buy Intel CPUs again

>> No.64147370

>>64147289
We could all move back to the era of 486s and 2400 baud modems, where downloading a few low-res nudie shots still felt fresh and new.

>> No.64147378

>>64147308
Letting Jews in Israel Have a virtual 90% monopoly over the Computer Processor market turned out to be a really bad idea That has put our economy and national security at risk. Who could have guessed?

>> No.64147393
File: 90 KB, 579x569, Screenshot_20180104_115238.png [View same] [iqdb] [saucenao] [google] [report]
64147393

>>64147204
It's not just intel. AMD is vulnerable too.

>> No.64147397

>powerPC will come back
YESH
I want to play Mighty Mike / Power Pete again

>> No.64147398

>>64147078
The final solution to the Intel botnet is total extermination, noice.

>> No.64147419

>>64147397
Spectre affects PowerPC as well.

>> No.64147422
File: 234 KB, 882x758, delid.png [View same] [iqdb] [saucenao] [google] [report]
64147422

>>64147393
>t.

>> No.64147452

>>64147256
the only reason it exists is because intel wanted to make the cpu as cheaply as possible and its proprietary so no one can just look at it and see what garbage it has inside.

>> No.64147453

>>64147419
FUCK

>> No.64147466

What the fuck is going on.

>> No.64147492
File: 602 KB, 963x720, 1396931836134.png [View same] [iqdb] [saucenao] [google] [report]
64147492

So is Spectre an actual threat or is it just some boogeyman bullshit?

>> No.64147498
File: 58 KB, 500x500, vHedWVd.jpg [View same] [iqdb] [saucenao] [google] [report]
64147498

>>64147078
>TU Graz
>IAIK

tfw my uni took down Intel.

>> No.64147499

>>64147393
>Note here: Intel stock went down today but Spectre affects AMD an ARM too
found the intel stock owner.

>> No.64147501

>>64147466
The dark age of computing has come. We're all going back to the stone age.

>> No.64147508

>>64147492
The latter.
Meltdown is the actually dangerous one.

>> No.64147510

Ok this Intel i7 4770k that i own will be the last Intel CPU that i will have

>> No.64147511

You know what this means?

Flood of Intel - based computers on the market

specially from corporate partners

>> No.64147518

L M A O
M
A
O
INTELKEKS ON ETERNAL SUICIDE WATCH

>> No.64147545

Daily reminder:
Spectre affects AMD in this way
>non harmful variant
>needs to be in strange configuration
It has been tested only tested on a FX chip and can be patched in OS without performance loss.
This is an intel problem only.

>> No.64147596

Out of the box AMD isn't even vulnerable to Spectre 1 or 2, you have to MAKE it vulnerable yourself.

>> No.64147600

https://www.youtube.com/watch?v=Xr9Oubxw1gA

offical theme from intel for this

>> No.64147615
File: 87 KB, 736x718, 1512839650459.jpg [View same] [iqdb] [saucenao] [google] [report]
64147615

I'm on AMD and my Windows just updated

>> No.64147640
File: 170 KB, 1416x980, ayyymd.png [View same] [iqdb] [saucenao] [google] [report]
64147640

>>64147204
>Intel

>> No.64147643

>>64147492
Look up what a side-channel attack is and you'll find out.

>> No.64147664

>>64147501
But I spend quite a significant amount of time on the computer. What else am I going to be doing?

>> No.64147671

>>64147289
Isn't spectre v1 fixed by a software patch?

>> No.64147695

>>64147545
That's just not true. You can download a simple proof-of-concept program from github which will work even on AMD processors.

>> No.64147704

Okay. Can anything be done about it?
Can I sue Intel for this shit?

>> No.64147713

>>64147704
join the race war.

>> No.64147735

my 7500 is safe right?

>> No.64147738
File: 59 KB, 548x562, intel btfo.png [View same] [iqdb] [saucenao] [google] [report]
64147738

>>64147078
Totally BTFO

>> No.64147741

>>64147704
AMD and ARM are also affected.

>> No.64147745

>>64147492
Spectre is a risk, but it's not a big one. It basically means that any program can read any memory in user space, which is pretty muchwhat they can do already. The problem lies in that it can escape browser sandboxes and stuff like that. So website 1 can read what you're doing on other websites.

>> No.64147747

Is this basically forced the.vendors to remake the processor from scratch?

>> No.64147752

>>64147640
Meltdown only affects Intel
Spectre affects everything but is unfixable for Intel. Everything else can just use a patch with no performance loss
CERT is probably paid off by Intel too since there's no point in grouping Meltdown and Sceptre together.

>> No.64147763

>>64147393
AMD's problem is patchable.

>> No.64147770

>>64147393
Jewish propaganda

>> No.64147773

WAKE ME UP
wake me up inside
CANT WAKE
save me from the nothing my security has become

>> No.64147774

>>64147763
No, it's not.

>> No.64147778

>>64147752
>Spectre affects everything but is unfixable for Intel
And AMD and ARM.

>> No.64147780
File: 49 KB, 500x328, 1344578349219.jpg [View same] [iqdb] [saucenao] [google] [report]
64147780

literally laughed out loud at that solution.

>> No.64147802

>>64147778
No you idiot

>> No.64147822

>>64147802
whatever. Trust what the amd fanboys tell you.

>> No.64147825

>>64147741
Don't know about you, friend, but I don't have CPU's of two different manufacturers inside the same machine.
So tell me straight, can the Intel kikes be held accountable for this shit or at least made lose money on stock with a threat of being dragged to court.

>> No.64147857

>>64147825
go check a lawyer, how the fuck I'm going to know that shit.

>> No.64147866

>>64147752
>but is unfixable for Intel.
Spectre is unfixable for everyone.
>Everything else can just use a patch with no performance loss
Wrong. Software patches are available for everyone, and they are all band-aids on fundamentally unsafe architectures, with some amount of performance loss.

>> No.64147905

>>64147308
or keep them offline

>> No.64147927
File: 80 KB, 1210x582, file.png [View same] [iqdb] [saucenao] [google] [report]
64147927

>>64147778
>>64147640
>>64147866
https://www.youtube.com/watch?v=qgiUuTmXyGs

>> No.64147931

>tfw people will dump their 8700K on ebay for $100
>tfw I will snatch it up
>tfw I wake up from DRAM

>> No.64147940

>>64147735
Nope

>> No.64147948

If carmakers have to recall cars when they have some serious defects, why shouldn't Intel be forced to replace our CPUs with non-faulty ones?

>> No.64147969
File: 85 KB, 642x384, this_kills_the_fanboy.png [View same] [iqdb] [saucenao] [google] [report]
64147969

>>64147927
>amd.com
kek

https://spectreattack.com/spectre.pdf

>> No.64148017

there is no "non-faulty" intel CPUs available.

>> No.64148038

>>64148017
Monetary compensation works for me fine.

>> No.64148044

>>64147948
Because Jews. Also because they can't be "repaired", you need a new CPU and Intel doesn't have non-defectuous CPUs. And even if they had a line of non-affected CPUs it would be too expensive to provide anyone with faulty CPUs a new one. It would not only break Intel but leave in in negative numbers. So yeah, they ain't gonna do anything.

>> No.64148053

>>64147948
For recent purchases made within the last year or so you probably can contact the manufacturer to have them returned for a full refund. For purchases older than like 3-5 years good luck with that.

I think there will be an assumption that any product older than a certain length of time has reached or exceeded the expected lifetime of that product and you wont be entitled to get anything back at that point. <1 year old purchases are well under that so it should be possible in most places.

