[ 3 / biz / cgl / ck / diy / fa / g / ic / jp / lit / sci / tg / vr / vt ] [ index / top / reports / report a bug ] [ 4plebs / archived.moe / rbt ]

Due to resource constraints, /g/ and /tg/ will no longer be archived or available. Other archivers continue to archive these boards.Become a Patron!

/g/ - Technology

View post   

[ Toggle deleted replies ]
File: 217 KB, 1080x873, Screenshot_2018-01-05-05-23-57-703_com.chrome.beta.jpg [View same] [iqdb] [saucenao] [google] [report]
64157656 No.64157656 [Reply] [Original] [archived.moe] [rbt]




>> No.64157776

It is not a bug or a flaw - the three letter corps ordered the CPUs to be that way

>> No.64157782




>> No.64157870
File: 137 KB, 263x265, Untitled.png [View same] [iqdb] [saucenao] [google] [report]


>> No.64157938

How is this not illegal. They are misrepresenting this major security issue.

>> No.64157969

>intel design in a nutshell

>> No.64157981

I'm disheartened by the number of posts here who are taking the stance that Intel has idiot designers or that management doesn't care about security. This attack is very clever and unexpected, nobody could have predicted this. Intel is still the dominant and most trusted industry player and will remain so in the future.

>> No.64157991

Fucking shit, an actual logical post. Quite a rarity for /g/.

>> No.64157992


>> No.64157999

You are all illiterate.

>> No.64158007


Linus disagrees

>> No.64158016

It is illegal. It's just that the consequences of lying about the exploits are way less severe than telling the truth.

>> No.64158057

fuck these pieces of shit for trying to conflate two completely different vulnerabilities

>> No.64158067

Did he post any rants yet?

>> No.64158077

Just this, but it's not really a rant.

>> No.64158089
File: 213 KB, 1268x1422, 1494802724193.jpg [View same] [iqdb] [saucenao] [google] [report]

So this is the team that made the design decisions for the Pentium 4. Dear Lord, they're dumber than rocks.

>> No.64158111

The answer is not that it's not a bug. The answer is that it's not a bug solely to intel hardware/intel design. Learn to read, you underage /v/ memesters.

>> No.64158112


I've seen this pasta on reddit

>> No.64158147
File: 350 KB, 672x794, 6541684984949948.png [View same] [iqdb] [saucenao] [google] [report]


>> No.64158149

It's not a bug, but it is FAULTY DESIGN. The CPU is leaking information that shouldn't be leaking.

>> No.64158153

>guys nothing is wrong
>see, it could happen to others too!

If there's nothing wrong, why do they bring up other vendors and try to trash them? What a fucking scumbag thing to do. Own up to it and stop trying to drag others down into the mud with you.

>> No.64158159

>Intel has investigated Intel and found that Intel was not at fault for the non-flaws and non-bugs that are not-affecting Intel

>> No.64158170

>this attack that doesn't affect the two other major chip designers never could have been predicted!!

Intel chip designers fucked up when allowing the kernel memory to load with the indirect user memory. That alone is fucking stupid. Then they failed to protect the kernel memory when implementing speculative execution.

If we ever find out that phones fry your testicles, do you think Apple is just gonna get off the hook? No.

Stop trying to protect a company that CLEARLY doesn't give a FUCK, you absolute sheep bitch.

>> No.64158226
File: 33 KB, 691x750, 1515106837107.png [View same] [iqdb] [saucenao] [google] [report]


>> No.64158229







>> No.64158262
File: 202 KB, 135x101, a919902809569db624358a0a73e5b544.gif [View same] [iqdb] [saucenao] [google] [report]

>Its not a bug, its a feature!

>> No.64158336
File: 198 KB, 2518x1024, 1515118701282.png [View same] [iqdb] [saucenao] [google] [report]


>> No.64158340

Again, I really think you are misdirecting your frustration. Intel works to provide the utmost in quality and security for its consumers. I would challenge you to re-evaluate your perspective on things and I hope that you can see Intel is a leading innovator in the field of consumer, government, and business electronics.

>> No.64158360
File: 18 KB, 500x500, 1514460328053.png [View same] [iqdb] [saucenao] [google] [report]


>> No.64158366
File: 168 KB, 911x741, Screenshot_20180105_054845.png [View same] [iqdb] [saucenao] [google] [report]

Just tried the Spectre exploit on my T420 and it worked.

>> No.64158376

Yeah, Hillsboro dudes are not the brightest ones in the world.

>> No.64158377

I don't care what a blue tem shill has to say about this. I will wait until he gives a good amd review before I give him any more views.

>> No.64158383

Where do I get this test?

>> No.64158423

Clone this repo, make, run ./spectre.out
The code comes from the Spectre paper the finders of this exploit wrote. It just has some minor improvements so it can compile and run on more systems.

>> No.64158431

Sounds like a customer helpline bot reply.

>> No.64158468

Reading 40 bytes:
bash: illegal hardware instruction ./spectre.out

Does this mean that I'm not vulnerable or that there's something wrong with the test?

>> No.64158478
File: 104 KB, 720x764, 1514185025705.png [View same] [iqdb] [saucenao] [google] [report]

If intel are shifty and did it on purpose how are arm / apple processors affected as well?

>> No.64158489
File: 345 KB, 940x672, inb4madfanboys.jpg [View same] [iqdb] [saucenao] [google] [report]


>> No.64158497

They did not do that on purpose.
The architects in charge of Intel/ARM/Apple cores were not paranoid enough.

>> No.64158513

Yes.. but everyone seems to think so.

>> No.64158516

What CPU does your machine have?

>> No.64158534

It could be possible that there was THAT guy on the team who was paranoid enough, but no one else wanted to drop the performance of the processors.

>> No.64158539

There are two different exploits. One specifically targeting Intel, another that affects pretty much all modern CPUs including Intel, AMD, ARM, PowerPC, etc.

>> No.64158580

Meltdown also hits Ax (the Apple ones) and A75.
It's not Intel-exclusive, it's just AMDs engineers that do love bitch basic sanity checks.

