Reminder that not a SINGLE Spectre and/or Meltdown based malware has been developed, found or used anywhere, and its been over a year since their discovery. Reminder that these attacks use high precision timers to infer data which is impossible from a browser. Reminder that there is discussion that Linux should DISABLE these mitigations by default since using these attacks is impossible. Reminder that even AMD is vulnerable to Spectre exploit.
These purely theoretical and academic attacks have been hyped up by AMD shills because they know that AMD has a shitty and inferior SMT implementation which is a decade behind Intel. Plus, hyping up bullshit is the only thing they know.
That's the ones we found about. Don't worry, NSA already has access to everything you type through IME/PSP.
Liam Barnes
You're free to disable mitigations if you think you're smarter than everybody else.
Henry Taylor
>Don't worry, NSA already has access to everything you type through IME/PSP. Exactly. So if you want to be fully secure, why not move back to Pentium Pro.
Christopher Rodriguez
>AMD has a shitty and inferior SMT implementation which is a decade behind Intel imagine being this delusional
Michael Barnes
These exploits are never going to be a huge issue for end-users. They ARE however a huge issue for server providers, since you can potentially use them to sniff data from outside a VM.
It just takes one compromised machine in the right place to enable an attacker to steal private keys, passwords and what-have-you from any of the big cloud providers.
I'm disabling it because if malware found its way on my computer, it would be able to fuck me over anyway, intel exploit or not.
However, I wish this tool wasn't shilled so hard. When enough people start disabling these protections, it becomes attractive for malware authors to develop malware that targets these flaws. So please don't shill it that much. Let's not repeat what happened with when we told the normies about Ad Blockers.
Ethan Clark
Don't get it wrong. The worry here is that China or whatever non-freedom nation might be able to do the same.
Tyler Gutierrez
Yes, it is inferior. Prove otherwise.
Joseph Powell
It's actually better, performance wise. You can look at any benchmarks.
Connor Sanders
The VMs not only have to be running on the same processor, they have to be running on the SAME SINGLE CORE for these exploits to work. It is impossible that this happens as kernel scheduler switches the processes around all the time.
William Bell
>prove me wrong vip quality argument
Easton Flores
Lock both processors to single core with SMT/HT on and run any benchmark at same fixed frequency. You will get your answer as to which is faster.
Tyler Gonzalez
Intel 20% AMD 25% It's not a state secret. Except nobody cares except gayming.
Jacob Kelly
Fucking this. Retards are forgetting that the first Core i gens didn't reach anywhere close to 5ghz to generate those SMT results, the 4790k, their 4th gen was when they finally started to hit 5ghz in extremely rare occasions, Intel had 10 years to reach the point they're at right now.
The same will happen with AMD and Intel knows this, they're fucked for the next 5+ years onwards.
Michael Stewart
Except it normally doesn't, and side channel aware schedulers come with performance and latency penalties. There's nothing stopping you from running the attack continuously given the reasonable leakage rate and storing it to later sort either. It's pretty likely that you'll strike ssensitive information at some point.
Nathaniel Roberts
bullshit. amd went from excavator to zen 1 in exactly one generation. the same uplift in performance intel did it between p4 and i-cores. they never had a jump in performance, just polishing the same pentium m turd over and over again. fun fact, intel was never a cpu company. cpu arch fact, SMT doesn't care about your clock, only your Jow Forums pajeet-tier posters who only can memorize numbers from boxes. that's another pajeet tier argument. if you want to compare 2 different cpus, compare them on the power to performance ratio. do you know why? because different pipelines behave differently at the same frequency. when you are using the same clock in 2 cpus you are just comparing the pipelines. not the performance. an X stage pipeline will always give better performance than a Y stage pipeline, where X < Y, at the same frequency, when both cpus are OoO, use the same ISA and they have almost identical issue.
If the "tech" sites had at least one guy that studied the basics of comp arch, at least, 99% of the users wouldn't understand anything besides the article's photo.
p.s. clock for clock single or multicore, amd's SMT performs better than intel.
