Meltdown, Spectre: How they failed, what do we know?

Chat about Linux in general
User avatar
wutsinterweb
Level 5
Level 5
Posts: 892
Joined: Tue Feb 28, 2017 2:14 am
Location: Connecticut, USA

Meltdown, Spectre: How they failed, what do we know?

Post by wutsinterweb »

I just read another article about Meltdown and Spectre, how Intel kept things quiet in concert with Microsoft and other companies and how we are still probably being kept in the dark to an extent. I read how google and other private hack analysts found the issues and revealed them when the manufacturers were still keeping mum about the issues and that MS and others kept pushing for Linux Kernel changes that made devs suspicious that something was up.

I don't know what to take seriously. I don't know how vulnerable my systems are compared with Windows systems now. I don't understand how these companies can get away with keeping us, especially Linux people, in the dark. I can't understand how MS's Secure boot and manufacturers can also get away with making things so much harder for us to move TO Linux.

I'm angry. I wish I could sue. I'm angry about how quiet Intel, AMD, and the Cell processor makers kept things quiet for so darned long and how not enough effort seems to be visible for them addressing the issues. I've recieved no warnings from AMD or Intel or others, no emails or letters about what to do or what they are doing about it.

I'm frustrated that, even with all the articles about it, information about what microcode/Kernel/BIOS updates I will need for my products will be isn't right out there in an adequately visible and publicized manner.

I moved to Intel a few years ago, I have Haswell and pre Haswell products and I don't know how vulnerable I am. I don't know if firejail and script protections will help at all, I don't know anything, and I'm frustrated about that. If *I* know so little, how much less do the consumer class that are passive about computing know?

This is not cool. I'm genuinely worried about these issues much more than any other I've ever come across.

I see this:

https://www.ghacks.net/2018/01/11/check ... erability/

I will do it, but why isn't this getting more attention?
I'm just a student, your guidance is appreciated.
User avatar
wutsinterweb
Level 5
Level 5
Posts: 892
Joined: Tue Feb 28, 2017 2:14 am
Location: Connecticut, USA

Re: Meltdown, Spectre: How they failed, what do we know?

Post by wutsinterweb »

I'm just a student, your guidance is appreciated.
User avatar
wutsinterweb
Level 5
Level 5
Posts: 892
Joined: Tue Feb 28, 2017 2:14 am
Location: Connecticut, USA

Re: Meltdown, Spectre: How they failed, what do we know?

Post by wutsinterweb »

Also, what about my BIOS/UEFI, will there ever be updates for my systems, which are over 3 years old technlogoy wise.
I'm just a student, your guidance is appreciated.
Citizen229
Level 5
Level 5
Posts: 838
Joined: Fri Nov 04, 2016 12:09 pm
Location: NW Ohio

Re: Meltdown, Spectre: How they failed, what do we know?

Post by Citizen229 »

With data being big money these days......
I am wondering if this fits into the realm of prosecutable conspiracy, for all parties who kept quiet. Since I do not fully understand it, you can be assured there is almost no one in the government that does either.... unless they abused it themselves.
Folding@home Project
Team Linux Mint-76140
PM for info on how you can help. Or visit viewtopic.php?f=58&t=243792
Seeking GPU's, i5/7/9's , Ryzens.
User avatar
jimallyn
Level 18
Level 18
Posts: 8955
Joined: Thu Jun 05, 2014 7:34 pm
Location: Wenatchee, WA USA

Re: Meltdown, Spectre: How they failed, what do we know?

Post by jimallyn »

wutsinterweb wrote:I don't know how vulnerable my systems are compared with Windows systems now.
I would imagine that your Linux systems are still less vulnerable compared to Windows, as always.
wutsinterweb wrote:I wish I could sue.
I don't know of any reason why you can't. Class action suits are being filed now.

https://arstechnica.com/gadgets/2018/01 ... d-spectre/
Image

“If the government were coming for your TVs and cars, then you'd be upset. But, as it is, they're only coming for your sons.” - Daniel Berrigan
BigEasy
Level 6
Level 6
Posts: 1293
Joined: Mon Nov 24, 2014 9:17 am
Location: Chrząszczyżewoszyce, powiat Łękołody

Re: Meltdown, Spectre: How they failed, what do we know?

