Jump to content

David89

Member
  • Posts

    221
  • Joined

  • Last visited

Awards

This user doesn't have any awards

2 Followers

About David89

  • Birthday November 23

Profile Information

  • Gender
    Male
  • Location
    Germany
  • Member title
    Junior Member

System

  • CPU
    AMD R5 1600 @ 3,95 GHz
  • Motherboard
    ASRock AB350 Pro4
  • RAM
    G.Skill Aegis DDR4-3000@2933
  • GPU
    MSI Radeon RX 480 ARMOR 8G OC
  • Case
    Cooler Master Silencio 650
  • Storage
    A lot
  • PSU
    FSP Group AURUM GOLD 400
  • Display(s)
    Acer K272HUL Ebmidpx 27.0" 2560x1440
  • Cooling
    Thermalright HR-02 Rev.A
  • Keyboard
    Logitech G410 Atlas Spectrum
  • Mouse
    Roccat Kone XTD
  • Sound
    Creative A250, Roccat Kave XTD 5.1 Digital
  • Operating System
    Arch Linux, Windows 8.1, Windows 10

Recent Profile Visitors

1,078 profile views
  1. To me, the funniest thing about that argument is, one can apply that to everything. Why use a 7950X, when a 7600 is more than sufficient? The simple fact of the matter is: We could all go back to planned economy and only produce that, that's actually needed and "the best" for all. Does anyone in their right mind want that? No. Thing x is more expensive, yes, does it matter? No, if that's what i want or if that product is better suited for what i need it do to. Apart from that, that number is mighty different in all parts of the world. For the BEV example, if you rent an apartment in Germany, you have to drive to chargers. Most of these are fast chargers, making them ridiculously expensive (like 80 cents per kwh). Even with projected E-Fuel/Synthetic Fuel prices of ~ 2,50 Euro per Liters, a BEV that averages 18 kWh/100km would cost in excess of 14 Euros per 100 km. My Mazda CX-60 Diesel can be driven with less than 5 l/100 km, at 2,50 Euro per Liter that would make for 12,50 per 100 km. The funny thing is, I'm fueling up with HVO Diesel at the moment (synthetic fuel, 90% less Co2)...for 1,82 Euros per Liter. It's expected that the price rises to roughly 2 Euros, but not much more than that, making it 10 Euros per 100 km. Sure, there are BEVs that are using only 14 kWh per 100 km and you could argue that most flats/apartments will get chargers that are a lot cheaper...but that's at least 10 years off. Now - if we do that exact calculation with used cars...BEVs are even more expensive. One of the cheapest BEVs right now is the Fiat 500E or in Europe especially the Dacia Spring (which is not a car i would driven, even gifted). The Fiat in Germany is roughly 30k Euros. No idea how it is in Canada, but for 10k Euros you get lot's of cars, like a Golf 1.6 TDI that's really easy to drive at around 5 l/100km (probably even less). Let's add 5k in savings to keep the car "alive" for the next 10 years and add the costs for driving it 200.000 km (20k per year is on the upper end for Germany...probably the same for canada?) - plus 18k in fuel, plus let's say 14k in upkeep (insurance, tax, etc). 34k in 10 Years - that's pretty cheap (roughly 280 Euros per Month) Every single BEV will be more expensive...hence, buying a new car is stupid.
  2. Meh. Another one of those Intel Videos. 56 Cores are great and such, but they are getting actually boring. I'd really like to see EPYC in one of those Videos. Although i get, that there is no Motherboard on AMDs side, that can compete with that. Still. A comparison between the Opteron Piledriver and EPYC would also be...uh...Epic.
  3. Interesting. Anyone noticed, that Gadi Evron was in the same military unit, as the other guys from CTS...? Also, that BOTH Ido Li On and Yaron Luk-Zilberman contradicted Gadi Evron, who said "I can confirm they have a PoC on everything." I'm still going with my first assessment of the whole ordeal: Gadi Evron was part of the whole thing from the beginning... And Trail of Bits right away said, it's no where near as bad, as they say.
  4. And that's exactly why there are different stages of severity of Bugs. This whole thing is just not a security issue. Those are some very nasty and bad bugs - but you can't to anything with them, unless you actually got in to the system with some security holes. They need to be fixed, yes, but they are rather low on the priority list. Although, as we have come to know AMD, i'm pretty sure there is a new AGESA in a few Weeks, that completely fixes those issues.
  5. 1) I have it disabled and don't have any devices relating to the PSP in Device Manager, or even DMESG on Linux. Nothing. Enabled there are a few things that hint at the PSP. 2) IMHO that's a design flaw with X86. Has been the case with many, many things over the years. Intel ME, many TPM devices, DRM functions or even Kinibi.
  6. Man. Those guys are absolutely laughable. Hey, maybe i should search for some random fourth stage attacks, that haven't been fixed for years. For those who do not know what the stages are: Although you could even argue, that those are stage six attacks, since you are corrupting "something" (be it the ASMedia Controller or the PSP) I also just had a bit of a play with deactivating the PSP in my UEFI. That works and there is no PSP and TPM Device anymore. Edit: Even Trail of Bits says, those attacks are not viable. https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/
  7. the FRACK? Are you for real? The whole reason why "we" defend AMD is because THE ONLY thing that may be a real problem for AMD is the ASMedia Shit - and even that is probably not even AMDs fault. It's about the "HOW" this is going down. If there are security flaws - so be it. But that whole smear campaign against AMD is an absolute shitshow, because Intel has the same vulnerabilities in their ME. That's btw one big reason why many thousands signed an open letter to AMD to make their PSP OpenSource to prevent this kind of stuff. The rest of all of those "vulnerabilities" are present on EVERY FRACKING system! Holy mother of Jesus are you dense. Btw, for a good read about why you are already FUC**D big time when code is running at those kinds of levels: https://blogs.msdn.microsoft.com/oldnewthing/20060508-22/?p=31283 I'm done here.
