ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Major Intel CPU vulnerability

    Scheduled Pinned Locked Moved IT Discussion
    260 Posts 29 Posters 33.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DustinB3403D
      DustinB3403 @IRJ
      last edited by

      @irj said in Major Intel CPU vulnerability:

      @storageninja said in Major Intel CPU vulnerability:

      @irj said in Major Intel CPU vulnerability:

      This might be the worst vulnerability we've seen to date...

      On-Prem datacenters, this is potentially good (It's forcing people to run denser who were not coming close to the limit). people close to the limit will just have to order gear.

      Uh what? Potentially good. Even of you have the extra resources, you paid for them. So how can this be potentially good to lose them?

      It teaches the on-prem staff to learn how to build their systems appropriately.

      IRJI 1 Reply Last reply Reply Quote 0
      • IRJI
        IRJ @DustinB3403
        last edited by

        @dustinb3403 said in Major Intel CPU vulnerability:

        @irj said in Major Intel CPU vulnerability:

        @storageninja said in Major Intel CPU vulnerability:

        @irj said in Major Intel CPU vulnerability:

        This might be the worst vulnerability we've seen to date...

        On-Prem datacenters, this is potentially good (It's forcing people to run denser who were not coming close to the limit). people close to the limit will just have to order gear.

        Uh what? Potentially good. Even of you have the extra resources, you paid for them. So how can this be potentially good to lose them?

        It teaches the on-prem staff to learn how to build their systems appropriately.

        That's like saying me taking 30% of your paycheck teaches you to spend your money appropriately and not be wasteful..

        DustinB3403D 1 Reply Last reply Reply Quote 0
        • DustinB3403D
          DustinB3403 @IRJ
          last edited by

          @irj said in Major Intel CPU vulnerability:

          @dustinb3403 said in Major Intel CPU vulnerability:

          @irj said in Major Intel CPU vulnerability:

          @storageninja said in Major Intel CPU vulnerability:

          @irj said in Major Intel CPU vulnerability:

          This might be the worst vulnerability we've seen to date...

          On-Prem datacenters, this is potentially good (It's forcing people to run denser who were not coming close to the limit). people close to the limit will just have to order gear.

          Uh what? Potentially good. Even of you have the extra resources, you paid for them. So how can this be potentially good to lose them?

          It teaches the on-prem staff to learn how to build their systems appropriately.

          That's like saying me taking 30% of your paycheck teaches you to spend your money appropriately and not be wasteful..

          I might try that.... give m 30% of your paycheck!

          IRJI 1 Reply Last reply Reply Quote 1
          • PenguinWranglerP
            PenguinWrangler @scottalanmiller
            last edited by

            @scottalanmiller said in Major Intel CPU vulnerability:

            @penguinwrangler said in Major Intel CPU vulnerability:

            Even before Ryzen, I have always thought AMD to be a good bang for the buck in the desktop market. Unless you had the need for the extra horsepower from the better Intel chips you could get better bang for the buck from AMD.

            Desktop lacks the licensing complications of the server size. For desktops, before this AMD was still great. But this gives it a HUGE incentive on servers, too!

            I realized that just pointing out the desktop part too. Honestly why go with a Microsoft server the complexity they add with their licensing is reason enough to avoid them. So many ways to offer functions you get with Microsoft servers with Linux.

            1 Reply Last reply Reply Quote 2
            • IRJI
              IRJ @DustinB3403
              last edited by

              @dustinb3403 said in Major Intel CPU vulnerability:

              @irj said in Major Intel CPU vulnerability:

              @dustinb3403 said in Major Intel CPU vulnerability:

              @irj said in Major Intel CPU vulnerability:

              @storageninja said in Major Intel CPU vulnerability:

              @irj said in Major Intel CPU vulnerability:

              This might be the worst vulnerability we've seen to date...

              On-Prem datacenters, this is potentially good (It's forcing people to run denser who were not coming close to the limit). people close to the limit will just have to order gear.

              Uh what? Potentially good. Even of you have the extra resources, you paid for them. So how can this be potentially good to lose them?

              It teaches the on-prem staff to learn how to build their systems appropriately.

              That's like saying me taking 30% of your paycheck teaches you to spend your money appropriately and not be wasteful..

              I might try that.... give m 30% of your paycheck!

