Peppermint OS Community Forum

General => GNU/Linux Discussion => Topic started by: DAMIEN1307 on January 02, 2018, 03:42:06 pm

Title: ATTEN. Intel cpu users
Post by: DAMIEN1307 on January 02, 2018, 03:42:06 pm
hi folks...saw this today and thought i would share as well hoping to hear feed back on this new intel issue...

https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
Title: Re: ATTEN. Intel cpu users
Post by: PCNetSpec on January 03, 2018, 08:42:21 am
So .. so far Intel have:-

a) put a ton of users at risk with their management engine vulnerability .. that OEM's had to fix

b) IMHO been the major player at fault in the Ubuntu 17.10 BIOS fiasco by releasing a buggy SPI driver .. that Ubuntu and Lenovo had to fix

and now this .. which OS devs have to fix.

Good going Intel.
Title: Re: ATTEN. Intel cpu users
Post by: scifidude79 on January 03, 2018, 09:56:06 am
Good going Intel.

Big businesses are like that.  Intel churns out so many chips a year that they probably can't be bothered by little things like user security.
Title: Re: ATTEN. Intel cpu users
Post by: christianvl on January 03, 2018, 12:20:41 pm
According to the article, the fix will result in a performance hit.

Can anyone imagine an AMD lawsuit against intel? How much marketshare they've lost over the years as Intel's chips showed best performance?

And now imagine how much it will cost to some companies to test and update their systems?

After this story, wiil we see more ARM chips on desktop/laptop computers?
Title: Re: ATTEN. Intel cpu users
Post by: DAMIEN1307 on January 03, 2018, 05:14:57 pm
i do not know if this is applicable or not but my main driver for everyday use is an AMD APU/CPU...if i am thinking clearly and correctly, might i assume that when the kernel fix for INTELs stupidity does come through the pipeline, will that kernel be a "one size fits all" solution?...in other words, will the kernel security update that is rumoured to slow down INTEL chips also have the same effect on AMDs chip even though AMD is not affected by INTELs stupidity nor is at fault here and thus also suffer the same slow down scenario?...DAMIEN
Title: Re: ATTEN. Intel cpu users
Post by: DAMIEN1307 on January 03, 2018, 06:03:44 pm
i took notice today of this article from toms hardware... http://www.tomshardware.com/news/intel-cpu-bug-amd-performance,36213.html ...they basically state that this might be overblown...

i do notice that the toms hardware article in the above post is based on INTELs response to the uproar as well as their stock prices taking a nose dive and do i trust INTELs response? oh yea...just like i trust a Microsoft response...what i DO expect is that these folks, in order to protect their own self interests as well as their own piggy bank, is that they will continue to apply lipstick to their pig along with a little maybeline makeup and then pronounce the pig as being "pretty"...my personal opinion? its still a pig no matter how much you try to pretty it up...DAMIEN
Title: Re: ATTEN. Intel cpu users
Post by: PCNetSpec on January 03, 2018, 06:58:25 pm
As (as far as I can see) there's been no full disclosure of what the bug is yet it'd probably be best to wait and see before lining them against the wall.

This bit did however raise an eyebrow:-

Quote from: Intel
Intel believes its products are the most secure in the world

(https://media.makeameme.org/created/you-say-wut-ws46fc.jpg)
Title: Re: ATTEN. Intel cpu users
Post by: scifidude79 on January 03, 2018, 08:47:29 pm
Quote from: Intel
Intel believes its products are the most secure in the world

Microsoft believes they make the best OS on the planet, and Apple believes they have the best devices.  So, I guess we can add Intel to the list of delusional companies.
Title: Re: ATTEN. Intel cpu users
Post by: DAMIEN1307 on January 03, 2018, 09:35:08 pm
this excerpt snippet taken from another posting i made on this issue on another linux forum

" Linus weighing in on the Intel press release that DAMIEN also commented on above: https://lkml.org/lkml/2018/1/3/797."

From   Linus Torvalds <>
Date   Wed, 3 Jan 2018 15:51:35 -0800
Subject   Re: Avoid speculative indirect calls in kernel
On Wed, Jan 3, 2018 at 3:09 PM, Andi Kleen <andi@firstfloor.org> wrote:
> This is a fix for Variant 2 in
> https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
>
> Any speculative indirect calls in the kernel can be tricked
> to execute any kernel code, which may allow side channel
> attacks that can leak arbitrary kernel data.

Why is this all done without any configuration options?

A *competent* CPU engineer would fix this by making sure speculation
doesn't happen across protection domains. Maybe even a L1 I$ that is
keyed by CPL.

I think somebody inside of Intel needs to really take a long hard look
at their CPU's, and actually admit that they have issues instead of
writing PR blurbs that say that everything works as designed.

.. and that really means that all these mitigation patches should be
written with "not all CPU's are crap" in mind.

Or is Intel basically saying "we are committed to selling you shit
forever and ever, and never fixing anything"?

Because if that's the case, maybe we should start looking towards the
ARM64 people more.

Please talk to management. Because I really see exactly two possibibilities:

 - Intel never intends to fix anything

OR

 - these workarounds should have a way to disable them.

Which of the two is it?

