We are FUCKED

>being this retarded
They can access everything in memory in minutes. Look up spoiler and rowhammer.

Javascript was a mistake and we should ban it from the web.

Speculative Execution is fucking retarded and should be eliminated. "performs some task that may not be needed", yeah fuck that I don't care if its faster, its wasteful and adds needless complexity.

It's too late for that. Maybe in the future all web browsers will include a script blocker by default, but I doubt it.

>AMD drones conveniently ignoring the thread because the cognitive dissonance is too great

Attached: 1555346828921.jpg (400x400, 21K)

>rowhammer
This pretty hard to pull off, but exploits like use after free are common and easy.

>(s)he thinks memory leaking is used to get password information.

>We now know that someone can steal anything on our hard drives with some lines of javascript

>hard drives
Nigga what?

Also Spectre just isn't practical to exploit, not with javascript atleast. The chance of you actually finding something in memory that's not garbage with something as slow as javascript is almost nil

>Nigga what?
I don't know why I wrote it, I meant "they can steal anything in memory"

>he's only talking about spectre
The whole mentality of being "smart" online was practical 10 years ago. It's bad now.

>The chance of you actually finding something in memory that's not garbage with something as slow as javascript is almost nil
How do you think memory leaks are found lol. A heap scan?

>a fundamental flaw in the nature of computing
what the fuck does this even mean? that all CPUs are insecure because they run third party code?

That all CPUs are insecure because they allow any process to hijack another process? That all CPUs are insecure because they make sandboxing impossible?

Just a thought, but couldn't this be partially mitigated by running each program on its own virtual machine?

inb4 these "vulnerabilities" don't actually exist, but (((they))) are just making up excuses to start eventually shipping out CPU's that only allow software written by Microsoft, Google, Apple, or the CPU manufacturer to run on them.

Do you understand how spectre works, do you?

>I believe anything someone tells me as long as they're an authority figure
DUHHHHHHH

You don't. Ever. Unless you work in a company which has windows computers in which case it's not your problem.

God, that would be like the ultimate fantasy for you, wouldn't it? Imagine all of the shitposting and memes you could upload to oldnet about your living dystopia

I see.

Intel FUD

>chips
How did they get spectre to work on a 555 timer?

There's no possible mitigation via software. Stop being retarded.

I don't see motorola in that list

Let’s just agree not to use this exploit, that way we don’t have to cripple our processors

>Let's agree not to use guns, that way criminals will not be able to kill us

that's just the uncertainty of life
absolutists btfo

unironically leftists think this is the way to go

Yeah, because mentally unstable incels running around with guns is much better.

In the end, this means we should abandon the always online meme.

>But the Google team’s key result is to show that this assumption is wrong. A processor cannot tell the difference between a good command and a malicious one—even in principle. So if a command tells it to send information to an area of the memory that can be easily accessed later, the machine obeys.
Now I'm not a computer engineer but this seems like it should be common sense. How would a processor discriminate between good and malicious commands? As far as I'm aware they've always been relying on higher level software to sort which commands are being given to the machine at the instruction set level and said higher level software was always going to be potentially vulnerable to attack. I feel like the article has made major omissions because I'm not understanding why this is a revelation in potential problems for cybersecurity.

>may be
>could make

>How would a processor discriminate between good and malicious commands?
Context.
When your web browser's unprivileged Javascript VM tells the computer to copy your secure domain password to an unprotected space, it's safe to assume malice and tell it to fuck off.

The problem is that we do far too much within a single application, which is the the web browser. This makes privilege separation essentially impossible.
Malware that exploits your browser can get everything from your personal identity info to your banking information because you do absolutely everything through your browser.

>When your web browser's unprivileged Javascript VM tells the computer to copy your secure domain password to an unprotected space, it's safe to assume malice and tell it to fuck off.
Why did my browser create a Javascript VM?
Maybe it shouldn't do that.

>Why did my browser create a Javascript VM?
Because that's a thing your chosen browser does by default. Perhaps you should disable that feature or use a browser that respects your security instead.

