Announcement

**treba** · 15 January 2020, 08:03 AM

Originally posted by bearoso View Post

I know. This “vulnerability” is completely unfeasible to exploit in the first place.

Is that clear already? What about WebGL? By the way, Spectre and Meltdown were / are exploitable via the browser, too, although (slightly different story of course).

**willmore** · 15 January 2020, 10:02 AM

Originally posted by bearoso View Post

I know. This “vulnerability” is completely unfeasible to exploit in the first place. Like the others, it’s only an issue for virtualization providers, but no one’s going to provide virtual services for integrated graphics. Then it’s turned on by default, so it’s a detriment to many users in order to provide security for a nonexistent use case.

How about kernel defaults prioritizing personal computers instead of virtualization services? Oh, wait, all kernel developers now work for companies whose main business model is virtualization.

Are we still playing "found the shill"?

**Michael** · 15 January 2020, 12:56 PM

If you want to cry: https://twitter.com/phoronix/status/1217488290867302401

**Weasel** · 15 January 2020, 01:00 PM

Just use a dedicated GPU.

**Tomin** · 15 January 2020, 01:16 PM

Originally posted by Weasel View Post

Just use a dedicated GPU.

On a laptop? I mean if you have desktop with Haswell era processor and you care about GPU performance, then it's very likely that you have a dedicated GPU as well already. For laptop users there is no other choice than to upgrade the computer.

Okay, newer laptops may have Thunderbolt to connect an external GPU but that wasn't very common when Haswell was new. And even then, you don't really want to carry that GPU around.

**TeoLinuX** · 15 January 2020, 01:22 PM

Intel is the Boeing of processors.
Once a great innovative company, today a fail fest

**saski** · 15 January 2020, 02:37 PM

Originally posted by Michael View Post

If you want to cry: https://twitter.com/phoronix/status/1217488290867302401

Holy moly! This is even worse than I feared. Much much worse! If intel doesn't come up with a smarter solution or an option to disable this mitigation the whole APU is practically garbage. Looking frightfully forward to results of GEN9 benchmarks!

**mzs.112000** · 15 January 2020, 05:35 PM

Yeah, guess who's disabling this mitigation too.
My kernel command line is going to get a few entries longer.

**madscientist159** · 15 January 2020, 05:55 PM

Originally posted by mzs.112000 View Post

Yeah, guess who's disabling this mitigation too.
My kernel command line is going to get a few entries longer.

Hope you browse the Internet with Javascript disabled and GPU offload turned off, or you might regret that decision at some point.

It's much like running Windows with no antivirus; if you know what you're doing and take all protective measures, you can maybe get away with it, but mess up just once and you're thoroughly compromised.

**bearoso** · 15 January 2020, 06:21 PM

Originally posted by willmore View Post

Are we still playing "found the shill"?

I’m not one for blind brand loyalty. I’m using AMD discrete GPUs ATM and Intel CPUs, but strictly considering AMD CPUs in the future. I’m very concerned about performance loss, though, considering we’re starting to plateau in single threaded performance. Don’t assume these security theater antics will be limited to Intel, either, now that AMD is getting more popular.

It’s completely unfeasible to weaponize these glitches. Sure, you might manage to trigger it with JavaScript, but in an unpredictable, unreliable manner. That’s not going to work with random spray-and-pray exploits, and if you’re targeting someone it’s far less reliable than other phishing methods.

Announcement

Intel Ivybridge + Haswell Require Security Mitigation For Graphics Hardware Flaw

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment