Re: [Trisquel-users] Hot news - Major flaw in Intel CPUs

[Cassandra of Troy]

To be bluntly honest, I'm just glad I don't work in IT and I wish I
could give all of you "suits and ties" some spare change right about now.

I can spare a change of attitude, anyway. You be you--I'll be back when
I can patch my AMD back together with scotch tape and chewing gum. I was
going to strip it for parts, but I'm sure there are people in this world
who intended to do the same with my illustrious self.

LMK if there's anything we can do to help; I can still spare a cup of
coffee or enough cash for a box of kleenex if you don't have enough for
all the tears you can't swallow any more. It's okay to grieve for what
you have lost, even though I can't fully understand or appreciate the
depth of your pain right now.

I am so sorry for your loss.

Re: [Trisquel-users] Hot news - Major flaw in Intel CPUs

[jodiendo]

well if I'm hungry! I do scoffer from a software patch , because my brains  
think of a good meal. but if I suffer a security breakdown in my colon it  
means a bad digestion, ..about that madness@

Re: [Trisquel-users] Hot news - Major flaw in Intel CPUs

[calmstorm]

My bad, good catch there.

But yeah, governments need transparency on their policies towards their  
citizens. If nothing else...


I thought I had seen something besides that once where he said spying on  
governments is needed, not people obviously, but maybe I read a false article  
or something.


It is possible he just doesn't approve of spying in general.

Re: [Trisquel-users] Hot news - Major flaw in Intel CPUs

[Ignacio Agulló]

Found this series of articles:

*Processor/CPU Speculative Execution Patching on Linux Tutorial* series:

 1. How to patch Meltdown CPU Vulnerability CVE-2017-5754 on Linux


 2. How to patch Spectre Vulnerability CVE-2017-5753/CVE-2017-5715 on
Linux


 3. How to check Linux for Spectre and Meltdown vulnerability


 4. How to install/update Intel microcode firmware on Linux



 I find the last part to be disturbing.  It is listed in the series
even though it doesn't mention Meltdown or Spectre, as it was a
requirement to patch them.

 Why updating the Intel microcode firmware would be disturbing to
me?  Because my computer is Librebooted and...:

"Coreboot does distribute microcode updates for Intel and AMD CPUs, but
libreboot cannot, because the whole point of libreboot is to be 100%
free software ."

-- 
Ignacio Agulló · agu...@ati.es



0xC6AB2D51.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature

Re: [Trisquel-users] Hot news - Major flaw in Intel CPUs

[leestrobel]

God, my html skills are truly terrible. How do I quote some html code,  
without it being interpreted? Arg!

Re: [Trisquel-users] Hot news - Major flaw in Intel CPUs

[leestrobel]

Yes, sorry, I keep doing this ...

I thought that www.link.com should give a hyperlink to that address, but it  
doesn't. Unfortunately, it seems that it is also not possible to edit a post  
on the forum here, unless it is a reply to someone else's post (which both of  
my earlier posts containing those links are not).


I'll try to stop doing it in future ... :-(

Re: [Trisquel-users] Hot news - Major flaw in Intel CPUs

[svenerik_vn]

HTML who? :p

Re: [Trisquel-users] Hot news - Major flaw in Intel CPUs

[greatgnu]

I guess their HTML foo is even worse than mine :P

Just highlight the link with your mouse and copy it and paste it in your url  
bar

Re: [Trisquel-users] Hot news - Major flaw in Intel CPUs

[greatgnu]

What? Why would it take so long? Debian released the patched kernel for  
meltdown on January 4.

Re: [Trisquel-users] Hot news - Major flaw in Intel CPUs

[greatgnu]

>I indeed did not understand it right.

Yeah, me too (and I even read, well read not understood, the pdf from  
goobles0)


What I find interesting is the wording from AMD's post about the issue, I  
guess they don't know fore sure yet. We'll see.

Re: [Trisquel-users] Hot news - Major flaw in Intel CPUs

[svenerik_vn]

When I click on the techcrunch link in your post I just get redirected to  
this post, anyone else got this issue?

