[–]▶ No.993688>>993692 >>993751 >>993846 >>999606 >>999743 [Watch Thread][Show All Posts]
>SMT = Simultaneous Multithreading
>affected CPUs include all Intel CPUs with Hyper-Threading and likely modern AMD CPUs
>PortSmash is tracked in the CVE vulnerability tracking system with the CVE-2018-5407 identifier.
https://web.archive.org/web/20181102144633/https://www.zdnet.com/article/intel-cpus-impacted-by-new-portsmash-side-channel-vulnerability/
▶ No.993692>>993699 >>993700 >>993786 >>993791
>>993688 (OP)
OpenBSD is not vulnerable, time to install OpenBSD
▶ No.993699>>993756 >>994441
>>993692
Theo tried to warn us.
We didn't listen.
▶ No.993700>>993728 >>993760 >>994128
>>993692
OpenBSD is also not usable
▶ No.993745
you can disable SMT in the kernel
▶ No.993751
>>993688 (OP)
>mfw still using a Bulldozer CPU
▶ No.993753
Intel is now a random vulnerability generator.
▶ No.993756>>993800 >>994440
>>993699
I listened though. I bought a non-x86 hardware that's not vulnerable to any of these bugs.
▶ No.993760>>994012 >>994083
>>993700
That stmnt proofs that you haven't even tried it. OpenBSD is usable as a desktop OS. It has world-class documentation (on par with GNU Emacs) and it does most things out-of-box but it isn't bloated. OpenBSD takes security very seriously, the OpenBSD team even cuts out crappy stuff, like Bluetooth support and the Linux compatibility layer (I am not saying Linux sucks).
▶ No.993764
I don't know if the AMD version will be as egregious. You have to remember that Intel's HT is a hacky version that was designed to get around IBM's patents.
▶ No.993786>>993844
>>993692
>OpenBSD is not vulnerable,
>Last year, another team of researchers found a similar side-channel vulnerability named TLBleed impacting Intel's Hyper-Threading (SMT) technology. Following the discovery of TLBleed, the OpenBSD project decided to disable support for Intel's HT technology in upcoming versions of the OpenBSD operating system, on the grounds of security.
BSD was vulnerable and still can be if users reactivate it, if gnu/linux users don't want to be vulnerable they just have to do the same by deactivating it.
▶ No.993791
>>993692
most exploits don't work on openbsd because almost nothing runs on openbsd period
▶ No.993793>>993988
Fuck it. I'm going to build a ZX Spectrum clone and be done with all this shit. Fuck you for ruining computing, Intel. By implimenting all these lazy hacks to give poo-in-loos more wiggle room in their shitty software you've managed to shit up both the hardware and software worlds at the same fucking time. Now everything is so bloated that any given task takes 500 times the system resources it took back in the 90s. Now your shiny new shit-chips have gotten their proformance nearly halved, and now they will need to be be halved yet again. At this rate we will be reduced to the performance of single core Pentium 4s and all the software will still be shit. Fuck you.
▶ No.993800>>993847
▶ No.993844
>>993786
OpenBSD 6.4 was released not long ago, and by default it's not vulnerable because they disabled the SMT when that version was still in development. Most OpenBSD users run either the latest stable release (in this case 6.4) or the development snapshots. So what he said is correct, and OpenBSD is not vulnerable unless you're running an old version or have re-enabled the vulnerability yourself. In some very rare cases, you might be stuck on an old release because of hardware issues, but otherwise there's no excuse to not run at least the most up-to-date stable release. If you choose not to, that's basically the equivalent of ignoring security patches that were offered to you.
▶ No.993846>>994010
>>993688 (OP)
>The PoC steals an OpenSSL (<= 1.1.0h) P-384 private key from a TLS server by successfully exploiting PortSmash, but the attack can be modified to target any type of data.
There was an OpenSSL update literally yesterday to address this.
