A Global Switch To Kill Linux's CPU Spectre/Meltdown Workarounds?

cybertraveler replied

27 August 2018, 11:56 AM
Originally posted by birdie View Post

To this date Microsoft, Google, Intel and all AV companies vendors haven't found a single piece of malware using Spectre/Meltdown vulnerabilities.

A reasonable statement!

Originally posted by birdie View Post

If you going to use conspiracy theories to prove that every vulnerable piece of hardware in the would should be protected against these vulnerabilities then ...

So instead of admitting that I was right (in the text you quoted), you respond with a "conspiracy theoriest" ad-hominem attack and tell me...

Originally posted by birdie View Post

... just kill yourself. Also please do not procreate and please fuck off.
It's amazing how many lunatics frequent the Phoronix forum but it's easily explainable given the fringe status of Linux. Enough with security idiocy. I'm not gonna argue with idiots any longer.

Your angry, vicious and contemptuous words tell me (and probably others here) a lot about you and your character. No further comment needed.
Likes 6
Leave a comment:
birdie replied

27 August 2018, 11:35 AM
Originally posted by cybertraveler View Post

Maybe you meant to say: "I am not aware of anyone or any group that has found a speculative execution exploit that was used in the wild."

1. If no one has found a real world speculative execution exploit, that does not mean these exploits are not being used. It would just mean that they haven't been found.
2. You can't even be sure that no one has has found such an exploit. You may have missed a report or the people that have found the exploits may not have made them public (for any number of reasons, including profit).

You're just the rude guy on a technical forum insulting people and making illogical claims (the the bold claim quoted above).

To this date Microsoft, Google, Intel and all AV companies vendors haven't found a single piece of malware using Spectre/Meltdown vulnerabilities.

If you going to use conspiracy theories to prove that every vulnerable piece of hardware in the would should be protected against these vulnerabilities then just kill yourself. Also please do not procreate and please fuck off. It's amazing how many lunatics frequent the Phoronix forum but it's easily explainable given the fringe status of Linux. Enough with security idiocy. I'm not gonna argue with idiots any longer.
Leave a comment:
cybertraveler replied

27 August 2018, 09:33 AM
Originally posted by birdie View Post

WTF are you talking about? There are zero speculative execution exploits in the wild. None.

Maybe you meant to say: "I am not aware of anyone or any group that has found a speculative execution exploit that was used in the wild."

1. If no one has found a real world speculative execution exploit, that does not mean these exploits are not being used. It would just mean that they haven't been found.
2. You can't even be sure that no one has has found such an exploit. You may have missed a report or the people that have found the exploits may not have made them public (for any number of reasons, including profit).

You're just the rude guy on a technical forum insulting people and making illogical claims (the the bold claim quoted above).
Likes 5
Leave a comment:
chithanh replied

27 August 2018, 08:53 AM
Originally posted by Weasel View Post

You realize Intel wanted to make it opt-in in a patch (i.e. disabled by default) and it got rejected/flamed by Linus, right? So you should point to Linus and the kernel, not Intel.

Well, Intel had their way in L1TF/Foreshadow. Only limited mitigation is enabled by default, and VM users are vulnerable unless they take extra steps.

Originally posted by birdie View Post

WTF are you talking about? There are zero speculative execution exploits in the wild. None. We've been hearing about them for the past eight months already, yet hackers still use old proven working methods, vs. this shat which could only be theoretically exploited. Why should everyone bear the burden of these mitigations even in cases when these vulnerabilities cannot be exploited under no circumstances?

I'm done with topic and local security wannabes.

Good riddance, there was no contribution of value from you anyway. For one, your claim "there are no known circulating in-the-wild viruses/exploits based on the Spectre/Meltdown vulnerabilities" was already disproven, which you conveniently chose to ignore. Then you say that it is impossible to exploit. But the relative lack of exploits does only say that there are currently other vectors which are easier or more promising approaches.
Likes 3
Leave a comment:
birdie replied

27 August 2018, 08:27 AM
Originally posted by Djhg2000 View Post

There are also bad admins out there. You still hear about breaches where the point of entry was a default admin password. But it still doesn't make speculative execution exploits go away.

WTF are you talking about? There are zero speculative execution exploits in the wild. None. We've been hearing about them for the past eight months already, yet hackers still use old proven working methods, vs. this shat which could only be theoretically exploited. Why should everyone bear the burden of these mitigations even in cases when these vulnerabilities cannot be exploited under no circumstances?

I'm done with topic and local security wannabes.
Leave a comment:
Weasel replied

27 August 2018, 08:23 AM
Originally posted by RussianNeuroMancer View Post

Then submit patch that disable mitigation for such devices and see what Intel and ARM will answer. But guess what? You already know you are wrong, so you are not going to do it.

You realize Intel wanted to make it opt-in in a patch (i.e. disabled by default) and it got rejected/flamed by Linus, right? So you should point to Linus and the kernel, not Intel.

xkcd, always relevant
Likes 3
Leave a comment:
RussianNeuroMancer replied

27 August 2018, 05:16 AM
Originally posted by birdie View Post

while a huge number of such devices cannot be exploited even theoretically

Then submit patch that disable mitigation for such devices and see what Intel and ARM will answer. But guess what? You already know you are wrong, so you are not going to do it.
Leave a comment:
darkbasic replied

27 August 2018, 04:49 AM
Originally posted by birdie View Post

These mitigations slow down billions of PCs (and ARM devices too) for no apparent reasons while a huge number of such devices cannot be exploited even theoretically.

I have a very difficult bug to exploit, a bug which almost every single PC on earth has been patched for. How valuable is creating an exploit for it?
Now let's say that almost none of those PCs has been patched for, just because it's very difficult to exploit it. How valuable could it be now?
Likes 2
Leave a comment:
darkbasic replied

27 August 2018, 04:40 AM
Originally posted by birdie View Post

I'm pretty sure about that because I trust Firefox/Google developers a lot more than I trust your opinion.

[...]

You've heard about these vulnerabilities yet you understand shat about what they really are and how they can be exploited yet you have the guts to incite people to follow your advice.

To be fair everybody here probably trusts kernel developers' defaults much more than your word on it.
And YOU are the one who incites people to get away from defaults (and even complain about OSes which don't allow you to do so) against developers' advises.
Likes 3
Leave a comment:
bridgman replied

27 August 2018, 12:09 AM
Originally posted by birdie View Post

Too many people nowadays don't give the slightest clue about what they are talking about, yet they feel entitled to spell out their highly "valuable" opinion.

People were like that 50 years ago too... they just had much smaller audiences
Likes 5
Leave a comment:

Announcement

A Global Switch To Kill Linux's CPU Spectre/Meltdown Workarounds?

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment: