Linus Torvalds Says Intel Needs To Admit It Has Issues With CPUs

troublemaker_23 shares an article from ITWire: Linux creator Linus Torvalds has had some harsh words for Intel in the course of a discussion about patches for two bugs that were found to affect most of the company's processors... Torvalds was clearly unimpressed by Intel's bid to play down the crisis through its media statements, saying: "I think somebody inside of Intel needs to really take a long hard look at their CPUs, and actually admit that they have issues instead of writing PR blurbs that say that everything works as designed... Or is Intel basically saying 'we are committed to selling you shit forever and ever, and never fixing anything'?" he asked. "Because if that's the case, maybe we should start looking towards the ARM64 people more."
Elsewhere Linus told ZDNet that "there's no one number" for the performance drop users will experience after patches. "It will depend on your hardware and on your load. I think 5 percent for a load with a noticeable kernel component (e.g. a database) is roughly in the right ballpark. But if you do micro-benchmarks that really try to stress it, you might see double-digit performance degradation. A number of loads will spend almost all their time in user space, and not see much of an impact at all."

Red Hat screws up their implementaition of the fix

[whoever57]

Won't boot with a Xen hypervisor (eg. Amazon AWS)

Re:Zhaoxin

[iggymanz]

does it have speculative execution? if so, is it also vulnerable in similar way? Intel doesn't have monopoly, they have competitors in mobile, desktop and server spaces.

Re:Zhaoxin

We clearly don't trust Intel ... why would we trust Chinese CPUs??

That'll show 'em

[fahrbot-bot]

Or is Intel basically saying 'we are committed to selling you shit forever and ever, and never fixing anything'?" he asked. "Because if that's the case, maybe we should start looking towards the ARM64 people more."

Not sure how much Intel really cares about threats from the free Linux community - vs Microsoft, etc... To quote Rick Sanchez, "What -- What's this supposed to accomplish? We have infinite grand-kids. You're trying to use Disney bucks at a Caesar's Palace here."

Re:That'll show 'em

[dcollins117]

Not sure how much Intel really cares about threats from the free Linux community - vs Microsoft, etc...

Do they care about selling CPUs? Do they care about the competition who clearly has the advantage now? If they do they better get their shit together and stop pissing off the IT guys that will make or break them.

Re: That'll show 'em

[fahrbot-bot]

This was said over and over on slashdot: not everyone has your use-case.

Ya, I get that. But I'll note that I'm a system programmer and system administrator and have administered Windows, Unix and Linux on just about everything from PCs to Crays over my 30+ years, so I have a lot of varied use-cases under my belt. I have Intel and AMD systems at home running a mix of Windows, Linux, BSD and vSphere - with a mix on that.

linux dominates the server market. it's installed on all the world's supercomputers. if these have a 5% performance hit because of the intel meltdown bug, you bet your ass it's a big deal (as in very expensive). also all enterprises run linux on servers to a degree.

Sure and many of those system use Intel processors. Sure, they could switch to other architectures or they could just add 5% more Intel CPUs. Perhaps Intel could cut the price by an appropriate amount to compensate.

Re:That'll show 'em

[viperidaenz]

Threats from who?
[Intel] was the largest corporate sponsor of new contributions to the Linux computer operating system, according to a report Wednesday morning from the Linux Foundation

Intel is a big part of that community.

They were the top corporate contributor in 2015 and 2016. Before that they were second to Redhat. Before that they were third to Redhat and Novell.

Re:That'll show 'em

[Tough+Love]

Or is Intel basically saying 'we are committed to selling you shit forever and ever, and never fixing anything'?" he asked. "Because if that's the case, maybe we should start looking towards the ARM64 people more."

Not sure how much Intel really cares about threats from the free Linux community - vs Microsoft, etc...

Out of touch much? Intel now derives a large and expanding portion of its revenue from Linux servers, versus the shrinking Wintel market. Intel cares every much about its image in the Linux community, it is very easy to drive devs away to ARM and AMD. Intel has done a respectable job of keeping that brain drain under control and anything else would just be suicidal.

Re:That'll show 'em

[jwhyche]

What advantage are you talking about and what competitor? Do you mean AMD? I'm sure you do and yes you would be correct they have a slight advantage now but the funny thing is I don't see them running to exploit it. An advantage is nothing if you don't exploit it and that is just what I'm seeing AMD not do.

Re:That'll show 'em

[jwhyche]

Out of touch much? Intel now derives a large and expanding portion of its revenue from Linux servers, versus the shrinking Wintel market

From what I've been seeing over the last 10 years this observation matches what I've been seeing. Not just with intel but with server sales from Dell and IBM too.

Back in 2008 I priced out 150 dell 2950 for a datacenter. The price automatically included a windows license for each server. It it took me 2 weeks to pound it through some thick skulls that we didn't want or going to pay the microsoft tax.

I priced out a few dozen Dell servers a few years back. When I ordered them with Linux on them nobody batted a eye. It would come pre-installed for me. I, of course, thanked them for this service but informed them that I would be re-imaging them my self.

Re:That'll show 'em

[Aighearach]

If you think "IT guys" have power over purchasing decisions, just because they're given a department budget, you should be advised that in the past when those decisions were more difficult management would just ask a consultant what to buy, buy it, and foist it onto IT.

Trying to strut around like IT guys have that power would only get the power taken away; if the people you presume to be on your side actually were, that is. Most "IT guys" that choose hardware already know which brands the executives prefer, and they're not going to order a different type of machine for their own personal reasons.

Re:That'll show 'em

[Aighearach]

They've probably run the numbers and realized that they could spend $10m running in circles and easily sell an extra $2m in product from the effort.

What benefits them is that many companies with data centers will do a fresh analysis of what technologies they're using. That benefits AMD. But pushing money at hyping it might actually hurt them. The advantage is a win for them in cases that were already a close call, cases where they barely lost a big sale. Those customers have detailed, numbers-based decision-making processes, it isn't something you just throw PR at. And it isn't somewhere where their efforts would be visible to you.

Re: That'll show 'em

[Aighearach]

Supercomputers are a tiny market. It is more about bragging rights than units sold. It doesn't really matter.

In most use cases a 5% CPU performance reduction only results in 1% increased CPU electrical consumption. CPUs are not generally the bottleneck, and it is cheap to over-provision CPUs. Getting one part of the computer to run fast is easy, the harder part is IO bandwidth to actually do some useful task with it. Generally, computing is IO constrained.

Very few "enterprises" run on servers that have heavily-loaded CPUs; they tend to provision that stuff pretty well.

Re:That'll show 'em

[Aighearach]

That's not really a well-written article. It conflates patches with "sponsorship." But in the context of a non-profit like the Linux Foundation, "sponsorship" might imply giving them money to run their foundation.

Also keep in mind, linux has been a largely finished operating system for over a decade. It doesn't have a pressing need for code donations. The reason that Intel increased their number of patches is because they were developing processors intended to compete with ARM for the Android market, so they were writing lots of code for linux to support their own products. That isn't exactly "sponsorship" as much as, their own necessary R&D. And their push failed, they've mostly abandoned it, so expect the next few years to see RedHat back at the top, since they're the ones doing most of the bug fixes.

Re:That'll show 'em

[Aighearach]

Dude, linux is Free Software, that means you don't have to care what the neckbeards say when you use it. The people choosing to use linux servers are not the ones writing the linux kernel, or the ones evangelizing it. When an executive decides to save a bunch of money on their datacenter hardware by using linux as their OS, they do not phone up Saint Ignucius to ask if they're doing it right, and they certainly don't check to see if Linus has any relevant rants.

If Linus' rants were that influential, linux would have high quality print dialogs by now! Or, by a decade ago!

Re:That'll show 'em

[Tough+Love]

Dude, linux is Free Software, that means you don't have to care what the neckbeards say when you use it.

"You", if you are Intel, or pretty much any supplier to the big cloud industry, do care about what "neckbeards" as you call us (I have no beard) because we write the code that allows your future products to differentiate, otherwise if your kernel support doesn't keep up with your competitors who do play well with the community then they will each your lunch.

...evangelizing it...

We don't evangelize any more because we already won, a fact you seem to be having difficult grasping.

they do not phone up Saint Ignucius to ask if they're doing it right, and they certainly don't check to see if Linus has any relevant rants

You're wrong, they do. They send money with it, and they are nice and polite, it's their job.

If Linus' rants were that influential, linux would have high quality print dialogs by now! Or, by a decade ago!

Ha ha! Will you be here all night?

Re:That'll show 'em

[Aighearach]

No, actually, companies involved with the "big cloud industry" (LOL) generally hire engineers, not neckbeards.

It is funny that you want to imply you are part of some in crowd, and I must not be.

You've been here a couple weeks, but you might not actually be all that much more important than everybody else. ;) Using first person doesn't improve your argument, or make you sound knowlege-y.

they do not phone up Saint Ignucius to ask if they're doing it right, and they certainly don't check to see if Linus has any relevant rants

You're wrong, they do. They send money with it, and they are nice and polite, it's their job.

LOL don't forget to wipe your chin, your neckbeard isn't going to soak all that up!

Re:That'll show 'em

[viperidaenz]

Intel does a crap load of commits for networking in Linux as well. If Linux didn't work with the latest network cards, it wouldn't be very popular. If it couldn't use new hardware, like crypto acceleration, it wouldn't be used for web servers.

Sponsorship in this context means the developers writing the code are getting paid to do so by a company. If you take out all other sponsored commits, Intel contributes nearly as much as every non-sponsored developer in the world.

Like it or not, Linux is majority built by a handful of large companies - Intel, Samsung, IBM, Oracle, Red Hat, Google...

Re:That'll show 'em

[stoatwblr]

" It it took me 2 weeks to pound it through some thick skulls that we didn't want or going to pay the microsoft tax."

Historically, the windows tax was only about $30-50 on a Dell or other system.

More recently with Win10 that's bumped up to more like $140 - which means that a lot more people are sitting up and taking notice. As a result Windows "sales by default" are falling away rapidly in enterprise environments.

Re:That'll show 'em

[stoatwblr]

""You", if you are Intel, or pretty much any supplier ... do care about what "neckbeards" ... because we write the code that allows your future products to differentiate"

This is a point that a lot of chinese embedded Linux sellers and developers miss.

Huawei HiSilicon, I'm looking at you! - Kirin SDKs are opensource, but a lot of other embedded chipset SDKs are not - eg HI35xx DVR/NVR/camera chipsets, mostly using shitty code supplied by XiongMai.

I'm talking about completely unpackable linux distros containing locally modified busybox, initrd, mtd and netfilters, but also containing stripped, obfuscated monolithic packages clearly containing GPL code acting as a webserver and DVR.

The uc-httpd package from Xiongmai is the single largest vulnerability in networked DVRs and they haven't bothered fixing the traversal or "remote hacker can get root shell" holes 2 years after Mirai should have provided a wakeup call.

At some point the Linux dev community is going to have to take a collective stand against this IP piracy, because it's getting worse, not better.

At least Intel have 'fessed up and fixes are incoming. There are millions of embedded linux systems with gaping holes that will never be fixed because the suppliers refuse to release their sources.

Re:That'll show 'em

[Tough+Love]

Agree that only an idiot would waste time an effort on embedded hardware with proprietary toolchain, given the virtual certainty that nasties are going to happen to it sooner or later. Just walk away, there are so many alternatives. Select one that isn't so obviously going to screw your business model.

BTW, there is a cottage industry of open source guys that chase down and punish the slimeballs who can't be bothered to uphold the minimal responsibilities they have, in order to benefit from the hard work of devs on free software. Never lose a case. Not to worry about that.

Re:That'll show 'em

[stoatwblr]

"There is a cottage industry of open source guys that chase down and punish the slimeballs"

There isn't. The copyright trolling activities have been curtailed and Harald Welte, etc never made a career out of it. They only ever settled for covering costs and getting things opened up.

The problem is that in order to be effective a case will need to be brought in China and the hypernationalism that's pervading the politics means that "plucky Chinese company vs big bad foreigner" will result in chinese courts ruling against the plaintiff every time.

Blocking exports to EU/USA/Australasia may not achieve much, as

1: these companies make 90% of their sales inside China.
2: The devices are imported to the EU/US/Australiasia under a huge range of names and by a lot of resellers, making blcoking them difficult.

Apparently there's a chinese saying which more or less translates as "If you can cheat and get away with it, then cheat" - which may explain a lot about the chinese way of doing business at times.

Re:That'll show 'em

[Tough+Love]

No need to got to China to shut down a copyright-violating perp, the FTC would be more than sufficient and it is not a particularly high bar.

Note that the person you refer to as a copyright troll is actually Patric McHardy, a major and respected contributor to Netfilter, now virtually ubiquitous in internet-connected web devices. He certainly has standing to sue a copyright violator. The statement issued by kernel developers in no way "curtails" GPL enforcement, it only reassures users that if they have violated the GPL (perhaps unknowingly, but usually not) that they can easily cure the violation by complying promptly, and not fear legal action. The flip side of that assurance is, it also clarifies exactly the conditions under which copyright violators can be judged to have failed to cure the violation, and by that measure leaves the field even more open to GPL enforcers, because the cases are now easier to prove.

Re:That'll show 'em

[stoatwblr]

As I don't live in the USA, the FTC is not a path open to me.

HOWEVER, should someone with standing to file a complaint wish to do so, feel free.

I'll call it copyright trolling when the person concerned has reportedly collected in excess of €2 million, by going back to companies which were violating, have taken steps to remedy this, yet are asked to pay increasing sums of money to avoid court action - especially when the actual results of court action in Germany have been limited to preventing distribution of a product and reimbursement of legal + research costs.

This is why Mr McHardy has annoyed a lot of people and had his code excised from Netfilter.

Re:Zhaoxin

No thanks. We don't need any rice cookers with direct line to Xi Jinping.

Re:Look to arm64

[Gaygirlie]

His point is more likely the fact that ARM didn't do any sort of PR-bullshit and instead produced a very, very in-depth whitepaper, example-code and whatnot on the whole thing. Their behaviour here is pretty much everything one would hope for in a case like this.

Re:Zhaoxin

[ShanghaiBill]

80-90% of x86 CPUs.

80-90% is not a monopoly. If you don't like Intel, there are reasonable alternatives that will run 100% of your current software.

Re:Zhaoxin

[ShanghaiBill]

We clearly don't trust Intel ... why would we trust Chinese CPUs??

Who is more likely to put in a backdoor for the NSA? Intel or China?

Re:Transmeta is perfection!

[greenwow]

Wrong, he works for the Linux Foundation, and has since IIRC 2013.

I actually do think the issue is minor

[BlueCoder]

The kernel memory read issue was 90% a design decision to improve performance. I would argue that it should actually be an option in the BIOS. The fact the AMD didn't do this with zen to match Intel is what is really interesting. Intel did a little cheat to improve performance but AMD didn't and chose caution.

To me it's not a clear cut case if you brought a class action into court. The engineers cheated a bit but didn't think it would turn into such a security hole. I can just imagine the closing arguments... point is computers are complicated and not necessarily a guaranteed thing except that they can compute.

Re: I actually do think the issue is minor

[drinkypoo]

AMD got lucky with their design decisions, if it was a conscious decision they'd have exposed Intel's flaw themselves.

You're acting like it's possible to make a decision of this magnitude unconsciously. AMD consciously chose to do things the correct way, whether or not they knew what Intel was doing. That they didn't expose Intel's flaw suggests that they in fact did not know that Intel was playing fast and loose there. I'd argue that if they did know what Intel was doing and chose not to do the same, that would be even more laudable, but I am perfectly happy that they chose to do things correctly no matter the reason. It means that most of my systems are secure. I only have one arm64 system, and it's not doing any heavy lifting tasks so it's not likely to see any significant performance impact. I long ago retired all my intel-processor systems, and both my primary and secondary desktops have AMD CPUs. My hobby systems have in-order Motorola processors, and one of them even has a MMU. I don't connect the other one to the internet, although it does have Ethernet. My lady, on the other hand, has got a laptop with an i7, so may face some perceptible performance impact.

