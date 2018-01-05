Nope, No Intel Chip Recall After Spectre and Meltdown, CEO Says (cnet.com) 97
Hoping the Meltdown and Spectre security problems might mean Intel would be buying you a shiny new computer after a chip recall? Sorry, that's not on the cards. From a report: Intel famously paid hundreds of millions of dollars to recall its Pentium processors after the 1994 discovery of the "FDIV bug" that revealed rare but real calculation errors. But Intel CEO Brian Krzanich said the new problems are much more easily fixed -- and indeed are already well on their way to being fixed, at least in the case of Intel-powered PCs and servers. "This is very very different from FDIV," Krzanich said, criticizing media coverage of Meltdown and Spectre as overblown. "This is not an issue that is not fixable... we're seeing now the first iterations of patches." On Thursday, Intel said it was aiming to fix 90 percent of all Intel products that have been introduced within the past year by end of next week. CNET asked if the company was looking at older Intel processors? From the report: "We're working with [computer makers] to determine which ones to prioritize based on what they see as systems in the field," an executive at the company said. Intel also is fixing the problem in future chips, starting with products that will arrive later this year. Intel is effectively taking the software fixes being released now and building them directly into hardware, he said.
It's arguable that the product isn't "defective." It's operating properly and as designed... It just happens that the design has a serious but unintended consequence.
If someone uses a screwdriver to pry open a lock we don't say the screwdriver and/or lock is "defective." Inadequate maybe, but not defective.
This design error contains at least three features worthy of "www.wtf.com":
Like Waze does?
The "scheduled sale" is a lie. No CEO dumps ALL of his stock.
If they schedule the sale in advance and provide the required notice to shareholders, then they are legally able to sell as much stock as they want. If the CEO anticipates a drop or sees turmoil or sees themselves being fired or retiring, they may very well dump all their stock and get more back later through executive stock compensation.
This is a thousand times worse than the FDIV or f00f bugs.
Not sure if it's strictly worse. At least you can do useful work on an airgapped machine. With the FDIV bug, not even a well-secured machine is useful in numerical computing scenarios. Unless you want to patch your compiler to emit a slower (on the average) routine for divisions, that is.
That may be, but considering that the CEO sold millions in stock after learning of the problem, but before the hoi polloi were notified means that the SEC just might be crawling up his ass.
I'm not sure you can even call this a "defect". The CPU is working as advertised, and it's not like it's insecure by design.
Had this problem surfaced in the mid-90s, lots of OS researchers (yes, including Andrew Tanenbaum) would have argued that the CPU wasn't at fault, the operating system was [umass.edu].
It doesn't matter if the original bug is in the HW or not, so long as there is a workaround at some layer (firmware, kernel, etc.). You are beyond naive if you think this is the first time a HW
You constantly use the word mitigate as if a patched workaround making the exploit unusable on the OS level isn't every bit the same thing as a hardware fix making the exploit unusable.
And with first benchmarks out of the patched windows machines showing the performance impact for most normal loads lies somewhere between sweet and fuckall [techspot.com] this really is every bit as overblown as many people are stating.
Software has provided additional layers of protection over hardware since the DOS days. What makes this "m
Have you read a description of the hardware defects? It is exactly like it is insecure by bungling ineptitude and corner cutting
If they advertised these defects, no one would have bought a single chip from them, ever.
Its like selling buckets with hole in and saying "its OK if you carry them real fast".
Intel new about this defect in June. In the seven months since then, it's sold hundreds of millions of CPU it knew were defective, but chose not to disclose that fact. "Caveat Emptor" is not a defense to fraud.
As the AC correctly points out bugs are to be expected and are known to exist. Just read the amount of "will not fix" erratas published by Intel and realize that most erratas that will get fixed will be in later revisions (steppings) and not in currently available chips. The things that do get fixed in released systems are things microcode or feature control hardware can touch.
This isn't unique to Intel of course.
Once the lawsuits come rolling in he won't have a choice. This isn't fixable. The best you can do is mitigate the damage.
It turns out that these new methods of attack affect AMD x86 CPUs, and ARM non-x86 CPUs as well,
so it's a multi-platform weakness that the only hardware safe against are essentially iPad and iPhone.