              That's basically the same concept as losing 30% resources

              1 Reply Last reply Reply Quote 1
              • DashrenderD
                Dashrender @IRJ
                last edited by

                @irj said in Major Intel CPU vulnerability:

                @storageninja said in Major Intel CPU vulnerability:

                @irj said in Major Intel CPU vulnerability:

                This might be the worst vulnerability we've seen to date...

                On-Prem datacenters, this is potentially good (It's forcing people to run denser who were not coming close to the limit). people close to the limit will just have to order gear.

                Uh what? Potentially good. Even of you have the extra resources, you paid for them. So how can this be potentially good to lose them?

                What's worse is that your power usage will go up as well (likely at least).

                1 Reply Last reply Reply Quote 0
                • black3dynamiteB
                  black3dynamite
                  last edited by

                  So for those that uses only 1 virtual processors for their VMs will be needing to use two now?

                  DustinB3403D scottalanmillerS 2 Replies Last reply Reply Quote 0
                  • DustinB3403D
                    DustinB3403 @black3dynamite
                    last edited by

                    @black3dynamite said in Major Intel CPU vulnerability:

                    So for those that uses only 1 virtual processors for their VMs will be needing to use two now?

                    No. . . 1.3 vCPU rather than 1 vCPU

                    1 Reply Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller @black3dynamite
                      last edited by

                      @black3dynamite said in Major Intel CPU vulnerability:

                      So for those that uses only 1 virtual processors for their VMs will be needing to use two now?

                      No, this affectst he amount of physical CPU you need. How vCPU is affected will be complex and not predictable in that way. That is primarily affected by threading, not per thread performance.

                      1 Reply Last reply Reply Quote 0
                      • dbeatoD
                        dbeato @scottalanmiller
                        last edited by

                        @scottalanmiller said in Major Intel CPU vulnerability:

                        @storageninja said in Major Intel CPU vulnerability:

                        @scottalanmiller said in Major Intel CPU vulnerability:

                        This year has really shown that Intel has no idea what they are doing. Time to get to AMD and ARM procs and stay there.

                        ARM's impacted.

                        How is ARM impacted?

                        @scottalanmiller said in Major Intel CPU vulnerability:

                        @storageninja said in Major Intel CPU vulnerability:

                        @scottalanmiller said in Major Intel CPU vulnerability:

                        This year has really shown that Intel has no idea what they are doing. Time to get to AMD and ARM procs and stay there.

                        ARM's impacted.

                        How is ARM impacted?

                        They are saying all Intel, AMD and ARM devices.
                        https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
                        https://www.wired.com/story/critical-intel-flaw-breaks-basic-security-for-most-computers/

                        scottalanmillerS 2 Replies Last reply Reply Quote 0
                        • scottalanmillerS
                          scottalanmiller @dbeato
                          last edited by

                          @dbeato said in Major Intel CPU vulnerability:

                          @scottalanmiller said in Major Intel CPU vulnerability:

                          @storageninja said in Major Intel CPU vulnerability:

                          @scottalanmiller said in Major Intel CPU vulnerability:

                          This year has really shown that Intel has no idea what they are doing. Time to get to AMD and ARM procs and stay there.

                          ARM's impacted.

                          How is ARM impacted?

                          @scottalanmiller said in Major Intel CPU vulnerability:

                          @storageninja said in Major Intel CPU vulnerability:

                          @scottalanmiller said in Major Intel CPU vulnerability:

                          This year has really shown that Intel has no idea what they are doing. Time to get to AMD and ARM procs and stay there.

                          ARM's impacted.

                          How is ARM impacted?

                          They are saying all Intel, AMD and ARM devices.
                          https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
                          https://www.wired.com/story/critical-intel-flaw-breaks-basic-security-for-most-computers/

                          From what I’ve seen, it’s just Intel making that claim. As they won’t expose what the flaw is, it’s safe to assume that they are lying.

                          1 Reply Last reply Reply Quote 1
                          • dbeatoD
                            dbeato
                            last edited by

                            But AMD states that they are not as below:
                            https://lkml.org/lkml/2017/12/27/2

                            scottalanmillerS 1 Reply Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller @dbeato
                              last edited by

                              @dbeato said in Major Intel CPU vulnerability:

                              @scottalanmiller said in Major Intel CPU vulnerability:

                              @storageninja said in Major Intel CPU vulnerability:

                              @scottalanmiller said in Major Intel CPU vulnerability:

                              This year has really shown that Intel has no idea what they are doing. Time to get to AMD and ARM procs and stay there.

                              ARM's impacted.

