[ 3 / biz / cgl / ck / diy / fa / g / ic / jp / lit / sci / tg / vr / vt ] [ index / top / reports / report a bug ] [ 4plebs / archived.moe / rbt ]

Due to resource constraints, /g/ and /tg/ will no longer be archived or available. Other archivers continue to archive these boards.Become a Patron!

/g/ - Technology

View post   

[ Toggle deleted replies ]
File: 119 KB, 1059x737, DSqreVPVQAAs5Xq.jpg [View same] [iqdb] [saucenao] [google] [report]
64147078 No.64147078 [Reply] [Original] [archived.moe] [rbt]

Oh shit even CERT brings the only Solution

>> No.64147204
File: 164 KB, 413x352, 1500920156842.png [View same] [iqdb] [saucenao] [google] [report]


>> No.64147222

nice bug. this is the solution to dropping computer sales.

>> No.64147256

> People wont buy our stuff, lets introduce a flaw since 1995 so that people have to buy our competitors stuff!

Youre a special kind of stupid, intel level stupid id say

>> No.64147289

Meltdown solution is a software patch. Spectre (the one that affects ARM and AMD too) has no solution besides mitigation techniques.

>> No.64147308
File: 104 KB, 803x688, 157.jpg [View same] [iqdb] [saucenao] [google] [report]


>> No.64147324

RISC-V here I come

>> No.64147328
File: 9 KB, 320x180, mqdefaultr.jpg [View same] [iqdb] [saucenao] [google] [report]

I would have said nvidia level myself.

>> No.64147329
File: 48 KB, 498x456, 1513037985264.jpg [View same] [iqdb] [saucenao] [google] [report]

oh shiiiiiiit

>> No.64147358
File: 150 KB, 1075x707, LELLLL.jpg [View same] [iqdb] [saucenao] [google] [report]

I thought this is shop but its actually real

>> No.64147361
File: 5 KB, 227x297, 1439767672462.png [View same] [iqdb] [saucenao] [google] [report]

all according to plan, now watch as the dumb goyim buy Intel CPUs again

>> No.64147370

We could all move back to the era of 486s and 2400 baud modems, where downloading a few low-res nudie shots still felt fresh and new.

>> No.64147378

Letting Jews in Israel Have a virtual 90% monopoly over the Computer Processor market turned out to be a really bad idea That has put our economy and national security at risk. Who could have guessed?

>> No.64147393
File: 90 KB, 579x569, Screenshot_20180104_115238.png [View same] [iqdb] [saucenao] [google] [report]

It's not just intel. AMD is vulnerable too.

>> No.64147397

>powerPC will come back
I want to play Mighty Mike / Power Pete again

>> No.64147398

The final solution to the Intel botnet is total extermination, noice.

>> No.64147419

Spectre affects PowerPC as well.

>> No.64147422
File: 234 KB, 882x758, delid.png [View same] [iqdb] [saucenao] [google] [report]


>> No.64147452

the only reason it exists is because intel wanted to make the cpu as cheaply as possible and its proprietary so no one can just look at it and see what garbage it has inside.

>> No.64147453


>> No.64147466

What the fuck is going on.

>> No.64147492
File: 602 KB, 963x720, 1396931836134.png [View same] [iqdb] [saucenao] [google] [report]

So is Spectre an actual threat or is it just some boogeyman bullshit?

>> No.64147498
File: 58 KB, 500x500, vHedWVd.jpg [View same] [iqdb] [saucenao] [google] [report]

>TU Graz

tfw my uni took down Intel.

>> No.64147499

>Note here: Intel stock went down today but Spectre affects AMD an ARM too
found the intel stock owner.

>> No.64147501

The dark age of computing has come. We're all going back to the stone age.

>> No.64147508

The latter.
Meltdown is the actually dangerous one.

>> No.64147510

Ok this Intel i7 4770k that i own will be the last Intel CPU that i will have

>> No.64147511

You know what this means?

Flood of Intel - based computers on the market

specially from corporate partners

>> No.64147518


>> No.64147545

Daily reminder:
Spectre affects AMD in this way
>non harmful variant
>needs to be in strange configuration
It has been tested only tested on a FX chip and can be patched in OS without performance loss.
This is an intel problem only.

>> No.64147596

Out of the box AMD isn't even vulnerable to Spectre 1 or 2, you have to MAKE it vulnerable yourself.

>> No.64147600


offical theme from intel for this

>> No.64147615
File: 87 KB, 736x718, 1512839650459.jpg [View same] [iqdb] [saucenao] [google] [report]

I'm on AMD and my Windows just updated

>> No.64147640
File: 170 KB, 1416x980, ayyymd.png [View same] [iqdb] [saucenao] [google] [report]


>> No.64147643

Look up what a side-channel attack is and you'll find out.

>> No.64147664

But I spend quite a significant amount of time on the computer. What else am I going to be doing?

>> No.64147671

Isn't spectre v1 fixed by a software patch?

>> No.64147695

That's just not true. You can download a simple proof-of-concept program from github which will work even on AMD processors.

>> No.64147704

Okay. Can anything be done about it?
Can I sue Intel for this shit?

>> No.64147713

join the race war.

>> No.64147735

my 7500 is safe right?

>> No.64147738
File: 59 KB, 548x562, intel btfo.png [View same] [iqdb] [saucenao] [google] [report]

Totally BTFO

>> No.64147741

AMD and ARM are also affected.

>> No.64147745

Spectre is a risk, but it's not a big one. It basically means that any program can read any memory in user space, which is pretty muchwhat they can do already. The problem lies in that it can escape browser sandboxes and stuff like that. So website 1 can read what you're doing on other websites.

>> No.64147747

Is this basically forced the.vendors to remake the processor from scratch?

>> No.64147752

Meltdown only affects Intel
Spectre affects everything but is unfixable for Intel. Everything else can just use a patch with no performance loss
CERT is probably paid off by Intel too since there's no point in grouping Meltdown and Sceptre together.

>> No.64147763

AMD's problem is patchable.

>> No.64147770

Jewish propaganda

>> No.64147773

wake me up inside
save me from the nothing my security has become

>> No.64147774

No, it's not.

>> No.64147778

>Spectre affects everything but is unfixable for Intel
And AMD and ARM.

>> No.64147780
File: 49 KB, 500x328, 1344578349219.jpg [View same] [iqdb] [saucenao] [google] [report]

literally laughed out loud at that solution.

>> No.64147802

No you idiot

>> No.64147822

whatever. Trust what the amd fanboys tell you.

>> No.64147825

Don't know about you, friend, but I don't have CPU's of two different manufacturers inside the same machine.
So tell me straight, can the Intel kikes be held accountable for this shit or at least made lose money on stock with a threat of being dragged to court.

>> No.64147857

go check a lawyer, how the fuck I'm going to know that shit.

