Topic Actions

Topic Search

Who is online

Users browsing this forum: No registered users and 7 guests

Meltdown/Spectre - Double whammy of CPU bugs

For anyone who might want to have a side conversation...you're welcome here!
Meltdown/Spectre - Double whammy of CPU bugs
Post by aairfccha   » Thu Jan 04, 2018 2:56 pm

aairfccha
Commander

Posts: 207
Joined: Tue Apr 08, 2014 4:03 pm

https://meltdownattack.com
https://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/
https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/

Apparently there are two rather fundamental hardware bugs concerning speculative/out-of-order execution which break the memory separation between processes and between a process and the operating system respectively. :shock:

Meltdown seems the more exploitable, the more severe but restricted to Intel (and a few ARM? currently anyway) and can be addressed by patches in the OS - those are already in the pipeline for the big three. The drawback of the workaround is a reduction in performance depending on the program.

Spectre is apparently more difficult to exploit but more prevalent (Intel, AMD and ARM!) and more difficult to protect against.
Top
Re: Meltdown/Spectre - Double whammy of CPU bugs
Post by cthia   » Thu Jan 04, 2018 4:11 pm

cthia
Fleet Admiral

Posts: 14951
Joined: Thu Jan 23, 2014 1:10 pm

aairfccha wrote:https://meltdownattack.com
https://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/
https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/

Apparently there are two rather fundamental hardware bugs concerning speculative/out-of-order execution which break the memory separation between processes and between a process and the operating system respectively. :shock:

Meltdown seems the more exploitable, the more severe but restricted to Intel (and a few ARM? currently anyway) and can be addressed by patches in the OS - those are already in the pipeline for the big three. The drawback of the workaround is a reduction in performance depending on the program.

Spectre is apparently more difficult to exploit but more prevalent (Intel, AMD and ARM!) and more difficult to protect against.

Some ARM processors certainly are vulnerable as well.

There was a concern over out-of-order execution being a security risk back in the 90's. That is one reason it was so slow to be adopted. The fear has become a reality.

Linux aficionados have patched and recompiled already. I think some companies were delaying release of gadgets, smartphones and tablets, until the arrival of patches.

Son, your mother says I have to hang you. Personally I don't think this is a capital offense. But if I don't hang you, she's gonna hang me and frankly, I'm not the one in trouble. —cthia's father. Incident in ? Axiom of Common Sense
Top
Re: Meltdown/Spectre - Double whammy of CPU bugs
Post by Joat42   » Fri Jan 05, 2018 10:47 pm

Joat42
Admiral

Posts: 2164
Joined: Tue Apr 16, 2013 7:01 am
Location: Sweden

Expect any task that is context-switch heavy to take a big performance hit. All those virtual servers in the cloud just became a bit more expensive to run which will eat into margins for some providers and the cost will be unloaded on the customers.

Following CPU's from Intel is affected by SPECTRE & MELTDOWN:
Intel wrote:Intel® Core™ i3 processor (45nm and 32nm)
Intel® Core™ i5 processor (45nm and 32nm)
Intel® Core™ i7 processor (45nm and 32nm)
Intel® Core™ M processor family (45nm and 32nm)
2nd generation Intel® Core™ processors
3rd generation Intel® Core™ processors
4th generation Intel® Core™ processors
5th generation Intel® Core™ processors
6th generation Intel® Core™ processors
7th generation Intel® Core™ processors
8th generation Intel® Core™ processors
Intel® Core™ X-series Processor Family for Intel® X99 platforms
Intel® Core™ X-series Processor Family for Intel® X299 platforms
Intel® Xeon® processor 3400 series
Intel® Xeon® processor 3600 series
Intel® Xeon® processor 5500 series
Intel® Xeon® processor 5600 series
Intel® Xeon® processor 6500 series
Intel® Xeon® processor 7500 series
Intel® Xeon® Processor E3 Family
Intel® Xeon® Processor E3 v2 Family
Intel® Xeon® Processor E3 v3 Family
Intel® Xeon® Processor E3 v4 Family
Intel® Xeon® Processor E3 v5 Family
Intel® Xeon® Processor E3 v6 Family
Intel® Xeon® Processor E5 Family
Intel® Xeon® Processor E5 v2 Family
Intel® Xeon® Processor E5 v3 Family
Intel® Xeon® Processor E5 v4 Family
Intel® Xeon® Processor E7 Family
Intel® Xeon® Processor E7 v2 Family
Intel® Xeon® Processor E7 v3 Family
Intel® Xeon® Processor E7 v4 Family
Intel® Xeon® Processor Scalable Family
Intel® Xeon Phi™ Processor 3200, 5200, 7200 Series
Intel® Atom™ Processor C Series
Intel® Atom™ Processor E Series
Intel® Atom™ Processor A Series
Intel® Atom™ Processor x3 Series
Intel® Atom™ Processor Z Series
Intel® Celeron® Processor J Series
Intel® Celeron® Processor N Series
Intel® Pentium® Processor J Series
Intel® Pentium® Processor N Series

---
Jack of all trades and destructive tinkerer.

Anyone who have simple solutions for complex problems is a fool.
Top
Re: Meltdown/Spectre - Double whammy of CPU bugs
Post by cthia   » Sun Jan 07, 2018 8:44 am

cthia
Fleet Admiral

Posts: 14951
Joined: Thu Jan 23, 2014 1:10 pm

A Monitor Darkly

I attended a conference several years ago. It featured the marvelous coming age of computer interconnectivity and what that would mean for the average end user. Smart Homes were the focus -- where everything interconnects.

