OK, panic again: patching Spectre and Meltdown has been a disaster

I understand the reluctance of companies to take their valuable data and processing out of their own data centers and into a cloud provider. Many of those concerns are legitimate. But generally speaking the big cloud providers have better IT than a lot of places running their own on-prem data centers.

2 Likes

I think the cloud is great. I’m just saying that these kind of hardware bugs are greater issue in the cloud than on prem. How do I know if cloud providers run their stuff better? I’ve haven’t been there so I wouldn’t know. They are probably just as good as anyone else.

1 Like

my cpu is hijacked, utube makes ad dollars off of cpu hijacking crypto miners, my phone spies on me, they are all after my sweet sweet meta data. just drop the hammer skynet, why you gotta toy with me like that? i’m better then that and I deserve better.

7 Likes

My computer crashed with this udate. I spent 3 days trying to get it up and usable. The worst thing is that Microsoft is forcing through this update. I had no idea what was happening. I had to restore my computer several times before figuring out the issue. I have now disabled updates indefinitely.

3 Likes

Your iphone is fine. It is only subject to Spectre, not meltdown. Spectre is much less serious, and is probably not a real issue if the software/os is designed correctly.

Intel’s PR has been doing an amazing job spinning this as Spectre and meltdown being comparable, so it’s a problem with everyone’s processors, not just theirs. The media largely seems to be parroting this line, but in fact, spectre is pretty minor and meltdown is utterly awful. AMD, for example, made the right decision with respect to the problem that caused meltdown, and took a very small performance hit to keep things secure.

8 Likes

These “Rescue Attempts” put me in mind of the following scene from the wonderful “Always”…

Dorinda: …so he sees this building on fire and then just outside of town of this reservoir, so what he does is…

Ted: He takes a plane, he goes over the reservoir, fills it with water, dumps it, puts the fire out.

Dorinda: No! He missed. He hit the post office next door. Knocked it on its butt! It took him three tries. The town was awash; the groceries were burnt. It was fire, flood and famine. If he could have managed plague, it would have been the four horsemen of the apocalypse in one PBY. I mean he was unique.

Train wreck? Says no one I know involved in enterprise patching cycles.

This particular vulnerability? Six, seven years-ish, maybe.
But odds are they’ll have another.

I’m in the opposite boat. My iPad is safe, but my crusty-but-dependable workhorse iMac running Mavericks is left to swing in the wind. In theory, Apple absolutely could port their patches at least down to Mountain Lion, but, in practice, they’re sticking firm to their 2-versions-back support model. Seems like this is a bad enough security risk that they might think about spreading the love further, to older versions. But, nope.

2 Likes


6 Likes

Really helps sell the new models, I guess. (There’s not a whole lot else that does…)

1 Like

Assuming stock frequencies a 66MHz i486 would be a DX2

Anyone looked at Intel’s business report lately?

I whish I was a shareholder.

1 Like

I mean, you could install Linux on your MacBook Pro.

There wouldn’t be much point in having a MacBook Pro if I did, though.

I suppose it depends on your perspective…

OS of choice is not relevant here. There are 2 sides to patch: hardware (CPU microcode and BIOS) and software (OS kernel). Problems that occur with microcode and BIOS are OS independent, so changing it won’t matter.

Skynet has been operational since 1982, their headquarters are about six miles from where I live in Wiltshire, England; the road leading to it is called Skynet Drive.
They’ve been watching you all this time…

“Row hammering” completely negates any security improvements these patches will bring, at least for any system equipped with DRAM made after 2010. Put simply, row hammering lets a process elevate itself to kernel-level access on a given system; pretty damn dire, especially if you’re running on a cloud server!

You know what? I’m simply not going to permanently gimp my PC by 5-30% (depending on task) for completely ephemeral security, EVEN IF they iron out the bugs in the patches properly. Luckily, I’ve disabled automatic updates via WinAero Tweaker, so I CAN put off these updates.

2 Likes

wasn’t much before that the the fpu used to be on its own chip in many systems.

1 Like