Author Topic: Intel about to have a bad week  (Read 4400 times)

thedigitalone

  • Stubble
  • **
  • Posts: 112
  • Location: PNW
Intel about to have a bad week
« on: January 02, 2018, 05:16:07 PM »
https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/

Initial reports are that the patch will cause up to a 30% performance hit, across their entire product line... ouch.

Gronnie

  • Bristles
  • ***
  • Posts: 330
  • Age: 34
  • Location: MN
Re: Intel about to have a bad week
« Reply #1 on: January 02, 2018, 05:54:47 PM »
Or..... they'll come out with a redesign that fixes this and everyone will buy it and they make a killing.

tralfamadorian

  • Handlebar Stache
  • *****
  • Posts: 1218

PDXTabs

  • Handlebar Stache
  • *****
  • Posts: 1979
  • Age: 37
  • Location: Portland, OR, USA
Re: Intel about to have a bad week
« Reply #3 on: January 02, 2018, 08:14:35 PM »
I'm going with option #1:

https://www.fool.com/investing/2017/12/19/intels-ceo-just-sold-a-lot-of-stock.aspx

My day job is dealing with this sort of stuff on ARM hardware. I think that there is a real chance that something big is about to break:
http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-the-linux-page-table

maizefolk

  • Magnum Stache
  • ******
  • Posts: 4700
Re: Intel about to have a bad week
« Reply #4 on: January 02, 2018, 08:36:32 PM »
Gotta enjoy the naming conventions people can get away with in linux.

Quote
The fix is to separate the kernel's memory completely from user processes using what's called Kernel Page Table Isolation, or KPTI. At one point, Forcefully Unmap Complete Kernel With Interrupt Trampolines, aka FUCKWIT, was mulled by the Linux kernel team, giving you an idea of how annoying this has been for the developers.

PDXTabs, my knowledge is sufficiently basic that I think I just barely made it through the pythonsweetness article, but feel like I understand a lot more about what it potentially going on than I otherwise would, thanks for posting it!

ILikeDividends

  • Bristles
  • ***
  • Posts: 459
Re: Intel about to have a bad week
« Reply #5 on: January 02, 2018, 08:46:21 PM »
Intel about to have a bad week
Class action lawyers can't be too far behind.

Apple's facing 15 of them for the recent patch that slowed down IPhone 6's to cope with aging batteries.

Class action lawsuits against Apple for intentionally slowing iPhones now 15 and counting
https://9to5mac.com/2017/12/29/apple-slowing-iphones-class-action-lawsuits/
« Last Edit: January 02, 2018, 08:48:14 PM by ILikeDividends »

PDXTabs

  • Handlebar Stache
  • *****
  • Posts: 1979
  • Age: 37
  • Location: Portland, OR, USA
Re: Intel about to have a bad week
« Reply #6 on: January 02, 2018, 10:31:11 PM »
Intel about to have a bad week
Class action lawyers can't be too far behind.

Apple's facing 15 of them for the recent patch that slowed down IPhone 6's to cope with aging batteries.

Class action lawsuits against Apple for intentionally slowing iPhones now 15 and counting
https://9to5mac.com/2017/12/29/apple-slowing-iphones-class-action-lawsuits/

Did they get sued for the original Pentium bug?

Intel makes the hardware, not the software (Linux, Windows, etc). You are free to run old-style fast and insecure, or new style secure. Rumor has it that we should know more in two days?

ILikeDividends

  • Bristles
  • ***
  • Posts: 459
Re: Intel about to have a bad week
« Reply #7 on: January 02, 2018, 11:03:47 PM »
Intel about to have a bad week
Class action lawyers can't be too far behind.

Apple's facing 15 of them for the recent patch that slowed down IPhone 6's to cope with aging batteries.

Class action lawsuits against Apple for intentionally slowing iPhones now 15 and counting
https://9to5mac.com/2017/12/29/apple-slowing-iphones-class-action-lawsuits/

Did they get sued for the original Pentium bug?

