[ / / / / / / / / / / / / / ] [ dir / baaa / choroy / coz / dempart / pol3 / randamu / wmafsex / yuri ]

/tech/ - Technology

Winner of the 77nd Attention-Hungry Games
/x/ - Paranormal Phenomena and The RCP Authority

April 2019 - 8chan Transparency Report
Email
Comment *
Verification *
File
Password (Randomized for file and post deletion; you may also set your own.)
* = required field[▶ Show post options & limits]
Confused? See the FAQ.
Flag
Oekaki
Show oekaki applet
(replaces files and can be used instead)
Options

Allowed file types:jpg, jpeg, gif, png, webm, mp4, pdf
Max filesize is 16 MB.
Max image dimensions are 15000 x 15000.
You may upload 3 per post.


File: ce2ed16f1d1992a⋯.png (808.16 KB, 730x486, 365:243, ClipboardImage.png)

 No.1063509

just

>Security researchers have found a new class of vulnerabilities in Intel chips which, if exploited, can be used to steal sensitive information directly from the processor.

>The bugs are reminiscent of Meltdown and Spectre, which exploited a weakness in speculative execution, an important part of how modern processors work. Speculative execution helps processors predict to a certain degree what an application or operating system might need next and in the near-future, making the app run faster and more efficient. The processor will execute its predictions if they’re needed, or discard them if they’re not. Both Meltdown and Spectre leaked sensitive data stored briefly in the processor, including secrets — such as passwords, secret keys and account tokens, and private messages. Now some of the same researchers are back with an entirely new round of data-leaking bugs.

>“ZombieLoad,” as it’s called, is a side-channel attack targeting Intel chips, allowing hackers to effectively exploit design flaws rather than injecting malicious code. Intel said ZombieLoad is made up of four bugs, which the researchers reported to the chip maker just a month ago. Almost every computer with an Intel chips dating back to 2011 are affected by the vulnerabilities. AMD and ARM chips are not said to be vulnerable like earlier side-channel attacks.

>ZombieLoad takes its name from a “zombie load,” an amount of data that the processor can’t understand or properly process, forcing the processor to ask for help from the processor’s microcode to prevent a crash. Apps are usually only able to see their own data, but this bug allows that data to bleed across those boundary walls. ZombieLoad will leak any data currently loaded by the processor’s core, the researchers said. Intel said patches to the microcode will help clear the processor’s buffers, preventing data from being read.

>Practically, the researchers showed in a proof-of-concept video that the flaws could be exploited to see which websites a person is visiting in real-time, but could be easily repurposed to grab passwords or access tokens used to log into a victim’s online accounts.

>Like Meltdown and Spectre, it’s not just PCs and laptops affected by ZombieLoad — the cloud is also vulnerable. ZombieLoad can be triggered in virtual machines, which are meant to be isolated from other virtual systems and their host device. Daniel Gruss, one of the researchers who discovered the latest round of chip flaws, said it works “just like” it does on PCs and can read data off the processor. That’s potentially a major problem in cloud environments where different customers’ virtual machines run on the same server hardware.

>Although no attacks have been publicly reported, the researchers couldn’t rule them out nor would any attack necessarily leave a trace, they said.

https://archive.is/hDcAY

https://techcrunch.com/2019/05/14/zombieload-flaw-intel-processors/

 No.1063512

Intel is dead as a company until ~2023, when it will probably recover.

nVidia will be dead post 2023.

But this news doesn't have anything to do with that.


 No.1063517

File: 9fea795265ebd21⋯.jpg (86.82 KB, 1200x675, 16:9, Isreal ist unser Unglück.jpg)


 No.1063520

AMD has similar holes as well. The best solution is to attempt to use open instruction sets. PowerShills should know that POWER is owned by IBM and the consortium around it is not free libre at all. Arm is in a similar situation, where it is one liscenser to all manufactures. Await RISC-V or look into older hardware you can trust.


 No.1063547

>ZombieLoad

Waiting for rule 34.

>>1063512

>Intel is dead as a company until ~2023, when it will probably recover.

>nVidia will be dead post 2023.

That would be cool, but who cares? Normies? No they just want to have their botnet running smoothly. Big companies? They don't have any choice, because most software works on x86 or x86_64 processors and operating systems.