Re: [Trisquel-users] Hot news - Major flaw in Intel CPUs

[ariella]

https://insights.ubuntu.com/2018/01/04/ubuntu-updates-for-the-meltdown-spectre-vulnerabilities/

Ubuntu users of the 64-bit x86 architecture (aka, amd64) can expect updated  
kernels by the original January 9, 2018 coordinated release date, and sooner  
if possible.  Updates will be available for:


Ubuntu 17.10 (Artful) — Linux 4.13 HWE
Ubuntu 16.04 LTS (Xenial) — Linux 4.4 (and 4.4 HWE)
Ubuntu 14.04 LTS (Trusty) — Linux 3.13
Ubuntu 12.04 ESM** (Precise) — Linux 3.2
Note that an Ubuntu Advantage license is required for the 12.04 ESM  
kernel update, as Ubuntu 12.04 LTS is past its end-of-life


Ubuntu 18.04 LTS (Bionic) will release in April of 2018, and will ship a 4.15  
kernel, which includes the KPTI patchset as integrated upstream.

Re: [Trisquel-users] Hot news - Major flaw in Intel CPUs

[ariella]

Good thinking! Thanks! That's what I'll look for. 

Re: [Trisquel-users] Hot news - Major flaw in Intel CPUs

[Alexander Stephen Thomas Ross]

Re EOMA-68 computer cards & devices. Luke has opportunity for some
interesting cpu cards and theres a team developing risc cpus in India
which i believe have a mandate and the money from the gov to make free
cpu’s targeted for things like laptops and other computers a society needs.

See for india risc cpu details:
http://lists.phcomp.co.uk/pipermail/arm-netbook/2017-December/015062.html

Re: [Trisquel-users] Hot news - Major flaw in Intel CPUs

[jason]

Everyone is having a metldown because Canonical has not released fixes yet.

The bigger question is: When will Canonical fix it in Ubuntu? Trisquel  
inherits security updates from Ubuntu so *THAT* is the question you want to  
be asking.

Re: [Trisquel-users] Hot news - Major flaw in Intel CPUs

[greatgnu]

It might be senility or I suddenly can not understand English, so I will just  
copy and paste here..



The bounds check bypass has also been shown to read kernel memory on Intel  
and AMD processors. Importantly, this does not work on AMD processors in  
default configurations. The proof-of-concept requires BPF JIT to be manually  
enabled in the Linux kernel for AMD processors. (It is not, by default.) The  
tested Intel processor was vulnerable independent of the BPF JIT setting.


https://www.techrepublic.com/article/massive-intel-cpu-flaw-understanding-the-technical-details-of-meltdown-and-spectre/


And this is from the goobles zero study directly:

A PoC for variant 1 that, when running with normal user privileges under a  
modern Linux kernel with a distro-standard config, can perform arbitrary  
reads in a 4GiB range [3] in kernel virtual memory on the Intel Haswell Xeon  
CPU. If the kernel's BPF JIT is enabled (non-default configuration), it also  
works on the AMD PRO CPU.


And yep, the variant one is -> Variant 1: bounds check bypass (CVE-2017-5753)

That is the only one exploit AMD says it can represent a problem for their  
CPUs, meltdown does not affect it due to architecture differences and the  
second variant according to AMD has "near zero risk of exploitation".


If so, I am a happy guy :)
Well, in each case it would appear that exploiting spectre is quite tough and  
to my understanding nowhere near as grave as meltdown.


Imagine how nice must it be to have a ready cross-platform exploit for every  
single Intel CPU ever made for 20 years.. Not that I wish to imply that Intel  
did this on purpose or to gain single core performance advantage over AMD. :P



 

Re: [Trisquel-users] Hot news - Major flaw in Intel CPUs

[greatgnu]

If I understand it correctly there are three vulnerabilities, two spectre and  
one meltdown bugs. Intel processors are affected by all of them and on all  
operating systems. AMD is affected by one spectre vulerability only on  
GNU/Linux and only if you use non-default kernel settings. Correct me if I am  
wrong. 

Re: [Trisquel-users] Hot news - Major flaw in Intel CPUs

[Ignacio Agulló]

On 05/01/18 05:46, wrote:
> I agree with Stallman. what he says here is absolutely true.
>
> http://www.darkpolitricks.com/2014/02/scandal-is-not-spying-on-governments-but-on-people-stallman-to-rt/
>
>
> About spying on governments being fine but not on people.

