New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Or more importantly: They could run Sim City.
Amigas had Populous, so..
Was that the same timeframe? I didn't know anyone who had an Amiga back then. If so yeah fuck Sim City.
I didn't get my first Amiga until around 1999. They really were amazingly ahead of their time. The lack of protected memory and bizarre hardware hacks are amusing, though. How many other platforms have a combination CPU+SCSI+Ethernet adapter?
Yep, that is how it worked. Someone noticed a flaw, someone else understood it's significance and a third person would use the flaw to expand the machine. Adding interrupts for an ever expanding number of "peripherals", such as memory, for instance, switching memory banks... As for the software, well, the so many undocumented "features" people were using in games...
@bsdguy you obviously have the experience for commentary and cheers for sharing it. I was a teenager when these architectures were coming out, and probably playing sim city.
I'm a little surprised there isn't a wider global (stock market) reaction to this. Someone comes out and says "basically every computer connected the the Internet over the past 20 years is potentially compromised and likely still is". Obviously that would put some people out of pocket, and it hasn't happened.
Worst case scenario is several million man hours being paranoid and some patches, and performance loss. It'll all be forgotten in a few weeks.
It has always been that way. At least the last 20 years as you say.
At first there were simple exploits you could do by hand. Later evolved to timed attacks and whatnot, however, everything put online was later found out to be vulnerable to something.
It will likely be the same and worse in the future.
It is the guardian and prisoner dilemma, the prisoner is much more motivated to escape than the guardian to keep him in.
Writing code is tedious, is collaborative (at least now for big projects), is a big quantity and increasingly so, making a mistake is easy and although most mistakes are caught by compilers, reviewers, testers, customers/users, etc, some, very few, are not, but at the quantity of the code it is put out there every day, there have to be some, people are not machines, and mistakes do happen even in the most secure environments. If a mistake does not happen in the code, someone will be careless with the logic or procedures (anyone remember the blank root pass in High Sierra?), so, whatever is online or even on your connected device, is insecure, consider an adversary already has it or can get it, make decisions accordingly and learn to live with them.
This is more about human nature than technology, lazyness, why fix it if it ain't broken (yet), let's keep this platform, making something radically new and incompatible means failure because the other people's human nature, etc.
Simple reason: There's no alternative.
Well, perhaps there's no alternative but in the capacity of intellectuals in the peripherary, at least it be known
http://amiga.resource.cx/exp/actionreplay
>
Well they knew documented for about 9 months. Since that time they released two major new performs. Intel x 299 and 8xxx replacement to 7xxx. Both needed new chipsets and pin layouts and motherboards. Meaning both could have had major arch changes to resolve this issue. They didn't. With that said all indications show they've known about this for years now.
Furthermore were they actually under immense pressure for more performance? AMD hasnt been much of a challenge the past 8-9years. Intel has released revision after revision with only 5-10% performance bumps.
This just screams poor development and lack of quality control or caring for overall pubic safety. These processors run not only web servers but also pubic works (and defense!). Intel's lack of response to an issue They were well aware of while selling millions of chips to pubic works solutions is in my opinion a government lawsuit waiting to happen. But considering how much Intel donates to our political environment i doubt they'll go after them
Wouldn't say nothing has happened. Intel stock took a dip and AMD a bump. Unfortunately sheeple won't realize their pitfall in depending on One sole provider. What we need is a mixture of amd and Intel in the datacenter and pubic works so we don't have a single point failure.
Nvidia just released an update to mitigate Spectre on Windows.
I have a intel KVM w/centos 7. After running yum update and reboot, my kernel is now 3.10.0-693.11.6.el7.x86_64.
