ATTN!...Intel CPU owners (Spectre,Meltdown,Foreshadow, flaws)

Chat about just about anything else
User avatar
smurphos
Level 6
Level 6
Posts: 1393
Joined: Fri Sep 05, 2014 12:18 am
Location: Britisher...

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by smurphos » Fri Jul 27, 2018 1:30 am

michael louwe wrote:
Thu Jul 26, 2018 2:43 pm
neversaynever wrote:.
Hopefully, Ubuntu/LM will also provide downstream Linux kernel 4.19 in the Update Manager of 32 bit LM 18.x and 17.x.
I'd be surprised if they didn't backport the 32Bit patches once confirmed as 'stable' to their supported LTS kernels (3.13, 4.4, 4.15). That's how they dealt with the original 64bit Spectre patches.

DAMIEN1307
Level 5
Level 5
Posts: 964
Joined: Tue Feb 21, 2017 8:13 pm
Location: Alamogordo, New Mexico

Re: ATTN!...Intel CPU owners (Spectre,Meltdown,foreshadow flaws)

Post by DAMIEN1307 » Wed Aug 15, 2018 9:48 am

you might notice that ive added "foreshadow" into the spectre/meltdown title in the subject bar...at this point, i dont see that any of these flaws can ever truly be "fixed"...but for many years, i have told people that i personally know, (the majority of which did not listen). to never store their passwords, credit card numbers, bank acct. numbers, social security numbers, etc. on their computers...quote from article, "In the wrong hands, speculative execution could give hackers a new way to steal confidential data, such as passwords, from your computer via a piece of malware or even through the browser."...though not any easy target to hit, it can still be done...these friends have always said what i asked them to cease doing this,that it is just too inconvenient for them not to store these type of things on their computers...well thats my rant for the morning, and in case you might ask ?...no, i have never, ever stored anything on my own computers except the OS...everything else i need, including pics, videos, movies, documents etc., i have always stored over the years on floppies, CDs, DVDs, flash fobs etc...with no exceptions...enjoy the article below...DAMIEN

https://www.pcmag.com/news/363105/new-f ... l-protecte
ORDO AB CHAO

User avatar
michael louwe
Level 9
Level 9
Posts: 2644
Joined: Sun Sep 11, 2016 11:18 pm

Re: ATTN!...Intel CPU owners (Spectre,Meltdown,Foreshadow, flaws)

Post by michael louwe » Wed Aug 15, 2018 12:02 pm

Like I said before, anything speculative should not have been put into the CPUs. The faster speed performance was a "FAKE".! Now, Intel reaps what she has sown or karma is her beetch.

Buy AMD CPUs.

User avatar
xenopeek
Level 24
Level 24
Posts: 22755
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: ATTN!...Intel CPU owners (Spectre,Meltdown,Foreshadow, flaws)

Post by xenopeek » Wed Aug 15, 2018 12:12 pm

Another source for the Foreshadow vulnerabilities affecting Intel processors: https://www.kitguru.net/components/cpu/ ... abilities/
  • Malicious applications may be able to infer the values of data in the OS memory, or data from other applications.
  • A malicious guest VM may be able to infer the values of data in the VM manager’s memory, or values of data in the memory of other guest VMs.
  • Malicious software running outside of SMM (system management mode) may be able to infer values of data in SMM memory.
  • Malicious software running outside of an Intel SGX enclave or within an enclave may be able to infer data from within another Intel SGX enclave
They note:
"This presents numerous problems for those running cloud systems and data centres running their own virtualised hardware and software, as guest operating systems will also require the mitigations in order to remain safe. Sadly, there is a potential performance hit from these mitigations, but it’s almost a non-negotiable trade-off given the security implications."

Ouch. Rumor is Intel's upcoming next processor generation will have hardware fixes for speculative execution bugs. They've postponed their 10nm processors till late 2019/mid 2020 and continue on 14nm till then. Perhaps related.
Image

User avatar
thx-1138
Level 6
Level 6
Posts: 1085
Joined: Fri Mar 10, 2017 12:15 pm
Location: Athens, Greece

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by thx-1138 » Thu Aug 16, 2018 6:19 am

thx-1138 wrote:
Thu Mar 01, 2018 9:33 am
...SGX exists only on 6th-gen & afterwards Intel processors, ie. after 2015 - earlier ones don't have such.
But even on those newer ones, it's totally non-existent in any Linux 'desktop' so far
(personally, i also kinda doubt it will gain considerable attraction any time soon
, but who knows...)
...ehhm, no, it's not a "I told you so..." - quite the contrary, it's a mere 2 clicks away in your favorite search engine:
https://software.intel.com/en-us/articl ... plications
1) Feature needs to be explicitly enabled in BIOS...
2) Feature needs the 'secured' apps to be explicitly linked / compiled against Intel's SGX SDK...

To keep it short, something that simple common users shouldn't bother themselves at all
(as such stuff does NOT exist on Mint or other Linux distros so far...)

No comment for the outrageous claims such as that 'speculative execution' should have never been included in cpus, hah!
Even more when such 'statements' have been explained & discarded before:
viewtopic.php?p=1410027#p1410027
&
viewtopic.php?p=1450260#p1450260

rene
Level 8
Level 8
Posts: 2057
Joined: Sun Mar 27, 2016 6:58 pm

Re: ATTN!...Intel CPU owners (Spectre,Meltdown,Foreshadow, flaws)

Post by rene » Thu Aug 16, 2018 10:46 am

thx-1138 wrote:
Thu Mar 01, 2018 9:33 am
Even more when such 'statements' have been explained & discarded before
Thank you so much for that. I was busy typing the basically same thing yesterday but ending with a request to Michael to stop abusing the Linux Mint forums for stock manipulation (i.e., he almost must be sitting on a neat stack of AMD stock) when xenopeek posted, making me take the opportunity to think "oh, sod this".