Re: I actually do think the issue is minor

[Pinky's+Brain]

Older AMD processors still leaked information between protection domains through the BTB, was that a conscious decision? BTBs have been leaking information into scripting language sandboxes for everyone, they were conscious of that and didn't bother telling anyone nor provide a way to fix it?

I'm sure a lot of people have been sitting on these exploits for a long long time, but I hope AMD designers were not among them. I'd rather have them be blind to it than massive assholes.

Re: I actually do think the issue is minor

[drinkypoo]

I'm sure a lot of people have been sitting on these exploits for a long long time, but I hope AMD designers were not among them. I'd rather have them be blind to it than massive assholes.

Like I said, I share the belief that their failure to share the information probably means that they in fact did not know. Why wouldn't they have shared this information with us, when they come out looking like geniuses, or at least responsible?

Re:I actually do think the issue is minor

the Intel bug does not look like an intentional design decision to me, more like an oversight. the performance win speculating over security domain page boundaries can not be that large, I would guess it should be 1% loss.
IMHO someone just did not really think all the details and consequences of this boundary case thru, ...

Re:I actually do think the issue is minor

[Mal-2]

It doesn't matter if Intel intended to open up a security hole or not. The tort system in the U.S. is one of strict liability. If something goes wrong with your product, and you didn't explicitly say NOT to do that, then you're on the hook. It doesn't matter what your intentions were, only the result.

Re:I actually do think the issue is minor

[Tough+Love]

Your subject line is idiotic. There is nothing minor about millions of computers having authentication secrets exposed.

Re:I actually do think the issue is minor

[Aighearach]

You can't really "bring a class action into court" in the first place. You have to bring a regular action, and then you request that the Judge make it into a class action for you. You can't just file a class action.

Ultimately, this only allows malware that the user accidentally gave permission to, to do stuff on the CPU, stuff that is actually up to the OS. You're going to have a hard time even showing you were harmed by Intel in that series of events.

The only case that appears like it would be strong would be to claim that Intel harmed you by promising faster speeds than they delivered, but it wasn't due to any gross incompetence. At worst routine incompetence, and the result is only a minor difference in speed. They might get in trouble for not reducing their speed claims after they knew about the problem, so maybe customers from a six month window would get a coupon as Intel's punishment. The lawyers would be most of the cost.

The security holes seem to be entirely the fault of the operating system, which is who is responsible for deciding what code is allowed to run. And even then, none of the malware is likely to come from the OS vendor; the user isn't at fault, but it is the criminals that wrote and delivered the malware who are primarily at fault for any damage done to the user.

Re:I actually do think the issue is minor

[Aighearach]

lol, no.

Also, you left out an important disclaimer: You are not a lawyer! lolololol

If something "goes wrong" with "your product," you're rarely responsible for anything other than the cost of the faulty product. But it would have to be totally faulty. If it blows up because of a manufacturing defect, there is liability. If a criminal misuses it and hurts you with it, there is generally not any liability for the manufacturer.

The tort system in the US is based on the English Common Law system, and it has nothing to do with products. It has to do with harm (torts) that were committed to you. It isn't enough to claim something was "wrong" with a product, and point a finger. You have to show you were harmed, and you have to show it was somebody's fault. "My game ran 5% slower, waaaaaaa" is not going to be seen to be a harm that was caused by anybody.

If you have 1000 computers with Intel processors, and you claim they've harmed you because your computer was 5% slower, you've got a really weak claim because if they had known about the problem, your computers would have simply been 5% slower sooner. So you weren't harmed by 5% of the price, or anything like that. I mean, probably they will blame the OS vendor, who will blame the user for not knowing about bugs or not reading the EULA which talks about bugs and liability. ;) And nevermind that the sale terms of the CPU probably prevent your claim. Just showing the harm caused by Intel is hard to do, and the attempt likely to be weak.

Re:I actually do think the issue is minor

[Aighearach]

The exploit uses way more CPU than the system normally does. It fully loads the system down, in order to get enough state to make predictions. You have to first install the malware to your system, then let your system chew itself at 100%, and not notice, and then go ahead and authenticate using that system while it is obviously malfunctioning.

It is dangerous, but it is highly unlikely for millions of computers to have had authentication secrets exposed. And it is not something you can just hide quietly. It is not anything as dangerous as a USB keylogger, for example.

Re:I actually do think the issue is minor

[Tough+Love]

The exploit uses way more CPU than the system normally does. It fully loads the system down, in order to get enough state to make predictions. You have to first install the malware to your system, then let your system chew itself at 100%, and not notice, and then go ahead and authenticate using that system while it is obviously malfunctioning.

It is dangerous, but it is highly unlikely for millions of computers to have had authentication secrets exposed. And it is not something you can just hide quietly. It is not anything as dangerous as a USB keylogger, for example.

You're living in an alternate reality where security by obscurity and such like protects your ass. Good thing nobody listens to you!

Real users do not have any clue that it might be something bad when their system fans start running for now reason. After all they run windows right? It's just more of that experience. And getting normal user space code to run on clueless Windows user's systems, of which there are billions, is so easy it's not worth remarking on. Your cluelessness is, however, is worth remarking on.

Re:I actually do think the issue is minor

[Aighearach]

You're living in an alternate reality where security by obscurity and such like protects your ass.

I'm throwing down the gauntlet and challenging you to show where I said anything positive about "security by obscurity." I'm serious! You claim to know what that means, but I didn't even talk about it, and you're pretty confused about what I said. So attempt to find the part you're talking about, so that I can explain what the words mean.

Re:I actually do think the issue is minor

[Tough+Love]

You're hoping this exploit won't work because the user will notice the cpu load. Same category as security by obscurity.

You're an idiot. (Needs to be said of anybody who downplays a real threat.)

Re:I actually do think the issue is minor

[Mal-2]

I am not a lawyer. However, I was an insurance agent responsible for the accounts of two large (in excess of $250 million a year) medical products manufacturers -- one was test equipment, and the other was pharmaceuticals. All it takes is "use of this product doubles your chances of acquiring condition X in the next ten years, never mind that your risk went from one in 100,000 to one in 50,000" to be successfully sued. The vast majority of people using the product are not harmed, and it is impossible to determine which people who get Condition X would have gotten it anyhow, and which would not have. Yet every single person using the product has standing to join in a class action lawsuit, and this is why such companies carry tens of millions of dollars in liability insurance -- because it is not possible to predict every single possible result of the use of their products, yet they are responsible for those results just the same.

"Your risk of being pwned by malicious actors has increased tenfold" is very much in the same sort of speculative realm as "use Celebrex, double your chances of Condition X", and such cases are pursued succesfully all the time. It's generally much more successful for the lawyers than for the class being represented of course, but that doesn't make it any less expensive for the manufacturer that is on the hook.

Re:I actually do think the issue is minor

[Aighearach]

Specific liability factors related to medical equipment in no way supports the hand-wavy bullshit you claimed above though. Yes, medical devices have a lot of liability. No, the tort system in the US is not some sort of "strict liability" system where if something "goes wrong" you lose unless you had a disclaimer. All the disclaimers even do is shift burdens of proof around, and let me translate that for you: disclaimers only make the lawsuit cost more for the other side. It doesn't change who wins, unless somebody runs out of money. You're not "on the hook" for anything, unless. The details are the whole story. A story that nobody teaches to insurance agents, because it isn't part of the job. If you knew about the details, it would be for reasons totally unrelated to having had a shit job once in your life.

Re:Linus love attention more than money

[JaredOfEuropa]

I don't think he craves attention; I think he's just a guy who speaks his mind, sometimes a little bit too much. With that said, I don't see why we need to publish so many of his brain dumps; there are many people with a way more valuable opinion on the subject, from a technical, legal or business perspective.

the many forks of speculation

[epine]

So you decide to speculate a future instruction.

It happens to be a load.

The address is [ebp+eax]. A recent instruction had the same address field, so you speculate that it remained the same.

