Linus Torvalds is furious at Intel over its handling of the current processor security flaw

[Samoth]

From what I have tested, there is a lost in performance.

but in my case It's was not that much, I build this sheet Windows KB4056892 bench (before and after).xlsx

 

Edit: Yes, I know my tests are not perfect, but It give some idea of what the story is gonna be

Edit2: the OS build 16299.192 is apparently fixing issue with Intel Kernel but I'm not 100% sure about that.

[AresKrieger]

26 minutes ago, Sauron said:

Well... the cat is out of the bag now, everyone who needs to know about this does. The problem with Intel not aknowledging it is that it shows they probably have no intention to address the problem by fixing their hardware, at least not for some time. While I don't expect them to pull coffee lake from the market until they have a patched version, the least they could do is delay their next product line to make sure it's fixed. But if they do that, they're afraid AMD will eat them alive.

I'm confused the meltdown issue has a software patch and the other issue affects everyone why would they need to delay anything.

[Sauron]

18 minutes ago, mr moose said:

Regarding only effecting Intel it depends on who you get your info from at this stage, but all that aside the reason they didn't say anything was because they had to get the fix out first. Now the fix is out they can talk about it and find alternative solutions to the performance issues.    Making a public statement about it before they had the hole patched could have been disastrous and thus not a smart move (by any company).

I don't think that's what Torvalds is talking about. I think he means that even after the announcement, Intel is playing it off as not a big deal and not something they need to address.

[Sauron]

5 minutes ago, AresKrieger said:

I'm confused the meltdown issue has a software patch and the other issue affects everyone why would they need to delay anything.

Because the "patch" is just a workaround, and it decreases performance in some cases. It's as if, say, part of the cache were vulnerable to attack and the "solution" was to just not use that part of the cache. It solves the security issue but it cripples the cpu.

[AresKrieger]

3 minutes ago, Sauron said:

Because the "patch" is just a workaround, and it decreases performance in some cases. It's as if, say, part of the cache were vulnerable to attack and the "solution" was to just not use that part of the cache. It solves the security issue but it cripples the cpu.

Ah I thought it changed how the OS could us the cache not whether or not it could be used, well they could try tweaking the firmware if possible, fortunately for me I'm completely unaffected since I don't have NVMe, server software or any VMs

 

Either way I still hate Torvalds, he's a very irritating person and generally an ass, though he made a cool thing it doesn't eliminate his terrible personality

[SteveGrabowski0]

2 hours ago, NumLock21 said:

That one was for Nvidia

 

 

[Guest]

Yep, I guess I'm not the only that thought the Linus from around here was pissed lol.

[Sauron]

17 minutes ago, AresKrieger said:

Ah I thought it changed how the OS could us the cache not whether or not it could be used, well they could try tweaking the firmware if possible, fortunately for me I'm completely unaffected since I don't have NVMe, server software or any VMs

 

Either way I still hate Torvalds, he's a very irritating person and generally an ass, though he made a cool thing it doesn't eliminate his terrible personality

Mine was just an example, they didn't deactivate cache as far as I know, but using the processor differently still causes reduced performance.

[Drak3]

I'm confused. I should care...why exactly?

 

Why should anyone, asides for the die hard Linux fuckbois?

[anticoralian]

2 minutes ago, Drak3 said:

I'm confused. I should care...why exactly?

 

Why should anyone, asides for the die hard Linux fuckbois?

This will be of greatest impact to cloud providers and companies with virtualised systems, but can affect all other users. Mozilla has already demonstrated that it's possible to craft a Javascript file that can utilise Meltdown/Spectre to glean information about a system that should not be accessible from a userland process (eg the browser)

 

More info on that particular piece here: https://www.bleepingcomputer.com/news/security/mozilla-confirms-web-based-execution-vector-for-meltdown-and-spectre-attacks/

[Drak3]

Just now, anticoralian said:

This will be of greatest impact to cloud providers and companies with virtualised systems, but can affect all other users. Mozilla has already demonstrated that it's possible to craft a Javascript file that can utilise Meltdown/Spectre to glean information about a system that should not be accessible from a userland process (eg the browser)

 

More info on that particular piece here: https://www.bleepingcomputer.com/news/security/mozilla-confirms-web-based-execution-vector-for-meltdown-and-spectre-attacks/

I meant, explicitly, why we should care what Torvalds thinks, as this thread isn't about the exploit, but a petty man saying "fuck you" to yet another company because of it.

[anticoralian]

19 minutes ago, Drak3 said:

I meant, explicitly, why we should care what Torvalds thinks, as this thread isn't about the exploit, but a petty man saying "fuck you" to yet another company because of it.

