Linus tells it like it is... for my confession, I am totally 'lost' on the Spectre/Meltdown shambles
SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
When you buy an ARM processor, you expect to buy an ARM processor and you buy an ARM processor for real.
When you buy a MIPS processor, you expect to buy a MIPS processor and you buy a MIPS processor for real.
When you buy a modern x86 processor, you expect to buy an x86 processor, BUT you buy a RISC processor for real, with a shiny hardware emulation of the x86 platform.
This weekend I participated to a conference, and one of the speakers presented his opinion that any modern x86 CPU is terrible wrong by design and "they" sell us sh*t since 20 years ago.
You know what should be "a modern x86 CPU" for real, as the hardware engineers agree in private?
Imagine the flagship being something containing 4096 cores of a 64-bit enabled i586, running somewhere at 2GHz.
Last edited by Darth Vader; 01-23-2018 at 03:15 PM.
Do Spectre or Meltdown require physical access to a device in order to exploit it? In this case, I wouldn't worry much, as I have a vicious guard wife. Or, are there ways of using these exploits over a network--definitely more cause for alarm.
It seems that network exploits are conceivable:
Quote:
While network-based attacks are conceivable, situations
where an attacker can run code on the same CPU as
the victim pose the primary risk.
Let's put straight: it is about anything which can be loaded/downloaded from a remote, then executed in your own computer.
Not limited to, but mainly that could be some javascript from a malicious website, some "innocent" browser extension, or even the usual suspect: a vicious Flash.
BTW, Meltdown is also named with affection: root-o-matic via browser.
Last edited by Darth Vader; 01-23-2018 at 03:35 PM.
Yes, you're right about that, but I've also been told that amd is only vulnerable to spectre because they followed intel's spec out of compatibility? I did not try to verify if this was true.
That is true, but AMD was still notified of the Spectre vulnerability back in June, so they've been selling affected products since then without notifying the public. Intel has done the same, but they're affected by both Spectre and Meltdown.
From my interpretation of it Linus is quite right to be annoyed.
*car analogy*
Intel want to continue shipping cars with known safety problems, there are fixes, traction control, electronic stability control, anti-lock brakes etc etc.
But switching all those on would mean their cars would no longer be the fastest in the land and fuel economy would suffer too.
Their solution is to ship the cars with all that switched off and ask you instead, if you care about your safety, remember to press that green button when you start your car.
*/car analogy*
What court in any land would hold that that is a responsible approach?
Safety defaulting to on is simple common sense
Intel appear to be trying to shift the responsibility for the performance impact onto the OS.
That is true, but AMD was still notified of the Spectre vulnerability back in June, so they've been selling affected products since then without notifying the public. Intel has done the same, but they're affected by both Spectre and Meltdown.
Agreed, there is lot to be disappointed with how this was handled by hardware companies. Again, I think the specs should be made public domain to help mitigate this from happening again. The more people that can view them the more likely issues can be found and solved, I do not trust the hardware companies to inform the public of their shortcomings.
Distribution: Slackware/Salix while testing others
Posts: 1,718
Rep:
not to be too tin foil hat about this, but I oddly remember something about 4 years ago or so about chip makers putting backdoors in compliments of three letter US agencies....perhaps just perhaps this was done for that reason or perhaps they have so many intentional holes that this is just one of many....
I'll have to point this out.
I think that anyone with such high level skill in kernel should have seen this problem long ago. Willing to bet he in fact wrote code on this issue as part of a feature.
Distribution: Slackware/Salix while testing others
Posts: 1,718
Rep:
Quote:
Originally Posted by jefro
I'll have to point this out.
I think that anyone with such high level skill in kernel should have seen this problem long ago. Willing to bet he in fact wrote code on this issue as part of a feature.
you really think its a case of CYOA (for non military "cover your own a*s")?
I think computers are inherently insecure, software has imperfections, and so these things should not be given features and put into places where they aren't necessarily needed: https://www.forbes.com/sites/andygre.../#136a3496228c
As for the places that are needed, I think its time for open source hardware!
Definitely not an expert. I tend to side with Linus Torvalds, he is an expert. His non PC "the patches are COMPLETE AND UTTER GARBAGE" resinates with me. To the point, I like that. I think this Spectre/Meltdown mess is a lot of gloom and doom posturing.
There have been many gloom and doom events over the past few years, not a single one of them has affected me. So I'm not about to hit the panic button. In fact I am quite amused over the hub-a-bub over this. I will upgrade my kernel as I always do, but I am in no rush to buy new gear. Heck, I still have a P4 machine running Widows XP I am not loosing sleep over this and I simply trust Patrick Volkerding and Linux Torvaids to do the right things. If the right things require new gear, well I guess I just live with that fact. I seriously doubt I will be affected by this latest threat anyway.
Last edited by chrisretusn; 01-26-2018 at 04:37 AM.
Reason: Can't spell, double words
Distribution: Slackware64-current with "True Multilib" and KDE4Town.
Posts: 9,097
Rep:
Quote:
Originally Posted by hua
Actually, this should be illegal. Should be classified as "insider trading" ...
It is illegal. No doubt about it. If he isn't prosecuted it is because the system has become completely corrupted. Look at what happened to the bankers responsible for the 2007/8 financial disaster, nothing.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.