>unironically using words like incel
kys

found the incel

>Spectre and Meltdown are architectural flaws
Wow, what a huge discovery, OP!

upboted +1

You do know that you can post here without enabling javascript, right?

Right. Criminals will still murder, therefore laws against murder are pointless.

What about stack machine chips?

Attached: G144A12-mark-Unisem.jpg (268x268, 11K)

Thanks. We've known this for what, 16 months now?

Attached: Untitled-2.jpg (1080x720, 169K)

>Not using your own custom built CPU in 2019
Fags

>not using mill architecture
It's their own fault.

This article is horse shit. It must have been a slow news day because it reads like a scare piece on how people/cpus are being tricked by fake news/malicious software so are being manipulated, it's time to control what media/software they are exposed too.

>he isn't working on his own operating system for RISC-V

Attached: raw.png (640x360, 309K)

VIA ftw

Attached: 1554465493323.gif (520x360, 1.95M)

I don't see Zilog on that list faggot

Correction, you are fucked
I'm using RK3328 ARM A53 quad-core
no spec-ex
no meltdown/spectre
no ME/PSP
free firmware
free boot loader
free kernel
free software
pure freedom

get fucked
Posted from my Sega Saturn

you mean dreamcast?

>How would a processor discriminate between good and malicious commands?
The personal computers Xerox made could. It viewed it's own instructions as a separate thing from data. Modern processors are poorly designed trash that sacrificed security for speed. It's nothing inheritent to computer design.

>the threat affects all chipmakers, including [...] ARM

>it's safe to assume malice and tell it to fuck off
But is this happening at the machine code level or in some higher abstract language? From what I gather the issue is when you get to the instruction set level there is basically no protection against malicious instructions and relying on higher level software to determine what is and isn't malicious isn't a viable strategy. I'm confused because this seems obvious unless you assume you have a literally perfect piece of software with no possible exploits or vulnerabilities for determining what isn't and isn't malicious.

So it's an issue with current designs being extremely permissive in how they allow software to access the hardware and software being used as a lazy bandaid to mitigate the potential vulnerability? As I said above I'm confused as to how this is groundbreaking since it seems obvious unless you assume you have perfect software to gatekeep for the hardware which is an extremely shitty assumption to make as far as security goes. I guess the assumption was security through obscurity and difficultly of implementing this kind of exploit?

What the fuck is this even saying?
>A processor cannot tell the difference between a good commandand a malicious one—even in principle. So if a command tells it to send information to an area of the memory that can be easily accessed later, the machine obeys.
Yeah no fucking shit, that's how CPUs work
>side-channel
>side-channel
>side-channel
What's the fucking attack though? Did they just learn about the concept of side-channel attacks and are amazed at their existence?
I'm sure there's something concrete but this article is among the worst I have read recently.

Does this affect ps2 linux?

no

javascript was a mistake

Attached: 13f.gif (498x594, 113K)

Pretty sure Intel supports marking instructions as separate from data.

saturn doesnt have a web browser

I've been reading about different architectures, there's a processors in dip package (many actually) that doesn't have speculation, not even microcode. Single core and not very fast. I think if you run most/all applications on their own processor it would seem fast.
They have processors, microcontrollers, codec decoding/encoding, display, memory, etc. chips all implemented in hardware. Lots of interesting components all over, mainly used in embedded applications.

web.archive.org/web/19971011105953/http://www.planetweb.com:80/manual/

This ironically
Don’t android cucks/underdog faggots run java on android? Anyways anjeets you’re trash and always will be. Keep bragging about how good android is. I’m sure it gets more females to a dry point in their vag when they see you talking about it over and over

Attached: 44A8C720-CB5A-4D95-9396-67E602F63A44.png (800x360, 216K)

>anything out of my intellectual reach is jew magic
stay Jow Forums

Attached: 80c.png (645x729, 77K)

You're really mad about something. Android? Linux? Indians? Java? ???

Attached: clam.webm (636x352, 277K)

Have sex

literal retard. murder and other such severe crimes, arent usually stopped by the threat of the law. either because the criminal isnt thinking straight, doesnt care, or simply thinks he can get away with it. they exist as a framework for justice, ie punishment or compensation. how the fuck is what you said relevent to magically wishing bad guys would stop using guns after they were made illegal, all the while law abiding citizens (pro tip: ccw users are among the most law abiding in the country) get their rights and ability to defend themselves stripped away? fuck off with your authoritarian bullshit you bootlicking cuck

upboat my MAGA friend xDD

eh. begs the question, no?

No they can't, fuck off with your shitty fox news scare mongering. Go read the whitepaper for both exploits and educate yourself.

Attached: 1544422840199.png (720x540, 500K)

developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
>Only affected cores are listed, all other Arm cores are NOT affected.
Can't have speculative execution bugs on a chip that doesn't do speculative execution
It's very simple

Could I avoid this exploit by never using JavaScript?

Riddle me this, say I have Tor Browser open and I'm using shitty setting which allows a Spectre/Meltdown infected site to read my ram. Can they get my real IP address from something in the memory?

Never a day do I not think about the "On trusting trust" paper

>I guess the assumption was security through obscurity and difficultly of implementing this kind of exploit?
Pretty much. People have suspected exploits like Spectre and meltdown for years but everyone said it would be too much work to reverse engineer. So they focused on making it fast with no regard for security. As far as they were concerned no one would bother exploiting hardware which is much harder to reverse engineer than software but that obviously isn't true now.

Even potato chips.

Attached: nagatoro_is_srspng.png (676x608, 303K)

PowerPC master race.

They can get your ip address without having to use this exploits, just with javascript. That's why you should always disable it when using Tor.

If you are not using javascript, there is no way in which someone could benefit from Spectre or Meltdown to infect your computer.

>this exploits
*these

Wasn't one of the bigger Tor busts related to a font exploit?

>They can get your ip address without having to use this exploits, just with JavaScript.
I doubt its that easy. The only use of a JS exploit to beat Tor was with Playpen and that only targeted pedophiles using windows. That suggests to me that JS exploits that can get through Tor are something they would sit on and wait for the right moment to use, not something that is actively in their toolkit right now.

Maybe. But whenever I read about a Tor vulnerability it's because of a Firefox javascript exploit.

Despite how much they write about it, the only remotely recent one was the Playpen zero day. Its not something that crops up monthly.

No they all used JavaScript as far as everyone knows. Remember that the source code and exact methods have never been discloused for anything of them. They don't really need to use exploits to get people on the dark net worth getting anyway. If you give away a few facts about yourself and they figure out the general area where you live based on linguistics or something else. It's extremely easy for them to figure out who you are.

I see the solution to this being a return to coprocessors. Maybe even a PCI board you plug in a few years from now that handles 'safe' execution in a sandboxed environment.

Everything will be fine.
except your wallet, that thing is gonna get fucked

Attached: yee.jpg (509x429, 40K)

Looks like we're going back to the future. I'm ok with this.

>During the last year, Intel has redesigned its chips in attempt to mitigate the most serious threats from Spectre and Meltdown attacks. But this has reportedly come at the cost of a performance drop of up to 14%. And the modifications are unlikely to be fail-safe.
Does that explain their decreased performance rates recently?

I don't understand why they do this, really. If your processors are pieces of cheddar cheese, you might as well leave all the doors open and give the chip the maximum performance you can.

They are reducing performance in order to increase security, but they get no real security.

I dunno, this exploit sounds like a small basic exploit that I had kinda assumed already happened to a degree. I just don't get how people trust the handling of confidential info to computers. It's just not going to work and there will be a will to get it either already or in the future.

Paper is just unbeatable in offices unfortunately. This exploit proves that going paperless is a lie. The managing partner of the last firm I worked at (in insurance) was against going paperless for this very reason.
>funny how the female co-workers were all for it.