>> No.64158609

Intel Core2Duo P8600

>> No.64158622

>Intel ME

>> No.64158626

>This attack is very clever and unexpected
probably not
but CPU vendors don't often compete on security, so they probably just let this one slide

>> No.64158654

Your CPU might just be too old for this specific piece of code. It must use some instruction your processor doesn't support.

>> No.64158684

Shilltel is working overtime!

>> No.64158691


>> No.64158715

I'm so happy that I haven't gone to the intel side, I'm only running intel because it was a donation.
Ryzen is the next station for me.

>> No.64158741
File: 36 KB, 888x255, Screenshot_20180105_053607.png [View same] [iqdb] [saucenao] [google] [report]

Do not buy a new processor for a year or two. All current ones are vulnerable. Intel and others.

>> No.64158748

Also, how will Intel try to blame AMD for this? They will try to kike this some way to ensure that nobody wins.

>> No.64158774

All Tech is vulnerable. It always has been. These things come and go.

>> No.64158819
File: 562 KB, 1920x1080, 1493366141642.jpg [View same] [iqdb] [saucenao] [google] [report]

>If we ever find out that phones fry your testicles, do you think Apple is just gonna get off the hook? No.
Apple's already blown up a plane and killed 66 people. Intel will get a 10 second highlight on the evening news and normies will never hear about it ever again.

>> No.64158820

i get same error on a Xeon X5470

>> No.64158853

My windows 10 laptop doesn't have any updates yet, should I wait a day or two or should I go ahead and install them manually

Also, I heard that you should be going tto intel and your mobo manufacter's site and getting updates from there too on top of the windows one? Is that accurate?

Lastly, my mother still uses a windows 7 laptop, and i'm pretty sure windows 7 doesn't have automatic updates anymore. Which should I be downloading manually on that?

>> No.64158873

It released on the same year as C2D P8600 so it might just be missing the same instruction sets.

>> No.64158885

you would be wrong, it should automatically have the update next tuesday.

>> No.64158886
File: 2.66 MB, 350x262, 1378091251285.gif [View same] [iqdb] [saucenao] [google] [report]

They won't blame AMD, They will insist the patch gets applied to AMD chips where it's not needed to insure a "level" playing field and make sure AMD chips are needlessly crippled to "protect the consumer".

>> No.64158890

Easy to do when they're just copy/pasting things

I read hackernews too

>> No.64158894

This is for spectre right?

>> No.64158909

Oh btw, I hope we can tell all the libertardians that we need some regulations that CPU makers can't fuck around anymore.

But I suspect this was an NSA directive all along.

>> No.64158926


>> No.64158950

So could spectre potentially be triggered by malicious javascript when browsing?

>> No.64159039
File: 43 KB, 620x214, DSpmcgvXUAEIMre.jpg_orig.jpg [View same] [iqdb] [saucenao] [google] [report]

Not only potentially, it is already happening.

>> No.64159053

Damn, fucking javascript.

>> No.64159063
File: 218 KB, 1080x1080, 1515104458427.jpg [View same] [iqdb] [saucenao] [google] [report]

>mfw that intel single core perf for miners

Thanks jewtel

>> No.64159121

Why would my compiler produce instructions that my CPU doesn't support?

>> No.64159131

Ask your compiler, not me.

>> No.64159138

>intel website says "it's fine"
>herp derp it's not fine guys, they're lying
>amd website says "it's fine"

the city of amd fanbois

inb4 >herp derp shill

>> No.64159178

He talking about Linus Torvalds idiot. The creator of the Linux kernel

>> No.64159182


it is, but do you think they give a fuck? Intel hasn't paid the multi-billion dollar fine yet kek (for bribing laptop manufacturers to not make AMD products)


>> No.64159230

>it's not a bug, we intentionally designed it this way

What did intel mean by this

>> No.64159253

I was just in another thread where one of you intel shills was losing his shit for the exact opposite case you just laid out.

Holy fuck you intel guys are just in a total fucking panic trying to damage control this shit

>> No.64159254

poos vs. jews, and I trust jews less.

>> No.64159261

poos are well meaning if sometimes incompetent
jews are outright malicious

>> No.64159271

Intel's main client are companies the size of Intel itself. If Bezos wants to suddenly pork BK in the ass with lawsuits, it'll happen.

>> No.64159286

>he missed the inb4

it would make sense to shill, it doesn't make sense why you do this for free...

>> No.64159310


if AMD was lying, their stock would tank to 0 USD instantly because their stock tanked when they launched Ryzen and Epyc.

Which company's stock is tanking like fuck? It's Intel.

>> No.64159359

Are mobile devices impacted by this? Should I need to go out of my way to do anything with my phone or tablets ?

>> No.64159372

>up 15 points from mid 2017

>seriously guys, it's dropped 1.5 points in the past week, the end is nigh

>> No.64159377

For fucks sake YES.
A75 and Apple cores are affected by Meltdown, and absolutely everything on the market (besides static in-order memes of days gone) is affected by Spectre.
Now rope yourself.

>> No.64159390

>1.5 points in the past week
It dropped 3 points YESTERDAY.

>> No.64159396


Lets say that you need this particular speculative design in order to hit your performance goals. What do you do? Now that you know a sideband attack can access ram do you change your architectural approach to codify separate page tables, or do you revert to a less aggressive speculative and slower approach?

Maybe you redesign the MMU/TLB/caches somehow to make switching between user and kernel codes faster but retain your core design.

I am not at all sure that future intel chips that have this vulnerability fixed are going to have a significantly different execution pipe line. There will be some other change that protects against this type of attack.

>> No.64159401
File: 22 KB, 645x773, 1514917460827.png [View same] [iqdb] [saucenao] [google] [report]


Are you seriously even thinking that Qualcomm is not affected by this?

>> No.64159412

The Qualcomm Snapdragon 801 featuring a quad core Krait CPU does not have this problem. :^)

>> No.64159423

Could they just flush the cached memory pages for a process that illegally accesses protected memory?

>> No.64159435


>> No.64159453

LOL no
To be fair speculative execution is a real thing that actually helps performance, but their implementation sucks dick

>it's not a bug it's a feature

>> No.64159455

>people can't check your claims
it actually didn't...