                   Linus


sorry for the "language" that linus uses here but it is after all linus speaking...lol...DAMIEN
Title: Re: ATTEN. Intel cpu users
Post by: scifidude79 on January 03, 2018, 11:23:06 pm
It makes me want to build a new AMD based rig. 
Title: Re: ATTEN. Intel cpu users
Post by: pin on January 04, 2018, 01:35:06 am
Adding to the fire here...
https://googleprojectzero.blogspot.se/2018/01/reading-privileged-memory-with-side.html?m=1
And...
https://meltdownattack.com/



Skickat från min SM-G900F via Tapatalk

Title: ATTEN. ALL cpu users
Post by: VinDSL on January 04, 2018, 05:32:31 am
Adding to the fire here...
https://googleprojectzero.blogspot.se/2018/01/reading-privileged-memory-with-side.html?m=1
And...
https://meltdownattack.com/

" ATTEN. Intel ALL cpu users "

Mohit Kumar, just posted an article on this: https://goo.gl/zoBcYZ

Quote
Meltdown and Spectre CPU Flaws Affect Intel, ARM, AMD Processors

Unlike the initial reports suggested about Intel chips being vulnerable to some severe ‘memory leaking’ flaws, full technical details about the vulnerabilities have now been emerged, which revealed that almost every modern processor since 1995 is vulnerable to the issues.


https://www.youtube.com/watch?v=bReA1dvGJ6Y
Title: Re: ATTEN. Intel cpu users
Post by: christianvl on January 04, 2018, 07:10:21 am
Adding to the fire here...
https://googleprojectzero.blogspot.se/2018/01/reading-privileged-memory-with-side.html?m=1
And...
https://meltdownattack.com/

" ATTEN. Intel ALL cpu users "

Mohit Kumar, just posted an article on this: https://goo.gl/zoBcYZ

Quote
Meltdown and Spectre CPU Flaws Affect Intel, ARM, AMD Processors

Unlike the initial reports suggested about Intel chips being vulnerable to some severe ‘memory leaking’ flaws, full technical details about the vulnerabilities have now been emerged, which revealed that almost every modern processor since 1995 is vulnerable to the issues.


https://www.youtube.com/watch?v=bReA1dvGJ6Y
As I understood, although  AMD chips also have the "bug", it seems they're not susceptible to attacks. But, hey, I don't have any technical skills to fully understand the articles...

Anyway, here's the link to AMD official statement on the case (this link is the same provided on the project zero blog post).

http://www.amd.com/en/corporate/speculative-execution

Enviado de meu Quantum Fly usando Tapatalk

Title: Re: ATTEN. Intel cpu users
Post by: VinDSL on January 04, 2018, 07:59:38 am
Adding to the fire here...
https://googleprojectzero.blogspot.se/2018/01/reading-privileged-memory-with-side.html?m=1
And...
https://meltdownattack.com/

" ATTEN. Intel ALL cpu users "

Mohit Kumar, just posted an article on this: https://goo.gl/zoBcYZ

Quote
Meltdown and Spectre CPU Flaws Affect Intel, ARM, AMD Processors

Unlike the initial reports suggested about Intel chips being vulnerable to some severe ‘memory leaking’ flaws, full technical details about the vulnerabilities have now been emerged, which revealed that almost every modern processor since 1995 is vulnerable to the issues.


https://www.youtube.com/watch?v=bReA1dvGJ6Y
As I understood, although  AMD chips also have the "bug", it seems they're not susceptible to attacks. But, hey, I don't have any technical skills to fully understand the articles...

Anyway, here's the link to AMD official statement on the case (this link is the same provided on the project zero blog post).

http://www.amd.com/en/corporate/speculative-execution

Enviado de meu Quantum Fly usando Tapatalk
Yup, it's a mess.


Sent from my moto e⁴ using Tapatalk

Title: Re: ATTEN. Intel cpu users
Post by: scifidude79 on January 04, 2018, 10:08:33 am
It seems to me that all processors released in the past 22 years are susceptible to some kind of attack, but Intel is most susceptible.  It looks like AMD is much less susceptible, I'm not sure about ARM.
Title: Re: ATTEN. Intel cpu users
Post by: christianvl on January 04, 2018, 10:20:33 am
It seems to me that all processors released in the past 22 years are susceptible to some kind of attack, but Intel is most susceptible.  It looks like AMD is much less susceptible, I'm not sure about ARM.
Looks like ARM is also on the same ship, but not to the same extent as Intel.

https://developer.arm.com/support/security-update

Now I'm curious on how this can affect Android, considering that a software update (OS level) is highly unlikely for most devices.

Enviado de meu Quantum Fly usando Tapatalk

Title: Re: ATTEN. Intel cpu users
Post by: scifidude79 on January 04, 2018, 10:40:18 am
Now I'm curious on how this can affect Android, considering that a software update (OS level) is highly unlikely for most devices.

That's been on my mind too, especially since I'm using a Kindle Fire right now, which runs modified Android.  (though, Amazon may release an update)

All I know for sure is that this is a huge mess.
Title: Re: ATTEN. Intel cpu users
Post by: The PoorGuy on January 05, 2018, 10:52:52 am
.
Title: Re: ATTEN. Intel cpu users
Post by: christianvl on January 05, 2018, 10:58:56 am
And adding to what's already bad news:

https://arstechnica.com/information-technology/2018/01/intel-ceos-sale-of-stock-just-before-security-bug-reveal-raises-questions/ 
Title: Re: ATTEN. Intel cpu users
Post by: scifidude79 on January 05, 2018, 12:03:49 pm
Well, you know what they say about rats and sinking ships.

No more Intel purchases for me.

