One unpleasant effect of MDS is that old Intel-based machines (ones with CPUs that will not get microcode updates) are now effectively useless to us, unlike before, because it's been decided that the security risks are too high for almost everything we use machines for.
If Intel releases all of the MDS microcode updates they've promised to do (sometime), this will have only a small impact on our available servers. If they decide not to update some older CPUs they're currently promising updates for, we could lose a significant number of servers.
Honestly I am really glad about all the vulnerabilities. I have no more excuses not to buy a ZEN 2 R7 or R9 once they release and hopefully some of the old shit still kicking in the wild will have to get replaced but that's just wishful thinking. So prepare for another few massive dataleaks because some retard left an Pentium 2 running XP on the network with RDP exposed to the web.
Sebastian Allen
>In general we are not very happy with Intel right now, and we are starting to deploy AMD-based machines where we can. I would be happy if someone started offering decent basic 1U or 2U AMD-based servers at competitive prices. Bankrupt and finished. Hope you guys enjoy your intel shill money while they still can pay you niggers.
Jacob Diaz
C2D master race not affected by MDS
Andrew Hill
they are, just not patched.
Camden Davis
pozzed
Angel Bailey
False. I ran the MDS tool on my C2D and it says it is not affected. mdsattacks.com/ This is a hyperthreading vulnerability. C2D design is derived from the P6 architecture and does not have hyperthreading, and is therefore not vulnerable. Please educate yourself before posting, thanks.
Zachary Johnson
>anything older than sandy bridge
Datacenters don't care about that, because they will have upgraded a long time ago. Sandy bridge and up was a massive increase in power efficiency, and that matters more than the one-time cost of buying a new CPU when the CPU is running all the time.
Christian Hughes
In a DC a server is only as good as it's support lifetime. Once that's gone that server might as well be a brick.
Nothing useful or critical should run on servers that old unless it's a dime operation.
Chase Cruz
>MDS tool Aka a useless tool. You don't need HT to be vulnerable. Even the 9700K needs microcode update and OS update to be secure. HT only aggravates the vulnerability
You should use the powershell get-speculationcontrolsettings instead rart. The MDS tool even shows Ryzen vulnerable in some shit when they are not.
Anthony Butler
>Aka a useless tool. Literally a tool made by the researchers who found the exploit. Fuck off you brain dead retard. I post actual evidence here and architecture specs, and you just post empty words. Next time, try to make an argument that doesn't look like a 5 yo wrote it.
Joseph Cruz
Output from mdstool.bin:
Micro-architectural Data Sampling: * Line Fill Buffers (MFBDS): Not Affected * Store Buffers (MSBDS): Not Affected * Load Ports (MLPDS): Not Affected * Uncached Memory (MDSUM): Not Affected * SMT: Unaffected * MD_CLEAR: Not Required
Isaac Rodriguez
>Even the 9700K needs microcode update yeah that's because it still has HT physically on the chip even if it's not active
Henry Flores
>get-speculationcontrolsettings wtf is this shit? I don't use winblows OS
My Core Duo T2400 and my Core 2 Duo T8100 show up as vulnerable to MDS according to a patched Linux kernel Then just cat /sys/devices/system/cpu/vulnerabilities/*
Noah Wright
Everything in the microcode update guidance pdf is vulnerable, including those that is not getting patches
You're lying. My P8700 and E8500 says NOT VULNERABLE according to the MDS tool running the latest kernel (5.1.9). Not that it matters as this is an issue with HT which C2D DOES NOT HAVE. Get that through your thick skull.
Cope harder faggots
Andrew Howard
good taste in blogs OP
if he needs someone to take that 512GB Westmere machine off his hands I'd volunteer
Easton Ward
>c-cope harder faggots Love your tears so much, stay pozzed faggot.
Both are on the Debian stable backport kernel Linux 4.19.0-0.bpo.5-686-pae #1 SMP Debian 4.19.37-3~bpo9+1 (2019-05-18) i686 GNU/Linux
Benjamin Russell
look asshole, I'm gonna trust the people who DISCOVERED THIS VULNERABILITY and their detection program, not some random summerfag
William Bennett
CORETARD BTFOREVER
Daniel Williams
Has there been any proof that Spectre, Meltdown, Zombieload, etc. have actually caused anyone's system to be compromised? Because all these bugs just seem very.. esoteric.. so to speak.