>> No.64159473

Time to move on. This is all inconsequential and you lads seriously shitpost too much.

>> No.64159477

I'm feeling really sleepy /g/...

We should all go to sleep

>> No.64159483

>very clever and unexpected, nobody could have predicted this
they literally predicted it 20 years ago but didn't manage to implement it.

>> No.64159498


From the original paper IIRC they mention the data has to be in L1D, so sure, a simple flush would seem to do it, BUT they have gone for totally separating address spaces.

Other discussions have mentioned the length over which the speculative execution can continue and tried to figure out how to delay the original instruction path the most suggesting that maybe you could re-fill your l1d with interesting data in the speculative path before the delaying instruction can be retired.

I am speculating <heh> but given the lengths the fix goes to, I don't think flushing l1d is enough. With the page tables separate the hardware cannot figure out how to access the OS's data period, no matter how long the speculative window is.

>> No.64159500

It's down over 5% since it closed on Tuesday. Get fucked.

>> No.64159517

Reminder that Intel® Core™ is a fine and reliable trademark

>> No.64159545

My understanding is that the kernel memory is able to be read from user-space only because the application is performing operations on it and placing the new values in L1, it just seems like flushing L1 when a speculatively executed branch illegally accesses protected memory would be more than sufficient....although now that I think about it I guess that still leaves a very small window while the program is still in the pipeline, between the time the operations are performed and the check for page permissions, in which protected memory is still exposed...

>> No.64159547

They literally knew about this for 6 months and STILL decided to release Cannon Lake with this issue

Go back to /r/HailCorporate

>> No.64159581

Delit this, stop making sense and start shilling

>> No.64159597

to be fair, if they say it's a bug, it's literally giving lawyers free money to shoot them up for big ass class actions.

>> No.64159628

Good luck with that. Nsa will silence those lawyers.

>> No.64159684


>> No.64159746

>it just seems like flushing L1 when a speculatively executed branch illegally accesses protected memory would be more than sufficient.

If you know that you are illegally accessing ram, just don't do the access at all, which is what AMD does earlier in the pipeline.

Also its a question of how to make the logic, and make the logic hit the clockspeeds you want, so cross-connecting different pipeline stages to get some cache behavior you want may not be able to be implemented in hardware. But I have never worked on anything OoO.

>> No.64159790


Oh yeah, for Intel, there is NO illegal access of protected memory. It is a speculative execution that is never retired, so values are never returned and no exceptions occur, because as far as the hardware and execution state reveals, that memory has never been accessed - only the ghost of a behavior remains in the contents of the caches that are measured by timing.

So if your question is can that be done in SW, no because as far as software is concerned the access never occurs.

>> No.64159853

notice said vendors aren't named
>because a lawsuit might follow

>> No.64159876
File: 67 KB, 895x770, 1515053582918.png [View same] [iqdb] [saucenao] [google] [report]


>> No.64159932

Hey everyone, it's not a bug*

*Insert artificially narrowed definition of a bug designed to exclude this vulnerability

>> No.64159939

thank gnu linus told them to fuck off

>> No.64159956

You have to go back then.

>> No.64159972

how is $70K as an engineer in Commiefornia even a livable wage?

>> No.64159977
File: 102 KB, 415x315, sold-a-lot-of-stock.png [View same] [iqdb] [saucenao] [google] [report]

what nao rabbi

>> No.64159987


>> No.64160018

how is it working there? Must be a clusterfuck if they're getting you to post shit like this

>> No.64160029



>> No.64160132
File: 50 KB, 640x390, 1515124530315.png [View same] [iqdb] [saucenao] [google] [report]


it's down 3 points since Tuesday, it's up significantly more

and where is amd? 11points? gg

>> No.64160169

It takes time for data centers to buy stock.

You can bet a lot who were looking to replace or expand will be looking at AMD right now. They're not going to make that purchase overnight though.

>> No.64160240

oh you

>> No.64160252

it's cheaper to pay the fine for lying than telling the truth

>> No.64160283

but no other CPU vendor even on the same architecture is vulnerable to the worst variant??? how is that not a result of INTEL DESIGN??

>> No.64160344

Backdoors are not bugs you fucking retards. Intel products work as intended and will continue to do so.

>> No.64160345

They're all catastrophic vulnerabilities.

>> No.64160358

no. variant 3 is the worst of the bunch and only affects a single vendor. how is that not the fault of the vendor?

>> No.64160375

What are the chances of the US gov stepping in to cover Intel behind the scenes?

>> No.64160377

t. mr amd spokesperson

>> No.64160385

Software has always had the ability to prevent it. They didn't because it was faster not to. Now people are blaming the hardware for being capable instead of the software for ignoring security for performance.

>> No.64160387
File: 44 KB, 620x340, intel-wikileaks-cia.jpg [View same] [iqdb] [saucenao] [google] [report]

Why do you think they call it 'Intel' in the first place?

>> No.64160423

Actually, it affects SD845 too, and some variants of 3 (3a) affect some other Qualcomm processors we know of and possibly some other processors.

Fact is, the information we have is based on the first three proof of concepts reported by the researchers, their testing of processor families and variants of the exploits they discovered were not completely exhaustive. We will find more processors vulnerable to the three original variants, and new variants, over time so don't say anything too definitive in these early days.

>> No.64160436

Consider a high level programming language that lets you access memory indirectly versus one that only allows direct access. The former provides you with improved capability and performance but allows for security issues that need to be cared for and handled.
Is it the fault of the programming language when the programmer aims for maximum performance and doesn't properly handle the potential security issues?

>> No.64160477

NSA asked Intel to put it there. You have to be a retard to think this was to maximum performance. Anyway maximizing performance at the cost of safety is fucking retarded. Would you take a plane that gets you to your destination 10% faster but at the risk of it crashing?

>> No.64160482

t. Suminda Kumar H1B Intel employee
no, meltdown is Intel shit exclusive.
AMD will not be affected. Linus already removed KPTI from Linux for them because it's that fucking obvious.
>blame the flawed programming language that everyone else uses for the semicolon you misplaced ON PURPOSE that caused a massive vulnerability while everyone else using the same language didn't because they knew it was insecure and only suffered from the inherent faults of the language
yeah sounds like it's the fault of the programming language and not the programmer!

>> No.64160492

and nobody could have predicted that the same end goal can happen with ME engine

guess what

>> No.64160518

>NSA asked Intel to put it there.
To put what where? Be specific.

Don't reword arguments when you don't understand the security exploit.

>> No.64160523

What does this all mean for my sandy bridge and ivy bridge systems?

>> No.64160526

NSA ask Intel to put in a hardware backdoor.
This is their hardware backdoor. I am sure there are other undiscovered ones as well.

>> No.64160533


>> No.64160538

Depends on what you are doing with them.

>> No.64160552

>fallacy fallacy
how much are paying you for this?
vendor specific catastrophic vulnerabilities are the fault of the vendor not the architecture you fucking retard.

>> No.64160563

I still haven't understood. Which are the amd CPUs affected by spectre v1 and v2?

>> No.64160565

This isn't a backdoor. Side channel analysis is a security vulnerability present in all hardware. This paper is pretty informative when it comes to what's actually happening: https://www.cs.tau.ac.il/~tromer/papers/acoustic-20131218.pdf

>> No.64160574

Does this allow a third party to gain root access to a computer? If yes, it is a backdoor.

>> No.64160581

NSA didn't give them enough money.

>> No.64160583

Delete this right now

>> No.64160589

>Physically knocking out a person and stealing his laptop is a backdoor.

>> No.64160606

How much do they pay you to say such nonsense? Or do you work for the NSA?

>> No.64160610

>can't get password out from someone unconscious
>no privilege scalation
Not a backdoor.

>> No.64160620
File: 57 KB, 720x468, 1511791728385.jpg [View same] [iqdb] [saucenao] [google] [report]

>have crapbook with unaffected atom processor
Haha time to potato.

>> No.64160628

As far as a normal user is concerned? All of them.

>> No.64160638
File: 191 KB, 597x767, B488E9A5-B507-4AE7-89BF-786401FEC1BF.jpg [View same] [iqdb] [saucenao] [google] [report]


>> No.64160654

I read that spectre v1 only affects some FX processors under certain circumstances. Why I can't find everything about v2

>> No.64160671

0 because Spectre 1 is easily patched and Spectre 2 requires a specific setting enabled in the kernel to work. AMD is not subject to the worst variant at all.

>> No.64160685

D-does this mean I finally have a reason to u-upgrade?

>> No.64160698

No. Wait some months. All of Intel's current lines are affected and we are still not sure how affected AMD chips are, though apparently way less than Intel.

>> No.64160699

To what? Everything is affected by Spectre and Intel by both.

>> No.64160701
File: 84 KB, 589x612, Screenshot_20180105_093432.png [View same] [iqdb] [saucenao] [google] [report]

That is provably untrue. You can run the proof-of-concept code on your own machine if you like.

>> No.64160703

The difference between v1 and v2 is just whether they use a predicted branch or a predicted not branch. One of which is much less common prediction.

>> No.64160705
File: 12 KB, 1097x631, ARM-Sheet.png [View same] [iqdb] [saucenao] [google] [report]

>no, meltdown is Intel shit exclusive.
You might want to at least keep up with the new information as it comes out.

>> No.64160717

But if you beat him up until he enters the password, it is a backdoor?

>> No.64160729

Meltdown is Variant 3 no?
Looks like only Cortex A75 is affected.

>> No.64160734

Oh, and a source for this table.

>> No.64160742

Yes, Meltdown is Variant 3 (and 3a).
And Cortex A75 is what SD845 is using.

>> No.64160751

You gotta fuck em in the ass too

>> No.64160764

>. All of Intel's current lines
Fuck intel right in the pussy
I thought Ryzememe wasn't affected?

>> No.64160778

those phones aren't even released yet. my apologies then, Intel made a massive fuckup intentionally for 20 consecutive years, and ARM did it for 1. i guess this means it really was the fault of the architecture and not vendor retardation.

>> No.64160780

Ryzen is affected by one variant of Spectre at least, and that can be mitigated in software with basically no performance hit.

It is not affected by Meltdown, which causes the most performance loss in mitigating.

>> No.64160781

Everything is affected by Spectre. How much and how bad we don't know.
Meltdown is exclusive to Intel and some ARM processors >>64160705 but doesn't affect AMD cause NSA didn't pay them enough.

>> No.64160785

Ryzen may be affected to some degree, but not by any of the known methods.

>> No.64160789

This class of vulnerabilities has been theorized about for more than ten years. It's just that nobody thought they'd be practical in real world scenarios until now.

> posts copypasta which was proven wrong by information we have now

>> No.64160799

Yes, and the good news is that because the devices aren't even out yet likely all of them will receive the required patches, so there is an upshot to this being revealed so soon.

>> No.64160811

The "vendor specific" vulnerability, which is not vendor specific, is a problem introduced at the software level due to hardware specific software optimizations.

>> No.64160831

>You might want to at least keep up with the new information as it comes out.
we aren't paid to do so

>> No.64160851

>Intel specific hardware vulnerability is actually not Intel specific even though they did it for 20 years because ARM did it once on unreleased phones
you can spinning it pajeet. maybe if you do it enough people really will believe it wasn't your fault and everyone else is to blame.

>> No.64160876

Intel, AMD and ARM are the last parties you should believe when it comes to reporting what is vulnerable. For legal purposes, they have to deny that anything is wrong with their products.

>> No.64160882

Yet you are going to talk as if you are up to date on the information.

See the problem here?

>> No.64160888

ARM literally reported their most recent product is vulnerable.

How is that beneficial to them?

>> No.64160889

>If I attack an unnecessary part of his argument, this invalidates the rest of his argument!
>The "vendor specific" vulnerability is a problem introduced at the software level due to hardware specific software optimizations.
Try again.

>> No.64160900

There is nothing to worry about guys, our engineers are handling this as they've handled all the security advisories reported in the last 5 years. Apply your patches and be confident that performance hits will be negligible and mitigated overt time. Also, Jerusalem is Israel.

