Major Intel CPU vulnerability
-
@irj said in Major Intel CPU vulnerability:
@storageninja said in Major Intel CPU vulnerability:
@irj said in Major Intel CPU vulnerability:
This might be the worst vulnerability we've seen to date...
On-Prem datacenters, this is potentially good (It's forcing people to run denser who were not coming close to the limit). people close to the limit will just have to order gear.
Uh what? Potentially good. Even of you have the extra resources, you paid for them. So how can this be potentially good to lose them?
It teaches the on-prem staff to learn how to build their systems appropriately.
-
@dustinb3403 said in Major Intel CPU vulnerability:
@irj said in Major Intel CPU vulnerability:
@storageninja said in Major Intel CPU vulnerability:
@irj said in Major Intel CPU vulnerability:
This might be the worst vulnerability we've seen to date...
On-Prem datacenters, this is potentially good (It's forcing people to run denser who were not coming close to the limit). people close to the limit will just have to order gear.
Uh what? Potentially good. Even of you have the extra resources, you paid for them. So how can this be potentially good to lose them?
It teaches the on-prem staff to learn how to build their systems appropriately.
That's like saying me taking 30% of your paycheck teaches you to spend your money appropriately and not be wasteful..
-
@irj said in Major Intel CPU vulnerability:
@dustinb3403 said in Major Intel CPU vulnerability:
@irj said in Major Intel CPU vulnerability:
@storageninja said in Major Intel CPU vulnerability:
@irj said in Major Intel CPU vulnerability:
This might be the worst vulnerability we've seen to date...
On-Prem datacenters, this is potentially good (It's forcing people to run denser who were not coming close to the limit). people close to the limit will just have to order gear.
Uh what? Potentially good. Even of you have the extra resources, you paid for them. So how can this be potentially good to lose them?
It teaches the on-prem staff to learn how to build their systems appropriately.
That's like saying me taking 30% of your paycheck teaches you to spend your money appropriately and not be wasteful..
I might try that.... give m 30% of your paycheck!
-
@scottalanmiller said in Major Intel CPU vulnerability:
@penguinwrangler said in Major Intel CPU vulnerability:
Even before Ryzen, I have always thought AMD to be a good bang for the buck in the desktop market. Unless you had the need for the extra horsepower from the better Intel chips you could get better bang for the buck from AMD.
Desktop lacks the licensing complications of the server size. For desktops, before this AMD was still great. But this gives it a HUGE incentive on servers, too!
I realized that just pointing out the desktop part too. Honestly why go with a Microsoft server the complexity they add with their licensing is reason enough to avoid them. So many ways to offer functions you get with Microsoft servers with Linux.
-
@dustinb3403 said in Major Intel CPU vulnerability:
@irj said in Major Intel CPU vulnerability:
@dustinb3403 said in Major Intel CPU vulnerability:
@irj said in Major Intel CPU vulnerability:
@storageninja said in Major Intel CPU vulnerability:
@irj said in Major Intel CPU vulnerability:
This might be the worst vulnerability we've seen to date...
On-Prem datacenters, this is potentially good (It's forcing people to run denser who were not coming close to the limit). people close to the limit will just have to order gear.
Uh what? Potentially good. Even of you have the extra resources, you paid for them. So how can this be potentially good to lose them?
It teaches the on-prem staff to learn how to build their systems appropriately.
That's like saying me taking 30% of your paycheck teaches you to spend your money appropriately and not be wasteful..
I might try that.... give m 30% of your paycheck!
That's basically the same concept as losing 30% resources
-
@irj said in Major Intel CPU vulnerability:
@storageninja said in Major Intel CPU vulnerability:
@irj said in Major Intel CPU vulnerability:
This might be the worst vulnerability we've seen to date...
On-Prem datacenters, this is potentially good (It's forcing people to run denser who were not coming close to the limit). people close to the limit will just have to order gear.
Uh what? Potentially good. Even of you have the extra resources, you paid for them. So how can this be potentially good to lose them?
What's worse is that your power usage will go up as well (likely at least).
-
So for those that uses only 1 virtual processors for their VMs will be needing to use two now?