That's what happens, when you trust a botnet company.


 No.1063548

>>1063547

>That would be cool, but who cares? Normies? No they just want to have their botnet running smoothly.

this; the goyim don't care about these vulnerabilities they already have their entire lives in the cloud.

the people who do care though are big tech; imagine the financial damage if all the data they collect for sale was dumped for free.


 No.1063549

Who are these (((Security researchers)))?

I would bet anything it's intel themselves. Intel knew damn well these vulnerabilities existed and were exploited by governments but these exploits are stale now and they need to push new chips; they need to get everyone else to stop using these old chips and buy newer botnet with fresh vulnerabilities.


 No.1063559

File: 3f50f706bda28f4⋯.mp4 (8.54 MB, 1280x534, 640:267, EchelonConsipracy-IntelBac….mp4)

>>1063549

> they need to get everyone else to stop using these old chips and buy newer botnet with fresh vulnerabilities.

This. Some subscribers to the (((Intel))) botnet didn't pay the required racket fees so they are pulling the plug on these 0 days.

I mean seriously the company is called INTEL and creates INTELligence chips. How much more obvious do they need to be for people to take notice?


 No.1063563

>>1063559

Interesting aside: The movie (2011) that clip is from was out 2 years before Snowden's revelations (2013).


 No.1063564

>>1063509

>Almost every computer with an Intel chips dating back to 2011 are affected by the vulnerabilities.

Movie: Echelon Conspiracy 2011

I told you but you didn't listen. You should have listened.


 No.1063568

Clearly, this must be because of Unix and C.


 No.1063573

>>1063568

Yes. Massive Unix braindamage here.


 No.1063574

File: 1d55ab444dc5881⋯.mp4 (1.12 MB, 480x360, 4:3, rocket science.mp4)

I wonder where /tech/ would be right now if Jewntel had fallen for the parallelism meme during the Bulldozer days instead of riding the quadcore train for all eternity through sheer force of shilling.

Would there be 12 core CPUs in Thinkpads?


 No.1063579

>amount of data that the processor can’t understand or properly process, forcing the processor to ask for help from the processor’s microcode to prevent a crash

>“ZombieLoad,” as it’s called, is a side-channel attack targeting Intel chips, allowing hackers to effectively exploit design flaws rather than injecting malicious code.

If there's no exploits and no actual technical information about this attack how do I know that this isn't just a bullshit microcode update to ruin processors to make consumers buy the latest thing like the specter microcode updates?

>Although no attacks have been publicly reported, the researchers couldn’t rule them out nor would any attack necessarily leave a trace, they said.

I never recomened updating binary blobs you don't understand or control. Because for all you know it could be malware. If this is an actual problem it needs to be mitigated at a level the user can examine and then trust like the kernel or compiler level. Otherwise fuck you kikes for trying to install malware and destroy perfectly usable computers.


 No.1063582

>>1063568

Yes, this vulnerability does not effect single user workstations.

>>1063579

There's PoC on github linked from the website


 No.1063585

>>1063520

but where are the proofs


 No.1063622

>>1063512

its probably one of those too big to fail companies so you fantasies might not become true in our lifetime


 No.1063624

>>1063622

You're retarded. Intel Chips will stay at 14nm until 2023, Intel itself said that, their 10nm ones will be for special cases, not on their mainlines CPUs.

Meanwhile AMD is already on 7nm and Zen 4 will be 5nm.

AMD is also coming with 16 core processors with 4 threads per core. If you're a gaymer you might not benefit immediately from this, but every professional will. I work with CAD programs for civil engineering and this will be a blessing for calculations, that often take hours to process.

AMD is already eating up Intel market share, specially for servers. Next gen consoles will all use AMD APUs as well.

So tell me how smart you are now for not knowing any of this.

As I said, Intel will probably rebound after 2023, as they'll probably figure it out how to go to 7nm, but not before that.


 No.1063642

File: e720fbe0c515e7a⋯.png (80.8 KB, 746x768, 373:384, intelvsamd.png)

>>1063624

>Intel will probably rebound after 2023

>rebound

hmmmm


 No.1063643

>>1063624

Would Intel be inclined to invest in NVCTs/Optical computing or will they just go under in a wave of screeching as AMD becomes the new Intel and technology stagnates for another decade or so?

