This story has initiated a lot of guesswork and is likely not as bad as it is being made out to be, however it is a great example of how not to react to a major flaw. Without even delving into the selling of Intel stocks, it is already easy to point out how bad the Spectre and Meltdown flaws have been handled; from the initial Microsoft patches offering possible performance degradation to the Intel microcode patches rebooting machines and the final official recommendation to avoid the patches altogether for now.
As Slashdot linked to today, Intel reached out to their major customers before alerting the general public about the issue. This is a common practice in the industry, to inform vendors, resellers and manufacturing partners about major changes that they will be required to implement to mitigate a patch. However in these days of 'cyberwarfare', there is some cause for concern that foreign companies may have communicated this information knowingly or not, to their respective governments. Intel chose not to inform governments directly about the flaws, something which seems like it really should be done in today's world. It is unlikely anything horrible has happened on a widespread basis because of this flaw and the playing field is now level again; however this remains a great example of how not to deal with the discovery of a major architectural flaw which continues to cause grave security concerns globally.
"According to The Wall Street Journal, Intel initially told a handful of customers about the Meltdown and Spectre vulnerabilities, including Chinese tech companies like Alibaba and Lenovo, before the U.S. government. As a result, the Chinese government could have theoretically exploited the holes to intercept data before patches were available."
Here is some more Tech News from around the web:
- The Coolest Electronic Toys You’ll See At NAMM @ Hack a Day
- FYI: Processor bugs are everywhere – just ask Intel and AMD @ The Register
- Malwarebytes apologies for dodgy update that borked customers PCs @ The Inquirer
- Linux 4.15 kernel goes stable a week after surprise RC9 @ The Inquirer
- New Windows patch disables Intel’s bad Spectre microcode fix @ Ars Technica
- Lenovo's craptastic fingerprint scanner has a hardcoded password @ The Register
- Guru3D Rig of the Month – January 2018
[quote] As a result, the
[quote] As a result, the Chinese government could have theoretically exploited the holes to intercept data before patches were available.[/quote]
As opposed to the other way around? Also Lenovo manufactures PCs, why wouldn’t intel tell them first?
Chances are that the US TLAs
Chances are that the US TLAs already knew about any Meltdown/Spectre type of issues so Intel trying to hide the issue from any government directly is not an issue. I’ll bet that the cloud service providers have their share of government(Any Government) Moles on the inside so U-SAM/Other governments very likely knew anyways.
What Intel/AMD and any other CPU maker needs to do in the future is make sure any future issues with Branch Prediction and Speculative Execution can be fixed with Microcode with there being some form of off switch included in any new hardware so that any CPU features affected by side channel attacks can be fully disabled until a fix is found.
We are all stuck with the current CPU architectural designs that are loosely based on the Modified Harvard CPU architecture. But security researchers need to look to the past at the stack machine architectures and other CPU architectures for maybe a solution to running intermediate language virtual machine based software ecosystems in a safe manner. The Burroughs Stack machine architecture was ready made for running safely and directly on the processor very sparsely parsed high level code that was not compiled all the way down into the type of machine code that is currently in use. So there are currently too few CPU companies in control over too much of the Server/PC CPU/SOC market and when the largest market share holder screws up then too many will suffer.
A good analogy to the CPU world is the biological/DNA world concerning the Irish potato famine where one biological species of potato was favored over the many maybe not as productive alternative potato species. So when the productive potato species was affected by a blight the that single species was in too wide of an adoption with not much in the way of any alternative potato species that was resistant to the blight.
So even though Intel’s processors may have had better IPC performance compared to AMD’s Opteron, or even newer Epyc, designs Intel’s underlying hardware(with the issue/s) implementation of the x86 32/64 bit ISA is different than AMD’s underlying hardware implementation of the x86 32/64 bit ISA. So the cloud services providers/server farms have lost a lot of performance for those related workloads that are most affected by the Intel/Meltdown remediation steps while, currently AMD’s CPUs are not affected by Meltdown, and AMD’s performance is not that affected by Spectre remediation steps performance wise.
The Custom ARMv8A ISA running micro-architectural designs(Apple, Nvidia, Samsung/others) all need to be looked at individually for Meltdown/Spectre vulnerabilities in addition to the ARM Holdings reference design CPU core designs and the Power/MIPS based processors also. Meltdown/Spectre is a good indicator that the designs loosely based on the Modified Harvard that have OOO and speculative execution with speculative pre-fetching and shared caches need to be redesigned to harden against side channel sorts of issues and vulnerabilities.
The entire Server/Cloud services industry better think twice about using too much of one makers implementation of the 32/64 bit x86 ISA, ditto for any ARM/Power/Other ISA based CPU micro-architectural designs also. If I where in charge of any server farm or cloud services I would be looking towards custom ARM, or any other CPUs based on a licensable ISA so there can be many different underlying micro-architectural designs engineered to run whatever ISA can be licensed to as many makers as possible because there is only 2 main x86 licensees and a third smaller licensee that’s not really an IP holder like Intel and AMD are with respect to the x86 32 bit ISA or the x86 64 bit ISA/ISA extensions. Maybe RISC-V will take off and that’s an open ISA with anyone free to implement the underlying hardware to execute the RISC-V ISA.
So watch out for those IP limited ISAs that are only serviced by a limited amount of underlying CPU DNA because when the CPU blight hits that DNA may not be resistant as some of the other ISA running under some other custom CPU DNA. It looks like AMD’s Zen micro architectural design is currently the more resistant to the Meltdown blight, but no CPU design is totally bug free and that Spectre issue will need some hardware fixing on many designs from many makers.
Man Id love to be paid under
Man Id love to be paid under the table by Nvidia and Intel. Could you guys help out on how to start? Im new to the whole “lie to consumers because Im a shill and I think Im smarter than you” business world. Thanks.
I’m also waiting for the
I'm also waiting for the comments to provide me with a quick start guide on that.
I’ve read your site quite a
I’ve read your site quite a while and enjoyed the content but the accusations are quite damning in the video. We are still waiting for the response. Why is it taking so long ?
But the Chinese have
But the Chinese have everything they need for x86 hardware infrastructure.
Zhaoxin are the only domestic company owing the interlocutory practice for all three of the major core technologies, namely, CPU, GPU and chipset. Each of these technologies has a full design by ourselves, with the R&D of all three core technologies being developed and controlled locally. These products have the best performance nationwide technologies. The CPU incomplete with mainstream x86 architecture, is currently the only domestic CPU, completely replace foreign products of the same type.
Zhaoxin launches their highest-performance Chinese x86 chips
source: https://fuse.wikichip.org/news/733/zhaoxin-launches-their-highest-performance-chinese-x86-chips/
And look here. What do you see?
link: https://canada.lenovo.com/sdwww3/ca/en/enterprise-product-group/thinkserver/c/77LS