christopher3393 Posted January 3, 2018 Share Posted January 3, 2018 Looks like the fix may cause significant slowdowns: https://www.theguardian.com/technology/2018/jan/03/major-security-flaw-found-intel-processors-computers-windows-mac-os-linux Link to comment
rickca Posted January 4, 2018 Share Posted January 4, 2018 Patch Tuesday coming on 1/9 should be fun. Of course, Microsoft never screws this up. Pareto Audio AMD 7700 Server --> Berkeley Alpha USB --> Jeff Rowland Aeris --> Jeff Rowland 625 S2 --> Focal Utopia 3 Diablos with 2 x Focal Electra SW 1000 BE subs i7-6700K/Windows 10 --> EVGA Nu Audio Card --> Focal CMS50's Link to comment
cjf Posted January 4, 2018 Share Posted January 4, 2018 AMD PROC's may be affected also by default. If the OS "fix" is done out of fear by the DEV'S as a CYA for all x86 software in general which there is already evidence of in the Linux world it wont matter what PROC brand one chooses. Then of course there is the argument that the issue has existed for over 10yrs and no one has known it then the fame seekers who made the issue public have only harmed the world by mentioning it in the first place. One has to weigh the likelyhood of being exploited in the first place against the performance impact almost certainly bound to occur by fixing it. The fix could easily result in the need for one to almost double their existing PROC resources just to make up for the losses resulting in fixing it. Were talking big dollars on the enterprise scale! Hackers should be labeled as terrorists and have open hunting season tags attached to them much like wild hogs. Shot on the spot with no need to report it. My Audio System -Last Updated May 20 2021 Link to comment
MetalNuts Posted January 4, 2018 Share Posted January 4, 2018 It said chips made in the last decade, so it only affect those old computers, the majority of which are comparatively slow in the current standard. MetalNuts Link to comment
mansr Posted January 4, 2018 Share Posted January 4, 2018 There are actually two somewhat related attacks. More info: https://spectreattack.com Link to comment
mansr Posted January 4, 2018 Share Posted January 4, 2018 54 minutes ago, cjf said: Then of course there is the argument that the issue has existed for over 10yrs and no one has known it then the fame seekers who made the issue public have only harmed the world by mentioning it in the first place. That's flawed thinking. If these researchers found it, so could the bad guys. For all you know, they've already been using it. Link to comment
mansr Posted January 4, 2018 Share Posted January 4, 2018 56 minutes ago, cjf said: One has to weigh the likelyhood of being exploited in the first place against the performance impact almost certainly bound to occur by fixing it. Yes, for an audio-only system it doesn't matter as it won't be running untrusted code. Link to comment
rickca Posted January 4, 2018 Share Posted January 4, 2018 21 minutes ago, MetalNuts said: It said chips made in the last decade, so it only affect those old computers, the majority of which are comparatively slow in the current standard. It means processors made in the last ten years. Pareto Audio AMD 7700 Server --> Berkeley Alpha USB --> Jeff Rowland Aeris --> Jeff Rowland 625 S2 --> Focal Utopia 3 Diablos with 2 x Focal Electra SW 1000 BE subs i7-6700K/Windows 10 --> EVGA Nu Audio Card --> Focal CMS50's Link to comment
mansr Posted January 4, 2018 Share Posted January 4, 2018 11 minutes ago, rickca said: It means processors made in the last ten years. That's obviously an approximation. The flaw affects many CPUs with speculative execution, which for Intel is more or less all 64-bit models. AMD says they are not affected by the Meltdown attack though this remains to be verified. Link to comment
MetalNuts Posted January 4, 2018 Share Posted January 4, 2018 1 hour ago, rickca said: It means processors made in the last ten years. Decade is ten years, right? My rough recollection is that all those models before i3, i5, i7 model. I am pretty sure that my iMac and PC have the i5 or i7 processors. MetalNuts Link to comment
Miska Posted January 4, 2018 Share Posted January 4, 2018 At least ARM64 seems to be affected too (and maybe some more recent 32-bit Cortex-A's too), so it is not just Intel or x86 architecture... Anyway, for our audio playback use cases, this shouldn't make much performance difference. Some cloud installations may have interesting times though... Signalyst - Developer of HQPlayer Pulse & Fidelity - Software Defined Amplifiers Link to comment