>> No.64160907

you realize your employer is going to lose a shit ton of money because they have defective products they either have to sell as defective or trash all the way out to Ice Lake, right? you will be deported back to India. there's no reason to continue trying to defend them.

>> No.64160915

>our engineers

>> No.64160930

im just here for the bantz n triggers i dont care about anything :^)
but fuck injewtelaviv

>> No.64160949

This is a nothingburger. Everything is fixed.

>> No.64160994

Does this mean Intels used cpu prices will finally drop? Can't wait for cheap xeons.

>> No.64161004

The first time I ever heard about branch prediction and speculative execution and so on way back when I was at university, I thought to myself "this is just wrong".

At the end of the day, companies made their CPUs extremely complex and started doing stupid shit to try and beat the competition in the short-term. In the long-term though, they put the integrity of the entire fucking computing world and internet at risk.

Just imagine that there was a competitor to intel who said "we refuse to do branch prediction, etc, because it is a security risk". They would be beaten by intel in speed for 10 years, but if they survived, their stock would suddenly quadruple this week and they would take over the CPU market.

This is long-term vs short-term thinking.

>> No.64161036

>but if they survived
They won't.

>> No.64161048

>next 4-5 generations of Intel shits are subject to 30-50% slowdowns in datacenters
yeah it's nothing to worry about Arnav

>> No.64161049

lol no. All you need to do is find one of a million ways to time data access and you can figure out the contents of memory reserved for the kernel. This is a CPU flaw.

>> No.64161120

>nobody could have predicted this
amd did though

>> No.64161141

lolyes. The CPU runs the instruction because the software told it to. The software had two options: optimize for maximum performance or sacrifice performance for security. They chose performance.

>> No.64161182

"Which systems are affected by Meltdown?

Desktop, Laptop, and Cloud computers may be affected by Meltdown. More technically, every Intel processor which implements out-of-order execution is potentially affected, which is effectively every processor since 1995 (except Intel Itanium and Intel Atom before 2013). We successfully tested Meltdown on Intel processor generations released as early as 2011. Currently, we have only verified Meltdown on Intel processors. At the moment, it is unclear whether ARM and AMD processors are also affected by Meltdown."

from the people who actually discovered the bugs https://meltdownattack.com/

>> No.64161209

>Just imagine that there was a competitor to intel who said "we refuse to do branch prediction, etc, because it is a security risk". They would be beaten by intel in speed for 10 years, but if they survived, their stock would suddenly quadruple this week and they would take over the CPU market.
And their processors would still be slower than Intel's and AMD's, even after the patches.

>> No.64161213

Mcfucking kill yourself you piece of shit shill. If intel spent half as much money on preventing this instead of shilling on vietnamese basketweaving forums we wouldn't be in this situation you shitsniffing retard.

>> No.64161220

They didn't though.

>> No.64161228

no, you fuck. compiler issues ops to flush caches but intel cpu just ignores it for performance reason. amd however did not. it's a bloody hardware problem.

>> No.64161232

Wasn't there a "Tor Exploit" the FBI didn't want to release a year or two back?
Makes me wonder if this is what they were doing.

>> No.64161235

This is spectre 2, not spectre 1, right?

>> No.64161250

Only AMD uses that naming convention. I don't trust anything they say so I wouldn't know.

>> No.64161265
File: 9 KB, 259x194, 1488625897120.jpg [View same] [iqdb] [saucenao] [google] [report]

Not a flaw in our processor design but will require a redesign to fix properly.

>> No.64161275

It's your fault for not telling intel that you wanted to keep the kernel memory secret.

>> No.64161281

This. Who do they think they are fooling with that logic?
>theres nothing wrong with our products at all
>however all products from different vendors are affected
>theres nothing wrong
>but we'll fix it anyway because we gud bois
What the fuck

>> No.64161317

t. Intel shill. Not every company has a mindshare allowing them to ignore hits to their reputation.

>> No.64161331
File: 25 KB, 1140x190, Screenshot-2018-1-5 Meltdown and Spectre.png [View same] [iqdb] [saucenao] [google] [report]


>> No.64161350
File: 54 KB, 679x758, 1507235067935.jpg [View same] [iqdb] [saucenao] [google] [report]

NO! The flaw is in the morals of the people doing the hacking! Intel processors are designed CORRECTLY and these bad guys are using data about processor design to exploit them. THIS IS NOT INTEL'S FAULT!!!

>> No.64161394

So you are saying that it would be better if every progam had access to kernel memory?

>> No.64161396

Everyone except intel does that, be it google zero team or arm >>64160705
Only jewtel throws everything in together to deceive everyone into believing every other cpu as insecure as theirs.
It is important to know if there is a potential vulnerabilty or real fucking working exploit (like meltdown and spectre 2 for intel).

>> No.64161406

>talking about 3 days
>post 5 years readings

>> No.64161414

Who wouldve thunk?

>> No.64161418

I guess it's their fault

>> No.64161451

>Outright says a bug is not a bug
>Intel isn't lying for shure because AMD made a different statement!

>> No.64161471
File: 95 KB, 261x238, 1493339466950.png [View same] [iqdb] [saucenao] [google] [report]

>yfw its not a coincidence that this "bug" that has existed for many years all of a sudden pops up as intel's cpu performance gains have finally stalled which allows consumers to push off buying upgrades but now the cpus they already own will be gimped requiring them to purchase the new cpu design to get upgraded performance and oh by the way its a new socket so you will need a new motherboard as well.

>> No.64161512

I think it's more likely going to be
>SEE! We've made gains since last gen! 30% better performance

rather than forcing an upgrade.

>> No.64161546

>compiler issues ops to flush caches but intel cpu just ignores it for performance reason.
Not what happens at all. The cache is flushed in intel cpus.
This is dumbed down and not exact but: the way meltdown works is that they attempt to perform another operation before the flush happens. Depending on whether the protected data in a specific location has a bit of 1 or 0, the operation will either happen or not happen. The result is still flushed. But whether the instruction happened or not can be determined by measuring how much time everything took, as performing the operation makes it take longer.

Software and Hardware can both offer methods to mitigate or prevent this, at the cost of performance.