Intel makes the hardware, not the software (Linux, Windows, etc). You are free to run old-style fast and insecure, or new style secure. Rumor has it that we should know more in two days?
Intel recalled that chip at a cost of $475 million to pre-tax earnings.  Damages that could be claimed for that, statistically, would be tiny.  How about a -30% reduction to computing productivity worldwide?  Potential damages claimed could be hefty.  Whether they could be substantiated would, of course, still be a question.

This is a bug that affects every Intel CPU since the introduction of demand-paged virtual memory in PCs (think late 1980's, the 3086 chip first introduced that capability).  A recall wouldn't seem to be a feasible solution to heading off a class action lawsuit.
« Last Edit: January 02, 2018, 11:09:52 PM by ILikeDividends »

Dexterous

  • Stubble
  • **
  • Posts: 207
  • Age: 34
  • Location: Hawaii
Re: Intel about to have a bad week
« Reply #8 on: January 02, 2018, 11:28:11 PM »
It's unfortunate timing for those seeing this now, because AMD stock just increased for unrelated news.

PDXTabs

  • Handlebar Stache
  • *****
  • Posts: 1979
  • Age: 37
  • Location: Portland, OR, USA
Re: Intel about to have a bad week
« Reply #9 on: January 03, 2018, 12:03:34 AM »
Intel recalled that chip at a cost of $475 million to pre-tax earnings.  Damages that could be claimed for that, statistically, would be tiny.  How about a -30% reduction to computing productivity worldwide?  Potential damages claimed could be hefty.  Whether they could be substantiated would, of course, still be a question.

Good to know. I have three i5s and two i3s that I want replaced.

This is a bug that affects every Intel CPU since the introduction of demand-paged virtual memory in PCs (think late 1980's, the 3086 chip first introduced that capability).  A recall wouldn't seem to be a feasible solution to heading off a class action lawsuit.

The 80386 is the first x86 core that I know of with what we would call modern virtual memory, although the implementation was so hard to program that Linux now requires a 486. With that said, I don't know when they added speculative pre-fetching of data.

thedigitalone

  • Stubble
  • **
  • Posts: 112
  • Location: PNW
Re: Intel about to have a bad week
« Reply #10 on: January 03, 2018, 12:12:58 AM »
Quote
This is a bug that affects every Intel CPU since the introduction of demand-paged virtual memory in PCs (think late 1980's, the 3086 chip first introduced that capability).  A recall wouldn't seem to be a feasible solution to heading off a class action lawsuit.

Back then most if not all processors were socket mounted, there are countless x86 Intel processors that are affected by this issue that are soldered in place and can't be economically replaced.

Cloud providers run on the hard edge of profitability vs. performance (Azure, AWS) taking 30% of their performance is a fundamental change in the landscape, there are significant changes coming from this issue and they will hit soon.

Intel is not the only tech company that will be affected by this issue.
« Last Edit: January 03, 2018, 12:29:22 AM by thedigitalone »

ILikeDividends

  • Bristles
  • ***
  • Posts: 459
Re: Intel about to have a bad week
« Reply #11 on: January 03, 2018, 12:24:36 AM »
Intel recalled that chip at a cost of $475 million to pre-tax earnings.  Damages that could be claimed for that, statistically, would be tiny.  How about a -30% reduction to computing productivity worldwide?  Potential damages claimed could be hefty.  Whether they could be substantiated would, of course, still be a question.

Good to know. I have three i5s and two i3s that I want replaced.

This is a bug that affects every Intel CPU since the introduction of demand-paged virtual memory in PCs (think late 1980's, the 3086 chip first introduced that capability).  A recall wouldn't seem to be a feasible solution to heading off a class action lawsuit.

The 80386 is the first x86 core that I know of with what we would call modern virtual memory, although the implementation was so hard to program that Linux now requires a 486. With that said, I don't know when they added speculative pre-fetching of data.
I stand corrected. 80386 is the design I unsuccessfully tried to refer to.

(I have not had a personal memory upgrade for over 60 years)
« Last Edit: January 03, 2018, 12:30:23 AM by ILikeDividends »

PDXTabs

  • Handlebar Stache
  • *****
  • Posts: 1979
  • Age: 37
  • Location: Portland, OR, USA
Re: Intel about to have a bad week
« Reply #12 on: January 03, 2018, 08:49:43 AM »
I stand corrected. 80386 is the design I unsuccessfully tried to refer to.

I wasn't really trying to correct you. I was more trying to point out that the "speculation" in the first article linked is that the hardware bug has to do with speculative memory access, and I'm not sure that the 386 had speculative memory access. Anyway, kind of a moot point as I'm sure that all the processors still in use do.

GuitarStv

  • Senior Mustachian
  • ********
  • Posts: 16343
  • Age: 39
  • Location: Toronto, Ontario, Canada
Re: Intel about to have a bad week
« Reply #13 on: January 03, 2018, 10:40:45 AM »
Huh.  We are in the process of moving a lot of stuff over to clouds.  It will be interesting to see how this plays out over the next little while at work.

sol

  • Walrus Stache
  • *******
  • Posts: 8474
  • Age: 43
  • Location: Pacific Northwest
Re: Intel about to have a bad week
« Reply #14 on: January 03, 2018, 10:46:07 AM »
Hilarious.  Reports suggest that this a ten year old bug that potentially allows any webpage full access (and thus control) of your machine.  All passwords.  Arbitrary code execution.  From visiting a webpage.

If university researchers took 10 years to figure this out, how long do you think NSA has been using it?  They have teams of specialists who find these things for a living, with basically unlimited resources.  I'm guessing they know exactly which cat videos Kim Jong Un watches.

They'll patch it of course, but this is the sort of thing that keeps me up at night.  I'm sure there are other similar exploits out there.  Nothing is really secure.

The performance hit of the patch could spell death to some cloud computing options.  Some of them wouldn't be profitable at even a 10% slowdown, much less 30%+.

moof

  • Pencil Stache
  • ****
  • Posts: 628
  • Location: Beaver Town Orygun
Re: Intel about to have a bad week
« Reply #15 on: January 03, 2018, 10:54:14 AM »
...
The performance hit of the patch could spell death to some cloud computing options.  Some of them wouldn't be profitable at even a 10% slowdown, much less 30%+.
The deal is that everyone will feel the slow down.  So if two cloud companies BOTH apply security fixes on comparable hardware, their relative advantages or disadvantages are unchanged.  It just means that the cost to EVERYONE has gone up 10-30%.  The demand cloud machines will go up, not down, as you can get a lot less done with each machine.

I guess my real Tin Foil Hat question is whether this was intentionally planted or paid to be planted by the NSA or its ilk?  Fun rabbit hole to go down...

Retire-Canada

  • Walrus Stache
  • *******
  • Posts: 7555
Re: Intel about to have a bad week
« Reply #16 on: January 03, 2018, 10:56:39 AM »
If university researchers took 10 years to figure this out, how long do you think NSA has been using it? 

The NSA may have designed it and told Intel to implement it.

PDXTabs

  • Handlebar Stache
  • *****
  • Posts: 1979
  • Age: 37
  • Location: Portland, OR, USA

sol

  • Walrus Stache
  • *******
  • Posts: 8474
  • Age: 43
  • Location: Pacific Northwest
Re: Intel about to have a bad week
« Reply #18 on: January 03, 2018, 11:42:17 AM »
So let's review.  Any computer that is connected to the internet can be fully breached by nation-states.  Any webcam or microphone can be surreptitiously activated.  All of your cpu cycles can be put to work for someone else.  All of your online activity can be logged, including every key stroke.

What are the implications of living in this world?

Because some people seem to respond to this knowledge by seeking out data encryption and bitcoins and putting electrical tape over their usb ports, but this approach will never be fully protective.  Your vanguard accounts can be drained.  Your credit card information is for sale.  You've been recorded masturbating in front of your laptop, and your nudes have been searched with facial recognition software.  Your professional business computers can be held at ransom at any moment. Your private bedroom conversations have been keyword searched by google's AI.  Your car's gps history has been cross correlated with your credit card transactions, your facebook account with your nude photos, your investment account with the address of your kid's school, and all of this is essentially public to anyone who knows where to look.   You thought the internet was only good for tinder?

