https://techcrunch.com/2018/01/22/li...utter-garbage/


Apologies for an off-site link, but it was the first i came across when trying to figure out just what this Spectre/Meltdown means to my old machines running Slackware (its all I really use - other than an android phone) and what it affects and what I can do.

I'm taking the line of c'est la vie at the moment until the 'community' gathers itself with something I can easily follow :-) (tired mind and all).

There is a lot opinion out there that's for sure.

Honestly, Linus is such a drama queen that it's hard for me to take his over-the-top criticisms seriously. I'm sure there is some level of truth to them, but I don't know what that level is.

Sometimes it is just necessary to blast companies especially when they dropped the ball in such an incompetent way.


Lt. Col. Charles R. Codman: "You know General, sometimes the men don't know when you're acting."

General Patton: "It's not important for them to know. It's only important for me to know."

Cheers

P.S. For us in the peanut gallery...

http://lkml.iu.edu/hypermail/linux/k...1.2/05282.html

2 members found this post helpful.

I rather appreciate that he doesn't hold back and says what he means. That level of honesty is far too rare.

18 members found this post helpful.

I went over a few messages in that thread. There was a small misunderstanding on Linus's part in the beginning, contributing to his anger, but there now seems to be an agreement that the patches proposed by Linux developers would be vastly superior to those of Intel's, and that Intel does not seem to handle this issue as responsibly as it should.

Then of course from far away one can also hear the rant by grsecurity, claiming that the Linux patches are flawed as well (... and that basically they are the only ones to have developed (long ago) the correct code to mitigate these attacks...).

3 members found this post helpful.

The biggest warning against intel is that they sold their latest cpu generation which is affected while fully knowing this. Really the only good solution is that intel releases all their hardware specs from the last 20 years into the public domain so that they can be properly audited.

The grsecurity rant is also self sabotaged by the fact that they don't publicly share their code. If they want people to take them seriously they should show us what they have...

6 members found this post helpful.

I totally agree. And it's not like he is blasting newbs who don't know better. He is blasting seasoned developers who have done substantial work with the kernel and really should know better... especially when it is coming from the company who designed everything (and not some reverse engineered code).

From my (albiet limited) understanding of this, it isn't something simple to fix. It will take a redesign of their CPUs. So it is likely that the next few generations, which are already being developed and might be too far along to easily fix, will continue to be affected by this. Intel might've created a far worse PR incident had they delayed selling Coffee Lake processors until they were ready to announce the vulnerabilities.

For example, AMD started working on the "Zen" architecture back in something like August of 2012 and didn't have a release until January 2017, taking 4.5 years for development. It could still be 3-4 years until we CPUs that are no longer affected by these vulnerabilities.

2 members found this post helpful.

Don't get me wrong, I like that as well. I'm just not sure how much of what he says is objectively true vs exaggeration. I would prefer a more cool-headed explanation of the issue, but of course, I am not the intended audience.

I don't know if they share the code with their customers (even if they don't, their kernels can be tested against the attacks to see if they are resistant). There could be some self-advertising there, but they certainly have some reputation in those circles, perhaps some attitude problems as well (like Linus himself ).

Only meltdown not spectre.
Proof
https://www.linuxquestions.org/quest...ml#post5808674


MAybe but the fact is they do it publicly for 20 years /Sadly this is the end./and they were exposed to the criticism of the Linus who is not an expert about security at all.
Ironically.
This did not prevent the kernel maintainers to copy and paste /instead of creating a better than criticized one, the only reason was that it was effective/ part of the code and giving "kosher certificate" by Linus .

The link you provide has information that the grsec kernel is resistant to Meltdown. But I couldn't see where it is *proven* that their kernel is vulnerable to Spectre. The claims I referred to were from their Twitter posts (iirc). But I can't claim that I read every bit of their statements very carefully.

I said not spectre.

This PoC works on 4.9.25-grsec.

https://github.com/crozone/SpectrePoC

Maybe new closed source prevent from it but I do not know.
I am not beneficient of their paid patch.

I get that it may not be necessarily easy, but the bottom line is that they knew about the vulnerabilities and continued selling faulty products to uninformed customers. Personally that really does not sit well with me and if they're willing to abuse trust so easily I wonder what else they haven't told us yet?

1 members found this post helpful.

I mean, in that aspect, all CPU manufacturers that have vulnerable products are in the same boat since they were notified of these vulnerabilities back in June and continued selling their products without notifying the public...

Yes, you're right about that, but I've also been told that amd is only vulnerable to spectre because they followed intel's spec out of compatibility? I did not try to verify if this was true.