Jump to content
kevinkin

Chip Flaws: in case you missed this

Recommended Posts

Oh yeah loads of fun there. This article has a nice little tid bit: https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/

"The fix is to separate the kernel's memory completely from user processes using what's called Kernel Page Table Isolation, or KPTI. At one point, Forcefully Unmap Complete Kernel With Interrupt Trampolines, aka ****WIT, was mulled by the Linux kernel team, giving you an idea of how annoying this has been for the developers."

LOL

Share this post


Link to post
Share on other sites

Got the Window 10 update last night that I presume contains the "fix" for this. Then I got my first ever BSOD on this machine a few hours later. 

Share this post


Link to post
Share on other sites

Pre and post patched Win 10 CM benchmarks need to be completed. The gaming industry is posting results for their products. Albeit players mostly. 

Maybe this will go away for our narrow purposes and we will see no performance hits. This is a rather big event never-the-less. Heads up. 

Kevin

Share this post


Link to post
Share on other sites
5 hours ago, Vanir Ausf B said:

Got the Window 10 update last night that I presume contains the "fix" for this. Then I got my first ever BSOD on this machine a few hours later. 

hmm interesting as I am noticing some less than stellar behavior in certain instances as well.  So far none affecting CM though.

Share this post


Link to post
Share on other sites
Posted (edited)

Surprised the malicious code can be written in JS and it's short. Two articles for those interested in going under the hood: 

https://www.react-etc.net/entry/exploiting-speculative-execution-meltdown-spectre-via-javascript

https://react-etc.net/page/meltdown-spectre-javascript-exploit-example

I am a hobbyist programmer. I thought that since JS can only run in a browser environment, the browser would provide security against this type of malicious code  i.e. writing or reading directly from memory. I can see it with assembly or C. What makes JS so dangerous is the code can be pushed to the local computer by an unwitting web surfer. 

Kevin

Edited by kevinkin

Share this post


Link to post
Share on other sites
On ‎05‎/‎01‎/‎2018 at 8:16 PM, Vanir Ausf B said:

Got the Window 10 update last night that I presume contains the "fix" for this. Then I got my first ever BSOD on this machine a few hours later.

You clearly crashed the NSA's warez.....Watch your back dude!  :ph34r:

Share this post


Link to post
Share on other sites

Funny you mention the NSA. There was some speculation originally that the Meltdown and Spectre vulnerabilities were identified by the Agency and entered the public domain via the leaks last Spring. 

Kevin

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×