Go Back  Bike Forums > The Lounge > Foo
Reload this Page >

Arrrrg. Massive processor flaw leaves both PCs and Macs vulnerable

Foo Off-Topic chit chat with no general subject.

Arrrrg. Massive processor flaw leaves both PCs and Macs vulnerable

Reply

Old 01-03-18, 09:43 PM
  #26  
Rollfast
What happened?
 
Rollfast's Avatar
 
Join Date: Jun 2007
Location: Around here somewhere
Posts: 6,808

Bikes: No. 7 now sitting in a box in the living room

Mentioned: 23 Post(s)
Tagged: 1 Thread(s)
Quoted: 1199 Post(s)
Originally Posted by genec View Post
Oh, you're still running the Pentium, with it's own error?
Pentium FDIV: The processor bug that shook the world | TechRadar

This is not a problem for 2003 machines. And they are talking about 1994, ORIGINAL Pentium, not P II, III, IV...
__________________
Summary: Life is still 100% fatal.
Rollfast is offline  
Reply With Quote
Old 01-04-18, 12:38 AM
  #27  
UmneyDurak
RacingBear
 
UmneyDurak's Avatar
 
Join Date: Dec 2004
Location: NorCal
Posts: 8,870
Mentioned: 2 Post(s)
Tagged: 0 Thread(s)
Quoted: 179 Post(s)
Heh.

There are three security vulnerabilities.
1) Affects Intel, AMD, and ARM ans is "easily" fixed in SW.
2) Affects Intel and AMD and according to AMD "almost zero risk"
3) Only affects Intel.

The patch will have some performance impact but it will vary depending on how much it goes between Kernel and user space. So relax you will still be able to stream your 4K HD porn without issues.
Original report: https://googleprojectzero.blogspot.com/
UmneyDurak is offline  
Reply With Quote
Old 01-04-18, 03:23 AM
  #28  
Aubergine 
Senior Member
 
Join Date: Nov 2015
Location: Seattle and Reims
Posts: 2,364

Bikes: Too many to list

Mentioned: 21 Post(s)
Tagged: 0 Thread(s)
Quoted: 551 Post(s)
I guess I will need to pull out my dusty but still functional 68040 Mac.
Aubergine is offline  
Reply With Quote
Old 01-04-18, 06:50 AM
  #29  
himespau 
Senior Member
 
himespau's Avatar
 
Join Date: Jun 2008
Location: Louisville, KY
Posts: 10,857
Mentioned: 14 Post(s)
Tagged: 0 Thread(s)
Quoted: 1113 Post(s)
Nobody writes viruses for my commodore 64 anymore. C64, when you need the ultimate in security and your cell phone has too much processing power.
himespau is offline  
Reply With Quote
Old 01-04-18, 06:58 AM
  #30  
HardyWeinberg
GATC
 
Join Date: Jul 2006
Location: south Puget Sound
Posts: 8,577
Mentioned: 22 Post(s)
Tagged: 0 Thread(s)
Quoted: 414 Post(s)
The two problems, called Meltdown and Spectre, could allow hackers to steal the entire memory contents of computers, including mobile devices, personal computers and servers running in so-called cloud computer networks.
...

According to the researchers, the Meltdown flaw affects virtually every microprocessor made by Intel, which makes chips used in more than 90 percent of the computer servers that underpin the internet and private business operations.
...


Spectre will be much more difficult to deal with than issuing a software patch.


The Meltdown flaw is specific to Intel, but Spectre is a flaw in design that has been used by many processor manufacturers for decades. It affects virtually all microprocessors on the market, including chips made by AMD that share Intel’s design and the many chips based on designs from ARM in Britain.

https://www.nytimes.com/2018/01/03/b...er-flaws.html?

