[a / b / c / d / e / f / g / gif / h / hr / k / m / o / p / r / s / t / u / v / vg / vr / w / wg] [i / ic] [r9k / s4s / vip / qa] [cm / hm / lgbt / y] [3 / aco / adv / an / asp / bant / biz / cgl / ck / co / diy / fa / fit / gd / hc / his / int / jp / lit / mlp / mu / n / news / out / po / pol / qst / sci / soc / sp / tg / toy / trv / tv / vp / wsg / wsr / x] [Settings] [Search] [Home]
Board
Settings Home
/g/ - Technology



Thread archived.
You cannot reply anymore.



File: intel.png (35 KB, 512x512)
35 KB
35 KB PNG
IT'S HAPPENING!!!

NEW INTEL CPU BUG THAT AFFECTS PRETTY MUCH ALL CRYPTOGRAPHIC APPLICATIONS:
http://www.openwall.com/lists/oss-security/2018/06/13/7

This affects FPU context switching, which now needs to be completely cleared because of state leaking!!

Intelfags on suicide watch, again.
>>
File: 1514364484816.png (196 KB, 807x745)
196 KB
196 KB PNG
>>66337785
IT ISN'T REAL
>>
>using non-standard architecture with decades old hardware is the best form of security in 2018
Feelsgood
>>
I don't think this can be fixed at microcode level. The software patch will probably have a significant impact on performance.

It's amazing that this is happening again and again, what the fuck is going on with Intel engineers?
>>
>>66337785
explain to a retard?
>>
Intel isn't having bad luck. Literally is paying of all their crimes in a cosmic manner.
>>
>>66337785
oohhh...snap...
now this fag
>>66336006
will have to go back to his old faithful AMD.
>>
>>66337822
ppc in da haus?
>>
Hmm. I was planning to pull the trigger on an 8700k when amazon UK finally gets it back in stock. I might wait a little longer and grab a ryzen instead if this has a huge performance impact.

Although I would probably only be convinced to switch if it results in single-core perf being slower than the 2700x.
>>
>>66337842
Likely same as with car engineers. Not incompetence but outside influence.
>>
>>66337844
Hackers and malware can easily steal your encryption keys.
>>
>>66337842
>what the fuck is going on with Intel engineers?
The experienced vets have been fired and all that's left are the guys who are really good at slapping cores on iterated-to-death P6.
>>
>>66337912
No shit, I meant a more in-depth explination
>>
>>66337785
I'll be the one to note that this bug hasn't been officially confirmed, but is rumored to be true. An attempt was made to confirm the vulnerability with Intel, but of course they have been unhelpful about it. So, as a precaution, patches were made to mitigate such a vulnerability.
>>
File: alpha-powered-compressed.png (108 KB, 2637x1800)
108 KB
108 KB PNG
>>66337822
?
>>
>>66337785
something tells me I should be buying amd stocks.
>>
>>66337932
Some algebraic operations needed for cryptography could be leaked between processes, making it trivial to discover private keys and other crypto stuff.
>>
>>66337960
*secret keys (since this affects symmetric-key algos)
>>
>>66337842
>what the fuck is going on with Intel engineers?
They are working on adding shit to P3 arch not to change it, and when you put cheddar cheese in nice new package it still has holes in it.
>>
>>66337977
cheddar doesn't have holes you inbred
>>
>>66337785
this is huge; bump
>>
File: 1528775615249.gif (322 KB, 250x305)
322 KB
322 KB GIF
Yikes
>>
>>66337785
>FPU
>PRETTY MUCH ALL CRYPTOGRAPHIC APPLICATIONS

Wut? How would the floating point unit affect INTEGER based crypto?
>>
>>66338229
Because the FPU is where the AES-NI and XMM registers are, which are used by modern implementations.
>>
>FPU performance is kill
HAHAHAHAHAHHAHAHAHHA
>>
WHY DID I BUY SHITTY INTEL?

I WANT MY MONEY BACK NAO
>>
>>66337914
Thank God. Finish them.
>>
>>66337842
Intelaviv
>>
>>66338229
Keep going... tell us how many cryptographic primitives you know which don't depend on the FPU for sensitive operations.
>>
Holy fuck i just bought a laptop with intel since this is the only trash that they sell in my country now I want to kms
>>
>>66337785
INTLEL IS BURIED AND FINISHED
HOW WILL INLELSHILL EVER RECOVER?

BUG INSIDE(TM)
>>
>>66337785
Wait what, again?
>>
File: 1520683395912.jpg (70 KB, 810x780)
70 KB
70 KB JPG
Still haven't updated, still don't care.
>>
>>66337785
true if big
>>
File: epiccpuusage.png.jpg (63 KB, 1200x566)
63 KB
63 KB JPG
>yet another meltdown
can't wait to see the new benchmarks post patching
>>
>>66338352
50% perf hit on syscalls
you may as well be running a pentium 2 after that.
>>
>>66337936
pillaged and obliterated by intel
>>
>>66337785
What is the chance that AMD is spending money on their R&D to find these exploits in Intel?
Another thing, what does this exploit mean for the average joe? Does that banking info and passwords could be easily stolen from any Intlel machine?
>>
>>66338371
pentium 2s are also affected, anon. If you go with intel it will only get worse. The secondhand market for intelshit will disappear over the next few months
>>
>>66338264
so is AES-NI kill?
>>
>>66338385
yup.
all the way back to pentium pro, and it's "not a backdoor" it's "just a cpu bug"
amd won the x86 war, POWER is the future of big computing.
>>
>Intel Corporation (INTC) revenue since Spectre
>>
>>66338381
50%
>>
>>66338264
Oh.
>>
https://www.youtube.com/watch?v=UaQpvXSa4X8
OY VEY i'ts real
>>
>>66337884
my nigga
I've got a PowerMac G4 laying around. I've got Ryzen on my gaymen box but I should bust it out for school work sometime.
>>
>>66338400
nigga it dead
press B to benis :+DDD
>>
>>66338400
yes
>>
>>66337785
DELID THIS !!!
>>
i hope they dont fix it so i can have fast cpu. i only care if they can hack me REMOTELY.
>>
Anyone got a full article for this new fuckup from intel?
>>
but you need to have a virus installed for the exploit to work, so what's the point?
>>
File: 1510899303951.gif (1.04 MB, 290x189)
1.04 MB
1.04 MB GIF
>>66338352
>actually patching
I told you shits it wasn't worth it anymore. Won't make a lick of difference now other than your lost in preformance.
>>
File: 5732591135.png (84 KB, 653x726)
84 KB
84 KB PNG
>>66338427
>implying I have anything to hide
>>
>>66338478
>install game
>game's drm exploits the bug
>???
>I WAS JUST PRETENDING TO BE RETARDED
>>
>>66338466
No press release from intel yet. I'm sure there will be something released in a few days.
>>
>>66338501
>installing games with DRM
>2018
lel. If it isn't available on GOG, it's probably not worth having.
>>
>>66338522
this class of bug can be exploited from fucking javascript in web pages.
>>
>>66338522
GOG has drm on lots of games now. Just pirate games and buy a t shirt from the studio ig
>>
>>66338459
No public statement yet, just patches being merged and Intel threatening with NDAs people to not make any comment on the issue.
>>
>>66338459
>open web page
>it runs some aes/fp operations
>suddenly your private keys are leaked
very nice
>>
>>66338564
>running javascript
>2018
there's your problem
>>
>>66337822
>TFW not a single ryzen/raven ridge laptop in local stores and online ones dont even deliver to your country. I wanna ditch this Intel "Everyone Inside" garbage.
>>
> employees must flush all cache lines before returning to work
>>
>>66338573
i unironically use this whenever i need to use scripts on one of my websites https://webassembly.org/
>>
>>66338609
webasm is the future we chose
it makes me wish the jvm won
>>
File: 6.png (288 KB, 552x661)
288 KB
288 KB PNG
>>66337785
Delete these lies or I'll have to call CTS Labs again!
>>
File: gollum_angry.jpg (17 KB, 400x300)
17 KB
17 KB JPG
>>66337785
>>
Why can't we just drop all patents on intel so new x86 processors can be made?
>>
>>66337960
What's the easiest vector that can take advantage of this, JS?
>>
>>66338548
>GOG has drm on lots of games now.
Got a source on that? From what I can tell after a quick search, the only titles with DRM are multiplayer ones that require connecting to the publisher's servers.
>>
>>66337960
So does this mean we could and should use the below as a workaround? I assume this leak only occurs during generation.
>disconnect from Internet
>take backup of system
>generate the keys
>copy the keys around via sneakernet
>restore from backup
>>
>>66338681
He may be referring to this https://www.gog.com/galaxy
>>
AMD WON
>AMD WON
AMD WON
>AMD WON
AMD WON
>AMD WON
AMD WON
>AMD WON
AMD WON
>AMD WON
AMD WON
>AMD WON
AMD WON
>AMD WON
AMD WON
>AMD WON
AMD WON
>AMD WON
AMD WON
>AMD WON
AMD WON
>AMD WON
AMD WON
>AMD WON
AMD WON
>AMD WON
AMD WON
>AMD WON
AMD WON
>AMD WON
>>
>>66338703
get the fuck off of my board, you faggots
>>>/v/
>>
File: jfmsu.jpg (230 KB, 1306x929)
230 KB
230 KB JPG
>>66337785
hold up, so its possible to use sse, instead of trap, to accelerate speculative exploits?
HAHAHAHAHAHAHAHA, holy shit.
brian, dont kill yourself over this, man.
>>
>>66337785
Karma is a bitch.
>>
>>66338573
Shut your fuckhole, you retard. Just because you don't understand JS, you're hating.
>>
File: 14c.jpg (17 KB, 207x253)
17 KB
17 KB JPG
>>66338815
http://www.jsfuck.com/
javascript is for niggers. white men use strongly typed languages. if you fuck up the compiler will say so. don't use someone 'not understanding' as an excuse for your shit language that lets you write shit code
>>
>>66338487
Do you run Chrome on ring 0, anon?
>>
>>66338815
i don't just hate js, i hate the w3c and everything it made. the web was a mistake. prove me wrong.

protip: you can't.
>>
>>66338855
grandpa we have typescript
>>
>>66338878
No anon, i run internet exploder in ring -3
>>
>>66338885
so your language is so shit you use another to transpile to it?
talk about convoluted hackjobs.
>>
>>66338815
>t. JavaScript "developer"
looks like you'll have to find a new job at McDonald's, JavaScript is on the way out now
Should've been replaced 15 years ago desu
>>
>>66338543
source: my ass
Kill yourself
>>
>2018
>using computers
>>
>>66338953
technology was a mistake
take the Kaczynski pill
>>
>>66338913
>le i dont know the purpose of javascript on the web so im gonna keep acting like a retard
it was always supposed to be easy for newcomers, of course the price has to be paid for that
>>
>tfw my self-rolled crypto is safe
>>
>>66338990
It was actually a series of failed abortions and they just kept running with it thinking that somebody else would fix it (no one did)
>>
>>66338289
>i5 8400 is cheaper than r5 2600
i guess i'm getting a r5
>>
>>66337785
Intel caught again providing vulnerabilities to be exploited.