>> No.64147866

>but is unfixable for Intel.
Spectre is unfixable for everyone.
>Everything else can just use a patch with no performance loss
Wrong. Software patches are available for everyone, and they are all band-aids on fundamentally unsafe architectures, with some amount of performance loss.

>> No.64147905

or keep them offline

>> No.64147927
File: 80 KB, 1210x582, file.png [View same] [iqdb] [saucenao] [google] [report]


>> No.64147931

>tfw people will dump their 8700K on ebay for $100
>tfw I will snatch it up
>tfw I wake up from DRAM

>> No.64147940


>> No.64147948

If carmakers have to recall cars when they have some serious defects, why shouldn't Intel be forced to replace our CPUs with non-faulty ones?

>> No.64147969
File: 85 KB, 642x384, this_kills_the_fanboy.png [View same] [iqdb] [saucenao] [google] [report]



>> No.64148017

there is no "non-faulty" intel CPUs available.

>> No.64148038

Monetary compensation works for me fine.

>> No.64148044

Because Jews. Also because they can't be "repaired", you need a new CPU and Intel doesn't have non-defectuous CPUs. And even if they had a line of non-affected CPUs it would be too expensive to provide anyone with faulty CPUs a new one. It would not only break Intel but leave in in negative numbers. So yeah, they ain't gonna do anything.

>> No.64148053

For recent purchases made within the last year or so you probably can contact the manufacturer to have them returned for a full refund. For purchases older than like 3-5 years good luck with that.

I think there will be an assumption that any product older than a certain length of time has reached or exceeded the expected lifetime of that product and you wont be entitled to get anything back at that point. <1 year old purchases are well under that so it should be possible in most places.

>> No.64148056

Sorry mate, you sounded like you knew shit.

>> No.64148062
File: 5 KB, 384x239, enough.png [View same] [iqdb] [saucenao] [google] [report]

What is it that you dont understand
Yes, amd is vulnerable to the first variant but itcan be foxed with a software update.

>> No.64148074

Sue them.

>> No.64148082

yes it is because it affects only the fx line and only when a very specific flag is on which isnt by default

so in any case amd is safe

>> No.64148088
File: 419 KB, 1080x1080, badge-itanium.png [View same] [iqdb] [saucenao] [google] [report]


>> No.64148098

You're talking about different exploit.

>> No.64148142

It sure is a great day for having an FX-6300. I'm literally laughing at the retards who purchased Intel at any point in the last 20 years, or fell for the "buying a CPU that's not older than 5 years" scam. That's what you get dumbasses.

>> No.64148150

Server hardware should be cheap too

>> No.64148153

there is only ONE that affects amd and thats spectre and only on the fx line

the rest due to the fact that amd has SEV and SEM the hackers can read the data but its garbage since they are all 512 bit encrypted

>> No.64148165

Imagine being this retarded and dense

>> No.64148183

See >>64148148

>> No.64148187
File: 173 KB, 831x767, Intel inside.png [View same] [iqdb] [saucenao] [google] [report]

>> No.64148218

So, we're gonna go back to 90s level computing, aren't we? Personally, I'm fine with that.

>> No.64148251

well yeah intel fans will probably revert back to rock smashing and put lightining into the rock for it to work

>> No.64148256


>> No.64148259

and their source is the project zero's blog, your point?

>> No.64148266
File: 50 KB, 645x729, 1506361990613.png [View same] [iqdb] [saucenao] [google] [report]


>> No.64148298

Do older Atom chipsets have the Management Engine? I can't find much information on this.

>> No.64148319
File: 65 KB, 1227x310, variantvulnerability.jpg [View same] [iqdb] [saucenao] [google] [report]


>> No.64148321

Welp, time to join RISC-V development. Anybody have any good books on CPU designs?

>> No.64148345
File: 35 KB, 408x450, 1506899379997.png [View same] [iqdb] [saucenao] [google] [report]

>I think AMD is not vulnerable because a PR from AMD from yesterday says so

>> No.64148347

pretty sure they dont even understand how hard it is to even exploit spectre let alone to be able brake in SEV in real time

>> No.64148384
File: 116 KB, 645x729, 1507260023571.png [View same] [iqdb] [saucenao] [google] [report]


>> No.64148396
File: 28 KB, 980x321, Screenshot-2018-1-4 Merge branch 'x86-pti-for-linus' of git git kernel org pub scm linu… · torvalds linux 00a5ae2.png [View same] [iqdb] [saucenao] [google] [report]


>> No.64148410

AMD is only affected by Spectre, not Meltdown. The biggest issue here is Meltdown.

>> No.64148416

That's Meltdown, not Spectre. How low is your IQ?

>> No.64148420

As far as I know, only Ryzen is fixable.

>> No.64148435

Which is already fixed.

Not fixable.

>> No.64148455

We get it. You are using Intel.

>> No.64148466

That and the meltdown whitepaper says it isn't.

>> No.64148469

yes we get it, the only chip getting cucked in performance are intel CPUs despite there being two vulnerabilities.

>> No.64148478

spectre is os fixed
how low is yours

>inb4 fx

>> No.64148486

Love how you skipped the Spectre whitepaper.

>> No.64148488

By the standards of what you are terming "fixable" (which isn't really, it's just papering over the issue with software and microcode), all other CPUs are also "fixable".

>> No.64148489
File: 5 KB, 669x122, intel.png [View same] [iqdb] [saucenao] [google] [report]

>Which is already fixed.

>> No.64148505

Spectre is unfixable.

That's for Spectre.

>> No.64148510

What about phones? Are you basically fucked if you have an old smartphone? Do I need to make my parents replace theirs?

>> No.64148523

Try reading the actual page you copy-pasted.

>> No.64148528

>tfw I just bought a new phone after christmas

>> No.64148540

Nope. I think only procs/mobos marked with vpro.

>> No.64148559


>> No.64148565

is this a flaw exclusive to modern x86? most phones don't run that architecture

>> No.64148580

>When one agency tells you to switch hardware while another agency is happy to have its backdoor

>> No.64148581

>how to overcome declining sales due to plateauing over mores law
They just didnt expect to have to wait so long.
This was their ace in the sleeve.

>> No.64148582

Nope, ARM64 is affected too.

>> No.64148594 [DELETED] 

>Spectre is unfixable.

>> No.64148600

was the backdoor wanted by the NSA, FBI and CIA?

>> No.64148606

No, Spectre affects ARM as well. It has been tested at least on Qualcomm chipsets.

>> No.64148629

where is a list of affected CPU's ?
i have Intel Core 2 Duo T7250 is this safe ?

>> No.64148645

no all Intel CPUs expect for the first Generation are fucked

>> No.64148649

No, every CPU since Pentium Pro (1995)

>> No.64148653

Probably not wanted in the sense that it was commissionned, but it is most likely that they knew about it and used it.

