Announcement

Collapse
No announcement yet.

Google Engineer Shows "SESES" For Mitigating LVI + Side-Channel Attacks - Code Runs ~7% Original Speed

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Originally posted by cb88 View Post

    To be fair AMD still has extremely few sidechannel attacks and none that are serious... the one hitting the news a week or so ago doesn't even have a proof of concept and was "discovered" in simulation... not on real hardware.
    I would not trust that, if only because now that we are finding vulnerabilities in AMD hardware now that stem a substantial ways back in the architectures life-cycle. it's only a matter of time before before something of real meat comes along (or a previous attack proves to be useful). Which was kind of expected, because as much as AMD 'fanbois' crow on how the hardware skipped the whole meltdown madness, they are not perfect.

    Comment


    • #12
      Originally posted by Duve View Post

      I would not trust that, if only because now that we are finding vulnerabilities in AMD hardware now that stem a substantial ways back in the architectures life-cycle. it's only a matter of time before before something of real meat comes along (or a previous attack proves to be useful). Which was kind of expected, because as much as AMD 'fanbois' crow on how the hardware skipped the whole meltdown madness, they are not perfect.
      9/10 FUD. But AMD is all over the news now, and will be for a considerable time if Zen 3 delivers, so there's no shortage of incentive to exploit side-channel attacks on their CPUs as well. Hell, a $4k Threadripper stomps a $20k dual Xeon setup.

      Intel's situation is dire (and will remain so until they fix their shit--i.e., when fanboys like you and retarded managers stop buying them) because their Āµarch was designed to sacrifice security for speed.

      Comment


      • #13
        Originally posted by angrypie View Post

        9/10 FUD. But AMD is all over the news now, and will be for a considerable time if Zen 3 delivers, so there's no shortage of incentive to exploit side-channel attacks on their CPUs as well. Hell, a $4k Threadripper stomps a $20k dual Xeon setup.
        Yeah, No. That is nice but this isn't a performance matter. Not directly.
        If you have follow infosec for a while, you know that once you are dealing with a hardware bug... they can be difficult to near impossible to deal with. Depending on the bug, their might be no correcting the flaw... only working around it. That is what Intel has to deal with now, some of the bugs that they have been getting will likely only be removed if they build a new micro-archutecture. AMD, honestly, have been really, really lucky that most issues have yet to apply to Zen (save the one two weeks ago that I was talking about) but with an arch as old as x86.... it's only a matter of time. AMD can't assume that they will remain unscathed forever, bugs of meltdown's magnitude will happen to them sooner or latter.

        Comment


        • #14
          I stopped supporting Intel after Lady Gaga made those videos promoting them.

          Comment


          • #15
            Originally posted by xinthose View Post
            I stopped supporting Intel after Lady Gaga made those videos promoting them.
            Ok, so what happens if AMD does? You will ditch computers forever?

            Comment


            • #16
              Originally posted by ix900 View Post

              Ok, so what happens if AMD does? You will ditch computers forever?
              We run on ARM-A53 and learn how to write non-bloated software.

              Comment


              • #17
                This is the kind of crazy security change that Linus would be mad about.

                The "make it impossible to use" kind. Apparently these people haven't heard that security vs usability is a tradeoff.

                Comment


                • #18
                  Originally posted by sandy8925 View Post
                  This is the kind of crazy security change that Linus would be mad about.

                  The "make it impossible to use" kind. Apparently these people haven't heard that security vs usability is a tradeoff.
                  These are compiler changes. Linus has no say in it

                  Comment


                  • #19
                    Originally posted by Raka555 View Post

                    We run on ARM-A53 and learn how to write non-bloated software.
                    Golang is the way, seriously,... It compiles to native code depending only on libc, and provides memory safety (ie. dangling pointers in C/C++), if it had generics, then it would rank above Java and C++ for desktop applications, and system services/daemons. Try deploying some hello world web server in docker for Java, JavaScript/node, and golang,... All of these languages provide memory safety, but, golang would be the only one starting at 6MB memory usage (and for simple app using DB, it won't even go over 20MB) in docker stats.

                    Still, Java rocks regarding development's ecosystem, but Java is not HW resource friendly, which doesn't matter to business, as programmer's salary is higher, than (their) hardware costs,...

                    Comment


                    • #20
                      mitigations=off and fuck this shit!

                      Comment

                      Working...
                      X