Miska Posted January 4, 2018 Share Posted January 4, 2018 Google's blog post on the topic: https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html Signalyst - Developer of HQPlayer Pulse & Fidelity - Software Defined Amplifiers Link to comment
mansr Posted January 4, 2018 Share Posted January 4, 2018 23 minutes ago, Miska said: At least ARM64 seems to be affected too (and maybe some more recent 32-bit Cortex-A's too), so it is not just Intel or x86 architecture... The Spectre attack affects more systems than Meltdown which is only confirmed on Intel. The performance impact of the KPTI patches in Linux only occurs at user/kernel mode transitions, i.e. syscalls and traps. As you say, typical audio code shouldn't be heavily affected. Link to comment
mordante Posted January 4, 2018 Share Posted January 4, 2018 5 hours ago, cjf said: Hackers should be labeled as terrorists and have open hunting season tags attached to them much like wild hogs. Shot on the spot with no need to report it. I just cannot comprehend what you wrote. That takes stupidity to a whole new level. If I were to guess every country's secret service has hackers in employment, most cyber security companies as well. [br] Link to comment
marce Posted January 4, 2018 Share Posted January 4, 2018 4 hours ago, MetalNuts said: Decade is ten years, right? My rough recollection is that all those models before i3, i5, i7 model. I am pretty sure that my iMac and PC have the i5 or i7 processors. No it means all processors made in the last ten years, that includes i3,5 & 7 processors... Not processors made over 10 years ago. So i3s to i7s are included. christopher3393 1 Link to comment
MetalNuts Posted January 5, 2018 Share Posted January 5, 2018 12 hours ago, marce said: No it means all processors made in the last ten years, that includes i3,5 & 7 processors... Not processors made over 10 years ago. So i3s to i7s are included. ooops, I thought it refers to 2000 - 2010 (the last decade). MetalNuts Link to comment
AudioDoctor Posted January 5, 2018 Share Posted January 5, 2018 I am running 13.13.3 Beta version 3, allegedly has the fix, I have noticed no slowdowns at all. No electron left behind. Link to comment
cjf Posted January 6, 2018 Share Posted January 6, 2018 On 1/4/2018 at 5:25 AM, mordante said: I just cannot comprehend what you wrote. That takes stupidity to a whole new level. If I were to guess every country's secret service has hackers in employment, most cyber security companies as well. I guess you need to try harder then. I suppose by your line of thinking that those folks you listed are also the ones involved in stealing/using credit card info and peoples personal identities, launching DOS attacks responsible for taking down major internet providers and corporations across the globe all just to say they could do it and take credit for it publicly while collecting a paycheck and paying taxes? Its no different then burning down your own neighborhood. Wake up dude. The people you listed have a job because of these other slime balls. If the other parasites spent half as much time putting their skills to work for good and useful things the world would be in a much better place. My Audio System -Last Updated May 20 2021 Link to comment
Popular Post Miska Posted January 6, 2018 Popular Post Share Posted January 6, 2018 20 hours ago, cjf said: I suppose by your line of thinking that those folks you listed are also the ones involved in stealing/using credit card info and peoples personal identities, launching DOS attacks responsible for taking down major internet providers and corporations across the globe all just to say they could do it and take credit for it publicly while collecting a paycheck and paying taxes? Its no different then burning down your own neighborhood. Or NSA/GRU installing malware on computers, screwing up democratic elections, installing spyware, etc. And generally spying everybody on the globe to the extent technically possible. I have much less sympathy for nation state actors compared to individual hackers who's actions are much more visible, than the governments silently screwing half of the world. Quote If the other parasites spent half as much time putting their skills to work for good and useful things the world would be in a much better place. You must mean governments and politicians... spin33 and crenca 1 1 Signalyst - Developer of HQPlayer Pulse & Fidelity - Software Defined Amplifiers Link to comment
