Reminder that not a SINGLE Spectre and/or Meltdown based malware has been developed, found or used anywhere...

Reminder that not a SINGLE Spectre and/or Meltdown based malware has been developed, found or used anywhere, and its been over a year since their discovery.
Reminder that these attacks use high precision timers to infer data which is impossible from a browser.
Reminder that there is discussion that Linux should DISABLE these mitigations by default since using these attacks is impossible.
Reminder that even AMD is vulnerable to Spectre exploit.

These purely theoretical and academic attacks have been hyped up by AMD shills because they know that AMD has a shitty and inferior SMT implementation which is a decade behind Intel. Plus, hyping up bullshit is the only thing they know.

Attached: inspectre.png (464x359, 18K)

Other urls found in this thread:

virusbulletin.com/virusbulletin/2018/07/does-malware-based-spectre-exist/
twitter.com/NSFWRedditImage

That's the ones we found about.
Don't worry, NSA already has access to everything you type through IME/PSP.

You're free to disable mitigations if you think you're smarter than everybody else.

>Don't worry, NSA already has access to everything you type through IME/PSP.
Exactly. So if you want to be fully secure, why not move back to Pentium Pro.

>AMD has a shitty and inferior SMT implementation which is a decade behind Intel
imagine being this delusional

These exploits are never going to be a huge issue for end-users. They ARE however a huge issue for server providers, since you can potentially use them to sniff data from outside a VM.

It just takes one compromised machine in the right place to enable an attacker to steal private keys, passwords and what-have-you from any of the big cloud providers.

Attached: cadpig explaining something.jpg (717x717, 75K)

I'm disabling it because if malware found its way on my computer, it would be able to fuck me over anyway, intel exploit or not.

However, I wish this tool wasn't shilled so hard. When enough people start disabling these protections, it becomes attractive for malware authors to develop malware that targets these flaws. So please don't shill it that much. Let's not repeat what happened with when we told the normies about Ad Blockers.

Don't get it wrong.
The worry here is that China or whatever non-freedom nation might be able to do the same.

Yes, it is inferior. Prove otherwise.

It's actually better, performance wise.
You can look at any benchmarks.

The VMs not only have to be running on the same processor, they have to be running on the SAME SINGLE CORE for these exploits to work. It is impossible that this happens as kernel scheduler switches the processes around all the time.

>prove me wrong
vip quality argument

Lock both processors to single core with SMT/HT on and run any benchmark at same fixed frequency. You will get your answer as to which is faster.

Intel 20% AMD 25%
It's not a state secret.
Except nobody cares except gayming.

Fucking this.
Retards are forgetting that the first Core i gens didn't reach anywhere close to 5ghz to generate those SMT results, the 4790k, their 4th gen was when they finally started to hit 5ghz in extremely rare occasions, Intel had 10 years to reach the point they're at right now.

The same will happen with AMD and Intel knows this, they're fucked for the next 5+ years onwards.

Except it normally doesn't, and side channel aware schedulers come with performance and latency penalties. There's nothing stopping you from running the attack continuously given the reasonable leakage rate and storing it to later sort either. It's pretty likely that you'll strike ssensitive information at some point.

bullshit.
amd went from excavator to zen 1 in exactly one generation.
the same uplift in performance intel did it between p4 and i-cores.
they never had a jump in performance, just polishing the same pentium m turd over and over again.
fun fact, intel was never a cpu company.
cpu arch fact, SMT doesn't care about your clock, only your Jow Forums pajeet-tier posters who only can memorize numbers from boxes.
that's another pajeet tier argument.
if you want to compare 2 different cpus, compare them on the power to performance ratio.
do you know why? because different pipelines behave differently at the same frequency.
when you are using the same clock in 2 cpus you are just comparing the pipelines. not the performance.
an X stage pipeline will always give better performance than a Y stage pipeline, where X < Y, at the same frequency, when both cpus are OoO, use the same ISA and they have almost identical issue.

If the "tech" sites had at least one guy that studied the basics of comp arch, at least, 99% of the users wouldn't understand anything besides the article's photo.

p.s. clock for clock single or multicore, amd's SMT performs better than intel.

that's where AMD's PSP comes in hand.
you tell that little cryptography accelerator to encrypt and decrypt your data when talking to or listening to the memory.
you combine with their robust implementation of the shared resource management, e.g. when switching between threads in the same core, and you get the most secure system.

>Reminder that even AMD is vulnerable to Spectre exploit.
AMDrones are illiterate spastics. they're not able to read this.

Based techposter

>Except it normally doesn't
You are wrong. Almost all mainstream, multitasking OS schedulers switch the processes on to different processors (and cores) all the time unless you set affinity mask. Even the speculative side channel PoC's come with a program which makes sure that the program runs on the same physical core. Otherwise it doesn't work.

>There's nothing stopping you from running the attack continuously given the reasonable leakage rate and storing it to later sort either. It's pretty likely that you'll strike ssensitive information at some point.
At this point it would be better to brute force rather than using this attack.

>our shitty processor has had vulnerability after vulnerability and tons of bugs and other shit found
>it has a much worse botnet in it
>it's much more expensive
>it's only "faster" on fucking benchmarks made to make us look good
>ITS OK GUYS AMD IS JUST BUTTMAD LEL
If you buy Intel, you're an idiot. End of fucking goddamn discussion. I know you're upset that you made the wrong decision, but holy fuck, stop your temper tantrum and LEARN FROM YOUR FUCKING MISTAKE instead of being a little bitch.

>You are wrong. Almost all mainstream, multitasking OS schedulers switch the processes on to different processors (and cores) all the time unless you set affinity mask.
You're imagining this is done frequently enough that it renders unshared caches useless after a few cycles. Hilarious.

>At this point it would be better to brute force rather than using this attack.
Show your work.

>call others pajeet
>posts literal bullshit with some ""tech"" words thrown it
So lets see

>if you want to compare 2 different cpus, compare them on the power to performance ratio.
Wtf power has anything to do with all of this?

>do you know why? because different pipelines behave differently at the same frequency.
And the water is wet, what's your point?

>when you are using the same clock in 2 cpus you are just comparing the pipelines. not the performance.
Wrong. You are not only comparing just the pipelines but the complete underlying architecture.

>an X stage pipeline will always give better performance than a Y stage pipeline, where X < Y, at the same frequency, when both cpus are OoO, use the same ISA and they have almost identical issue.
Again wrong. It depends on the type of code that both are executing and again, the architecture. If the code has low number of branches and/or CPU using Y pipeline has a very good branch prediction unit, it will BTFO CPU with X pipeline every time.

>p.s. clock for clock single or multicore, amd's SMT performs better than intel.
Again wrong. As proved by multiple benchmarks at single core SMT at fixed frequency.

You're just a typical delusional AMD bullshitter.

>You're imagining this is done frequently enough that it renders unshared caches useless after a few cycles. Hilarious.
Are you brain damaged? Non-shared cache is useless as soon as a context switch happens. Or are you now implying that OS never switches tasks on a processor? Have you ever read about SMP?

I'm not the one here distracting with strawmen.

what about my ps vita?

AMD > Intel
You didn't even make any rational arguments other than nope or wrong.

Attached: (You).jpg (600x432, 21K)

You narrow minded faggots are incredible.
>Wtf does power has to do with all of this?
>has
Let me tell you, fuck face. If one vendor's CPU can handle 10000 web requests per second per watt and another vendor's CPU can only handle 5000 in the same power envelope, it's not even a discussion for most businesses during procurement cycles. This extends even more dramatically to all of your cloud vendors, obviously.
>omg electricity and cooling are free because i live with mum so its not a factor
Yeah, go look at the principal costs of running a datacenter. The capital cost of the CPU is so irrelevant compared to power & cooling that you should literally get fired on the spot for bringing it up if you worked there. So yeah, you could make up some really hypothetical arguments about one vs the other, but in reality, for 99% of use cases, the obvious choice is AMD at this point.

Feels good mane, After people start utilizing those exploits, I ain't patching shit.

Attached: Fuck npc's.jpg (464x356, 71K)

By far America is the worst - they sell you freedom and constantly try to siphon it away behind your back, and they use it as an excuse to fuck other countries freedoms up. China has just been sitting there for thousands of years and their border and style of government has hardly changed. Fuckin amerimutts

Is this InSpectre program open source? How can I know I'm not installing some virus?

Do 5 minutes of research, nimrod.

