[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
|
FYI.. partially on topic as Linux is mentioned.. -------- Forwarded Message --------
Today is Patch Tuesday and as promised, Microsoft have released the patch that will (temporarily) mitigate the effects of Meltdown and Spectre (reducing system performance by 30% in the process) but it's already gone wrong as users with AMD CPUs are saying that their PCs are unable to boot past the windows logo screen after applying the update (remember that Windows 10 doesn't allow users to turn off the update either) The article doesn't say whether the bricking is occurring at an OS level or at the hardware level (bear in mind that both Meltdown and Spectre are hardware design flaws and can only be properly fixed if the manufacturers redesign the CPUs from the ground up as they both exploit the concept of Speculative Execution which is fundamental to getting high performance out of modern computers (as CPU speeds are already about as high as current technology will allow - which is why CPUs haven't got any faster for ten years or so now) so other techniques are being used to squeeze extra performance out of them. Speculative Execution works by having the CPU pre-emptively execute code that it thinks you might want to use, based on what you did previously. If it gets it right, the system carries on going and if not, then it has to branch to a new subroutine to do what you actually wanted to do - this is why you occasionally get a tiny glitch while running games, for example, where the CPU has to go back and correct a wrong prediction. The Meltdown and Spectre exploits target this predictive behaviour by getting the CPU to execute arbitrary code in RAM and the exploit is easy to set up with _javascript_ so it's totally cross-platform and can run by simply visiting a malicious web page without even clicking on anything. There is no fix other than replacing the CPU with a redesigned one, so what the patch does is to mitigate the effects of the exploit by disabling the speculative execution, which is why you can expect to lose system performance as a result. The latest Linux kernel is already patched to do this (so everybody can expect lower performance in the future) so any Linux users who do regular kernel updates have already got a safer (though slower) system. Why the latest windows update has fucked up is unclear, as AMD CPUs, although vulnerable to these attacks, are much safer than Intel ones, as the attacker would need physical access to the machine in order to set up the exploit on AMD systems while Intel CPUs can be attacked remotely. Trouble is, it looks like the patch wasn't tested on AMD systems (Microsoft famously develops on all-Intel racks) No doubt they will look into this on this week's TechSNAP so I'll be watching that one with interest. I guess for the time being, it looks as if you're running Windows on an AMD system, you're better off not patching it. (Assuming you're not running Windows 10 of course, in which case you have no choice - though an class action suit against Microsoft maybe in order if the update bricks the PC at the hardware level. The article doesn't make clear if the issue is hardware or software based (i.e.. does the bricking prevent dual-boot systems running and will a full OS reinstall fix it or will it totally fuck up the hardware. While I would initially suspect it to be at the OS level, I do know that Intel have been talking about a BIOS flash to patch this - if that's the case and it's gone wrong, then users could be left with expensive paperweights :( https://uk.finance.yahoo.com/news/microsoft-apos-apos-meltdown-apos-093400503.html -- All government snoopers have very small penises |
-- The Mailing List for the Devon & Cornwall LUG https://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq