Results 1 to 5 of 5

Thread: Meltdown & Spectre

  1. #1
    Mr Self Important Senior Member Beskar's Avatar
    Join Date
    Feb 2008
    Location
    Albion
    Posts
    15,930
    Blog Entries
    1

    Default Meltdown & Spectre

    So, apparently fundamental vulnerabilities have been discovered which means that CPU architecture and OS's need to be completely redesigned in the future if they are to eliminate the vulnerability completely. Patches are currently being issued with plug up the holes, but there are reports of CPU speed decreases of 30%.

    http://www.bbc.co.uk/news/technology-42562303
    Days since the Apocalypse began
    "We are living in space-age times but there's too many of us thinking with stone-age minds" | How to spot a Humanist
    "Men of Quality do not fear Equality." | "Belief doesn't change facts. Facts, if you are reasonable, should change your beliefs."

  2. #2
    Darkside Medic Senior Member rory_20_uk's Avatar
    Join Date
    Mar 2003
    Location
    Taplow, UK
    Posts
    8,688
    Blog Entries
    1

    Default Re: Meltdown & Spectre

    It is rather a big "ooops". I thought that Meltdown is Intel specific and Spectre was all of them with the "up to 30%" being the former bug since information needs to be moved in and out of a cache each time which sort of defeats the point of the cache.

    Not a great day for CPU manufacturers in general but in the short term this might give AMD a boost since their one is less broken than the main competition - surely the weakest sales pitch to have.

    A bigger question: do we think that the NRA / CGHQ were really unaware of this? It is the ultimate low level exploit which gets around all other security and is used practically everywhere on the planet. If they were they'll probably play it cool and pretend they did know.

    An enemy that wishes to die for their country is the best sort to face - you both have the same aim in mind.
    Science flies you to the moon, religion flies you into buildings.
    "If you can't trust the local kleptocrat whom you installed by force and prop up with billions of annual dollars, who can you trust?" Lemur
    If you're not a liberal when you're 25, you have no heart. If you're not a conservative by the time you're 35, you have no brain.
    The best argument against democracy is a five minute talk with the average voter. Winston Churchill

  3. #3
    master of the pwniverse Member Fragony's Avatar
    Join Date
    Apr 2003
    Location
    The EUSSR
    Posts
    30,680

    Default Re: Meltdown & Spectre

    Things happen, nobody expected that there won't be enough numbers for IP-adresses or of the possible millenium bug. People smarter than me will figure it out.

  4. #4
    Iron Fist Senior Member Husar's Avatar
    Join Date
    Jan 2003
    Location
    Germany
    Posts
    15,617

    Default Re: Meltdown & Spectre

    Isn't that for the tech forum?

    Either way, the 30% slowdown are not something you will usually experience in games or when using most programs, they mostly appear in databases. One consequence could be that some online services become more expensive because they now need more servers.

    Since we're in the Backroom already, the real scandal is that Intel is not only most affected, they also try to weasel out of responsibility and get heavy flak for it:
    From Linus Torvalds: https://lkml.org/lkml/2018/1/3/797
    A *competent* CPU engineer would fix this by making sure speculation
    doesn't happen across protection domains. Maybe even a L1 I$ that is
    keyed by CPL.

    I think somebody inside of Intel needs to really take a long hard look
    at their CPU's, and actually admit that they have issues instead of
    writing PR blurbs that say that everything works as designed.

    .. and that really means that all these mitigation patches should be
    written with "not all CPU's are crap" in mind.

    Or is Intel basically saying "we are committed to selling you shit
    forever and ever, and never fixing anything"?

    Because if that's the case, maybe we should start looking towards the
    ARM64 people more.

    Please talk to management. Because I really see exactly two possibibilities:

    - Intel never intends to fix anything

    OR

    - these workarounds should have a way to disable them.

    Which of the two is it?
    And a follow-up from the Register, where they tear apart Intel's first press release on the subject: http://www.theregister.co.uk/2018/01...s_annotations/


    "Topic is tired and needs a nap." - Tosa Inu

    Members thankful for this post (2):



  5. #5
    The very model of a modern Moderator Xiahou's Avatar
    Join Date
    Aug 2002
    Location
    in the cloud.
    Posts
    9,007

    Default Re: Meltdown & Spectre

    Quote Originally Posted by Beskar View Post
    So, apparently fundamental vulnerabilities have been discovered which means that CPU architecture and OS's need to be completely redesigned in the future if they are to eliminate the vulnerability completely. Patches are currently being issued with plug up the holes, but there are reports of CPU speed decreases of 30%.

    http://www.bbc.co.uk/news/technology-42562303
    This bug is simultaneous worse and not as bad as most people think.

    I can imagine it being nothing short of a disaster for cloud service providers. Their hosted platforms are suddenly insecure, and the fix will cause a huge performance hit.
    For end users, it doesn't sound much worse than any of the other nonsense we've been dealing with. It provides another avenue for malicious code to get root level access to your system. The same advice applies as before.
    1) If you didn’t go looking for it, don’t install it; 2) If you installed, update it. 3) If you no longer need it, get rid of it!
    Last edited by Xiahou; 01-13-2018 at 03:36.
    "Don't believe everything you read online."
    -Abraham Lincoln

    Member thankful for this post:

    Husar 


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Single Sign On provided by vBSSO