Same here.  After all of this hit, I started looking at AMD's Ryzen line.  I've never paid much attention to those, but they have some good stuff, including "entry level" hyper threaded quad cores that are nicely priced.
Title: Re: ATTEN. Intel cpu users
Post by: VinDSL on January 05, 2018, 12:18:51 pm
And adding to what's already bad news:

https://arstechnica.com/information-technology/2018/01/intel-ceos-sale-of-stock-just-before-security-bug-reveal-raises-questions/
The cream rises to the top ... And, so does the scum ;)

Sent from my moto e⁴ using Tapatalk

Title: Re: ATTEN. Intel cpu users
Post by: DAMIEN1307 on January 05, 2018, 12:41:25 pm
hi folks...it may be of interest to note that INTEL has released a new microcode today...the link provided here is from the oregon state university repository...i have applied it to my back up system, a dell laptop, which is an INTEL core i5 chip from which im typing on right now... http://ftp.us.debian.org/debian/pool/non-free/i/intel-microcode/ ...DAMIEN
Title: Re: ATTEN. Intel cpu users
Post by: christianvl on January 05, 2018, 12:50:15 pm
hi folks...it may be of interest to note that INTEL has released a new microcode today...the link provided here is from the oregon state university repository...i have applied it to my back up system, a dell laptop, which is an INTEL core i5 chip from which im typing on right now... http://ftp.us.debian.org/debian/pool/non-free/i/intel-microcode/ ...DAMIEN
Thank you for providing the link.

Considering the risk for desktop users, I think It's safer for most users to wait for the update to hit Ubuntu's repos.

Enviado de meu Quantum Fly usando Tapatalk

Title: Re: ATTEN. Intel cpu users
Post by: pin on January 05, 2018, 12:53:10 pm
Would be intresting to see his bank account, most probably in one "tax paradise". Just collecting his revenue before stocks fall...

Skickat från min SM-G900F via Tapatalk

Title: Re: ATTEN. Intel cpu users
Post by: PCNetSpec on January 05, 2018, 01:24:30 pm
hi folks...it may be of interest to note that INTEL has released a new microcode today...the link provided here is from the oregon state university repository...i have applied it to my back up system, a dell laptop, which is an INTEL core i5 chip from which im typing on right now... http://ftp.us.debian.org/debian/pool/non-free/i/intel-microcode/ ...DAMIEN

What makes you think this microcode update has anything to do with this ? .. have you read that somewhere ?

I thought Intel had stated it couldn't be mitigated other than in the OS kernel (or fixed at the hardware level) ?
Title: Re: ATTEN. Intel cpu users
Post by: christianvl on January 05, 2018, 02:25:16 pm
hi folks...it may be of interest to note that INTEL has released a new microcode today...the link provided here is from the oregon state university repository...i have applied it to my back up system, a dell laptop, which is an INTEL core i5 chip from which im typing on right now... http://ftp.us.debian.org/debian/pool/non-free/i/intel-microcode/ ...DAMIEN

What makes you think this microcode update has anything to do with this ? .. have you read that somewhere ?

I thought Intel had stated it couldn't be mitigated other than in the OS kernel (or fixed at the hardware level) ?
Looks like Intel hopes to solve some of Spectre issues with a microcode update. But PCNet has it right. This isn't going away only with a new microcode.

https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-heres-what-intel-apple-microsoft-others-are-doing-about-it/

Enviado de meu Quantum Fly usando Tapatalk

Title: Re: ATTEN. Intel cpu users
Post by: DAMIEN1307 on January 05, 2018, 02:59:37 pm
hi folks...the reason i found for the microcode though it is only a partial help requireing also the kernel fix i found here... https://www.theregister.co.uk/2018/01/05/spectre_flaws_explained/ ...

a few key paragraphs keyed in on this part of the issue

"On pre-Skylake CPUs, kernel countermeasures – and on Skylake and later, a combination of a microcode updates and kernel countermeasures known as Indirect Branch Restricted Speculation, aka IBRS – to kill Spectre Variant 2 attacks that steal data from kernels and hypervisors."

and

"Fixing the bounds bypass check attack requires analysis and recompilation of vulnerable code; addressing the branch target injection attack can be dealt with via a CPU microcode update, such as Intel's IBRS microcode, or through a software patch like "retpoline" to the operating system kernel, the hypervisor, and applications."

and

"In other words: to protect yourself from Spectre Variant 1 attacks, you need to rebuild your applications with countermeasures. These defense mechanisms are not generally available yet. To protect yourself from Spectre Variant 2 attacks, you have to use a kernel with countermeasures, and if you're on a Skylake or newer core, a microcode update, too. That microcode is yet to ship. It's not particularly clear, through all the noise and spin this week, which kernels have been built and released with countermeasures, if any. A disassembly of latest Windows releases suggests Microsoft is, for one, on the case."

and

"Wagner observed that software fixes aren't enough. "Ultimately, this is a problem with the processor and addressing it in the browser requires removing useful functionality and degrading performance," he said. "We hope the future microprocessor improvements would allow less drastic measures in the browser while still maintaining safety."

it is a 2 page article but appears to me (i could be wrong) that this is only a part of a total fix down the road...just waiting now for the kernel security update to follow...DAMIEN



Title: Re: ATTEN. Intel cpu users
Post by: pin on January 05, 2018, 03:00:12 pm
What is even worst is that it was predicted 10 years ago, https://marc.info/?l=openbsd-misc&m=118296441702631&w=2


Skickat från min SM-G900F via Tapatalk

Title: Re: ATTEN. Intel cpu users
Post by: PCNetSpec on January 05, 2018, 03:37:28 pm
Bearing in mind I've been offline(ish) for about 10 days so have a lot of catching up to do, does anyone know if this vulnerability needs local access or some kind of running binary process.
Title: Re: ATTEN. Intel cpu users
Post by: scifidude79 on January 05, 2018, 03:40:28 pm
Bearing in mind I've been offline(ish) for about 10 days so have a lot of catching up to do, does anyone know if this vulnerability needs local access or some kind of running binary process.