At this point we should all assume that all major platforms have been backdoors or otherwise bugged since 911.
>>
>>66338990
javascript is a language made in 10 days that was supposed to be like lisp, turned out to have some interesting useful properties with scope. the problem is the javascript ecosystem all the way down. too many levels of abstraction just to make a page run. it's a bad language through and through.
>>
>>66339027

You mean 1995, right?
>>
What should this security breach be named?
I vote for:
> Intelfall
>>
>>66339007
AES BTFO by chacha20+poly1305
DJB CRYPTO MASTER RACE
>>
>>66339054
The secret laws requiring backdoors weren’t passed until after 911. Before that they had willing partners such as MS.
>>
>>66338683
Keys are stored in memory when reading / writing encrypted data. So a malicious process could potentially steal the information at that time. This vulnerability does not reduce the cryptographic strength of AES / etc.; it's just a side-channel attack.
>>
File: Amada.jpg (107 KB, 964x960)
107 KB
107 KB JPG
So how is Intel going to counter this time? Another bogus website with more actors and default backgrounds talking about how/why AMD is still inferior?

How long do you think until the current Intel CEO is told to step down or is just outright assassinated?
>>
>>66339027
You mean 10,000 BC right?
>>
>>66337936
I don't feel so good, x86.
>>
>>66337822
Indeed.
>>
Those Talos workstations are looking pretty good right now
>>
>>66338882
Than don't use it. Close your browser, dipshit.
>>
>>66337954
I went long on AMD a few months ago. I’m holding until the 7nm server chips drop at a minimum. Intel won’t have shit for awhile. So far over 30% gains.
>>
>>66338925
>Being that delusional
JS jobs are in every corner, in which world do you live?
>>
>>66339165
>Than
>>
>>66338815
I like and use JavaScript pretty regularly.
It's still fucking shit as well as the management of it on the browser side of things.

The language needs to be sandboxed from itself and the OS much harder than it barely is now.
Third party sites need to be given, by default, a restricted subset of JS unless the user gives them full permission.
I'm speaking simple DOM manipulation, basic maths, basic network, none of the advanced shit.
This would fix SO MANY of the problems with JS alone.
>>
File: 1494356435910.png (162 KB, 633x900)
162 KB
162 KB PNG
>>66337785
NO NO!!!

we just had a 10nm release

please Intel bros is there still hope?
>>
>>66339178
For now :^)
>>
>>66339181
Not everyone is an americuck. I live in a non-idiot country.
>>
>>66339197
And what non-idiot country do you hail from where they don't have propper English Grammar? ESL go away
>>
>>66339197
>it's ok for me to be stupid
You're no better than the americuck you hate so much
>>
>openwall
Literal who?
This looks like bullshit.

Spreading FUD like always.
I'll be waiting for a official CVE report.
>>
>>66337842
>fixed at microcode level
You fucking idiot. Stop using words you don't understand. Why do you think that'd be relevant?
How would they patch the decoder to guard in the case of switching? It's fucking absurd.
>>
>>66339205
>Thinks every country hast English as the Official language
Kys
>>
>>66339219
>>openwall
>Literal who?
get off this board you loser
>>
>>66339235
What part of ESL go away did you not get? Do you also think that English is America's "official langauge"? Also learn to proofread mate takes like 2 seconds tops.
>>
>>66337785
https://svnweb.freebsd.org/base?view=revision&revision=335072
>>
>>66339217
How is it stupid to misspell one letter in a language which is not my mother tongue, you moron.
>>
>>66339226
How would you go about fixing this, I can't think of anything other than encrypting the encryption key which is retarded and still wouldn't change anything
Looks like you just can't use encryption anymore boys, think of how long the NSA has known of this "bug" and have been exploiting it
>>
>>66339285
Stop trying to act super hard when you can't even spell correctly, nigger
>>
>>66339058
>using non-extended salsa/salsa variants
>>
>>66337785
>bug
>>
>>66339256
>What part of ESL go away did you not get?
>Thinks everyone know americuck abbreviations
>>
>>66339302
Oh ok, didn't know you have to pass a grammar test in a foreign language to be hard
>>
>>66339114
>This vulnerability does not reduce the cryptographic strength of AES / etc.; it's just a side-channel attack.
Almost all attacks on crypto are side-channel attacks because of bugs in implementations. It's almost never the algorithm itself.
>>
>>66337785
Theo already discussed this bug 5 days ago slowpoke
https://youtu.be/UaQpvXSa4X8
This time the bug seems relatively inexpensive to patch but a loss of trust in Intel (again) will be fun to watch (again).
NDA expires on August first
>>
File: 1508133547195.jpg (832 KB, 3264x1836)
832 KB
832 KB JPG
>>66339318
>be me
>third world germanian
>post on 4chan cause it's what the cool kids do
>get torched for being ESL
>a-americuck!
>gestapo is on the way for insulting the fetishes of the sultan
Poetry
>>
>amd retards spreading fake bugs
>>
>>66339331
Tu Madre es una puta panzon
>>
File: 1528222249083.png (1.05 MB, 1196x676)
1.05 MB
1.05 MB PNG
>>66339371
>>
Lol my amd stocks just keep going up
>>
>>66339371
According to Theo, Amazon rebooted AWS and Google rebooted all their clusters for nothing right.........?
>>
File: 1481002105061.jpg (18 KB, 432x118)
18 KB
18 KB JPG
>>
File: 1528139660631.gif (1001 KB, 640x480)
1001 KB
1001 KB GIF
>>66338428
>mfw got a Power Mac G5 for free