  He doesn't say that it is fine.  He says it is not an scandal.

-- 
Ignacio Agulló · agu...@ati.es



0xC6AB2D51.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature

Re: [Trisquel-users] Hot news - Major flaw in Intel CPUs

[leestrobel]

This is a great reply - thank you for providing these details. Yes, I agree  
that Spectre seems to be a big concern for free computing. Does anyone know  
what the implications may be for the EOMA68 project? I assume POWER9 isn't  
affected, as I haven't seen it mentioned anywhere?

Re: [Trisquel-users] Hot news - Major flaw in Intel CPUs

[calmstorm]

Yep, this is scary stuff. I hope that the crazies in our world lose power.  
Trump is just a symptom of the issue sadly... He isn't the moron who started  
all this crap. That began with Nixon. At least in my country anyways...


I agree with Stallman. what he says here is absolutely true.

http://www.darkpolitricks.com/2014/02/scandal-is-not-spying-on-governments-but-on-people-stallman-to-rt/

About spying on governments being fine but not on people.

Re: [Trisquel-users] Hot news - Major flaw in Intel CPUs

[contact]

Pretty much this is the case, alternatives to the juggernauts who are  
actively against software freedom and all about cosolidating control and  
power, must be built. AMD and Intel can easily make free (as in freedom)  
friendly hardware (or not exploit labor or build fabrication plants on stolen  
land), even though they know there are issues with proprietary software and  
security-through-obscurity means and violating human rights on all levels.  
The rest of the world could care less about 30% performance cut in CPU's  
power or lack of software freedom; a tweet from Trump will make headlines and  
the world moves on. I/We continue to beg/plead hardware manufacturers to make  
something libre friendly or release graphics drivers, and they continually  
ignore. It would be great to pay them in their own coin. There is a demand  
for free soft/hardware, so let us fulfill that demand. Talos is a step, but  
that is all it is. If my next hardware upgrade is freedom friendly, we have  
made progress. 

Re: [Trisquel-users] Hot news - Major flaw in Intel CPUs

[leestrobel]

I think the best thing that can come out of this mess is an increased drive  
to develop viable alternatives to Intel/x86.

Re: [Trisquel-users] Hot news - Major flaw in Intel CPUs

[robert . kirkpatrick]

There are two distinct, albeit related, CPU vulnerabilities making recent  
news.  One of them, "Meltdown," is Intel-specific.  The other, "Spectre," is  
present in all recent Intel, AMD, and ARM CPUs (and potentially, any CPU that  
uses branch prediction and speculative execution).  Meltdown can be repaired  
with kernel updates (there's already a patch for it in the Linux source  
repository), but the fix can slow performance by as much as 30%.  Spectre is  
a more difficult vulnerability to exploit, but it has no fix short of  
replacing the CPU outright.  Apparently not even a microcode update will  
suffice--Spectre is a flaw in the fundamental hardware design.


I think Spectre may be the greater cause for concern in the libre-software  
community.  A lot of us are using relatively old Intel CPUs that predate the  
Intel Management Engine, but Spectre is thought to be present in ALL modern  
CPUs designed by Intel, AMD, and ARM, and the only fix for it is to replace  
the processor.  And of course, replacing your CPU with a new one from Intel  
or AMD is going to get you the Intel ME or the AMD PSP.


NYT article: https://www.nytimes.com/2018/01/03/business/computer-flaws.html

The Guardian article:  
https://www.theguardian.com/technology/2018/jan/04/meltdown-spectre-computer-processor-intel-security-flaws-explainer


Google Project Zero blog post, with links to the Meltdown and Spectre papers:  
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html

Re: [Trisquel-users] Hot news - Major flaw in Intel CPUs

[contact]

Well that's a problem that needs to be adressed. There are bigger demands now  
and these manufacturers need to think about graphics, not just CPU's. 

Re: [Trisquel-users] Hot news - Major flaw in Intel CPUs

[vitacell]

You are right.

But when I say PowerPC I mean everything with PowerPC, not only TalosII.  
Computers like Powermac with 2 CPUs (I have one)(yes I know is crApple). Also  
project like:


https://www.powerpc-notebook.org/en/

The problem is, obviously GPU, PowerPC won't have Intel integrated GPU, AMD  
chips need blob for work, and newest Nvidia need signed firmware (I don't  
know if these chips works fine without signed firmware).