▶ No.993847>>994004
>>993800
Haven't been able to try much yet, as I only installed an OS (NetBSD) two days ago, and finally got U-boot to work 100% unattended (without me typing shit over the serial port). Right now I'm struggling to get the framebuffer into a mode < 1280x1024, so I can run the wsvt X server in a mode that doesn't overwhelm the CPU. Because yeah, this being NetBSD there's no Mali driver (or Lima, the open-source replacement, which so far is only for Linux). But my board comes with Android pre-installed on the eMMC, and I could play youtube videos in full screen (1024x768 was what Android used) without any noticeable glitches. And of course, browsing the web with Chrome just worked. But that was only for testing the board. So in theory it can do a whole lot, but since I'm running non-accelerated X server it won't do so great. No problem for me, since I don't need much, else I'd have installed Linux instead (to get the GPU benefits). I only need to be able to run Firefox on occasions. I tried it in 1280x1024 and it lags badly. Want to try 800x600 and see (that would be sufficient for my purposes).
▶ No.993988
>>993793
Just wait for the Raptor Blackbird.
▶ No.994004
>>993847
800x600 is still quite nice for a strict 90s workflow but rather lousy for all this modern web 2.0 shit
▶ No.994009
Core 2 Duo don't have Hyper-Threading.
▶ No.994010
▶ No.994012>>994065 >>994095
>>993760
>my bluetooth devices won't work
g-great OS there, bro!
▶ No.994065>>994083
>>994012
>security focused OS should be able to run shit protocol
keep your hipster toys
▶ No.994083>>994095
>>993760
>OpenBSD is usable as a desktop OS.
If your standards for "usable" are still in the last century, sure.
>the OpenBSD team even cuts out crappy stuff, like Bluetooth support and the Linux compatibility layer
And you call that usable?
>>994065
>if you can't run anything, you are perfectly safe
Great security model right here
▶ No.994095
>>994083
>>994012
Taking out bad code is better than having it remain in the codebase. Besides, Bluetooth is worse than using USB cable.
▶ No.994100
Niggaz, arent we living in some cool ass time?
Like, few years ago buffer/stack/heap overflows were all the rage, now it is hardware exploits that are getting abused.
Rowhammer, Spectre, meltdown, now this?
Shiiiieeetttt
Just lemme check what JS libraries allow for accurate timing attacks and whatnot lmao
▶ No.994149>>994217
>having SMT enabled
enjoy dimished responsiveness
▶ No.994217>>994272
>>994149
Where's the proof?
▶ No.994272>>994293 >>994296
>>994217
Windows scheduling
▶ No.994293>>994593
>>994272
>caring about security
>running Windows
Pick one.
▶ No.994296>>994593
>>994272
Didn't Microshit fix their retarded scheduler that got slower with the more resources you gave it?
▶ No.994440
>>993756
I do love it how you can actually get schematics for Olimex hardware.
▶ No.994441
>>993699
Speak for yourself. I had already disabled hyper threading on my openbsd machines because it was noticeably slower. After Theo's warning I disabled it everywhere.
▶ No.994593
>>994293
>caring about singlethreaded performance
>leaving SMT on
>>994296
I don't know because I am running Windows 7 without updates. But I doubt there will ever be a scheduler that can use SMT without having performance drawbacks. SMT is only useful if programs actually take advantage of it, otherwise it's actually worse.
▶ No.999606>>999614 >>999627 >>999743
>>993688 (OP)
Another misleading thread title, so far it’s only confirmed on Intel.
INTEL IS THE ONLY COMPANY WHICH APPEARS TO BE VULNERABLE TO THE VAST GRAND MAJORITY OF THESE ISSUES.
▶ No.999614
>>999606
>Only Intel CPUs use SMT
▶ No.999627
>>999606
They might have only proven it on Intel so far, but they plan to do so with AMD next.
> "We leave as future work exploring the capabilities of PortSmash on other architectures featuring SMT, especially on AMD Ryzen systems," the research team said in a version of their paper shared with ZDNet, but Brumley told us via email that he strongly suspects that AMD CPUs are also impacted.
▶ No.999743>>999768
>>993688 (OP)
>>999606
By the time this shit is all said and done my Core i7 workstation is gonna have the performance of a 500MHz Pentium 3 with one core. What the fuck
▶ No.999745
I'm so glad i never spent money on intel shit.
▶ No.999768
>>999743
Don't worry fam, that's still enuf to play Super Intel Smash Bros.