>> No.64161635
File: 998 KB, 400x224, 1506385631668.gif [View same] [iqdb] [saucenao] [google] [report]


>> No.64161772

Anyone notice this is literally pilpul?

>> No.64161861

No, I'm saying that you didn't care about that when you bought an intel device.

>> No.64161962


>> No.64162040

Strictly speaking it's not a bug. The hardware is working as it was designed to. It's just that the regular operation of the processor has some uncalled side effects.

>> No.64162072

The AMD page actually based on project zero research paper
While intel is 100% Bullshit.

>> No.64162081
File: 113 KB, 882x731, 1497506239713.jpg [View same] [iqdb] [saucenao] [google] [report]

>"hab ahyeez seen dis pasta befoh, fren?"

>> No.64162089

Is the patch out for windows 7 yet?

>> No.64162091

>Very clever and unexpected.

1: Read value from protected kernel memory.
2: Use value as an index into an user array.
2.5: Handle exception because you don't have the right to read value from protected kernel memory.
3: Check which element of the array was cached. You got your value.

Veryyyyyyyy clever. Veeeeeeeerrrrrrrrryyyyyyyyyy (((clever))).

Top kek. Toppest of kek. Truly an exploit so complex only the brightest minds of our generations could find. An exploit so complex it can be implemented with 4 asm instructions, but wait, we're talking complex asm instructions, like load.

>> No.64162105

>the hardware was designed to allow user-space programs to read kernel-space memory
so it IS an hardware bug after all

>> No.64162108

>If we ever find out that phones fry your testicles, do you think Apple is just gonna get off the hook? No.

Yes. Popularity gives you immunity. Apple is going to say it's a feature.

>> No.64162135

No. Bug is when something isn't working as intended. Intel processors are working as they were designed.

>> No.64162142

No just shit design

>> No.64162144

Was out since yesterday, but you will have to wait until Tuesday for the Weekly update to have it automatically installed. However, you can download the security update KB4056897 now from their download catalogue.

>> No.64162159

It is a feature, iToddlers shouldn't breed anyway.

>> No.64162174

Thanks gman

>> No.64162182
File: 62 KB, 395x401, 1487962930609.jpg [View same] [iqdb] [saucenao] [google] [report]

> anti-Intel YouTube channel
> thick Indian accent

like poetry

>> No.64162193

You mean it's cheaper to get a fine and never pay it.

>> No.64162214


>> No.64162223

you think that's an indian accent? the fuck are you smoking

>> No.64162237

Again, I really think you are misdirecting your frustration. Intel works to provide the utmost in quality and security for its consumers. I would challenge you to re-evaluate your perspective on things and I hope that you can see Intel is a leading innovator in the field of consumer, government, and business electronics.

>> No.64162239


>> No.64162244


>> No.64162249

Again, I really think you are misdirecting your frustration. Intel works to provide the utmost in quality and security for its consumers. I would challenge you to re-evaluate your perspective on things and I hope that you can see Intel is a leading innovator in the field of consumer, government, and business electronics.

>> No.64162254

intel is kike

>> No.64162258

Is there any proof that the patch helps protect against the exploit?

>> No.64162262


>> No.64162271

The intel-only exploit? Yes. Spectre? Nuh-uh.

>> No.64162274
File: 121 KB, 790x1229, 1294015563680.jpg [View same] [iqdb] [saucenao] [google] [report]

>we knew about this and we made them shit on purpose

>> No.64162307

I think every PC pretty much ever is vulnerable to Spectre and there's no way to stop it yet. There's a patch to stop Meltdown on Intel CPUs though.

>> No.64162338
File: 962 KB, 171x172, 1495166744918.gif [View same] [iqdb] [saucenao] [google] [report]


>> No.64162340

By that definition bugs aren't bugs at all.
>works as intended
It only wouldn't be a bug if they intended for it to be completely insecure and exploitable, in which case it's a design flaw. So, it's either a bug, or a design flaw with or without the intent of making a backdoor. Admitting it's a bug would be in their best interest because the only other option is saying "we made a backdoor and left it there for 2 decades".
Also, they clearly stated "this isn't a bug or a FLAW" when it clearly is a flaw. Stop shilling.
Tl;dr see >>64159932

Either way, x86/x64 needs to be completely redesigned without the concern of legacy software and hardware. CPUs need a fresh start without being dragged down by shitty old designs. We can only hope ARM will get better.

>> No.64162357

I still got an Intel I7 4700 (or something) for my notebook. What does that mean for me

>> No.64162412

Haswell has PCID so there won't be much performance drop for you.

>> No.64162415


Where can i get a high quality rope?

>> No.64162422

not from Intel, that's for sure

>> No.64162475

Bigger question is if I should even bother with the windows 7 patch since that apparently does jack shit in the long run and just roll the intel firmware update they are gonna put out.
Experts of course say "buy a newer and better CPU", like I can just shake that money out of my pockets.

>> No.64162476

AMD ropes have more threads.

>> No.64162493

Bugs encompass things working outside of how you intended.

My login form could work completely as intended, assuming people put in the intended data, but if I don't sanitize my inputs then it could also allow SQL injection.
That would be considered a bug. It is working as intended, but can also operate outside the intended design.

>> No.64162500

>just roll the intel firmware update they are gonna put out.
Yeah, good luck with that not coming.

>> No.64162529

Do no-one care how utterly trivial Meltdown is?

I mean, most of the Intel shills seem to try to imply that Meltdown is an incredibly clever piece of work that Intel could never have foreseen, a tour de force of the greatest minds, something so incredibly intelligent only a genius could have found. We can't fault Intel for not having the foreseeing to discover that formidable security hole.

It's literally baby's first side-channel attack. It can be written with 15 lines of c code. The core of the attack is only 2-3 lines of c code. It's so incredibly dumb, it probably wasn't found until now because no-one expected Intel to be that dumb.

>> No.64162542

Well tough luck then. They can read out all the hentai shit I jack to, because apparently my anti virus programm isn't compatible with the Win patch yet.

>> No.64162658

>Intel so thoroughly fucked up that they are trying to say Meltdown is the same thing as Spectre and that ALL chips are fucked so theirs are fine
Lmao, and it will fucking work too because data centers with all intel crap that get a 30% performance hit will think the same would have happened with others

>> No.64162764

Yo how do i test this bug in windows.

