Re: [H] Should I rebuild my machine now or wait until the next gen of CPUs?
I agree with that. I have a DS1817+ and I’m not that concerned. An attacker would have to get their own code running on my Synology in order to exploit the vulns, and I don’t install new code on there all that often. It’s not like a desktop where you’re constantly downloading and opening/executing new files. On Sat, Jul 7, 2018 at 10:08 AM Greg Sevart wrote: > Synology does have some vulnerable models and does not appear to have > released any fixes yet. > https://www.synology.com/en-global/support/security/Synology_SA_18_01 > > However, I don't think this is a big concern for appliances like that. > Effective exploitation of meltdown or spectre requires running code on the > target system. > > -Original Message- > From: Hardware [mailto:hardware-boun...@lists.hardwaregroup.com] On Behalf > Of Winterlight > Sent: Friday, July 6, 2018 11:41 PM > To: hardw...@lists.hardwaregroup.com > Subject: Re: [H] Should I rebuild my machine now or wait until the next gen > of CPUs? > > > I was planning on getting a Synology > NASshould I be concerned about security? I assumed that they would have > this problem locked down on their new hardware...but I am not sure. > > At 07:01 PM 7/6/2018, you wrote: > >Thus far, AMD's story has been more compelling than Intel's. AMD is > >immune to meltdown, and is broadly speaking less vulnerable to the > >Sceptre variants. However, it would be naïve to believe that AMD is in > >the clear, as additional vulnerabilities are slowly coming out in this > >new and novel class of attack vector. > > > >My thinking is that while both Linux and Windows are currently only > >doing the PTI/KernelVA shadowing for Intel, it will eventually be > >mandatory for all architectures--for defense in depth if nothing else. > > > >-Original Message- > >From: Hardware > >[mailto:hardware-boun...@lists.hardwaregroup.com] On Behalf Of Brian > >Weeden > >Sent: Friday, July 6, 2018 3:42 PM > >To: hardware > >Subject: Re: [H] Should I rebuild my machine now or wait until the next > >gen of CPUs? > > > >Winter, that is exactly the situation I'm in and the question I'm > >asking. I have not applied any patches to my system because a) they're > >only partially effective and b) they have a performance hit. > > > >So I'm trying to see if it makes sense to upgrade to a new machine now, > >or whether I should stick it out for another several months > >(year?) to see if Intel or AMD rolls out something that actually fixes > >the underlying problems. > > > > > > > >- > >Brian > > > > > >On Fri, Jul 6, 2018 at 4:38 PM, Winterlight > > > >wrote: > > > > > This has been an interesting thread. So Greg the Ivy Bridge patch > > > that you posted will be delivered by Windows 10 ...eventually... > > > maybe? I am still running a P9X79 WS with my six core Ivy Bridge with > Win10. > > > InSpectre tells me Spectre is not protected and performance is slower. > > > Just how much at risk am I. I figure I will never see a BIOS update.. > > > ... or will I. The whole thing is a big mess, and I would imagine > > > there are all sorts of class action law > > suites heading toward CPU and motherboard manufactures. > > > > > > > > > > > > At 10:08 AM 7/6/2018, you wrote: > > > > > >> The chipset vulnerabilities were ugly, yes, but for their part AMD > > >> did ensure they were resolved quickly despite the research firm not > > >> following industry best-practices regarding vulnerability disclosure. > > >> My bigger beef is that AMD would use ASSmedia (not a typo) at all, > > >> given their fairly well-established track > > record of being roughly equivalent to dog excrement. > > >> I don't subscribe to the AMD Fanboy narrative that it was an Intel > > >> hit-job, though. > > >> > > >> Intel's roadmap is a real mess right now. A sudden and surprisingly > > >> competitive AMD portfolio coupled with severe yield and performance > > >> issues with their ambitious 10nm process technology has painted > > >> them into a corner with no good near-term options. So, they're > > >> going to push their 14nm++ tech for another iteration, adding > > >> cores, to (try > > >> to) re-establish clear superiority . Luckily > > for them, their 14++ is actually really good. > > >> > > >> Greg > > >> > > >> -Original Message- > > >> From: Hardware [mailto:hardware-boun...@lists.hardwaregroup.com] On > > >> Behalf Of Brian Weeden > > >> Sent: Friday, July 6, 2018 9:03 AM > > >> To: hardware > > >> Subject: Re: [H] Should I rebuild my machine now or wait until the > > >> next gen of CPUs? > > >> > > >> Thanks, Greg. That pretty much aligns with my thought process on > > >> this, so I guess it's good at least one other person is coming to > > >> the same conclusions I am :) > > >> > > >> Didn't know about the Ivy Bridge patches - will look into that more. > > >> But one of the reasons I haven't patched at all is that all the > > >> mitigations for older chips like mine have had significant > > >> performance penalties.
