Major security gap on billions of Apple devices

[OWR88]

http://money.cnn.com/2018/01/04/technology/business/apple-macs-ios-spectre-meltdown/index.html

 

[OWR88]

Better make sure you get latest patch.

 

[Zaap]

Was talking about this with friends today, and one of them brought up how 'convenient' it is that the fixes end up slowing down older devices and maybe causing people to have doubts about older machines.

So his theory was that although a real issue of course, maybe the timing of 'discovering' and announcing it was planned so as to spur sales of new devices.

In other words, its possibly been known about (and in reality is actually very unlikly to be expoited) but now is being pointed out to the best possible advantage- all things considered.

I don't know as I fully buy it, but it is an interesting conspiracy theory.

 

[Commodus]

Was talking about this with friends today, and one of them brought up how 'convenient' it is that the fixes end up slowing down older devices and maybe causing people to have doubts about older machines.

So his theory was that although a real issue of course, maybe the timing of 'discovering' and announcing it was planned so as to spur sales of new devices.

In other words, its possibly been known about (and in reality is actually very unlikly to be expoited) but now is being pointed out to the best possible advantage- all things considered.

I don't know as I fully buy it, but it is an interesting conspiracy theory.

I wouldn't buy that theory. If you've read about how the fix works (it basically involves a full separation of memory tables), the slowdown makes sense. And I doubt that a whole bunch of competing companies would get together to plan a fix that might spur sales.

On that note, the thread title is very misleading: this is not just an Apple problem. It's an everybody problem. Google, Microsoft and others have been working on patches. It's just that it was Apple's turn to address it.

 

[Zaap]

I wouldn't buy that theory. If you've read about how the fix works (it basically involves a full separation of memory tables), the slowdown makes sense. And I doubt that a whole bunch of competing companies would get together to plan a fix that might spur sales.

None of what you said has a thing to do with how it would work as a conspiracy. At least bother to get it right. The fix isn't in question. It's possible strategic timing of letting consumers know about the flaw.

Beyond a doubt, Google and Intel knew about this in June, 2017. Intel's CEO is being investigated for possibly selling stock after he knew.

And with the possible bad sides being talked about (hackers gaining access to systems, potential 50% slowdowns, etc.) damn straight it'll spur sales of new CPUs without the flaw.

 

[Commodus]

None of what you said has a thing to do with how it would work as a conspiracy. At least bother to get it right. The fix isn't in question. It's possible strategic timing of letting consumers know about the flaw.

Beyond a doubt, Google and Intel knew about this in June, 2017. Intel's CEO is being investigated for possibly selling stock after he knew.

And with the possible bad sides being talked about (hackers gaining access to systems, potential 50% slowdowns, etc.) damn straight it'll spur sales of new CPUs without the flaw.

It still wouldn't work well as a conspiracy, though.

First: companies are often told about security issues well in advance so that they can be disclosed only when a patch is ready, and they'd definitely want a lot of lead time for an issue like this -- it requires a fundamental change in how an OS behaves. Now, if Intel's CEO knew and sold stock in response, that's a problem, but telling the security team wouldn't be an issue.

As for the timing of the disclosure itself... that'd be pretty lousy, too. If they really wanted to boost sales, they'd have disclosed in time for their holiday releases, not after the holiday when spending is always at its lowest and new products are months away from shipping. Any uptick would be muted at best. And don't forget, most companies are several months or more away from shipping new chips that would be immune to the flaws.

Basically: if this was somehow a vast conspiracy between every major OS and chip vendor (not to mention Linux distribution coders who will make zero profit), it'd have terrible execution.

 

[Zaap]

Lol.
You're taking it like its something they planned and wanted to even be known about.

It's in large part beyond their control. Its just was there any effort to control when the public learns about it. It's terrible for PR and consumer confidence overall, but possibly a boon for making people part with older hardware which is in a way a dream come true if you're a hardware manufacturer.

Its far beyond one simple holiday cycle. *chuckle*

 

[darkswordsman17]

Lol.
You're taking it like its something they planned and wanted to even be known about.

It's in large part beyond their control. Its just was there any effort to control when the public learns about it. It's terrible for PR and consumer confidence overall, but possibly a boon for making people part with older hardware which is in a way a dream come true if you're a hardware manufacturer.

Its far beyond one simple holiday cycle. *chuckle*

Do you even listen to yourself? "They did this to make people have to upgrade! But they didn't plan it and it was completely out of their hands!" Ok...

You definitely have terrible understanding of what the actual problem is if you're even trying to make claims about this being something to spur hardware sales. The issue is related to fundamental interaction between the hardware and software, and has been in microprocessors for going on 2 decades (and was discussed before then). If they were doing it just to have something to fix sometime in the future, they've been playing an awful long game and one that isn't likely to payout for them. For hardware companies this is more likely to cost them money since they'll be facing lawsuits, and also will be having address it in their hardware, which will also cost them money, since after all you say they didn't know when they'd have to address it, so they couldn't have planned on when it'd be called. Enterprise level customers are the ones that will take the biggest hits and you can bet they will be expecting some healthy compensation for this.

And its going to cost a lot in software changes. Oh and FYI, it was Google researchers that initiated a lot of it, and they have an established record of keeping things under wraps for a certain amount of time in order to allow companies to develop patches, this is very common behavior and hardly evidence of them trying to time it to spur hardware sales which Google would benefit little if any from.

But yes, the entire industry was just sitting on this hoping it'd be their golden ticket to one day force people to have to buy new hardware.

 

[Zaap]

^ Some people lack all basic reading comprehension. Not even worth addressing.

 

[sweenish]

I mean, they're not the one trying to peddle a pathetic conspiracy theory. You're the one ignoring how these things are always disclosed.

Yes, the CEO selling stock is shady. But how you think it's possibly connected to some larger scheme is laughable.

And then WHAT NEW PRODUCTS ARE THERE? It affects everything, including the new Core + Vega chip.

Everything at CES right now is vulnerable. There is no hardware with hardware level fixes. Super convenient, right?

 

[Zaap]

Another person who can't read.

Meanwhile, it's disclosed today that all the major players agreed to keep this under wraps until today, in the middle of CES. But it was leaked early and caught Intel in particular completely off guard. So yes, the announcement of it was planned as strategically as possible.

Anyone who thinks the manufacturers involved WANT to lose untold billions and didn't spend the months since last June figuring ways to minimize and even exploit this to whatever possible advantage... get your head examined now.

Whatever the case, no one was sitting around planning how to lose their entire business. Obviously Intel is going to claim performance hits to current hardware is minimal...duh. It's not like they can conjure next gen bug-free cpus out of thin air overnight. Again the lack of basic logic in the previous post.

I don't buy the full conspiracy my friend put forth, but these companies trying to time the release of this info to the public? Absolutely they did.