Post by BigEasy »

wutsinterweb wrote:Also, what about my BIOS/UEFI, will there ever be updates for my systems, which are over 3 years old technlogoy wise.
Let's say it will tomorrow. Are you ready to update BIOS/UEFI with the some Linux software?
Windows assumes I'm stupid but Linux demands proof of it
ArtGirl

Re: Meltdown, Spectre: How they failed, what do we know?

Post by ArtGirl »

wutsinterweb wrote: I don't understand how these companies can get away with keeping us, especially Linux people, in the dark. I can't understand how MS's Secure boot and manufacturers can also get away with making things so much harder for us to move TO Linux.

I'm angry. I wish I could sue. I'm angry about how quiet Intel, AMD, and the Cell processor makers kept things quiet for so darned long and how not enough effort seems to be visible for them addressing the issues. I've recieved no warnings from AMD or Intel or others, no emails or letters about what to do or what they are doing about it.

I'm frustrated that, even with all the articles about it, information about what microcode/Kernel/BIOS updates I will need for my products will be isn't right out there in an adequately visible and publicized manner.

This is not cool. I'm genuinely worried about these issues much more than any other I've ever come across.
Completely understandable. The upside of all this is watching Intel's share drop, and so many now switched on about looking elsewhere (AMD) and what to demand for new hardware. Hopefully everyone's as angry and take the actions that teach these companies they've 100% stepped over the mark ... people buying elsewhere over the next year or two would have a significant effect on Intel and co. They treat customers like dirt and as cashpoints, so I see nothing wrong with taking action against them.

In the short term, all that can be done regarding a place where everything is covered clearly in one post is a post I've seen here [can't find it but I think it was by pjotr, giving instructions for the various things, in one post], and checking Clem's post on the blog maybe, for new patch releases? https://blog.linuxmint.com/?p=3496. The most recent post is dated January 9th, and I imagine there could be a new post when the patches expected this week come through. There's also this central Ubuntu page that gives clear information: https://insights.ubuntu.com/2018/01/12/ ... us-update/
User avatar
wutsinterweb
Level 5
Level 5
Posts: 892
Joined: Tue Feb 28, 2017 2:14 am
Location: Connecticut, USA

Re: Meltdown, Spectre: How they failed, what do we know?

Post by wutsinterweb »

BigEasy wrote:
wutsinterweb wrote:Also, what about my BIOS/UEFI, will there ever be updates for my systems, which are over 3 years old technlogoy wise.
Let's say it will tomorrow. Are you ready to update BIOS/UEFI with the some Linux software?
I don't think I'd have to, my motherboard will update BIOS direct off USB without using an os, I don't remember the details, but I remember that that was a selling point.
I'm just a student, your guidance is appreciated.
User avatar
wutsinterweb
Level 5
Level 5
Posts: 892
Joined: Tue Feb 28, 2017 2:14 am
Location: Connecticut, USA

Re: Meltdown, Spectre: How they failed, what do we know?

Post by wutsinterweb »

I'd like to see a class action law suit that includes Microsoft, both for their involvement in this but mostly I'd like to go after them because, in my perception, they've colluded to make it difficult to install Linux on most modern systems. Every laptop I've tried to install on has presented problems figuring out how to get past Secure Boot, Faststart/boot, UEFI settings, Bootloader issues, and other hassles. It's just wrong how Intel and MS behave, and not just them, but google, ATT, Verizon, Comcast, the other cablecos and telcos, non of them behave like they have any regard for consumers any longer. They are all corrupt.

I'd be overjoyed if I could get Linux laptops for comparable prices, in the entire price range. I'm sorry, but things just seem very unjust.
I'm just a student, your guidance is appreciated.
User avatar
Spearmint2
Level 16
Level 16
Posts: 6892
Joined: Sat May 04, 2013 1:41 pm
Location: Maryland, USA

Re: Meltdown, Spectre: How they failed, what do we know?