In this world, privacy is a privilege only granted to the uninteresting.  Anyone can be blackmailed.  Your only defense is to live within the matrix, paying your taxes and keeping your nose clean, and hoping you never get famous enough to become a target for criminals or governments.

These sorts of threats make me long for the days of human control of our society.  I don't want everything to be automated by computers, I want a real human being behind a desk verifying my financial transactions.  I want an individual person, not an algorithm, responsible for protecting my identity.  I want an agent to verify and approve the sale of my house, or the execution of my will.  I want a society built on trust in other people, not in technology.  I want fraud protection on my credit cards, and FDIC insurance on my accounts, and law enforcement I can call on to assist me.  In short I want MORE government control over my life, not the libertarian fantasy land that Neal Stephenson seems to think is the answer to this sad situation.

thedigitalone

  • Stubble
  • **
  • Posts: 112
  • Location: PNW
Re: Intel about to have a bad week
« Reply #19 on: January 03, 2018, 11:46:35 AM »
Intel is down 6.5% so far, AMD is up 8.7% and the news is just starting to get widespread attention.

When will the first class-action lawsuit be filed?

PDXTabs

  • Handlebar Stache
  • *****
  • Posts: 1979
  • Age: 37
  • Location: Portland, OR, USA
Re: Intel about to have a bad week
« Reply #20 on: January 03, 2018, 11:49:49 AM »
Sol,

I don't disagree with the sentiment of your post. I will add:
  • You need to be able to choose what code to run on those devices.
  • I have not seen any confirmation that this effects old MIPS or ARM chips (only ARM64), and a lot of IoT devices run these cores.
  • AMD says that they are not affected.

sol

  • Walrus Stache
  • *******
  • Posts: 8474
  • Age: 43
  • Location: Pacific Northwest
Re: Intel about to have a bad week
« Reply #21 on: January 03, 2018, 11:58:16 AM »
AMD says that they are not affected.

Do you think the Intel bug is unique?  I don't.  It's just the most recent public revelation in a secret crypto war being waged by every technologically advanced nation.  Hell, we successfully hacked Iran's nuclear program even though those computers weren't even connected to the internet.

Privacy and security are illusions.  All technology is vulnerable.

thedigitalone

  • Stubble
  • **
  • Posts: 112
  • Location: PNW
Re: Intel about to have a bad week
« Reply #22 on: January 03, 2018, 12:16:17 PM »
So let's review.  Any computer that is connected to the internet can be fully breached by nation-states.  Any webcam or microphone can be surreptitiously activated.  All of your cpu cycles can be put to work for someone else.  All of your online activity can be logged, including every key stroke.

As we understand things now the flaw only allows access to data in a multi user environment, not an exploit that allows them to take over your computer.  So on your personal PC you are fine, using a shared service (Amazon, Azure, Hyper-V, VMWare) and other folks may be able to get to some of your data.

From the article below:
Quote
So far as we know at the moment, the risk of this flaw seems comparatively modest on dedicated servers such as appliances, and on personal devices such as laptops: to exploit it would require an attacker to run code on your computer in the first place, so you’d already be compromised.
https://nakedsecurity.sophos.com/2018/01/03/fckwit-aka-kaiser-aka-kpti-intel-cpu-flaw-needs-low-level-os-patches/

PDXTabs

  • Handlebar Stache
  • *****
  • Posts: 1979
  • Age: 37
  • Location: Portland, OR, USA
Re: Intel about to have a bad week
« Reply #23 on: January 03, 2018, 12:19:19 PM »
Do you think the Intel bug is unique?  I don't.  It's just the most recent public revelation in a secret crypto war being waged by every technologically advanced nation.  Hell, we successfully hacked Iran's nuclear program even though those computers weren't even connected to the internet.

"Never attribute to malice that which is adequately explained by stupidity." - Hanlon's razor

It might not be unique (there is a patch in the kernel for ARM64), but that doesn't make it malicious. They wanted to sell more processors, they added speculative execution to run faster, they screwed up the implementation. This is how you can view most security bugs. Managers had products to ship and salaries to pay, and its hard to delay a multi-million dollar project by 3 months to make sure that you dotted all of your i's and crossed all of you t's. As a full time security professional, I will say: no one wants to pay for it. At least, no one wants to pay for enough of it, because they want to ship new products with new features to new customers. Security is secondary, until it isn't.

Privacy and security are illusions.  All technology is vulnerable.

I partially agree with this. If you are the US government and your adversary is running a sufficiently large code base you will eventuality find something.

sol

  • Walrus Stache
  • *******
  • Posts: 8474
  • Age: 43
  • Location: Pacific Northwest
Re: Intel about to have a bad week
« Reply #24 on: January 03, 2018, 12:36:55 PM »
Quote from: thedigitalone link=topic=85682.msg1838041#msg1838041
So on your personal PC you are fine

I remain skeptical.  This is just one publicly released security hole.  We know there are others.

Have you ever installed software on your machine?  An app on your phone?  Run java or flash in your browser?  Then you are already potentially vulnerable.

I suspect that things like cryptocurrencies and pgp and tor are just decoys, not solutions.  They are the 2nd amendment  of the online world, because they make you feel like you are protecting yourself without actually doing anything to shield you from governments.  I don't care how awesome your gun collection is, eight marines in a stryker vehicle are going to fuck up your shit right quick.  Even your local SWAT guys will breach your defenses in a matter of minutes, and they're just local PD not the US military industrial complex.  You don't stand a chance.

Why should we believe the online world would be any different?  I suspect there is nothing you can do, as an individual, to protect yourself and your family from digital penetration by governments.  You can be an uninteresting target, or you can hide off grid.  You cannot fight back.
« Last Edit: January 03, 2018, 12:41:15 PM by sol »

lifeanon269

  • Bristles
  • ***
  • Posts: 338
Re: Intel about to have a bad week
« Reply #25 on: January 03, 2018, 12:44:50 PM »
Security is secondary, until it isn't.

This is ultimately what it comes down to. Security is always secondary to convenience and performance. Intel has a long history of putting the former behind the latter. This is on top of their Management Engine being an embedded system with direct memory access. I won't touch an Intel CPU with a virtual ten foot pole.

This is why I am a big proponent of both open source software and hardware. It isn't because open source systems don't have bugs or are perfect, it is because companies like Intel are always so secretive about what their technology actually does even after disclosure takes place leaving the rest of the community to figure out what's actually at risk and what the ramifications are.

lifeanon269

  • Bristles
  • ***
  • Posts: 338
Re: Intel about to have a bad week
« Reply #26 on: January 03, 2018, 01:02:53 PM »
I suspect that things like cryptocurrencies and pgp and tor are just decoys, not solutions.  They are the 2nd amendment  of the online world, because they make you feel like you are protecting yourself without actually doing anything to shield you from governments.  I don't care how awesome your gun collection is, eight marines in a stryker vehicle are going to fuck up your shit right quick.  Even your local SWAT guys will breach your defenses in a matter of minutes, and they're just local PD not the US military industrial complex.  You don't stand a chance.

I disagree. I have no doubt that the government has some amazing capabilities. But I would not go as far as you and suggest that there is nothing you can do to protect yourself from said capabilities.

thedigitalone

  • Stubble
  • **
  • Posts: 112
  • Location: PNW
Re: Intel about to have a bad week
« Reply #27 on: January 03, 2018, 04:12:08 PM »
It is two attacks, not just one.

Dubbed Meltdown and Spectre, here’s an announcement: https://meltdownattack.com/

Sounds like Intel CPU's are vulnerable to both, AMDs only to Spectre.

CVE-2017-5753 and CVE-2017-5715 for Spectre
CVE-2017-5754 for Meltdown

A much more technical overview by Google engineers https://googleprojectzero.blogspot.com/
« Last Edit: January 03, 2018, 04:15:33 PM by thedigitalone »