Intel's Chip Bug Fixes Have Bugs of Their Own (bleepingcomputer.com) 47
From a report: Intel said late Thursday it is investigating an issue with Broadwell and Haswell CPUs after customers reported higher system reboot rates when they installed firmware updates for fixing the Spectre flaw. The hardware vendor said these systems are both home computers and data center servers. "We are working quickly with these customers to understand, diagnose and address this reboot issue," said Navin Shenoy, executive vice president and general manager of the Data Center Group at Intel Corporation. "If this requires a revised firmware update from Intel, we will distribute that update through the normal channels. We are also working directly with data center customers to discuss the issue," Shenoy added. The Intel exec said users shouldn't feel discouraged by these snags and continue to install updates from OS makers and OEMs.
"The Intel exec said users shouldn't feel discouraged by these snags and continue to install updates from OS makers and OEMs."
I'm not touching any updates for at least a few months; chances are i might not even bother with the patches at all.
I don't run a hypervisor, i don't run untrusted software and i ALWAYS assume that anything i run can access all of the data on my machine regardless of which user i run them as.
Anything which has the opportunity at exploiting these bugs is probably already in a position to steal what it wants from my machine in terms of passwords through the use of screen cap, keylogging and the like.
Well no wonder! (Score:2)
I just got this update and this cool browser extension that makes fart sounds when you click on links stopped working with the message:
TotallyNotAMeltdownExploit() has failed. Consider rebooting.
They really gotta test this stuff before the push it out.
Why am I not surprised? (Score:2)
Regression of new-bug risk is why many non-critical bugs go unfixed and why companies like IBM sometimes release patches only to those customers who complain and who are willing to accept a fix that hasn't been thoroughly tested.
Reminds me of the 2009 flu pandemic (Score:5, Informative)
In both cases there was a lot of worry about the threat. An countermeasure was rushed out, and it seems like the countermeasure may have some side effects.
https://en.wikipedia.org/wiki/... [wikipedia.org]
You have to wonder in each case if there's an element of overreaction going on.
In the Meltdown/Spectre case it the browser vendors are going to fuzz the timing functions to make side channel timing attacks harder to pull off
http://news.softpedia.com/news... [softpedia.com]
Just like Microsoft and Mozilla, Google Chrome 64 will disable SharedArrayBuffer by default and modify the behavior of performance.now() by reducing precision from 5us to 20us in order to block exploits attempting to take advantage of the security vulnerabilities.
Also you can block third party scripts using uBlock Origin.
https://github.com/gorhill/uBl... [github.com]
It doesn't help that Intel spread some confusion. Meltdown is very serious and really does need a quick fix. Spectre needs addressing but isn't as urgent since it is quite hard to exploit successfully. Meltdown workarounds should NOT be deployed on AMD systems.
As best as I can tell, the microcode updates (BIOS) are for spectre, not meltdown.
There is a better fix available. (Score:3, Informative)
Use AMD chips because they actually are immune to Meltdown and have already mitigated Spectre at the Microcode and OS level with a negligible impact on performance. Intel has yet to get their shit together and it's performance impact is growing with every new patch.
And your point would be?
You are, at least partially, correct. Bricked is the wrong term. It was, however, described that way in some news stories.
OTOH, and IIUC, you had to revert the patch to fix the problem, and I'm not sure that MSWindows lets you do that, even though Ubuntu did.
it's not called "Wintel" for nothing....
Define "better". Personally I define "better" as the option that doesn't require a new motherboard, CPU and RAM.
Define "better".
A superior outcome.
So not spending loads of money for something that can be fixed with a software update.
Thanks for clarifying.
If this were about money then you wouldn't have bought Intel shit to start with. -_-
This is obviously about superior performance.
I haven't heard anything convincing that says Spectre can be fixed with a software update. Even Meltdown can only be ameliorated, not fixed, with a software update. I'll admit I don't know how much could be done with a microcode update, but my guess is that the only fix to Spectre that you could get with a microcode update would be disabling of speculative execution entirely.
Also, dont forget that corporations act like a cartel, fucking up the consumers in complete unison.
"Experiencing reboots"? (Score:2)
Intel Broadwell and Haswell CPUs Experiencing Reboots After Firmware Updates
Let's call it what it is. There's a difference between a reboot and a crash. It sounds to me like users are experiencing the latter.
It takes courage (Score:2)
The Intel exec said users shouldn't feel discouraged by these snags and continue to install updates from OS makers and OEMs.
Yo Brian, It takes courage to put bugs in your bugs.
Yo Brian, It takes courage to put bugs in your bugs.
Clearly putting a CPU in their CPU wasn't enough.
...Yes i'm replying to my own comment, it's not weird, i'll be here all week.