Now you need to translate the address. The translate might be in the TLB, but you check, and for some reason it isn't.

So you decide to speculatively trigger TLB load.

Finally, you get a physical address back. A previous write instruction is not yet translated, but it seems unlikely it will translate to the same address, so you decide to speculate the load and you make a cache line request from L1.

It might be in L1, but it isn't. So you decide to speculate again, and request it from L2. Not in L3, either, so finally you speculate the load all the way to external memory. When the cache line returns, you speculatively cache this at all levels. Then you speculatively store the value into the target register. The final step was the least dangerous, because you can dump this later, no harm to the abstract state. But the concrete side effects on the TLB and the three layers of cache are not so easily reversed. In theory, the concrete state doesn't leak into the abstract state. Because we simply don't like to think about time (time, above all things, being never simple; hint: functional programming has no time, only progress).

Not all speculative architectures are created equal. There are many opportunities for an architecture to Just Say No.

With cache coherence, you have the MESI protocol (and its bewildering shoe full of second cousins).

One could apply the same concept of "exclusive" to the page tables, an exclusively mapped page being one mapped only onto into the current process and security context. If TLB speculation hits a different kind of beast, abandon speculation. Same thing with cache fill. Concrete side effects thereby only accrue from speculation to exclusive resources. Share-nothing usually solves most problems in computer science (except performance, which is mainly defined in the time domain).

I'm gong to abandon the back of my envelope here, One has to think really damn hard to take this to the next logical level, and frankly, I don't have a damn to spare right this very minute.

But please, advance the conversation beyond:

[_] has speculation
[_] does not have speculation

Because that is Intel's diabolical trap, for as long as their PR department can continue to get away with tugging their wool in broad daylight.

Re:Zhaoxin

[fustakrakich]

Just bring back the Alpha chip. Whoops! Intel owns it. That sucks! Once again our technology is crippled by patents and copyrights. We could have a vastly superior chip right now. Oh well...

Re:Zhaoxin

Intel of course!
Zhaoxin will more likely do the same for Ministry of State Security or another spy agency in China.

They're both likely to have a backdoor for their own state.

Re:Zhaoxin

[belg4mit]

It's not a pure monopoly, but it has a lot of monopoly power. Monopoly is not a binary state, as most lay pedants assume.

Don't like Linus; Agree with Linus; CEO s/b fired.

[CraigCruden]

ARM (and AMD) may be susceptible to the lesser of the two [evil] exploits... but the impact for that second one is considerably less than Meltdown (which is specific to Intel only). ARM has been very open and detailed with regards to the impact -- and gives every indication it is taking the issue seriously.

Intel on the other hand issued a totally bizarre PR spin. Trying to spin it as works as designed (which might be the case, but the design was flawed), trying to distract the public by using 'Look over there...' deflection technique. Then indicating that the earliest architectural change will be later this year (which by the way coincides with the beginning of the next generation release). Processors for one generation of chips tends to be phased in over a two year period - does this mean that they plan to continue selling defective CPUs for the next 2 and a half years?

On top of that the news that the [probably legal] sale share (after the news of the defect, but before it was made public) -- is at least optically horrible. An ethical CEO would have delayed the planned share sale until after the defect was public - and accepted the risk of holding onto the shares during that time. Not to mention selling 889,700 shares and keeping only the absolute minimum to remain CEO ... 250,000 all at one time.... is also optically bad. I understand the need to diversify your investments, but he should only be selling at most 25% of his shares on an annual basis.

This all put together indicates to me that the current CEO should be fired.

Hey Linus.

How's that Transmeta business going?

Not about zero defects...

[CraigCruden]

Most CPU defects can be patched. This one cannot.

The lack of acceptance of responsibility, the attempt to deflect responsibility; the lack of transparency on when/how the defect will be fixed. That is why Linus was right to tear a strip off of Intel.

Re:Not about zero defects...

[fahrbot-bot]

Most CPU defects can be patched. This one cannot.

According to Intel anyway who, if they did patch it, would own the responsibility for any more problems and/or bricked CPUs resulting from that. Since it affects almost every CPU they've made in the last 20 years, better for them to punt with "fixed in the next release".

Re:Don't like Linus; Agree with Linus; CEO s/b fir

[JoeyRox]

I agree Intel's spin is ridiculous, including trying to claim AMD's CPUs are just as vulnerable. But in typical, Linus hissy-fit fashion he pivots to tangential claims, like how Intel will "sell shit forever" and "never fix anything".

Re:Zhaoxin

[Hal_Porter]

Chinese companies just put in backdoors for the Chinese government, organised crime, your Chinese competitors and so on.

https://thehackernews.com/2015...

http://www.zdnet.com/article/f...

http://www.securityweek.com/ap...

http://www.businessinsider.com...

https://tvnewswatch.blogspot.c...

Re:Zhaoxin

[Hal_Porter]

The patents on the original MIPS architecture have run out by now. And MIPS was both very similar to Alpha and very elegant.

Re: Linus love attention more than money

well, the right thing for intel to do IS to recall all CPUs for users that request it. also to NOT downplay the huuuge security issue that they have caused, in their race for corner-cutting. maybe to publish some test results for the patches, maybe open some specs that might help the devs in better patching this issue in software, maybe even dump some cash for the devs. These are just from the top of my head, but you get the picture. The whole fiasco was very badly handled by Intel.

BS - It is serious.

[CraigCruden]

BS. There are already proof of concepts that can be run and are in the hands of a select few for testing purposes. We have no idea if these exploits have been used - only that we have no visibility on it. The only real visibility we have is when a whitehat reports it, or when someone is caught. While personal computers are less impacted, the fact that the browsers will all also have to be patched since it can also be exploited through javascript... problematic.

The issue is that through using the exploits you can have access to things like passwords used in kernel code, certificates, etc. -- and that can get this through pilfering the cache -- which breaks the isolation between user applications and the operating system.... While already bad on a personal computer, it is horribly bad for shared hosting environments -- where some actor can get access to a common computing environment and attack from the inside.

Re:BS - It is serious.

[swillden]

No known exploits in the wild yet.

How many unknown exploits in the wild?

Oh, right, we don't know. If we did, they wouldn't be unknown.

Re:BS - It is serious.

[GerryGilmore]

"The issue is that through using the exploits you can have access to things like passwords used in kernel code, certificates, etc." I'm gonna throw the BS Flag here. First, on Linux anyway, things like authentication and certificates are handled by other apps, some of which may access syscalls of course, but to repeat - as SO many do - that passwords are part of kernel code is nonsense. Please do not regurgitate BS! Also, keep fucking malware off of your system and you won't be at risk!!!

Re:BS - It is serious.

[Tough+Love]

on Linux anyway, things like authentication and certificates are handled by other apps, some of which may access syscalls of course, but to repeat - as SO many do - that passwords are part of kernel code is nonsense.

You are the one who does not understand. Every bit of memory on your computer goes through the kernel. As witness that far more clueful people than you regard these issues as deadly serious.

Re:BS - It is serious.

[HiThere]

Excuse me, but if there were an exploit in the wild, what evidence would you expect to see?
Do you have any valid reason not to assume that the exploits are currently being exploited?
    . . . .
If the exploits weren't going to be exploited this month, would that make them less serious? Why or why not?

Re:Zhaoxin

[davecb]

Actually, 83% is often used as a cutoff in both the US and Canada, derived from (US) judge Learned Hand's opinion that a market share of ninety percent 'is enough to constitute a monopoly; it is doubtful whether sixty . . . percent would be enough; and certainly thirty-three percent is not.' [ United States v. Aluminum Co. of Am., 148 F.2d 416, 424 (2d Cir. 1945)]

No issue with Intel and design.

[CraigCruden]

And to be quite honest, that was not how I read Linus thing... Linus can be a wrap the contents of a valid issue in a bit of what some have termed a 'Hissy fit'/'tantrum'. The issue that he seems to have is not that there is a defect, not that it has to be patched in the kernel -- but that Intel's PR is on overdrive and gives no indication of taking responsibility... and not being open and transparent with regards to fixing it and timeline for those actions.

