Major Intel CPU vulnerability
-
@tim_g said in Major Intel CPU vulnerability:
I want to know how this effects hosts... does just the host need patched, or every VM?
Every VM.
-
@eddiejennings said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
@dashrender said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
In addition to OS patches, I assume we ought to be looking for BIOS updates as well, which, with many of our ancient desktops, there will probably be none.
I don't expect any for my 3 year old laptops, let alone my 5-7 year old desktops.
The question then is whether or not the OS patching will be sufficient.
Depends if it is Intel based or from a more security-minded vendor.
All Dell and all Intel.
Then an OS patch cannot fix it.
While I understand the problem itself is with the chip, aren't the OS patches being released supposed to alter how memory is handled, which doesn't fix, but rather mitigates the problem (and potentially lowers performance)?
That handles the one issue, not the other.
-
@scottalanmiller said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
@dashrender said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
In addition to OS patches, I assume we ought to be looking for BIOS updates as well, which, with many of our ancient desktops, there will probably be none.
I don't expect any for my 3 year old laptops, let alone my 5-7 year old desktops.
The question then is whether or not the OS patching will be sufficient.
Depends if it is Intel based or from a more security-minded vendor.
All Dell and all Intel.
Then an OS patch cannot fix it.
While I understand the problem itself is with the chip, aren't the OS patches being released supposed to alter how memory is handled, which doesn't fix, but rather mitigates the problem (and potentially lowers performance)?
That handles the one issue, not the other.
The "other" being the chip design flaw itself?
-
@eddiejennings said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
@dashrender said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
In addition to OS patches, I assume we ought to be looking for BIOS updates as well, which, with many of our ancient desktops, there will probably be none.
I don't expect any for my 3 year old laptops, let alone my 5-7 year old desktops.
The question then is whether or not the OS patching will be sufficient.
Depends if it is Intel based or from a more security-minded vendor.
All Dell and all Intel.
Then an OS patch cannot fix it.
While I understand the problem itself is with the chip, aren't the OS patches being released supposed to alter how memory is handled, which doesn't fix, but rather mitigates the problem (and potentially lowers performance)?
That handles the one issue, not the other.
The "other" being the chip design flaw itself?
Right, the flaw is a literal bug and affects Intel. The broader (but less dangerous) issue is that certain types of processor tasks, mixed together, without being addressed by the OS, create a risk in memory.
-
@scottalanmiller said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
@dashrender said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
In addition to OS patches, I assume we ought to be looking for BIOS updates as well, which, with many of our ancient desktops, there will probably be none.
I don't expect any for my 3 year old laptops, let alone my 5-7 year old desktops.
The question then is whether or not the OS patching will be sufficient.
Depends if it is Intel based or from a more security-minded vendor.
All Dell and all Intel.
Then an OS patch cannot fix it.
While I understand the problem itself is with the chip, aren't the OS patches being released supposed to alter how memory is handled, which doesn't fix, but rather mitigates the problem (and potentially lowers performance)?
That handles the one issue, not the other.
The "other" being the chip design flaw itself?
Right, the flaw is a literal bug and affects Intel. The broader (but less dangerous) issue is that certain types of processor tasks, mixed together, without being addressed by the OS, create a risk in memory.
So the true 100% fix is really going to be hardware replacement, unless it can be address by some kind of lower-level flash update of the hardware.
-
@eddiejennings said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
@dashrender said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
In addition to OS patches, I assume we ought to be looking for BIOS updates as well, which, with many of our ancient desktops, there will probably be none.
I don't expect any for my 3 year old laptops, let alone my 5-7 year old desktops.
The question then is whether or not the OS patching will be sufficient.
Depends if it is Intel based or from a more security-minded vendor.
All Dell and all Intel.
Then an OS patch cannot fix it.
While I understand the problem itself is with the chip, aren't the OS patches being released supposed to alter how memory is handled, which doesn't fix, but rather mitigates the problem (and potentially lowers performance)?
That handles the one issue, not the other.
The "other" being the chip design flaw itself?
Right, the flaw is a literal bug and affects Intel. The broader (but less dangerous) issue is that certain types of processor tasks, mixed together, without being addressed by the OS, create a risk in memory.
So the true 100% fix is really going to be hardware replacement, unless it can be address by some kind of lower-level flash update of the hardware.
Intel is providing microcode updates to the hardware.
But no question, we should all be questioning the use of Intel hardware in the future. We've always excused their FakeRAID stuff as a one-off misunderstanding of business customers; but this has shown that the same disregard for their customers and lack of proper thinking is much more broad and not limited to that one division.
-
@eddiejennings said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
@dashrender said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
In addition to OS patches, I assume we ought to be looking for BIOS updates as well, which, with many of our ancient desktops, there will probably be none.