User avatar
michael louwe
Level 9
Level 9
Posts: 2644
Joined: Sun Sep 11, 2016 11:18 pm

Re: ATTN!...Intel CPU owners (Spectre,Meltdown,Foreshadow, flaws)

Post by michael louwe » Fri Aug 17, 2018 5:24 am

https://news.softpedia.com/news/ubuntu- ... 2335.shtml (ubuntu-debian-rhel-and-centos-linux-now-patched-against-foreshadow-attacks - 16 Aug 2018)

User avatar
xenopeek
Level 24
Level 24
Posts: 22755
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: ATTN!...Intel CPU owners (Spectre,Meltdown,Foreshadow, flaws)

Post by xenopeek » Tue Aug 21, 2018 2:22 am

For the upcoming "Cascade Lake" CPUs Intel adds mitigation in hardware for half the variants, which should have much less performance impact than the mitigation in firmware/OS previously used.

AnandTech have the full story: https://www.anandtech.com/show/13239/in ... scade-lake

Image
Image

User avatar
michael louwe
Level 9
Level 9
Posts: 2644
Joined: Sun Sep 11, 2016 11:18 pm

Re: ATTN!...Intel CPU owners (Spectre,Meltdown,Foreshadow, flaws)

Post by michael louwe » Fri Aug 24, 2018 3:30 am

https://www.zdnet.com/article/intel-gag ... e-patches/ (Intel 'gags' Linux distros from revealing performance hit from Spectre patches; You can test performance after using our patches, but don't publish the results, say Intel's new license terms. By Liam Tung | August 23, 2018 )

Looks like the performance hit must be pretty bad for Intel to issue a gag order.

User avatar
xenopeek
Level 24
Level 24
Posts: 22755
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: ATTN!...Intel CPU owners (Spectre,Meltdown,Foreshadow, flaws)

Post by xenopeek » Fri Aug 24, 2018 5:01 am

michael louwe wrote:
Fri Aug 24, 2018 3:30 am
https://www.zdnet.com/article/intel-gag ... e-patches/ (Intel 'gags' Linux distros from revealing performance hit from Spectre patches; You can test performance after using our patches, but don't publish the results, say Intel's new license terms. By Liam Tung | August 23, 2018 )
Intel has already amended their license and the above is no longer the case. See: https://www.kitguru.net/components/cpu/ ... g-its-tcs/. Probably somebody got overzealous... The license is now a trivial "include this copyright, don't use our name to promote your product and don't reverse engineer the binary".
Image

User avatar
Spearmint2
Level 15
Level 15
Posts: 5719
Joined: Sat May 04, 2013 1:41 pm
Location: Maryland, USA

Re: ATTN!...Intel CPU owners (Spectre,Meltdown,Foreshadow, flaws)

Post by Spearmint2 » Fri Aug 24, 2018 8:50 am

michael louwe wrote:
Fri Aug 24, 2018 3:30 am
https://www.zdnet.com/article/intel-gag ... e-patches/ (Intel 'gags' Linux distros from revealing performance hit from Spectre patches; You can test performance after using our patches, but don't publish the results, say Intel's new license terms. By Liam Tung | August 23, 2018 )

Looks like the performance hit must be pretty bad for Intel to issue a gag order.

I don't even think that would be legally acceptable. Just because something is written into a "license" doesn't by itself mean it's based on something that when challenged would prove to be legal in a court of law. Benchmarking of computer components has a long legal history. Anyone doing the benchmarking isn't testing the "software" per se, but the performance of the CPU itself under a different condition than previously existed. All this "statement" does is further put us on notice that Intel has a BIG reduced performance problem dealing with these potential exploits. That's not the fault of the users of such processors, nor of the benchmarking sites which explore the difference in performance, but is the fault of Intel's CPU and "fixes".
All things go better with Mint. Mint julep, mint jelly, mint gum, candy mints, pillow mints, peppermint, chocolate mints, spearmint,....

User avatar
Spearmint2
Level 15
Level 15
Posts: 5719
Joined: Sat May 04, 2013 1:41 pm
Location: Maryland, USA

Re: ATTN!...Intel CPU owners (Spectre,Meltdown,Foreshadow, flaws)

Post by Spearmint2 » Fri Aug 24, 2018 8:55 am

xenopeek wrote:
Fri Aug 24, 2018 5:01 am
Intel has already amended their license and the above is no longer the case. See: https://www.kitguru.net/components/cpu/ ... g-its-tcs/. Probably somebody got overzealous... The license is now a trivial "include this copyright, don't use our name to promote your product and don't reverse engineer the binary".
And the Lawsuits begin.

https://www.cnet.com/news/class-action- ... aws-surge/

Intel says that since the beginning of January it has been hit with 30 consumer and two securities-related class-action suits over the Spectre and Meltdown vulnerabilities in its processors revealed in 2017.
In the section "Litigation related to Security Vulnerabilities" of the 10-K statement Intel released this week the chipmaker states:
All things go better with Mint. Mint julep, mint jelly, mint gum, candy mints, pillow mints, peppermint, chocolate mints, spearmint,....

Post Reply

Return to “Open chat”