>> No.64148655

Everything made after 1996 is fucked. Original Pentium is fine.

>> No.64148698

will someone tl;dr me how the exploit works?

>> No.64148702

Alright, tell me If I got this right:

Intel ME = NSA backdoor
Meltdown = affects Intel CPUs; is fixable but comes with a performance penalty
Spectre = affects multiple architectures; cannot be fixed

>> No.64148717

From https://meltdownattack.com/ and https://spectreattack.com/
>More technically, every Intel processor which implements out-of-order execution is potentially affected, which is effectively every processor since 1995 (except Intel Itanium and Intel Atom before 2013).

>> No.64148723
File: 580 KB, 800x1138, 1511623598192.gif [View same] [iqdb] [saucenao] [google] [report]

Pretty much

>> No.64148732

Both Meltdown and Spectre can be "fixed". But it's just patching post-facto. The vulnerability is still in the chips.

>> No.64148737

THE VEIL IS LIFTING!!!!!!!!!!!!!!!!!

>> No.64148773

thanks anons
also this, could someone explain this on the retard level ?

>> No.64148795
File: 283 KB, 397x484, 1514206862309.png [View same] [iqdb] [saucenao] [google] [report]

>tfw I bought a new laptop with an i5 for Christmas.

>> No.64148797

>Spectre = affects multiple architectures; cannot be fixed
for intel

for amd fixed

>> No.64148801
File: 14 KB, 112x112, 307051923817758721.png [View same] [iqdb] [saucenao] [google] [report]

Doesn't say it anymore..
>Apply updates
>Operating system and some application updates mitigate these attacks.

Seems (((they))) didn't want people to panic.

>> No.64148810

Does this change the power consumption?

>> No.64148826

More like the shekels weren't deposited then.

>> No.64148830

You're CPU contracts AIDS
But seriously, Meltdown would've let a program access memory from the kernel that it really, really should not be able to, and could use this for a wide variety of purposes not limited to bricking a mobo or stealing passwords. This is the intel specific one with the i/o penalty on patching. Some variant of Spectre does something similar, but it is from application to application, so it can steal passwords from another browser or fuck stuff up from inside a vm. One variant is unpatchabke, but is difficult to exploit, and should affect most CPUs.

>> No.64148844
File: 46 KB, 596x628, 1491624720875.jpg [View same] [iqdb] [saucenao] [google] [report]


>> No.64148878

This has been flawed for 10 years. It's definitely already been exploited.

>> No.64148885
File: 277 KB, 1152x648, HeyDoc.png [View same] [iqdb] [saucenao] [google] [report]

Psst.. I can see your hardware specs!
They look an awful lot like mine..
Carry on..

>> No.64148891
File: 486 KB, 1080x1724, Screenshot_2018-01-04-20-57-42-706_com.chrome.beta.jpg [View same] [iqdb] [saucenao] [google] [report]


>> No.64148913
File: 30 KB, 286x214, 1164139335819.jpg [View same] [iqdb] [saucenao] [google] [report]

Could all this potentially mean a (temporary?) end to the "internet of things" madness?

>> No.64148936

it's an oversight in the design of modern processors that gives an attacker easy, unrestricted access to all system memory and low level hardware calls and they can probably do it from anything, including javascript

basically everything is fucked, fucked harder than ever before seen

>> No.64148946

Makes me wonder if this is what the NSA/FBI NIT exploits were all about,and why they refused to reveal them

>> No.64148962

Will this even affect home computer users? It looks more to be a server problem.

>> No.64148983

it's a severe security flaw that effects pretty much everyone

>> No.64148985

Nah. Manufacturers of "smart" devices haven't given a shit about security before, why would they start now? Insecure devices, identity theft, loss of privacy have all become normalized.

>> No.64149007

It effects everyone.

>> No.64149029

The chips themselves were designed in a way to boost apparent speeds while scraping security for performance so intel could hold a monopoly.
The design flaw has been discovered and is pretty much as bad as it gets.

>> No.64149041

> scraping security for performance so intel could hold a monopoly
but it's not just intel chips

>> No.64149065

The main issue is Intel only.

>> No.64149070

I know what meltdown is, but what the fuck is spectre? Does it just allow any ring 3 program to read memory from any other ring 3 program? Oh no! Where is the big deal?

>> No.64149071

Please answer.

>> No.64149073


so is intel's case then

>> No.64149085

so now i should just dump my intel and buy AMD instead ?
also will i be able to say if i am under attack ?

>> No.64149092

So the fix to meltdown is to patch the OS and the fix to spectre is to use page isolation/disabling javascript completely?

>> No.64149094

Thing is modern world is dependent on servers, this is not just your pc getting slow, is world security being with their buttcheeks ready to be fucked.

>> No.64149095
File: 29 KB, 664x520, 1.jpg [View same] [iqdb] [saucenao] [google] [report]

In one week tops nobody knows anymore and will buy i7 inside to get permanent wood despite being a failure. Intel will do three things. A. Not talk about it. B. Let shills mix specter and meltdown such that average normalfags can't tell the difference anymore. C. Let shills smear dirt on other manufacturers because of spectre. The only problem they have is companies but who knows if management will be able to tell the difference.

>> No.64149096

>Spectre is unfixable.
for intel :^)

>> No.64149100

Don't conflagrate Meltdown and Spectre, that anon is obviously referring to Meltdown

>> No.64149109


is Intel actually owned by jews or is it just a meme

>> No.64149119

the patch for intel comes with a 30-60% hit to performance

the funny thing is, even after the patch, in a lot of cases intel is still faster than AMD

>> No.64149147

>MSI will not provide updates for H97
Am I fucked? What should I do? Running fucking server 2016 with VMs.

>> No.64149149

I dunno, but Sandy Bridge was designed by Intel Israel, which was the arch that gave them market domination which cased the last 5 years of x86 to be stagnant, so it checks out, I guess.

>> No.64149157
File: 653 KB, 1080x1080, 1512425617270.jpg [View same] [iqdb] [saucenao] [google] [report]

guys should I disable javascript?

>> No.64149158
File: 68 KB, 1024x375, js.jpg [View same] [iqdb] [saucenao] [google] [report]

>is Intel actually owned by jews or is it just a meme

About 60% of Intel Israel's employees are engaged in cutting-edge R&D, while half support high-volume manufacturing of microprocessors that power the world's computing devices.

>> No.64149163

Not faster than my 1800X.

>> No.64149166

Meltdown, the more problematic exploit, that's already been implemented and proven to work, is intel only.

Spectre, which is far more unexplored though admittedly probably pretty dangerous, affects pretty much everybody, but isn't yet considered a problem since nobody's developed it out yet enough.

>> No.64149167

>the funny thing is, even after the patch, in a lot of cases intel is still faster than AMD

can a non Intel shill answer me please ?