Works for me

Attached: Untitled.png (464x359, 17K)

Okay. Reddit told me not to trust this guy and his executables.

pti=off
spectre_v2=off
l1tf=off
nospec_store_bypass_disable
no_stf_barrier

Attached: 1486156249386.jpg (800x800, 113K)

>Takes advice from reddit

Attached: Breakfast.jpg (185x272, 13K)

Yea where else would I find it when Jow Forums brushed me off?

Surprisingly based

Attached: Screenshot-640x909.png (640x909, 87K)

Don't forget RYZENFALL

it just sets up some registry keys anyway:
>To disable mitigations for Microarchitectural Data Sampling (CVE-2018-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130) along with Spectre [ CVE-2017-5753 & CVE-2017-5715 ] and Meltdown [ CVE-2017-5754 ] variants, including Speculative Store Bypass Disable (SSBD) [ CVE-2018-3639 ] as well as L1 Terminal Fault (L1TF) [ CVE-2018-3615, CVE-2018-3620, and CVE-2018-3646 ]:
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 3 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f

>Reminder that even AMD is vulnerable to Spectre exploit.

Attached: delete.jpg (700x700, 68K)

This! Security doesn't matter

i would have lost like 15 frames per second in my fortnite if i applied these retarded patches
fuck that, i'm struggling to get above 250 frames per second as it is. this is just a jewish trick to get us to buy new processors LOL

It's okay guys, chrome os doesn't matter.

Attached: 1533566085480.png (653x726, 84K)

>using GRC cuck botnetware
jesus fucking christ winturddlers

>not being fully mitigated
l1tf Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT disabled
mds Mitigation: Clear CPU buffers; SMT disabled
meltdown Mitigation: PTI
spec_store_bypass Mitigation: Speculative Store Bypass disabled via prctl and seccomp
spectre_v1 Mitigation: __user pointer sanitization
spectre_v2 Mitigation: Full generic retpoline, IBPB: conditional, IBRS_FW, RSB filling

You don't have to. Use POWER9

Way to reply to every post faggot

What program do I use to test on *nix?

So you snoop whatever you can for years until something shows up. It's difficult or expensive. Companies do that to consumers constantly. Why not each other?

Just like MDS :^)

Do you have Intel's ME turned off as well?

lol get bent Intards

ok Intel

Was using the Meltdown/Spectre patches and settings on my workstation for a while, did some benchmarks and realized I was losing performance I paid for and for no absolutely logical or rational reason so I disabled them, no issues.

Now with all these newfangled issues cropping up over the past few days, I suspect it'll be the same thing all over again.

DON'T BELIEVE THE HYPE

Part of me thinks this is all nothing more than Intel pushing even more deceptive IME style exploit potentials onto the general public more than anything else.

The best way to influence a huge number of people into doing exactly what you want them to do - install even more back doors - is to scare them with press releases about exploits that really aren't so bad but the ignorance of the typical computer owner/user means they're going to take it out of context and "obey" more or less.

Perfect example: Adobe announces that some of the code in their older products is now no longer licensed for use by the companies that provided said code to Adobe to use in their products. That code does NOT belong to Adobe and Adobe cannot control the owner's desire to pull the license.

So they announce it to the world that the third-party code developers could sue people for continuing to use the code in the old Adobe products and what happens?

People blame Adobe and they're not the one that could sue you if you choose to use older Adobe products - the third-party code vendors are the ones that would sue end-users.

PAY ATTENTION AND READ WITH COMPREHENSION, YOU FUCKING STUPID PEOPLE

Legit fucking retatded if you think this. The end of the dynasties and maosim and shit was a massive change. They bascially rewrote history and culuture during this time

Yeah, I guess that's why everyone is using Xeons, right?

>Reminder that these attacks use high precision timers to infer data which is impossible from a browser.
Only because browsers disabled access to high precision timers in response to spectre/meltdown

Why not use a 486 and this point? It is the most secure CPU.

Its the stupid ""tech"" (((journalists))) hyping bullshit as always and normies gobbling it up. They didn't even get their stories right the first time.