>> No.64148056

>>64147857
Sorry mate, you sounded like you knew shit.
Cheers.

>> No.64148062
File: 5 KB, 384x239, enough.png [View same] [iqdb] [saucenao] [google] [report]
64148062

>>64147969
What is it that you dont understand
Yes, amd is vulnerable to the first variant but itcan be foxed with a software update.

>> No.64148074

>>64148038
Sue them.

>> No.64148082

>>64147774
yes it is because it affects only the fx line and only when a very specific flag is on which isnt by default

so in any case amd is safe

>> No.64148088
File: 419 KB, 1080x1080, badge-itanium.png [View same] [iqdb] [saucenao] [google] [report]
64148088

>>64148017
Wrong

>> No.64148098

>>64148082
You're talking about different exploit.

>> No.64148142

It sure is a great day for having an FX-6300. I'm literally laughing at the retards who purchased Intel at any point in the last 20 years, or fell for the "buying a CPU that's not older than 5 years" scam. That's what you get dumbasses.

>> No.64148150

>>64147931
Server hardware should be cheap too

>> No.64148153

>>64148098
there is only ONE that affects amd and thats spectre and only on the fx line

the rest due to the fact that amd has SEV and SEM the hackers can read the data but its garbage since they are all 512 bit encrypted

>> No.64148165

>>64148153
Imagine being this retarded and dense

>> No.64148183

>>64147969
See >>64148148
https://www.youtube.com/watch?v=qgiUuTmXyGs

>> No.64148187
File: 173 KB, 831x767, Intel inside.png [View same] [iqdb] [saucenao] [google] [report]
64148187

>> No.64148218

So, we're gonna go back to 90s level computing, aren't we? Personally, I'm fine with that.

>> No.64148251

>>64148218
well yeah intel fans will probably revert back to rock smashing and put lightining into the rock for it to work

>> No.64148256

>>64148183
https://spectreattack.com/spectre.pdf

>> No.64148259

>>64147969
and their source is the project zero's blog, your point?

>> No.64148266
File: 50 KB, 645x729, 1506361990613.png [View same] [iqdb] [saucenao] [google] [report]
64148266

>>64148218
>t.

>> No.64148298

Do older Atom chipsets have the Management Engine? I can't find much information on this.

>> No.64148319
File: 65 KB, 1227x310, variantvulnerability.jpg [View same] [iqdb] [saucenao] [google] [report]
64148319

>>64147774

>> No.64148321

>>64147324
Welp, time to join RISC-V development. Anybody have any good books on CPU designs?

>> No.64148345
File: 35 KB, 408x450, 1506899379997.png [View same] [iqdb] [saucenao] [google] [report]
64148345

>I think AMD is not vulnerable because a PR from AMD from yesterday says so

>> No.64148347

>>64148259
pretty sure they dont even understand how hard it is to even exploit spectre let alone to be able brake in SEV in real time

>> No.64148384
File: 116 KB, 645x729, 1507260023571.png [View same] [iqdb] [saucenao] [google] [report]
64148384

>>64148183

>> No.64148396
File: 28 KB, 980x321, Screenshot-2018-1-4 Merge branch 'x86-pti-for-linus' of git git kernel org pub scm linu… · torvalds linux 00a5ae2.png [View same] [iqdb] [saucenao] [google] [report]
64148396

>>64147393
https://youtube.com/watch?v=37OWL7AzvHo

>> No.64148410

>>64148345
AMD is only affected by Spectre, not Meltdown. The biggest issue here is Meltdown.

>> No.64148416

>>64148396
That's Meltdown, not Spectre. How low is your IQ?

>> No.64148420

>>64148142
As far as I know, only Ryzen is fixable.

>> No.64148435

>>64148410
Which is already fixed.

>>64148420
Not fixable.

>> No.64148455

>>64148165
We get it. You are using Intel.

>> No.64148466

>>64148345
That and the meltdown whitepaper says it isn't.

>> No.64148469

>>64148416
yes we get it, the only chip getting cucked in performance are intel CPUs despite there being two vulnerabilities.

>> No.64148478

>>64148416
spectre is os fixed
how low is yours

>inb4 fx
irrelevant

>> No.64148486

>>64148466
Love how you skipped the Spectre whitepaper.

>> No.64148488

>>64148420
By the standards of what you are terming "fixable" (which isn't really, it's just papering over the issue with software and microcode), all other CPUs are also "fixable".

>> No.64148489
File: 5 KB, 669x122, intel.png [View same] [iqdb] [saucenao] [google] [report]
64148489

>>64148435
>Which is already fixed.

>> No.64148505

>>64148478
Spectre is unfixable.

>>64148489
That's for Spectre.

>> No.64148510

What about phones? Are you basically fucked if you have an old smartphone? Do I need to make my parents replace theirs?

>> No.64148523

>>64148489
Try reading the actual page you copy-pasted.

>> No.64148528

>>64148510
>tfw I just bought a new phone after christmas

>> No.64148540

>>64148298
Nope. I think only procs/mobos marked with vpro.

>> No.64148559

https://www.youtube.com/watch?v=RbHbFkh6eeE

>> No.64148565

>>64148510
is this a flaw exclusive to modern x86? most phones don't run that architecture

>> No.64148580

>>64147078
>When one agency tells you to switch hardware while another agency is happy to have its backdoor

>> No.64148581

>>64147256
>how to overcome declining sales due to plateauing over mores law
They just didnt expect to have to wait so long.
This was their ace in the sleeve.

>> No.64148582

>>64148565
Nope, ARM64 is affected too.

>> No.64148594 [DELETED] 

>>64148505
>Spectre is unfixable.

>> No.64148600

>>64148580
was the backdoor wanted by the NSA, FBI and CIA?

>> No.64148606

>>64148565
No, Spectre affects ARM as well. It has been tested at least on Qualcomm chipsets.

>> No.64148629

>>64147078
where is a list of affected CPU's ?
i have Intel Core 2 Duo T7250 is this safe ?

>> No.64148645

>>64148629
no all Intel CPUs expect for the first Generation are fucked

>> No.64148649

>>64148629
No, every CPU since Pentium Pro (1995)

>> No.64148653

>>64148600
Probably not wanted in the sense that it was commissionned, but it is most likely that they knew about it and used it.

>> No.64148655

>>64148629
Everything made after 1996 is fucked. Original Pentium is fine.

>> No.64148698

will someone tl;dr me how the exploit works?
examples?
tjanks

>> No.64148702

Alright, tell me If I got this right:

Intel ME = NSA backdoor
Meltdown = affects Intel CPUs; is fixable but comes with a performance penalty
Spectre = affects multiple architectures; cannot be fixed

>> No.64148717

>>64148629
From https://meltdownattack.com/ and https://spectreattack.com/
>More technically, every Intel processor which implements out-of-order execution is potentially affected, which is effectively every processor since 1995 (except Intel Itanium and Intel Atom before 2013).

>> No.64148723
File: 580 KB, 800x1138, 1511623598192.gif [View same] [iqdb] [saucenao] [google] [report]
64148723

>>64148702
Pretty much

>> No.64148732

>>64148702
Both Meltdown and Spectre can be "fixed". But it's just patching post-facto. The vulnerability is still in the chips.

>> No.64148737

WAAAAAAAAAAAAAAAAAAHHHHHHHH
2018 BEST TIMELINE
THE VEIL IS LIFTING!!!!!!!!!!!!!!!!!