                              How is ARM impacted?

                              @scottalanmiller said in Major Intel CPU vulnerability:

                              @storageninja said in Major Intel CPU vulnerability:

                              @scottalanmiller said in Major Intel CPU vulnerability:

                              This year has really shown that Intel has no idea what they are doing. Time to get to AMD and ARM procs and stay there.

                              ARM's impacted.

                              How is ARM impacted?

                              They are saying all Intel, AMD and ARM devices.
                              https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
                              https://www.wired.com/story/critical-intel-flaw-breaks-basic-security-for-most-computers/

                              Any reputable sources? I did a search and came up only with disputed claims by Intel.

                              dbeatoD 1 Reply Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller @dbeato
                                last edited by

                                @dbeato said in Major Intel CPU vulnerability:

                                But AMD states that they are not as below:
                                https://lkml.org/lkml/2017/12/27/2

                                Exactly. Intel just made claims and refuses to verify. I can’t see Intel as an honest source here. Especially given their track record of late.

                                dbeatoD 1 Reply Last reply Reply Quote 0
                                • dbeatoD
                                  dbeato @scottalanmiller
                                  last edited by

                                  @scottalanmiller said in Major Intel CPU vulnerability:

                                  @dbeato said in Major Intel CPU vulnerability:

                                  @scottalanmiller said in Major Intel CPU vulnerability:

                                  @storageninja said in Major Intel CPU vulnerability:

                                  @scottalanmiller said in Major Intel CPU vulnerability:

                                  This year has really shown that Intel has no idea what they are doing. Time to get to AMD and ARM procs and stay there.

                                  ARM's impacted.

                                  How is ARM impacted?

                                  @scottalanmiller said in Major Intel CPU vulnerability:

                                  @storageninja said in Major Intel CPU vulnerability:

                                  @scottalanmiller said in Major Intel CPU vulnerability:

                                  This year has really shown that Intel has no idea what they are doing. Time to get to AMD and ARM procs and stay there.

                                  ARM's impacted.

                                  How is ARM impacted?

                                  They are saying all Intel, AMD and ARM devices.
                                  https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
                                  https://www.wired.com/story/critical-intel-flaw-breaks-basic-security-for-most-computers/

                                  Any reputable sources? I did a search and came up only with disputed claims by Intel.

                                  Phoronix states the following:
                                  https://www.phoronix.com/scan.php?page=news_item&px=x86-PTI-EPYC-Linux-4.15-Test

                                  scottalanmillerS 1 Reply Last reply Reply Quote 0
                                  • dbeatoD
                                    dbeato @scottalanmiller
                                    last edited by

                                    @scottalanmiller said in Major Intel CPU vulnerability:

                                    @dbeato said in Major Intel CPU vulnerability:

                                    But AMD states that they are not as below:
                                    https://lkml.org/lkml/2017/12/27/2

                                    Exactly. Intel just made claims and refuses to verify. I can’t see Intel as an honest source here. Especially given their track record of late.

                                    Another one on ARM
                                    https://lwn.net/Articles/740393/

                                    1 Reply Last reply Reply Quote 0
                                    • scottalanmillerS
                                      scottalanmiller @dbeato
                                      last edited by

                                      @dbeato said in Major Intel CPU vulnerability:

                                      @scottalanmiller said in Major Intel CPU vulnerability:

                                      @dbeato said in Major Intel CPU vulnerability:

                                      @scottalanmiller said in Major Intel CPU vulnerability:

                                      @storageninja said in Major Intel CPU vulnerability:

                                      @scottalanmiller said in Major Intel CPU vulnerability:

                                      This year has really shown that Intel has no idea what they are doing. Time to get to AMD and ARM procs and stay there.

                                      ARM's impacted.

                                      How is ARM impacted?

                                      @scottalanmiller said in Major Intel CPU vulnerability:

                                      @storageninja said in Major Intel CPU vulnerability:

                                      @scottalanmiller said in Major Intel CPU vulnerability:

                                      This year has really shown that Intel has no idea what they are doing. Time to get to AMD and ARM procs and stay there.

                                      ARM's impacted.

                                      How is ARM impacted?

                                      They are saying all Intel, AMD and ARM devices.
                                      https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
                                      https://www.wired.com/story/critical-intel-flaw-breaks-basic-security-for-most-computers/

                                      Any reputable sources? I did a search and came up only with disputed claims by Intel.