It is not the design / defect that I have lost respect for Intel, nor the technical competence of it's employees... My issue resides with the C-level's response to this defect that I have tot take issue with - and that is how I really read the email. ARM is not defect free, but the difference is that their response to it has been much more professional and transparent.

Being a software developer by trade, I am all to familiar that nothing is defect free... and defects are a part of the process.... the response and how these defects are handled is where you win or lose respect (assuming you are not totally incompetent and the software is not unusable).

Re:No issue with Intel and design.

[complete+loony]

The other angle he's griping about, is that these patches are being pushed with no off switch. So when do we return to normal? What about other CPU's that might not be vulnerable? Do we always slow down AMD too?

Re:No issue with Intel and design.

[HiThere]

Yes, Meltdown is the result of a mistake in design. But it wasn't (or doesn't appear to have been) a *known* mistake in design. These cross-channel timing attacks are a new mode of attack. An, IIUC, essentially all CPUs that do speculative execution may be vulnerable. (I.e., Spectre.) There aren't *yet* any proven executions of the Spectre attack that break confinement, but I think everyone expects that's just a matter of time.

My take on this whole matter is that hyperthreading is probably a mistake. We should have gone for smaller, simpler, CPUs packed more tightly on the die to eliminate crosstalk, and make the CPUs easier to reason about. I understand reasons why this wasn't done, but I still think those were a false economy. (OTOH, this would mean each CPU would need a larger cache, because communication with main RAM would have been slower.)

Re:No issue with Intel and design.

[HiThere]

Many people who know much more than I about this attack say this is a new form of attack. I can accept that timing attacks are well known, but there is something about this particular form of timing attack that was not expected by anyone that I believe to have had detailed knowledge. And those without detailed knowledge aren't in a position to have expected it, which certainly includes me. It's not just a timing attack, though that's clearly a necessary component.

How would you know; when you know - it's too late

[CraigCruden]

The exploit is basically gathering information that could be used to completely invalidate security. Therefore by the time you know you have been compromised the vector that made the that possible would no longer need to be present.

Basically, by the time the world would have visibility - it would already be far too late (and it may be the case). We see the results, but not the attack vector... The odds of a whitehat finding any exploit first -- is probably much less than 50%.

Re:Transmeta is perfection!

[Waffle+Iron]

It's too bad Asshole Torvalds isn't still employed by CPU maker Transmeta, so Linus can't tell his loyal following of Linux idiots to boycott Intel crap and buy Transmeta perfection instead. Transmeta CPUs were the bestest ever and that's why Transmeta went out of business, right.

The idea behind the Transmeta architecture may not have panned out, but I'm guessing that it had one redeeming feature compared to the current CPUs on the market: If their CPUs did have this problem, they probably could have fixed them with a firmware update.

Re:Don't like Linus; Agree with Linus; CEO s/b fir

> But in typical, Linus hissy-fit fashion he pivots to tangential claims, like how Intel will "sell shit forever" and "never fix anything".

Dude, you and I are seeing this NOW.

But some folks have been aware of that fact since some time, and no solution came up -- because this one is hard... hardware. The bubble just popped because Google decided enough is enough (not to mention this affects their business directly).

And what about the designers? What were they thinking? Don't they know about space separation? My guess is that is became hard to adhere to Moore's law curve and they had to cut some corners.

Linus is referring to the fact that such problems have not been not addressed nor fixed since years ago. He has worked with processors, he knows what he's saying -- he's not just a software guy.

I'd never use such colorful language as his, but this time it is totally justified -- not just because it's a serious problem, but because it seems Intel is totally blasé about it.

Re:Linus love attention more than money

[swillden]

He has found/created a small pond

The world's most widely-used operating system kernel is hardly a "small pond".

off-topic quickie

[epine]

I got to thinking about Google's clever Retpoline from the other day.
Google Says CPU Patches Cause 'Negligible Impact On Performance' With New 'Retpoline' Technique

The problem is, this is not invariant under peephole optimization. These instruction sequences need to be handled by the compiler through a very literal minded end-game code generation pass.

Which got me to thinking about RETGUARD gadgets.

RETGUARD, the OpenBSD next level in exploit mitigation, is about to debut
Retguard: OpenBSD/Clang

I know, both of those sites are horrible, but Google fails me here.

Are speculative gadgets a problem here? If so, Google's clever patch is going to need a sump pump bolted on the side.

And then you get into the whole problem of deterministic compilation in order to be certain that the executable you build contains the necessary mitigations (or some tricky post-compile analysis I sure don't wish to develop myself).

What a giant mess.

Re:off-topic quickie

[swillden]

Are speculative gadgets a problem here? If so, Google's clever patch is going to need a sump pump bolted on the side.

Sure, speculative gadgets are a problem... which is why the Retpoline solution has to be applied to every binary in the system. And it has to be implemented in the code generation back-end. The back-end has to scan for potential gadgets and retpoline them.

And then you get into the whole problem of deterministic compilation [wikipedia.org] in order to be certain that the executable you build contains the necessary mitigations (or some tricky post-compile analysis I sure don't wish to develop myself).

That's an easy problem for Google and, I expect, other big cloud systems. Google builds everything itself, including compilers. If you're big enough and have the engineering resources, that makes sense for lots of other reasons anyway.

For everyone else, it's a problem, but it's an existing problem -- how do you trust any binary? And if someone is going to compromise your binary inserting such gadgets would be a bad way to do it because you could scan for them.

ARM has a lot less to lose

[AcidPenguin9873]

While ARM CPUs are relatively ubiquitous in smartphones and tablets, those devices aren't nearly as high-value of a target as servers, where Intel CPUs dominate (well over 90% of the market).

Linus is in a unique position - he is an engineer, almost 100% focused on technical solutions, yet he is also a public facing figure and is able to make public comments. He also (to the best of my knowledge) doesn't have to worry about customers, profits, shareholders, etc., things that a for-profit, publicly-traded company does. Most of the time, the engineers aren't the ones making public comments. I haven't heard from any Intel engineers yet, only their PR department, but I would guess the Intel engineers are just as interested in fixing this as he is, but we aren't hearing about it.

Re:ARM has a lot less to lose

[phantomfive]

Linus is in a unique position - he is an engineer, almost 100% focused on technical solutions, yet he is also a public facing figure and is able to make public comments. He also (to the best of my knowledge) doesn't have to worry about customers, profits, shareholders, etc., things that a for-profit, publicly-traded company does

You've succinctly explained why Intel is in the troubles they are.

Re:Zhaoxin

[DontBeAMoran]

Most likely to put backdoors into PLA are ColorFabb, Faberdashery or Proto-Pasta. But you'll have to download a 3D model of a backdoor first.

Re:Linus is Einstein Jr.

[DontBeAMoran]

FPGA, Linus, FPGA!

Re:If you can modify the kernel to fix the problem

[Zaiff+Urgulbunger]

They probably do think that. But I'm hoping that AMD will seize upon the opportunity to post real world comparative figures, with the newly patched kernels. Presumably, for certainly workloads, AMD silicon will utterly spank Intel for performance.

Re:Zhaoxin

[ChunderDownunder]

I have to ask... What's the state of play with the recently acquired Imagination now that Apple have stopped licensing their GPU and everyone else switched to Mali long ago?

I would have thought that Canyon Bridge might release a cheap MIPS board as a raspberry pi competitor.

Re:How would you know; when you know - it's too la

[swillden]

The odds of a whitehat finding any exploit first -- is probably much less than 50%.

What is your rationale for this claim?

Re:Well yes

[ChunderDownunder]

nvidia make their own ARM SoC; just sayin'.

Re: Zhaoxin

Interesting, thanks. In return, I offer: the Herfindahl Index. A numerical indicator of how monopolistic an industry is, used in guidance by lawmakers in several jurisdictions.

Re:Red Hat screws up their implementaition of the

[bill_mcgonigle]

CentOS's kernel-plus 7.4 boots fine under Xen 4.9 running with Fedora 27, all with the latest patches.