Intel wants you to turn all of these patches on so your 3 year old machine goes on life support watching a youtube video forcing you to upgrade to Ice Lakeā„¢

>Don't worry, NSA already has access to everything you type through IME/PSP.
Not likely if people who got caught through Tor are anything to go by. You'd imagine some state of the art and clever exploits were used - no, bad opsec and Javascript exploits were used. If this was all so trivial to exploit, they certainly have to power to do so.

Have the power*

Nice smokescreen glownigger, but I can see through you. I know all about your tools.

>Nice smokescreen glownigger, but I can see through you. I know all about your tools.
What the fucking fucking fucking fuck are you talking about?

>Reminder that not a SINGLE Spectre and/or Meltdown based malware has been developed, found or used anywhere, and its been over a year since their discovery.

fuck off shill

where we're going we don't need x86

Attached: 1557173475575.jpg (416x435, 33K)

Shared L3 cache

Attached: just-tails-sitting-on-a-bench-59e8096d15272.png (429x447, 287K)

Amd SMT implementation isn't riddled with holes. That automatically makes it superior jackass

>Part of me thinks this is all nothing more than Intel pushing even more deceptive IME style exploit potentials onto the general public more than anything else.
I was suspecting the same thing. Noticed a lot of products with initially different microcodes suddenly all updates to 0xB4? That's really fishy.

Keep telling yourself that, amdumbass.

>He believes nobody has been affected by these exploits because large companies have not reported any hacks to the general public.
Hmm.

>No one has developed one yet, is ok
Just because it hasn't happened yet doesn't mean it won't.

Ok semiconductor heater company.

Have you ever heard of herd immunity through vaccination? The principle is very similar here, though instead of a virus, you have malware. Nobody used it because it takes a long time to obtain useful information and it is assumed that most computers have already been patched.

You are now behaving like an anti-vaxxer. Just because YOU haven't seen it in action, doesn't mean it doesn't exist and it cannot be exploited. I assure you that companies which are big enough to be targetted do not have any reason to admit in public that they were victims of this exploit because they would also admit indirectly that they did not behave diligently.

>Have you ever heard of herd immunity
>herd immunity
Don't you have some pigs to be fucking, farmer John.

A hack in a large company cannot remain secret you dumbass.

If these were viable, there would be hundreds of malware out by now. Even the researchers who made PoCs have admitted that these attacks are next to impossible to pull off.

Kim Jong Un would like a word with you.

Nice counter-argument there John. Come back in autumn when you finish third grade.

Attached: aXYXmZg_700b.jpg (288x381, 22K)

Have sex

kek
It's like the dejavu nintendo switch exploit
It only really works on older firmware, in newer ones it's all "theorical"

>Nobody used it because it takes a long time to obtain useful information
There is a reason private keys and passwords have expiration times in any company with half a brain.

>I assure you that companies which are big enough to be targetted do not have any reason to admit in public that they were victims of this exploit because they would also admit indirectly that they did not behave diligently.
You're thinking too highly of these big companies. Big companies literally don't give a rats ass about what public think. They know public is too lazy and stupid to use the alternative. Give a single instance where some big company got hacked because of shitty security and public moved away from them. Google could come out tomorrow saying we sell your data to govts for profit and public won't give a shit.

>not a SINGLE Spectre and/or Meltdown based malware has been developed
As if an inteltard from Jow Forums would know about them. If you did some research you'd know that they exist.

Provide a source or kys.

butthurt much

Give me money then

Go beg for money on your shitting street, AMD poorfag pajeet.

Sorces are irelevant on Jow Forums -headcanon

Imagine being so retarded to think that you deserve to be given a paid exploit.
Imagine being too stupid to make an exploit yourself when there's a fuck ton of resources on how to do it.
Let OP first prove literally any of his claims, which he didn't.

Of course you don't have to prove what you say if you don't want, but don't get angry if people does not take you seriously.

Google it and you'll find no one has found any malware based on these attacks. You know, the companies whose day job is finding these things. Here's just one from a quick google search:

virusbulletin.com/virusbulletin/2018/07/does-malware-based-spectre-exist/

>hourly intel damage control general

>letting yourself get infected as time goes on
>fixing infected shit rather than protecting beforehand
why use condoms when u can just use the morning after pill / inject the dick?

>Google could come out tomorrow saying we sell your data to govts for profit and public won't give a shit.
They're buyers. They sell the service of manipulation using that data.