I've always hated Intel. Here's one more reason:

In article , Alan Browne
wrote:

It's even true when it come to sex, you have to make sure the chandalier is
properly and securly fixed to the ceiling.

particularly when you tie your partner to it.

Just one?

one per chandelier, yes.

unless they're anorexic, then maybe you can get by with two if together
they're under the weight limit.

"RichA" wrote

| Given Apple's benchmarked results to date, the 5-30% (not 20-30)
| speculated slowdown might be exaggerated. They are seeing no measurable
| performance hit (3 3rd party benchmarks) for one flaw's mitigation; and
| a "up to" 2.5% hit in 1 of 3 benchmarks for the other.
|
| No point in taking their word for it yet. It's like how "review sites"
(PAID review sites) of cameras always manage to miss key performance flaws
that the consumers somehow find.
|

Yes. MS are very much in bed with Intel. (The
massive Vista-basic-won't-run-Aero fiasco was a
case where Microsoft screwed both their customers
and the OEMs in order to help Intel dump a lot of
old 915 chipsets that couldn't support Aero.) I assume
Apple also is cozy with Intel. Though one never knows.
They're buying all their screens from Samsung while
the two sue each other back and forth. Is that cozy?
I can't tell. In any case, none of them wants this to
look bad.

Given that the fix involves making kernel calls outside
the process, the slowdown should vary quite a bit
depending on what a program is doing. An editor that's
mainly processing keyboard input will likely be unaffected
for most things. A program that needs to do a lot of
fast writing to disk will slow down because every write
will essentially require calling an external program to
do the job.

So any benchmark that doesn't fully detail the tests
done, and doesn't test a wide range of software, means
nothing. Alan Browne's link provides only vague comments
and seems mostly focused on Safari as concerns Spectre.
While a browser would be an attack venue there's no
reason to think the patch would slow down a browser by
a great deal. That's a bit like testing a leak using
molasses. "Look! Hardly any is coming out!" Mostly
they're just saying, "We're on top of it." I expect
it will be awhile before the whole story is clear.

Either way, I've been seeing this story change
and expand over the past couple of days. Microsoft
supposedly released a patch for Windows, but it's
not clear whether it treats both issues. And some
people with incompatible anti-virus software are
being disabled with bluescreens because the AV
sees the patch as an attack.

If it were me I'd wait awhile before patching Win7.
(Assuming they release a Win7 patch.) Unfortunately,
for most people with Win10 there's little choice or
information about patches. Windows users who also
use AV software might do well to check into
compatibility at the AV website. They may need an
AV patch before the Windows patch.

"Alan Browne" wrote

| No point in taking their word for it yet. It's like how "review sites"
(PAID review sites) of cameras always manage to miss key performance flaws
that the consumers somehow find.
|
| And yet I take Apple's word for it more than your sky-is-falling
| horse**** any day. I have my share of complaints about Apple but when
| they post such things they are usually accurate.
|

I didn't see anything about the sky falling. He just
said there's no reason to swallow anything hook, line
and sinker before you're sure it's not horse****. Why
just take Apple's word, or anyone else's?

In article , Mayayana
wrote:

I assume
Apple also is cozy with Intel.

very much so, and apple even gets some intel cpus ahead of the rest of
the industry.

however, apple is slowly migrating away from intel cpus and cuddling up
with intel's baseband modems instead because qualcomm are a bunch of
slimeballs.

Though one never knows.
They're buying all their screens from Samsung while
the two sue each other back and forth. Is that cozy?
I can't tell. In any case, none of them wants this to
look bad.

they're different divisions of samsung.

sony makes sensors for nikon but they also compete with nikon with
their own cameras, with (almost) the same sensors.

In article , Mayayana
wrote:


| No point in taking their word for it yet. It's like how "review sites"
(PAID review sites) of cameras always manage to miss key performance flaws
that the consumers somehow find.
|
| And yet I take Apple's word for it more than your sky-is-falling
| horse**** any day. I have my share of complaints about Apple but when
| they post such things they are usually accurate.
|

I didn't see anything about the sky falling. He just
said there's no reason to swallow anything hook, line
and sinker before you're sure it's not horse****. Why
just take Apple's word, or anyone else's?

because journalists invariably get things wrong, often *very* wrong.

apple, microsoft, google, etc. *don't* get things wrong since it's
their own product they're discussing, and they're also legally bound to
*not* make false statements.

In article , Mayayana
wrote:

Their price gouging alone is enough reason to
avoid them. I haven't had an Intel CPU since
1999 when I bought a 300 MHz Celeron.

It does turn out, though, that AMDs are slightly
susceptible to one bug. Latest detail are at The
Register today.

and very susceptible to 13 others, ones which are significantly worse.

it looks like you should have stuck with intel, or you could join the
future with arm. don't worry, it's not too late to switch.

https://www.securityweek.com/researc...curity-flaws-a
md-chips
Israeli-based security firm CTS Labs published its research showing
"multiple critical security vulnerabilities and exploitable
manufacturer backdoors" in AMD chips.

CTS itemized 13 flaws, saying they "have the potential to put
organizations at significantly increased risk of cyberattacks."
....
"These vulnerabilities could expose AMD customers to industrial
espionage that is virtually undetectable by most security solutions,"
the researchers said.

CTS said AMD's Ryzen chipset, which AMD outsourced to a Taiwanese
chip manufacturer, ASMedia, "is currently being shipped with
exploitable manufacturer backdoors inside."
....
Analysts at the security firm enSilo said the AMD flaws could be
worse than those affecting Intel chips.

"The impact of these vulnerabilities is more severe than
Meltdown/Spectre as it allows an attacker to execute highly
privileged code and persist on the victim machine," enSilo said in
a blog post.

Additionally, some of the flaws may be nearly impossible to patch.


https://amdflaws.com
Attackers could use RYZENFALL to bypass Windows Credential Guard,
steal network credentials, and then potentially spread through even
highly secure Windows corporate networks.
....
An attacker could leverage these vulnerabilities to bypass BIOS
flashing protections that are implemented in SMM.
....
Malware running on the chipset could leverage the latter¹s Direct
Memory Access (DMA) engine to attack the operating system. This kind
of attack has been demonstrated.
....
Physical damage and bricking of hardware. Could be used by attackers
in hardware-based "ransomware" scenarios.

"nospam" wrote

| https://www.securityweek.com/researc...curity-flaws-a
| md-chips
| Israeli-based security firm CTS Labs published its research showing
| "multiple critical security vulnerabilities and exploitable
| manufacturer backdoors" in AMD chips.
|

The regular AppleSeed misinformation. For anyone
who actually wants to follow this story, rather than
simply find excuses to support Apple, I'd advise first
reading this Wired article:

https://www.wired.com/story/amd-back...labs-backlash/

Then wait for the dust to clear. The researchers are
an Israeli company that gave AMD only one day warning
before calling the media, then didn't actually explain
the alleged attacks. They're also suspected of benefitting
from an AMD stock drop.

So maybe it's a real issue. Maybe not. The only certain
thing is that right now it's only buzz.

In article , Mayayana
wrote:


| https://www.securityweek.com/researc...curity-flaws-a
| md-chips
| Israeli-based security firm CTS Labs published its research showing
| "multiple critical security vulnerabilities and exploitable
| manufacturer backdoors" in AMD chips.

The regular AppleSeed misinformation.

usually you wait until the end for the ad hominem attacks.

For anyone
who actually wants to follow this story, rather than
simply find excuses to support Apple,

*nothing* in what i linked even mentions apple.

if you disagree with *anything* that cts labs or any other security
researcher has stated about this, then cite a credible reference.

otherwise, you look even more of a lunatic than you already do.

I'd advise first
reading this Wired article:

https://www.wired.com/story/amd-back...labs-backlash/

such as this paragraph:

In Chimera, the last of the four attacks, the researchers say they
exploited not a mere bug, but a backdoor. CTS says it discovered that
AMD uses a chipset sold by the Taiwanese firm ASMedia to handle the
operation of peripheral devices. The researchers say they had earlier
found that ASMedia's chipset had a function that allowed someone with
access to a computer to run their own code on that peripheral
chipset, seemingly as a debugging mechanism left in by the
developers. That debugging backdoor had apparently been left in not
only in ASMedia's products, but in AMD's too. As a result, a hacker
with administrative privileges on a machine could plant malware in
those obscure peripheral chips, potentially using them to read the
computer's memory or network data. And since the backdoor is built
into the chip's hardware design, it may be impossible to fix with a
mere software patch.

Then wait for the dust to clear. The researchers are
an Israeli company that gave AMD only one day warning
before calling the media, then didn't actually explain
the alleged attacks. They're also suspected of benefitting
from an AMD stock drop.

that just means they want to profit from it.

So maybe it's a real issue. Maybe not. The only certain
thing is that right now it's only buzz.

oh, it's way more than a buzz.

even if it's half as serious as the hype suggests, it's still huge.

if you think it's only a buzz then you're in serious denial.

"RichA" wrote


I wonder what, if any penalty is accrued from making up a story about a
product in order to generate a profit from it?


Interesting question. But this is also Israel.
As I understand it, anything that furthers Zionism
is legal there and anything that impedes it is illegal.
(Which I wouldn't mind *quite so much* if they
weren't footing the bill with my tax dollars.)


The Razen has been out for some time, I wonder if anyone using it has
been...exploited because of reasons the company stated? There should be
some reports on it.


Linus Torvalds went on a long rant about it:

https://www.theinquirer.net/inquirer...-torvalds-fake

The gist of his point was that one needs admin
access to the BIOS in order to exploit the claimed
bug. In other words, someone discovered that if
you give your house keys to another person then its
possible they could enter and access "data".

Nospam was just indulging his contrariness and
Apple mania. There's certainly no story there now.
There probably won't be one.

In article ,
RichA wrote:

Then wait for the dust to clear. The researchers are
an Israeli company that gave AMD only one day warning
before calling the media, then didn't actually explain
the alleged attacks. They're also suspected of benefitting
from an AMD stock drop.

that just means they want to profit from it.

I wonder what, if any penalty is accrued from making up a story about a
product in order to generate a profit from it? It's not insider trading,
it's more like "condition created trading." The Razen has been out for some
time, I wonder if anyone using it has been...exploited because of reasons
the company stated? There should be some reports on it.

they didn't make up a story. the problem is very real, confirmed by
independent researchers, and now that it's public, expect the bad guys
to start exploiting it.