Last edited by HardyWeinberg; 01-04-18 at 07:02 AM.
HardyWeinberg is offline  
Reply With Quote
Old 01-04-18, 08:40 AM
  #31  
Shimagnolo
Senior Member
 
Shimagnolo's Avatar
 
Join Date: May 2008
Location: Zang's Spur, CO
Posts: 8,566
Mentioned: 7 Post(s)
Tagged: 0 Thread(s)
Quoted: 1350 Post(s)
I've found several articles that state Apple already fixed MacOS in the 2017-12-06 10.13.2 update.
Here is one: https://en.wikipedia.org/wiki/Meltdo...ty)#Mitigation

Here are the release notes for the security updates in 10.13.2.
Note the seven notes titled "Kernel" halfway down the page: https://support.apple.com/en-us/HT208331
Shimagnolo is offline  
Reply With Quote
Old 01-04-18, 10:09 AM
  #32  
canklecat
Me duelen las nalgas
 
canklecat's Avatar
 
Join Date: Aug 2015
Location: Texas
Posts: 7,615

Bikes: Univega Via Carisma, Globe Carmel, Centurion Ironman Expert

Mentioned: 119 Post(s)
Tagged: 0 Thread(s)
Quoted: 2239 Post(s)
Originally Posted by Aubergine View Post
I guess I will need to pull out my dusty but still functional 68040 Mac.
Kinda wish I'd kept my old Color Classic. Cute li'l thang. It was still semi-functional online until the mid-2000s, albeit slowly and with a hobbled browser. Finally donated it to a thrift store, although I should have kept just the box for one of those aquarium conversions.
canklecat is offline  
Reply With Quote
Old 01-05-18, 03:23 AM
  #33  
Rollfast
What happened?
 
Rollfast's Avatar
 
Join Date: Jun 2007
Location: Around here somewhere
Posts: 6,808

Bikes: No. 7 now sitting in a box in the living room

Mentioned: 23 Post(s)
Tagged: 1 Thread(s)
Quoted: 1199 Post(s)
Tried today's patch, was worse than the problem, which is also one of those if they do this and that theories, made everything as bad as Yahoo.


That's an accomplishment. The flu could be better than the shot. Try again.
__________________
Summary: Life is still 100% fatal.
Rollfast is offline  
Reply With Quote
Old 01-05-18, 08:31 AM
  #34  
himespau 
Senior Member
 
himespau's Avatar
 
Join Date: Jun 2008
Location: Louisville, KY
Posts: 10,857
Mentioned: 14 Post(s)
Tagged: 0 Thread(s)
Quoted: 1113 Post(s)
I'm seeing some sources saying you should update your BIOS. The last time I tried that, I ended up needing a new mother board, so I really don't want to go down that route again.
himespau is offline  
Reply With Quote
Old 01-06-18, 01:13 PM
  #35  
Marcus_Ti 
Only Slightly Bent
 
Marcus_Ti's Avatar
 
Join Date: Sep 2014
Location: Lincoln, Nebraska
Posts: 4,016

Bikes: Roadie: Seven Axiom Race Ti w/Chorus 11s. CX/Adventure: Carver Gravel Grinder w/ Di2

Mentioned: 24 Post(s)
Tagged: 0 Thread(s)
Quoted: 1524 Post(s)
For those who haven't yet seen this patch...your AV is stopping Windows Update from grabbing it:

Windows Meltdown-Spectre fix: How to check if your AV is blocking Microsoft patch | ZDNet

Check this spreadsheet to see if your AV supports the patch:

https://docs.google.com/spreadsheets...aring&sle=true
Marcus_Ti is offline  
Reply With Quote
Old 01-06-18, 04:41 PM
  #36  
genec
genec
Thread Starter
 
genec's Avatar
 
Join Date: Sep 2004
Location: West Coast
Posts: 26,221

Bikes: custom built, sannino, beachbike, giant trance x2

Mentioned: 21 Post(s)
Tagged: 0 Thread(s)
Quoted: 5353 Post(s)
Originally Posted by Marcus_Ti View Post
For those who haven't yet seen this patch...your AV is stopping Windows Update from grabbing it:

Windows Meltdown-Spectre fix: How to check if your AV is blocking Microsoft patch | ZDNet

Check this spreadsheet to see if your AV supports the patch:

https://docs.google.com/spreadsheets...aring&sle=true
This reads as though MS has only released updates for their Surface products running Win 10...

Microsoft has released this firmware in the form of UEFI updates for the Surface Pro 3, Surface Pro 4, Surface Book, Surface Studio, Surface Pro Model 1796, Surface Laptop, Surface Pro with LTE Advanced, and Surface Book 2.