RHAT doesn't give a damn about Xen. Maybe they didn't break it intentionally on 7.4 but they didn't test it either. 'Cause nobody like Amazon uses Xen, right?

But buy their KVM product, it's much less prone to [their] breakage. Hah. Debian isn't hostile to Xen, nor is Arch.

Economics

[CraigCruden]

Ask anyone involved - even whitehats - and you are likely to be told that the demand and renumeration for exploits on the open market is higher than it is for submitting it and expecting a bounty. You have state sponsors (some that are closer to mafia states) such as North Korea and Russia financing the finding of exploits. Your own government is also accumulating exploits - but the only time you see them used is when they are leaked - they are not typically submitted to companies - since they want to use them. You have major multinational criminal organizations that make significant amounts of their income through high tech attacks -- which can net billions in a single attack - making the cost of acquiring exploits a rounding error. You have thriving dark web marketplaces for selling these exploits. This industry dwarfs the whitehat industry considerably. Basically, there is more investment on monetizing exploits than there is discovering these exploits for ethical purposes.

Re:Economics

[swillden]

Ask anyone involved - even whitehats - and you are likely to be told that the demand and renumeration for exploits on the open market is higher than it is for submitting it and expecting a bounty.

I work with a lot of such people, and their response is that remuneration on the dark side is iffy and dangerous, and there's the constant threat of getting caught and prosecuted. Their opinion is that -- excluding spook operations -- the black hat side is small and relatively untalented.

I guess maybe it depends how you classify the government-funded stuff. Personally, I don't consider it either white or black, but somewhere in between. And I don't think it attracts the best, though perhaps quantity counts as much as quality. There was a time when the NSA attracted the best, but that was before Snowden.

Re:Zhaoxin

[Hal_Porter]

MIPS was bought by Imagination Technologies who also own PowerVR (and, oddly enough Pure, a wonderfully geeky DAB radio company)

https://en.wikipedia.org/wiki/...

MIPS/Imagination is heading resolutely for embedded platforms and probably the plughole.

Still the original MIPS architecture is probably patent free. And Loongson make MIPS compatible chips. Unlicensed as far as I know. Not that there is much to licence in the original MIPS architecture

https://en.wikipedia.org/wiki/...

So it's possible for third parties to build MIPS compatible chips. Not MIPS32/MIPS64 but the original 64 bit MIPS III architecture.

https://en.wikipedia.org/wiki/...

Hell skip the patented bits and make them NOPs. Lexra got in trouble not for implementing them but for making them illegal instructions. MIPS's lawyers argued successfully that a system integrator could write an illegal instruction trap handler that implemented the missing instructions in software, in perhaps the most amazing abuse of the patent system ever.

https://en.wikipedia.org/wiki/...

In 1999 MIPS Technologies sued Lexra again, but this time for infringing its patents on unaligned loads and stores. Though Lexra's processor designs did not implement unaligned loads and stores, it was possible to emulate the functionality of unaligned loads and stores through a long series of other instructions. In the opinion of Lexra, the ability to emulate the function of unaligned loads and stores in software predated the grant of the patent in question and could not be viewed as an infringement of the hardware patent by any reasonable interpretation. Also, much earlier than any MIPS Technologies processor, IBM mainframes supported unaligned memory operations. In these earlier IBM processors, unaligned memory operations and partial access to registers were available through microcode and the instruction set architecture. These aspects of earlier IBM processors posed the much greater threat of patent invalidation to MIPS Technologies, compared to the seemingly vacuous MIPS Technologies infringement claim against Lexra.

http://probell.com/Lexra/

If a Lexra processor encountered an unaligned load or store instruction in a program then it did the same thing that it would do for any other invalid opcode, it took a reserved instruction exception. In the second lawsuit between MIPS Technologies and Lexra, filed November 1999, MIPS Technologies claimed that because exception handler software could be written to emulate the function of unaligned load and store hardware, using many other instructions, Lexra's processors infringed the patent. Upon learning of this broad interpretation of the patent, Lexra requested that the US Patent and Trademark office (USPTO) reexamine whether the patent was novel when granted. Almost every microprocessor ever designed can emulate the functionality of unaligned loads and stores in software. MIPS Technologies did not invent that. By any reasonable interpretation of the MIPS Technologies' patent, Lexra did not infringe. In mid-2001 Lexra received a preliminary ruling from the USPTO that key claims in the unaligned load and store patent were invalid because of prior art in an IBM CISC patent. However, MIPS Technologies appealed the USPTO ruling and, in the mean time, won a favorably broad interpretation of the language of the patent from a judge. That forced Lexra into a settlement that included dropping the reexamination request before MIPS Technologies might have lost its appeal.

It was never determined that processors that execute the MIPS-I instruction set, but treat unaligned loads and stores as reserved instructions, infringed the '976 patent. The patent exp

Linus is reasonable angry at Intel's response

[CraigCruden]

I am not aware of Linus hating Intel, he definitely hates the way Intel has tried to BS / Spin / deflect blame / avoid responsibility. If you appreciate companies that spend more time on BS / Spin / deflecting blame and avoiding responsibility rather than being transparent about their own failures and how THEY plan to address it... then Intel is the company for you (under this CEO anyways - we will see if he lasts).

ARM has been transparent, detailed and transparent about their failings (the lesser of the defects) and deserves respect for that.

Re:Red Hat screws up their implementaition of the

[whoever57]

I think that the bad kernel package has been withdrawn.

FDIV redeux

[mrflash818]

The severity of the FDIV bug is debated. Intel, producer of the affected chip, claims that the common user would experience it once every 27,000 years while IBM, manufacturer of a chip competing with Intel's Pentium, claims that the common user would experience it once every 24 days.[citation needed] Though rarely encountered by most users (Byte magazine estimated that 1 in 9 billion floating point divides with random parameters would produce inaccurate results),[3] both the flaw and Intel's initial handling of the matter were heavily criticized by the tech community.

In December 1994, Intel recalled the defective processors. In January 1995, Intel announced "a pre-tax charge of $475 million against earnings, ostensibly the total cost associated with replacement of the flawed processors."[1]

https://en.wikipedia.org/wiki/...

professional, detailed and transparent

[CraigCruden]

oops, transparent was duplicated

Linux is transparent and open

[CraigCruden]

The Linux kernel development is transparent - you can go see every issue that is logged and needs to be fixed. next.

Linus being a drama queen again

[JustNiz]

His quote: "Or is Intel basically saying 'we are committed to selling you shit forever and ever, and never fixing anything'?"

I think the record until now clearly shows that Intel's CPU products have actually been generally pretty good and that they actually do release fixes for their fuckups.

Let's put this into perspective: its a security hole not a major functional failure. People are having to get amazingly creative in finding new ways to break into anything. Basically anything even slightly complex has potential exploit risks, including Arm64 CPUs.

Linus needs to get real and give Intel a chance to do their thing.

Re:Linus being a drama queen again

[HiThere]

I read that as "Is Intel going to be having this same design flaw in the next chip design released?". A valid question, and only rhetorical because nobody expects Intel to give an answer.

Re:Linus being a drama queen again

[JustNiz]

Assuming your definition of "Fix" is to offer a free replacement of every device they've sold in the past 10 years just because of some obscure security vulnerability that may let you see a small part of scrambled kernel memory... yeah I can see why.

Re:Why is this just Intel's issue? Its not

No, Linus doesn't hate Intel. He hates dishonest people. And yeah, every article talks about "it" affecting AMD because the people writing them doesn't have a clue, and take Intel's words at face value.

And it's not "some of this". AMD is "affected" by spectre, if you can find a way to exploit it. The researchers couldn't. Meltdown is the real, immediate problem and that one is very, very much an Intel problem, despite what Intel would want you to believe.

Re:Says the guy with the facebook logo...

[CraigCruden]

Oh, it is even later than that - since that is the photo I setup facebook with almost a decade ago. It is the same photo until I die... though I don't feel threatened at all... since there are always two guards at the gate to protect me :o

Re: kinda naive

[Brockmire]

Intel chip designer that can't even use capital letters properly? Checks out.