Re: [Trisquel-users] Hot news - Major flaw in Intel CPUs

[ivan . baldinotti]

Time for risc?

Re: [Trisquel-users] Hot news - Major flaw in Intel CPUs

[ivan . baldinotti]

Here better information:  
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html

Also arm cpus are affected and amd as well.

Re: [Trisquel-users] Hot news - Major flaw in Intel CPUs

[calmstorm]

Now that isn't good. Older computers needing to be slowed down just to fix  
one bug? awful.


Especially if you use an x200, etc,

Re: [Trisquel-users] Hot news - Major flaw in Intel CPUs

[contact]

Word. But AMD gots to free the GPU code, son. Let my drivah's growww! 

Re: [Trisquel-users] Hot news - Major flaw in Intel CPUs

[ivan . baldinotti]

AMD processors seem not affected. 

Re: [Trisquel-users] Hot news - Major flaw in Intel CPUs

[contact]

You mentioned Talos, but it is not really available per purchase yet, is it?  
Also, there is an issue with graphics cards too. Which ones will go with  
power PC if you have graphics (intensive) related tasks?


https://www.raptorcs.com/TALOSII/  

Re: [Trisquel-users] Hot news - Major flaw in Intel CPUs

[vitacell]

This is what happens when you gift ME(Spywarement Engine), Intel Boot  
Guard(Backdoor Boot Guard), AMT(Active NSAgement Engine) with your chips.

Re: [Trisquel-users] Hot news - Major flaw in Intel CPUs

[leestrobel]

From what I read in the news articles, it sounds like the issue is a flaw in  
the chip design, which can't be simply fixed by updating the microcode. In  
which case, the only way that Intel can fix it is with a new chip design,  
which will almost certainly include their horrible Management Engine.


Not good news for free computing. I think this highlights even more how much  
we need viable alternatives to Intel. :-(

Re: [Trisquel-users] Hot news - Major flaw in Intel CPUs

[s1lv3r1997]

damn this is so bad for us,i just read the news

Re: [Trisquel-users] Hot news - Major flaw in Intel CPUs

[contact]

Intel is a big company with a lot of smart people working for them. This bug  
fix is likely just banged out as a stop-gap. I am sure they will come out  
with a more efficient solution over time to make the performance decrease  
negligible. Obviously this sucks now but great solutions are not always  
possible on short notice.  

Re: [Trisquel-users] Hot news - Major flaw in Intel CPUs

[leestrobel]

This article in PC World provides some interesting details:

https://www.pcworld.com/article/3245606/security/intel-x86-cpu-kernel-bug-faq-how-it-affects-pc-mac.html

It seems like the kernel developers are keeping the details under wraps until  
they get the fix released; however, the article suggests that the issue will  
probably affect all 64-bit Intel CPUs and older ones may be affected more  
than newer ones (which may not be a good thing for fully free systems using  
Core 2 Duos).


'The Core i7-8700K saw a massive performance decrease in FS-Mark 3.3 and  
Compile Bench, a pair of synthetic I/O benchmarks.' --- yuck!

Re: [Trisquel-users] Hot news - Major flaw in Intel CPUs

[contact]

As if Intel directly supporting appartheid wasn't enough.
https://www.stopthewall.org/2005/08/05/boycott-intel-products-setting-factory-palestinian-stolen-lands
But you know, tech over lives, right? 

[Trisquel-users] Hot news - Major flaw in Intel CPUs

[leestrobel]

In the news today:

https://techcrunch.com/2018/01/03/a-major-kernel-vulnerability-is-going-to-slow-down-all-intel-processors-2/

It seems that a serious flaw has been discovered in Intel chips, which allows  
userspace processes to potentially access kernel memory areas that are  
supposed to be protected. Both Windows and Linux developers are scrambling to  
patch the flaw, which is apparently going to reduce performance by up to 30%.  
Bad stuff.


I haven't been able to find a definitive list of precisely which Intel chips  
will be affected (please post if anyone can find it). Seems like another good  
reason to avoid Intel, if we can.