LTC8K6
Lifer
- Mar 10, 2004
- 28,520
- 1,575
- 126
And yet we have an independent expert saying intel's response is a joke.
Again; I'm going to believe the expert rather than forum posters who keep trying to imply everything is OK. And I think other people should also.
zinfamous
No Lifer
- Jul 12, 2006
- 110,014
- 28,202
- 146
The way I see it, Intel isn't helping anyone because their presswork has been nothing short of duplicitous. It is much better for everyone that trusted experts become more public about what is actually happening.
I expected things to smooth out with this by now, but it seems like the situation has only gotten worse, especially for Intel. But remain comforted by the fact that the press still seems largely in thrall to the information that Intel prefers. I haven't seen much secondary or even tertiary "news" out there that doesn't paint a generally darker picture for Intel's competitors, which is truly strange.
zinfamous
No Lifer
- Jul 12, 2006
- 110,014
- 28,202
- 146
LTC8K6
Lifer
- Mar 10, 2004
- 28,520
- 1,575
- 126
Don't worry, we have a guy here that is perfectly satisfied with their patches.
January 11th, Intel acknowledges reboot issues from the patches, and customers were talking about them a few days before that.
https://newsroom.intel.com/news/intel-security-issue-update-addressing-reboot-issues/
January 22nd, Intel identifies root cause of reboot issues and rolls out new beta patches:
https://newsroom.intel.com/news/roo...-updated-guidance-for-customers-and-partners/
FIVR
Diamond Member
- Jun 1, 2016
- 3,753
- 911
- 106
Brian Kraznich had a tough decision to make - He couldn't simply give all his attention to properly patching Meltdown. There were other priorities...
Trolling isn't allowed, nor are these cartoon meme's. This is not OT or P&N.
Other members, please take note.
esquared
Anandtech Forum Director
Last edited by a moderator:
Unless there's something I missed, I'm not seeing how Linus was screeching to the press about this. He was replying to a message by a Linux Kernel Engineer at AWS who previously spent nearly a decade at Intel and who (according the the thread) has his name on some of the patches. The press might have picked up on it, but this was a conversation between industry experts.
traderjay
Senior member
- Sep 24, 2015
- 220
- 165
- 116
The problem is the infrastructure guys that run mission critical or demanding workloads that are heavily impacted by the patches. It is also these guys that generate the most revenue for Intel, not us, the enthusiasts unfortunately.
https://www.computerbase.de/2018-01/sard-verbinnen-intel-spectre-meltdown/
Intel has hired a crisis communications firm Sard Verbinnen to handle the Spectre/Meltdown fallout. I just got an email from them. Intel's dealt with a lot of s*** in the past, but first time I've seen them hire a crisis communications firm. #intelbug #intel
— Agam Shah (@agamsh) January 23, 2018
Intel has hired a crisis communications firm Sard Verbinnen to handle the Spectre/Meltdown fallout. I just got an email from them. Intel's dealt with a lot of s*** in the past, but first time I've seen them hire a crisis communications firm. #intelbug #intel
— Agam Shah (@agamsh) January 23, 2018
moinmoin
Diamond Member
- Jun 1, 2017
- 4,608
- 7,052
- 136
Not sure how outsourcing crisis communication is going to help them with anything tangible.
LTC8K6
Lifer
- Mar 10, 2004
- 28,520
- 1,575
- 126
What are they going to do? They aren't going to throw out the systems they just bought. There's nothing to switch to that isn't vulnerable to Spectre anyway.
Perhaps they won't buy Intel if they are looking to buy at the moment?
Perhaps they can sue Intel over loss of performance, but that'd be in litigation forever with no guarantee of winning.
Does Intel guarantee performance anyway?
When would we see data that would show that Intel is losing market share over the problem, as opposed to just losing market share to Zen anyway?
LTC8K6
Lifer
- Mar 10, 2004
- 28,520
- 1,575
- 126
traderjay
Senior member
- Sep 24, 2015
- 220
- 165
- 116
In the short term, these guys can't do anything and it is really a prisoner's dilemma here. As for the performance drop, Intel will have some tough time to defend itself in court when the pre and post patch shows huge variance that is outside of the norm. Last but not least, there will be a discovery process to see if these bugs are in fact known, and deliberately suppressed or a real oversight - unless of course the folks at INTC are busy expunging emails and paper trails.
At this point I'm glad my PC is so old and I will not see and BIOS fixes. And even if I did I would probably not install them. I still fails to see why this is such a huge deal for consumers. It isn't. This is an issue for virtualized servers in the cloud. Only client issue (JavaScript) was fixed in browsers.
Exploiting any of the fixes requires code to run on your machine and if a hacker can run code on your machine, then you are REDACTED either way. In the cloud however it's a huge issue because it is 100% legitimate that I rent a VM in which I can install any software I like. And said software can then spy on other VMs on the same host. There is nothing that can be done except patching OS and BIOS. But again for consumers? Hardly matters. I mean why isn't a single expert saying this?
Profanity is not allowed in the tech sub-forums.
You have been warned before.
Iron Woode
Super Moderator
Last edited by a moderator:
StinkyPinky
Diamond Member
- Jul 6, 2002
- 6,746
- 743
- 126
Intel are doing a god awful job in communication here. At this point I've stopped caring about this, and perhaps that is not a good thing but there's so many poorly worded press releases from them at this point that I will ignore this and look into it again in a few months.