However when I run spectre-meltdown-checker.sh I still have vulnerable on Mitigation 2:
Checking for vulnerabilities against live running kernel Linux 3.10.0-693.11.6.el7.x86_64 #1 SMP Thu Jan 4 01:06:37 UTC 2018 x86_64
Will use vmlinux image /boot/vmlinuz-3.10.0-693.11.6.el7.x86_64
Will use kconfig /boot/config-3.10.0-693.11.6.el7.x86_64
Will use System.map file /proc/kallsyms
CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
> STATUS: NOT VULNERABLE (heuristic to be improved when official patches become available)
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
> STATUS: VULNERABLE (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)
CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
> STATUS: NOT VULNERABLE (PTI mitigates the vulnerability)
Did you install microcode_ctl? If not, install it, systemctl enable it and then reboot and check again.
Intel published fresh microcode on Jan 8th : https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File?v=t
C'mon guys.. where's my new i5 code?
Huh so if I understand this correctly, for me to get that Microcode update for my 4790k I'm either reliant on my Mobo manufacturer releasing a new bios or using a linux live distro and installing it that way?
Given that last time they did a bios update for my Asus z97-a was Nov 2015, I'm not particularly confident they will do another.
You can't install microcode from a livecd. Either you flash from bios (permanent) or your os provides firmware early in the boot process (disappears on shutdown/reboot).
Damn, not the answer I was hoping for. Thank you for the quick answer!
Payday for the IT really. So much older hardware became obsolete just now, it’s just crazy.
@tarasis
Or, more precisely (because it might be important to some):
Of course one can install microcode, bios-updates, etc. from a live-cd. But it's not meant to be.
Explanation: You can either (permanently) change/update the bios (typ. done from the bios itself) or you can tell the processor (and/or quite some logic around it) to use what you hand it rather than what it has so far via OS (or life CD or ....) but that's not permanent.
Note that quite some parts can only be updated in one way, typ. from the bios, because there's a shitload of stuff around the processor (think "amt", etc.) that is encrypted and/or signed and the OS doesn't have the keys (but the MoBo manufacturerers do).
Run geekbench 4 with and without pti enabled(7th gen i7) - less than 2% of overhead .
This was what I expected, minimally affected, because geekbench should use almost no sys calls. Only SQLite bench saw a bit of noticeable drop in performance (5%)
Later I will compile Linux kernel and run a few other benchmarks.
New microcodes has been released by Intel and patches in microcode_ctl should arrive soon - it brings microcodes to at least i7-6700k and i7-7700, E3-1230v6 - it at same time removes the microcodes for E5-1650v4 (aka removing patch for meltdown) - why they decided that.. No clue - but I hope microcode_ctl won't actually roll that back but only add new CPU microcodes.
So in the coming days we should see updates from OS vendors to be able to patch other CPUs as well.
Thanks for that info
Phoronix benchmarked KPTI + Retpoline on Ubuntu both Apache and Nginx and saw around 21-26% performance impact for Nginx using apachebench https://www.phoronix.com/scan.php?page=news_item&px=KPTI-Retpoline-Combined-Ubuntu. I tested Centmin Mod Nginx with Siege bench on i7 4790K on CentOS 7.4 with KPTI only Kernel and got around 5.5% performance impact https://community.centminmod.com/threads/nginx-benchmarks-after-centos-linux-kernel-kpti-meltdown-spectre-fixes.13694/
Thank you for the more indepth answer.
Every one showing their nerd colors in this thread.
As opposed to the other threads where we're all slick hipsters? ;-)
In other news, fuck me if the HP salesman didn't call me this week and say "you know, Itanium is not affected by the Meltdown Attack, so if you're looking for more secure future options..."
..or at least their Google-Fu.
I'll be damned if these patches haven't completely nuked my first-gen i7 to the point of being nearly a core2duo in speed. Going to revert the kernel and stick it there for now because it's fucking useless, despite 8 cores. I'm the only one on it, so who cares. It can sit on an older 4.12 until this shit gets cleaned up and optimized.
Hum, I have a couple of those as well as i3 and i5 1-3 gen. I hope I will be luckier than you, but i am not updating anything yet.