|
feedmegin posted:I'm not sure why you think that link proves that. BIOS or OS, each will be doing exactly the same thing to update the microcode. There's nothing magic the BIOS does and the OS doesn't to make that happen, it just does it earlier. I'm not sure you know what you're arguing. I assume a microcode update delivered using a BIOS update is tested before release. It's impossible for Microsoft to test all motherboard/CPU combinations for compatibility issues. I assume that's why they're being so conservative with releasing microcode updates through Windows Update. But, let's hope they do it this time.
|
# ? Jan 11, 2018 17:42 |
|
|
# ? Apr 29, 2024 14:40 |
|
Well I was thinking why you would need the mobo manufacturer at all, Intel could just update the driver, or have a patch, in Windows and bypass the mobo manufacturer completely.
|
# ? Jan 11, 2018 18:19 |
|
Fame Douglas posted:I'm not sure you know what you're arguing. I assume a microcode update delivered using a BIOS update is tested before release. It's impossible for Microsoft to test all motherboard/CPU combinations for compatibility issues. I assume that's why they're being so conservative with releasing microcode updates through Windows Update. It's a microcode update for the CPU. It comes from Intel and doesn't vary by motherboard. I mean you could literally take that CPU out and put it in another motherboard at any time. Loading it in the BIOS just means you can install an old or unpatched OS and still be safe. Edit: you know that if the update comes from Windows Update or Debian it's not altering the BIOS itself at all, right? It's loaded by the kernel at boot time in that case. feedmegin fucked around with this message at 18:35 on Jan 11, 2018 |
# ? Jan 11, 2018 18:33 |
|
Fame Douglas posted:DigitalFoundry has a video on gaming performance after these patches: Seems pretty noticeable at times, especially with games like The Witcher 3. https://www.youtube.com/watch?v=LC1WuKdPVCQ Was hoping to see something ground to the single fps range.
|
# ? Jan 11, 2018 19:02 |
|
Fame Douglas posted:lol if you think there aren't tons of weird edge-cases and incompatibilities with patching the microcode through the OS. https://wiki.debian.org/Microcode#Updating_CPU_microcode_within_Debian_.28Intel_or_AMD.29 Yeah, because I trust the same loving Linux people who kept parroting that AMD's Spectre fix was to flat-out disable the branch predictor with being able to read a technical manual well enough to update microcode. feedmegin posted:I'm not sure why you think that link proves that. BIOS or OS, each will be doing exactly the same thing to update the microcode. There's nothing magic the BIOS does and the OS doesn't to make that happen, it just does it earlier. Exactly this. There's a solid 25 pages in the Intel SDM just about how to implement microcode updates both as a BIOS vendor and as an OS vendor, right down to the structure of the microcode blobs themselves. This is open information. The Intel manuals are freely available. They have been for years. AMD's BIOS and Kernel Developer Guides are their equivalent, and are also free (and come with a lot more early-initialization chipset goodies).
|
# ? Jan 11, 2018 19:13 |
|
Kazinsal posted:Yeah, because I trust the same loving Linux people who kept parroting that AMD's Spectre fix was to flat-out disable the branch predictor with being able to read a technical manual well enough to update microcode. Those same loving people who just happen to be a completely different group of people? Debian has nothing to do with OpenSUSE other than packaging some of the same software.
|
# ? Jan 11, 2018 21:59 |
|
Intel hosed up the microcode update for Haswell (Core i3/5/7 4000 series) chips for desktop and mobile and Broadwell (Core i3/5/7 5000 series) chips for mobile http://www.tomshardware.com/news/intel-spectre-bios-crash-broadwell-haswell,36324.html Intel's Management Engine has yet another security exploit https://arstechnica.com/?p=1243291
|
# ? Jan 12, 2018 17:48 |
|
Rastor posted:Intel hosed up the microcode update for Haswell (Core i3/5/7 4000 series) chips for desktop and mobile and Broadwell (Core i3/5/7 5000 series) chips for mobile
|
# ? Jan 12, 2018 17:49 |
|
I’m really getting close to chucking my 4770K and just picking up something Ryzen when Ryzen+ is released...
|
# ? Jan 12, 2018 17:53 |
|
That first one is a problem, but the second one seems really dumb as an exploit. It seems to basically say if you don't change the default password someone could use it.
|
# ? Jan 12, 2018 17:54 |
SourKraut posted:I’m really getting close to chucking my 4770K and just picking up something Ryzen when Ryzen+ is released... Yeah, the only thing stopping me from grabbing a Ryzen+ 6c chip and motherboard when those come out is that I would have to buy more RAM, and ugh @ RAM prices these days. Plus I need to get a new video card some time this year and prices on those have gone insane with all this cryptocurrency nonsense... This is the worst time to build a new computer in ages.
|
|
# ? Jan 12, 2018 17:59 |
|
I hope the FUD causes people to dump 6900Ks and pushes the prices down even further. I'm still pretty sure that's going to be my next CPU. They're already at 500 dollars from 1000 dollars last year.
|
# ? Jan 12, 2018 18:17 |
|
SourKraut posted:I’m really getting close to chucking my 4770K and just picking up something Ryzen when Ryzen+ is released... The question is, "do you need a new CPU this year?" and "does the Meltdown patch affect what you're doing?" Because honestly, I'm probably going to keep this 3770K and move my baby i3 HTPC to AMD and swipe it's old DDR3 memory that is so much more expensive now than when I bought it so at the time, so at the time I bought too much. That'll go into my main machine and I do intend to keep that one around because I am not experiencing slowdowns in any of the things I do (make bad posts here, watch YouTube, play shooters). Craptacular! fucked around with this message at 19:48 on Jan 12, 2018 |
# ? Jan 12, 2018 19:45 |
|
craig588 posted:That first one is a problem, but the second one seems really dumb as an exploit. It seems to basically say if you don't change the default password someone could use it. Default passwords should be randomized in 2018. Something with out of band access should not have the same password for every shipping device.
|
# ? Jan 12, 2018 19:45 |
|
Number19 posted:Default passwords should be randomized in 2018. Something with out of band access should not have the same password for every shipping device. You should tell this to any number of makers of routers, wifi APs, modems, basically anything home-networking involved. (you're still right, of course)
|
# ? Jan 12, 2018 19:54 |
|
DrDork posted:You should tell this to any number of makers of routers, wifi APs, modems, basically anything home-networking involved. I really hope that 2018 is where security becomes a critical part of hardware/software design but in my heart I know the truth is "lol nothing matters"
|
# ? Jan 12, 2018 20:11 |
|
It's gotten to the point where I might just be forced to get a Ryzen+ to replace my i5-760 regardless of my plans. These constant reboots kinda suck, and Intel is just making a complete mess of things.
|
# ? Jan 12, 2018 20:34 |
|
Number19 posted:Default passwords should be randomized in 2018. Something with out of band access should not have the same password for every shipping device. Is out of band access enabled by default too though? I got the impression that physical access is required to set up this "exploit" (to configure the IME for remote access on a fresh system) and you can prevent it through normal configuration (changing the password), which makes it a bit silly since if an attacker has physical access to a machine that isn't already locked down then yeah of course you hosed up. Eletriarnation fucked around with this message at 21:01 on Jan 12, 2018 |
# ? Jan 12, 2018 20:57 |
|
Eletriarnation posted:Is out of band access enabled by default too though? I got the impression that physical access is required to set up this "exploit" (to configure the IME for remote access, which is a supported feature right?) and you can prevent it through normal configuration, which makes it a bit silly since if an attacker has physical access to a machine that isn't already locked down then yeah of course you hosed up. AMT isn't provisioned by default, but this shows that there's no protections against having it unknowingly provisioned short of "admin" as the default AMT password. Intel's guidance to OEMs is to restrict access to the AMT config tool behind a BIOS password. This still requires the end user to setup a BIOS password and to that happening. Some OEMs didn't even follow this guidance, so their laptops are wide open regardless of a BIOS password. There should be no way to provision any of this without some sort of explicit step that only the system owner can take based on information given to them in the box the computer comes with. Everything else is Intel and the OEMs pointing fingers at each other and the consumer. Most consumers who buy laptops with AMT won't even know what it is, how to secure it, and the risks of leaving it unsecured. It's on the designers of such a feature to make it secure out of the box, not the end user to (hopefully) do something.