I was wondering that too.  I've tried reading through the articles, but much of it is too technical for me.
Title: Re: ATTEN. Intel cpu users
Post by: cfx795 on January 05, 2018, 04:32:54 pm
I guess I'll stay tuned and wait for a bit of the furor to die down. I'm not exactly harvesting money off the trees out back, insofar as some abrupt and immediate switch to AMD. At the time I assembled this Intel system this past fall, it seemed to make sense to me that I was getting an integrated gpu with the Intel chip. In retrospect maybe I would have been better off paying a little more for a Ryzen CPU and a discrete graphics card.
Title: Re: ATTEN. Intel cpu users
Post by: murraymint on January 05, 2018, 05:13:00 pm
Quote
For the array bounds variant of Spectre, Microsoft's main action is to modify Edge and Internet Explorer. Browsers represent a particular risk for this attack, as it's relatively straightforward to write JavaScript that sets up the conditions necessary to perform the attack. Depending on the browser, browser-based attacks can do things such as steal passwords, and in all browsers the attack provides data useful for breaking out of sandboxes.

Accordingly, Microsoft is disabling access to JavaScript SharedArrayBuffer—a kind of high-performance array that was only enabled in Edge a few months ago—and reducing the precision of timers available to JavaScript. Successful exploitation of both Meltdown and Spectre requires careful timing of actions that may differ by only a few hundred processor cycles. To make this timing harder to achieve in JavaScript, the high-precision JavaScript timer (intended mainly for things like benchmarking and performance profiling) is having both its precision reduced, from a granularity of 5 microseconds to 20 microseconds, and its accuracy reduced, by introducing up to 20 microseconds of random jitter to its results.

This same approach is being replicated by Mozilla in Firefox and is already shipping in the latest version of Firefox. Google too is applying these changes to Chrome, and they should ship to end users in late January. Mozilla and Google both say that they're also developing more precise mitigations—likely to be the judicious insertion of serializing instructions to prevent speculative execution in certain places—to address the problem.

https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-heres-what-intel-apple-microsoft-others-are-doing-about-it/
Title: Re: ATTEN. Intel cpu users
Post by: DAMIEN1307 on January 05, 2018, 07:35:40 pm
hi PCNetSpec we missed ya...welcome back to reality...lol...ive included a link to an article on all this hoopla to help you get get acquainted as to how this INTEL mess works...or should i say doesnt work since you mentioned you have to play catch-up...enjoy...DAMIEN

https://arstechnica.com/gadgets/2018/01/whats-behind-the-intel-design-flaw-forcing-numerous-patches/
Title: Re: ATTEN. Intel cpu users
Post by: The PoorGuy on January 05, 2018, 08:02:46 pm
.
Title: Re: ATTEN. Intel cpu users
Post by: DAMIEN1307 on January 05, 2018, 11:31:39 pm
This is cumulative of what i have found thus far

Number 1 - it may be of interest to note that INTEL has released a new microcode today...the link provided here is from the oregon state university repository...i have applied it to my back up system, a dell laptop, which is an INTEL core i5 chip from which im typing on right now...

http://ftp.us.debian.org/debian/pool/non-free/i/intel-microcode/

 
Number 2 - the reason i found for updating the microcode though it is only a partial help requireing also the kernel fix that is forthcoming is found in this article... https://www.theregister.co.uk/2018/01/05/spectre_flaws_explained/
a few key paragraphs keyed in on this part of the issue

"On pre-Skylake CPUs, kernel countermeasures – and on Skylake and later, a combination of a microcode updates and kernel countermeasures known as Indirect Branch Restricted Speculation, aka IBRS – to kill Spectre Variant 2 attacks that steal data from kernels and hypervisors."

and

"Fixing the bounds bypass check attack requires analysis and recompilation of vulnerable code; addressing the branch target injection attack can be dealt with via a CPU microcode update, such as Intel's IBRS microcode, or through a software patch like "retpoline" to the operating system kernel, the hypervisor, and applications."

and

"In other words: to protect yourself from Spectre Variant 1 attacks, you need to rebuild your applications with countermeasures. These defense mechanisms are not generally available yet. To protect yourself from Spectre Variant 2 attacks, you have to use a kernel with countermeasures, and if you're on a Skylake or newer core, a microcode update, too. That microcode is yet to ship. It's not particularly clear, through all the noise and spin this week, which kernels have been built and released with countermeasures, if any. A disassembly of latest Windows releases suggests Microsoft is, for one, on the case."

and

"Wagner observed that software fixes aren't enough. "Ultimately, this is a problem with the processor and addressing it in the browser requires removing useful functionality and degrading performance," he said. "We hope the future microprocessor improvements would allow less drastic measures in the browser while still maintaining safety."

it is a 2 page article but appears to me (i could be wrong) that this is only a part of a total fix down the road...just waiting now for the kernel security update to follow...

Number 3 - this article has some work arounds for chrome/chromium based browsers and to a lesser extent firefox browsers to harden up their isolation capabilities that should help until the kernel/ microcode fixes become finalised...DAMIEN

http://www.linuxandubuntu.com/home/how-hackers-can-read-your-websites-passwords-using-meltdown-and-spectre-with-solution

To enable Site Isolation in Chrome/Chromium, copy the following URL in URL bar -

chrome://flags/#enable-site-per-process


To enable First-Party Isolation in Firefox

 type about:config in the url bar. Search for site isolation and you'll get the following options -
enable first-party isolation in firefox
As you can see the value of privacy.firstparty.isolate is set to false. Double click to set it to true.

restart the browsers for isolation to take effect...

i have applied these workarounds until the real security update fixes become available on all four of my home systems and all is working fine here and am really hoping these workarounds along with their explainations as described in the articles will be of some real value and use to the community...DAMIEN