>> No.64162771

>This attack is very clever and unexpected
for a layman

Also I've seen this pasta at least a dozen times. Fuck off shill.

>> No.64162780

Dude their fix for Spectre v2 for Skylakes is about as assbackwards as KPTI also with sizable perf hits.
And it requires microcode updates.

>> No.64162784


This isn't a bug. It's a CIA backdoor.

>> No.64162823

the worst thing is that normies will actually believe that.

>> No.64162862

their quality has only gone down after sandy bridge.

>> No.64162883


Yes the exploit is simple, but it exists only because of the ability to speculate long, and I assume because you have super fast caches and clocks. Has anybody demonstrated this on earlier cpus than haswell? Sure the PPro was superscaler and shares the same basic architecture with modern cpus, but are the caches and pipelines good enough to allow these exploits to work in practice?

Sure, shame on Intel and yay for AMD, but did the exploits only become practical with rising performance, complexity, and larger caches?

>> No.64162910

Check out my pull request.


>> No.64163035

Everything sounds simpler when you dumb it down and leave stuff out. Why don't you go ahead and mention all of the restrictions and circumstances that need to be set up for this to work. And then explain how you use execution time to actually check which element was cached, and how you're looping 256 checks for every byte of data. And then go on to explain how they handle the data value of zero separately since it's not easy to distinguish between reading a protected value of 0 and failing the read which returns a 0.

It's not rocket science, sure, but finding a working method for something like this is definitely as tedious as brain surgery.

>> No.64163046

its the motherboards that are expensive. you can get cpus for $5 from ebay but the motherboard will be $200 or more.

>> No.64163087

>This attack is very clever and unexpected, nobody could have predicted this
If you actually read up on what Meltdown is, it's baffling that this took such a long time to be discovered. It's extremely simple and in retrospect obvious.

>> No.64163103

No, this is the NSA one.
The CIA's is undisclosed as of yet.

>> No.64163111

There is a soulution for spectre v2 though. It just requires recompiling the kernel, all libraries and user programs (good luck with legacy) and causes up to 50% performance drop on indirect call heavy workload (ie. virtual functions, shared library calls, etc...).

>> No.64163119

They get generous stock options, often worth more than their yearly salary.

>> No.64163120

Not shitting on the streets should be obvious but the indians still haven't learned it.

>> No.64163131

well, that's why pajeets didn't disclose this one.

>> No.64163137
File: 1.79 MB, 450x254, 1472867828183.gif [View same] [iqdb] [saucenao] [google] [report]

>To put what where?
Take a guess...

>> No.64163138

probably because the cpu is proprietary and reverse engineering it takes time. im sure that there are other bugs too that no one knows yet but would find immediately if they did get acces to code and other shit.

>> No.64163152

>exploit up for grabs on git
I will turn off my PC now and order ryzen.
see you guys in a month.

>> No.64163178

spectre doesn't really do anything to consumer machines
it's not "javascript can flash your bios with 16mb of dolphin porn" tier

>> No.64163221

You can use a microphone (even from a cellphone iirc) to break RSA encryption on a laptop across the room via sound analysis side channel attacks.
It's not that the concepts are complicated. It's that developing a reproducible method takes a large amount of blind-esque focused testing that are usually filled with weird exceptions that introduce unreliability in your results that can trick you into thinking a method isn't even on the right track.

>> No.64163237
File: 21 KB, 218x265, 1491861776751.jpg [View same] [iqdb] [saucenao] [google] [report]

>I read hackernews too

>> No.64163246

It's a scottish accent, they only have indians and pakis in england.

>> No.64163256

>spectre doesn't really do anything to consumer machines
What the fuck are you talking about? If a web page running exploit javascript is on your browser, it can basically read anything your browser knows. I don't think the people who published these exploits could have been more clear.

>> No.64163259

>You can use a microphone (even from a cellphone iirc) to break RSA encryption on a laptop across the room via sound analysis side channel attacks
>it's real
what the actual fuck
""""real"""" cybersecurity is dead, isn't it?

>> No.64163268


>> No.64163293

It's also a blatant lie.

>> No.64163311

yes but a working javascript exploit might see your tranny porn tabs.

>> No.64163339

He's scottish you dipshit.

>> No.64163341

I can see that intel employs plenty of lying scum like yourself.

>> No.64163354


>> No.64163365

If apple genuinely had no idea, then yes they should get off.

>> No.64163371

Hardware security is basically a giant "oh fuck" subject. Side channel attacks in particular can make use of timing information, power consumption, electromagnetic leaks, sound, memory, etc.
If you want to become completely paranoid look up Hardware Trojans.

>> No.64163374


>> No.64163384

Lets be honest, how easy is to exploit pc because of spectre?

>> No.64163392

so basically, unless you run your system on a battery, inside a soundproof room with full radiation shielding walls there's no way to be safe?

>> No.64163409

on the xeon i get
Reading 40 bytes:
Reading at malicious_x = 0xffffffffffdfed98... Unclear: 0x01=’?’ score=60 (second best: 0x00 score=58)
Reading at malicious_x = 0xffffffffffdfed99... Unclear: 0x0A=’?’ score=61 (second best: 0x06 score=60)
Reading at malicious_x = 0xffffffffffdfed9a... Unclear: 0x08=’?’ score=60 (second best: 0x02 score=60)
Reading at malicious_x = 0xffffffffffdfed9b... Unclear: 0x02=’?’ score=60 (second best: 0x09 score=58)
Reading at malicious_x = 0xffffffffffdfed9c... Unclear: 0x0E=’?’ score=61 (second best: 0x01 score=59)
Reading at malicious_x = 0xffffffffffdfed9d... Unclear: 0x0A=’?’ score=58 (second best: 0x07 score=58)
Reading at malicious_x = 0xffffffffffdfed9e... Unclear: 0x07=’?’ score=57 (second best: 0x06 score=56)
Reading at malicious_x = 0xffffffffffdfed9f... Unclear: 0x02=’?’ score=55 (second best: 0x0A score=53)
Reading at malicious_x = 0xffffffffffdfeda0... Unclear: 0x01=’?’ score=56 (second best: 0x09 score=54)
Reading at malicious_x = 0xffffffffffdfeda1... Unclear: 0x06=’?’ score=52 (second best: 0x00 score=50)
Reading at malicious_x = 0xffffffffffdfeda2... Unclear: 0x09=’?’ score=50 (second best: 0x08 score=50)
Reading at malicious_x = 0xffffffffffdfeda3... Unclear: 0x0E=’?’ score=58 (second best: 0x06 score=58)
Reading at malicious_x = 0xffffffffffdfeda4... Unclear: 0x02=’?’ score=53 (second best: 0x07 score=49)
Reading at malicious_x = 0xffffffffffdfeda5... Unclear: 0x0E=’?’ score=54 (second best: 0x08 score=54)
Reading at malicious_x = 0xffffffffffdfeda6... Unclear: 0x08=’?’ score=57 (second best: 0x07 score=56)

