NEW CRITICAL SECURITY ISSUE IN INTEL CPUs: >Two recently disclosed hardware bugs affected Intel cpus: TLBleed, T1TF (the name "Foreshadow" refers to 1 of 3 aspects of this bug, more aspects are surely on the way)
>Solving these bugs requires new cpu microcode, a coding workaround, *AND* the disabling of SMT / Hyperthreading. >SMT is fundamentally broken because it shares resources between the two cpu instances and those shared resources lack security differentiators.
>>Solving these bugs requires new cpu microcode, a coding workaround, *AND* the disabling of SMT / Hyperthreading. Now it all makes sense. So that's why shintel is gonna push out cpus without HT because "hyperthreading doesn't matter".
Aiden Jones
"new" these bugs have been around for 2+ weeks already
Nolan Ross
based
Isaiah Baker
OpenBSD was right all along
Cameron Hernandez
>Over the past day online there has been lots of controversy following some high-profile sites reporting about Intel's "un-friendly microcode license update" and its "ban on benchmarking", among other catch phrases. It's now been officially cleared up by Intel with a simpler license that doesn't forbid benchmarking, allows distribution vendors to re-distributed these binary files to their users, and doesn't have any other nastiness integrated into the legal text.
>kb.vmware.com/s/article/55767 I'll never forget interviewing with Vmware back in the day. I maintained a graduate degree from one of the top Universities in C.S and an established track record. I aced the interview up until that point and had a sit down with a racist curry nigger in which he attempted to grill me about TLB. We exhausted over an hour going through in depth details in which 'speed up logic' in his mind felt like insecure hacks in my mind and something to be avoided. He didn't seem to grasp the security issues or even a fundamental understanding of TLBs but persisted in grilling me on textbook bullshit. I didn't get the job and my company contact informed me its because the ESX kernel team was quite racist and only hired indian people. If he had known i was going to interview with them, he'd have scheduled me with a different group. He offered me a 2nd interview with a different group but I was disgusted by the outcome. I did recall grilling the team equally after the shit show in which they often showed no regard for best practices, documentation, or security. Tech is filled with this reality at most of the big names. I knew it was only a matter of time before this shit became unearthed. They filled their ranks with cheap exploitable labor who over the years moved up into higher ranks. You can smell the culture of shortcuts/corruption from a mile away. This is not a revelation but a reality a slew of American engineers with far better standards knew was coming but had no say over many years of backwater shortcuts.
Thomas Gonzalez
>disabling of SMT / Hyperthreading. Not happening, lol.
Carson Stewart
So how many vulnerabilities Intel processors have now? 5? I've lost count. And after every vulnerability they release some microcode patch that gimps performance. I imagine delays everywhere are because they are desperately trying to develop some new architecture that doesn't have vulnerabilities.
Ryder Collins
As long as speculative execution exists the flaws will always appear.
Cooper Bell
9th gen i series already has HT disabled on all but i9 chips
Christian Turner
intel is bankrupt and finished
Andrew Barnes
it's over
Michael Watson
JIM AND TERRY NEED TO MAKE THIER COMPANY
Kevin Carter
Remember to donate money to the OpenBSD Foundation.
Well shit, and I just bought an Atom tablet. I'm just gonna hope that the mitigations don't shit on the performance of non-HT CPUs too much...
Zachary Bell
I have experienced something to this effect twice over the last two years. I didn't really connect the dots until I heard other stories of developers experiencing the same thing and it being a result of Indians trying to only hiring Indians that are as incompetent as they are. It is really fucking annoying.
How come Intel shares never seem to suffer despite what's happening? Are they too big to fail?
David Long
The computing world runs on Intel, not cheap knock-off AMD chips.
Lincoln Walker
They'll still sell new chips because everyone will assume next generation chips will have it fixed. Even if they don't.
Jason Moore
Those are without the microcode >Update: To note, no microcode changes/updates were made to the systems under test for this article
Alexander Hughes
my moron friend is convinced to buy an 8700k next week. He doesn't listen to me when i tell him to get amd because he was disappointed by the FX cpus and thinks amd is still shite.
he doesn't really seem to be bothered by the security holes.