Title: Re: ATTEN. Intel cpu users
Post by: VinDSL on January 06, 2018, 01:46:31 am
LoL Linus: https://goo.gl/VPDU7i   :D
Title: Re: ATTEN. Intel cpu users
Post by: DAMIEN1307 on January 06, 2018, 02:40:32 am
thought you folks might like this one...microsoft strikes again in their attempt to "fix" meltdown and spectre...enjoy...DAMIEN

http://news.softpedia.com/news/windows-10-cumulative-update-kb4056892-meltdown-spectre-fix-fails-to-install-519238.shtml


ps...i especially enjoyed the comment made person writing microsoft community thread number 3 where he states after his system borked

" I understand that making the machine unbootable is the best protection from remote exploitation, but I would rather have the OS working."
Title: Re: ATTEN. Intel cpu users
Post by: pin on January 06, 2018, 03:17:14 am
Yeah, it was fun! But, this time around, and for once, this is not microsoft's fault. Everyone (microsoft, apple, Linux, BSD, ...) is trying to fix an issue that they are not responsible for in the first place, !SUCK!

Skickat från min SM-G900F via Tapatalk
Title: Re: ATTEN. Intel cpu users
Post by: christianvl on January 06, 2018, 11:33:02 am
thought you folks might like this one...microsoft strikes again in their attempt to "fix" meltdown and spectre...enjoy...DAMIEN

http://news.softpedia.com/news/windows-10-cumulative-update-kb4056892-meltdown-spectre-fix-fails-to-install-519238.shtml


ps...i especially enjoyed the comment made person writing microsoft community thread number 3 where he states after his system borked

" I understand that making the machine unbootable is the best protection from remote exploitation, but I would rather have the OS working."
So rigth now it's safe to say that Windows AMD users are the most affected by something that they should be the last to worry?

Enviado de meu Quantum Fly usando Tapatalk

Title: Re: ATTEN. Intel cpu users
Post by: VinDSL on January 06, 2018, 12:08:28 pm
thought you folks might like this one...microsoft strikes again in their attempt to "fix" meltdown and spectre...enjoy...DAMIEN

Glad you posted this.

I just bought a Dell 7010 refurb for our office. Needs '10 Pro' to run our custom accounting proggie.

The old computer didn't have the hardware necessary to support the '10' upgrade, blah, blah, blah.

It's supposed to arrive Sunday (2-day shipping), and I wanted to start setting it up at the abode before Monday rolled around.

I did some quick checking on this situation. Get this - AV software is blocking the winders patches ...

Quote
Antivirus firms are playing patch catch-up, as Microsoft releases Meltdown firmware updates for Surface devices

As Microsoft warned this week, it's not delivering its January 3 Windows security updates to customers if they're running third-party antivirus, unless the AV is confirmed to be compatible with it.

LINK: Windows Meltdown-Spectre fix: How to check if your AV is blocking Microsoft patch | ZDNet (https://goo.gl/SSqjf7)

Oh, what a tangled web we weave. Guess I better tread lightly ...  8)
Title: Re: ATTEN. Intel cpu users
Post by: DAMIEN1307 on January 06, 2018, 12:34:32 pm
hi vindsl...glad that post was enlightening for your work computer accounting situation...if its running an AMD chipset you do not need them to bork it on you...ive been staying on top of this and have been implimenting the #1 - the kernel update to 4:13 series,...#2 - the microcode update for INTEL chipsets to the latest Jan. 5th update,...and #3 - the workaround for chrome/chromium and firefox browsers for all of my peeps computers ive converted to Linux OSes...these fixes and how to do them are in my previous post here in my "cumulative what ive found out so far" post...ALL are working fine with ZERO hickups in implimenting these changes...we are all now just waiting for the kernel security updates coming out on Jan. 9th...keep in mind that ubuntu is not implimenting the fixes in the 4:10 and 4:13 series kernels since support is about to expire...in linux mint and peppermint as far as i can see, you will either have to regress to 4.4 LTS series kernels or advance to the 4.13 HWE series kernels in order to obtain the kernel security updates...as far as i can tell so far, this should then be the end of this issue at least for linux users...microcrap windbloes? well who knows how long the issues will exist if their patches are borking peeps AMD systems...this is the only time i feel bad for microsoft though since this is a problem they didnt cause but i foresee their are going to be angry villagers with torches and pitchforks outside the main castle walls of INTEL for causing this problem since 1995...DAMIEN
Title: Re: ATTEN. Intel cpu users
Post by: DAMIEN1307 on January 06, 2018, 03:09:59 pm
and now for this little tidbit from :the horses mouth" ie...the kernel developers...DAMIEN

http://kroah.com/log/blog/2018/01/06/meltdown-status/
Title: Re: ATTEN. Intel cpu users
Post by: pin on January 06, 2018, 04:41:12 pm
Thanks! Nice read

Skickat från min SM-G900F via Tapatalk

Title: Re: ATTEN. Intel cpu users
Post by: VinDSL on January 06, 2018, 04:54:27 pm
Thanks! Nice read

Agreed!

