Intel's Chip Bug Fixes Have Bugs of Their Own (bleepingcomputer.com) 59
From a report: Intel said late Thursday it is investigating an issue with Broadwell and Haswell CPUs after customers reported higher system reboot rates when they installed firmware updates for fixing the Spectre flaw. The hardware vendor said these systems are both home computers and data center servers. "We are working quickly with these customers to understand, diagnose and address this reboot issue," said Navin Shenoy, executive vice president and general manager of the Data Center Group at Intel Corporation. "If this requires a revised firmware update from Intel, we will distribute that update through the normal channels. We are also working directly with data center customers to discuss the issue," Shenoy added. The Intel exec said users shouldn't feel discouraged by these snags and continue to install updates from OS makers and OEMs.
Re: (Score:2)
Re: (Score:2)
I am regret... I built my skylake system shortly before Ryzen came out Skylake has its own bugs to add to these new ones.... But it will last me a while longer I plan on building a Ryzen 2 system when those launch. Will be the first AMD build for me although I have owned some AMD machines on the side my own personal rigs have always been Intel and I have been building since the P3 days. It was mostly a good run minus the whole Pentium 4 stuff but I can put up with slightly lower performance the show stoppin
Re: (Score:3)
"The Intel exec said users shouldn't feel discouraged by these snags and continue to install updates from OS makers and OEMs."
Sure...
Re: (Score:1)
I'm not touching any updates for at least a few months; chances are i might not even bother with the patches at all.
I don't run a hypervisor, i don't run untrusted software and i ALWAYS assume that anything i run can access all of the data on my machine regardless of which user i run them as.
Anything which has the opportunity at exploiting these bugs is probably already in a position to steal what it wants from my machine in terms of passwords through the use of screen cap, keylogging and the like.
And I can
Well no wonder! (Score:2)
I just got this update and this cool browser extension that makes fart sounds when you click on links stopped working with the message:
TotallyNotAMeltdownExploit() has failed. Consider rebooting.
They really gotta test this stuff before the push it out. ;)
Why am I not surprised? (Score:2)
Regression of new-bug risk is why many non-critical bugs go unfixed and why companies like IBM sometimes release patches only to those customers who complain and who are willing to accept a fix that hasn't been thoroughly tested.
patch for post above (Score:1)
Regression of new-bug risk
should read
Regression or new-bug risk
The patch above is an "early-release" patch. It has not undergone rigorous testing. The reader assumes all implementation and other risks.
Reminds me of the 2009 flu pandemic (Score:5, Informative)
In both cases there was a lot of worry about the threat. An countermeasure was rushed out, and it seems like the countermeasure may have some side effects.
https://en.wikipedia.org/wiki/... [wikipedia.org]
You have to wonder in each case if there's an element of overreaction going on.
In the Meltdown/Spectre case it the browser vendors are going to fuzz the timing functions to make side channel timing attacks harder to pull off
E.g.
http://news.softpedia.com/news... [softpedia.com]
Just like Microsoft and Mozilla, Google Chrome 64 will disable SharedArrayBuffer by default and modify the behavior of performance.now() by reducing precision from 5us to 20us in order to block exploits attempting to take advantage of the security vulnerabilities.
Also you can block third party scripts using uBlock Origin.
https://github.com/gorhill/uBl... [github.com]
Re:Reminds me of the 2009 flu pandemic (Score:4, Interesting)
It doesn't help that Intel spread some confusion. Meltdown is very serious and really does need a quick fix. Spectre needs addressing but isn't as urgent since it is quite hard to exploit successfully. Meltdown workarounds should NOT be deployed on AMD systems.
As best as I can tell, the microcode updates (BIOS) are for spectre, not meltdown.
Re: (Score:3)
It doesn't help that Intel spread some confusion. Meltdown is very serious and really does need a quick fix. Spectre needs addressing but isn't as urgent since it is quite hard to exploit successfully. Meltdown workarounds should NOT be deployed on AMD systems.
As best as I can tell, the microcode updates (BIOS) are for spectre, not meltdown.
That depends on your definition of urgent. Spectre is the problem with legs and it's going to keep running. Fix meltdown once and it's fixed. But unlike meltdown, which is a poor target, because it's being addressed, Spectre presents thousands of targets on many platforms and there is no shortage of governments and criminals sharpening their attacks right now.
There is a lot more to do to address Spectre and it involves some kind of magic where all the software engineers suddenly learn how to both develop ef
Re: (Score:2)
Patching browsers will kill practically all vectors for the Spectre attack. Even that is a little less urgent than fixing meltdown simply because it will take longer to get from POC to practical exploit.
Re: (Score:2)
Patching browsers will kill practically all vectors for the Spectre attack. Even that is a little less urgent than fixing meltdown simply because it will take longer to get from POC to practical exploit.