Thomas Bailey
see now fuck off child
Jack Rodriguez
Say that to the Linux people, I didn't made any changes to my kernel btw, people are ditching all pre-Sandy Bridge Intel machines since there's no mitigation for MDS without microcode fixes yet, hope they get to it or all my C2D and older Intlel machines will be relegated to shitposting and BOINC boxes, and they only do shitposting decently and I already have enough shitposting boxes pic related, the second line it's MDS, the other vulnerable one it's spec_store_bypass, this is the output of cat /sys/devices/system/cpu/vulnerabilities/*, the T2400 lacks the spec_store_bypass but everything else it's the sam
No, PTI and retpoline fix these exploits. Just a bunch of neckbeards in this thread who want to having pissing contest over nothing.
Noah Evans
finaly they gonna upgrade to ay em dee
Brayden Bailey
Refer to Table 1 mdsattacks.com/files/ridl.pdf Notice how everything stops at Nehelem? C2D are not affected by MDS, period.
Blake Nguyen
They have been found in the wild but I seriously doubt they can work around machines with mitigations, however there's plenty of machines without mitigations for some vulnerabilities like the ones maintained by the IT department in the OP >searchsecurity.techtarget.com/news/252434342/Meltdown-and-Spectre-malware-discovered-in-the-wild Go and post that on LKML, come back with results do it faggot, or are you too new for LKML? stop projecting summerfaggot
Cameron Howard
>buying only one brand >turns out said brand has a big flaw well i guess that's their fault for being retarded now they will also buy AMD servers
Aiden Gonzalez
Like I'm going to listen to someone whose name is German for "the rat"
The vulnerability isn't an HT vulnerability, however HT makes it way easier to exploit, iirc even the researchers found this out
Parker Johnson
Say for the sake of argument you're right, the authors of the MDS vulnerabilities clearly state in both papers that disabling HT is the only effective mitigation. C2D doesn't have HT so in reality they are fully mitigated.
Tell that to the kernel maintainers, you should know that the original paper its outdated now
Brody Green
>outdated now wtf they just released those papers a month ago. No HT = fully mitigated. Even better than the garbage CPU's released in recent years because there's no HT even in the silicon.
Leo Russell
The research on this vulns moves stupid fast once they become public >No HT = fully mitigated Not according to the Linux maintainers >Even better than the garbage CPU's released in recent years because there's no HT even in the silicon. Not according to the Linux maintainers
If you can prove CPUs without HT are unaffected by MDS go and open a bug to remove the clear CPU buffers mitigation from all the CPUs that lack HT
Daniel Morris
Adding clear CPU buffer is fine for extra measure, but it's not a big deal for C2D because not having HT means they are already mitigated from MDS, which is what their tool shows as well. Not to mention both Chromium and FF browsers are mitigating as well with strict site isolation. This shit is the least of my worries. Whenever C2D becomes too dated to use in the 2020's, I'll switch to Talos II or something, until then, I feel perfectly secure with my Coreboot C2D system that has no ME.
Landon Perry
>tfw you went i5 specifically to avoid HT because you fucking knew something like this would happen, but it has the ht flag anyway
I think i5 has HT physically on the silicon, it's just shut off. Like an i5 is just an i7 with no HT
Xavier Russell
>Adding clear CPU buffer is fine for extra measure there's absolutely no need for this if >not a big deal for C2D because not having HT means they are already mitigated from MDS it's true
But it's there, which means either the kernel maintainers are lying or the researchers didn't found out how to exploit MDS without HT
Friendly reminder: If you're still on Windows 7, Microsoft does not provide processor microcode updates after 2015. In order to run updated microcode on your chip you must obtain a custom modded BIOS or use a third party microcode update driver like the one from vmware.
Jackson Ross
if you're running windows on a system where security is of top importance you've already fucked up, before any of these fancy processor exploits got involved.
Oliver Clark
There could easily be a lot of confusion about which ones are and are not effected, even by the kernel devs. All the published reports cite the researchers as saying "processors made after 2008" which corresponds exactly with Nehelem which introduced HT into the Core chips.