Will Google buy Intel provided the latter fails to recover?


 No.1063662

>>1063642

2019~2023 AMD is going to dramatically increase its market share.

Actually, did you understand anything I said above?

>>1063643

I don't think AMD will become the new Intel. By 2023, the market could be split 50/50.

After 2023 things are uncertain. It seems every trump card is being unleashed now and a decade of stagnation after is very likely.


 No.1063680

File: 6ccc139c475a81d⋯.jpg (343.92 KB, 1920x1079, 1920:1079, Intel Roadmap.jpg)

File: 5485f143bbfa054⋯.jpg (113.95 KB, 1024x768, 4:3, TSMC roadmap.jpg)

File: 38577ba392c72fd⋯.png (37.22 KB, 800x450, 16:9, Samsung Roadmap.png)

>>1063624

>>1063642

TSMC is going to have 5nm next year. Intel is planning 7nm in 2021. Samsung also already has 7nm chips in their latest phones.

https://www.extremetech.com/computing/289157-tsmc-completes-5nm-node-design-node-in-risk-production


 No.1063683

File: 7a1d714536d4436⋯.png (151.24 KB, 1024x768, 4:3, tao-2-1024x768.png)

File: e6d139f786940cc⋯.jpg (37.47 KB, 1024x86, 512:43, turbine-large-1024x86.jpg)

File: 8745c7bac782d16⋯.jpg (102.42 KB, 638x826, 319:413, leaked-documents-by-edward….jpg)

bump for freedom


 No.1063697

>>1063680

Feature size is not the whole story. You know a lot less than you think you do.


 No.1063698

>>1063697

Very informative. Thanks.


 No.1063703

>>1063680

>TSMC is going to have 5nm next year.

AMD's foundry. Also, using high density for AMD, 5nm+.

https://wccftech.com/amd-zen-4-ryzen-and-epyc-5nm-cpu-80-percent-higher-transistors/

>Intel is planning 7nm in 2021.

They'll skip 10nm. But their plans are dire - the same problems afflicting their 10nm is also affecting their 7nm, mainly manufacturing problems. They use their own foundries.

Also, by the time Intel gets 7nm (if they fix their shit) AMD will be on 5nm.

In fact, the High End AMD Zen 3 APU (Arcturus) could actually be as powerful as a 1080Ti graphically.

Also, Intel is massively behind Core-wise and Thread-wise, it's like they froze in time.

Intel will be extremely behind, and nVidia will start fading into irrelevance.

>Samsung also already has 7nm chips in their latest phones.

Yes, but this doesn't affect AMD vs Intel.


 No.1063707

>>1063520

>look into older hardware you can trust

What are the safest x86-64 compatible platforms which are still usable and acceptably power-efficient? Core2?


 No.1063708

>>1063703

>all this AMD/intel botnet

Once the stagnation happens for both amd and intel, which will be soon, then libre is the future. Why libre? Because you can optimize everything about it for maximum performance and security vs vendor lock in with propritary blobs like all AMD CPU/GPU's have and all intel processors/GPU's after haswell have. Atleast with intel, ancient AMD GPU's, and semi-old nvidia GPU's you can have libre everything. But anything brand new is fucking botnet and a waste of money that could be trashed at the whim of a bios/uefi update or a microcode update because you can't see the souce code to verify what it is doing.

Plus unless you are running a web facing server, doing video huge amounts of video encoding, and or are doing extremely parrellel processing workloads there's literally no performance reason to upgrade besides MAYBE battery life/performance per watt. The web facing servers shouldn't be using x86 anyways and should have jumped ship to RISC-V or POWER9 hardware already. The video encoders are kinda screwed for FOSS solutions. The extremely parrellel proccesing workloads can use heavily optimized older CPU's or POWER9/talos.

ARM and newer X86 are inherently botnet and should be avoided if you use libre software as you can just recompile it for such anyways. You should not be using non-libre software because you can't improve its performance nor audit it for security holes.