Blake White
Every other group on earth practices in-group preference to the exclusion of all others. White males are the only group to exist that might give an actual damn about other groups of people and consider letting them into their group.
Lucas Morales
Never feel sorry for the fucking kikes. Do you think they felt almost sorry for screwing people over all these years? Or when they made these flaws to make their cpus faster?
Parker Richardson
ITS OVER, INTEL IS FI- >intel lowers prices by 1-2% INTEL IS BACK ON TOP!
Tyler Lewis
Regular users aren't affected by these exploits you dweeb.
That's why despite all the security holes the 8700k is still one of the best selling CPUs in the market right now.
As long as games and normal user programs aren't affected all this doomsaying doesn't mean shit.
Hudson Wright
Despite what AyyMD shills tell you everyone worth noting in the planet runs on Intel, Nvidia and IBM...even ARM
Jacob Lewis
not white males, but white females and pussified white males
Lincoln Reyes
Poor Intel
Michael Collins
wew, that was fast
Samuel Reyes
Wow, I'm glad this came out when it did, because Im going to build a new computer in the next few months, probably around Christmas and I was in the process of choosing between Intel and AMD for my next processor and it's almost certainly going to be AMD at this point.
Angel Martinez
Sure they are they just dont notice or bother to check, and intel has cemented public opinion of amd as a 'second rate' chipmaker
Luke Turner
>Intlel or AyyMD >Not going with superior master processor Oracle SPARC M8
Christopher Baker
>Not going RISC V
Carter Cox
>It is now against Intel's EULA to publish benchmarks of performance losses due to microcode updates perens.com/2018/08/22/new-intel-microcode-license Lmao. Anyone who buys Intel CPUs is actually retarded. Should we just remove them from >>>/pcbg/ recommendations entirely?
>White males are the only group to exist that might give an actual damn about other groups of people and consider letting them into their group. Which is why you are weak and why you will be extinct within the century. Bend over, it's OUR world now
Jose Nguyen
The ones getting fucked are enterprise users, not normal desktop users or prosumers.
Their mainstream processors are fine, their Xeons aren't.
Jose Baker
How do I get a refund for my 4790k?
Bentley Williams
I mean this latest flaw in particular. It's 100% irrelevant for non servers and single user computers.
Lincoln Long
I remember the gpu passthrough stuff was a pain in the ass to get running at an acceptable level when I tried it some years ago. Are things better now?
Liam Gray
This almost feels like some sort of focused attack on Intel. I mean Intel shat themselves with 10nm and recent housefires but this is too much even for them.
William Martinez
You keep saying that but it's not true. Exploit chaining is a thing. This vulnerability makes all Intel computers easier to attack. Especially since it's pretty easy to execute "sandboxed" code on a victim these days.
Adam Anderson
is intlel the applel of x86?
Anthony Moore
I will be accused of being a shill for saying this but if you think that it's just Intel processors that are filled with bugs you're very naive. AMD is in for a rude awakening in the next year or so but for now we get to laugh at Intel t. Ryzenfag
Jason Jenkins
Give me a likely scenario where this flaw will affect my personal computer.
Aiden Reyes
| |> |3 |
Jeremiah Morgan
>implying AMD has shekels to pay off security firms to find holes in Intel CPUs (lol
More like the ones who discovered Meltdown and Spectre just snowballed in their findings.
Now AMD has shekels to agitprop on a Mongolian cave drawing board.
>AMD is in for a rude awakening in the next year or so Anything particular you base this on? I'm trying to not be biased and to be honest I'm not sure what I'm going to go for on my next build.
Gavin Gutierrez
>flaw discovered days ago >Jow Forums silent >tech blogs start writing articles about it >Jow Forums now suddenly cares
Gavin Lee
Like I said, you have to be extremely naive or full fanboy to think that amd products are bug free. You should go with a ryzen, Intel doesn't even bother lowering their prices despite all this shit
John Lewis
>mind blown It's almost as if people are talking about the shit people are talking about.
Zachary Howard
Money isn't really an issue for me, though. I have no experience at all with AMD, but I must admit all the shit over the last year has made me consider it.