>> No.64149168

~ » arch-audit
Package binutils is affected by CVE-2017-17126, CVE-2017-17125, CVE-2017-17124, CVE-2017-17123, CVE-2017-17122, CVE-2017-15996, CVE-2017-15025, CVE-2017-15024, CVE-2017-15023, CVE-2017-15022, CVE-2017-15021, CVE-2017-15020, CVE-2017-9044, CVE-2017-9043, CVE-2017-9042, CVE-2017-9041, CVE-2017-9040, CVE-2017-9039, CVE-2017-9038, CVE-2017-7210, CVE-2017-7209, CVE-2017-6969, CVE-2017-6966, CVE-2017-6965. High risk!
Package cairo is affected by CVE-2017-7475. Low risk!
Package exiv2 is affected by CVE-2017-11592, CVE-2017-11591, CVE-2017-11553. Medium risk!
Package ffmpeg is affected by CVE-2017-16840. Medium risk!
Package glibc is affected by CVE-2017-15671. Low risk!
Package jasper is affected by CVE-2017-9782, CVE-2017-6852, CVE-2017-6850, CVE-2017-5505, CVE-2017-5504, CVE-2017-5503. High risk!
Package lame is affected by CVE-2017-9872, CVE-2017-9871, CVE-2017-9870, CVE-2017-9869, CVE-2015-9101. Medium risk!
Package libffi is affected by CVE-2017-1000376. High risk!
Package libvorbis is affected by CVE-2017-11735, CVE-2017-11333. Low risk!
Package linux is affected by CVE-2017-5753, CVE-2017-5715, CVE-2017-17741, CVE-2017-16644, CVE-2017-1000379, CVE-2017-1000371, CVE-2017-1000370, CVE-2017-1000365. High risk!
Package mkinitcpio-busybox is affected by CVE-2017-16544. High risk!
Package openssl is affected by CVE-2017-3738. Medium risk!
Package pcre is affected by CVE-2017-11164. Medium risk!
Package rsync is affected by CVE-2017-17434, CVE-2017-17433. Medium risk!
Package vorbis-tools is affected by CVE-2017-11331. Low risk!

Well, fuck.

>> No.64149176

no just update firefox or wait until the 23rd until chrome updates

>> No.64149181

You should be using uMatrix regardless of any known exploits.

>> No.64149185

You should have disabled it before this happened anyways :^)
But yeah, get noscript and only disable when truly required

>> No.64149193


>> No.64149197

uMatirx, you fag. What is this, 2012?

>> No.64149198

oy vey

>> No.64149200

then why the fuck is every amd shill saying that they already fixed spectre on AMD?

>> No.64149203

You can already see how things are getting mixed up and relativized a lot.
But the thing is that this problem is so severe that the fallout will be devastating in the near future.
If it was just a bug everyone could forget about it but if shit now starts to hit the fan on the daily basis, how will they be able to make people ignore it? Especially if more and more shit gets targeted that normies love (just imagine lots of game services, celebrities or convenient shit getting into problems - normies get furious about stuff like this

>> No.64149204
File: 100 KB, 433x466, 1515026947978.png [View same] [iqdb] [saucenao] [google] [report]

not even Linus considers AMD to be a competitor

he just jumps straight to ARM64

>> No.64149212

pacman -Syuu dum ass
they already released the new linux in core

>> No.64149214

NSA backdoor confirmed.

>> No.64149226

pls no bully
I am just a normalfag

>> No.64149228
File: 4 KB, 364x96, JUST.png [View same] [iqdb] [saucenao] [google] [report]

The jokes really do write themselves, huh?

>> No.64149244

Fuck ARM. I like writing x86 assembly.

>> No.64149246

>visit site you're interested in
>broken because of umatrix
>have to allow 1st party domain scripts to see anything
>works now
>uh oh
>site was compromised, unloads javascript payload
>removes your entire os
haha im lovin' it

>> No.64149247

Crossing my fingers for everyone's twatter & faceberg to get hacked & deleted.

>> No.64149249



>> No.64149250
File: 32 KB, 688x578, 1506942072546.png [View same] [iqdb] [saucenao] [google] [report]


>> No.64149264

>>broken because of umatrix
That should be your cue to close the tab. Especially if it's some shady porn site.

>> No.64149278


>> No.64149281

Is there an update for Spectre?

>> No.64149296
File: 12 KB, 480x360, just.jpg [View same] [iqdb] [saucenao] [google] [report]


them getting OFFICIALLY Just-crowned was magical and a sign of things to come.

>> No.64149309
File: 124 KB, 259x367, 1510516605850.png [View same] [iqdb] [saucenao] [google] [report]

>install umatrix
>4chan doesn't work unless I disable it

what am I doing wrong

>> No.64149312

and everyone made fun of me for blocking javascript

>> No.64149313

What are Meltdown and Spectre?

Meltdown is a security flaw that could allow hackers to bypass the hardware barrier between applications run by users and the computer’s core memory, which is normally highly protected.

Spectre is slightly different. It potentially allows hackers to trick otherwise error-free applications into giving up secret information.
Is it serious?

Yes. Meltdown is “probably one of the worst CPU bugs ever found” according to Daniel Gruss, one of the researchers at Graz University of Technology who discovered the flaw. It is very serious in the short term and needs immediate attention.

>The problem with Meltdown is that anything that runs as an application could in theory steal your data, including simple things such as javascript from a web page viewed in a browser.

Spectre, on the other hand, is harder for hackers to take advantage of but is also more difficult to fix and is expected to be a bigger problem in the long term.

Goodbye processor jew
they probably exploited the thing that lets executable ring 3 files patch hardware firmware OR BIOS on the fly (usually used on laptop OEM patches)

>> No.64149315

Based on the latest updates it is largely mitigated by restricting unprivileged access to high resolution timers in user space.

>> No.64149316

i am not 12 years old anon

>> No.64149321

How the fuck did they get away with this for so long? I'm not even a comp sci major and I understand everything about the vulnerability. How the fuck did they get away with kernel memory leakage for a fucking decade without anyone noticing? Is every computer engineer alive retarded?

>> No.64149326


>> No.64149333

I've had it blocked for 3 years now and just close any website that won't work without it. Hasn't slowed me down online, there is always an alternative available.

>> No.64149353

the mental gymnastics people do to blame the jews for everything holy fuck

>> No.64149358

Not really. If you knew Linus and his opinions, you'd know x86 is his most favourite arch. So you can tell he's really sick of Intel's shit when he says even ARM can do better than Intel.

>> No.64149366

Allow scripts for google.com and gstatic.com for the catpcha. XHR and frames are also needed for google.com for the new captcha to start threads IIRC.

>> No.64149387


>> No.64149394

how do I get the fix?

>> No.64149396

How do you post here if you don't allow javascript?

>> No.64149410

that's just meltdown though.