 No.1063711

>>1063708

I wonder how much % performance AMD/Jewtel sacrifice on their glownigger hardware backdoors, its literally manufactured in chip design. Anyone know?


 No.1063727

>>1063707

Possibly, at least the earlier chipsets can be librebooted https://libreboot.org/docs/hardware/#list-of-supported-hardware

Too bad I'm still running a Phenom desktop.


 No.1063734

>>1063711

Actually, ironically enough, the specter vulnerability is a problem because it was a feature meant to increase performance for shitty programs. It abuses out of order execution. Which is a performance clutch for programs that can't keep their order correct mind you on x86 you are forced to use the OOE scheduler and have no choice even if your program is good enough to be in order.

But if you mean measurable loss then look at the secondary proccessor for intel ME and AMD PSP, it uses 1-2w of power which is a total waste for what could be going to the CPU. Then there's the MMU which uses like 0.5 watts which is a total waste that could be mitigated by better programming. The PCI-E/PCI controller is uneccessary since the processor can directly adress the PCI/E space which would increase performance unless you need more then 3-5 pcie devices. DRAM in excessive amounts wastes energy and thereby performance, if you use 256MB of RAM you should only have 256MB of physical RAM. All this energy/watt wasted creates heat and slows everything down like contributing to overheating the processor. There a bunch of little things like this that really add up and waste energy/performance on modern computers because either programers and programs are shit or because its a forced meme like intel ME/AMD PSP.


 No.1063738

>>1063703

>Intel is massively behind Core-wise and Thread-wise, it's like they froze in time.

That's what you get for ruining technological progress by way of paying vidya devs to optimize for 4 core 4 threads only so the bad goys with their novel approach to multi-core parallelism don't get off the ground.

Then you sit around peddling endless amounts of quad core rehashes advertised by gayman benchmarks and Jewtubers while the bad goy competitor suffers enough for your ol' pal Nvidia to steamlol them by doing the same as you, leading to total tech stagnation by CY+0.

>>1063734

>DRAM in excessive amounts wastes energy and thereby performance, if you use 256MB of RAM you should only have 256MB of physical RAM. All this energy/watt wasted creates heat and slows everything down like contributing to overheating the processor.

MRAM when?


 No.1063740

>>1063734

>DRAM in excessive amounts wastes energy and thereby performance

But reddit told me its good for Windows 10 to use 15GB at idle, because it will make my handful of 50MB programs run faster


 No.1063758

>>1063740

>handful of 50MB programs

Fucking bloat. My browser doesn't even use 50MB as it uses 49MB after an insane amount of optimization and no I don't use a text browser. It is a firefox derivative. Mind you the 49MB is the second highest thing The first is the linux kernel topping out at 80MB in memory after optimization short of editing source code or disabling netfilters/GPU drivers used for ram on my system and that's fucking bloat. I would really like to bring everything down to 128MB for a GUI similar to windows XP realistically, but I still yearn for 640K. mind you this is before using something like uclibc or a 16/32 bit data bus for smaller size of everything allocated, 64 bit is useful for compiling huge stuff like gcc/clang with many threads or jobs


 No.1063767

>>1063582

Well I compiled the attacker and client proof of concept code and it doesn't work/retrieve the secret data on haswell series intel CPU's with my setup as root or a user.


 No.1063769

>>1063767

<ZombieLoad will leak any data currently loaded by the processor’s core

Well I think I got the attacker POC to work now. I had to start very heavy processor activity for anything to show up and even then its meaningless gibberish and it complains about

>Could not get physical address! Did you start as root?

When I start as root after disabling the exit() call in the file. I am not sure if this is just a hoax or if someone can explain what is going on here. As nothing even happens if I go about my day to day computer activities like shitposting and music. Maybe having too light of weight activities bypassess the forced memory transformations in the microcode and thereby leaks no secrets? Anyways having the attack program running uses like 12% of my proccessor anyways while it does nothing.


 No.1063953

>>1063520

Any proof AMD is vulnerable to something similar?


 No.1064048

>>1063509

Best part of this is that you need to disable SMT for the Linux kernel patches to provide any protection, see

https://linuxreviews.org/Microarchitectural_Data_Sampling:_The_Latest_Side-Channel_Vulnerability_In_Intel_CPUs

Congratulations, your Intel 8 thread CPU is now a 4 thread CPU.