Kevin Cooper
I disabled hyperthreading today.
My bios did not have an option so I needed to use nosmt=force in kernel cmdline.
SMT L1 leaks cannot be fixed or worked around really on current hardware.
This is a technology board and yet nobody here care about technology unless tech blogs are taking about it
Michael King
Moar nazi husbando pls
Samuel Taylor
Someone mitm's you and watches for http traffic or an opportunity to downgrade an https request to http. A js payload is inserted which uses the side channel attack to eventually glean keys used for https connections or session cookies. Your bank session gets hijacked.
>I don't use JavaScript >I never run external code >My machine is buried in my backyard You can come up with countermeasures to every exploit, if you know how they're being leveraged. The point is this flaw can absolutely affect normal people. Leveraging this is only limited by the creativity of the attacker.
Jose Cox
Isn't that the general state of society, though? There are lots of important things to talk about, but people in general only do when the media starts them off.
Ian Bell
Nah. Apple is treated like shit by non remote security issues but Intel isnt moved even by remote shit. Intel its like Hillary Clinton. >mfw those tech sites that say that Intel is delaying 10 nm because Moore law instead of their incompetence.
Hudson Rogers
>Someone mitm's you I said a likely scenario Man in the middle attacks while watching and analysing my traffic are anything but likely.
Charles Cruz
That's an extremely complex way of getting information that you could usually obtain from simple phishing attacks. This is like Spectre all over again, yes it can in theory maybe affect end users but it's just to complex to implement to be worth it.
Jacob Cox
So wtf do i do if im in the market for a laptop? Ive tried to look for amd laptops but they dont exist in my brokeass 500 dollar budget
Landon Sanders
Can someone list all the Intel's security issues until now?
Bentley Barnes
Not white and this always comes back to bite a company in the ass. I expect more and more business to go away from legacy hardware/software companies and into new and open hardware/software efforts with a much more refined and focused group of engineers in the coming years. I've already seen billions of dollars of business leak from such companies to smaller higher quality businesses. This always tends to cost more than the short to term profit that's gained from it.
Correct. > a result of Indians trying to only hiring Indians that are as incompetent as they are. It's always a downhill whenever you see a company staffing in this manner. I bought into the H1B visa meme until I began working in the valley and saw what it was all about... The primary issue is that Indian/Asians have a strong get ahead at any cost and culture of corruption. Combine this w/ relatively homogeneous populations and an American immigration/visa policy that doesn't break that shit and you get race relations America has matured beyond in full vogue + other 3rd world shenanigans in the workplace. Ultimately a group of greedy boomer whites sold out America for generation so they can live high on the hog. Asian/Indians unironically know this and exploit the situation at their culture instructs them. The only thing that turns this around is a new generation of patriotic Americans who clean up the absolute mess the boomer generation left behind and is still furthering even as they are inches from the grave. I'd expect every country's youth to do the same respectively. It's only when you get your own house in order that you can properly interact w/ and help others.
Samuel Reed
The mitm is just an example, and doing such a thing is very easy. It could as easily be malvertising, a compromised site, etc. The point is this exploit makes any executed js able to get information it absolutely positively should not be able to get. This information can be used against you.
The example attack is reliable and can be automated trivially. You only need presence on a network. High quality phishing requires leg work and tailoring, and a sufficiently wise user won't be tricked regardless. These attacks are like the chipping away at a crypto cipher. Lower the attack work by an order of magnitude here, and there, then once more... Suddenly it can be broken in realistic time. Exploits add up, even academic seeming ones.
Christian Hall
oh fuck. i wanted to buy an i7-8700k this month. should i just get AMD at this point? all i do is play vidya and browse the internet
Jason Collins
IME obviously was. A lot of these other ones weren't.
Too many to list.
>So wtf do i do if im in the market for a laptop? >Ive tried to look for amd laptops but they dont exist in my brokeass 500 dollar budget Look better? There are raven ridge laptops around there.
Justin Morales
I've made the same mistake you have friend it's okay. My next PC build(s) will be AMD only from now on no matter what Intel tech shills say otherwise