I don't expect any for my 3 year old laptops, let alone my 5-7 year old desktops.
The question then is whether or not the OS patching will be sufficient.
Depends if it is Intel based or from a more security-minded vendor.
All Dell and all Intel.
Then an OS patch cannot fix it.
While I understand the problem itself is with the chip, aren't the OS patches being released supposed to alter how memory is handled, which doesn't fix, but rather mitigates the problem (and potentially lowers performance)?
That handles the one issue, not the other.
The "other" being the chip design flaw itself?
Right, the flaw is a literal bug and affects Intel. The broader (but less dangerous) issue is that certain types of processor tasks, mixed together, without being addressed by the OS, create a risk in memory.
So the true 100% fix is really going to be hardware replacement, unless it can be address by some kind of lower-level flash update of the hardware.
Hardware replacement fixes Meltdown, but not Spectre, as the latter is an issue on almost all systems.
-
@scottalanmiller said in Major Intel CPU vulnerability:
Intel is providing microcode updates to the hardware.
And I imagine the way to get it is from your computer's manufacturer, which for your ancient workstations, there probably won't be an update released.
Right now, I'm trying to see if SuperMicro has any kind of update I can apply to our production servers.
-
@scottalanmiller said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
@dashrender said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
In addition to OS patches, I assume we ought to be looking for BIOS updates as well, which, with many of our ancient desktops, there will probably be none.
I don't expect any for my 3 year old laptops, let alone my 5-7 year old desktops.
The question then is whether or not the OS patching will be sufficient.
Depends if it is Intel based or from a more security-minded vendor.
All Dell and all Intel.
Then an OS patch cannot fix it.
While I understand the problem itself is with the chip, aren't the OS patches being released supposed to alter how memory is handled, which doesn't fix, but rather mitigates the problem (and potentially lowers performance)?
That handles the one issue, not the other.
The "other" being the chip design flaw itself?
Right, the flaw is a literal bug and affects Intel. The broader (but less dangerous) issue is that certain types of processor tasks, mixed together, without being addressed by the OS, create a risk in memory.
So the true 100% fix is really going to be hardware replacement, unless it can be address by some kind of lower-level flash update of the hardware.
Intel is providing microcode updates to the hardware.
But no question, we should all be questioning the use of Intel hardware in the future. We've always excused their FakeRAID stuff as a one-off misunderstanding of business customers; but this has shown that the same disregard for their customers and lack of proper thinking is much more broad and not limited to that one division.
But isn't majority of vendors who sells servers only sell Intel based servers?
-
@black3dynamite said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
@dashrender said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
In addition to OS patches, I assume we ought to be looking for BIOS updates as well, which, with many of our ancient desktops, there will probably be none.
I don't expect any for my 3 year old laptops, let alone my 5-7 year old desktops.
The question then is whether or not the OS patching will be sufficient.
Depends if it is Intel based or from a more security-minded vendor.
All Dell and all Intel.
Then an OS patch cannot fix it.
While I understand the problem itself is with the chip, aren't the OS patches being released supposed to alter how memory is handled, which doesn't fix, but rather mitigates the problem (and potentially lowers performance)?
That handles the one issue, not the other.
The "other" being the chip design flaw itself?
Right, the flaw is a literal bug and affects Intel. The broader (but less dangerous) issue is that certain types of processor tasks, mixed together, without being addressed by the OS, create a risk in memory.
So the true 100% fix is really going to be hardware replacement, unless it can be address by some kind of lower-level flash update of the hardware.
Intel is providing microcode updates to the hardware.
But no question, we should all be questioning the use of Intel hardware in the future. We've always excused their FakeRAID stuff as a one-off misunderstanding of business customers; but this has shown that the same disregard for their customers and lack of proper thinking is much more broad and not limited to that one division.
But isn't majority of vendors who sells servers only sell Intel based servers?
No, in fact one of the biggest sells no Intel at all (IBM) and one of the biggest sells it only as a secondary (Oracle.) In fact, AFAIK, the only large vendor without something other than Intel in their lineup, was Dell and Dell changed their tune like eight months ago when AMD brought out their awesome new line of EPYC processors.
There is always options to go without Intel. Intel was just so heavily focused on being tied to Windows licensing that people just kept using it without looking for anything else.
-
@scottalanmiller said in Major Intel CPU vulnerability:
@black3dynamite said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
@dashrender said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
In addition to OS patches, I assume we ought to be looking for BIOS updates as well, which, with many of our ancient desktops, there will probably be none.
I don't expect any for my 3 year old laptops, let alone my 5-7 year old desktops.
The question then is whether or not the OS patching will be sufficient.
Depends if it is Intel based or from a more security-minded vendor.
All Dell and all Intel.
Then an OS patch cannot fix it.