In the meantime it seems i get to enjoy their buggy solution on top of my already buggy gigabyte bios.
In the meantime it seems i get to enjoy their buggy solution on top of my already buggy gigabyte bios.
This is my take as well. At least we can disable the OS fix if we want by using InSpectre. And I sure as hell will never install a UEFI update if it becomes available for my motherboard.
thecoolnessrune
Diamond Member
- Jun 8, 2005
- 9,652
- 553
- 126
I completely disagree. You're talking two different things. Mitigation, vs. Prevention. It's like saying if you're in a fast enough car crash you're dead either way, so why bother with seatbelts. We allow packages from different groups to run on our systems all the time. Modern computing wouldn't exist without the concept. While we can't prevent all intrusions, we can absolutely discern a difference between something that allows access to your system, vs. something that allows it to read parts of your memory that are supposed to be highly secured, breaking established boundaries inside a system and not leaving a discernable trace.
This isn't some Sci-Fi movie with someone literally logged into your system haxxing your files, this is things like that website you went to by accident, or maybe not (maybe it itself was hacked) running javascript that collects a payload or sends it back. In the case of things like Spectre, it very well could be a payload you got from nearly anywhere. What if there was a spectre leveraging vulnerability in Rocket League? What if there was a payload that simply got Rocket League to do the collection on its behalf and send it off? That's the whole point of Spectre. It uses weaknesses in applications to do its dirty work. The whole concept of what's a safe package and what isn't is a non-starter because tiny unsafe packages that you aren't even aware of can get packages you trust to do its dirty work because the applications themselves are vulnerable.
That's why no real expert is saying this. A hacker running code on your machine is not an automatic ruination. We have literally decades of security technology development that is developed towards this, or do you guys really believe that all modern AV's and Firewalls do is just make sure nothing gets in?
I'm not sure there is any strong argument to be made against applying security patches. Even if we'd assume that your data is (generally) useless to state sponsors.
There are for example entire communities for people renting or buying malicious services, e.g. botnets or ransomeware. And such communities and services will more than surely employ Spectre and Meltdown exploiting code in the upcoming future, which will make you a potential target.
I'm sure that having your data encrypted and held ransom or that being part of (an aggressive) botnet responsible for DDOS'ing game servers and various websites, pushing spam or forwarding questionable/illegal material is not something that you'd want to expose your self to.
Last edited:
@ the coolenessrune and urfe, sometimes the cure is worse than the disease. The patches and UEFI updates that Microsoft and Intel released have wrought quite a bit of havoc for many people and businesses in terms of stability and performance.
Also, Meltdown and Spectre require local access to be exploited. If it's already gotten to that point, I am screwed anyway because the hacker or malware can do anything they want to my machine. They wouldn't need something as subtle as Spectre or Meltdown which only allows read access to memory or cache, they could take anything they want without it.
And that's my point. For end consumers, Meltdown and Spectre aren't much of a concern provided the software mitigations are in place, especially for the browsers, because that's where a threat is likely to originate from. And most of us here are computer savvy enough to know not to click on or download something that might potentially be dangerous.
What makes you say that? Are you saying data center operators do not have to worry about this issue because they restrict access to their server farm?
I'm not talking about data centers, servers or anything. I am talking about end consumers like us. The chances of being targeted by an attack using Spectre or Meltdown is extremely remote, so remote that it's not worth the hassle for me to use the mitigation patches from Microsoft and Intel which affect the stability and performance of my machine.
I understand your point of view, in the sense that it requires remote code execution and there are quite a few issues with the patches for now, which should be fixed however.
Still, foreign code is constantly being executed transparently, i.e. as JS or Flash. Chrome, Firefox and Microsoft already worked on JS patches for browsers, I'm aware. And if this alone is sufficient, we'll see. I still feel a bit uneasy that for many, the issue is somewhat addressed or mitigated by browsers only. I'll add that if you check the browser patches, some of them are really urgent, short-term fixes: Firefox for example mainly reduces the time precision available through some functions or constructs.
The main issues with Spectre and Meltdown is that the they are not software vulnerabilities, tested/reviewed/certified running software will not address them. I guess we'll see how much of a problem this will become (or not). Especially now that the focus has shifted on hardware, and other similar vulnerabilities will be most likely discovered by the public security research community.
Btw, I have three desktops, two of them being 4th generation i5 and i7. Third one is a 1600. I don't have any microcode updates AFAIK, so I'm also affected.
So, Intel said in the financial report that there will be in silicon patches for CPU sold later this year.
My question is just how fast can you make a new silicon masks (or just the relevant parts of it), to test, qualify, and produce the chips? Less than a year?
My question is just how fast can you make a new silicon masks (or just the relevant parts of it), to test, qualify, and produce the chips? Less than a year?
Similar threads
TRENDING THREADS
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 22K
-
Discussion Speculation: Zen 4 (EPYC 4 "Genoa", Ryzen 7000, etc.)
- Started by Vattila
- Replies: 13K
-
-
-
Discussion Zen 5 Discussion (EPYC Turin and Strix Point/Granite Ridge - Ryzen 8000)- Started by DisEnchantment
- Replies: 4K
Facebook
Twitter
Instagram