 No.1064050

File: a7796efdbc0af2a⋯.webm (155.56 KB, 480x360, 4:3, Wir Müssen Die Juden Ausr….webm)

>>1063509

When will it end ?


 No.1064054

>>1063734

>unless you need more then 3-5 pcie devices

>on a home computer

You fucking kidding me? What would I connect to it? I don't think I can use 3 GPUs at once. I could connect a superfluous soundcard with the same shit as already on the motherboard and I can't think of anything more. Maybe an ethernet card?

>POWER9

Isn't that stuff really expensive?

If it's reasonably priced, hopefully soon anon.

https://www.powerpc-notebook.org/en/

>ARM and newer X86 are inherently botnet

>ARM

Why? Once it gets UEFI/some BIOS it would be a free platform, right?

>>1064050

Hitler never said that. 100% amerimutt propaganda.


 No.1064067

>>1064054

>Isn't that stuff really expensive?

The Power9 motherboards are (cheapest one is around $1K), but the chip prices aren't that much different than what Intel and AMD are offering these days.


 No.1064070

>>1064067

See? That's what I'm talking about.

Why would anyone buy a 1k$ laptop?


 No.1064072

>>1063953

Not that guy (and very happily running an EPYC machine) but it's pretty unlikely that AMD doesn't have any timing side channels in their OOO silicon.

This whole debacle is certainly making it more interesting to research in-order processors with exposed pipelines again.


 No.1064083

>>1064070

It's because of bulk pricing. The people making the hardware are ordering much smaller batches, so the price per unit is going to be higher than what you'd spend on a device that uses an Intel motherboard and chip.


 No.1064084

>>1064083

*The people designing the hardware...


 No.1064100

>>1063509

Fuck.

So what choice do we have ?

EO-meme68 ? Expensive Talos system (which needs a fucking GPU..) ?

Screw you optics fam, i'm tired by this shit :

kernel /boot/lincuck quiet pti=off spectre_v2=off l1tf=off mds=off nospec_store_bypass_disable no_stf_barrier


 No.1064112

File: 8329e0a2e60d60a⋯.png (187.31 KB, 617x793, 617:793, intel.png)

I want to shed light on some things.

The first machine capable of out of order code execution was CDC 6600 (1964) and ARPANET was not established until 1969. So dynamic code execution was originally meant to be a performance enhancement back when computers were pretty slow.

Here's the thing. AOL (a company who's purpose was to gather information on Americans) became a thing around 1995 along with Intel's Pentium chips and of course Windows 95. I would guess deliberate backdoors by hardware companies started about that time. Some people were saying that this really didn't happen until Pentium 4.

I've looked into Spectre/NetSpectre a little bit but it's lower level than I understand. I've talked to one of the researchers and asked him if you can do anything useful with NetSpectre like dump an SSH key. He said he hadn't tried it.

It looks like this new generation of side channel attack could actually be used for dumping keys or password hashes for remote authentication. That's pretty fucking cool. Security researchers who figure out this really low level shit are pretty smart.

https://zombieloadattack.com/zombieload.pdf

>>1063643

If you intel's general stock trends since they went public, it's pretty obvious that they will recover.

>>1063662

It would be cool if they made RISCV chips that didn't cost an arm and a leg. Maybe that will happen some day.


 No.1064198

>>1064054

ARM is where intel/amd copied the ME/PSP from, on ARM its called ARM trustzone. Its actually worse then the PSP/ME because instead of being a dedicated coproccessor it takes up die space and instructions on the main proccessor. It had extras features that are bloat and backdoors at the same time like a securezone vs non securezone which is just a copy of the linux kernel's userland vs kernel thing in a sense.


 No.1064200

an in reality its nothing just like all the other vulnerabilities that no one has exploited yet.


 No.1064203

>>1063509

haswell saves me again




[Return][Go to top][Catalog][Nerve Center][Cancer][Post a Reply]
Delete Post [ ]
[]
[ / / / / / / / / / / / / / ] [ dir / baaa / choroy / coz / dempart / pol3 / randamu / wmafsex / yuri ]