  8. First of all: Dan Guido said that himself. Second: You just disqualified yourself from EVERY viable discussion with that kind of statement. How old are you? 14? Third: I'm a Sysadmin, so i do actually know a few things about computers. I may not be a security expert, but i do know my way around secure systems. Let's assume those vulnerabilities are real. For Ryzenfall 1-4 the first step is to get through the VSM, which was introduced with Windows 10. After that, you'll need to get access to the LSASS (Local Security Authority Subsystem Service), which has also been reworked with Windows 10 (split in different and isolated threads that can't be accessed directly) and makes it pretty much impossible to gain any access to anything hardware related without any Admin rights. Now, even if you have full Admin rights: You need a driver that has write access to the PSP. After that you have to get the right Bios hashes for the bios in question. Same applies to Fallout 1-3 - only difference is that it uses the Bootloader of the SP. ALL of that implies however, that you've cracked the Microsoft VSM, which would give you access to EVERY system and not only AMD based ones. And you even need Admin rights to put Chimera to "use" - you'd also need physical access, because you have to restart Windows without the Driver Protection. Which is the case for all of those attacks, btw. So: you need physical access to ALL of those attacks, UNLESS someone has already deactivated the driver protection on that system. So: 3 of those attacks need a bios flash. The rest of those need drivers. Ever tried to install drivers remotely on Windows? Ever tried to install - even signed but not vendor correct - drivers? Basically, if you go through all of that trouble, EVERY System is vulnerable, not just an AMD one. Still: There are NO technical details inside the Whitepaper from CST, so all of that are just assumptions based on what the results "should" be.
  9. No. I don't, because either i completely misunderstood how the PSP and UEFI work, or i am right in that those are separated "enough" so that this can't be exploited in that way. Also, at least on my board i have to have the UEFI Network stack enabled to flash over the Internet, which i don't and as a Sysadmin it is standard policy in many companies to also turn that feature off. Timeline ======== 09-28-17 - Vulnerability reported to AMD Security Team. 12-07-17 - Fix is ready. Vendor works on a rollout to affected partners. 01-03-18 - Public disclosure due to 90 day disclosure deadline. Everyone's attention moved to Meltdown and Spectre, because the PSP was already fixed.
  10. Please prove me wrong with data. I'm sorry, but i give a crap about your statement if you can't back it up with something else than one guy on Twitter saying he had access to the technical reports. And i don't care if he has 13 years of experience, he's still only one guy. And you repeating your claim won't make it right. Those "many other security experts" are still (it's around 23:20, 13th March of 2018, Euro Time) only that one guy. Where as at least four (!) said, that it's highly unlikely to be having any impact. And why are you so hellbent on making sure everyone believes ONE source?
  11. Not only did they violate standard procedure, they made an extremely bad choice to be in the same bed with a shady companie that has a known history of manipulating stock markets with false claims. I'm not that optimistic though. The only real positive thing is, that AMD's PSP doesn't have the Network stack built in, like Intel's ME. Even if AMDs PSP is as pitted as swiss cheese, it won't matter, because they are not vulnerable from the outside. Edit: About Dan Guido - he specifically states, he has been paid by CST and "all 13 Flaws have been confirmed", while others already laid waste to some of those flaws, because they are simply not flaws "per se".
  12. Personally, i REALLY would like to know, how and why Dan Guido has said anything at all. Many other Security Experts are saying that pretty much all of that is - at least until now - absolute bullcrap. BTW, The much bigger question is: IF there is some merit to the PSP being vulnerable (read: Same problem as Intels ME, that STILL haven't been fixed fully, mind you!) - how can it be possible to bypass the Windows 10 VSM, that Microsoft praised as one of the absolute killer security features? By design it should be impossible to run unprotected code, that isn't hashed correctly by the LSASS. Having to need physical access to the machine is a must in all of those cases, so even IF there are real flaws in the System from "the inside" - what do they matter if the attacker has physical access to your machine?
  13. No. It doesn't, especially not if the Whitepaper is as badly written as that. Especially considering what background "Viceroy" (the company behind CST) has. They have a background of manipulating stock and are currently under investigation from many around the world. Most notably Germany for crashing the ProSieben stock last week. Can you do something else, or is throwing swear words and bad mouthing people everything you can do? Have you studied that somewhere? I'd like to know that course, maybe i can jump down to your standard. Many at /r/AMD are everything but biased. They heavily favour AMD - me included - which COULD be bias, but most definitely isn't. Same goes for AdoredTV. "Bias" is something extremely unreasonable, but "we" (those, who favour AMD over Intel under many, many circumstances) have reasons for it. Which makes it - by definition - unbiased. @Topic: It's absolute BS. https://www.moneyweb.co.za/in-depth/investigations/viceroy-unmasked/ Their Office is made up from stock photos and green screen. Basically, if you've got Admin rights on a PC, you can do everything you want with that thing. No shit...
  14. Yeah, sorry, i just realized, i accidentally switched charts. But: https://www.techspot.com/review/1474-ryzen-vs-older-budget-cpus/ https://www.techspot.com/review/1546-intel-2nd-gen-core-i7-vs-8th-gen/ Therefore, i still don't think going with an 4460 is a good choice. (Unless you absolutely do not want to spend the money for DDR4...)
×