# By now, everyone has heard about the Intel issue....



## richg99 (Jan 4, 2018)

Here are a couple of fixes that you can do before your own computer gets fixed by its manufacturer.

I run Chrome, so I did it on my Chromebook.

https://www.popularmechanics.com/technology/security/a14616537/meltdown-spectre-exploits-browser-update/?src=nl&mag=pop&list=nl_pnl_news&date=010418


----------



## SeaFaring (Jan 4, 2018)

Yeah, that’s a mess. I think the most likely targets will be cloud providers though. 

This vulnerability mostly makes an existing penetration more serious - as I understand it, it would be unlikely to permit someone to infect your computer from scratch. 

But it’s tailor made to attack the hypervisors that cloud providers use to keep their customers separated even as they share a particular piece of physical infrastructure. 

And the fixes have costs - as much as a 30% slowdown for certain workloads.

What a nightmare...


Sent from my iPhone using Tapatalk


----------



## richg99 (Jan 4, 2018)

From what I read today, from Intel, the fix won't slow the normal user down very much.


----------



## SeaFaring (Jan 5, 2018)

richg99 said:


> From what I read today, from Intel, the fix won't slow the normal user down very much.



It may not slow down your chrome book directly, but it will almost certainly slow down the cloud-based systems that you access with it. 

As usual, XKCD pretty much sums it up for me:








Sent from my iPhone using Tapatalk


----------



## richg99 (Jan 5, 2018)

Trolleys? Heck, just derail them! Ha Ha


----------



## SeaFaring (Jan 6, 2018)

richg99 said:


> Trolleys? Heck, just derail them! Ha Ha



Patches? We don’t need no stinkin’ patches. Just unplug the servers![emoji13]


Sent from my iPhone using Tapatalk


----------



## BillPlayfoot (Jan 7, 2018)

I have no idea what you are talking about.
Chromebook? Trolleys? XKCD? Cloud?
If it is something to do with those pocket computer/cell phone things I am OK. I don't have a cell phone.


----------



## richg99 (Jan 7, 2018)

Actually, it has to do with about 90% of all of the computers in the world. Intel makes tons and tons of chips for computers. 

If you are typing on a computer right now, it is a pretty good bet that you have one of the affected chips in your hands. 

As the article pointed out, many different manufacturers are updating their software to prevent this potential hack, as we speak. 

I happen to use Chrome on my Chromebook and the article had a LINK to a fix which I was to use.... because some vendors and manufacturers are going to be slow to fix the issue on their own.


----------



## SeaFaring (Jan 7, 2018)

BillPlayfoot said:


> I have no idea what you are talking about.
> Chromebook? Trolleys? XKCD? Cloud?
> If it is something to do with those pocket computer/cell phone things I am OK. I don't have a cell phone.



I just reread my post and it’s super long. Sorry about that. I was just making a serious effort at answering your question since it probably does relate to you. 

“Cloud,” in this context, means keeping computer resources on powerful shared servers accessed via the internet by relatively less powerful cheap computers (like tablets, cellphones and basic laptops like Chromebooks). It’s a great thing because it means you don’t have to upgrade your own computer as often or buy as much software. But all of your data is on a computer (actually, a network of multiple computers, but that’s hidden from you, hence “in the clouds”) that you share with many other users. The only things that keep your data private are the security features installed on those servers (the hypervisors I mentioned above are one form of that). 

The attack that Rich brought up can affect almost any computer, but it’s especially dangerous for cloud servers because it’s particularly well suited for attacking those security features that keep different users separate. Also, because one way that businesses in particular use the cloud is to get a “virtual server” which is just a simulated computer using resources assigned to it from the network of actual servers, a bad guy doesn’t even have to got to the trouble of “infecting” a cloud provider the way they would have to to infect Rich’s chromebook. They can just pretend to be a legit business, buy a virtual server from the provider, install software that exploits these weaknesses and break out of their virtual server to mess with other users. 

The trolley problem is a thought experiment about how to make choices between two options. https://en.wikipedia.org/wiki/Trolley_problem the reason it’s relevant here is that CPUs can process data a lot faster than they can pull it out of the computer’s memory. Thus, if you just load a chunk of data, process it, and store it, the CPU spends most of its time just waiting around. Rather than waste all of that potential performance, chipmakers figured out how to make guesses about which data the cpu would need to work on and load two of more pieces of data before they actually know what will be necessary (sending a trolley down both tracks). That means that whenever the CPU needs new data it is probably already loaded so work can begin immediately. But it also means that all the data that was loaded for wrong guesses has to be discarded. (That’s the phantom trolley in the cartoon). Everyone thought this was OK until very recently when people figured how to use that discarded data to let their programs see things about the inner workings of the computer that security features were supposed to conceal from them (phantom trolleys driving through walls). That’s why most of the fixes involve turning off that guessing feature, and for most individuals, that’s fine. But for certain workloads that really benefit from the guessing, the fix slows the computer down a lot because now the CPU is spending a lot more time waiting for data. Unfortunately, cloud providers, who are most at risk from the exploit, also have a lot of the workloads that suffer the most if you turn off the guessing. 

Coming full circle - Rich is absolutely correct that the fix, turning off the guessing, probably won’t slow his computer down much. But what I was pointing out was that if he uses any cloud providers (Office 365 and Dropbox are good examples) those services, websites basically, would slow down even as his own computer is blazing right along. 

XKCD is an online comic drawn by a former NASA physicist that is mostly math, science, and technology jokes. The thing is, even with that narrow focus, he’s published ~2000 cartoons, and there’s a weirdly appropriate or prescient XKCD comic for almost ANY situation involving technology. It’s just a matter of finding it.


Sent from my iPhone using Tapatalk


----------



## SeaFaring (Jan 7, 2018)

Whoops. Double post.


----------



## New River Rat (Jan 8, 2018)

Wow, I'd rather be lucky than good.....Just last week I started noticing my computer slowly becoming janky. Now, it was loaded with protective add-ons via FireFox, and Malware removal tools, registry repair tools, ad/pop-up blockers, you get the picture. Anyway, I re-installed Windows 10, which reverts completely back to ground 0, then re-installed Firefox, along with their add-ons and protective safety peripherals that I had installed prior. 

Then I read this.....timing is everything, I guess. =D>


----------



## LDUBS (Jan 9, 2018)

There is another thread named "You Know Your Getting Old When....". I'm feeling really old when I read these posts! haha


----------



## LastCastIPromise (Jan 10, 2018)

Ah the joys of IT... we're currently working with vendors to begin implementing patches. Part of the problem is that any anti-virus that is used, needs to be updated as well. The kernel calls that are made by the anti-virus need to jive with the security patches that are applied. 

Fun times


----------



## SeaFaring (Jan 12, 2018)

Here is an excellent article on the performance penalties for the updates. 

https://arstechnica.com/gadgets/201...e-and-meltdown-patches-will-hurt-performance/

And it also includes a better description of speculative execution than my prior post, which omitted the fact that it not only loads data from memory, but performs predicted computations as well (sorry about that). 


Sent from my iPhone using Tapatalk


----------

