Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

Just watched the first two minutes of Intel's CEO keynote. I didn't hear the word sorry or aplogize. Just see Intel not taking any blame with the slide that shows all CPU architectures are vulnerable. Brian also doesn't strike me as a likeable or sympathic guy. I don't see him doing well in crisis control mode in public scrutiny.

https://www.youtube.com/watch?v=f71yokde704

My E8400 is vulnerable. Patch for Lubuntu is supposed to be released Jan 9.

Spectre and Meltdown mitigation detection tool v0.17

Checking for vulnerabilities against live running kernel Linux 4.13.0-17-generic #20-Ubuntu SMP Mon Nov 6 10:04:08 UTC 2017 x86_64
Will use vmlinux image /boot/vmlinuz-4.13.0-17-generic
Will use kconfig /boot/config-4.13.0-17-generic
Will use System.map file /boot/System.map-4.13.0-17-generic

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Kernel compiled with LFENCE opcode inserted at the proper places: NO (only 42 opcodes found, should be >= 70)
> STATUS: VULNERABLE

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
* Hardware (CPU microcode) support for mitigation: NO
* Kernel support for IBRS: NO
* IBRS enabled for Kernel space: NO
* IBRS enabled for User space: NO
* Mitigation 2
* Kernel compiled with retpoline option: NO
* Kernel compiled with a retpoline-aware compiler: NO
> STATUS: VULNERABLE (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Kernel supports Page Table Isolation (PTI): NO
* PTI enabled and active: NO
> STATUS: VULNERABLE (PTI is needed to mitigate the vulnerability)

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

Just because they are RULES doesn't mean they are followed!

Walking around the neighborhood, I can see plenty of cases where NM cable is stapled to the exterior of facia boards without even running it through conduit or liquid-tight. But, an inspector driving by isn't going to get out of his car and write the guy up -- they'll wait for the house to catch fire from some other cause...

And, there are plenty of licensed electricians who will gladly look the other way if financially motivated.

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

oooo.....
i bet Intel paid a lot for this "feature" to be included.
it's just too perfect to be an accident.
http://www.theregister.co.uk/2018/01...d_powered_pcs/

so now they can tell people to stick with "reliable" Intel shit!!

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

land-of-the-free.
you need to do a bit more swamp-draining.

pretty damned funny considering some of the dangerous crap that is permissable or common.
like insulation-displacement connectors and those laughable domestic power outlets.

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

Oh my, glad we have normal line voltage here and while the laws and regulations are also sack of shit already, it's still not so bad. Yet.

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

Doesn't matter if the components are NEMA, etc. There are use questions involved.

E.g., I wanted to put a 220V 60A outlet by the air conditioner compressor and a "plug" on the end of the cable to the compressor. Plug the compressor into the outlet, arrange for the outlet to be encased in a weatherproof housing, etc.

Then, put a similar plug on our electric kiln.

When we wanted to use the kiln, unplug the compressor and plug the kiln into the circuit. Instead of running a separate circuit for just the kiln (which is rarely used).

Electrically, everything is kosher -- kiln doesn't draw more than the branch circuit is rated, grounding issues are correct, weatherproofing, etc.

But, local Code doesn't allow this. Compressor must be on a dedicated circuit... a circuit dedicated to the compressor (not "generic 220V 60A loads").

Likewise, wanted to put an electric "instant" hot water heater located under the sink on the kitchen circuit. Had to run a separate circuit for it as the counter circuits are not to support any "fixed appliances".

In each case, everything would work as expected, circuit breakers (and GFCI's) would provide required protections, etc. but Code doesn't allow.

I am free to ignore that and do as I please -- until something goes wrong and I'm found to be out of compliance (will insurer pay if signs of obvious code violations? how long will city give me to have a LICENSED electrician bring things up to Code? will they allow occupancy while that is happening? etc.)

OTOH, it is normal for an oven or a clothes dryer to have a 30+A 220V outlet to connect the appliance. And, there's no law against operating a server out of your kitchen or laundry room in lieu of said appliance (it just "looks odd")

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

code??
those are globally recognised standard connectors with all the usual aprovals.
go down to your nearest McDonalds and see them hanging from the ceiling.
(just dont eat the "food")

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

It's not a question of having the skillset and components to "make it work" but, rather, the legal/liability consequences of doing things that aren't to Code.