To bad it'll only run up until Leopard. Secure CPU and insecure as fuck OS.
>>
>>66339370
I think I can end the conversation here. You can go back to school tomorrow and the school shooter dioes the rest. Classic americuckness.
>>
>>66339417
Funny how I can tell you're just SEETHING, so much autistic rage, you should really see a psychiatrist
>>
>>66337785
>just bought a 7900x

Only a few months till i can switch to secure cascade lake cpus.
>>
>>66339371
>stop talking about it
are you that screeching autist from the other days bsd conf?
>>
File: rocky_squirrel.png (258 KB, 474x356)
258 KB
258 KB PNG
>>66337785
>Intelfags on suicide watch, again.
Again?
>>
>>66339371
because intel's elite security consultants don't fabricate fake bugs ever :^)
>>
File: botnet.jpg (24 KB, 320x238)
24 KB
24 KB JPG
>>66338815
Assblasted webshit detected.
>>
Yeaaaaaaaaaah, I'm not seeing this on big sites like ars and pcgamer, probably bullshit again
>>
>>66339458
>t. Says the americuck who lives in a country where evry third person is on prescribed drugs
>>
>>66339553
Low IQ individual
>>
>>66339562
Yeah those people are called "liberals", they vote for the blue party with the horsey on it. The more you know.
>>
>>66339407
It's just called the American Language now actually. We defeated the British and took the language. Considering the size of their military, I don't think they'll get it back anytime soon. In fact, Arabic is now becoming the main British language now. God save the Queen!
>>
>>66339553
>I'm not seeing highly technical info on normalfag news tabloids

No shit you fucking /v/ermin, the protosexual manyhorns on those sites need some time to make the news digestible to the otherkin that read their filth.
>>
>>66337785

Fuck YES!

Will I witness Intel going down in my lifetime or will they just get away cheating their way out as usual?
>>
>>66339553
This fucking post, holy shit
>>
File: 0000000002.jpg (123 KB, 638x599)
123 KB
123 KB JPG
>>66339562
>Theo
>"The AMD cache architecture avoid this problem largely"

Mostly about spectre but still good lol
>>
>>66338409
>up 13.68%
I'm sure they're quaking in their boots over making more money.
>>
>>66339591
No, it will never happen, that have 10x the market cap of AMD, it would take governments to bring them down
>>
>>66339607
B-but their share is sliding I swear!
>>
>>66339553
Literally top submission all this morning on Hacker News (and #4 right now).
>>
>>66339514
Hi, rebbit!
>>
>>66338427
WOW that Intel guy yelling at Theo de Raadt to stop talking about these CPU """""""bugs""""""" at 19:30!!!!

Seriously makes me fucking worried about all this shit, what the hell are they hiding??
>>
>>66338815
>>66339370
LOL
>>
>>66339256
>spelled proper as propper
>learn to proofread mate
>>
>>66338381
No. Unlike meltdown, this doesnt give malicious attackers access to other programs’ data, and unlike spectre, this doesn’t load sensitive and private data...

It opens the door for other attacks. If you send data over encryption that data is now in plain intelligible English because they have the keys, but by itself it’s not quite as catastrophic for leaking sensitive information.
>>
>>66339751
Got me, he didn't notice it though. too busy being buttravaged
>>
>>66339804
Intel is still the best at sucking. The only reason their performance was better than AMD's is because they took these shortcuts that bite them in their ass now.
>>
>>66339168
Amd gains are sweet
>>
>>66339832
These weren't shortcuts, but backdoors that the NSA had them include
>>
>>66339832
>""""""""""shortcuts""""""""""
>>
File: sleep.jpg (94 KB, 1603x1136)
94 KB
94 KB JPG
Intel is fucking up in biblical proportions.

God damn this is overdue.

I just happened to be shopping for a 2600x as we speak.

Fuck you Intel.
>>
>>66339812
I focus on the topic, instead of playing the english teacher
>>
>>66337785
jfc as if the branch prediction exploits weren't enough. How the fuck are intel engineers this incompetent? It's almost like they do it on purpose.
>>
File: intel.png (1.04 MB, 841x842)
1.04 MB
1.04 MB PNG
>>66337785
F
>>
>>66339993
>the topic
>Intel vs AMD
>not what's killing this board
Anyone who posts a wojak deserves death
>>
DELID THIS
>>
>>66339993

*English.

minus 3 pts for lack of capitalization.
>>
File: oh_oh_more_poo_poo.jpg (31 KB, 800x287)
31 KB
31 KB JPG
POO POO UPGRADE IN PROGRESS
>>
>>66339778
>it’s not quite as catastrophic for leaking sensitive information.
imagine if you had a server farm where your clients had to do password hashing for the web clients trying to log in. now imagine that server farm has to share hardware resources for multiple clients to be able to serve all. and all it takes is one rogue client to acquire plain text passwords (and hashing stages in between) from the other clients. congratulations, you just put yourself in amazons shoes
>>
>>66340015
Hmm you may be on to something
>>
>>66337785
>3) post-Spectre rumors suggest that the %cr0 TS flag might not block
speculation, permitting leaking of information about FPU state
(AES keys?) across protection boundaries.
>>
>>66340015
At this point you should consider any processor after Pentium III completely backdoored, and this shit will only get worse.

