Note: This post has been moved from Latest Picks due to length of extended updates.
With it coming to light in the last couple of days that seemingly the majority of chips in people’s desktops, laptops, and the smart doodah devices are affected by a serious security flaw in the manner in which processors cache sensitive data (cnet.com) which will require fixes from all in the short and processor redesign in the long term, the gaze is now upon the companies, what is affected, and what they plan to do about it:
“Intel has already issued updates for the majority of processor products introduced within the past five years. By the end of next week, Intel expects to have issued updates for more than 90 percent of processor products introduced within the past five years,” the chipmaker said.
But what is not quite so clear is effect and price users will pay for the fixes in combating the two exploits, Spectre and Meltdown, identified:
Both attack techniques rely on using features chips use to speed up processing and some of the work to fix the problem therefore slows computers down, whether on your laptop, phone or your favorite social network’s internet servers. … “This is not an issue that is not fixable,” [Intel CEO Brian Krzanich] said in an interview Thursday. And the performance generally isn’t a problem, he said: “For the real-world applications … it’s minimal impact.”
Minimal “impact” for fairly recent processors but with Intel chips from the last 15 years are affected, suggestively far greater for aging kit. And with that minimal “impact” and fixes flood:
With the infamous Pentium processors recall after the 1994 discovery of the floating point unit Pentium FDIV bug (Wikipedia) in 1994 springing nightmarishly to mind.
“This is very very different from FDIV,” Krzanich said, criticizing media coverage of Meltdown and Spectre as overblown. “This is not an issue that is not fixable… we’re seeing now the first iterations of patches.”
Krzanich pushing aside “concern that Spectre in particular will be difficult to fix”:
“The mitigations we’re providing—the ones that will roll out by next week from the [computer makers] and the ones cloud service providers have already put in place—solve both problems,” Krzanich said.
But as with the #fearface generated when Windows downloads an “anniversary” patch (Latest Picks 26th Aug. 2016) could likely cause new for each solved in combination with particular aging kit and software.
And to further vex Apple’s mild-mannered Tim Cook after the recent tough break of having to admit they purposefully slow down iPhones (Latest Picks 29th Dec. 2017), with Apple having transitioning to Intel chips in 2006:
Apple has said that all iPhones, iPads and Mac computers are affected by two major flaws in computer chips. … Mac users have often believed that their devices and operating systems are less vulnerable to security issues than, for example Android phones or computers running Microsoft systems. Apple said it had already released “mitigations” against Meltdown in its latest iPhones and iPad operating system update—iOS 11.2 and the macOS 10.13.2 for its MacBooks and iMacs. … Patches against Spectre, in the form of an update to web browser Safari, will be released "in the coming days".
Meltdown does not affect the Apple Watch, it said.
Which I guess could be seen as giving a triumph or even purpose it has sadly lacked until now.
And of course, super-secure Android:
Google said its Android phones—which make up more than 80% of the global market—were protected if users had the latest security updates.
Assuming that particular ’Droid device is still getting updates, which is seemingly rather hit and miss (howtogeek.com, Dec. 2017).
With the Micro$oft Linux evangelists ever-keen to sanctimoniously Bash:
Microsoft has already released fixes for many of its services. Windows users should be aware that third-party anti-virus software may need to be updated before applying operating system patches.
And the collective distros of Linux:
How Linux is dealing with Meltdown and Spectre (zdnet.com).
Michael Larabel, a Linux performance expert and founder of the Linux Phoronix website, has ran benchmarks on Linux 4.15-rc6, a Linux 4.15 release candidate, which includes Kernel Page Table Isolation (KPTI) for Intel’s Meltdown flaw. Larbel found serious slowdowns in the Compile Bench and FS-Mark 3.3, synthetic I/O benchmarks; significant performance hits with the PostgreSQL data…
With a sea of benchmark analysis and tech-speak arriving at the conclusion that any performance penalty fixes made are, according to Linux divinity Linus Torvalds after a opportunity to furiously blame Bash Intel:
“There’s no one number. It will depend on your hardware and on your load.”
And there some were thinking the number for everything was a GNU 42 (GoogleTube).
The only chip maker that has data bus to brag being AMD:
AMD claimed its chips aren’t vulnerable. In a statement, AMD said, “AMD is not susceptible to all three [attack] variants. Due to differences in AMD’s architecture, we believe there is a near zero risk to AMD processors at this time.”
Updated 18th January 2018
And returning to that that #fearface even planned rather than rushed patches generate:
As we reported last week, Intel’s Meltdown and Spectre patch is causing reboot problems for older processors. Now Intel says the current firmware updates may be causing computers with newer chips to reboot more frequently as well.
Oh dear. Saying that though, I’ve a brand new top of the range Intel chip PC and several older ones forming our home network, but have not noticed any reboot issues; perhaps undertaking the wrong sort of workload or rather that they are just serving family, including a tribe of stuffed monkeys who are more interested in “workflow” of Amazon Fire TV Stick:
The patches can also impact performance, with Intel saying that data center tests simulating a stock exchange interaction and online transaction showed a 4 percent slowdown. Other testing of various server workloads showed a slowdown of as much as 25 percent.
- Apple apologizes for iPhone slowdowns (Latest Picks 29th December 2017)
- Kaspersky software banned from US government agencies (Blog 15th September 2017)
Page: prev. | 1 | next