>> No.64149415

So in other words, AMD processors are vulnerable to variant 2 and it's not getting patched in software?

>> No.64149419

it is tho..

>> No.64149425

>I understand everything about the vulnerability
No, you don't. Triggering (and winning) a race condition to fetch the result of an invalid predicted branch to then extrapolate the contents of the memory address from cache data is pretty esoteric if you ask me.

>> No.64149427
File: 317 KB, 600x637, 1512826581505.png [View same] [iqdb] [saucenao] [google] [report]

Thanks anon I got it working

>> No.64149436

Only on the Cortex A75 cores

>> No.64149441

break out the abacuses

>> No.64149443

You have to enable it on Windows even if you install the patch.
The patch is disabled by default.

>> No.64149449
File: 27 KB, 700x630, 1506784678532.png [View same] [iqdb] [saucenao] [google] [report]

>third year cs student
>tfw when umatrix thought me what XHR is

I can't be the only one.

>> No.64149456

Thanks God i bought Ryzen :^)

>> No.64149462

not unless someone makes a PoC that shows AMD is vulnerable to it

>> No.64149473

Meltdown is the performance reducing one to patch

>> No.64149474

tho the other two 53 and 15 and not (yet)

>> No.64149475
File: 373 KB, 620x616, 1513424924251.png [View same] [iqdb] [saucenao] [google] [report]

>tfw 1800X

>> No.64149490

I don't know what this is. is the fix only for ganoo/loonix?

>> No.64149507

Me too but we're still affected by Spectre

>> No.64149523

Spectre is harmless, desu.

>> No.64149524

Goddammit it happened...
Not that linus you space waste

>> No.64149531

So you visit what, 10 sites total?
If you're that paranoid just throw some linux distro on a VM and browse happily. Can't be any more of a hassle than tweaking every single page around JS.

>> No.64149533

Because it hasn't been proven that Spectre works on modern AMD CPUs, or in AMD CPUs with default settings, AMD says one of them can't affect AMD CPUs at all and the other one can be patched with no performance decrease

>> No.64149539

>How the fuck did they get away with kernel memory leakage for a fucking decade without anyone noticing?
Implying it wasn't put there deliberately for a specific purpose.

>Is every computer engineer alive retarded?
Even imagining that a CPU could bypass critical security checks during speculative execution by design for performance gains is mind-boggling and completely insane.
Unless there's jewish trickery magicks involved!

>> No.64149557

It's impacted by Spectre.
It's only safe from Meltdown. Spectre won't make any serious impact on performance, but it's a design flaw with CPU's, not the OS.

>> No.64149558

Actually thanks to this new exploit, said javascript exploit can completely bypass the VM and directly target the host.

VM's are useless if you're using it as a security precaution.

>> No.64149559

>this shit is vulnerable due to basic design flaws of branch prediction
>we've fucking reversed engineered the branch prediction for Haswell and have a PoC for it
>there's no PoC in the wild so AMD must not be vulnerable

>> No.64149564

>linux distro on a VM and browse happily.

Ahh, how cute. You still think your VM is safe. Lovely.

>> No.64149569

>using the captcha
shiggity diggity doo

>> No.64149599

Meltdown is Intel only. but Spectre is still a hardware problem. It can be patched in the OS, but that's just a software bandaid to a problem that's physically built into the chip. It's like patching your car computer to fix a problem with the engine. The engine is still fucked.

>> No.64149618

AMD has a different architecture, so expecting a different PoC is reasonable.
If it's so basic, I think one will be created soon.

>> No.64149621

you knew it would happen
and you posted it anyway
you can only blame yourself
>:D :DDD :D

>> No.64149630

Is this a chance for Asia to replace Intel like Samsung or Softbank (ARM)?

Or will IBM come back to the consumer market?

>> No.64149632

>putting linux distro in a vm with known h/w vuln allowing even js running in a browser inside guest vm to read and modify host kernel memory
the only way to safely browse web in 2018 is through an analog polaroid camera, anon.

>> No.64149641

There's a NoScript captcha or you can use a pass, everything else works without JS

>> No.64149643

i thought these guys were supposed to be getting paid $300k/yr so stuff like this doesnt happen

>> No.64149660

Disposable laptop.

Put content on USB, transfer to offline desktop

>> No.64149668

Reverse engineering the inner workings of a processor is no small feat. There's a good chance that we're not going to hear about it when someone does make one.

>> No.64149692
File: 132 KB, 732x924, update.jpg [View same] [iqdb] [saucenao] [google] [report]


>> No.64149705

Considering the number of eyes that must be on AMD looking for this same vulnerability now, I think we would see one pretty soon (on the order of a couple of months).

>> No.64149719

damn that means intel flagship processor based laptop wll be cheaper to own now lol

>> No.64149730

AMD had 6 months to analyze all the implications and they concluded: NOT vulnerable. Besides, I'd say Intel'd spent double effort to somehow prove AMD is affected too, just to share the blame.
Guess what, didn't happen.

>> No.64149755

Fuck YOU.
You're the reason we are still stuck with that shit-tier overheating architecture.
Literally every other architecture has been better but lost out to that jewshit because of Wintel alliance.

Although I will admit ARM is still kiddy-tier. Let's face it, they are the joke of the industry.
But even with its shit hardware, it can still outperform a reasonably powerful computer of the last decade on most tasks.
The only thing holding ARM back are shit patents and shitty multi-threading and multi-tasking also.
Mind you, I've had no problem with multi-tasking on my Scamsung tablet, the only decent Android tablet ever made simply because it actually had multi-tasking! And this is a shitty tablet from way back at the beginning. It was Android 4 or some shit. This involving me listening to music, watching videos, drawing and running games.
The Android native multi-tasking system is hilariously shit. Fuck off Google, don't give me the keks, that shit is embarrassments all around. They shoulda just integrated Samsungs when they had the chance.

>> No.64149783

mixed you with the other anon

there was a thread with a pajet for windwos

>> No.64149785
File: 68 KB, 582x389, sec-mcp-payments-table-small.jpg [View same] [iqdb] [saucenao] [google] [report]

Thanks! $3m has been deposited to your account.

>> No.64149790
File: 21 KB, 400x300, 1504382851052.jpg [View same] [iqdb] [saucenao] [google] [report]

Not unless you're on an OS that doesn't have memory isolation

>> No.64149797

How is
>near-zero risk of exploitation
>has not been demonstrated on AMD processors to date
equivalent to "not vulnerable"?

>> No.64149804

to think that they will get a slap on the wrist, a scapegoat (probably a janitor), a little fine and that's it...

>> No.64149810
File: 65 KB, 679x711, Spectre and Meltdown.jpg [View same] [iqdb] [saucenao] [google] [report]


>> No.64149813

They can be fixed in software by using tricks that neuter caching, branch prediction, and other OoO optimizations, but it's going to make programs slower.