Security is dead: 10nm multilayered ICs are virtually impossible to RI.
>>
File: file.png (1.1 MB, 1680x1050)
1.1 MB
1.1 MB PNG
>>66339778
>nullifying encryption is not catastrophic for sensitive information
hmm
>>
File: T. FAGGOT.jpg (13 KB, 320x26)
13 KB
13 KB JPG
>>66338093
oh look it's the anon who signs all of his posts and breaks global rule 13 on a regular basis. Remember snowflake, this isn't reddit. The format here is anonymous.
>>
>>66340116
>>66340131
Nice double post, phone poster kun
>>
>>66340116
That's not what "no signatures" is about.

Posted from my iPhone.
just tryna make a change... :\
>>
>rumored
>potential problem
>onyl mention of any crypto is "AES keys?"
>>
File: 1499437262577.png (463 KB, 1070x601)
463 KB
463 KB PNG
>>66339396
>tfw didn't fall for the "buy amd stock at $2" meme
>>
>>66340144
>not a phone poster
>not identical posts
There called sentences. They're composed of words. You read them left to right, using your eyes.
>>
>>66340156
There's patches already in Open BSD and DragonflyBSD, and the OpenWall guys are confirming they are under a embargo
It's real
>>
cant a mod clear up the offtopic esl shitposting white noise going on? too tired for hiding
thank you for your time
>>
File: 1524410811512.jpg (140 KB, 1038x1000)
140 KB
140 KB JPG
>>66337785
How many hardware vulnerabilities do Intel processors have now? 15? rofl
>>
>>66340147
your little t.

on every post is your signature

what other relevance does it have? or what syntax does is it related to?
>>
>>66340180
How are they not identical posts?
>>
File: 1491624720875.jpg (46 KB, 596x628)
46 KB
46 KB JPG
It sure is summer in here.
>>
>>66340218
>1 word difference
Kill yourself phone poster scum
>>
>>66340198

>FX
>>
>>66340229
>shitposting when it's cold
fucking newfags I hate Reddit
>shitpostig when it's warm
Fucking summer REee
Never gets old
>>
OH NONONONONONONO!

Is there any impact on performance like Meltdown and Spectre?
>>
>>66340218
Not a phone poster

Dell E6520
>>
>>66340180
The OpenBSD and DragonflyBSD posts is what I'm quoting.

Idk who "Logan" is but I assumed the embargo comment was directed at intel rather then saying he or openwall are under embargo.
>>
>>66340231
see
>>66340259
>>
>>66338703
I'd believe it if there was a game you could download only with galaxy. Not doubting you (or whoever made the claim >>66338548) but put your money where your mouth is.
>>
File: T. FAGGOT.jpg (13 KB, 320x26)
13 KB
13 KB JPG
>>66340275
oh look it's the anon who signs all of his posts and breaks global rule 13 on a regular basis. Remember snowflake, this isn't reddit. The format here is anonymous.
>>
File: smileboi pepe.gif (507 KB, 172x172)
507 KB
507 KB GIF
>>66338594
literally everyone is "inside" your shit with intel
>>
File: image.jpg (1.23 MB, 1600x1600)
1.23 MB
1.23 MB JPG
h e
s a i d
s o n
c a n
y o u
p l a y
m e
a
m e m o r y

i ' m
n o t
r e a l l y
s u r e
h o w
i t
g o e s

b u t
i t ' s
s a d
a n d
i t ' s
s w e e t
a n d
i
k n e w
i t
c o m p l e t e

w h e n
i
w o r e
a
y o u n g e r
m a n ' s
c l o t h e s
>>
It looks like FreeBSD is merging a temporary fix:
https://svnweb.freebsd.org/base?view=revision&revision=335072

Not sure how bad the performance impact will be...
>>
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html
>>
>>66340048
ok this gave me keks
>>
>>66340378
SHIIIIIIIIIIIIIEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEET

IT'S FUCKING REAL
>>
>>66337785
Only an issue if your CPU uses AES-NI
>>
File: 52838599.gif (189 KB, 670x473)
189 KB
189 KB GIF
>>66340378
>>
>>66340400
so pretty much every chip made in the last 8 years?
>>
>>66340378
>Acknowledgements:
>Intel would like to thank Julian Stecklina from Amazon Germany, Thomas Prescher from Cyberus Technology GmbHfor, and Zdenek Sojka from SYSGO AG for reporting this issue and working with us on coordinated disclosure.
S E E T H I N G

Based Theo got them upset as fuck.
>>
>>66340378
>Affected Products:

>Intel® Core-based microprocessors.

Does this mean Xeons as well? I mean, all Core i3, i5, i7 and i9 is huge already kek

good riddance, Brian Cucknizch
>>
File: <<[ : ) ]>>.gif (27 KB, 200x200)
27 KB
27 KB GIF
>>66340378
ids habbening
>>
>>66340479
depends on the architecture. you can find the list here https://en.wikipedia.org/wiki/AES_instruction_set
>>
>>66338522
> it's probably not worth having.

Fuck you I want to play Planet Coaster and Yakuza
>>
There is only a single, core reason to use until anymore.
>>
File: 6ftrh.jpg (86 KB, 861x705)
86 KB
86 KB JPG
It's been a great week for Intel.
>>
>>66340378
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3665
http://seclists.org/oss-sec/2018/q2/189
https://www.mail-archive.com/svn-src-all@freebsd.org/msg164745.html

This will be a fucking long night...
>>
>>66340400
good thing enterprise and government computers aren't using encryption then

dumbnut
>>
>>66340545
ESL's are really coming out in force today
>>
File: 127.jpg (912 B, 124x103)
912 B
912 B JPG
\
>the rumored Intel FP issue

hmmmmm
>>
IMPORTANT QUESTION REGARDING ALL OF THIS:

is AMD affected?