"The updates will be available for the above devices running Windows 10 Creators Update (OS version 15063) and Windows 10 Fall Creators Update (OS version 16299). You will be able to receive these updates through Windows Update or by visiting the Microsoft Download Center," says Microsoft.
genec is online now  
Reply With Quote
Old 01-06-18, 04:43 PM
  #37  
Juan Foote
LBKA (formerly punkncat)
 
Juan Foote's Avatar
 
Join Date: Jan 2010
Location: Jawja
Posts: 3,377

Bikes: Spec Roubaix SL4, GT Traffic 1.0

Mentioned: 9 Post(s)
Tagged: 0 Thread(s)
Quoted: 875 Post(s)
Got the patch last night. It threw my Symantec into the multiple issues (2) thing on one of the machines, but I understand a fix for that is underway. On my "powerful" machines, I barely notice the slowdown. On one of my older AMD machines it is slow enough more to just about make it unusable, in a way. The latency with that one is crippling.
Juan Foote is online now  
Reply With Quote
Old 01-06-18, 04:50 PM
  #38  
Rollfast
What happened?
 
Rollfast's Avatar
 
Join Date: Jun 2007
Location: Around here somewhere
Posts: 6,808

Bikes: No. 7 now sitting in a box in the living room

Mentioned: 23 Post(s)
Tagged: 1 Thread(s)
Quoted: 1199 Post(s)
Microsoft will force install it anyway.
__________________
Summary: Life is still 100% fatal.
Rollfast is offline  
Reply With Quote
Old 01-06-18, 05:49 PM
  #39  
Marcus_Ti 
Only Slightly Bent
 
Marcus_Ti's Avatar
 
Join Date: Sep 2014
Location: Lincoln, Nebraska
Posts: 4,016

Bikes: Roadie: Seven Axiom Race Ti w/Chorus 11s. CX/Adventure: Carver Gravel Grinder w/ Di2

Mentioned: 24 Post(s)
Tagged: 0 Thread(s)
Quoted: 1524 Post(s)
Originally Posted by Rollfast View Post
Microsoft will force install it anyway.
Nope, it is already live for Surface users....but WinUpdate checks for 3rd party AV, and denies the update if it sees 3rd party AV installed.


My Surface Pro 2017 still hasn't seen the KB yet. Nor has my desktop.
Marcus_Ti is offline  
Reply With Quote
Old 01-07-18, 10:12 PM
  #40  
Rollfast
What happened?
 
Rollfast's Avatar
 
Join Date: Jun 2007
Location: Around here somewhere
Posts: 6,808

Bikes: No. 7 now sitting in a box in the living room

Mentioned: 23 Post(s)
Tagged: 1 Thread(s)
Quoted: 1199 Post(s)
Originally Posted by Marcus_Ti View Post
Nope, it is already live for Surface users....but WinUpdate checks for 3rd party AV, and denies the update if it sees 3rd party AV installed.


My Surface Pro 2017 still hasn't seen the KB yet. Nor has my desktop.

I meant they will change your Windows Update settings back to Automatic and install it anyway.


The next update I got was one I thought was already installed unless I goofed and uninstalled it instead of trig to uninstall the 12-2018 Security rollup (which doesn't work).


In the last day I've had temporary loss of the START button (reboot from a hard shutdown solved that) and tonight I'm having some problems with windows under the top browser page being blank when you go back to them (suggesting that more caching troubles are being created than solved).


Again, rollups are the PT Barnum of Windows.


PS This has little to do with 'slowing down', in fact Windows 7 with either IE 11 or Firefox 57.0.4 seem to be okay otherwise, FF was just kinda drunk at first and running five different components all called firefox.exe like 57.0 in the beginning...I closed all of them in Task Manager, restarted and it not only unfroze but behaved again.


Now, I'm using a Pentium G620 2.60 GHZ with 4 GB RAM in a HP Pavilion i7-1111 which is about 10 years old but the best I've got and God only knows what will happen to my Dell Dimension E310 with a 533 MHz FSB...we'll see about the 12+ year old MPC ClientPro 385 with a vPro CPU and Linux Mint Sylvia.
__________________
Summary: Life is still 100% fatal.

Last edited by Rollfast; 01-07-18 at 10:21 PM.
Rollfast is offline  
Reply With Quote
Old 01-07-18, 10:26 PM
  #41  
Rollfast
What happened?
 
Rollfast's Avatar
 
Join Date: Jun 2007
Location: Around here somewhere
Posts: 6,808

Bikes: No. 7 now sitting in a box in the living room

Mentioned: 23 Post(s)
Tagged: 1 Thread(s)
Quoted: 1199 Post(s)
OH for Pete's sake, I've been running for 2 hours now and the AVG icon never showed up in my taskbar. The audio icon has an X and works too. Not a happy camping control freak!
__________________
Summary: Life is still 100% fatal.
Rollfast is offline  
Reply With Quote
Old 01-07-18, 10:36 PM
  #42  
Rollfast
What happened?
 
Rollfast's Avatar
 
Join Date: Jun 2007
Location: Around here somewhere
Posts: 6,808

Bikes: No. 7 now sitting in a box in the living room

Mentioned: 23 Post(s)
Tagged: 1 Thread(s)
Quoted: 1199 Post(s)
I restarted and got those icons back as they are supposed to be but I'm also tired of hearing the sound for unplugged device/device plugged in at sporadic intervals. I have to assume that Google invented this so that it would be all over the news media and poorly reported to cause a ruckus and hopefully just make people buy new computers needlessly.


Google is evil, has always been evil and sent one of their old employees as CEO to destroy Yahoo, which was already a mess and mainly a rehash of MSN.


I have seen no real and tangible proof that there was a real threat, only a website where the author is more interested in you download the logo she created for it. This is third grade nonsense!
__________________
Summary: Life is still 100% fatal.
Rollfast is offline  
Reply With Quote
Old 01-08-18, 01:05 AM
  #43  
CliffordK
Senior Member
 
CliffordK's Avatar
 
Join Date: Nov 2014
Location: Eugene, Oregon, USA
Posts: 20,109
Mentioned: 124 Post(s)
Tagged: 0 Thread(s)
Quoted: 7076 Post(s)
Hmmm...

Does anybody know if our Government discovered this exploit before it was made public last summer? I would find it very upsetting if they've been sitting on it for years.

So much talk about software fixes... where is Intel in all of this?
CliffordK is offline  
Reply With Quote
Old 01-08-18, 01:32 AM
  #44  
UmneyDurak
RacingBear
 
UmneyDurak's Avatar
 
Join Date: Dec 2004
Location: NorCal
Posts: 8,870
Mentioned: 2 Post(s)
Tagged: 0 Thread(s)
Quoted: 179 Post(s)
Originally Posted by CliffordK View Post
Hmmm...

Does anybody know if our Government discovered this exploit before it was made public last summer? I would find it very upsetting if they've been sitting on it for years.

So much talk about software fixes... where is Intel in all of this?
Working with software vendors? What do you want them to do?
UmneyDurak is offline  
Reply With Quote
Old 01-08-18, 01:57 AM
  #45  
CliffordK
Senior Member
 
CliffordK's Avatar
 
Join Date: Nov 2014
Location: Eugene, Oregon, USA
Posts: 20,109
Mentioned: 124 Post(s)
Tagged: 0 Thread(s)
Quoted: 7076 Post(s)
Originally Posted by UmneyDurak View Post
Working with software vendors? What do you want them to do?
If this is a hardware bug, then Intel should be releasing patched CPU's.

However, we'll probably not see the patches until the next generation of CPU's are released.

It would be a massive recall to recall every CPU produced in the last 20 years. Many people like to peg the active working life of a PC around 4 or 5 years. I think that is a little short, but perhaps issue a volutary recall of all their Xeon processors sold in the last 3 years or so. Perhaps also add in a few high end workstation processors.

Also, is this something that could be fixed with a ROM/EPROM update?
CliffordK is offline  
Reply With Quote
Old 01-08-18, 02:39 AM
  #46  
UmneyDurak
RacingBear
 
UmneyDurak's Avatar
 
Join Date: Dec 2004
Location: NorCal
Posts: 8,870
Mentioned: 2 Post(s)
Tagged: 0 Thread(s)
Quoted: 179 Post(s)
Originally Posted by CliffordK View Post
If this is a hardware bug, then Intel should be releasing patched CPU's.

However, we'll probably not see the patches until the next generation of CPU's are released.
Of course they will be patching it in next gen CPUs. Re-designing fundamental part of the chp, and validation is not an over night thing.

It would be a massive recall to recall every CPU produced in the last 20 years. Many people like to peg the active working life of a PC around 4 or 5 years. I think that is a little short, but perhaps issue a volutary recall of all their Xeon processors sold in the last 3 years or so. Perhaps also add in a few high end workstation processors.

Also, is this something that could be fixed with a ROM/EPROM update?
No, or micro opcode update. This is Kernel/Browser/firmware update stuff. Depending if it's Meltdown or Spectre.
UmneyDurak is offline  
Reply With Quote
Old 01-08-18, 03:39 AM
  #47  
CliffordK
Senior Member
 
CliffordK's Avatar
 
Join Date: Nov 2014
Location: Eugene, Oregon, USA
Posts: 20,109
Mentioned: 124 Post(s)
Tagged: 0 Thread(s)
Quoted: 7076 Post(s)
Originally Posted by UmneyDurak View Post
Of course they will be patching it in next gen CPUs. Re-designing fundamental part of the chp, and validation is not an over night thing.

No, or micro opcode update. This is Kernel/Browser/firmware update stuff. Depending if it's Meltdown or Spectre.
They've known about the flaw for at least 6 months.

Firefox went through a major update about a month ago, but apparently is still playing catch-up.
Fedora had its last major release 2 months ago, although they may be somewhat independent from the kernel.

Time flies, but it isn't just overnight.
CliffordK is offline  
Reply With Quote
Old 01-08-18, 05:58 AM
  #48  
Marcus_Ti 
Only Slightly Bent
 
Marcus_Ti's Avatar
 
Join Date: Sep 2014
Location: Lincoln, Nebraska
Posts: 4,016

Bikes: Roadie: Seven Axiom Race Ti w/Chorus 11s. CX/Adventure: Carver Gravel Grinder w/ Di2

Mentioned: 24 Post(s)
Tagged: 0 Thread(s)
Quoted: 1524 Post(s)
Originally Posted by CliffordK View Post
If this is a hardware bug, then Intel should be releasing patched CPU's.

However, we'll probably not see the patches until the next generation of CPU's are released.

It would be a massive recall to recall every CPU produced in the last 20 years. Many people like to peg the active working life of a PC around 4 or 5 years. I think that is a little short, but perhaps issue a volutary recall of all their Xeon processors sold in the last 3 years or so. Perhaps also add in a few high end workstation processors.

Also, is this something that could be fixed with a ROM/EPROM update?

Catch being, that CPUs are in development years. Sandybridge was 6 years from start of development to consumer release. Intel should grind every product in development to a halt to fix this, by rights. But one tier is nearly finished and ready to go, another is halfway there already.
Marcus_Ti is offline  
Reply With Quote
Old 01-08-18, 06:41 AM
  #49  
CliffordK
Senior Member
 
CliffordK's Avatar
 
Join Date: Nov 2014
Location: Eugene, Oregon, USA
Posts: 20,109
Mentioned: 124 Post(s)
Tagged: 0 Thread(s)
Quoted: 7076 Post(s)
Originally Posted by Marcus_Ti View Post
Catch being, that CPUs are in development years. Sandybridge was 6 years from start of development to consumer release. Intel should grind every product in development to a halt to fix this, by rights. But one tier is nearly finished and ready to go, another is halfway there already.
If the articles are correct and this is a primarily Intel bug, then it will likely be a huge boost for AMD and ARM/RISC.

What about the next big military contract? Or, even previous military contracts.

So, yes, this should be a drop everything and fix it type issue for Intel.
CliffordK is offline  
Reply With Quote
Old 01-08-18, 07:25 AM
  #50  
Juan Foote
LBKA (formerly punkncat)
 
Juan Foote's Avatar
 
Join Date: Jan 2010
Location: Jawja
Posts: 3,377

Bikes: Spec Roubaix SL4, GT Traffic 1.0

Mentioned: 9 Post(s)
Tagged: 0 Thread(s)
Quoted: 875 Post(s)
^ Of course, Intel's press release implicated AMD and ARM in the issue as well. There have been no statements from either of those so far as I know. I can say that both of my other AMD machines received the update and one of the two, an A6, is about crippled by it.
Juan Foote is online now  
Reply With Quote

Thread Tools
Search this Thread

Contact Us Archive Advertising Cookie Policy Privacy Statement Terms of Service