A Photography forum. PhotoBanter.com

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PhotoBanter.com forum » Digital Photography » Digital Photography
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Your computer will be slllowwwwing dooowwwnnnnnn....



 
 
Thread Tools Display Modes
  #1  
Old January 18th 18, 06:03 PM posted to rec.photo.digital
Mayayana
external usenet poster
 
Posts: 1,514
Default Your computer will be slllowwwwing dooowwwnnnnnn....

"RichA" wrote

| Not to mention every other system and service available.
|

Speak for yourself. AMD here. I wouldn't touch
Intel with a 10-foot anti-static wrist strap.

Not susceptible to
Meltdown and Spectre is not a critical issue, so long
as I don't enable script in the browser while visiting
attack sites. Even then, it's not clear that Spectre
can access any data outside the same process. So
the risk? Apparently using an older version of Firefox
and entering credit card info into one window while
visiting a malware site in another.

It's not enough to be putting your whole system
at risk for. Even if you have an Intel CPU it might
be best to wait awhile before doing anything. There
seem to be a lot of problems with the fixes so far.


  #2  
Old January 18th 18, 07:46 PM posted to rec.photo.digital
nospam
external usenet poster
 
Posts: 24,165
Default Your computer will be slllowwwwing dooowwwnnnnnn....

In article , Mayayana
wrote:


Speak for yourself. AMD here. I wouldn't touch
Intel with a 10-foot anti-static wrist strap.

Not susceptible to
Meltdown and Spectre is not a critical issue, so long
as I don't enable script in the browser while visiting
attack sites.


if only were it that simple.

microsoft just released new patches for (some) amd systems.

maybe you should go tell them they shouldn't have bothered.

https://arstechnica.com/gadgets/2018...-in-quest-to-g
et-meltdown-and-spectre-patched/
The good news: Shortly after its initial release, Microsoft suspended
shipping its Spectre and Meltdown Windows patches to owners of AMD
systems after some users found that it left their systems unbootable.
Microsoft partially lifted the restriction last week, sending the
update to newer AMD systems but still leaving the oldest machines
unpatched.

Even then, it's not clear that Spectre
can access any data outside the same process.


it can. that's the whole point.

a process already can access its own data. otherwise it wouldn't work
particularly well.

So
the risk? Apparently using an older version of Firefox
and entering credit card info into one window while
visiting a malware site in another.


it's quite a bit more than that.
  #3  
Old January 18th 18, 08:08 PM posted to rec.photo.digital
Mayayana
external usenet poster
 
Posts: 1,514
Default Your computer will be slllowwwwing dooowwwnnnnnn....

"nospam" wrote

| Not susceptible to
| Meltdown and Spectre is not a critical issue, so long
| as I don't enable script in the browser while visiting
| attack sites.
|
| if only were it that simple.
|
| https://arstechnica.com/gadgets/2018...-in-quest-to-g
| et-meltdown-and-spectre-patched/


That doesn't say much, except to confirm
that patches are risky. AMD themselves have explained
that they're not vulnerable to meltdown. There's
also this, from a trusted source that Windows
users may be familiar with:

https://www.grc.com/inspectre.htm

So people can test for themselves. Since you don't
bother to find the facts and don't understand them,
anyway, you'd save everyone a lot of confusion if
you'd just wait for Timmy Cook's "gift patch" for
your Mac and let Windows/Linux users, who actually
might have AMD CPUs, worry about their computers.

This isn't a joke for your usual wiseacreing. People are
having their computers fried with funky patches, despite
very low risk in terms of security.


  #4  
Old January 18th 18, 08:47 PM posted to rec.photo.digital
nospam
external usenet poster
 
Posts: 24,165
Default Your computer will be slllowwwwing dooowwwnnnnnn....

In article , Mayayana
wrote:

| Not susceptible to
| Meltdown and Spectre is not a critical issue, so long
| as I don't enable script in the browser while visiting
| attack sites.
|
| if only were it that simple.
|
| https://arstechnica.com/gadgets/2018...-in-quest-to-g
| et-meltdown-and-spectre-patched/

That doesn't say much, except to confirm
that patches are risky.


everything is risky.