Now, we KNOW what happened ...  https://goo.gl/mbQNkX
Title: Re: ATTEN. Intel cpu users
Post by: pin on January 06, 2018, 05:26:36 pm
Just a "small" note, http://nordic.businessinsider.com/intel-ceo-krzanich-sold-shares-after-company-was-informed-of-chip-flaw-2018-1?r=US&IR=T
$24 million

Skickat från min SM-G900F via Tapatalk

Title: Re: ATTEN. Intel cpu users
Post by: grafiksinc on January 07, 2018, 11:58:37 pm
So,  just to make sure AMD hardware is not affected right? Only Intel is? :-\
Title: Re: ATTEN. Intel cpu users
Post by: pin on January 08, 2018, 12:30:37 am
Unfortunately, it's not that simple , but...
Intel is affected by both, Meltdown and Spectre.
Some AMD cpu's are not affected by Meltdown, but they are still affected by Spectre.
So far, the only immune system is Raspberry PI, https://www.raspberrypi.org/blog/why-raspberry-pi-isnt-vulnerable-to-spectre-or-meltdown/

Now, this is of course generalizing quite a lot.
Title: Re: ATTEN. Intel cpu users
Post by: cfx795 on January 08, 2018, 03:10:47 am
So these patches that we're talking about, that are being rolled out to combat Meltdown. Are they specifically for Intel machines? Or is it like a one-size-fits-all patch for all users? I guess what I'm wondering is, I've read that users could expect a 5-30% slowdown for some operations... Intel users, or all users?
Title: Re: ATTEN. Intel cpu users
Post by: pin on January 08, 2018, 04:27:55 am
Unfortunately, it will hit all users. If you know your cpu is not affected, you could re-build the kernel with CONFIG_PAGE_TABLE_ISOLATION=n building flag.
But, note that the 30% slowdown is a maximum values,  that most probably won't be reached. Also, this slowdown will only be significant if you are compiling large packages from source.
Hope this helps!

Skickat från min SM-G900F via Tapatalk
Title: Re: ATTEN. Intel cpu users
Post by: PeppermintFan on January 10, 2018, 12:23:25 pm
I haven't updated to the new "fixed" kernel's yet but according to this article some people are having issues
https://www.bleepingcomputer.com/news/software/meltdown-and-spectre-patches-bricking-ubuntu-16-04-computers/ (https://www.bleepingcomputer.com/news/software/meltdown-and-spectre-patches-bricking-ubuntu-16-04-computers/)

Curious if anyone has updated to the 4.4.0-108 kernel version?
I do see that I have a pending update for the 4.4.0-109 version though.  Hopefully that fixed whatever was the issue.
Title: Re: ATTEN. Intel cpu users
Post by: scifidude79 on January 10, 2018, 12:49:37 pm
This is to be expected, as these updates have been hastily put together in reaction to this situation.  There’s no way for them to have tested them on every CPU from the past 22+ years, or even from the last decade.  I encourage everyone to be patient.  Try the upgrade, but be ready to roll back to the previous kernel version temporarily.  Also, you may consider sending a bug report in so that they can identify problems and patch them.

Also, the title of that article is a flat-out lie and obvious click bait.  A “bricked” machine is one that can’t be booted, making it essentially a brick.  If you can boot an earlier kernel, it’s not bricked.
Title: Re: ATTEN. Intel cpu users
Post by: perknh on January 10, 2018, 04:23:36 pm
Curious if anyone has updated to the 4.4.0-108 kernel version?
I do see that I have a pending update for the 4.4.0-109 version though.  Hopefully that fixed whatever was the issue.

I've installed it in Peppermint 6 --despite reading a warning message that the download couldn't be authenticated.  As scifidude79 has said, these updates/upgrades/patches have been hastily put together (https://www.bleepingcomputer.com/news/software/meltdown-and-spectre-patches-causing-boot-issues-for-ubuntu-16-04-computers/).  Time will tell how things go.

Knock on wood!  ;)
Title: Re: ATTEN. Intel cpu users
Post by: christianvl on January 10, 2018, 05:05:10 pm
I haven't updated to the new "fixed" kernel's yet but according to this article some people are having issues
https://www.bleepingcomputer.com/news/software/meltdown-and-spectre-patches-bricking-ubuntu-16-04-computers/ (https://www.bleepingcomputer.com/news/software/meltdown-and-spectre-patches-bricking-ubuntu-16-04-computers/)

Curious if anyone has updated to the 4.4.0-108 kernel version?
I do see that I have a pending update for the 4.4.0-109 version though.  Hopefully that fixed whatever was the issue.
Updated today, original Peppermint 8, 64. No problem.

I'd bet  the update will cause more trouble for AMD machines.

Looks like MS is laying the blame on poor AMD documentation for the Windows updates that went wrong.

"After investigating, Microsoft has determined that some AMD chipsets do not conform to the documentation previously provided to Microsoft to develop the Windows operating system mitigations to protect against the chipset vulnerabilities known as Spectre and Meltdown."

Source https://arstechnica.com/gadgets/2018/01/bad-docs-and-blue-screens-make-microsoft-suspend-spectre-patch-for-amd-machines/

Enviado de meu Quantum Fly usando Tapatalk

Title: Re: ATTEN. Intel cpu users
Post by: PCNetSpec on January 10, 2018, 09:26:15 pm
Okay the 4.4.0-109 kernel works perfectly for me.

As does the hwe-16.04 kernel which has now rolled from the 4.10 kernel series (4.10.0-42) to the 4.13 kernel series (4.13.0-26).
Title: Re: ATTEN. Intel cpu users
Post by: PeppermintFan on January 10, 2018, 10:08:21 pm
I updated 2 of my laptops, one was Peppermint 8 Respin and the other was 7.  Both upgraded fine to the 109 kernel and both do have Intel processors.  I think that 108 kernel was rushed as scifidude79 said so they immediately released the 109 with the fixes.  Glad it is working!