Someone may TRY to sue Intel over this, but I suspect they will not be successful, since this
isn't defective hardware per se, but hardware that doesn't resist a new kind o
WRONG. The Meltdown attack ONLY AFFECTS INTEL
False; Non-Intel platforms are affected by the same form of problems. The security issue related to Processor Speculation has been Acknowledged by ARM [arm.com],
and furthermore, even the Meltdown paper [meltdownattack.com] points out the same issues existing with at least several example attacks working reliably on the ARM and AMD platforms regarding out-of-order executions And instructions past illegal memory accesses.
Please don't spread your own lie.
ARM has publically stated a number of their CPU designs are affected by these bugs.
Only AMD is denying.
"it isn't his decision" is right, it's a corporate decision made by the lawyers and execs at Intel and released by their leader and figurehead.
You don't want your CPU secure? don't install the software patch and it'll continue to work exactly as it did.
The underlying pattern is exactly the same as the VW scandal. A manufacturer tries to deliver the promised performance, and in order to do so fakes out an emissions test (VW) or builds in a highly insecure procedure (Intel).
At an even simpler level, it is just the battle between quality and quantity. VW and Intel cheated "a little" to provide the promised performance. We can expect a very great deal more of this.
Intel will no doubt copy the big banks by claiming that it is "too big to fail". It would argue that it can't afford to replace all the defective chips, and so it shouldn't be forced to.
The US government regards Intel as a huge asset - just like Microsoft, Oracle, IBM, Google, Facebook, Twitter, etc. - and will certainly take the company's side if it faces a serious threat to its existence.
The underlying pattern is exactly the same as the VW scandal. A manufacturer tries to deliver the promised performance, and in order to do so fakes out an emissions test (VW) or builds in a highly insecure procedure (Intel).
At an even simpler level, it is just the battle between quality and quantity. VW and Intel cheated "a little" to provide the promised performance. We can expect a very great deal more of this.
This is not an Intel only problem; It's a fundamental design flaw (or oversight) that affects most modern processors. While Intel is taking the bulk of the blame on this, my take is this could very well be a catastrophe for smartphones, where each additional clock doesn't just affect performance. Losing a couple of hours a day of battery is pretty significant and quite possible.
This is not an Intel only problem; It's a fundamental design flaw (or oversight) that affects most modern processors. While Intel is taking the bulk of the blame on this, my take is this could very well be a catastrophe for smartphones, where each additional clock doesn't just affect performance. Losing a couple of hours a day of battery is pretty significant and quite possible.
There are two issues: Meltdown, which is easyish to exploit and affects all post-1995 Intel processors and 4, count 'em 4 Arm processors. Then there's Spectre which is hard to exploit and affects some other processors, but mostly Intel. Intel want everyone to believe that this means every vendor's in the same boat. They've done a very good job at this pretence but it is still a pretence. Or, "lie" if you prefer.
Bullshit. The suggestion is frankly completely bonkers - there are no similarities at all!
What you are suggesting is that Intel willingly incorporated a security violating bug in order to gain some performance... How the hell would that work out?
No don't respond as it's obvious you don't know enough to answer.
It found out about the bug in June and continued to sell defective processors for the last seven months.
So yes, Intel willingly incorporated a security violating bug, for at least the last seven months.
Wait, you're saying Intel did this knowing it was a security risk?
I've not heard that allegation even from Intel's strongest critics. Where is the evidence for this?
It found out about the bug in June and continued to sell defective processors for the last seven months.
So yes, Intel knowingly did this, for at least the last seven months.
The underlying pattern is exactly the same as the VW scandal. A manufacturer tries to deliver the promised performance, and in order to do so fakes out an emissions test (VW) or builds in a highly insecure procedure (Intel).
At an even simpler level, it is just the battle between quality and quantity. VW and Intel cheated "a little" to provide the promised performance. We can expect a very great deal more of this.
Wow. So basically your line of thinking is: "Company did something that turned out to be bad. Another company did something that turned out to be bad. Therefore conspiracy!!!!!!"
Please use that grey matter between your ears to maybe read up on the VW scandal and this issue here before you look any more stupid than you already made yourself out to be with this post.
Seeing as replacing every Intel chip sold in the last decade would break the company overnight AND the problem can be patched (with an uncertain performance hit that may negligibly low in most scenarios, but could be ridiculously high in a few), I'm not in the least bit surprised by this.
They're going to have to either kick it up a notch in the next product cycle OR find and release similar vulnerabilities in the competition's product lines or they're going to lose a bit of market share over this, though.