AMD themselves have explained
that they're not vulnerable to meltdown.


yet microsoft released a patch for both.

There's
also this, from a trusted source that Windows
users may be familiar with:

https://www.grc.com/inspectre.htm


yep, except that it gets flagged as malware.

So people can test for themselves. Since you don't
bother to find the facts and don't understand them,
anyway, you'd save everyone a lot of confusion if
you'd just wait for Timmy Cook's "gift patch" for
your Mac and let Windows/Linux users, who actually
might have AMD CPUs, worry about their computers.


ad hominem.

you also might want to take your own advice about finding the facts,
since just about everything you say about apple (as well as other
companies) has little to no basis in fact.

This isn't a joke for your usual wiseacreing. People are
having their computers fried with funky patches, despite
very low risk in terms of security.


nothing is perfect.

the alternative, ignoring patches, is worse.
  #5  
Old January 19th 18, 07:01 PM posted to rec.photo.digital
Mayayana
external usenet poster
 
Posts: 1,514
Default Your computer will be slllowwwwing dooowwwnnnnnn....

"RichA" wrote

| I switched to AMD when the 386DX-40 came
| out. But other devices have Intel in them
| besides home computers so you may have
| one and not even know it.

Other devices? You mean like phones? That
wouldn't concern me, but I wonder if it's
an issue. iPhones seem to use a Samsung CPU
that Apple claims to "design". Androids also
don't seem to use Intel. So what are you
talking about? I can't think of anything I have
with a CPU in it other than Windows computers.
My pickup truck? I don't go online with that,
so I'm OK. (Firefox is faster.


  #6  
Old January 19th 18, 07:48 PM posted to rec.photo.digital
nospam
external usenet poster
 
Posts: 24,165
Default Your computer will be slllowwwwing dooowwwnnnnnn....

In article , Mayayana
wrote:


| I switched to AMD when the 386DX-40 came
| out. But other devices have Intel in them
| besides home computers so you may have
| one and not even know it.

Other devices? You mean like phones? That
wouldn't concern me, but I wonder if it's
an issue. iPhones seem to use a Samsung CPU
that Apple claims to "design".


why the quotes? and as usual, completely wrong. maybe you should find
out the facts before you spew.

apple's a-series processors are designed entirely by apple for apple
products, and not just cpus either. apple has over 10,000 employees
designing all sorts of chips.

the actual fabbing is outsourced to tsmc, samsung and others.

some iphones have intel baseband modems, although that would be
unaffected by meltdown/spectre.

and by the way, amd is also fabless, so their 'designs' are also
outsourced.

https://www.engadget.com/2015/12/22/samsung-building-chips-for-amd/
With falling smartphone sales, Samsung has been trying to boost its
chip manufacturing business. AMD, meanwhile, builds CPUs and GPUs for
PCs and both major consoles, but doesn't have a fab business anymore.
According to Korea's Electronic Times, that kind of synergy was too
good to ignore, so Samsung will manufacture CPU and GPU chips for AMD
on its 14-nanometer chip foundry starting in 2016.

Androids also
don't seem to use Intel.


android phones & tablets mostly use qualcomm snapdragon or samsung
exynos, but a few have used intel.

qualcomm is also fabless.

https://www.qualcomm.com/news/releas...m-and-samsung-
collaborate-10nm-process-technology-latest-snapdragon
Qualcomm Incorporated (NASDAQ: QCOM)* today announced that its
subsidiary, Qualcomm Technologies, Inc. (QTI), *and Samsung
Electronics Co., Ltd., have extended their decade-long strategic
foundry collaboration to manufacture Qualcomm Technologies¹ latest
Snapdragon premium processor, Qualcomm® Snapdragon 835, with
Samsung¹s 10-nanometer (nm) FinFET process technology.