Post by Spearmint2 »

If the Eurozone wasn't in such turmoil right now, I think they'd have already gone after Microsoft again for their non-competitive practices. The US govt will NEVER do that with Microsoft and Intel, because they are huge US companies. Class action suits are the only thing in the US they end up facing.
All things go better with Mint. Mint julep, mint jelly, mint gum, candy mints, pillow mints, peppermint, chocolate mints, spearmint,....
User avatar
wutsinterweb
Level 5
Level 5
Posts: 892
Joined: Tue Feb 28, 2017 2:14 am
Location: Connecticut, USA

Re: Meltdown, Spectre: How they failed, what do we know?

Post by wutsinterweb »

I don't care how hard Bill and Melinda Gates pose as humanitarians, they are power playing egotists who have sought to impose upon the world and take away freedoms. It's so easy to act like a benefactor to the world once one is a billionaire, but a Lion never loses his furry crown, and a leopard never loses its spots, nor a tiger his stripes. A cat, no matter how fluffy or furry, is still a cat, and cats are, well, I will stop there.

I am so angry right now.
I'm just a student, your guidance is appreciated.
ArtGirl

Re: Meltdown, Spectre: How they failed, what do we know?

Post by ArtGirl »

wutsinterweb wrote:I don't care how hard Bill and Melinda Gates pose as humanitarians, they are power playing egotists who have sought to impose upon the world and take away freedoms. It's so easy to act like a benefactor to the world once one is a billionaire, but a Lion never loses his furry crown, and a leopard never loses its spots, nor a tiger his stripes. A cat, no matter how fluffy or furry, is still a cat, and cats are, well, I will stop there.

I am so angry right now.
Well said.
User avatar
wutsinterweb
Level 5
Level 5
Posts: 892
Joined: Tue Feb 28, 2017 2:14 am
Location: Connecticut, USA

Re: Meltdown, Spectre: How they failed, what do we know?

Post by wutsinterweb »

I haven't read anything about AMD behaving the same way as Intel on these CVEs. I imagine that AMD is complicite in keeping this quiet also, but are they AS guilty of our mistrust as Intel?

I am thinking right now that I might move when I build my next system to AMD, a Threadripper if and when I can afford it. I just don't feel the love with Intel that I have in the past.
I'm just a student, your guidance is appreciated.
151tom
Level 4
Level 4
Posts: 256
Joined: Fri Oct 20, 2017 5:57 pm

Re: Meltdown, Spectre: How they failed, what do we know?

Post by 151tom »

.
Last edited by 151tom on Fri Nov 23, 2018 1:30 pm, edited 1 time in total.
User avatar
BG405
Level 8
Level 8
Posts: 2382
Joined: Fri Mar 11, 2016 3:09 pm
Location: England

Re: Meltdown, Spectre: How they failed, what do we know?

Post by BG405 »

Cats (the furry kind) have a soft loving side despite their other instincts. These corporate fat-cats, however .. I too am disgusted.
Dell Inspiron 1525 - LM17.3 CE 64-------------------Lenovo T440 8GB - Manjaro KDE with Mint VMs
Toshiba NB250 - Manjaro KDE------------------------K7S5A AMD 1.2GHz - LM17.3 Xfce 32 & WinXP-Pro
Acer Aspire E11 ES1-111M - LM18.2 KDE 64 ----Two ROMS don't make a WRITE ...
curtvaughan
Level 3
Level 3
Posts: 163
Joined: Sun Dec 21, 2014 5:54 pm
Location: Austin, Tx

Re: Meltdown, Spectre: How they failed, what do we know?

Post by curtvaughan »

wutsinterweb wrote:I haven't read anything about AMD behaving the same way as Intel on these CVEs. I imagine that AMD is complicite in keeping this quiet also, but are they AS guilty of our mistrust as Intel?

I am thinking right now that I might move when I build my next system to AMD, a Threadripper if and when I can afford it. I just don't feel the love with Intel that I have in the past.
Believe it or not, the CPU chip technology behind all of this originated logically in the sixties. "Look ahead" predictive behavior was almost an AI technology implemented at the hardware level. What has happened over the last decade or so is that speed and parallel processing in hardware has finally advanced sufficiently for the flaws in the predictive algorithms mated with modern CPU hardware to become more readily apparent and exploitable. I find the corporations at the "teir 1" level have become more culpable over the last year, when the flaws were demonstrated by engineers and computer scientists. The attempt to be secretive about the revelations, once discovered, is definitely a corrupt move meant to maintain sales and profits of demonstrably flawed hardware. The only good thing about this is that it is forcing chip and hardware designers to explore new technologies sans the decades old flaws. I can see its also having a short term influence on pricing of vulnerable hardware currently on the market. Somehow that latest generation I7 chip doesn't look like that great deal.
Move from rim to hub: know the wheel.