-
@black3dynamite said in Major Intel CPU vulnerability:
So for those that uses only 1 virtual processors for their VMs will be needing to use two now?
No. . . 1.3 vCPU rather than 1 vCPU
-
@black3dynamite said in Major Intel CPU vulnerability:
So for those that uses only 1 virtual processors for their VMs will be needing to use two now?
No, this affectst he amount of physical CPU you need. How vCPU is affected will be complex and not predictable in that way. That is primarily affected by threading, not per thread performance.
-
@scottalanmiller said in Major Intel CPU vulnerability:
@storageninja said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
This year has really shown that Intel has no idea what they are doing. Time to get to AMD and ARM procs and stay there.
ARM's impacted.
How is ARM impacted?
@scottalanmiller said in Major Intel CPU vulnerability:
@storageninja said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
This year has really shown that Intel has no idea what they are doing. Time to get to AMD and ARM procs and stay there.
ARM's impacted.
How is ARM impacted?
They are saying all Intel, AMD and ARM devices.
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
https://www.wired.com/story/critical-intel-flaw-breaks-basic-security-for-most-computers/ -
@dbeato said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@storageninja said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
This year has really shown that Intel has no idea what they are doing. Time to get to AMD and ARM procs and stay there.
ARM's impacted.
How is ARM impacted?
@scottalanmiller said in Major Intel CPU vulnerability:
@storageninja said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
This year has really shown that Intel has no idea what they are doing. Time to get to AMD and ARM procs and stay there.
ARM's impacted.
How is ARM impacted?
They are saying all Intel, AMD and ARM devices.
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
https://www.wired.com/story/critical-intel-flaw-breaks-basic-security-for-most-computers/From what I’ve seen, it’s just Intel making that claim. As they won’t expose what the flaw is, it’s safe to assume that they are lying.
-
But AMD states that they are not as below:
https://lkml.org/lkml/2017/12/27/2 -
@dbeato said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@storageninja said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
This year has really shown that Intel has no idea what they are doing. Time to get to AMD and ARM procs and stay there.
ARM's impacted.
How is ARM impacted?
@scottalanmiller said in Major Intel CPU vulnerability:
@storageninja said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
This year has really shown that Intel has no idea what they are doing. Time to get to AMD and ARM procs and stay there.
ARM's impacted.
How is ARM impacted?
They are saying all Intel, AMD and ARM devices.
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
https://www.wired.com/story/critical-intel-flaw-breaks-basic-security-for-most-computers/Any reputable sources? I did a search and came up only with disputed claims by Intel.
-
@dbeato said in Major Intel CPU vulnerability:
But AMD states that they are not as below:
https://lkml.org/lkml/2017/12/27/2Exactly. Intel just made claims and refuses to verify. I can’t see Intel as an honest source here. Especially given their track record of late.
-
@scottalanmiller said in Major Intel CPU vulnerability:
@dbeato said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@storageninja said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
This year has really shown that Intel has no idea what they are doing. Time to get to AMD and ARM procs and stay there.
ARM's impacted.
How is ARM impacted?
@scottalanmiller said in Major Intel CPU vulnerability:
@storageninja said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
This year has really shown that Intel has no idea what they are doing. Time to get to AMD and ARM procs and stay there.
ARM's impacted.
How is ARM impacted?
They are saying all Intel, AMD and ARM devices.
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
https://www.wired.com/story/critical-intel-flaw-breaks-basic-security-for-most-computers/Any reputable sources? I did a search and came up only with disputed claims by Intel.
Phoronix states the following:
https://www.phoronix.com/scan.php?page=news_item&px=x86-PTI-EPYC-Linux-4.15-Test -
@scottalanmiller said in Major Intel CPU vulnerability:
@dbeato said in Major Intel CPU vulnerability:
But AMD states that they are not as below:
https://lkml.org/lkml/2017/12/27/2Exactly. Intel just made claims and refuses to verify. I can’t see Intel as an honest source here. Especially given their track record of late.
Another one on ARM
https://lwn.net/Articles/740393/ -
@dbeato said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@dbeato said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@storageninja said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
This year has really shown that Intel has no idea what they are doing. Time to get to AMD and ARM procs and stay there.
ARM's impacted.