>> No.64148773

>>64148645
>>64148649
>>64148655
>>64148717
thanks anons
>>64148698
also this, could someone explain this on the retard level ?

>> No.64148795
File: 283 KB, 397x484, 1514206862309.png [View same] [iqdb] [saucenao] [google] [report]
64148795

>>64147078
>tfw I bought a new laptop with an i5 for Christmas.

>> No.64148797

>>64148702
>Spectre = affects multiple architectures; cannot be fixed
for intel

for amd fixed

>> No.64148801
File: 14 KB, 112x112, 307051923817758721.png [View same] [iqdb] [saucenao] [google] [report]
64148801

>>64147358
Doesn't say it anymore..
>Solution
>Apply updates
>Operating system and some application updates mitigate these attacks.

Seems (((they))) didn't want people to panic.
http://www.kb.cert.org/vuls/id/584653

>> No.64148810

Does this change the power consumption?

>> No.64148826

>>64148801
More like the shekels weren't deposited then.

>> No.64148830

>>64148698
You're CPU contracts AIDS
But seriously, Meltdown would've let a program access memory from the kernel that it really, really should not be able to, and could use this for a wide variety of purposes not limited to bricking a mobo or stealing passwords. This is the intel specific one with the i/o penalty on patching. Some variant of Spectre does something similar, but it is from application to application, so it can steal passwords from another browser or fuck stuff up from inside a vm. One variant is unpatchabke, but is difficult to exploit, and should affect most CPUs.

>> No.64148844
File: 46 KB, 596x628, 1491624720875.jpg [View same] [iqdb] [saucenao] [google] [report]
64148844

>>64148801

>> No.64148878

This has been flawed for 10 years. It's definitely already been exploited.

>> No.64148885
File: 277 KB, 1152x648, HeyDoc.png [View same] [iqdb] [saucenao] [google] [report]
64148885

Psst.. I can see your hardware specs!
They look an awful lot like mine..
Carry on..

>> No.64148891
File: 486 KB, 1080x1724, Screenshot_2018-01-04-20-57-42-706_com.chrome.beta.jpg [View same] [iqdb] [saucenao] [google] [report]
64148891

>>64148773

>> No.64148913
File: 30 KB, 286x214, 1164139335819.jpg [View same] [iqdb] [saucenao] [google] [report]
64148913

Could all this potentially mean a (temporary?) end to the "internet of things" madness?

>> No.64148936

>>64148698
>>64148773
it's an oversight in the design of modern processors that gives an attacker easy, unrestricted access to all system memory and low level hardware calls and they can probably do it from anything, including javascript

basically everything is fucked, fucked harder than ever before seen

>> No.64148946

>>64148878
Makes me wonder if this is what the NSA/FBI NIT exploits were all about,and why they refused to reveal them

>> No.64148962

Will this even affect home computer users? It looks more to be a server problem.

>> No.64148983

>>64148962
it's a severe security flaw that effects pretty much everyone

>> No.64148985

>>64148913
Nah. Manufacturers of "smart" devices haven't given a shit about security before, why would they start now? Insecure devices, identity theft, loss of privacy have all become normalized.

>> No.64149007

>>64148962
It effects everyone.

>> No.64149029

>>64148962
>>64148983
The chips themselves were designed in a way to boost apparent speeds while scraping security for performance so intel could hold a monopoly.
The design flaw has been discovered and is pretty much as bad as it gets.

>> No.64149041

>>64149029
> scraping security for performance so intel could hold a monopoly
but it's not just intel chips

>> No.64149065

>>64149041
The main issue is Intel only.

>> No.64149070

I know what meltdown is, but what the fuck is spectre? Does it just allow any ring 3 program to read memory from any other ring 3 program? Oh no! Where is the big deal?

>> No.64149071

>>64148810
Please answer.

>> No.64149073

>>64148062

so is intel's case then

>> No.64149085

>>64148891
>>64148936
so now i should just dump my intel and buy AMD instead ?
also will i be able to say if i am under attack ?

>> No.64149092

So the fix to meltdown is to patch the OS and the fix to spectre is to use page isolation/disabling javascript completely?

>> No.64149094

>>64148962
Thing is modern world is dependent on servers, this is not just your pc getting slow, is world security being with their buttcheeks ready to be fucked.

>> No.64149095
File: 29 KB, 664x520, 1.jpg [View same] [iqdb] [saucenao] [google] [report]
64149095

>>64148913
In one week tops nobody knows anymore and will buy i7 inside to get permanent wood despite being a failure. Intel will do three things. A. Not talk about it. B. Let shills mix specter and meltdown such that average normalfags can't tell the difference anymore. C. Let shills smear dirt on other manufacturers because of spectre. The only problem they have is companies but who knows if management will be able to tell the difference.

>> No.64149096

>>64148505
>Spectre is unfixable.
for intel :^)

>> No.64149100

>>64149041
Don't conflagrate Meltdown and Spectre, that anon is obviously referring to Meltdown

>> No.64149109

>>64147378

is Intel actually owned by jews or is it just a meme

>> No.64149119

>>64149085
the patch for intel comes with a 30-60% hit to performance

the funny thing is, even after the patch, in a lot of cases intel is still faster than AMD

>> No.64149147

>MSI will not provide updates for H97
Am I fucked? What should I do? Running fucking server 2016 with VMs.

>> No.64149149

>>64149109
I dunno, but Sandy Bridge was designed by Intel Israel, which was the arch that gave them market domination which cased the last 5 years of x86 to be stagnant, so it checks out, I guess.

>> No.64149157
File: 653 KB, 1080x1080, 1512425617270.jpg [View same] [iqdb] [saucenao] [google] [report]
64149157

guys should I disable javascript?

>> No.64149158
File: 68 KB, 1024x375, js.jpg [View same] [iqdb] [saucenao] [google] [report]
64149158

>64149109
>is Intel actually owned by jews or is it just a meme

About 60% of Intel Israel's employees are engaged in cutting-edge R&D, while half support high-volume manufacturing of microprocessors that power the world's computing devices.
https://www.intel.com/content/www/us/en/corporate-responsibility/intel-in-israel.html

>> No.64149163

>>64149119
Not faster than my 1800X.

>> No.64149166

>>64149041
Meltdown, the more problematic exploit, that's already been implemented and proven to work, is intel only.

Spectre, which is far more unexplored though admittedly probably pretty dangerous, affects pretty much everybody, but isn't yet considered a problem since nobody's developed it out yet enough.

>> No.64149167

>>64149119
>the funny thing is, even after the patch, in a lot of cases intel is still faster than AMD

can a non Intel shill answer me please ?