i dont think it's working on the old xeon/c2d

>> No.64163415

you can steal passwords for tranny porn websites from other tranny porn enthusiasts

>> No.64163418
File: 25 KB, 918x186, Screenshot_20180105_141502.png [View same] [iqdb] [saucenao] [google] [report]

Did you try this?

>> No.64163421

Everything is simple after you have been told how to do it.

>> No.64163425


>> No.64163427

>but if they survived
They wouldn't have survived.

>> No.64163435

Are you absolutely retarded?

The speculative execution abuse to trampoline into BPF code is a thing of beauty (Spectre 2). It's an incredibly hard exploit that needs a deep and intricate understanding of every single part of the O.S and the hardware. I have nothing but awe for the people who found it, even though I don't think it will be used in a real environment for quite some times. It's literally genius.

Meltdown is script kiddy tier. It's baby side-channel tier. It's "this can't work, it's so fucking retarded, Intel can't be that incompetent" tier. It's kek.

Any competent kernel dev (which you probably aren't, sorry, kid) can do nothing but laugh at that shit. Kek.

>> No.64163436

Except that isn't how it works. The patches only protect against the current know variations, not all the future variations.

>> No.64163443

But i mean would you require a lot knowledge to steal stuff through this exploit?

>> No.64163452

Meltdown, the big scary thing is patched.
Spectre is honestly not all that exciting, because it does relatively little in comparision. However, what does make these exploits scary is that they may make hardware research a lot more popular. And who knows what skeletons other manufacturers have in their closets

>> No.64163462

fags on reddit still post this unironically

>> No.64163464

same "unclear" and "?" with higher scores

>> No.64163504

No. This is an entire class of bugs. Variations of spectre may be able to pass into kernel memory space in the future.

>> No.64163537

I was telling you this since forever but please, continue to exchange cash for digital meme coins.
T. Putin

>> No.64163543

Has anyone tried this on the botnet yet?

>> No.64163554

>Spectre is a thing of beauty
>Meltdown is script kiddy tier. It's baby side-channel tier. It's "this can't work, it's so fucking retarded, Intel can't be that incompetent" tier. It's kek.
Pssh. Spectre is literally shit I gave presentations on in grad school tier. Nothing personal, gook.

>> No.64163565
File: 6 KB, 235x210, 1467324198071.jpg [View same] [iqdb] [saucenao] [google] [report]

And yet actually competent people disagree and say that people who design processors for a living should know better.

>> No.64163591

What exactly was the fix then?
segfault any application that attempts this?

>> No.64163615

you only get garbage when you try it

>> No.64163685

Haha fuck you don't even need retpolines to fix v2 on AMD.
It's not fair.

>> No.64163691

The fix is to have the OS validate an instruction isn't accessing protected memory before translating the virtual memory address to the physical address and sending the instruction to the CPU instead of sending it off and waiting for a hardware catch.

>> No.64163764

You missed the part about checking every bit in cache for the oldest bit (because you flushed the cache before hand) to find your kernel memory to read out, and racing to do it before the cache gets flushed again.

The trick here, I think, was realizing that there was going to be a window available where you could carry out this attack in.

>> No.64164191

and the "optimal" fix would be for the hardware to do this automatically?
But why should the hardware know about what application scope?

>> No.64164245

Because it does?
When it isn't doing the branching speculative processing it checks and knows, the problem is when it speculates and doesn't check.

>> No.64164483

Trash the cache as soon as it looks stale, which is at the end of every read operation. Which defeats the purpose of having cache to begin with.


>> No.64164532

>But why should the hardware know about what application scope?
At the end of the day it comes down to application specific hardware solutions having better performance than application specific software solutions running on general hardware. It's the same reasoning behind why you use a GPU specifically for graphics processing.

>When it isn't doing the branching speculative processing it checks and knows, the problem is when it speculates and doesn't check.
>doesn't check
It's not that it doesn't check, it's that you're using branch prediction to create a race condition with the check, giving you a small window of time in which you can effect the cache.

I can think of a couple different ways to 'fix' this security issue at the hardware level. Ironically the cheapest (and therefore best) are the ones that are so stupid you wouldn't even think of complicated shit with them except to address this specific timing analysis side-channel attack on cache.

>> No.64164609

I can't understand what they're saying god damn. Am I stupid? That shit is too complex for my brain.

>> No.64164695

Oh god this fucking guy and channel....
It's like that "Lawbreakers" dude on Youtube.


Literally the same shit just with AMD.

>> No.64164730

> anime shitposter talking about who is dumb

>> No.64165098

> check benchmarks
> hard data shows almost no loss
> close those tabs quickly and proceed to spread fake info on /g/

yepp, this is /g/!

>> No.64165213

Basicaly, they're trying to redefine what the word "bug" means so they can pretend they didn't make any mistakes.

>> No.64165386


Have you read that Apple designed arm cpus and ARM's newest design are susceptible to Meltdown?

It was obviously not an obvious problem that only intel missed.

>> No.64165595
File: 165 KB, 376x309, 1488087593342.png [View same] [iqdb] [saucenao] [google] [report]


Name (leave empty)
Comment (leave empty)
Password [?]Password used for file deletion.