/tech/ - Technology★

>Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre.

>In fact, the safety checks of said best practices actually increase the attack surface

Rustards btfo

>>997557

this is why SeL4 is the real secure system. They actually know what they're talking about

>>997557

Oh, is rust still a thing? Rust shills have gotten awfully quiet lately. You still here Steve?

>>997573

>ARM

that's compromised too. Did you read the fucking article?

>>997579

No, it's not. The board I posted has an A20 SoC, which is a dual core ARM Cortex-A7. Those do in-order execution and no speculation, which means they're immune to all this Meltdown and Spectre bugs that plagues most other modern processors.

>>997580

ah I see

Speaking of ARM in relation to spectre/meltdown, I'm fairly certain that Cavium ThunderX is unaffected as well. ThunderX2 is though.

https://www.networkworld.com/article/3246707/data-center/meltdown-and-spectre-how-much-are-arm-and-amd-exposed.html

>>997585

I'm not familiar with those, but not very surprised. Broadcom is pretty shit.

> There was quite a change between the first and second version of ThunderX because the ThunderX2 is heavily derived from IP acquired from Broadcom in 2016.

>>997615

It has nothing to do with Broadcom. They simply license the cores just like everyone else. The Cortex A7 and A53 don't have speculative execution, but at the same time are very slow. I have a 32-bit Cortex A9 that still tears the shit out of the 64-bit A53 quads.

>>997652

> a vulnerable, buggy chip is faster

You're not telling me anything new.

>seven new spectre attacks

>after the last round of fixes hurt performance by 30% or so

>patching these will likely cost us another 50% performance bringing modern patched Intel systems down to late 1990s / early 2000s levels

>this doesn't even cover the new attacks against the intel gpu and its shared ram schemes

>complete apocalypse is just waiting to happen, a UEFI or ME virus could be active in dang near any computer that's been near the Internet or another computer or phone, silently ticking down 'till doomsday or waiting for a pre-arranged signal

So is Transmeta safe?

>>998574

Switching ISAs won't fix timing attacks.

>>998577

It's not just a timing attack, it takes advantage of peculiarities of the Intel architecture. Remember, despite all the autistic screeching, this is largely an Intel problem.

>>998722

It only seems that way because Intel took more shortcuts, in order to have best performance. But all chips that do out-of-order execution and speculation are potentially vulnerable to this kind of attack. And in the paper they say there will probably be many, many such bugs discovered in the future.

Maybe they should just stop doing such dangerously overclever designs. Of course, that would force software developers to actually write non-shitty code, instead of assuming the hardware will pick up the slack.

THANK YOU LORD THEO, FOR HAVING THE FORESIGHT THAT TLBLEED WASN'T THE END AND MORE WOULD SOON FOLLOW!

LONG LIVE LORD THEO, OPENBSD BENEVOLENT DICTATOR FOR LIFE! FOR WHOM THE SUN RISES IN THE EAST, FROM WHOM THE SWEETEST DIGITAL HONEYS FLOW FORTH INTO THE WORLD!

>>998574 I really wanna use RISC-V.

>>998728

>Of course, that would force software developers to actually write non-shitty code

WE'RE DOOMED

>>998728

>Maybe they should just stop doing such dangerously overclever designs.

Those tricks are what gives you performance. The problem is keeping track of various states in flight.

>>999017

Those tricks are too dangerous. At least with software tricks, you can fix all the bugs. So it's slightly better to do the naughty things there.

But I don't need more performance anyway. Because I never asked for HD video, 3D games with a gazillion polygons, crazy Web 2.0 sites with 5 megs of obfuscated javascript, WebGL, in-browser video, and so forth. This is all marketing garbage, that I'd rather not have anything to do with ever.

>>998728

>all chips that do out-of-order execution and speculation are potentially vulnerable to this kind of attack

Unfortunately for Intel it appears that most of these architectures have no current working PoC, which leaves Intel as the sole chipmaker peddling CPUs which are currently vulnerable to Spectre type attacks. There have been many articles in the press by Intel shills trying to point out that all chips using out of order or speculative execution are "potentially vulnerable" to these attacks but it just seems desperate at this point.

>>998798

Heh, remember when Theo was giving a talk and the Intel shill under NDA screamed at him for bringing up Spectre and the fact that OpenBSD was disabling a bunch of stuff because they thought more vulns were coming down the pipe?

>>999029

Same. I moved to IRC and lainchan

>>999207

It's not just Intel shills or whatever, even though they probably try to paint things less biased against Intel (who are the worst offenders). Most of the more recent ARM processors were affected by Spectre bugs.

https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability

I haven't paid attention to AMD because I don't really care about x86 anymore. I already moved to ARM earlier this year.

>>999225

Whomst makes this thing?

>>999220

Which IRC? Is it a .onion or .b32.i2p?

>>997564

This is a hardware issue. SeL4 is effected too.

>>999228

It looks to be the rc2014. The thing seems to be sort of altair 8800-like computer, only much smaller and a bit more diy.

http://archive.is/GEZfk

https://rc2014.co,uk/