View Full Version : Meltdown & Spectre
So, apparently fundamental vulnerabilities have been discovered which means that CPU architecture and OS's need to be completely redesigned in the future if they are to eliminate the vulnerability completely. Patches are currently being issued with plug up the holes, but there are reports of CPU speed decreases of 30%.
http://www.bbc.co.uk/news/technology-42562303
rory_20_uk
01-05-2018, 10:22
It is rather a big "ooops". I thought that Meltdown is Intel specific and Spectre was all of them with the "up to 30%" being the former bug since information needs to be moved in and out of a cache each time which sort of defeats the point of the cache.
Not a great day for CPU manufacturers in general but in the short term this might give AMD a boost since their one is less broken than the main competition - surely the weakest sales pitch to have.
A bigger question: do we think that the NRA / CGHQ were really unaware of this? It is the ultimate low level exploit which gets around all other security and is used practically everywhere on the planet. If they were they'll probably play it cool and pretend they did know.
~:smoking:
Things happen, nobody expected that there won't be enough numbers for IP-adresses or of the possible millenium bug. People smarter than me will figure it out.
Isn't that for the tech forum?
Either way, the 30% slowdown are not something you will usually experience in games or when using most programs, they mostly appear in databases. One consequence could be that some online services become more expensive because they now need more servers.
Since we're in the Backroom already, the real scandal is that Intel is not only most affected, they also try to weasel out of responsibility and get heavy flak for it:
From Linus Torvalds: https://lkml.org/lkml/2018/1/3/797
A *competent* CPU engineer would fix this by making sure speculation
doesn't happen across protection domains. Maybe even a L1 I$ that is
keyed by CPL.
I think somebody inside of Intel needs to really take a long hard look
at their CPU's, and actually admit that they have issues instead of
writing PR blurbs that say that everything works as designed.
.. and that really means that all these mitigation patches should be
written with "not all CPU's are crap" in mind.
Or is Intel basically saying "we are committed to selling you shit
forever and ever, and never fixing anything"?
Because if that's the case, maybe we should start looking towards the
ARM64 people more.
Please talk to management. Because I really see exactly two possibibilities:
- Intel never intends to fix anything
OR
- these workarounds should have a way to disable them.
Which of the two is it?
And a follow-up from the Register, where they tear apart Intel's first press release on the subject: http://www.theregister.co.uk/2018/01/04/intel_meltdown_spectre_bugs_the_registers_annotations/
So, apparently fundamental vulnerabilities have been discovered which means that CPU architecture and OS's need to be completely redesigned in the future if they are to eliminate the vulnerability completely. Patches are currently being issued with plug up the holes, but there are reports of CPU speed decreases of 30%.
http://www.bbc.co.uk/news/technology-42562303
This bug is simultaneous worse and not as bad as most people think. :clown:
I can imagine it being nothing short of a disaster for cloud service providers. Their hosted platforms are suddenly insecure, and the fix will cause a huge performance hit. :no:
For end users, it doesn't sound much worse than any of the other nonsense we've been dealing with. It provides another avenue for malicious code to get root level access to your system. The same advice (https://krebsonsecurity.com/tools-for-a-safer-pc/) applies as before.
1) If you didn’t go looking for it, don’t install it; 2) If you installed, update it. 3) If you no longer need it, get rid of it!
vBulletin® v3.7.1, Copyright ©2000-2025, Jelsoft Enterprises Ltd.