Title: Re: ATTEN. Intel cpu users
Post by: DAMIEN1307 on January 10, 2018, 11:27:46 pm
hi pcnetspec...same results for me as well...both the 4.4.0-109 series and the 4.13.0-26 series kernels work just fine on my peppermint rigs...for all those interested the newest intel microcode for intel processors was released today and can be found here from the Oregon State University Repository...(about the only time i ever stray from official repositories as i know it as a reliable source)... http://ftp.us.debian.org/debian/pool/non-free/i/intel-microcode/ ...it is 3.20180108.1...for those using the amd64.deb download here... http://ftp.us.debian.org/debian/pool/non-free/a/amd64-microcode/ ... it is 3.20171205.1    Jan. 10th 2018...is listed 2nd from the bottom at this time...DAMIEN
Title: Re: ATTEN. Intel cpu users
Post by: pin on January 11, 2018, 04:40:33 am
Thx DAMIEN1307 for the intel microcode link. I feel slightly safer now regarding Meltdown...
-Peppermint 7 using 4.4.0-109 + intel microcode 20170108: running perfectly  :)
-Void using 4.14.12-4 + intel microcode 20170108: also, running perfectly  :) Actually, Void has the microcode in the repos. Maybe, the same could be done here on Peppermint world?!
-Bodhi using 4.13.0-26 + intel microcode 20170108 (my daughter's machine). guess what?! Yeap, running without any issues  :)
Great work from the kernel devs, thx  :-*
Title: Re: ATTEN. Intel cpu users
Post by: DAMIEN1307 on January 11, 2018, 07:04:38 am
your very welcome pin...but did you notice the numbers carefully?...if your running INTEL, the microcode is 3.20180108.1 for the latest release date of Jan.10th...the one your showing for an intel doesnt even appear on the list...maybe you just confused the numbers of the intel and the amd and combined them together while typing?...the AMD microcode is currently 3.20171205.1 also dated Jan. 10th...the intel driver code number but has since been updated to the aforementioned 3.20180108.1

also in case you may have missed it, the following fixes are for chrome/chromium/slimjet browsers and the second is for firefox browser...

1 - To enable Site Isolation in Chrome/Chromium, copy the following URL in URL bar -

chrome://flags/#enable-site-per-process

then just hit the enable button for strict site isolation.


2 - To enable First-Party Isolation in Firefox

type about:config in the url bar. Search for site isolation and you'll get the following options -
enable first-party isolation in firefox
As you can see the value of privacy.firstparty.isolate is set to false. Double click to set it to true.

restart the browsers for isolation to take effect...
Title: Re: ATTEN. Intel cpu users
Post by: pin on January 11, 2018, 07:37:15 am
Duhh!
My brain didn't celebrate new year, that's all ;) 2018 it should be!
I don't use any chromium/chrome stuff and my FF is updated thx!
Title: Re: ATTEN. Intel cpu users
Post by: spence on January 11, 2018, 02:00:32 pm
It makes me want to build a new AMD based rig.

I have always used AMD CPUs, until building this latest rig. All of AMD's offerings on the shelf last year seemed to be lacking and out of date, while everything I read about them lead me to ditch AMD for this rebuild...
Title: Re: ATTEN. Intel cpu users
Post by: christianvl on January 11, 2018, 02:23:41 pm
It makes me want to build a new AMD based rig.

I have always used AMD CPUs, until building this latest rig. All of AMD's offerings on the shelf last year seemed to be lacking and out of date, while everything I read about them lead me to ditch AMD for this rebuild...

I live in Brazil. You just can't buy a single computer with an AMD processor anymore, they're nowhere to be found. Even visiting AMD's local website, now we're forwarded to online stores abroad. Video cards are still available.
Title: Re: ATTEN. Intel cpu users
Post by: PCNetSpec on January 11, 2018, 06:59:27 pm
The intel microcode has just been updated in the upstream repos

intel-microcode 3.20180108.0~ubuntu16.04.2
Title: Re: ATTEN. Intel cpu users
Post by: pin on January 12, 2018, 01:41:43 am


Skickat från min SM-G900F via Tapatalk

Title: Re: ATTEN. Intel cpu users
Post by: christianvl on January 12, 2018, 07:59:28 pm
Oh my, oh my, here we go, again?

https://arstechnica.com/information-technology/2018/01/researcher-finds-another-security-flaw-in-intel-management-firmware/

Enviado de meu Quantum Fly usando Tapatalk

Title: Re: ATTEN. Intel cpu users
Post by: pin on January 12, 2018, 11:30:46 pm
Yeap...
Here also, https://www.theregister.co.uk/2018/01/12/intel_amt_insecure/

EDIT: But, IMHO this is not as bad. You can still fix it.

Title: Re: ATTEN. Intel cpu users
Post by: DAMIEN1307 on January 14, 2018, 04:46:43 pm
hi PCNetSpec and all others here...when i started this post, I had no idea that in this forum or the other i write to that it was going to be anything like it turned out to be...(the other forum has already hit 20 pages)...i truly didnt realize it in its early stages that this was going to be such a big deal...i figured it to be minor...as you know PCNetSpec...as well as others here, im now up to 25 plus installs of peppermint 8 for other people computers now (mine is the only one on 8.5 respin) and have caught up with all of them at least for the intel processors...
thus far, i have installed intel-microcode 3.20180108.1  amd64.deb...enabled strict isolation on all chrome/chromium, based browsers...1st party isolation on all firefox browsers...and kernel update to 4.13.026...have i missed anything here that you guys with better experience can inform me of...im also including my own inix -Fxz from my bedroom backup computer...have i done everything possible, and have i done it right to the best of my knowledge?...thanks in advance...DAMIEN