|
# ? Jan 12, 2018 21:10 |
|
I don't know, to me requiring information from the OEM in order to gain access to a factory-settings IME would be going too far against usability in the name of security. For a lot of used machines that OEM information might not be available. I don't feel like the presence of the IME really changes much for security for most consumers, as someone who left the BIOS unlocked and gave physical access to an attacker would be vulnerable to other attack vectors as well. In my mind, this is basically like saying that the existence of Remote Desktop is a Windows vulnerability because if you left your computer unattended someone could enable it and add an admin account for themselves to log in remotely. Sure, but they could already do any number of terrible things in that situation so how is this meaningfully worse?
|
# ? Jan 12, 2018 22:06 |
|
Eletriarnation posted:I don't know, to me requiring information from the OEM in order to gain access to a factory-settings IME would be going too far against usability in the name of security. For a lot of used machines that OEM information might not be available. I don't feel like the presence of the IME really changes much for security for most consumers, as someone who left the BIOS unlocked and gave physical access to an attacker would be vulnerable to other attack vectors as well. Stuff like this makes "evil maid" attacks FAR easier than they need to be. Now the attacker doesn't even need the laptop to be turned on, just physically present. Physical security is of course very important but we also don't need to go about making it easier on malicious actors than we need to. I'm not sure what's the best way to handle the default credentials on this but what they are doing now is woefully inadequate. This is a powerful feature that allows for invisible access to your laptop, and access to it is effectively not protected at all right now unless the user has the technical know how to lock it out.
|
# ? Jan 12, 2018 22:28 |
|
Rastor posted:Intel hosed up the microcode update for Haswell (Core i3/5/7 4000 series) chips for desktop and mobile and Broadwell (Core i3/5/7 5000 series) chips for mobile
|
# ? Jan 13, 2018 07:44 |
|
craig588 posted:I hope the FUD causes people to dump 6900Ks and pushes the prices down even further. I'm still pretty sure that's going to be my next CPU. They're already at 500 dollars from 1000 dollars last year. Yeah I wouldnt mind a panic sold 6900k to replace my 5820k either..... No bios update for my asus broadwell-e era x99 board yet.
|
# ? Jan 13, 2018 15:08 |
|
track day bro! posted:Yeah I wouldnt mind a panic sold 6900k to replace my 5820k either.....
|
# ? Jan 13, 2018 16:00 |
|
This is the worst. My instincts are to throw my loving 7700k in the trash and buy something else. BUT THERE IS NOTHING TO BUY Worst ever.
|
# ? Jan 13, 2018 16:53 |
|
redeyes posted:This is the worst. My instincts are to throw my loving 7700k in the trash and buy something else. BUT THERE IS NOTHING TO BUY This seems a little hyperbolic to me, givet the that gaming and office productivity tasks are only very minorly affected, barely within the margin of error at all. Like I have no bones in this race, I don't work for intel, I don't care about whose hardware is better. But I find it hard to get too mad about a bug that nobody found for 25 years that costs a small amount of performance. Like, really? That's nobody's fault, you can't assign blame to anyone in particular. Unless you're an enterprise. Then you get your lawyers salivating. E: I'm being genuine here. I get being upset that it sucks, because it does! But I find it really weird to assign blame for a just discovered 25 year old bug. The Iron Rose fucked around with this message at 17:09 on Jan 13, 2018 |
# ? Jan 13, 2018 17:07 |
|
Well it's like I bought a high end system, overclocked it, bought good memory, heatsink, etc, NVMe SSD. It feels lovely to have performance yanked out from under me. I'm not making GBS threads my pants over blame, i'm just the guy that wants a fast system and i/o performance happens to be at the top of my list ;_;
|
# ? Jan 13, 2018 17:19 |
|
redeyes posted:i'm just the guy that wants a fast system And you have one.
|
# ? Jan 13, 2018 17:20 |
|
The Iron Rose posted:This seems a little hyperbolic to me, givet the that gaming and office productivity tasks are only very minorly affected, barely within the margin of error at all. I actually think it’s the incompetency of rushing out microcode updates that cause systems to crash regularly. I get that they want to fix it as soon as possible, but they’ve also had several months to work on it, so it’s odd and frustrating that we’re seeing all these crashes now due to probably rushed microcode updates. I’m really starting to question some of Intel’s engineering competency these days.
|
# ? Jan 13, 2018 17:20 |
|
It went public recently yea. Seems like it could have been used successfully before then. GRINDCORE MEGGIDO fucked around with this message at 17:29 on Jan 13, 2018 |
# ? Jan 13, 2018 17:24 |
|
It was reported back in June.