Yes/No?
>>
>>66340581
> [...] other manufacturers (AMD) are not known to be affected.
http://seclists.org/oss-sec/2018/q2/189

so probably not
>>
>>66340581
>Only Intel Core based processors (from at least Nehalem onwards) are potentially affected.
>Other processor designs (Intel Atom/Knights range), and other manufacturers (AMD) are not known to be affected.
>>
I need a new CPU and I'm getting an Intel one because every x86 chip is fucked regardless. I'll stop being apathetic when RISC-V is practical.
>>
>>66340559
Just pretend nothing happened :^)
If your boss comes down on you tell him you should substitute those Xeons with Epycs
>>
>Modern versions of Linux – from kernel version 4.9, released in 2016, and later – and modern Windows, including Server 2016, as well as the latest spins of OpenSD and DragonflyBSD are not affected by this flaw
>>
>>66338371
>it all slows down so much that people move to powerpc or arm
>>
>>66340613
The worst bugs are intel-specific.
(I'll probably still go intel though unless the mitigation for this drops the single-core perf down below 2700x level)
>>
>>66337842
>It's amazing that this is happening again and again, what the fuck is going on with Intel engineers?
They designed their chips before security was even thought of and have been rehashing it since :)
>>
>>66339553
https://www.theregister.co.uk/2018/06/13/intel_lazy_fpu_state_security_flaw/
>>
>>66340581
Not as we know today but watch in a few months the answer changes to yes
>>
>>66339382
>Tu madre es una puta, panzón.
FTFY
>>
>>66338660
This
>>
File: cheese.jpg (24 KB, 600x600)
24 KB
24 KB JPG
>>
>>66340658
>t Intel representative
AMD CPUs don't even have this """feature""", but nice try.
>>
>>66338381

As much as I like AMD, I wouldn't put it past them to be returning fire after all the shady shit Intel did to keep them from entering the market.
>>
Based Theo BTFO'ing Intel and security """ researchers """
>>
File: LinKAn7.jpg (72 KB, 960x720)
72 KB
72 KB JPG
>>
>The fix is to employ a mechanism called eager FPU state restore, which modern Linux, Windows and other kernels use.
>These mitigations do not carry a performance hit – in fact, eager state switching can increase performance.
It's pretty much nothing for desktop users, potentially a serious problem for anyone running Windows Server 2008 or an old Linux kernel.
>>
>>66340696
kek
>>
>>66338028
If it did people from cheddar would be trying to fuck the cheese instead of their sisters. :^)
>>
>>66338264
[citation needed]
>>
>>66340735
>using outdated software can cause serious problems down the road

Wow who would have thought??
>>
>>66340844
You're gay as fuck
>>
So this is just memery
>>
>>66340901
Not really memery, Ubuntu 16.04 LTS runs in 4.4 kernel, and Debian oldstable on 3.16
There's also plenty in Windows Server 2008 systems out there, and I guess this might affect Windows 7 too
>>
>>66340901
>>66340735
>>66340658
Intel shills are so fucking obvious...
>>
>>66340949
>Ubuntu 16.04 LTS

There's nothing stopping you from updating it.

>Debian oldstable

Never use Debian in a place where security takes priority.

>Windows Server 2008

Don't use Windows for your server. Ever.

>Windows 7

Update to 10 or use Linux. Windows 7 is long dead.
>>
>>66340828
https://software.intel.com/sites/default/files/managed/39/c5/325462-sdm-vol-1-2abcd-3abcd.pdf
>>
File: 1504275173842.png (120 KB, 480x521)
120 KB
120 KB PNG
>>66340981
>>
>>66338715
You underestimate the power of Intel fangoys
>>
>>66337842
Backdoors
>>
>>66340735
>eager state switching can increase performance
just like completely filling you can hood with dents will make it go faster
damn, brian must be paying you well

>inb4 tested, like golf balls
>>
>>66338381
>AMD
>spending money on R&D
>>
>>66340981
Top tier b8 senpai
>>
File: SuperH_logo.png (10 KB, 269x269)
10 KB
10 KB PNG
>>66337822
It's finally time to shine!
>>
>>66338427
Based Theo.
>>
>>66337934
Not a rumor anymore: Intel confirmed the issue about an hour ago.
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html
.
>>
>>66340378
>severity rating: moderate
fucking lmao
>>
File: bd6ce4b1.png (8 KB, 151x200)
8 KB
8 KB PNG
ALL DEBIAN XEN VPSs CONFIRMED TO BE CURRENTLY VULNERABLE:
https://security-tracker.debian.org/tracker/CVE-2018-3665
https://security-tracker.debian.org/tracker/CVE-2018-3665
https://security-tracker.debian.org/tracker/CVE-2018-3665
>>
>>66341113
They only give extreme to the "oh Jesus Christ they can rape my machine with one button press from China" level exploits.
>>
>>66341020
this. these guys are competent and did this clearly for a purpose
>>
>>66341273
>It took me about 5 hours to write a working exploit based on the details he announced.
https://twitter.com/cperciva/status/1007010583244230656
>>
>>66341189
>Didn’t even include Debian on the embargo
wew lad
It’s like Intel, Amazon and Google are trying to piss off absolutely everyone.
>>
that youtube guy that hates intel and wants to make love to amd headquarters is gonna have a happiness aneurysm
>>
>>66339226
not him but amd did something like this back in 05 or 06. i remember reading about it in the computer lab as a junior in high school, lol. they did it for performance reasons when kernel event polling was becoming usable finally and they needed faster context switching between cores. you can derail the decoder to inject something resembling a macro to solve a very specific set of switching problems. this doesn't look like one of those problems, however.

maybe you should keep your mouth shut when you don't know what you're talking about from now on, faggot. the last thing this board needs is more ignorant spergs acting like they know shit when they don't.
>>
File: 1528705187294.png (104 KB, 900x980)
104 KB
104 KB PNG
Interesting though that almost all of the vulnerabilities Intel has had lately, had no or very limited impact on AMD processors.