I voiced my concern about security. This was several years ago. I was told that security would not be an issue, or "very low vulnerability." Very low I asked?

At any rate, my concerns have come to pass, again, with A Monitor Darkly.

That is two for two.

1. Kaspersky.
2. Smart devices.

Son, your mother says I have to hang you. Personally I don't think this is a capital offense. But if I don't hang you, she's gonna hang me and frankly, I'm not the one in trouble. —cthia's father. Incident in ? Axiom of Common Sense
Top
Re: Meltdown/Spectre - Double whammy of CPU bugs
Post by Imaginos1892   » Sun Jan 07, 2018 6:27 pm

Imaginos1892
Rear Admiral

Posts: 1332
Joined: Sat Mar 24, 2012 3:24 pm
Location: San Diego, California, USA

Oh, yeah, that was such a great idea — make it so anybody can break into your computer, turn your lights and appliances on and off, monkey with your thermostat…nothing wrong there, just drink the kool-aid and be happy…
———————————
Nobody expects the Spanish Inquisition!!
Top
Re: Meltdown/Spectre - Double whammy of CPU bugs
Post by Lord Skimper   » Mon Jan 22, 2018 9:11 am

Lord Skimper
Vice Admiral

Posts: 1736
Joined: Wed Aug 07, 2013 12:49 am
Location: Calgary, Nova, Gryphon.

It is easy to keep a computer from being hacked. Real easy. It works for businesses, home computers, smart houses etc... Don't connect it to the Internet. Problem solved.
________________________________________
Just don't ask what is in the protein bars.
Top
Re: Meltdown/Spectre - Double whammy of CPU bugs
Post by The E   » Mon Jan 22, 2018 3:30 pm

The E
Admiral

Posts: 2704
Joined: Tue May 07, 2013 1:28 pm
Location: Meerbusch, Germany

Lord Skimper wrote:It is easy to keep a computer from being hacked. Real easy. It works for businesses, home computers, smart houses etc... Don't connect it to the Internet. Problem solved.


That's like saying that not having anything worth stealing is a great way to deter thieves.
Top
Re: Meltdown/Spectre - Double whammy of CPU bugs
Post by Fireflair   » Tue Jan 23, 2018 12:58 am

Fireflair
Captain of the List

Posts: 591
Joined: Wed Sep 05, 2012 6:23 pm

Well it is a rather obvious statement, it's something to keep in mind. People rely very heavily on computers for a variety of functions that they didn't ten or twenty years ago.

I don't do my banking on my desktop, I don't save anything important on my desktop. My desktop is for gaming, online research and school work. If some one hacks my desk top the worst they can do is see some school work and gaming.

For online banking and other things I want kept secure, I have a laptop which I use. It's only online when I'm using it to access accounts, which doesn't happen very often, maybe a few times a month. I don't generally shop online and I don't share my credit card information all over the place.

I'm not so lazy that I can't get up to adjust the thermostat or turn on/off the lights. I don't use a smart TV or have an online media account.

So there is something to be said for not being connected all the time.
Top
Re: Meltdown/Spectre - Double whammy of CPU bugs
Post by cthia   » Tue Jan 23, 2018 5:22 am

cthia
Fleet Admiral

Posts: 14951
Joined: Thu Jan 23, 2014 1:10 pm

Fireflair wrote:Well it is a rather obvious statement, it's something to keep in mind. People rely very heavily on computers for a variety of functions that they didn't ten or twenty years ago.

I don't do my banking on my desktop, I don't save anything important on my desktop. My desktop is for gaming, online research and school work. If some one hacks my desk top the worst they can do is see some school work and gaming.

For online banking and other things I want kept secure, I have a laptop which I use. It's only online when I'm using it to access accounts, which doesn't happen very often, maybe a few times a month. I don't generally shop online and I don't share my credit card information all over the place.

I'm not so lazy that I can't get up to adjust the thermostat or turn on/off the lights. I don't use a smart TV or have an online media account.

So there is something to be said for not being connected all the time.

Damn right there is. The operative word in Lord Skimper's post is hacked. Which is a vector of the internet.

I think E is pointing out the danger of being complacent. Which is real. I have a Cray and it is never online. Nor does it ever share any less than completely vetted external drive sources.

Son, your mother says I have to hang you. Personally I don't think this is a capital offense. But if I don't hang you, she's gonna hang me and frankly, I'm not the one in trouble. —cthia's father. Incident in ? Axiom of Common Sense
Top
Re: Meltdown/Spectre - Double whammy of CPU bugs
Post by aairfccha   » Tue Jan 23, 2018 2:01 pm

aairfccha
Commander

Posts: 207
Joined: Tue Apr 08, 2014 4:03 pm

Aaand apparently Intel just managed to set off Linus Torvalds by implementing their fixes against Spectre in a way that the OS has to activate them, in other words keeping the default state unsafe.

https://www.theregister.co.uk/2018/01/22/intel_spectre_fix_linux/ wrote:
The expectation here, at least on Torvald's part, is that a future chip addressing past flaws should include a flag or version number that tells the kernel it's not vulnerable, so no unneeded and potentially performance-killing mitigations need to be applied. In other words, the chip should indicate to the kernel that its hardware design has been revised to remove the Spectre vulnerability, and thus does not need any software mitigations or workarounds.

Intel's approach is backwards, making the fix opt-in. Processors can, when asked, reveal to the kernel that Spectre countermeasures are present but disabled by default, and these therefore need to be enabled by the operating system. Presumably, this is because the performance hit is potentially too annoying, or because Intel doesn't want to appear to admit there is a catastrophic security blunder in its blueprints.
Top

Return to Free-Range Topics...