Re: [H] Should I rebuild my machine now or wait until the next gen of CPUs?
Synology does have some vulnerable models and does not appear to have released any fixes yet. https://www.synology.com/en-global/support/security/Synology_SA_18_01 However, I don't think this is a big concern for appliances like that. Effective exploitation of meltdown or spectre requires running code on the target system. -Original Message- From: Hardware [mailto:hardware-boun...@lists.hardwaregroup.com] On Behalf Of Winterlight Sent: Friday, July 6, 2018 11:41 PM To: hardw...@lists.hardwaregroup.com Subject: Re: [H] Should I rebuild my machine now or wait until the next gen of CPUs? I was planning on getting a Synology NASshould I be concerned about security? I assumed that they would have this problem locked down on their new hardware...but I am not sure. At 07:01 PM 7/6/2018, you wrote: >Thus far, AMD's story has been more compelling than Intel's. AMD is >immune to meltdown, and is broadly speaking less vulnerable to the >Sceptre variants. However, it would be naïve to believe that AMD is in >the clear, as additional vulnerabilities are slowly coming out in this >new and novel class of attack vector. > >My thinking is that while both Linux and Windows are currently only >doing the PTI/KernelVA shadowing for Intel, it will eventually be >mandatory for all architectures--for defense in depth if nothing else. > >-Original Message- >From: Hardware >[mailto:hardware-boun...@lists.hardwaregroup.com] On Behalf Of Brian >Weeden >Sent: Friday, July 6, 2018 3:42 PM >To: hardware >Subject: Re: [H] Should I rebuild my machine now or wait until the next >gen of CPUs? > >Winter, that is exactly the situation I'm in and the question I'm >asking. I have not applied any patches to my system because a) they're >only partially effective and b) they have a performance hit. > >So I'm trying to see if it makes sense to upgrade to a new machine now, >or whether I should stick it out for another several months >(year?) to see if Intel or AMD rolls out something that actually fixes >the underlying problems. > > > >- >Brian > > >On Fri, Jul 6, 2018 at 4:38 PM, Winterlight > >wrote: > > > This has been an interesting thread. So Greg the Ivy Bridge patch > > that you posted will be delivered by Windows 10 ...eventually... > > maybe? I am still running a P9X79 WS with my six core Ivy Bridge with Win10. > > InSpectre tells me Spectre is not protected and performance is slower. > > Just how much at risk am I. I figure I will never see a BIOS update.. > > ... or will I. The whole thing is a big mess, and I would imagine > > there are all sorts of class action law > suites heading toward CPU and motherboard manufactures. > > > > > > > > At 10:08 AM 7/6/2018, you wrote: > > > >> The chipset vulnerabilities were ugly, yes, but for their part AMD > >> did ensure they were resolved quickly despite the research firm not > >> following industry best-practices regarding vulnerability disclosure. > >> My bigger beef is that AMD would use ASSmedia (not a typo) at all, > >> given their fairly well-established track > record of being roughly equivalent to dog excrement. > >> I don't subscribe to the AMD Fanboy narrative that it was an Intel > >> hit-job, though. > >> > >> Intel's roadmap is a real mess right now. A sudden and surprisingly > >> competitive AMD portfolio coupled with severe yield and performance > >> issues with their ambitious 10nm process technology has painted > >> them into a corner with no good near-term options. So, they're > >> going to push their 14nm++ tech for another iteration, adding > >> cores, to (try > >> to) re-establish clear superiority . Luckily > for them, their 14++ is actually really good. > >> > >> Greg > >> > >> -Original Message- > >> From: Hardware [mailto:hardware-boun...@lists.hardwaregroup.com] On > >> Behalf Of Brian Weeden > >> Sent: Friday, July 6, 2018 9:03 AM > >> To: hardware > >> Subject: Re: [H] Should I rebuild my machine now or wait until the > >> next gen of CPUs? > >> > >> Thanks, Greg. That pretty much aligns with my thought process on > >> this, so I guess it's good at least one other person is coming to > >> the same conclusions I am :) > >> > >> Didn't know about the Ivy Bridge patches - will look into that more. > >> But one of the reasons I haven't patched at all is that all the > >> mitigations for older chips like mine have had significant > >> performance penalties. And at this point that's a bigger issue for > >> me than the security, as I'm not really in that big of a threat environment. > >> > >> But I plan to use whatever I buy for the next several years and it > >> would be good to get something that's not going to have major > >> structural vulnerabilities that will be problems that entire time. > >> > >> My major hangup with AMD is not the performance but rather the > >> massive vulnerabilities found in their Ryzen chipset, all because > >> they did a very poor job providing oversight of the