While I understand the problem itself is with the chip, aren't the OS patches being released supposed to alter how memory is handled, which doesn't fix, but rather mitigates the problem (and potentially lowers performance)?
That handles the one issue, not the other.
The "other" being the chip design flaw itself?
Right, the flaw is a literal bug and affects Intel. The broader (but less dangerous) issue is that certain types of processor tasks, mixed together, without being addressed by the OS, create a risk in memory.
So the true 100% fix is really going to be hardware replacement, unless it can be address by some kind of lower-level flash update of the hardware.
Intel is providing microcode updates to the hardware.
But no question, we should all be questioning the use of Intel hardware in the future. We've always excused their FakeRAID stuff as a one-off misunderstanding of business customers; but this has shown that the same disregard for their customers and lack of proper thinking is much more broad and not limited to that one division.
But isn't majority of vendors who sells servers only sell Intel based servers?
No, in fact one of the biggest sells no Intel at all (IBM) and one of the biggest sells it only as a secondary (Oracle.) In fact, AFAIK, the only large vendor without something other than Intel in their lineup, was Dell and Dell changed their tune like eight months ago when AMD brought out their awesome new line of EPYC processors.
There is always options to go without Intel. Intel was just so heavily focused on being tied to Windows licensing that people just kept using it without looking for anything else.
What about vendors like xByte? They're pretty much a go to vendor for used servers.
-
I wish xByte sold SuperMicro as well.
-
@brianlittlejohn said in Major Intel CPU vulnerability:
I wish xByte sold SuperMicro as well.
I've told them that, too.
-
@black3dynamite said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@black3dynamite said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
@dashrender said in Major Intel CPU vulnerability:
@eddiejennings said in Major Intel CPU vulnerability:
In addition to OS patches, I assume we ought to be looking for BIOS updates as well, which, with many of our ancient desktops, there will probably be none.
I don't expect any for my 3 year old laptops, let alone my 5-7 year old desktops.
The question then is whether or not the OS patching will be sufficient.
Depends if it is Intel based or from a more security-minded vendor.
All Dell and all Intel.
Then an OS patch cannot fix it.
While I understand the problem itself is with the chip, aren't the OS patches being released supposed to alter how memory is handled, which doesn't fix, but rather mitigates the problem (and potentially lowers performance)?
That handles the one issue, not the other.
The "other" being the chip design flaw itself?
Right, the flaw is a literal bug and affects Intel. The broader (but less dangerous) issue is that certain types of processor tasks, mixed together, without being addressed by the OS, create a risk in memory.
So the true 100% fix is really going to be hardware replacement, unless it can be address by some kind of lower-level flash update of the hardware.
Intel is providing microcode updates to the hardware.
But no question, we should all be questioning the use of Intel hardware in the future. We've always excused their FakeRAID stuff as a one-off misunderstanding of business customers; but this has shown that the same disregard for their customers and lack of proper thinking is much more broad and not limited to that one division.
But isn't majority of vendors who sells servers only sell Intel based servers?
No, in fact one of the biggest sells no Intel at all (IBM) and one of the biggest sells it only as a secondary (Oracle.) In fact, AFAIK, the only large vendor without something other than Intel in their lineup, was Dell and Dell changed their tune like eight months ago when AMD brought out their awesome new line of EPYC processors.
There is always options to go without Intel. Intel was just so heavily focused on being tied to Windows licensing that people just kept using it without looking for anything else.
What about vendors like xByte? They're pretty much a go to vendor for used servers.
xByte doesn't sell used servers, only refurb.
-
-
I haven't really looked into it because of how old the server.
But I have very old PowerEdge 2950 server that I use for lab use only and for some reason I have to turn off pti to boot into Linux kernel 4.14.11 on Fedora 27 VM on Hyper-V 2012 R2. It either loop back to the boot screen or only show a cursor after selecting the kernel.
-
-
-
Ars Technica agrees that Intel's CEO knew before he sold.
-
@mlnews said in Major Intel CPU vulnerability:
Ars Technica agrees that Intel's CEO knew before he sold.
As long as his Broker executed this plan without MNPI he's in the clear.
10b5-1 doesn't actually require public disclosure but it does help avoid PR problems like this.As a result of his stock sale, Krzanich received more than $39 million. Intel stock, as of today, is trading at roughly the same price as Krzanich sold stock at, so he did not yield any significant gain from selling before the vulnerability was announced
SEC officials could still see the maneuver as a trade based on insider information—especially if there was no other material reason for Krzanich to sell the stock.
He's following a set pattern on his trades, and no stockholders short of day traders were hurt by this. The SEC really isn't going to bother with this unless there is some sort of smoking gun found in the way of text messages telling his broker "SELL IT ALL NOW BAD SHIT GOING DOWN".