So what are you
talking about? I can't think of anything I have
with a CPU in it other than Windows computers.
My pickup truck? I don't go online with that,
so I'm OK. (Firefox is faster.


nases, routers/switches, tablets and many other products.

synology, for example, uses intel processors in some of their nases.

the next truck you buy might have intel inside:
https://www.intel.com/content/www/us...omous-vehicles.
html
Intel® technologies power millions of in-vehicle experiences today,
and nearly all autonomous test vehicles. Are you ready for the ride
of the future?
  #7  
Old January 21st 18, 04:27 PM posted to rec.photo.digital
Mayayana
external usenet poster
 
Posts: 1,514
Default Your computer will be slllowwwwing dooowwwnnnnnn....

"RichA" wrote

| I switched to AMD when the 386DX-40 came out. But other devices have
Intel in them besides home computers so you may have one and not even know
it.
|

You haven't bothered to answer my question, but
I've been trying to keep up on this issue. It turns
out you're right:

https://www.techarp.com/articles/int...arm-cpu-bug-4/

That site even lists known CPUs at risk. With
Apple it's pretty much everything. Android doesn't
seem to be much better.

That adds a whole new wrinkle. For anyone
on a computer, especially using AMD, the actual
risks are very slight: An attacker has to go
through a browser, or similar Internet-connected
software, or be installed. Installed software can
already access data, so the real issue is script
in the browser or malware. Script can be
limited. Malware is already a risk. And browsers
are being updated.

Even if you allow script and get attacked, there's
very little risk. An attack on AMD can only read
random memory from other programs. An attack
on Intel can read all memory, but there still has
to be something worth reading.
So a running password manager with your banking
password might have a longshot chance of giving
up that password.

On the other hand, even if you're reckless enough
to do online banking, what nut would put that
password into a password manager? There is a
tiny chance that your credit card number could
be stolen if you shop with multiple browser windows
open. Don't do that. There's no need.

So the actual risk is very small, and very tiny
for people who pay any attention to security.

But on a phone.... If you shop and store lots
of sensitive data on your phone that risk is more
realistic, mostly because it's so hard to control
access to your phone. Mal-apps have become a
big problem. Non-mal-apps are still often spyware
because they're ad-supported. The system is a
sieve.
On the other hand, if you're giving out your
current location to every Tom, Dick and Harry
app maker now, what info do you have that
you consider sensitive?

Maybe the moral of this story is don't shop
or bank from your phone. In other words, common
sense.

You have to remember context in general. A
"smart" door lock? It might be vulnerable, but
there's nothing there to exploit it. A "smart"
frig? Again, it's running alone. Even if such an
item could be exploited, will Chinese hackers
profit by knowing you're low on mayo? This is
not a takeover bug. It's a data stealing bug.


  #8  
Old January 21st 18, 06:14 PM posted to rec.photo.digital
nospam
external usenet poster
 
Posts: 24,165
Default Your computer will be slllowwwwing dooowwwnnnnnn....

In article , Mayayana
wrote:

| I switched to AMD when the 386DX-40 came out. But other devices have
Intel in them besides home computers so you may have one and not even know
it.

You haven't bothered to answer my question, but
I've been trying to keep up on this issue. It turns
out you're right:

https://www.techarp.com/articles/int...arm-cpu-bug-4/

That site even lists known CPUs at risk. With
Apple it's pretty much everything. Android doesn't
seem to be much better.


it affects just about everything from everyone.

also note that amd initially said it wasn't a problem and then changed
their tune. they're being sued over that bit of misrepresentation, btw.

at least the apple watch is safe.

the real problem is that older devices are unlikely to be patched, a
very big problem for android. most android devices currently in use
will remain vulnerable, making for a *huge* target surface, more so
than it already is.

other devices, such as routers and nases are also at risk, however,
they don't normally run third party apps, so although the flaw exists,
it's unlikely to be used. that is, unless one installs a compromised
app on one.

That adds a whole new wrinkle. For anyone
on a computer, especially using AMD, the actual
risks are very slight: An attacker has to go
through a browser, or similar Internet-connected
software, or be installed. Installed software can
already access data, so the real issue is script
in the browser or malware. Script can be
limited. Malware is already a risk. And browsers
are being updated.


it's more than slight and not just scripting, but yes, everything is
being updated.

except for windows xp, so you're screwed.