                                      Phoronix states the following:
                                      https://www.phoronix.com/scan.php?page=news_item&px=x86-PTI-EPYC-Linux-4.15-Test

                                      Just implies that Intel paid someone to include that on other processors. Not a good sign that it is included without information.

                                      S 1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller
                                        last edited by

                                        With Intel hiding the flaw, no one knows what to patch and what not to. Intel appears to be a very bad actor here. The claims are that this is an Intel bug, which means that there is no association with other processors. Intel claimed others were affected but refused to substantiate the claims. I feel like we are being bullied as an industry by a single, overly large player.

                                        1 Reply Last reply Reply Quote 1
                                        • JaredBuschJ
                                          JaredBusch @scottalanmiller
                                          last edited by

                                          @scottalanmiller said in Major Intel CPU vulnerability:

                                          A base Windows license core count is sixteen. So dual proc EPYC 7251 or single proc 7281, 7301, 7351, or 7351P procs incur no Windows licensing penalties.

                                          This is not correct unless Microsoft has updated their terms in the last 12 months and I have not heard about it.

                                          The core based licensing that came out at the time of Server 2016 is a 16 core minimum, but that is also a 2 socket minimum. Not 16 cores on a single processor.

                                          JaredBuschJ DustinB3403D 2 Replies Last reply Reply Quote 0
                                          • IRJI
                                            IRJ
                                            last edited by

                                            It looks like Google Chrome offers a temp workaround for website browsing.

                                            https://support.google.com/faqs/answer/7622138#chrome

                                            Product Status
                                            Google’s Mitigations Against CPU Speculative Execution Attack Methods
                                            Overview
                                            This document lists affected Google products and their current status of mitigation against CPU speculative execution attack methods. Mitigation Status refers to our mitigation for currently known vectors for exploiting the flaw described in CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754.

                                            The issue has been mitigated in many Google products (or wasn’t an issue in the first place). In some instances users and customers may need to take additional steps to ensure they’re using a protected version of a product, as detailed below.

                                            This list and a product’s status may change as new developments warrant.

                                            Google Products and Services
                                            Product Mitigation Status
                                            Google Infrastructure
                                            The infrastructure that runs Google products (e.g., Search, YouTube, Google Ads products, Maps, Blogger, and other services), and the customer data held by Google, are protected.

                                            No additional user or customer action needed.

                                            Android
                                            On the Android platform, exploitation has been shown to be difficult and limited on the majority of Android devices.

                                            The Android 2018-01-05 Security Patch Level (SPL) includes mitigations reducing access to high precision timers that limit attacks on all known variants on ARM processors. These changes were released to Android partners in December 2017.

                                            Future Android security updates will include additional mitigations. These changes are part of upstream Linux.

                                            Google-supported Android devices include Nexus 5X, Nexus 6P, Pixel C, Pixel/XL, and Pixel 2/XL. Users should accept the monthly updates for January 2018 on Nexus or their partner devices to receive these updates. Pixel devices or partner devices using A/B (seamless) system updates will automatically install these updates; users must restart their devices to complete the installation.

                                            Timing mitigation for ARM processors included in the 2018-01-05 SPL as CVE-2017-13218.

                                            Other Intel and ARM Processor specific fixes provided to partners.

                                            Google Apps / G Suite
                                            The infrastructure that runs G Suite (e.g., Gmail, Calendar, Drive, Docs, and other G Suite services) is protected.

                                            No additional user or customer action needed.

                                            Google Chrome Browser
                                            Current stable versions of Chrome include an optional feature called Site Isolation which can be enabled to provide mitigation by isolating websites into separate address spaces. Learn more about Site Isolation and how to take action to enable it.

                                            Chrome 64, due to be released on January 23, will contain mitigations to protect against exploitation.

                                            Additional mitigations are planned for future versions of Chrome. Learn more about Chrome's response.

                                            Desktop (all platforms), Chrome 63:

                                            Full Site Isolation can be turned on by enabling a flag found at chrome://flags/#enable-site-per-process.
                                            Enterprise policies are available to turn on Site Isolation for all sites, or just those in a specified list. Learn more about Site Isolation by policy.
                                            Android:

                                            Site Isolation is available in chrome://flags but may have additional functionality and performance issues.
                                            iOS:

                                            Chrome on iOS uses Apple’s WKWebView, so JS compilation mitigations are inherited from Apple.

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 12
                                            • 13
                                            • 2 / 13
                                            • First post
                                              Last post