>> No.64149168

~ » arch-audit
Package binutils is affected by CVE-2017-17126, CVE-2017-17125, CVE-2017-17124, CVE-2017-17123, CVE-2017-17122, CVE-2017-15996, CVE-2017-15025, CVE-2017-15024, CVE-2017-15023, CVE-2017-15022, CVE-2017-15021, CVE-2017-15020, CVE-2017-9044, CVE-2017-9043, CVE-2017-9042, CVE-2017-9041, CVE-2017-9040, CVE-2017-9039, CVE-2017-9038, CVE-2017-7210, CVE-2017-7209, CVE-2017-6969, CVE-2017-6966, CVE-2017-6965. High risk!
Package cairo is affected by CVE-2017-7475. Low risk!
Package exiv2 is affected by CVE-2017-11592, CVE-2017-11591, CVE-2017-11553. Medium risk!
Package ffmpeg is affected by CVE-2017-16840. Medium risk!
Package glibc is affected by CVE-2017-15671. Low risk!
Package jasper is affected by CVE-2017-9782, CVE-2017-6852, CVE-2017-6850, CVE-2017-5505, CVE-2017-5504, CVE-2017-5503. High risk!
Package lame is affected by CVE-2017-9872, CVE-2017-9871, CVE-2017-9870, CVE-2017-9869, CVE-2015-9101. Medium risk!
Package libffi is affected by CVE-2017-1000376. High risk!
Package libvorbis is affected by CVE-2017-11735, CVE-2017-11333. Low risk!
Package linux is affected by CVE-2017-5753, CVE-2017-5715, CVE-2017-17741, CVE-2017-16644, CVE-2017-1000379, CVE-2017-1000371, CVE-2017-1000370, CVE-2017-1000365. High risk!
Package mkinitcpio-busybox is affected by CVE-2017-16544. High risk!
Package openssl is affected by CVE-2017-3738. Medium risk!
Package pcre is affected by CVE-2017-11164. Medium risk!
Package rsync is affected by CVE-2017-17434, CVE-2017-17433. Medium risk!
Package vorbis-tools is affected by CVE-2017-11331. Low risk!


Well, fuck.

>> No.64149176

>>64149157
no just update firefox or wait until the 23rd until chrome updates

>> No.64149181

>>64149157
You should be using uMatrix regardless of any known exploits.

>> No.64149185

>>64149157
You should have disabled it before this happened anyways :^)
But yeah, get noscript and only disable when truly required

>> No.64149193

>>64149109
see
>>64149158

>> No.64149197

>>64149185
>noscript
uMatirx, you fag. What is this, 2012?

>> No.64149198

>>64149109
>>64149149
oy vey
http://archive.is/NHQLs

>> No.64149200

>>64149166
then why the fuck is every amd shill saying that they already fixed spectre on AMD?

>> No.64149203

>>64149095
You can already see how things are getting mixed up and relativized a lot.
But the thing is that this problem is so severe that the fallout will be devastating in the near future.
If it was just a bug everyone could forget about it but if shit now starts to hit the fan on the daily basis, how will they be able to make people ignore it? Especially if more and more shit gets targeted that normies love (just imagine lots of game services, celebrities or convenient shit getting into problems - normies get furious about stuff like this

>> No.64149204
File: 100 KB, 433x466, 1515026947978.png [View same] [iqdb] [saucenao] [google] [report]
64149204

>>64149167
not even Linus considers AMD to be a competitor

he just jumps straight to ARM64

>> No.64149212

>>64149168
pacman -Syuu dum ass
they already released the new linux in core

>> No.64149214

NSA backdoor confirmed.

>> No.64149226

>>64149197
pls no bully
I am just a normalfag

>> No.64149228
File: 4 KB, 364x96, JUST.png [View same] [iqdb] [saucenao] [google] [report]
64149228

>>64149198
The jokes really do write themselves, huh?

>> No.64149244

>>64149204
Fuck ARM. I like writing x86 assembly.

>> No.64149246

>>64149181
>visit site you're interested in
>broken because of umatrix
>have to allow 1st party domain scripts to see anything
>works now
>uh oh
>site was compromised, unloads javascript payload
>removes your entire os
haha im lovin' it

>> No.64149247

>>64149203
Crossing my fingers for everyone's twatter & faceberg to get hacked & deleted.

>> No.64149249

>>64149212
https://security.archlinux.org/package/linux

nope

>> No.64149250
File: 32 KB, 688x578, 1506942072546.png [View same] [iqdb] [saucenao] [google] [report]
64149250

>>64149228
JUST

>> No.64149264

>>64149246
>>broken because of umatrix
That should be your cue to close the tab. Especially if it's some shady porn site.

>> No.64149278

>>64149244
same

>> No.64149281

>>64147745
Is there an update for Spectre?

>> No.64149296
File: 12 KB, 480x360, just.jpg [View same] [iqdb] [saucenao] [google] [report]
64149296

>>64149228

them getting OFFICIALLY Just-crowned was magical and a sign of things to come.

>> No.64149309
File: 124 KB, 259x367, 1510516605850.png [View same] [iqdb] [saucenao] [google] [report]
64149309

>install umatrix
>4chan doesn't work unless I disable it

what am I doing wrong

>> No.64149312

and everyone made fun of me for blocking javascript

>> No.64149313

What are Meltdown and Spectre?

Meltdown is a security flaw that could allow hackers to bypass the hardware barrier between applications run by users and the computer’s core memory, which is normally highly protected.

Spectre is slightly different. It potentially allows hackers to trick otherwise error-free applications into giving up secret information.
Is it serious?

Yes. Meltdown is “probably one of the worst CPU bugs ever found” according to Daniel Gruss, one of the researchers at Graz University of Technology who discovered the flaw. It is very serious in the short term and needs immediate attention.

>The problem with Meltdown is that anything that runs as an application could in theory steal your data, including simple things such as javascript from a web page viewed in a browser.

Spectre, on the other hand, is harder for hackers to take advantage of but is also more difficult to fix and is expected to be a bigger problem in the long term.

Goodbye processor jew
they probably exploited the thing that lets executable ring 3 files patch hardware firmware OR BIOS on the fly (usually used on laptop OEM patches)

>> No.64149315

>>64149281
Based on the latest updates it is largely mitigated by restricting unprivileged access to high resolution timers in user space.

>> No.64149316

>>64149204
>Linus
i am not 12 years old anon

>> No.64149321

>>64147078
How the fuck did they get away with this for so long? I'm not even a comp sci major and I understand everything about the vulnerability. How the fuck did they get away with kernel memory leakage for a fucking decade without anyone noticing? Is every computer engineer alive retarded?

>> No.64149326

>>64147763
Source?

>> No.64149333

>>64149312
I've had it blocked for 3 years now and just close any website that won't work without it. Hasn't slowed me down online, there is always an alternative available.

>> No.64149353

>>64147378
the mental gymnastics people do to blame the jews for everything holy fuck

>> No.64149358

>>64149204
Not really. If you knew Linus and his opinions, you'd know x86 is his most favourite arch. So you can tell he's really sick of Intel's shit when he says even ARM can do better than Intel.

>> No.64149366

>>64149309
Allow scripts for google.com and gstatic.com for the catpcha. XHR and frames are also needed for google.com for the new captcha to start threads IIRC.

>> No.64149387

>>64149249
https://security.archlinux.org/CVE-2017-5754
yep

>> No.64149394

>>64148797
how do I get the fix?

>> No.64149396

>>64149333
How do you post here if you don't allow javascript?

>> No.64149410

>>64149387
that's just meltdown though.

>> No.64149415

>>64148319
So in other words, AMD processors are vulnerable to variant 2 and it's not getting patched in software?

>> No.64149419

>>64147774
it is tho..

>> No.64149425

>>64149321
>I understand everything about the vulnerability
No, you don't. Triggering (and winning) a race condition to fetch the result of an invalid predicted branch to then extrapolate the contents of the memory address from cache data is pretty esoteric if you ask me.

>> No.64149427
File: 317 KB, 600x637, 1512826581505.png [View same] [iqdb] [saucenao] [google] [report]
64149427

>>64149366
Thanks anon I got it working

>> No.64149436

>>64148606
Only on the Cortex A75 cores

>> No.64149441

>>64147393
break out the abacuses

>> No.64149443

>>64147615
You have to enable it on Windows even if you install the patch.
The patch is disabled by default.