Even if you allow script and get attacked, there's
very little risk. An attack on AMD can only read
random memory from other programs. An attack
on Intel can read all memory, but there still has
to be something worth reading.


the problem is there's no way to know what data you're going to get.

it might have passwords or other useful data, or it could be a couple
of frames of a youtube cat video. it might even be one of your usenet
posts.

So a running password manager with your banking
password might have a longshot chance of giving
up that password.

On the other hand, even if you're reckless enough
to do online banking, what nut would put that
password into a password manager? There is a
tiny chance that your credit card number could
be stolen if you shop with multiple browser windows
open. Don't do that. There's no need.


online banking and shopping is not reckless and using a password
manager is a *very* *good* idea, one which makes you *less* at risk.

there's also no need to enter in a credit card number anymore for most
sites (although it often remains an option for the unaware).

as usual, you don't understand how things work.

the actual risk is how secure the merchant's system is, not yours, as
the merchant is a *much* bigger and far more valuable target.

one exploit can net a *lot* of card numbers, as it did with oneplus:

https://www.tomsguide.com/us/oneplus-credit-card-fraud,news-26466.html
OnePlus is investigating complaints from at least 170 customers who
encountered fraudulent charges on their credit accounts shortly after
buying items on the OnePlus website. Earlier today (Jan. 16), OnePlus
said it's temporarily halting credit card payments at its website
while it continues to investigate.

just three days later:
https://forums.oneplus.net/threads/j...e-on-credit-ca
rd-security.752415/
We are deeply sorry to announce that we have indeed been attacked,
and up to 40k users at oneplus.net may be affected by the incident.
We have sent out an email to all possibly affected users.
....
Some users who entered their credit card info on oneplus.net between
mid-November 2017 and January 11, 2018, may be affected.






You have to remember context in general. A
"smart" door lock? It might be vulnerable, but
there's nothing there to exploit it.


other than the contents of your house, you mean.

but there's no need to have a smart lock to be vulnerable. just about
every lock is easily picked in just seconds. including the one on your
front door.

or just break a window and climb in. even the strongest lock won't
prevent that.

A "smart"
frig? Again, it's running alone. Even if such an
item could be exploited, will Chinese hackers
profit by knowing you're low on mayo? This is
not a takeover bug. It's a data stealing bug.


at least one smart fridge has a camera inside it that identifies what
food you have in it and lets you know when you're running low on stuff.

it's a marketer's dream, because now they know what brands you buy
*and* when and how often you open the fridge.

and since the fridge is on your local network, there may be other stuff
it can find out...

of course, this is easily secured, but most people don't bother.
  #9  
Old January 21st 18, 07:08 PM posted to rec.photo.digital
Mayayana
external usenet poster
 
Posts: 1,514
Default Your computer will be slllowwwwing dooowwwnnnnnn....


"nospam" wrote

| the actual risk is how secure the merchant's system is, not yours, as
| the merchant is a *much* bigger and far more valuable target.
|

Nothing to do with the topic at hand. That's
about a hacked website. The thread is about
Meltdown/Spectre.


  #10  
Old January 21st 18, 07:50 PM posted to rec.photo.digital
nospam
external usenet poster
 
Posts: 24,165
Default Your computer will be slllowwwwing dooowwwnnnnnn....

In article , Mayayana
wrote:


| the actual risk is how secure the merchant's system is, not yours, as
| the merchant is a *much* bigger and far more valuable target.
|

Nothing to do with the topic at hand. That's
about a hacked website. The thread is about
Meltdown/Spectre.


*you* brought up credit cards and online shopping.
 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Will a new computer help? Alan Justice 35mm Photo Equipment 69 February 29th 12 03:44 PM
Computer Irby Digital Photography 194 March 19th 07 01:38 PM
Computer?? jd Digital Photography 46 October 23rd 06 10:58 AM
2 Scanners To One Computer Tim Forehand Digital Photography 16 January 10th 05 03:23 PM
Computer maintenance Aerticeus Digital Photography 32 December 8th 04 05:56 PM


All times are GMT +1. The time now is 05:50 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PhotoBanter.com.
The comments are property of their posters.