Ryzen my friends

[Tough+Love]

Meanwhile, enjoying my Ryzen, largely unaffected by Meltdown or Spectre in spite of some well meaning or self-serving FUD to the the contrary. Yes, I got an early part with the segfault bug, but AMD RMAed without fuss when presented with appropriate https://github.com/suaefar/ryz...>test data to eliminate the possibility of bad motherboard, memory or overclocking. Quite different attitude compared to Intel! And the Ryzen is sweet - 16 high performing CPU threads, tiny power consumption at idle and respectable under full load. Integer performance, iow, compiling is stellar and floating point is not shabby. Basically, Ryzen out-cores Intel's competing i7 parts by a wide margin, acquits itself well in single-core too and draws so little power that the CPU fan is off or barely turning for most normal desktop usage. And when all 16 threads are going full blast, iow doing real work, total system power is around 120 watts, the system still runs nearly silent. Can't say enough good things about it.

If you do step up to Ryzen, be aware of two things: 1) Check the production week stamped on the CPU, it has the form 17xx where xx is the week... make sure this is higher than week 25, otherwise run kill-ryzen.sh to verify the segfault bug and get an RMA promptly from AMD's only support site, if you see it. Windows users need to boot Linux to do this, get a live iso on a usb stick to do this in maximum comfort, and preferably, just overwrite Windows when done :-) Most of that early production is sold out already, so the chance of getting a bad part is slim, but be aware. Windows users for the most part don't seem to see any issue even with the early parts. Good for them, but it goes along with significantly lower performance without the upgrade to LInux :-) 2) Be aware that Ryzen has no on-board GPU, in spite of the fact that your Ryzen motherboard has video connectors... these are for AMD's APUs, which use the same socket. Respectable chips in their own right especially in terms of value for money, but when you run Ryzen you need to run a discrete GPU too. This is what you want anyway, because what is the point of crippling your high end desktop processor with a mickey mouse embedded GPU? To be specific: AMD's fattest APU has eight compute units (512 stream processors) vs 64 in the current Vega part, plus uses processor memory instead of higher bandwidth dedicated graphics memory.

Of course, what I really want is a threadripper... that's next.

Re: Ryzen my friends

[Tough+Love]

Agree about the power consumption, that is why I am holding out for the 12nm refresh. Then, there are rumors about 32 core threadrippers, that would hold me for quite some time I think. Also, starting to see 10 Gig ethernet on the threadripper motherboards, that is something to lust after.

Re: Ryzen my friends

[Tough+Love]

Hmm, just thinking about that... build two threadripper boxes with 10 gigE and link them with a crossover cable for a highly respectable cluster 32 core that costs less than $3k.

Re: Zhaoxin

[Jesus+H+Rolle]

Judge Learned Hand

He won the name game.

Re:Zhaoxin

[Tough+Love]

It's not a pure monopoly, but it has a lot of monopoly power. Monopoly is not a binary state, as most lay pedants assume.

There is no such legal concept as "pure monopoly". There is only anti-competitive behavior as defined in America by the Sherman, Clayton and FTC acts which includes such concepts as market power. There is endless confusion about this simple fact: a monopolist need not control 100% of a market to violate anti-trust laws. Usually much less than that, less than 50% is not at all uncommon. What matters is breaking the law or not.

Re:Red Hat screws up their implementaition of the

[Ritz_Just_Ritz]

Redhat's support is very selective these days. There is a clear imperative to more quickly support products that they can wrap a support contract around like RHEL. I understand that since they've got Wall Street to please, salaries to pay, etc., but it would not be a lot of extra effort to also support the free products in their ecosystem at a similar cadence. As a result, I have been weaning applications off Redhat products. The availability of support is great, but the vast majority of my applications don't require it so I've been leaning more towards the Debian ecosystem where my particular nits have been more quickly addressed and I don't feel like I'm going to be held hostage to ponying up for a support subscription to get a critical bug fix in a timely manner.

Re:Zhaoxin

[Ritz_Just_Ritz]

Perhaps. However if you're buying hardware from a company like HP they might not support a non-intel choice for the particular servers you want/need. Try getting one of their commodity DL360/380 servers with a non-Xeon part.

Personally, I welcome the addition of competition in the server market. Epyc looks like it will be a boon to folks who need more threads and more memory and who don't want to pay the huge Intel premiums for their highest core counts.

Re:Zhaoxin

[Tough+Love]

Actually, 83% is often used as a cutoff in both the US and Canada, derived from (US) judge Learned Hand's opinion...

Hand's opinion is certainly not the last word on the subject. From the horse's mouth: "Somebody has 40 percent of the market but everybody else has one percent each."); id. at 52 (Sidak) ("Would we infer that there is not a problem because the market share is only 40 percent and that is way below Judge Hand's ALCOA threshold or would we look at a price increase or loss of competitor market share and say that is a more direct set of facts that elucidates what the price elasticity of demand is?"

Re:Zhaoxin

[Tough+Love]

Just bring back the Alpha chip. Whoops! Intel owns it.

Not so, it came back as Ryzen.

Re:Linus love attention more than money

[sfcat]

And, to be honest, the larger world has no idea who the guy is nor to they pay any attention to what he has to say no matter how much attention he seeks. He has found/created a small pond, and careens around like a shark in a goldfish bowl. That's not particularly bad or at all unique, but certainly no one at Intel gives a crap what he thinks, and to expect any different shows a lack of perspective.

Guess what? Nobody give a shit what you think either. As the software he writes and manages runs most of the devices on the planet and is the world's most widely used OS, some of us actually care what he thinks. You, not so much...

Re:Linus is Einstein Jr.

[Tough+Love]

This is not about Republicans versus Democrats, it is now about saving democracy.

Re:Linus love attention more than money

[sound+vision]

The problem is that Linus doesn't quite have the maverick cachet that Gates, Jobs, or Musk do. Torvalds has equal or better technical chops but he divorced himself from "the rat race" for lack of a better term. Jobs was the rock star, filling stadiums with screaming fans. Torvalds is the street performer who plays a little better but didn't care enough about gratuitous adulation or "being #1" to make it to the stadium.

Some people see this and call him irrelevant. They feel that he shouldn't be allowed an opinion, or that it should be worth less, because he's not on the Forbes list. Thankfully, they take a more objective, impersonal assessment when it comes time to choose which OS to run on their servers.
...Most of them anyway. I guess there's a few swayed by MS or Apple salesmen.

Re:Don't like Linus; Agree with Linus; CEO s/b fir

[Tough+Love]

what about the designers? What were they thinking? Don't they know about space separation?

You seem less than clear on the details. There is nothing wrong with Intel's privilege separation, however nobody anticipated that timing attacks could be so effective, even the researchers. It came down to luck more than anything: AMD, by luck more than anything, implemented algorithms that avoid the worst of it, but bad luck for Intel. Hard to fault the Intel engineers, but one can certainly fault the managers for a less than forthcoming response.

Re:If you can modify the kernel to fix the problem

[Tough+Love]

They probably do think that.

No they don't, they have plenty of competent kernel engineers on staff. Some PHB thinks that.

where are the patches?

[Espectr0]

Intel has said they are working together with oem partners blah blah but i have yet to see their microcode patches posted on their website. I build my own machine, i can't contact Lenovo (who haven't even acknowledged most of their products are vulnerable)

Re:where are the patches?

[110010001000]

You believed their lies. There is no microcode fix. The processor is flawed and needs to be replaced.

Re:where are the patches?

[Espectr0]

i believed Microsoft's lies then. They are telling people that Intel needs to release a microcode/firmware fix.

https://twitter.com/espectr0/s...

Re:where are the patches?

[HiThere]

IIUC, there actually *is* a possible microcode fix...but the cost would be greater time delays than the software patch causes. Basically, with the current chip design you would need to disable speculative execution at all times.

The software patch is actually better, even though not good.

Re:Zhaoxin

[microbox]

Backdoor for domestic police state? That would be China. At least the USA has structural separation between businesses (like Intel), and the government. And is a country of laws.