In the end it seems AMD engineers are way more competent.
>>
>>66337785
Will this effect Haswell cpus?
>>
>>66341555
yes, everything that came after the Pentium 4
>>
>>66341555
>https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html
All Intel Core-based microprocessors are vulnerable.
>>
File: 1514782657852.jpg (85 KB, 631x591)
85 KB
85 KB JPG
And this is why I use AMD.
>>
Apparently someone unintentionally fixed this in the linux kernel two years ago:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=58122bf1d856a4ea9581d62a07c557d997d46a19

So since bsd's rolled out their fixes and linux is safe, the bug is officially resolved?
>inb4 what about "insert proprietary system here"
We don't talk about nigger cattle here.
>>
File: 1516797919429.jpg (243 KB, 910x1015)
243 KB
243 KB JPG
>>66337785
>putting your faith in the jews
>>
So, how much the Intel mindshare reduced today?
>>
>>66341679
roughly 3%.
>>
>Windows Server 2008
There’s going to be a lot of server reboots at work soon.
>>
Does anyone have more info about the impact on Xen instances?
>>
>>66341891
sheit, my last restart was in january because of spectre, :(
>>
File: fragezeichenkäfer.jpg (38 KB, 466x361)
38 KB
38 KB JPG
Can someone explain what the bottom line impact is for an average-joe paranoid fuck like me?

Basically, are my PGP keys compromised? Are my luks/dm-crypt disk keys compromised? How could someone use this flaw to actually affect me or get encrypted data?
>>
Jfc again. There are more bug in my cpu than in my code.
>>
>>66341555
It affects everything since Nehalem, yes, but there is no actual impact to you as long as you're up to date. It's not like Meltdown (where the mitigation resulted in a performance hit).
>>
>>66337960
>>66338679
Bouncing off this question, what actually could take advantage of this? Javascript does seem likely but
>implying I enable js
>>
>>66340199
t. newfag
>>
File: 1388231788512.png (465 KB, 719x719)
465 KB
465 KB PNG
>>66337785
Any Linux kernel patches submitted or discussions public yet?

Time to go AMD, it's every other week with Shintel. Shame DDR4 is so fucking expensive.
>>
File: 1520828955795.jpg (323 KB, 480x953)
323 KB
323 KB JPG
Is this the jew doing /pol/ told me?
>>
>>66342129
Scratch my question, this was apparently patched in fucking 2016.
https://news.ycombinator.com/item?id=17304947

Debian patch: https://security-tracker.debian.org/tracker/CVE-2018-3665

Win-fags BTFO.
>>
Already fixed in OpenBSD, if you run OpenBSD-CURRENT
>>
>>66342026
It's mostly an issue when you have multiple users on your system.
This could be a system where multiple people can login (although generally you are way more vulnerable by local privilege escalation), but more importantly a big issue in cloud / virtualization contexts, where basically a cloud tenant can "sniff out" possibly-secret data from other guests.

As we have seen with Meltdown, the security of virtualized guests should be considered weak. If you run a sensitive service on a VM guest in the cloud, assume other guests can read your SSH, SSL keys, etc.

Bottom line: if you want to do something security sensitive, use actual hardware, not virtualization. And host it yourself.
>>
>>66342276
To further expand on that: this is a big deal if you're into crypto-currency.

All those fly by night exchanges are probably running on the cloud. If I were a hacker trying to steal millions, I would figure out where they host, and run "sniffers" exploiting Meltdown, this new FPU bug, etc.

That's possibly how some exchanges were hacked, although there are many other ways to do it.
>>
>>66342276
So in essence this won't affect a common single-user hardware system, nor necessarily a virtualized system (as there's only one user using the system)?

It sounds similar to Meltdown/Spectre in passing data between "layers".
>>
>>66342171
Only on Stretch on bare metal. Most cloud installations are currently vulnerable.
>>
>>66342304
It does affect virtualized systems, but basically the scenario is this:

You have a host (e.g. Linux) running multiple guests.
If this is your host and all the guest are yours, that's not a problem because it's all your stuff anyway.

But let's say you're in the cloud: the host is operated by the cloud owner. You have a VM (a VPS) and other people have VPSes running on that host. If they are malicious, with that vulnerability they can try to sniff out data that belongs to your VPS.

The bottom line is: virtualization, which is supposed to provide the illusion of having distinct computers, does not work perfectly, and you can leak data between those virtual computers, with Meltdown, with this new bug, and I'm willing to bet with new bugs to come. Because Intel never thought about that and designed their CPUs to work in this way. x86 virtualization is basically a hack.
>>
>>66342366
This.
>>
>>66342304
>It sounds similar to Meltdown/Spectre in passing data between "layers".
it is, and those "layers" are the cpu data cache
>>
>>66342091
>up to date
What exactly is up to date?
>>
>>66342366
>virtualization, which is supposed to provide the illusion of having distinct computers, does not work perfectly
fug RIP in peace my dreams of a linux host with windows VM for games
>>
>>66342476
But how? Your Windows VM is offline, right...? You'd never willing let a Windows system connect to the internet, right?
>>
>>66342476
No, you can still do it.
The issue is when you have different *UNTRUSTED* guests. If it's your computer you can do whatever you want because you're the only user.

On the other hand it is a big, big issue for cloud providers running Intel CPUs right now...