Gabriel Ramirez
that's where AMD's PSP comes in hand. you tell that little cryptography accelerator to encrypt and decrypt your data when talking to or listening to the memory. you combine with their robust implementation of the shared resource management, e.g. when switching between threads in the same core, and you get the most secure system.
Andrew Jenkins
>Reminder that even AMD is vulnerable to Spectre exploit. AMDrones are illiterate spastics. they're not able to read this.
Hunter Reyes
Based techposter
Camden Murphy
>Except it normally doesn't You are wrong. Almost all mainstream, multitasking OS schedulers switch the processes on to different processors (and cores) all the time unless you set affinity mask. Even the speculative side channel PoC's come with a program which makes sure that the program runs on the same physical core. Otherwise it doesn't work.
>There's nothing stopping you from running the attack continuously given the reasonable leakage rate and storing it to later sort either. It's pretty likely that you'll strike ssensitive information at some point. At this point it would be better to brute force rather than using this attack.
Justin Martinez
>our shitty processor has had vulnerability after vulnerability and tons of bugs and other shit found >it has a much worse botnet in it >it's much more expensive >it's only "faster" on fucking benchmarks made to make us look good >ITS OK GUYS AMD IS JUST BUTTMAD LEL If you buy Intel, you're an idiot. End of fucking goddamn discussion. I know you're upset that you made the wrong decision, but holy fuck, stop your temper tantrum and LEARN FROM YOUR FUCKING MISTAKE instead of being a little bitch.
John Davis
>You are wrong. Almost all mainstream, multitasking OS schedulers switch the processes on to different processors (and cores) all the time unless you set affinity mask. You're imagining this is done frequently enough that it renders unshared caches useless after a few cycles. Hilarious.
>At this point it would be better to brute force rather than using this attack. Show your work.
Samuel Cook
>call others pajeet >posts literal bullshit with some ""tech"" words thrown it So lets see
>if you want to compare 2 different cpus, compare them on the power to performance ratio. Wtf power has anything to do with all of this?
>do you know why? because different pipelines behave differently at the same frequency. And the water is wet, what's your point?
>when you are using the same clock in 2 cpus you are just comparing the pipelines. not the performance. Wrong. You are not only comparing just the pipelines but the complete underlying architecture.
>an X stage pipeline will always give better performance than a Y stage pipeline, where X < Y, at the same frequency, when both cpus are OoO, use the same ISA and they have almost identical issue. Again wrong. It depends on the type of code that both are executing and again, the architecture. If the code has low number of branches and/or CPU using Y pipeline has a very good branch prediction unit, it will BTFO CPU with X pipeline every time.
>p.s. clock for clock single or multicore, amd's SMT performs better than intel. Again wrong. As proved by multiple benchmarks at single core SMT at fixed frequency.
You're just a typical delusional AMD bullshitter.
Robert Gomez
>You're imagining this is done frequently enough that it renders unshared caches useless after a few cycles. Hilarious. Are you brain damaged? Non-shared cache is useless as soon as a context switch happens. Or are you now implying that OS never switches tasks on a processor? Have you ever read about SMP?
Eli Ortiz
I'm not the one here distracting with strawmen.
Gavin Taylor
what about my ps vita?
Andrew Evans
AMD > Intel You didn't even make any rational arguments other than nope or wrong.
You narrow minded faggots are incredible. >Wtf does power has to do with all of this? >has Let me tell you, fuck face. If one vendor's CPU can handle 10000 web requests per second per watt and another vendor's CPU can only handle 5000 in the same power envelope, it's not even a discussion for most businesses during procurement cycles. This extends even more dramatically to all of your cloud vendors, obviously. >omg electricity and cooling are free because i live with mum so its not a factor Yeah, go look at the principal costs of running a datacenter. The capital cost of the CPU is so irrelevant compared to power & cooling that you should literally get fired on the spot for bringing it up if you worked there. So yeah, you could make up some really hypothetical arguments about one vs the other, but in reality, for 99% of use cases, the obvious choice is AMD at this point.
Carson Taylor
Feels good mane, After people start utilizing those exploits, I ain't patching shit.
