No announcement yet.

Linus Torvalds Comments On STIBP & He's Not Happy - STIBP Default Will End Up Changing

  • Filter
  • Time
  • Show
Clear All
new posts

  • #31
    Originally posted by GrayShade View Post
    I'm not Michael, but have you considered subscribing? I think Michael usually has some decent discounts around Christmas. Even if you don't care much for the benchmarks, it's still a good place to find news. And a "lifetime" subscription is what, about the cost of a pair of shoes?
    I'm not yet in a phase of life where I can support every project I like monetarily.
    I regularly click some ads though.


    • #32
      I kinda suspected it. I was waiting for the middle finger, but alas we have less of the colorful character nowdays.
      I don't like it in general when security fixes for broken hardware make it deep into core.
      Especially ones that have large and unpredictable performance penalties. All because of security fiat.

      I'd like it if Linux had a big fat naglist for really stupid hardware as a non-avoidable text output.
      I'm not talking about peripheral stuff. But CPU's. PCIe controllers. Block device controllers. Etc.
      That way nobody forgets until their crap is fixed.


      • #33
        Originally posted by L_A_G View Post
        On one hand this patch probably is necessary for people running systems that aren't getting microcode updates anymore, of which there are quite a few seeing how hardware vendors' cut-off points tend to have plenty serviceable systems falling on the wrong side of it and it could stop some undiscovered and yet-to-be-resolved issues. I'd be interested to see what this does to the new speculative execution vulnerabilities published as recently last week.
        If you don't get microcode updates, you won't have these instructions?


        • #34

          Originally posted by phoronix View Post


          • #35
            Reading Linus' response just felt wrong somehow. Like a poop that pushes SOOO hard but you keep pushing it back coz you don't wanna offend the guy in the next stall.

            Honestly dude, just let it rip. It's better for everyone (even the offended ones).

            On actual tech topic, I agree it should be opt-in and never default. Also I hope AMDs don't get hit with unnecessary sticks where not needed because of all this mess.


            • #36
              Originally posted by birdie View Post
              "hostilely" - you mean I call BS what I see BS? Sorry, I can't restrain myself when there is a lot more idiots on the Internet than of reasonable people who actually know something. You see, IRL idiots are at least prudent enough to remain silent - not so much on the internet where absolute most people are hidden behind nicknames.
              Thanks for exemplifying my point so well.
              And, also when you're polite, your reasoning will be simply dismissed.
              Not in my experience. It isn't a surefire way to get your point across (because some people, like yourself, are too arrogant to ever see things any differently), but it is provably far more effective than being an asshole about it. I suggest you study the psychology of persuasion.
              Opinionated, you mean "knowledgeable"?
              No... I really meant opinionated. Such blind confidence in your own intellect is a dangerous trait to have. I'm surprised you haven't realized this yet. It is always good to doubt yourself, or at the very least, be open minded to other possibilities.
              "ironically, attention-seeking" - never thought about that actually. And if I really were, I'd find another avenue.
              Please do.
              And being notorious among Linux users? WTF, are you even serious? It's like being famous among hobos. Yes, it's a sort of insult but your reply was a pure insult in the first place because it egregiously misrepresented facts.
              Uh... I never said that? So no, I'm not serious in that regard. But even if I did say that, considering you yourself admitted how much people disregard you, how exactly are you in a position to say that is "egregiously misrepresented"?
              Still, fuck off. At least I made Linux notice the issue. You, petty fuckers at Phoronix, may keep on upvoting your insults towards me as much as you want. Most of you bloody suckers haven't done anything for Linux or open source in your entire useless life and you hate everyone with a brain who notices issues with your OS which most people in the world couldn't care less about.
              You sure seem REAL bitter considering you, apparently (according to your own quote), don't care about the hatred you receive.
              Well, thank you.
              You're either stupid or a coward, if you think putting all that text in white was supposed to be unseen by me.
              Last edited by schmidtbag; 19 November 2018, 01:42 PM.


              • #37
                The white text was attention seeking behavior. Made you look.

                It's four year-old logic.
                Last edited by rbmorse; 19 November 2018, 01:42 PM.


                • #38
                  I see some people keep on farting here while I'm back to debugging, bug reporting and helping Open Source. Never seen so many people publicly humiliating themselves. Cheers.


                  • #39
                    Originally posted by ALRBP View Post
                    If we can just disable it when compiling the kernel, then it should not be an issue for anyone compiling his kernel himself, or using a distro with sane maintainers.

                    "Warn once about it, and let the crazy people say "I'd rather take a 50% performance hit than worry about a theoretical issue"."
                    As a PhD student in computer science, I'm used to people who are essentially worried by theoretical questions, and actually seems to not care about practical considerations, to the point that a lot of their published work is in practice worthless (and lots of valuable work is not being given attention). I'm still surprised to see that engineers (kernel developers) are actually acting the same way. Maybe an effect of the excessive attention those issues where given after being reveled in research papers.
                    (Even in applied research, making a good article is considered more important than doing something this is actually useful)

                    At least, Torvalds and others are going to remove this from the default kernel config (hopefully, no distro maintainer will enable this when compiling their default kernel, except from security-centered distros ).

                    We talked a lot about Spectre, Meltdown or Heartbleed but, AFAIK, they were never actually exploited in practice, while tons of much less known issues where actually exploited to hack millions of systems. This kind of severity distortion, which has proved to be extremely dangerous when used to manipulate people's opinion for political purposes, seems to also be an issue in engendering.

                    I was sure that this subject would show up, but I'm surprised to see that Torvalds is the one pointed, and not those who created these security patchs. When reading his message, I find him perfectly sane from a technical pov, and maybe still a bit hard for public communication when using the word "crazy".
                    To be frank, I think that you are underestimating the risk there. That kind of attack has been proved to be real and feasible in the past. Deploying fixes is akin to "vaccinating" a number of computers, and acts a bit like herd immunity: the less potential targets, the less likely you are to see someone take the time necessary to develop an attack.

                    Notwithstanding the above, I get that this is something a random process could opt-in, so that's probably great for paranoid processes, and a nice way to move forward with this kind of tech:
                    Some processes are critical (encryption, for instance). Allow them to join isolated "pools" that forbid speculative attacks in-between them, and make the scheduler cooperative by pinning threads of a same "pool" to a smt unit. That way, you do not lose performance (or less), nor security. I am afraid it would cost a bit more power, though, as other thread pools might run on cores that would have been otherwise powered off.

                    Anyway, there's room for improvement, but I think that the kernel definitely needs this to be compiled in by default (with smp, at least). But certainly not for every process by default, though. We might however need a better userspace interface to control all of these mitigations.


                    • #40
                      Originally posted by wizard69 View Post

                      That is reality. I've had the good pleasure of knowing a few good programmers in the business world but they are few and far between. Why I don't know, all I do know is the wash out rate in intro to comp-sci is huge for both males and females. Usually the reality of the job sinks in pretty fast, not a lot of people want to be anchored to a desk all day (which by the way is why I never pursued the industry).
                      Unless one is using the workstation for creative arts it's a rather crap hole career. Having an actual engineering degree [M.E.] applying CS skills to enhance the career is rewarding. Becoming a software developer outside of consumer applications is a dead end career.