>> No.64149449
File: 27 KB, 700x630, 1506784678532.png [View same] [iqdb] [saucenao] [google] [report]
64149449

>>64149366
>third year cs student
>tfw when umatrix thought me what XHR is

I can't be the only one.

>> No.64149456

Thanks God i bought Ryzen :^)

>> No.64149462

>>64149415
not unless someone makes a PoC that shows AMD is vulnerable to it

>> No.64149473

>>64149410
Meltdown is the performance reducing one to patch

>> No.64149474

>>64149394
-Syu
tho the other two 53 and 15 and not (yet)
>>64149410
ye

>> No.64149475
File: 373 KB, 620x616, 1513424924251.png [View same] [iqdb] [saucenao] [google] [report]
64149475

>>64149456
>tfw 1800X

>> No.64149490

>>64149474
I don't know what this is. is the fix only for ganoo/loonix?

>> No.64149507

>>64149456
Me too but we're still affected by Spectre

>> No.64149523

>>64149507
Spectre is harmless, desu.

>> No.64149524

>>64149316
Goddammit it happened...
Not that linus you space waste

>> No.64149531

>>64149333
So you visit what, 10 sites total?
If you're that paranoid just throw some linux distro on a VM and browse happily. Can't be any more of a hassle than tweaking every single page around JS.

>> No.64149533

>>64149200
Because it hasn't been proven that Spectre works on modern AMD CPUs, or in AMD CPUs with default settings, AMD says one of them can't affect AMD CPUs at all and the other one can be patched with no performance decrease

>> No.64149539

>>64149321
>How the fuck did they get away with kernel memory leakage for a fucking decade without anyone noticing?
Implying it wasn't put there deliberately for a specific purpose.

>Is every computer engineer alive retarded?
Even imagining that a CPU could bypass critical security checks during speculative execution by design for performance gains is mind-boggling and completely insane.
Unless there's jewish trickery magicks involved!

>> No.64149557

>>64149456
It's impacted by Spectre.
It's only safe from Meltdown. Spectre won't make any serious impact on performance, but it's a design flaw with CPU's, not the OS.

>> No.64149558

>>64149531
Actually thanks to this new exploit, said javascript exploit can completely bypass the VM and directly target the host.

VM's are useless if you're using it as a security precaution.

>> No.64149559

>>64149462
>this shit is vulnerable due to basic design flaws of branch prediction
>we've fucking reversed engineered the branch prediction for Haswell and have a PoC for it
you:
>there's no PoC in the wild so AMD must not be vulnerable

>> No.64149564

>>64149531
>linux distro on a VM and browse happily.

Ahh, how cute. You still think your VM is safe. Lovely.

>> No.64149569

>>64149366
>using the captcha
shiggity diggity doo

>> No.64149599

>>64149533
Meltdown is Intel only. but Spectre is still a hardware problem. It can be patched in the OS, but that's just a software bandaid to a problem that's physically built into the chip. It's like patching your car computer to fix a problem with the engine. The engine is still fucked.

>> No.64149618

>>64149559
AMD has a different architecture, so expecting a different PoC is reasonable.
If it's so basic, I think one will be created soon.

>> No.64149621

>>64149524
you knew it would happen
and you posted it anyway
you can only blame yourself
>:D :DDD :D

>> No.64149630

>>64147078
>>64147222
>>64147256
>>64148581
>>64147452
>>64147256
Is this a chance for Asia to replace Intel like Samsung or Softbank (ARM)?

Or will IBM come back to the consumer market?

>> No.64149632

>>64149321
>putting linux distro in a vm with known h/w vuln allowing even js running in a browser inside guest vm to read and modify host kernel memory
the only way to safely browse web in 2018 is through an analog polaroid camera, anon.

>> No.64149641

>>64149396
There's a NoScript captcha or you can use a pass, everything else works without JS

>> No.64149643

i thought these guys were supposed to be getting paid $300k/yr so stuff like this doesnt happen

>> No.64149660

>>64149564
>>64149558
Disposable laptop.

Put content on USB, transfer to offline desktop

>> No.64149668

>>64149618
Reverse engineering the inner workings of a processor is no small feat. There's a good chance that we're not going to hear about it when someone does make one.

>> No.64149692
File: 132 KB, 732x924, update.jpg [View same] [iqdb] [saucenao] [google] [report]
64149692

>>64147078
Updated

>> No.64149705

>>64149668
Considering the number of eyes that must be on AMD looking for this same vulnerability now, I think we would see one pretty soon (on the order of a couple of months).

>> No.64149719

>>64147511
damn that means intel flagship processor based laptop wll be cheaper to own now lol

>> No.64149730

>>64149668
AMD had 6 months to analyze all the implications and they concluded: NOT vulnerable. Besides, I'd say Intel'd spent double effort to somehow prove AMD is affected too, just to share the blame.
Guess what, didn't happen.

>> No.64149755

>>64149244
>>64149278
Fuck YOU.
You're the reason we are still stuck with that shit-tier overheating architecture.
Literally every other architecture has been better but lost out to that jewshit because of Wintel alliance.

Although I will admit ARM is still kiddy-tier. Let's face it, they are the joke of the industry.
But even with its shit hardware, it can still outperform a reasonably powerful computer of the last decade on most tasks.
The only thing holding ARM back are shit patents and shitty multi-threading and multi-tasking also.
Mind you, I've had no problem with multi-tasking on my Scamsung tablet, the only decent Android tablet ever made simply because it actually had multi-tasking! And this is a shitty tablet from way back at the beginning. It was Android 4 or some shit. This involving me listening to music, watching videos, drawing and running games.
The Android native multi-tasking system is hilariously shit. Fuck off Google, don't give me the keks, that shit is embarrassments all around. They shoulda just integrated Samsungs when they had the chance.

>> No.64149783

>>64149490
mixed you with the other anon

dunno
there was a thread with a pajet for windwos

>> No.64149785
File: 68 KB, 582x389, sec-mcp-payments-table-small.jpg [View same] [iqdb] [saucenao] [google] [report]
64149785

>>64149692
Thanks! $3m has been deposited to your account.

>> No.64149790
File: 21 KB, 400x300, 1504382851052.jpg [View same] [iqdb] [saucenao] [google] [report]
64149790

>>64147419
Not unless you're on an OS that doesn't have memory isolation

>> No.64149797

>>64149730
How is
>near-zero risk of exploitation
>has not been demonstrated on AMD processors to date
equivalent to "not vulnerable"?

>> No.64149804

to think that they will get a slap on the wrist, a scapegoat (probably a janitor), a little fine and that's it...

>> No.64149810
File: 65 KB, 679x711, Spectre and Meltdown.jpg [View same] [iqdb] [saucenao] [google] [report]
64149810

>>64147393
>>64147640

>> No.64149813

>>64147671
They can be fixed in software by using tricks that neuter caching, branch prediction, and other OoO optimizations, but it's going to make programs slower.

>> No.64149842

>>64149804
thats what happens in a fake capitalistic society where 1 company has a monopoly over everything.

>> No.64149857

>>64147640
i don't see MIPS or PowerPC anywhere on that list.

>> No.64149867

>>64149804
Yeah the media isn't even reporting that well on this one, I thought for sure today everyone would be reporting on it.

>> No.64149869

>>64149804
Is it too late to get a job at Intel to take the blame and get paid off a few million to go to jail for a year?
I'm free, Intel, if you are in this thread. Hit me up bbs

>> No.64149875

>>64149785
Fuck, I wish..

I'd be putting that shit on AMD right now lololol
But seriously, it's updated.
https://www.kb.cert.org/vuls/id/584653

>> No.64149877

>>64149857
PowerPC and ARM64 are affected by Spectre as well.

>> No.64149885

>>64149396
the only sane way to use this s(h)ite is with 4\c/h\a(n(x type thing

>> No.64149886

>>64148187
underrated

>> No.64149889
File: 681 KB, 960x960, apathy.png [View same] [iqdb] [saucenao] [google] [report]
64149889

I really dislike the current state of /g/ where every single thread derails into a Intel vs AMD shill-shitfest.

Instead, please answer me this. The CERT entry and numerous others suggest replacing CPUs and that everything past '95 is vulnerable. So here's my question:
In 2018, what do I buy (as a consumer) to keep me safe? The only literal thing not listed anywhere is MEDIATEK? Do I have to use a fucking MTK arm chit cpu as my daily driver?

>> No.64149911

>>64149889
>implying you can be safe
you buy a pair of wirecutters and snip your ethernet cable you little fag
only keep data on networked devices you don't mind everyone else having access to

>> No.64149918

>>64149889
Don't buy anything.
Don't visit websites with JS turned on.
Don't download ANYTHING.
Wait for a few years.
????
Problem solved.

>> No.64149923

>>64148062

It will never be "fixed", it's a hardware bug.

>> No.64149926

>>64149889
With such a gaping hole there's nothing to keep you safe. Even if you move your own data to some esoteric shit nobody could target, they still would attack your bank, government, social network, favorite porn site.

>> No.64149943

>>64147511
oh shit I better get another storage unit for more thinkpads

>> No.64149953

>>64149889
I wouldn't buy anything until there are a plethora of post patch benchmarks and possibly Ryzen 2 benchmarks if I was willing to wait longer.

>> No.64150015

So how much should I sell my Quad core i7-6700k @ 4ghz for?

>> No.64150018

>>64149889
honestly there's not much you can do as a consumer except wait and be cautious in your computing at this point. even if you can find something not vulnerable to these specific vulnerabilities, there's likely a whole family of related issues in all but the simplest (read: slowest) of processors. all processor vendors will be spending some time reevaluating designs that have been mainstays for many years and will hopefully suss out the flaws that surely exist.

for now, don't let code you don't trust run in userspace. yes, that includes in your browser. if you're Amazon or whatever and you host virtualized servers for customers you have a different threat model and I, a rando on 4chan, cannot help.

>> No.64150025

>>64147511
Now you, too, can build a cluster computing network.

>> No.64150033

>>64147763
NO FIX is a too hard concept to grasp for you.
It'x a fundamental flow which can be mitigated in future software development on AMD as well as on Intel. But the flaw has NO FIX and needs a new CPU to be eradicated.

>> No.64150036
File: 209 KB, 400x416, 1511420724846.png [View same] [iqdb] [saucenao] [google] [report]
64150036

HOW BAD IS IT GONNA GET?

>> No.64150041

>>64147511
Time to replace my good ol' R710.

>> No.64150057

>>64150015
About three fiddy.

>> No.64150061
File: 2.01 MB, 400x225, 1512737604643.gif [View same] [iqdb] [saucenao] [google] [report]
64150061

>tfw this is all a farce playing out so that the jew can look into your computer and see if you have anything 'you are not supposed to have'

>> No.64150083

>>64149926
This
Even if you moved to a Pentium II or an AMD Thunderbird with Windows 98, you are still vulnerable.

This has a bigger impact on cloud and multiuser systems then us though

>> No.64150084

>>64150036
we are literally going to hell

>> No.64150086

>>64150061
Even if some exploit had kernel access, it can't look into my unmounted encrypted TC volumes.

>> No.64150092
File: 130 KB, 1300x957, throwaway.jpg [View same] [iqdb] [saucenao] [google] [report]
64150092

>>64147078
ABANDON SHIP

>> No.64150094

>>64149911
>>64149918
>>64149926
>>64149953
>>64150018

Thanks for actual answers. Guess it's just a waiting game for now. And If nothing else - a resurgence in cheap used hardware for offline computing/workloads.

>> No.64150118

>>64147927
Citing a press release to argue anything about this is plain retarded. Both statements from both vendors try to conveniently bend words to appease their stockholders. Only a fool would look at anything but papers, actual advisories or neutral third parties in infosec.

>> No.64150121
File: 145 KB, 645x729, caveman-wojak-59ee2f295f52c.png [View same] [iqdb] [saucenao] [google] [report]
64150121

>>64150036
BAK 2 DA STOHN AYGES

>> No.64150138

>>64149797
Let's not argue semantics here. Read the fucking paper.
>Haswell seems to have multiple branch prediction mechanisms that work very differently:
>with a specific version of Debian's distro kernel running on the host

>> No.64150146

>>64149923
>microcode doesn't exist

>> No.64150158
File: 22 KB, 220x348, 220px-Bundesarchiv_Bild_183-S33882,_Adolf_Hitler_retouched.jpg [View same] [iqdb] [saucenao] [google] [report]
64150158

>>64147078
DID SOMEONE SAY... THE FINAL SOLUTION??

>> No.64150176

>>64150158
no go back to >>>/pol/
faggot

>> No.64150187

>>64150086
>CIA gets root
>they install persistent spyware
>one day you mount your volume and unencrypt it so you can peruse your cheese pizza
>CIA now knows everything
that's a checkmate, atheist

>> No.64150208

>>64150176
/g/ can't even take jokes now.
Go back to macrumors instead, faggot.

>> No.64150222

>>64150036
Honestly the only thing that could be worse than Meltdown would be taking literal control over the user's brain

>> No.64150239

>>64149456
Still rockin' my cheap 1400

>> No.64150250

>>64149889
Lock self in a dark, sound insulated room with airgap'd pencil and paper.

>> No.64150277

lawsuit when

>> No.64150294

>>64150187
>implying they couldn't do this before
yeah i am sure they couldn't
also why would you hold pictures of cheese pizza on your PC ?
is this some weird American fetish ?
>>64150208
i came here from /pol/ so you can fuckoff El Goblino

>> No.64150324

>>64147289
Meltdown solution is new CPUs, the software patch is just a mitigation to move sensitive data out of an application's address space. The real fix would have to prevent an application from accessing supervisor pages.

>> No.64150332

>>64150294
they couldn't from an otherwise sandboxed script in your browser, which is what 99% of the modern web is

>> No.64150341

>>64147204

Meltdown is the Intel-only problem and it's patchable.

Spectre affects everything. Everything.

>> No.64150342

>>64147774
Wrong, retard.

>> No.64150351

>>64147745
>which is pretty muchwhat they can do already
No it's not.

>> No.64150373

>>64150341
>it's patchable

only to a large determent to performance

>> No.64150387
File: 363 KB, 527x832, (((perlroth))).png [View same] [iqdb] [saucenao] [google] [report]
64150387

>>64147393
> (((Perlroth)))

>> No.64150391

>>64149923
that's meltdown you fuckwit

>> No.64150397

>>64150332
oh boy maybe i should put all my pictures with Tiles into a single folder and encrypt them :/

>> No.64150449

>>64147078
>people still think the issue can't be resolved on an OS level
>people still think its a bug
AMD shilling so hard to control the market just like they tried with Mantle.

>> No.64150475

intel will release new cpus that are stronger better and harder to break

>> No.64150484

>>64150449
can't a firmware update force a microcode update and plug Specter, while an OS update (with huge performance hits) be applied to patch Meltdown

>> No.64150492

>>64148962
Imagine an userspace program accessing another userspace program's memory. Imagine that JavaScript was able to do this shit. Imagine having browser and crypto wallet open at a same time. Any bells ringing yet?

>> No.64150498

>>64148717
I still have a working crapbook with an Atom N570 running Arch. Guess I will fallback to it again for now.

>> No.64150502

>>64147393
>Nicole
Oh haha, I didn't notice at first that it was a woman

opinion discarded, since when do women know anything about tech

>> No.64150533
File: 274 KB, 3500x1400, 20071009-01bl_tcm100-930025.jpg [View same] [iqdb] [saucenao] [google] [report]
64150533

SPARCbros [email protected]?

>> No.64150549

>>64149073
not according to intel

>> No.64150558

Retard here, does this mean Ryzen is better than patched Coffee Lake?

>> No.64150574

>>64150533
If this shit had happened 15 years ago, I could've just started using my Sparcstation 5

No such luck today

>> No.64150593

>>64150558
Not unless you are running SQL servers, performance for end users will be the same. It's just disk reads and network traffic that seem to be impacted the most.

But it is a security flaw in the hardware design. So, there is that.

>> No.64150611
File: 162 KB, 1000x1000, 1413913323099.png [View same] [iqdb] [saucenao] [google] [report]
64150611

>>64147078

>> No.64150613

>>64150593
goodbye NAS with encrypted data drives

>> No.64150624

>>64150613
Yeah.. literally that.

>> No.64150654

>>64149353
None required when it's always this blatantly obvious.

>> No.64150657

>>64147695
link?

>> No.64150664
File: 310 KB, 650x618, 0b0338bdb191d6be.jpg [View same] [iqdb] [saucenao] [google] [report]
64150664

>> No.64150683

>>64150484
Meltdown issue is due to an exploit (not a bug) that can be resolved on the OS level. If your OS is compromised it doesn't matter what your CPU is. AMD provides the protection through their CPU so the OS doesn't need to, but with Intel you need OS-level protection. Literally turning on (or off) a software switch. Therefore AMD vs Intel will be mostly placebo overall, but with Intel still edging out due to better single-processor power.

Everything involving Specter is... speculative. The issue is no more prevalent than being a dumbass who browses the internet without ublock/noscript and clicks random links without thinking. Not enough concrete information or solutions are out there, just bandaids.

>> No.64150720

>>64150449
It's a flaw in AMD64 architecture affecting anything shipping OoO and manufatcured in the last quarter of century and no, it can't be FIXED on a OS level. It's definitely a flaw and therefore an hardware bug. Intel's implementation lead to an even more viable vulnerability which can be mitigated, not fixed nor resolved, at an OS level, with a big "fuck you" to I/O optimizations. Microcode can't fix it either.

No one in their sane mind would deny it's an hardware bug. Only Intel shills first and AMD shills after them try to convey an inane interpretation of what's in actual papers and advisories.

>> No.64150755

>>64150683
Meltdown is literally a bug in the way speculative execution works on Intel though, not being secure. It's not an exploit that can be patched at OS level, it's a hardware bug which can be worked around at OS level.

>> No.64150763

>>64150683
Almost everything stated in this post is utter bullshit.

>> No.64150820

>>64150720
It's not really an AMD64 architecture flaw though, it's spread to almost every OoO CPU with branch prediction.

>> No.64150862

How long has this been public now and not under 6 month embargo?

>> No.64150888

>>64150755
Its not a fucking bug you moron. It is an exploit. Literally by definition.
>hardware
>bug
pick one retard. Software has bugs. Hardware has defects. Intel's chip design is intentional for performance gains and is remedied on an OS level. Microsoft knew this and if you think they didn't you're a basic bitch.

AMD has a feature and Intel does not. That means its a lacking feature. Not a bug. And exploiting that lack of feature resulted in Metldown.

>>64150763
Try harder.

>> No.64150906

>>64150683
Yah, that's wrong
Meltdown is a flaw in the chip design for Intel chips since 1995 and one arm chip that allows the memory to be read from any application, it doesn't even need to be malicious. This is a huge problem, because virtual machines in cloud providers can see memory leaks from
the host.

This won't impact CPU performance, it does impact disk reads and network traffic.

Spectre is a different problem,and it impacts all CPUs.

>> No.64150929

>>64150683
Are you an idiot?
Meltdown is an exploit due to a flaw with Intel processors. AMD processors don't allow speculative execution to read supervisor pages.
Specter is a real issue and the authors of the paper came up with a working exploit. It's an inherent issue with all processors that use speculative execution and isn't entirely patchable.

>>64150484
You can't completely plug Specter, it's an inherent issue with speculative execution. Apparently the practical exploits are easier on Intel and harder when JIT is disabled on certain AMD processors. But that doesn't mean the issue is fixed at all.

>> No.64150943

>>64150888
>AMD has a feature and Intel does not. That means its a lacking feature.
It's lacking a feature (protection of memory pages marked supervisor) that is REQUIRED by the x86 standard. Ergo the processor is defective.

>> No.64150965

>>64150929
>AMD processors don't allow speculative execution to read supervisor pages
Obviously I mean they don't allow userspace speculative execution to do so

>> No.64150972
File: 45 KB, 700x525, 3.jpg [View same] [iqdb] [saucenao] [google] [report]
64150972

JC
JC
THE NET IS GOING BLACK
https://www.youtube.com/watch?v=YCzitO446ZY

>> No.64151011

>>64150906
>>64150929
Meltdown only a flaw in the sense that any exploit is a flaw.
Its still not a bug because its hardware-related.
Its still not even a defect because it was intended design.

Its just an exploit.

Stop playing with words because they sound good to you without using them properly.

I'm not even going to talk about Spectre because nobody has any concrete information or solutions regarding it.

>> No.64151042

>>64150943
>required standard
By whom? And since Meltdown is remedied by patching the OS shouldn't the standard be on an OS level anyway?

>> No.64151126

>>64151042
It's not a remedy, it's a workaround at best. The chips are fucked.
There's no way every major cloud system is going to be patched overnight.

>> No.64151166

>>64147078
Does the CPU ride ever end?
Any intel chip after core2duo has the ME.
Any AMD chip after the opteron 6000 series has something similar.
And now everything is effected by spectre and meltdown.
I'm emailing Stallman for advice.

>> No.64151170
File: 81 KB, 713x809, 1504946159461.png [View same] [iqdb] [saucenao] [google] [report]
64151170

>>64147078
w-what's goin on?

>> No.64151176

>>64151011
Technically speaking you may be correct that the standards did not anticipate side channel attacks and hence it may still conform since a speculative execution reading protected memory does not actually affect the architectural state.

>Its still not even a defect because it was intended design.
I never said it was a defect, I said it was a FLAW.
Specifically this is a DESIGN FLAW. The processor conforms to its design but the design itself is flawed.

>I'm not even going to talk about Spectre because nobody has any concrete information or solutions regarding it.
That's not really true, read the fucking paper. https://spectreattack.com/spectre.pdf

>>64151042
>And since Meltdown is remedied by patching the OS shouldn't the standard be on an OS level anyway?
Meltdown is worked around by an OS level change in how memory is mapped. This isn't really a fix.

>> No.64151195

>>64151126
They're not fucked. Meltdown is an inconvenience that AMDfaggots are desperately trying to make people believe they need to switch.