Miska Posted January 6, 2018 Share Posted January 6, 2018 Note, one of my favorite white-hat hacker groups is Google's Project Zero, who found also this bug. Since nation state actors and criminals don't publish their vulnerability findings, it is extremely important that we have such people who are paid to responsibly find bugs and vulnerabilities so those can be fixed and overall security improves. https://googleprojectzero.blogspot.com There are also companies who do similar work on order, to test security before the products come out. Hackers who are paid to analyze and try to break your/my software. This helps fixing problems before products face real jungle out there. Many who are very professional and clever people. I'm happy to know and have worked with such people and have my utmost respect. Signalyst - Developer of HQPlayer Pulse & Fidelity - Software Defined Amplifiers Link to comment
jabbr Posted January 7, 2018 Share Posted January 7, 2018 On 1/3/2018 at 11:49 PM, cjf said: Hackers should be labeled as terrorists and have open hunting season tags attached to them much like wild hogs. Shot on the spot with no need to report it. Thats too bad because the folks who discovered the flaw would be dead and you wouldn’t of heard about it until hackers out of your reach took down your infrastructure. AudioDoctor 1 Custom room treatments for headphone users. Link to comment
AudioDoctor Posted January 7, 2018 Share Posted January 7, 2018 On 1/4/2018 at 7:38 PM, AudioDoctor said: I am running 13.13.3 Beta version 3, allegedly has the fix, I have noticed no slowdowns at all. I want to quote myself here, I see nor observe any slowdown on either my 2011 Mac mini, i5, 16GB RAM, and an SSD, and on my brand spanking new iMac with its i7, 32GB of RAM, SSD, etc... No electron left behind. Link to comment
seeteeyou Posted January 23, 2018 Share Posted January 23, 2018 Root Cause of Reboot Issue Identified; Updated Guidance for Customers and Partners https://newsroom.intel.com/news/root-cause-of-reboot-issue-identified-updated-guidance-for-customers-and-partners/ Belay that order: Intel says you should NOT install its Meltdown firmware fixes The warning, which encompasses just about every Intel processor out there, from all PC manufacturers, takes effect immediately. And there’s no indication when it will get fixed. https://www.computerworld.com/article/3250250/malware-vulnerabilities/belay-that-order-intel-says-you-should-not-install-its-meltdown-firmware-fixes.html Quote In what appears to be a catastrophic curtain call to the "oops" moment that I discussed 10 days ago, it now seems that the bright, new firmware versions — which Intel has had six months to patch — have a nasty habit of causing “higher system reboots.” I'm just updating and securing my browser for now, let's wait and see how it goes. Link to comment
rickca Posted January 23, 2018 Share Posted January 23, 2018 This is fun. Linus Torvalds comments on the Intel fixes https://www.theinquirer.net/inquirer/news/3024926/linus-torvalds-tells-intel-that-its-spectre-and-meltdown-fixes-are-garbage Pareto Audio AMD 7700 Server --> Berkeley Alpha USB --> Jeff Rowland Aeris --> Jeff Rowland 625 S2 --> Focal Utopia 3 Diablos with 2 x Focal Electra SW 1000 BE subs i7-6700K/Windows 10 --> EVGA Nu Audio Card --> Focal CMS50's Link to comment
seeteeyou Posted January 24, 2018 Share Posted January 24, 2018 Stable Channel Update for Desktop https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html Quote The Chrome team is delighted to announce the promotion of Chrome 64 to the stable channel for Windows, Mac and Linux. Direct download links https://www.wilderssecurity.com/threads/chrome-stable-channel-update.355822/page-57#post-2734031 Actions required to mitigate Speculative Side-Channel Attack techniques https://www.chromium.org/Home/chromium-security/ssca Quote Chrome's JavaScript engine, V8, will include mitigations starting with Chrome 64, which will be released on or around January 23rd 2018. Future Chrome releases will include additional mitigations and hardening measures which will further reduce the impact of this class of attack. Additionally, the SharedArrayBuffer feature is being disabled by default. The mitigations may incur a performance penalty. Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now