I have a few VPS I use for personal projects (nothing too serious, but I do have SSH and SSL keys) and I'm considering moving to physical hardware, although it's way more expensive.
>>
How do we know AMD is secure? More people use Intel, so more problems are found.
>>
Very interesting thread to read from a FreeBSD guy:
https://twitter.com/cperciva

He was the FreeBSD security officer, found the first Intel multi-threading leaking vulnerability back in 2005, and he is a respected cryptographer (he invented the password-hashing system scrypt).

He's saying he took him a few hours to write an exploit. He's also saying that the affected registers are the ones used to store AES keys...
>>
>>66340629
This you fucking tards. It's fucking nothing.
>>
>>66342558
It's literally the second major leak issue announced in months in Intel CPU.
It might not affect Linux, because they fixed the issue entirely by accident, but it's still a big deal.
>>
>>66342521
Its been praised by more security researchers
>>
>>66342576
Sure, but it's not going to affect performance negatively at all. I agree it has implications for older stuff that hasn't been accidentally patched.
>>
What exactly do I need to update to not be vulnerable?
>>
>>66337785
Lol. I wish I could exploit it.
>>
>>66342642
If you are running anything older than Linux 4.9 you are fucked and you should upgrade.
If you are running *BSD update today.

Also, remember to create new keys just in case.
>>
>>66337903
Honest question
What single threaded applications do you need the 6%-10%ish lead that the 8700k has? And why do you value that over multicore performance, and better real-world performance in pretty much everything else.
>>
File: 455645353.jpg (89 KB, 507x739)
89 KB
89 KB JPG
APOLOGIZE
>>
>>66342835
The two main things I do with my computer are programming (I work from home) and gaming. The 8700k is better in both of those (you might expect the AMD chip to be better at compiling large codebases, but it isn't). And future games (especially VR) are only going to get more sensitive to per-core perf.

If I frequently ran software that can spread perfectly over an arbitrary number of threads (like video encoding), I would probably get the 2700x. But that doesn't describe my actual workloads.
>>
File: loser.png (408 KB, 1093x779)
408 KB
408 KB PNG
>>
>>66342741
Also if you're using W7, you're boned too
>>
>>66339143
Hahaha ebin! You like Marvel movies too??!? Wow you're so nerdy and cool anon! Give me some more cool references from one of the 20 super hero movies to come out this year hahahaha!
>>
>>66342468
Windows 10, Linux post 4.9 (if you have some x86 Android odds are that it's not patched), *BSD's updated today
No idea about applel, guess they will patch it in a year or two
>>
>>66342993
where can i buy that shirt
>>
LOL retard PC users getting fucked once again

should have bought a mac apple doesnt have these problems they actually make shit that works
>>
>>66343094
What are you programming that doesnt scale with cores? When i upgraded from a quad to a (slightly faster clock) hexacore i literally got a 50% speed bump. The only caveat was that i had to mess with some dependencies to make it parallelize, but what was good for 4 was better for 6.
>>
File: 1525989448787.png (66 KB, 300x274)
66 KB
66 KB PNG
>>66343521
>>
>>66343545
hes programming games that dont use more than one core
>>
File: 8400 btfo.png (348 KB, 1275x714)
348 KB
348 KB PNG
>>66339026
>>
>>66343568
i like your style, but assuming he has at least 8 compilation units and /MP he'd benefit from an 8-core processor every time he builds his 1-thread game
>>
File: 1450746436439.gif (45 KB, 499x499)
45 KB
45 KB GIF
>>66340170
>>66339396

>tfw bought amd at $1.6
>tfw made $30000
>tfw intelfags and nvidiots aren't getting any free upgrades
>>
>>66343521
>macshit doesnt have core* cpus
gr8 b8 m8, i r8 it 8/8
>>
File: Housefire.png (245 KB, 1128x577)
245 KB
245 KB PNG
>>66340237
>tfw still warm, comfy, and secure with my FX rig.
>>
>>66340570
Must be Intel's H1B hires at work
>>
>>66338427
TL;DR?
>>
>>66344703
See
https://archive.rebeccablacktech.com/g/thread/66293107/#66296401

>BSDCan conference. Theo was doing a talk on some on-going new Intel vulnerability that is under embargo. During the QA session, someone ask what could be done for the different BSD projects to cooperate. Theo replied that they can't cooperate with FreeBSD because they signed an NDA. Some FreeBSD guy replied that the FreeBSD foundation signed the NDA, not the FreeBSD project. Theo basically replied he didn't know and care about the political details of who's what in the FreeBSD community, which is when the nerd rage happened.

>The feud between Theo and FreeBSD is old. He's been calling them out as corporate sell-outs for many years I think (because they sign NDAs which prevent further cooperation).
>>
File: 1413913323099.png (162 KB, 1000x1000)
162 KB
162 KB PNG
>>66344654
>>
OpenBSD's Theo de Raadt
https://marc.info/?l=openbsd-tech&m=152895192209700

> Reports said there are apparently 8 problems, this is 1. 7 to go. Or more, because I suspect there are 2-3 generic problems which have a vast number of consequences.
>[...]
> So far we suspect there is a collection of TLB effects, a collection of speculative instruction effects including basically being greedy about any instruction-result address being used to feed the caches and load via the TLB. Including eviction problems. Suspect there are workarounds subject to the limitations of the micro-architure, and trying to impliment this.

Time to short sell INTC! And if you have cryptocurrencies on an exchange, pray that the black hats are not using those bugs to steal their wallets.




Delete Post: [File Only] Style:
[Disable Mobile View / Use Desktop Site]

[Enable Mobile View / Use Mobile Site]

All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.