Specter on the other hand is an issue (while not immediate or outstanding) that may get worse because its entirely speculative. It may also be fucking nothing that only affects dumbasses who treat computers like toys that are meant to be thrown away if they're "broken".

>> No.64151221

>>64151195
Shill shtap, you're too late to the party. Better sell your stock and buy AMD while you still can.

>> No.64151238
File: 107 KB, 967x150, hmm.jpg [View same] [iqdb] [saucenao] [google] [report]
64151238

>>64147078
so..????

>> No.64151271

>>64151238
It's possible to entirely mitigated Meltdown (and they have), but it's not possible to entirely mitigate Spectre without disabling speculative execution (which they won't do because it would fuck performance WAY more than the mitigation for Meltdown)

>> No.64151272

>>64149204
>Linus & Co get $500k annually from Intel

No shit sherlock. The mere bad mouthing of Intel by itself is amazing.

>> No.64151285

>>64147078
but what do you replace it with if everyone is effected?

>> No.64151286

>>64149203
Our perception isn't build for this long lasting inconvenience. People will start coping pretty soon.

>> No.64151288

>>64151238
>Intel
>updates

How? Do they have a backdoor for updates too?

>> No.64151290

>>64151238
>immune
After you've been racked by Guillain-Barre -tier performance side effects you'll be immune :^)

>> No.64151291

>>64151195
> its entirely speculative
No. Read the fucking paper they've successfully used a couple of exploits. https://spectreattack.com/spectre.pdf

>> No.64151299

>>64151238
They're running back into the Temple walls-

oh wait....

>> No.64151340

>replacing my 2600K
FROM MY COLD DEAD HANDS

>> No.64151367

>>64151176
Meltdown is not a design flaw. Its an intended design. Its just an exploit. Quit playing semantics.
If there was concrete information on Specter it would be immediately fixed. The issue is still ongoing.
And please don't post shill retarded link to pdfs unless its a .gov.

At least you're starting to admit the Meltdown is more OS related and not hardware. Faggot.

Reminder Microsoft knew and rode the gravy train to avoid having to redesign their OS.
>b-but Microsoft is more competent than Apple
true but
>You could easily bypass the password prompt on older Windows
so competent
Windows 10 is still a piece of shit.

>> No.64151402

>>64151291
Fantastic. A couple of exploits. What about the rest of them? And what about the fixes?

Its an ongoing issue entirely on speculation.

>> No.64151403

>>64151011
It's not a bug, because it's not software. I agree.
I don't think it's by design an exploit, it's just being exploited.
It's a design choice, that was flawed. So I don't agree there. But it's a hardware design choice, not a software one.

>> No.64151404
File: 8 KB, 224x250, intelaviv-by-mossad.jpg [View same] [iqdb] [saucenao] [google] [report]
64151404

>>64151238
Oy vey. Nobody said they are going to be software and free, goy!

>> No.64151482

>>64151367
>Meltdown is not a design flaw. Its an intended design.
The design is flawed in a way they did not anticipate. Processors conform to the design but the design itself is flawed.
That's what a design flaw means.

>And please don't post shill retarded link to pdfs unless its a .gov.
Those are written by the original researchers, retard.

>At least you're starting to admit the Meltdown is more OS related and not hardware
No, meltdown mitigation is OS related. The issue itself is hardware related. A userspace process is not supposed to be able to read data in supervisor pages. Meltdown allows a userspace process to do so.
The mitigation just moves sensitive data out of the mapped memory entirely. This means that context switching incurs additional overhead.

>>64151402
There are no fixes, it's an inherent issue.

>> No.64151521

>>64149247
> Crossing my fingers for everyone's twatter & faceberg to get hacked & deleted.

Or another Fappening.

>> No.64151524

>>64151482
>A userspace process is not supposed to be able to read data in supervisor pages. Meltdown allows a userspace process to do so.
Obviously these "processes" are abstractions and not part of the hardware but you should know what I mean if you know x86. Instructions running without the supervisor bit should not be able to access supervisor pages.

>> No.64151554

>still haven't patched the ME/SPS/TXE vuln
Wake me up when the exploits are in the wild. What data is set to be released by researchers on Jan 9th or is the embargo over early due to the leaks?

>> No.64151582
File: 188 KB, 670x473, happening2.gif [View same] [iqdb] [saucenao] [google] [report]
64151582

Does anyone else have an extremely hard time believing that it took ~20 years for these vulnerabilities to be discovered? really starting to think that this was a case of """"accidental"""" bad design to boost sales

>> No.64151617

>>64149176
does the update affect firefox performance?

>> No.64151621

>>64151582
It must have been a 'EUREKA' moment for the researchers and we have all been a bunch of retards.

>> No.64151623

>>64151582
It might have been known by NSA for a long time, but it got leaked so they dumped it.

It was also noted by AMD that the researchers had access to confidential design information that most people would not have access too, so potentially Intel or AMD knew something might be odd and paid them to figure it out.

>> No.64151635

>>64149197
umatrix does not disable everything by default like noscript or the about:config setting does.

>> No.64151641

>>64151617
No, the only major performance hits I've seen at disk reads and network traffic in benchmarks, not normal desktop usage

>> No.64151694

>>64151582
It's probably been known to be theoretically possible for a while but actually practical exploits took a while.
The reason it was practically exploited recently and independently by multiple teams was because of the development of side-channel techniques.
Researchers took new side-channel methods that had recently been developed and applied it to this.

>> No.64151702

>>64150888
>>64150683

It seems you're too retarded to deliver a correct interpretation of what's detailed in simple advisories; moreover, it seems you lack a minimal required background to handle infosec in general.
Please avoid posting and for the love of God avoid a career in IT in general.

>> No.64151915
File: 119 KB, 504x284, your-work-your-life-your-way.jpg [View same] [iqdb] [saucenao] [google] [report]
64151915

>>64151238
hahaha
intel saves the day again

they know what the fuck they're doing

>> No.64152106

>>64151238
>90% of PCs
how the fuck are they going to do this?

>> No.64152222
File: 113 KB, 753x804, Capture.jpg [View same] [iqdb] [saucenao] [google] [report]
64152222

>>64152106
It's very easy.

I'd tell you, but I gotta go. Good luck, bye!

>> No.64152288

>>64149599
You don't really understand, right? There's more than three variants of Spectre, one of them is Meltdown
All of them are related to modern CPU design, ie. Speculative execution and out out order execution, none of them are software related but can be worked around them in software
All of them affect Intel severely, only two variants of Spectre (but not the one called Meltdown) could affect AMD, and of those two only one was been proven to work on actual hardware under specific non default circumstances

>> No.64152321

>>64152222
tumbling the fuck down

>> No.64152401

>>64152288
No, there are 3 side channel attacks tested by project zero. Two of them are specter and one is meltdown. Google did not use the terminology Meltdown and Specter so they did not make the distinction.
The rest of your post is correct.

>> No.64152507

>>64152401
Weren't Specter and Meltdown names from the other teams?

>> No.64152743

>>64152507
Yes, exactly. And Spectre and Meltdown are separate attacks based on the same principle. Meltdown is NOT called a variant of specter like >>64152288 says.

>> No.64152776

>>64148891
why not just disable speculative execution?

>> No.64152853

>>64152776
massive performance hit

>> No.64152914

Could someone explain what exactly Spectre is?

>>
Name (leave empty)
Comment (leave empty)
Name
E-mail
Subject
Comment
Password [?]Password used for file deletion.
Captcha
Action