|
# ? Jan 13, 2018 17:29 |
|
The most frustrating thing about this whole debacle is how amazingly lovely the handling has been. There’s no clear information on what’s affected (you’d think someone would make an info graphic), there’s no easy tool that indicates whether you are patched or not (PowerShell scripts are probably too hard for your average user), tech “journalists” continue to prove they aren’t worthy of respect, and some of the patches make the problem worse. And the internal disclosure was months and months ago. I guess arguably Apple has done the smoothest job so far, but they’ve been loving up in other ways. I know the priority was to handle the largest customers, but I don’t know enough about Web app land to comment on how badly AWS/etc got hosed besides performance losses (I.e., side effects). e: oh but don’t worry, both bugs got cute logos for websites to use in their articles. loving chodes
|
# ? Jan 13, 2018 18:25 |
|
movax posted:The most frustrating thing about this whole debacle is how amazingly lovely the handling has been. There’s no clear information on what’s affected (you’d think someone would make an info graphic), there’s no easy tool that indicates whether you are patched or not (PowerShell scripts are probably too hard for your average user), tech “journalists” continue to prove they aren’t worthy of respect, and some of the patches make the problem worse. Linux (Fedora 27, 4.11) was smooth sailing as well. A lot of people worked fantastically hard to make it happen, but i didn't even noticed. And for my workload i don't see any performance penalty (didn't run actual benchmarks though). I didn't boot windows in months, I'm scared of what will be there when I actually will.
|
# ? Jan 13, 2018 18:43 |
|
movax posted:The most frustrating thing about this whole debacle is how amazingly lovely the handling has been. There’s no clear information on what’s affected (you’d think someone would make an info graphic), there’s no easy tool that indicates whether you are patched or not (PowerShell scripts are probably too hard for your average user), tech “journalists” continue to prove they aren’t worthy of respect, and some of the patches make the problem worse. Exactly! And then people post here asking about info security and are smugly mocked as worrying too much about their cookie receipes. Uh, hello, most of us don't know what the gently caress about any of this and nobody is exactly being forthcoming about it.
|
# ? Jan 13, 2018 18:46 |
|
movax posted:
Please say these were made by Intel.
|
# ? Jan 13, 2018 18:46 |
|
Dadbod Apocalypse posted:And then people post here asking about info security and are smugly mocked as worrying too much about their cookie receipes. Uh, hello, most of us don't know what the gently caress about any of this and nobody is exactly being forthcoming about it. The before-and-after benchmarks of games and normal office applications have been noted, though, as having pretty minimal impact unless your CPU is hilariously old. So, yeah, people complaining bitterly about losing 1-3% or whatever aren't being taken particularly seriously. The rest of it--what's affected, how bad is it really, when are we getting fixes that work, etc., you're absolutely right to be concerned about, though.
|
# ? Jan 13, 2018 18:56 |
redeyes posted:Well it's like I bought a high end system, overclocked it, bought good memory, heatsink, etc, NVMe SSD. It feels lovely to have performance yanked out from under me. I'm not making GBS threads my pants over blame, i'm just the guy that wants a fast system and i/o performance happens to be at the top of my list ;_; Define fast and slow for your use cases.
|
|
# ? Jan 13, 2018 18:58 |
|
Considering chips are largely reviewed as "great" based on pointless (to most) gains, drops in those metrics highlights how crap chip development has been in general really. And there isn't even really the option of feeling good about keeping old hardware: it's nailed even more.
|
# ? Jan 13, 2018 19:01 |
|
My biggest confusion is what risk they pose to an individual user, and nothing really makes that clear. I get the JavaScript thing but doesn’t that require you to be loading sensitive information into the CPU caches with that malicious code actually running? Doesn’t everything else require access to the local machine? I understand the fear/terror for cloud based systems and VMs, but I’m not getting why I should freak out and patch my 3570k when all I do is play video games and read bad forums like this 99% of the time. If I’m doing bank/finance/important poo poo, I generally have nothing open on my machine but that, I’m absolutely not a person with 85 browser tabs open. Am I missing something here?
Mazz fucked around with this message at 19:38 on Jan 13, 2018 |
# ? Jan 13, 2018 19:10 |
|
|
# ? Apr 29, 2024 14:40 |
|
I just realized my primary computer has turned 7 years old. This poor 2600k...
|
# ? Jan 13, 2018 19:33 |