By far America is the worst - they sell you freedom and constantly try to siphon it away behind your back, and they use it as an excuse to fuck other countries freedoms up. China has just been sitting there for thousands of years and their border and style of government has hardly changed. Fuckin amerimutts
Joshua Long
Is this InSpectre program open source? How can I know I'm not installing some virus?
it just sets up some registry keys anyway: >To disable mitigations for Microarchitectural Data Sampling (CVE-2018-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130) along with Spectre [ CVE-2017-5753 & CVE-2017-5715 ] and Meltdown [ CVE-2017-5754 ] variants, including Speculative Store Bypass Disable (SSBD) [ CVE-2018-3639 ] as well as L1 Terminal Fault (L1TF) [ CVE-2018-3615, CVE-2018-3620, and CVE-2018-3646 ]: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 3 /f
i would have lost like 15 frames per second in my fortnite if i applied these retarded patches fuck that, i'm struggling to get above 250 frames per second as it is. this is just a jewish trick to get us to buy new processors LOL
>using GRC cuck botnetware jesus fucking christ winturddlers
Jace Taylor
>not being fully mitigated l1tf Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT disabled mds Mitigation: Clear CPU buffers; SMT disabled meltdown Mitigation: PTI spec_store_bypass Mitigation: Speculative Store Bypass disabled via prctl and seccomp spectre_v1 Mitigation: __user pointer sanitization spectre_v2 Mitigation: Full generic retpoline, IBPB: conditional, IBRS_FW, RSB filling
Bentley Thomas
You don't have to. Use POWER9
Bentley White
Way to reply to every post faggot
Carter Bennett
What program do I use to test on *nix?
Adrian Allen
So you snoop whatever you can for years until something shows up. It's difficult or expensive. Companies do that to consumers constantly. Why not each other?
Jackson White
Just like MDS :^)
Elijah Flores
Do you have Intel's ME turned off as well?
Jacob Mitchell
lol get bent Intards
Jayden Walker
ok Intel
Ethan Edwards
Was using the Meltdown/Spectre patches and settings on my workstation for a while, did some benchmarks and realized I was losing performance I paid for and for no absolutely logical or rational reason so I disabled them, no issues.
Now with all these newfangled issues cropping up over the past few days, I suspect it'll be the same thing all over again.
DON'T BELIEVE THE HYPE
Part of me thinks this is all nothing more than Intel pushing even more deceptive IME style exploit potentials onto the general public more than anything else.
The best way to influence a huge number of people into doing exactly what you want them to do - install even more back doors - is to scare them with press releases about exploits that really aren't so bad but the ignorance of the typical computer owner/user means they're going to take it out of context and "obey" more or less.
Perfect example: Adobe announces that some of the code in their older products is now no longer licensed for use by the companies that provided said code to Adobe to use in their products. That code does NOT belong to Adobe and Adobe cannot control the owner's desire to pull the license.
So they announce it to the world that the third-party code developers could sue people for continuing to use the code in the old Adobe products and what happens?
People blame Adobe and they're not the one that could sue you if you choose to use older Adobe products - the third-party code vendors are the ones that would sue end-users.
PAY ATTENTION AND READ WITH COMPREHENSION, YOU FUCKING STUPID PEOPLE
William Campbell
Legit fucking retatded if you think this. The end of the dynasties and maosim and shit was a massive change. They bascially rewrote history and culuture during this time
Josiah Ward
Yeah, I guess that's why everyone is using Xeons, right?
Xavier Perez
>Reminder that these attacks use high precision timers to infer data which is impossible from a browser. Only because browsers disabled access to high precision timers in response to spectre/meltdown
Jeremiah Watson
Why not use a 486 and this point? It is the most secure CPU.
Asher Gomez
Its the stupid ""tech"" (((journalists))) hyping bullshit as always and normies gobbling it up. They didn't even get their stories right the first time.
Leo Evans
Intel wants you to turn all of these patches on so your 3 year old machine goes on life support watching a youtube video forcing you to upgrade to Ice Lakeā¢
Andrew Reyes
>Don't worry, NSA already has access to everything you type through IME/PSP. Not likely if people who got caught through Tor are anything to go by. You'd imagine some state of the art and clever exploits were used - no, bad opsec and Javascript exploits were used. If this was all so trivial to exploit, they certainly have to power to do so.