>> No.64149842

thats what happens in a fake capitalistic society where 1 company has a monopoly over everything.

>> No.64149857

i don't see MIPS or PowerPC anywhere on that list.

>> No.64149867

Yeah the media isn't even reporting that well on this one, I thought for sure today everyone would be reporting on it.

>> No.64149869

Is it too late to get a job at Intel to take the blame and get paid off a few million to go to jail for a year?
I'm free, Intel, if you are in this thread. Hit me up bbs

>> No.64149875

Fuck, I wish..

I'd be putting that shit on AMD right now lololol
But seriously, it's updated.

>> No.64149877

PowerPC and ARM64 are affected by Spectre as well.

>> No.64149885

the only sane way to use this s(h)ite is with 4\c/h\a(n(x type thing

>> No.64149886


>> No.64149889
File: 681 KB, 960x960, apathy.png [View same] [iqdb] [saucenao] [google] [report]

I really dislike the current state of /g/ where every single thread derails into a Intel vs AMD shill-shitfest.

Instead, please answer me this. The CERT entry and numerous others suggest replacing CPUs and that everything past '95 is vulnerable. So here's my question:
In 2018, what do I buy (as a consumer) to keep me safe? The only literal thing not listed anywhere is MEDIATEK? Do I have to use a fucking MTK arm chit cpu as my daily driver?

>> No.64149911

>implying you can be safe
you buy a pair of wirecutters and snip your ethernet cable you little fag
only keep data on networked devices you don't mind everyone else having access to

>> No.64149918

Don't buy anything.
Don't visit websites with JS turned on.
Don't download ANYTHING.
Wait for a few years.
Problem solved.

>> No.64149923


It will never be "fixed", it's a hardware bug.

>> No.64149926

With such a gaping hole there's nothing to keep you safe. Even if you move your own data to some esoteric shit nobody could target, they still would attack your bank, government, social network, favorite porn site.

>> No.64149943

oh shit I better get another storage unit for more thinkpads

>> No.64149953

I wouldn't buy anything until there are a plethora of post patch benchmarks and possibly Ryzen 2 benchmarks if I was willing to wait longer.

>> No.64150015

So how much should I sell my Quad core i7-6700k @ 4ghz for?

>> No.64150018

honestly there's not much you can do as a consumer except wait and be cautious in your computing at this point. even if you can find something not vulnerable to these specific vulnerabilities, there's likely a whole family of related issues in all but the simplest (read: slowest) of processors. all processor vendors will be spending some time reevaluating designs that have been mainstays for many years and will hopefully suss out the flaws that surely exist.

for now, don't let code you don't trust run in userspace. yes, that includes in your browser. if you're Amazon or whatever and you host virtualized servers for customers you have a different threat model and I, a rando on 4chan, cannot help.

>> No.64150025

Now you, too, can build a cluster computing network.

>> No.64150033

NO FIX is a too hard concept to grasp for you.
It'x a fundamental flow which can be mitigated in future software development on AMD as well as on Intel. But the flaw has NO FIX and needs a new CPU to be eradicated.

>> No.64150036
File: 209 KB, 400x416, 1511420724846.png [View same] [iqdb] [saucenao] [google] [report]


>> No.64150041

Time to replace my good ol' R710.

>> No.64150057

About three fiddy.

>> No.64150061
File: 2.01 MB, 400x225, 1512737604643.gif [View same] [iqdb] [saucenao] [google] [report]

>tfw this is all a farce playing out so that the jew can look into your computer and see if you have anything 'you are not supposed to have'

>> No.64150083

Even if you moved to a Pentium II or an AMD Thunderbird with Windows 98, you are still vulnerable.

This has a bigger impact on cloud and multiuser systems then us though

>> No.64150084

we are literally going to hell

>> No.64150086

Even if some exploit had kernel access, it can't look into my unmounted encrypted TC volumes.

>> No.64150092
File: 130 KB, 1300x957, throwaway.jpg [View same] [iqdb] [saucenao] [google] [report]


>> No.64150094


Thanks for actual answers. Guess it's just a waiting game for now. And If nothing else - a resurgence in cheap used hardware for offline computing/workloads.

>> No.64150118

Citing a press release to argue anything about this is plain retarded. Both statements from both vendors try to conveniently bend words to appease their stockholders. Only a fool would look at anything but papers, actual advisories or neutral third parties in infosec.

>> No.64150121
File: 145 KB, 645x729, caveman-wojak-59ee2f295f52c.png [View same] [iqdb] [saucenao] [google] [report]


>> No.64150138

Let's not argue semantics here. Read the fucking paper.
>Haswell seems to have multiple branch prediction mechanisms that work very differently:
>with a specific version of Debian's distro kernel running on the host

>> No.64150146

>microcode doesn't exist

>> No.64150158
File: 22 KB, 220x348, 220px-Bundesarchiv_Bild_183-S33882,_Adolf_Hitler_retouched.jpg [View same] [iqdb] [saucenao] [google] [report]


>> No.64150176

no go back to >>>/pol/

>> No.64150187

>CIA gets root
>they install persistent spyware
>one day you mount your volume and unencrypt it so you can peruse your cheese pizza
>CIA now knows everything
that's a checkmate, atheist

>> No.64150208

/g/ can't even take jokes now.
Go back to macrumors instead, faggot.

>> No.64150222

Honestly the only thing that could be worse than Meltdown would be taking literal control over the user's brain

>> No.64150239

Still rockin' my cheap 1400

>> No.64150250

Lock self in a dark, sound insulated room with airgap'd pencil and paper.

>> No.64150277

lawsuit when

>> No.64150294

>implying they couldn't do this before
yeah i am sure they couldn't
also why would you hold pictures of cheese pizza on your PC ?
is this some weird American fetish ?
i came here from /pol/ so you can fuckoff El Goblino

>> No.64150324

Meltdown solution is new CPUs, the software patch is just a mitigation to move sensitive data out of an application's address space. The real fix would have to prevent an application from accessing supervisor pages.

>> No.64150332

they couldn't from an otherwise sandboxed script in your browser, which is what 99% of the modern web is

>> No.64150341


Meltdown is the Intel-only problem and it's patchable.

Spectre affects everything. Everything.

>> No.64150342

Wrong, retard.

>> No.64150351

>which is pretty muchwhat they can do already
No it's not.

>> No.64150373

>it's patchable

only to a large determent to performance

>> No.64150387
File: 363 KB, 527x832, (((perlroth))).png [View same] [iqdb] [saucenao] [google] [report]

> (((Perlroth)))

>> No.64150391

that's meltdown you fuckwit

>> No.64150397

oh boy maybe i should put all my pictures with Tiles into a single folder and encrypt them :/

>> No.64150449

>people still think the issue can't be resolved on an OS level
>people still think its a bug
AMD shilling so hard to control the market just like they tried with Mantle.