How is ARM impacted?
@scottalanmiller said in Major Intel CPU vulnerability:
@storageninja said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
This year has really shown that Intel has no idea what they are doing. Time to get to AMD and ARM procs and stay there.
ARM's impacted.
How is ARM impacted?
They are saying all Intel, AMD and ARM devices.
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
https://www.wired.com/story/critical-intel-flaw-breaks-basic-security-for-most-computers/Any reputable sources? I did a search and came up only with disputed claims by Intel.
Phoronix states the following:
https://www.phoronix.com/scan.php?page=news_item&px=x86-PTI-EPYC-Linux-4.15-TestJust implies that Intel paid someone to include that on other processors. Not a good sign that it is included without information.
-
With Intel hiding the flaw, no one knows what to patch and what not to. Intel appears to be a very bad actor here. The claims are that this is an Intel bug, which means that there is no association with other processors. Intel claimed others were affected but refused to substantiate the claims. I feel like we are being bullied as an industry by a single, overly large player.
-
@scottalanmiller said in Major Intel CPU vulnerability:
A base Windows license core count is sixteen. So dual proc EPYC 7251 or single proc 7281, 7301, 7351, or 7351P procs incur no Windows licensing penalties.
This is not correct unless Microsoft has updated their terms in the last 12 months and I have not heard about it.
The core based licensing that came out at the time of Server 2016 is a 16 core minimum, but that is also a 2 socket minimum. Not 16 cores on a single processor.
-
It looks like Google Chrome offers a temp workaround for website browsing.
https://support.google.com/faqs/answer/7622138#chrome
Product Status
Google’s Mitigations Against CPU Speculative Execution Attack Methods
Overview
This document lists affected Google products and their current status of mitigation against CPU speculative execution attack methods. Mitigation Status refers to our mitigation for currently known vectors for exploiting the flaw described in CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754.The issue has been mitigated in many Google products (or wasn’t an issue in the first place). In some instances users and customers may need to take additional steps to ensure they’re using a protected version of a product, as detailed below.
This list and a product’s status may change as new developments warrant.
Google Products and Services
Product Mitigation Status
Google Infrastructure
The infrastructure that runs Google products (e.g., Search, YouTube, Google Ads products, Maps, Blogger, and other services), and the customer data held by Google, are protected.No additional user or customer action needed.
Android
On the Android platform, exploitation has been shown to be difficult and limited on the majority of Android devices.The Android 2018-01-05 Security Patch Level (SPL) includes mitigations reducing access to high precision timers that limit attacks on all known variants on ARM processors. These changes were released to Android partners in December 2017.
Future Android security updates will include additional mitigations. These changes are part of upstream Linux.
Google-supported Android devices include Nexus 5X, Nexus 6P, Pixel C, Pixel/XL, and Pixel 2/XL. Users should accept the monthly updates for January 2018 on Nexus or their partner devices to receive these updates. Pixel devices or partner devices using A/B (seamless) system updates will automatically install these updates; users must restart their devices to complete the installation.
Timing mitigation for ARM processors included in the 2018-01-05 SPL as CVE-2017-13218.
Other Intel and ARM Processor specific fixes provided to partners.
Google Apps / G Suite
The infrastructure that runs G Suite (e.g., Gmail, Calendar, Drive, Docs, and other G Suite services) is protected.No additional user or customer action needed.
Google Chrome Browser
Current stable versions of Chrome include an optional feature called Site Isolation which can be enabled to provide mitigation by isolating websites into separate address spaces. Learn more about Site Isolation and how to take action to enable it.Chrome 64, due to be released on January 23, will contain mitigations to protect against exploitation.
Additional mitigations are planned for future versions of Chrome. Learn more about Chrome's response.
Desktop (all platforms), Chrome 63:
Full Site Isolation can be turned on by enabling a flag found at chrome://flags/#enable-site-per-process.
Enterprise policies are available to turn on Site Isolation for all sites, or just those in a specified list. Learn more about Site Isolation by policy.
Android:Site Isolation is available in chrome://flags but may have additional functionality and performance issues.
iOS:Chrome on iOS uses Apple’s WKWebView, so JS compilation mitigations are inherited from Apple.