I'd be shocked if they lost a huge portion of the market. There are a lot of PHBs out there who think Intel is the only option.
They're going to have to either kick it up a notch in the next product cycle OR find and release similar vulnerabilities in the competition's product lines
...
The previous Slashdot article [slashdot.org] suggests Intel's spin-doctors are already doing just that.
It's not possible recall all the processors that ever existed. Society doesn't have the resources even to think about such a thing.
Besides, computers run software, which is almost infinitely malleable; it can be crafted to mitigate the problems of hardware—as it has always done. So much of programming is about working around someone else's boneheaded mistakes.
Now, that being said, this is actually a good reason to support FOSS. You cannot trust other people (especially large, flush corporations) to care enough about your particular situation to fix up the software so as to mitigate such problems. If only more software in the world were open to inspection, then at least people who really care could go about fixing things themselves, and the rest of you consumer nitwits could at least benefit from their hard work, too.
We'll get there one day.
I'd like to see an option to return my CPUs for a free fix. For some people the performance loss is significant.
It won't happen because they don't make CPUs for those old sockets any more, and they aren't going to give me a free motherboard and RAM upgrade.
70%?
What's with the obviously crazy people posting about this? Not only here but elsewhere including "articles" (read: crap) claiming the sky is falling and processors as we know them aren't possible anymore...
Intel have a bug that leads to a potential security breach in certain systems under certain circumstances. Yes that's really really bad for some systems including cloud computing farms. It is bad as it opens up other systems for security breaches. But it isn't the end of the world.
30% impact is for so
The specific case of du -s with a non PCID processor is close to a 79% reduction.
probably not, but the ability to read the pipeline contents that was speculative and not used when not in kernel mode probably could be. That would be a significant improvement (like putting passwords on your baby monitor when having sex). Of course with the IoT's track record, that may not be possible either.
If they DON'T fix it, then they may be seriously short of future customers. Now THAT would be a serious financial hit!
i7 to i5 isn't really the right comparison. It's more like switching from a 7800rpm to a 5200rpm disk drive. I/O is going to be impacted. AI, physics, and graphics not at all.
Set-up requires kernel intervention, but you typically do that at the beginning and then everything else bypasses the kernel so while it's I/O, it's I/O that's not kernel bound.
This is distinct from, say, reading files, where every block of data you read needs kernel intervention.
Cloud and VPS services are going to be hammered by this. It's a critical flaw for them and their systems do a massive amount of calling and switching in and out of the hypervisor and every running OS kernel.
Imagine your service suddenly and permanently losses 30% of its capacity. Hundreds of millions of Euros of computing power wiped out. Your customers are pissed because their bills are going up as their apps suddenly need more CPU cycles...
Well, maybe in the veterinary sense, but I didn't plan to buy a castrated CPU.
First, the problem is in the processor logic itself. We're talking about a design flaw that could only "really" be patched by re-etching the silicon. I highly doubt that he has found a way to rework the die. This isn't some BIOS feature we have to patch. Intel's promise now is that they found a way to manage the problem in microcode. And whether the microcode patch will do any good is still to be seen. Personally, my stance is "seeing is believing".
Mostly because there is a second aspect: ALL, and I do mean ALL, possible approaches to fixing this can only be done with a drop in performance. There is no way this can be addressed without taking a performance hit. Especially high I/O applications like database processing is severely affected by the current patches, postgresql cited performance drops of up to 30%.
Simply having the gall to state that this is no reason for a recall takes quite the chutzpah. I kinda wonder whether various high performance data centers will simply swallow this.
The bug primarily affects large cloud vendors like Google, Facebook (who have entire buildings filled with lawyers) and HPC clusters (many of which have law *schools*).
Without the patch, the computers are vulnerable, and large data centers *must* upgrade given the size and value of the target they are. However, the loss in performance may be substantial. I help manage a ~2000 server HPC cluster. If the patch causes us to lose 5% of our performance, that's like throwing 100 computers away. Which is completely and utterly unacceptable, and we as well as others have the resources to make that crystal clear to Intel.
Intel CEO Brian Krzanich said the new problems are much more easily fixed by other people who knew what they were doing. "After all," he continued, "do you want the idiots who did this to work on the fix? You're better off doing it yourself. I'll be at the beach if you need me."