>> No.64150475

intel will release new cpus that are stronger better and harder to break

>> No.64150484

can't a firmware update force a microcode update and plug Specter, while an OS update (with huge performance hits) be applied to patch Meltdown

>> No.64150492

Imagine an userspace program accessing another userspace program's memory. Imagine that JavaScript was able to do this shit. Imagine having browser and crypto wallet open at a same time. Any bells ringing yet?

>> No.64150498

I still have a working crapbook with an Atom N570 running Arch. Guess I will fallback to it again for now.

>> No.64150502

Oh haha, I didn't notice at first that it was a woman

opinion discarded, since when do women know anything about tech

>> No.64150533
File: 274 KB, 3500x1400, 20071009-01bl_tcm100-930025.jpg [View same] [iqdb] [saucenao] [google] [report]

SPARCbros [email protected]?

>> No.64150549

not according to intel

>> No.64150558

Retard here, does this mean Ryzen is better than patched Coffee Lake?

>> No.64150574

If this shit had happened 15 years ago, I could've just started using my Sparcstation 5

No such luck today

>> No.64150593

Not unless you are running SQL servers, performance for end users will be the same. It's just disk reads and network traffic that seem to be impacted the most.

But it is a security flaw in the hardware design. So, there is that.

>> No.64150611
File: 162 KB, 1000x1000, 1413913323099.png [View same] [iqdb] [saucenao] [google] [report]


>> No.64150613

goodbye NAS with encrypted data drives

>> No.64150624

Yeah.. literally that.

>> No.64150654

None required when it's always this blatantly obvious.

>> No.64150657


>> No.64150664
File: 310 KB, 650x618, 0b0338bdb191d6be.jpg [View same] [iqdb] [saucenao] [google] [report]

>> No.64150683

Meltdown issue is due to an exploit (not a bug) that can be resolved on the OS level. If your OS is compromised it doesn't matter what your CPU is. AMD provides the protection through their CPU so the OS doesn't need to, but with Intel you need OS-level protection. Literally turning on (or off) a software switch. Therefore AMD vs Intel will be mostly placebo overall, but with Intel still edging out due to better single-processor power.

Everything involving Specter is... speculative. The issue is no more prevalent than being a dumbass who browses the internet without ublock/noscript and clicks random links without thinking. Not enough concrete information or solutions are out there, just bandaids.

>> No.64150720

It's a flaw in AMD64 architecture affecting anything shipping OoO and manufatcured in the last quarter of century and no, it can't be FIXED on a OS level. It's definitely a flaw and therefore an hardware bug. Intel's implementation lead to an even more viable vulnerability which can be mitigated, not fixed nor resolved, at an OS level, with a big "fuck you" to I/O optimizations. Microcode can't fix it either.

No one in their sane mind would deny it's an hardware bug. Only Intel shills first and AMD shills after them try to convey an inane interpretation of what's in actual papers and advisories.

>> No.64150755

Meltdown is literally a bug in the way speculative execution works on Intel though, not being secure. It's not an exploit that can be patched at OS level, it's a hardware bug which can be worked around at OS level.

>> No.64150763

Almost everything stated in this post is utter bullshit.

>> No.64150820

It's not really an AMD64 architecture flaw though, it's spread to almost every OoO CPU with branch prediction.

>> No.64150862

How long has this been public now and not under 6 month embargo?

>> No.64150888

Its not a fucking bug you moron. It is an exploit. Literally by definition.
pick one retard. Software has bugs. Hardware has defects. Intel's chip design is intentional for performance gains and is remedied on an OS level. Microsoft knew this and if you think they didn't you're a basic bitch.

AMD has a feature and Intel does not. That means its a lacking feature. Not a bug. And exploiting that lack of feature resulted in Metldown.

Try harder.

>> No.64150906

Yah, that's wrong
Meltdown is a flaw in the chip design for Intel chips since 1995 and one arm chip that allows the memory to be read from any application, it doesn't even need to be malicious. This is a huge problem, because virtual machines in cloud providers can see memory leaks from
the host.

This won't impact CPU performance, it does impact disk reads and network traffic.

Spectre is a different problem,and it impacts all CPUs.

>> No.64150929

Are you an idiot?
Meltdown is an exploit due to a flaw with Intel processors. AMD processors don't allow speculative execution to read supervisor pages.
Specter is a real issue and the authors of the paper came up with a working exploit. It's an inherent issue with all processors that use speculative execution and isn't entirely patchable.

You can't completely plug Specter, it's an inherent issue with speculative execution. Apparently the practical exploits are easier on Intel and harder when JIT is disabled on certain AMD processors. But that doesn't mean the issue is fixed at all.

>> No.64150943

>AMD has a feature and Intel does not. That means its a lacking feature.
It's lacking a feature (protection of memory pages marked supervisor) that is REQUIRED by the x86 standard. Ergo the processor is defective.

>> No.64150965

>AMD processors don't allow speculative execution to read supervisor pages
Obviously I mean they don't allow userspace speculative execution to do so

>> No.64150972
File: 45 KB, 700x525, 3.jpg [View same] [iqdb] [saucenao] [google] [report]


>> No.64151011

Meltdown only a flaw in the sense that any exploit is a flaw.
Its still not a bug because its hardware-related.
Its still not even a defect because it was intended design.

Its just an exploit.

Stop playing with words because they sound good to you without using them properly.

I'm not even going to talk about Spectre because nobody has any concrete information or solutions regarding it.

>> No.64151042

>required standard
By whom? And since Meltdown is remedied by patching the OS shouldn't the standard be on an OS level anyway?

>> No.64151126

It's not a remedy, it's a workaround at best. The chips are fucked.
There's no way every major cloud system is going to be patched overnight.

>> No.64151166

Does the CPU ride ever end?
Any intel chip after core2duo has the ME.
Any AMD chip after the opteron 6000 series has something similar.
And now everything is effected by spectre and meltdown.
I'm emailing Stallman for advice.

>> No.64151170
File: 81 KB, 713x809, 1504946159461.png [View same] [iqdb] [saucenao] [google] [report]

w-what's goin on?

>> No.64151176

Technically speaking you may be correct that the standards did not anticipate side channel attacks and hence it may still conform since a speculative execution reading protected memory does not actually affect the architectural state.

>Its still not even a defect because it was intended design.
I never said it was a defect, I said it was a FLAW.
Specifically this is a DESIGN FLAW. The processor conforms to its design but the design itself is flawed.

>I'm not even going to talk about Spectre because nobody has any concrete information or solutions regarding it.
That's not really true, read the fucking paper. https://spectreattack.com/spectre.pdf

>And since Meltdown is remedied by patching the OS shouldn't the standard be on an OS level anyway?
Meltdown is worked around by an OS level change in how memory is mapped. This isn't really a fix.