Zachary Long
Have the power*
William Kelly
Nice smokescreen glownigger, but I can see through you. I know all about your tools.
Jace Moore
>Nice smokescreen glownigger, but I can see through you. I know all about your tools. What the fucking fucking fucking fuck are you talking about?
Carter Jones
>Reminder that not a SINGLE Spectre and/or Meltdown based malware has been developed, found or used anywhere, and its been over a year since their discovery.
Amd SMT implementation isn't riddled with holes. That automatically makes it superior jackass
Leo Collins
>Part of me thinks this is all nothing more than Intel pushing even more deceptive IME style exploit potentials onto the general public more than anything else. I was suspecting the same thing. Noticed a lot of products with initially different microcodes suddenly all updates to 0xB4? That's really fishy.
Jeremiah Barnes
Keep telling yourself that, amdumbass.
Wyatt Phillips
>He believes nobody has been affected by these exploits because large companies have not reported any hacks to the general public. Hmm.
Brandon Cooper
>No one has developed one yet, is ok Just because it hasn't happened yet doesn't mean it won't.
Joshua Johnson
Ok semiconductor heater company.
Luke Gonzalez
Have you ever heard of herd immunity through vaccination? The principle is very similar here, though instead of a virus, you have malware. Nobody used it because it takes a long time to obtain useful information and it is assumed that most computers have already been patched.
You are now behaving like an anti-vaxxer. Just because YOU haven't seen it in action, doesn't mean it doesn't exist and it cannot be exploited. I assure you that companies which are big enough to be targetted do not have any reason to admit in public that they were victims of this exploit because they would also admit indirectly that they did not behave diligently.
Ayden Sanchez
>Have you ever heard of herd immunity >herd immunity Don't you have some pigs to be fucking, farmer John.
Isaac Clark
A hack in a large company cannot remain secret you dumbass.
If these were viable, there would be hundreds of malware out by now. Even the researchers who made PoCs have admitted that these attacks are next to impossible to pull off.
Caleb Adams
Kim Jong Un would like a word with you.
John Gutierrez
Nice counter-argument there John. Come back in autumn when you finish third grade.
kek It's like the dejavu nintendo switch exploit It only really works on older firmware, in newer ones it's all "theorical"
Kevin Rivera
>Nobody used it because it takes a long time to obtain useful information There is a reason private keys and passwords have expiration times in any company with half a brain.
>I assure you that companies which are big enough to be targetted do not have any reason to admit in public that they were victims of this exploit because they would also admit indirectly that they did not behave diligently. You're thinking too highly of these big companies. Big companies literally don't give a rats ass about what public think. They know public is too lazy and stupid to use the alternative. Give a single instance where some big company got hacked because of shitty security and public moved away from them. Google could come out tomorrow saying we sell your data to govts for profit and public won't give a shit.
Luis Phillips
>not a SINGLE Spectre and/or Meltdown based malware has been developed As if an inteltard from Jow Forums would know about them. If you did some research you'd know that they exist.
Dylan Nelson
Provide a source or kys.
Benjamin Harris
butthurt much
Jack Hall
Give me money then
Connor Barnes
Go beg for money on your shitting street, AMD poorfag pajeet.
Lincoln Martin
Sorces are irelevant on Jow Forums -headcanon
Xavier Gomez
Imagine being so retarded to think that you deserve to be given a paid exploit. Imagine being too stupid to make an exploit yourself when there's a fuck ton of resources on how to do it. Let OP first prove literally any of his claims, which he didn't.
Charles Wilson
Of course you don't have to prove what you say if you don't want, but don't get angry if people does not take you seriously.
Caleb Martinez
Google it and you'll find no one has found any malware based on these attacks. You know, the companies whose day job is finding these things. Here's just one from a quick google search:
>letting yourself get infected as time goes on >fixing infected shit rather than protecting beforehand why use condoms when u can just use the morning after pill / inject the dick?
Isaac Price
>Google could come out tomorrow saying we sell your data to govts for profit and public won't give a shit. They're buyers. They sell the service of manipulation using that data.