Of course, you can do damn near anything you want inside your home -- no one is going to come knocking to inspect it! OTOH, have a fire or similar and you can't roll back time to undo those Code violations so they aren't visible to the insurance/fire "incident" inspectors.

[Of course, there's a REASON for all those Code requirements/constraints so you should be asking yourself, "what do the writers know that I don't?"]

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

if you do your own wiring, fit some 16A CEE17 connectors.

http://cpc.farnell.com/pce/113-6/16a...skt/dp/PL15600

http://cpc.farnell.com/pce/313-6/p-m...30v/dp/PL15608

http://cpc.farnell.com/pce/013-6/plu...30v/dp/PL15567

i just picked up a couple of IP67 ones for the garden

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

In most american homes, the only places to conveniently access BOTH legs are:

• electric stove/range (if you cook with electric)
• air conditioner (typ central air as MOST window units are 110)
• clothes dryer (if you don't use gas)

A (central) air conditioner is a dedicated branch circuit and won' t have an "outlet" that you can conveniently access.

The outlets behind the stove/oven and dryer require moving a large appliance to gain access. Most homes can live without a functioning dryer (AND a dryer that has been moved away from the wall to gain access) but pulling the stove/oven out usually meets with some stiff resistance (from female household members).

Some homes are wired with 12/3 w/GND in their kitchens. As such, you can conceivably access both legs from any outlet (half of the outlets are wired to one leg while the other half are wired to the other -- a net saving in copper). And, the countertop branch circuits must be 20A so this ensures you can feed the 2KW power supply in the server. But, any semi-permanent arrangement (i.e., something that you could use, again) like this would probably raise lots of eyebrows with building inspectors (and fire marshalls in the event of a fire... in someplace like a KITCHEN! )

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

So you're in the Americas and it uses 240 V input? (or 220 V, maybe 208 V, if the poco you have, has an old transformer, IIRC)

In the Americas, at least north America and central America, (probably) use 2 120 V legs for 240 V.

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

Honestly it's only firefox that's really miserable on it now. But I still find use in it as a shell box with a normal keyboard (granted, it's still a bit small for my fingers, but much better than a touchscreen virtual keyboard that wastes screen real estate...)

I do wonder how much slower it'd get if I set up full disk encryption on it, along with the pending recompile of all binaries so I can keep up with the linux distribution (it's the cost of not requiring a reinstall every few years and stlil stay up to date)...

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

No, it also relies on having access to a sense of time and the ability to run arbitrary/untrusted binaries directly on the hardware. Deny any of these and the exploit falls apart.

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

When it comes to heating the house, I use the BladeServer (dual 3.6GHz Xeon, 8GB RAM and 144GB of disk space per blade, 14 blades). Have to unplug the clothes dryer to use the damn thing

I think each of the fans ("blowers") draws 50W...

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

Lol, you're not kidding. It was an amazing bit of kit back in the day though. Mobile computing anywhere and it's wasn't the weight of a brick.

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

Spectre 1 but that is something that hits ALL CPUs with speculative excecution...
But _NOT_ Spectre 2 and not Meltdown...

So it would be nice if we would stick to the facts and not try to downplay this shit.

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

Ähm, no.
From what we know right now, it seems that it isn't as bad as with Linux.

The Security Scientists said something like everything under Linux could be read and most things under Windows.

Most is a bit better than everything.

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

Best describes my 2008 Core 2 Quad "Kentsfield" Q6600 at around 3.0 Ghz. LOL.

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

I also have an N270 Atom in my eeePC. I'm glad, it doesn't need to get any slower than it already is...

I need to rebuild all its binaries too, ugh. The pains of running a source based distribution that decided to make an across-the-board change...

----

Yes, the R10K will need to be tested. I think the R4000/R4400 were scalar and shouldn't have these issues.

----

And I just patched my i7 (linux) for Meltdown... it's not dastardly slower, fortunately. Unsure about Spectre yet. On the good side, machines that don't constantly download code (or is forced to download code) is "safe" for now - so fixed job (i.e. not ssh or other shell box type) servers are OK to leave unpatched temporarily. Client machines and shell boxes, however, must be patched ASAP as likely they will be fed new code on a continual basis (like javascript...)

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

The Mini 9 has an N270.