Announcement

Collapse
No announcement yet.

A Global Switch To Kill Linux's CPU Spectre/Meltdown Workarounds?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #61
    Originally posted by Djhg2000 View Post
    Mining power, persistent network entry points and/or login credentials would be three of the blatantly obvious answers.
    Tell me how you are going to attack a rendering farm exactly. It usually has an SSH port open and nothing else. And tell me again, how spectre/meltdown-like exploits can be pushed onto the said farm. There are quite a lot of alternatively gifted people in this thread who believe they are world experts in security.

    Meanwhile and let me repeat this again for the utmost idiots here: there are no known circulating in-the-wild viruses/exploits based on the Spectre/Meltdown vulnerabilities. The most talked about attack vector which is running JS in a web browser has long been resolved by both Firefox and Chrome. Meanwhile we also have zero JS based exploits in-the-wild.

    These mitigations slow down billions of PCs (and ARM devices too) for no apparent reasons while a huge number of such devices cannot be exploited even theoretically.

    For the past eight months literally hundreds of other real vulnerabilities have been discovered which are indeed exploitable in practice, vs. the topic we are discussing.
    birdie
    Senior Member
    Last edited by birdie; 26 August 2018, 05:41 PM.

    Comment


    • #62
      birdie - Keep calling people here idiots and see how many friends you make and how many polite discussions you enjoy.

      Comment


      • #63
        Originally posted by cybertraveler View Post
        birdie - Keep calling people here idiots and see how many friends you make and how many polite discussions you enjoy.
        Too many people nowadays don't have the slightest clue about what they are talking about, yet they feel entitled to spell out their highly "valuable" opinion. On the contrary when I don't know shat about something I just keep my mouth shut or at least say something like, "I feel like", "What if" or something similar, however most people in this thread know nil about security yet that doesn't stop them from talking like they are experts in the field. Not only that's very pathetic, it's just plain stupid, thus I call them "idiots" because it's what they are.

        If you're offended by that, stop spewing shat - no one has asked you to open your mouth in the first place.

        Also, I prefer my friends to be intelligent or at the very least have some common sense which is all so rare nowadays. And no, I don't seek virtual friends among phoronix readers.
        birdie
        Senior Member
        Last edited by birdie; 27 August 2018, 04:15 AM.

        Comment


        • #64
          Originally posted by birdie View Post
          Tell me how you are going to attack a rendering farm exactly. It usually has an SSH port open and nothing else. And tell me again, how spectre/meltdown-like exploits can be pushed onto the said farm. There are quite a lot of alternatively gifted people in this thread who believe they are world experts in security.
          I can't tell you exactly because I'm not a hacker. But even if I were, you seriously believe I'd spill the beans trying to convince someone who keeps calling me an idiot? That said you are in a *nix oriented forum, the likelyhood of crossing paths with an actual security researcher is substantialy higher than on your average forum.

          Originally posted by birdie View Post
          Meanwhile and let me repeat this again for the utmost idiots here: there are no known circulating in-the-wild viruses/exploits based on the Spectre/Meltdown vulnerabilities. The most talked about attack vector which is running JS in a web browser has long been resolved by both Firefox and Chrome. Meanwhile we also have zero JS based exploits in-the-wild.
          Yes there are. None of the known ones are doing anything useful with it, but they sure are trying. It's just a matter of time before they deploy working exploits.

          Example: https://searchsecurity.techtarget.co...ed-in-the-wild

          Originally posted by birdie View Post
          These mitigations slow down billions of PCs (and ARM devices too) for no apparent reasons while a huge number of such devices cannot be exploited even theoretically.
          Then add those processors to the mitigation whitelist.

          Originally posted by birdie View Post
          For the past eight months literally hundreds of other real vulnerabilities have been discovered which are indeed exploitable in practice, vs. the topic we are discussing.
          There are also bad admins out there. You still hear about breaches where the point of entry was a default admin password. But it still doesn't make speculative execution exploits go away.

          Comment


          • #65
            I've got some weird numbers to report... disabling protections does seem to make CPU-bound situations in CS:GO run a bit faster, maybe 3-10%, but CPU performance is more significantly effected my how I interact with GRUB, regardless of boot options...

            when I use the arrow keys and enter key to select a boot option, in-game CPU performance suffers (say 200 FPS vs 250 or more), while letting it boot without input, or pressing "e" to edit boot options and then booting with "f10" is fine, wether or not anything was changed.

            I tested repeatedly with a variety of options, and results were very consistent. protection status was checked each time in terminal.

            EDIT: Antergos/Arch, I5-4570, AMD graphics. 4.14, 4.18, 4.18-zen tested.
            HenryM
            Phoronix Member
            Last edited by HenryM; 26 August 2018, 11:29 PM.

            Comment


            • #66
              Originally posted by birdie View Post
              Too many people nowadays don't give the slightest clue about what they are talking about, yet they feel entitled to spell out their highly "valuable" opinion.
              People were like that 50 years ago too... they just had much smaller audiences
              Test signature

              Comment


              • #67
                Originally posted by birdie View Post
                I'm pretty sure about that because I trust Firefox/Google developers a lot more than I trust your opinion.

                [...]

                You've heard about these vulnerabilities yet you understand shat about what they really are and how they can be exploited yet you have the guts to incite people to follow your advice.
                To be fair everybody here probably trusts kernel developers' defaults much more than your word on it.
                And YOU are the one who incites people to get away from defaults (and even complain about OSes which don't allow you to do so) against developers' advises.
                ## VGA ##
                AMD: X1950XTX, HD3870, HD5870
                Intel: GMA45, HD3000 (Core i5 2500K)

                Comment


                • #68
                  Originally posted by birdie View Post
                  These mitigations slow down billions of PCs (and ARM devices too) for no apparent reasons while a huge number of such devices cannot be exploited even theoretically.
                  I have a very difficult bug to exploit, a bug which almost every single PC on earth has been patched for. How valuable is creating an exploit for it?
                  Now let's say that almost none of those PCs has been patched for, just because it's very difficult to exploit it. How valuable could it be now?
                  ## VGA ##
                  AMD: X1950XTX, HD3870, HD5870
                  Intel: GMA45, HD3000 (Core i5 2500K)

                  Comment


                  • #69
                    Originally posted by birdie View Post
                    while a huge number of such devices cannot be exploited even theoretically
                    Then submit patch that disable mitigation for such devices and see what Intel and ARM will answer. But guess what? You already know you are wrong, so you are not going to do it.

                    Comment


                    • #70
                      Originally posted by RussianNeuroMancer View Post
                      Then submit patch that disable mitigation for such devices and see what Intel and ARM will answer. But guess what? You already know you are wrong, so you are not going to do it.
                      You realize Intel wanted to make it opt-in in a patch (i.e. disabled by default) and it got rejected/flamed by Linus, right? So you should point to Linus and the kernel, not Intel.

                      xkcd, always relevant

                      Comment

                      Working...
                      X