Image
curtvaughan
Level 3
Level 3
Posts: 163
Joined: Sun Dec 21, 2014 5:54 pm
Location: Austin, Tx

Re: Meltdown, Spectre: How they failed, what do we know?

Post by curtvaughan »

wutsinterweb wrote:I haven't read anything about AMD behaving the same way as Intel on these CVEs. I imagine that AMD is complicite in keeping this quiet also, but are they AS guilty of our mistrust as Intel?

I am thinking right now that I might move when I build my next system to AMD, a Threadripper if and when I can afford it. I just don't feel the love with Intel that I have in the past.
Believe it or not, the CPU chip technology behind all of this originated logically in the sixties. "Look ahead" predictive behavior was almost an AI technology implemented at the hardware level. What has happened over the last decade or so is that speed and parallel processing in hardware has finally advanced sufficiently for the flaws in the predictive algorithms mated with modern CPU hardware to become more readily apparent and exploitable. I find the corporations at the "teir 1" level have become more culpable over the last year, when the flaws were demonstrated by engineers and computer scientists. The attempt to be secretive about the revelations, once discovered, is definitely a corrupt move meant to maintain sales and profits of demonstrably flawed hardware. The only good thing about this is that it is forcing chip and hardware designers to explore new technologies sans the decades old flaws. I can see its also having a short term influence on pricing of vulnerable hardware currently on the market. Somehow that latest generation I7 chip doesn't look like that great deal.
Move from rim to hub: know the wheel.

Image
User avatar
wutsinterweb
Level 5
Level 5
Posts: 892
Joined: Tue Feb 28, 2017 2:14 am
Location: Connecticut, USA

Re: Meltdown, Spectre: How they failed, what do we know?

Post by wutsinterweb »

A good article for those not fully aware of some aspects of the problems:

https://www.bloomberg.com/news/features ... ct-like-it
I'm just a student, your guidance is appreciated.
User avatar
wutsinterweb
Level 5
Level 5
Posts: 892
Joined: Tue Feb 28, 2017 2:14 am
Location: Connecticut, USA

Re: Meltdown, Spectre: How they failed, what do we know?

Post by wutsinterweb »

My brother in law's work computer (he has a lot of them, this is the turnkey one), which I think is AMD based, just exhibited problems, taking all night to update, running as slow as, perhaps a 12 year old system. He knows about Meltdown and Spectre (the latter being the likely issue) and is not sure if it is due to the latest Windows update since he wasn't paying attention. He is about to build a new system as a preemptive step in case his system is starting to fail, but the timing is bad. Of course, it will be an AMD system, he almost never buys Intel products, has a bias about them.

I wonder if we can all benchmark our systems before the spectre fixes land so we can have an intelligable figure as to loss in performance.

I also wonder, what, beyond the usual things, one can do to reduce exposure. I would imagine:

Don't run Javascript code?
Use Sandboxes.
Turn off systems when not needed?
Don't run VMs unless you really have to?
I'm just a student, your guidance is appreciated.
BigEasy
Level 6
Level 6
Posts: 1293
Joined: Mon Nov 24, 2014 9:17 am
Location: Chrząszczyżewoszyce, powiat Łękołody

Re: Meltdown, Spectre: How they failed, what do we know?

Post by BigEasy »

Nothing, nothing changed in our behaivour. Everything as usual: don't install software that not in official repo, enable JS only by your choice, update installed in time. That's all.
If tomorrow MeldSpectre will totally fixed, then will no cancellation of those written in bold above.
Please remember, to stole personal secret data there is lot of more simple mass tricks than MeldSpectre (for example, Mint site hack and stolen data in 2016, and some people installed already corrupted OS because of it).
So, take it easy.
Windows assumes I'm stupid but Linux demands proof of it
Post Reply

Return to “Chat about Linux”