Spoiler (click here to view / hide)
[damien1307@DAMIEN1307 ~ $ inxi -Fxz
System:    Host: DAMIEN1307 Kernel: 4.13.0-26-generic x86_64 (64 bit gcc: 5.4.0)
           Desktop: N/A Distro: Peppermint Eight
Machine:   System: Dell (portable) product: Inspiron N5110
           Mobo: Dell model: 034W60 v: A11 Bios: Dell v: A11 date: 08/03/2012
CPU:       Dual core Intel Core i5-2450M (-HT-MCP-) cache: 3072 KB
           flags: (lm nx sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx) bmips: 9976
           clock speeds: max: 3100 MHz 1: 2494 MHz 2: 2494 MHz 3: 2494 MHz
           4: 2494 MHz
Graphics:  Card: Intel 2nd Generation Core Processor Family Integrated Graphics Controller
           bus-ID: 00:02.0
           Display Server: X.Org 1.19.5 drivers: (unloaded: fbdev,vesa)
           Resolution: 1366x768@59.99hz
           GLX Renderer: Mesa DRI Intel Sandybridge Mobile
           GLX Version: 3.0 Mesa 17.0.2 Direct Rendering: Yes
Audio:     Card Intel 6 Series/C200 Series Family High Definition Audio Controller
           driver: snd_hda_intel bus-ID: 00:1b.0
           Sound: Advanced Linux Sound Architecture v: k4.13.0-26-generic
Network:   Card-1: Realtek RTL8101/2/6E PCI Express Fast/Gigabit Ethernet controller
           driver: r8169 v: 2.3LK-NAPI port: e000 bus-ID: 05:00.0
           IF: enp5s0 state: down mac: <filter>
           Card-2: Intel Centrino Wireless-N 1030 [Rainbow Peak]
           driver: iwlwifi bus-ID: 09:00.0
           IF: wlp9s0 state: up mac: <filter>
Drives:    HDD Total Size: 500.1GB (3.0% used)
           ID-1: /dev/sda model: WDC_WD5000BPVT size: 500.1GB
Partition: ID-1: / size: 453G used: 8.3G (2%) fs: ext4 dev: /dev/sda1
           ID-2: swap-1 size: 6.34GB used: 0.00GB (0%) fs: swap dev: /dev/sda5
RAID:      No RAID devices: /proc/mdstat, md_mod kernel module present
Sensors:   System Temperatures: cpu: 46.0C mobo: N/A
           Fan Speeds (in rpm): cpu: N/A
Info:      Processes: 178 Uptime: 13 min Memory: 846.3/5868.4MB
           Init: systemd runlevel: 5 Gcc sys: 5.4.0
           Client: Shell (bash 4.3.481) inxi: 2.2.35
/spoiler]

[close]
Title: Re: ATTEN. Intel cpu users
Post by: PCNetSpec on January 14, 2018, 07:58:26 pm
If you're running Firefox 57.0.4 enabling privacey.fistparty.isolate isn't absolutely necessary .. Mozilla state:-

Quote
Since this new class of attacks involves measuring precise time intervals, as a partial, short-term, mitigation we are disabling or reducing the precision of several time sources in Firefox. The precision of performance.now() has been reduced from 5μs to 20μs, and the SharedArrayBuffer feature has been disabled because it can be used to construct a high-resolution timer.

Though I suppose it can't hurt either as long as it doesn't cause you any problems on sites you use.



I gather until Google release tweaked versions of Chrome/Chromium (probably also with reduced timing precision mitigations) enabling Strict Site Isolation in the chrome://flags is the best you can do .. but it is not a mitigation for Spectre in and of itself.



So I guess YES as long as you're running Firefox 57.0.4 (with or without first party isolation .. your choice), have the new intel microcode, along with the patched kernel, and update Chrome/Chromium as soon as 64 comes out (with or without strict site isolation .. your choice, though I gather that will be enabled by default in 64 anyway, but not directly in response to Spectre) you're already doing everything you can.

But really all of this (except the site isolation which isn't really a mitigation for Spectre in the first place .. but can't hurt either) should be automatically be being done via the update manager .. just stay on top of updates is about the best advice anyone can give you at the moment.



I don't think ANYONE quite knows how deep this particular rabbit hole is going to go, mitigations will be forthcoming as they're discovered .. which really is nothing new ;)

I'm not saying people shouldn't be concerned about Meltdown/Spectre, but to me it's just another possible vulnerability that was discovered and is being mitigated before it ever got leveraged in the wild .. so be aware of it, stay on top of updates, but don't panic ;)
Title: Re: ATTEN. Intel cpu users
Post by: pin on January 15, 2018, 01:29:32 am
Spectre is still alive and kicking
https://gist.github.com/ErikAugust/724d4a969fb2c6ae1bbd7b2a9e3d4bb6

Skickat från min SM-G900F via Tapatalk

Title: Re: ATTEN. Intel cpu users
Post by: PCNetSpec on January 15, 2018, 09:29:23 am
Spectre will never completely go away (until CPU's are completely redesigned), all that can be done is to disrupt the precision timings necessary for a successful external exploit .. there will likely never be a full 'fix' for someone with local access .. but then again if someone has local access and your data isn't encrypted they kinda already own it anyway.
Title: Re: ATTEN. Intel cpu users
Post by: pin on January 15, 2018, 11:06:17 am
Thx

Skickat från min SM-G900F via Tapatalk

Title: Re: ATTEN. Intel cpu users
Post by: spence on January 15, 2018, 01:08:04 pm
The intel microcode has just been updated in the upstream repos

intel-microcode 3.20180108.0~ubuntu16.04.2

Code: [Select]
spence@antec ~ $ sudo apt install intel-microcode
Reading package lists... Done
Building dependency tree       
Reading state information... Done
intel-microcode is already the newest version (3.20180108.0~ubuntu16.04.2).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

yippee....
Title: Re: ATTEN. Intel cpu users
Post by: pin on January 16, 2018, 11:00:31 am
Performance test after Meltdown patches here, https://www.phoronix.com/scan.php?page=article&item=5distros-post-spectre&num=1

Doesn't look that bad, unless you're running  Centos.