That was kind of my point. Meltdown is a short term attack with a short term fix. Spectre is a long term attack strategy which can be deployed in many contexts.
Let's say you are an application developer in a popular application, but you have an evil streak. You could employ Spectre in a difficult to find way to attack one of the many other bits of software on a machine. This will go on and on an on. So there's a urgency to changing software development practices to adapt to this new reality.
Re: (Score:2)
Compilers are evolving [phoronix.com] to produce hard to exploit binaries.
There is a better fix available. (Score:3, Informative)
Use AMD chips because they actually are immune to Meltdown and have already mitigated Spectre at the Microcode and OS level with a negligible impact on performance. Intel has yet to get their shit together and it's performance impact is growing with every new patch.
Re: (Score:2)
Re: (Score:2)
And your point would be?
Re: (Score:1)
It's very, very hard not to see a pattern where these "fixes" are used to screw over AMD. We see the same pattern over and over again, from ranging from the initial Linux patch for Meltdown which treated all x86 cpus as "insecure" without any exceptions, to Microsoft outright bricking AMD based computers.
We will see much more of this. Intel is big and has tentacles going deep into both the proprietary and free software world, and apparently there is plenty of people without any kind of morals in both worlds
Re: (Score:2)
You are, at least partially, correct. Bricked is the wrong term. It was, however, described that way in some news stories.
OTOH, and IIUC, you had to revert the patch to fix the problem, and I'm not sure that MSWindows lets you do that, even though Ubuntu did.
Re: (Score:3)
it's not called "Wintel" for nothing....
Re: (Score:2)
Re: (Score:2)
Define "better". Personally I define "better" as the option that doesn't require a new motherboard, CPU and RAM.
Re: (Score:2)
Define "better".
A superior outcome.
Re: (Score:2)
So not spending loads of money for something that can be fixed with a software update.
Thanks for clarifying.
Re: (Score:2)
If this were about money then you wouldn't have bought Intel shit to start with. -_-
This is obviously about superior performance.
Re: (Score:2)
If this were about money then you wouldn't have bought Intel shit to start with. -_-
This is obviously about superior performance.
You presume to know *when* I bought my system. For a longest time Intel was the only option when it came to performance. AMD was the choice of idealism and if you were looking for something performing worse than a Celeron. It is only recently that AMD has once again become a viable contender.
Re: (Score:2)
Then it's time to upgrade to AMD.
Re: (Score:2)
I haven't heard anything convincing that says Spectre can be fixed with a software update. Even Meltdown can only be ameliorated, not fixed, with a software update. I'll admit I don't know how much could be done with a microcode update, but my guess is that the only fix to Spectre that you could get with a microcode update would be disabling of speculative execution entirely.
Re: (Score:2)
I haven't heard anything convincing that says Spectre can be fixed with a software update.
There's two variants of Spectre:
Variant 1 is fixed in the kernel OR on recent processors with a microcode update. Both rely on the LFENCE opcode.
Variant 2 is fixed in the kernel with IBRS AND a microcode update (no performance on Skylake and more recent processors). It can also be mitigated in software using retpoline in the software + kernel support (no performance hit, but relies on individual programs being updated).
And for comlpeteness sake Meltdown is fixed in the kernel with KPTI.
Interestingly enough
Re: (Score:2)
Use AMD chips because they actually are immune to Meltdown and have already mitigated Spectre at the Microcode and OS level with a negligible impact on performance. Intel has yet to get their shit together and it's performance impact is growing with every new patch.
Cutting to the chase, use AMD as the fix for Intel.
Re: manage engine (Score:1)
Re: (Score:2)
QA and QC have been outsourced (Score:1)
QA and QC have been outsourced to the user now, showing a dramatic cost savings for the corporations. One could be fooled into thinking that this is a bad thing for the corporations as users might decide to pay more for a product that just works, but observing the modern economy shows that society is full of a bunch of masochists who want to pay even less for the new and shiny even if it comes broken from the get go as long as the corporations promise to fix it in software later on.
Re: (Score:2)
Also, dont forget that corporations act like a cartel, fucking up the consumers in complete unison.
"Experiencing reboots"? (Score:2)
Intel Broadwell and Haswell CPUs Experiencing Reboots After Firmware Updates
Let's call it what it is. There's a difference between a reboot and a crash. It sounds to me like users are experiencing the latter.
It takes courage (Score:2)
The Intel exec said users shouldn't feel discouraged by these snags and continue to install updates from OS makers and OEMs.
Yo Brian, It takes courage to put bugs in your bugs.
Re: (Score:3)
Yo Brian, It takes courage to put bugs in your bugs.
Clearly putting a CPU in their CPU wasn't enough.
...Yes i'm replying to my own comment, it's not weird, i'll be here all week.
99 Little bugs in the code (Score:3)
99 little bugs in the code
Take one down and patch it around
127 little bugs in the code.