>> No.64151195

They're not fucked. Meltdown is an inconvenience that AMDfaggots are desperately trying to make people believe they need to switch.

Specter on the other hand is an issue (while not immediate or outstanding) that may get worse because its entirely speculative. It may also be fucking nothing that only affects dumbasses who treat computers like toys that are meant to be thrown away if they're "broken".

>> No.64151221

Shill shtap, you're too late to the party. Better sell your stock and buy AMD while you still can.

>> No.64151238
File: 107 KB, 967x150, hmm.jpg [View same] [iqdb] [saucenao] [google] [report]


>> No.64151271

It's possible to entirely mitigated Meltdown (and they have), but it's not possible to entirely mitigate Spectre without disabling speculative execution (which they won't do because it would fuck performance WAY more than the mitigation for Meltdown)

>> No.64151272

>Linus & Co get $500k annually from Intel

No shit sherlock. The mere bad mouthing of Intel by itself is amazing.

>> No.64151285

but what do you replace it with if everyone is effected?

>> No.64151286

Our perception isn't build for this long lasting inconvenience. People will start coping pretty soon.

>> No.64151288


How? Do they have a backdoor for updates too?

>> No.64151290

After you've been racked by Guillain-Barre -tier performance side effects you'll be immune :^)

>> No.64151291

> its entirely speculative
No. Read the fucking paper they've successfully used a couple of exploits. https://spectreattack.com/spectre.pdf

>> No.64151299

They're running back into the Temple walls-

oh wait....

>> No.64151340

>replacing my 2600K

>> No.64151367

Meltdown is not a design flaw. Its an intended design. Its just an exploit. Quit playing semantics.
If there was concrete information on Specter it would be immediately fixed. The issue is still ongoing.
And please don't post shill retarded link to pdfs unless its a .gov.

At least you're starting to admit the Meltdown is more OS related and not hardware. Faggot.

Reminder Microsoft knew and rode the gravy train to avoid having to redesign their OS.
>b-but Microsoft is more competent than Apple
true but
>You could easily bypass the password prompt on older Windows
so competent
Windows 10 is still a piece of shit.

>> No.64151402

Fantastic. A couple of exploits. What about the rest of them? And what about the fixes?

Its an ongoing issue entirely on speculation.

>> No.64151403

It's not a bug, because it's not software. I agree.
I don't think it's by design an exploit, it's just being exploited.
It's a design choice, that was flawed. So I don't agree there. But it's a hardware design choice, not a software one.

>> No.64151404
File: 8 KB, 224x250, intelaviv-by-mossad.jpg [View same] [iqdb] [saucenao] [google] [report]

Oy vey. Nobody said they are going to be software and free, goy!

>> No.64151482

>Meltdown is not a design flaw. Its an intended design.
The design is flawed in a way they did not anticipate. Processors conform to the design but the design itself is flawed.
That's what a design flaw means.

>And please don't post shill retarded link to pdfs unless its a .gov.
Those are written by the original researchers, retard.

>At least you're starting to admit the Meltdown is more OS related and not hardware
No, meltdown mitigation is OS related. The issue itself is hardware related. A userspace process is not supposed to be able to read data in supervisor pages. Meltdown allows a userspace process to do so.
The mitigation just moves sensitive data out of the mapped memory entirely. This means that context switching incurs additional overhead.

There are no fixes, it's an inherent issue.

>> No.64151521

> Crossing my fingers for everyone's twatter & faceberg to get hacked & deleted.

Or another Fappening.

>> No.64151524

>A userspace process is not supposed to be able to read data in supervisor pages. Meltdown allows a userspace process to do so.
Obviously these "processes" are abstractions and not part of the hardware but you should know what I mean if you know x86. Instructions running without the supervisor bit should not be able to access supervisor pages.

>> No.64151554

>still haven't patched the ME/SPS/TXE vuln
Wake me up when the exploits are in the wild. What data is set to be released by researchers on Jan 9th or is the embargo over early due to the leaks?

>> No.64151582
File: 188 KB, 670x473, happening2.gif [View same] [iqdb] [saucenao] [google] [report]

Does anyone else have an extremely hard time believing that it took ~20 years for these vulnerabilities to be discovered? really starting to think that this was a case of """"accidental"""" bad design to boost sales

>> No.64151617

does the update affect firefox performance?

>> No.64151621

It must have been a 'EUREKA' moment for the researchers and we have all been a bunch of retards.

>> No.64151623

It might have been known by NSA for a long time, but it got leaked so they dumped it.

It was also noted by AMD that the researchers had access to confidential design information that most people would not have access too, so potentially Intel or AMD knew something might be odd and paid them to figure it out.

>> No.64151635

umatrix does not disable everything by default like noscript or the about:config setting does.

>> No.64151641

No, the only major performance hits I've seen at disk reads and network traffic in benchmarks, not normal desktop usage

>> No.64151694

It's probably been known to be theoretically possible for a while but actually practical exploits took a while.
The reason it was practically exploited recently and independently by multiple teams was because of the development of side-channel techniques.
Researchers took new side-channel methods that had recently been developed and applied it to this.

>> No.64151702


It seems you're too retarded to deliver a correct interpretation of what's detailed in simple advisories; moreover, it seems you lack a minimal required background to handle infosec in general.
Please avoid posting and for the love of God avoid a career in IT in general.

>> No.64151915
File: 119 KB, 504x284, your-work-your-life-your-way.jpg [View same] [iqdb] [saucenao] [google] [report]

intel saves the day again

they know what the fuck they're doing

>> No.64152106

>90% of PCs
how the fuck are they going to do this?

>> No.64152222
File: 113 KB, 753x804, Capture.jpg [View same] [iqdb] [saucenao] [google] [report]

It's very easy.

I'd tell you, but I gotta go. Good luck, bye!

>> No.64152288

You don't really understand, right? There's more than three variants of Spectre, one of them is Meltdown
All of them are related to modern CPU design, ie. Speculative execution and out out order execution, none of them are software related but can be worked around them in software
All of them affect Intel severely, only two variants of Spectre (but not the one called Meltdown) could affect AMD, and of those two only one was been proven to work on actual hardware under specific non default circumstances

>> No.64152321

tumbling the fuck down

>> No.64152401

No, there are 3 side channel attacks tested by project zero. Two of them are specter and one is meltdown. Google did not use the terminology Meltdown and Specter so they did not make the distinction.
The rest of your post is correct.

>> No.64152507

Weren't Specter and Meltdown names from the other teams?

>> No.64152743

Yes, exactly. And Spectre and Meltdown are separate attacks based on the same principle. Meltdown is NOT called a variant of specter like >>64152288 says.

>> No.64152776

why not just disable speculative execution?

>> No.64152853

massive performance hit

>> No.64152914

Could someone explain what exactly Spectre is?

Name (leave empty)
Comment (leave empty)
Password [?]Password used for file deletion.