Sorry, I misunderstood what you meant. In that case, ehh, I find the guy to be entertaining with his "stick it to the man" attitude!

[suicidalfranco]

2 hours ago, Matu20 said:

Linus also said fuck Nvidia, but Nvidia is very well and kicking, so i don't see this helping at all.

and now Nvidia is the best option if you want a Linux system.

[ARikozuM]

I marked it as "informative", but I don't see any tech news here. Shouldn't this be added to the existing thread? @leadeater 

@Godlygamer23

[Drak3]

4 minutes ago, ARikozuM said:

I marked it as "informative", but I don't see any tech news here. Shouldn't this be added to the existing thread? @leadeater @WoodenMarker

The tech news is that irrelevant, petty man, who created the base kernal that would be adapted and added to by multiple groups, is mad that a company has a security issue and he can't comprehend that holes can go undiscovered for years.

[Curufinwe_wins]

This just in... security exploit sufficiently obscure to go unnoticed for literally 10+ years and sufficiently difficult to actually exploit without already high level infiltration that all noted parties sat on the exploit information for 6 months as they figured out the extent of the problem and the patches possible/needed.

 

Yeah, color me not worried one bit about this one.

[Trik'Stari]

5 hours ago, D13H4RD2L1V3 said:

That's what PR tries to do. 

 

Doesn't help in this case. 

PR needs to learn that people can smell that shit a mile away.

[mr moose]

3 hours ago, Sauron said:

I don't think that's what Torvalds is talking about. I think he means that even after the announcement, Intel is playing it off as not a big deal and not something they need to address.

Regardless of what Torvalds might be trying to get at, it's still the same thing.  To be honest I'm not sure why people don't understand the necessity of PR in situations like this. 

[ItsMitch]

3 minutes ago, Trik'Stari said:

PR needs to learn that people can smell that shit a mile away.

PR teams just fan that shit away to others to try and share the blame

[Misanthrope]

11 minutes ago, Curufinwe_wins said:

This just in... security exploit sufficiently obscure to go unnoticed for literally 10+ years and sufficiently difficult to actually exploit without already high level infiltration that all noted parties sat on the exploit information for 6 months as they figured out the extent of the problem and the patches possible/needed.

 

Yeah, color me not worried one bit about this one.

Could have gone another 10 years undiscovered my interpretation here is far more simple: It was intended. Probably a requested backdoor by a spook agency in the US or something among those lines and somebody just happened to stumble into it.

[Curufinwe_wins]

37 minutes ago, Misanthrope said:

Could have gone another 10 years undiscovered my interpretation here is far more simple: It was intended. Probably a requested backdoor by a spook agency in the US or something among those lines and somebody just happened to stumble into it.

 

Llol, if that's what you want to believe. I'm sure it would be difficult to convince regardless. Someone happening to stumble into it isn't exactly either accurate or likely though since concentrated effort is going on in exploit finding and cyber-security on a firm level by these individual tech companies in addition to white hat groups.

[Urishima]

11 hours ago, Matu20 said:

Linus also said fuck Nvidia, but Nvidia is very well and kicking, so i don't see this helping at all.

That's not exactly the same thing. The FOSS community has a long standing issue with NVIDIA because they refuse to cooperate. That's completely different from what is happening here.

[Urishima]

9 hours ago, Drak3 said:

I meant, explicitly, why we should care what Torvalds thinks, as this thread isn't about the exploit, but a petty man saying "fuck you" to yet another company because of it.

The man maintains the kernel of the OS that basically 'runs' the Internet. Point at any datacenter and I will almost guarantee you that it basically runs on Linux.

Yes, the guy is a big deal.

[Bit_Guardian]

What a jackass. Intel disclosed this to Microsoft, Apple, RedHat, Canonical, and plenty of other major contributors to the Linux kernel, including Google and Intel's internal kernel writers (Intel does have its own custom Linux bistro btw). Of course it's going to be hush hush.

 

Torvalds needs to put a sock in it. He hasn't done any serious software or hardware work in five years. Hell kernel 5.0's beginning designs would piss him off, but the design choices are certainly correct for the new world of the many-core CPUs.

[Bit_Guardian]

Just now, Urishima said:

The man maintains the kernel of the OS that basically 'runs' the Internet. Point at any datacenter and I will almost guarantee you that it basically runs on Linux.

Yes, the guy is a big deal.

He hasn't made a single code contribution to the Linux kernel for nearly 5 years.

 

As for the hypervisor versions of Linux which are run by Google, IBM, Joyent, AWS, and Intel Cloud, they're completely customised. They have their own kernel writers scrapping tons of things in the Linux kernel and keeping only the minimum instructions they need to provide security and scalability with absolutely none of the cruft that comes from a more general-purpose OS.