CPU cannot be patched

[CraigCruden]

In this case the CPU cannot be patched. This defect is permanent, it can never be fixed in the current processors. When new processors come out (assuming the next gen uses the same socket -- a crap shoot) you could replace the CPU. The fix is for the OSes to basically compensate and work around the defects - which may have moderate to severe performance penalties depending on CPU and what you are doing. What Intel is saying is actually a lie, they are helping the OS or "bios" vendors basically duct tape over the defect and hide it. Intel has indicated the earliest you will see "patched" CPUs is the end of the year - which depending on the CPU - could be end of the year or end of the follow year if they follow any type of release cycle (likely to be next gen CPUs only). So updating your motherboard to the latest firmware and installing the latest version of the OS is all that you can do for now.

Re:CPU cannot be patched

[Espectr0]

so microsoft is lying? they are telling everyone that their january update is just the OS part and that intel needs to supply a microcode/firmware for the complete meltdown fix

Re:CPU cannot be patched

[iggymanz]

Microsoft are just covering themselves for liability by cliaiming that; if sued they would say it's Intel's fault.

The microcode / firmware fix will be a new processor

Re:kinda naive

[PlusFiveTroll]

>you heard me. he may be a great programmer, but he doesn't know DICK about how hard it is to make a CPU

Did you forget that Linus worked at Transmeta?

Re:Zhaoxin

[mikael]

Russian CPU's?

https://thenextweb.com/insider...

""Ruselectronics also said that the chip contains features that “guarantees its users a high level of information security,” although it’s not immediately obvious what these are.""

Re:kinda naive

[viperidaenz]

Arm A15, A57, A72 and A75 are all impacted by this as well.

Re:Don't like Linus; Agree with Linus; CEO s/b fir

It seems you're not clear on the details, actually.

Literally any logical person can see that Intel's suck-it-and-see approach is terrible. AMD's (and everyone else's) engineers specifically addressed the issue by using the correct logic. That's not luck. That's called doing it right.

Logical order of operations:
1) Begin speculative execution
2) Encounter ring-0 request
3) Check for ring-0 permission
4) Only allow speculative operation to be processed if permission is allowed
Literally everyone but Intel does it this way because they're smarter than Intel.

Intel's janky-ass order of operations:
1) Begin speculative execution
2) Encounter ring-0 request
3) Allow request to be processed, no matter what
4) When resolving branching, check if requester has ring-0 access and invalidate the results if not
The trouble comes with: 3.5) Unprivileged requester inspects artifacts (registers, cache values, etc.) of processing prior to speculative branch resolution.

The blame for this lays at the feet of Intel's engineers as much as anyone else. Granted, it's possible they found this a while ago and wanted to fix it, but were thwarted by management. Everybody knows that management sucks in every company, and they probably were the most recent roadblock to progress here. But this design got to production in the first place, and that's the engineers' fault.

Re: Zhaoxin

> DL380

Yes, you cannot order a DL 380 with an aMD chip. You will have to settle for an HP DL 385 instead. Almost like it has a different part number as a result of having a different CPU, motherboard, Virtualization model, and instruction set support.

Re:Two big questions

[CraigCruden]

1 If the patch is in software, in the OS, can't malicious code (e.g. after privilege escalation exploit) undo any OS patch and then go wild on other people's memory? Basically yes, but you have to have another OS based exploit to piggyback on -- but in reality the privilege escalation by itself would probably be sufficient in itself - so the chip level one would more or less be overkill. 2 Does this also bypass Intel SGX isolation? I don't think you would say bypass, but it would likely impact the security of SGX as well -- since your leaking kernel data into user spaces.

everything computes

[bingoUV]

The air in your room is constantly computing, the electrons in all matter
on earth are constantly computing.

The point with processors like Intel's is that it is easier to control
the computation with standard, widely available methods (software). This bug inhibits this control. Which was their only point to begin with, as compared to "computation" devices like air.

Re:everything computes

[Aighearach]

It sounds right, because compute is the key word. But is it *-ing something?! No, the air is not computing anything. Yes, it is doing things you could observe to compute something.

Re:everything computes

[bingoUV]

Interesting, and has parallels to the classic observer's paradox.

So if you redirect the output of a "computation" into /dev/null, and not observe the computation in any way, is it really "computation" ?

Meanwhile, in the real world, people keep calling it unobserved computation, and hence air, electrons etc. keep computing whether or not you observe it.

Re:Don't like Linus; Agree with Linus; CEO s/b fir

[cm5oom]

If it's so obvious then why did it take nearly two decades for anyone to notice?

Re:Red Hat screws up their implementaition of the

[hcs_$reboot]

I like this comment "Don't these kernel updates get any testing? I realize that CentOS may have very limited resources for testing, but doesn't Red Hat test these updates?".
What? Maybe it compiled just fine!

Re:Zhaoxin

[hcs_$reboot]

We clearly don't trust Intel ... why would we trust Chinese CPUs??

Because you trust already many stuff made in China. Have you a smartphone?

Issues

[Tom]

Since this news broke, I've been sitting on one question that bothers me, and I can't figure out the answer:

How much would this kind of global, hard-to-find, not-so-hard-to-exploit-once-you-know-what-to-look-for issue been worth to an interested party in 1995?

Re:Issues

[iggymanz]

that and other dangerous things Intel in particular does have been pointed out at various times over the years, for example the OpenBSD developers have been harping on those things for a couple decades. The reaction to that is generally along the lines of "Theo is an asshole", etc.

Re:Issues

[Tom]

You have a link to somewhere where someone (OpenBSD or not) talked about similar things?

Vulnerability yes, but very difficult to use

[mtm10]

So if I am big bad hacker, how do I use this vulnerability? Through a tedious process (carefully arranging for page faults and cache misses in speculatively executed code), I can determine bit by bit the value of other processes memory (which the OS and hardware should not allow); but I don't get a snap shot of the complete state of memory. Instead I get a peak at the value of the memory I should not have access to, word by word, memory which is changing as I am looking at it. How useful is this? Just figuring out what other process is running on the machine with you is tough, but can be done using this process. Of course by then, the other process has exited or been moved. Maybe worth doing if you know there is a program running with very sensitive data on the machine you are using; but why are they letting you on their machine in the first place? To prevent this difficult-to-use security leak, we can and should take the performance hit and disable this optimization on shared machines (such as in the cloud) where strangers programs are running on the same machine. But for privately owned machine running time-critical code, I would expect we'd recognize there is no risk here and continue using the fastest machines, with this security-risking vulnerability in place, along with its speed boost. I can imagine the cloud users would demand that the vendors supply them machines where the cpu is not shared with un-trusted players; and in the meantime Intel will come out with new chips that close this vulnerability; and before that Linux and Microsoft and Apple et al will deploy patches that mitigate the problem.

Re:Vulnerability yes, but very difficult to use

[iggymanz]

because privately owned machines don't have vulnerabilities allowing remote access? the updates for OS and firmware and drivers and code you pull down will never contain malware? Hell there have been printers that infect other machines on the same network....

Re:Vulnerability yes, but very difficult to use

[mtm10]

First the hacker has to get her bad code running on my machine. That is harder the more private the machine is; but never impossible (see Stuxnet). Then the evil code needs to actually gather useful information. The explanations I've read do not demonstrate that a complete picture of the data of a second process can be obtained using either exploit. Yes some information can be discovered; but no context for that information is found as well. Basically, the evil code can see what is at a given offset from the end of the program's memory; and the hope is that interesting stuff will be there; and that the evil code will recognize it for what it is. Then the bad code has to send the interesting data back to the mother ship. Yes, bad O/S patches and firmware can do evil stuff; and if you can one of them on my machine, I suspect you'd install one that simply uploads all my files to the cloud as a backup process; rather than page faults data in one bit at a time into its address space and then ... uploading it all to the cloud.

Re:Don't like Linus; Agree with Linus; CEO s/b fir

[nateman1352]

ARM (and AMD) may be susceptible to the lesser of the two [evil] exploits... but the impact for that second one is considerably less than Meltdown (which is specific to Intel only).

That's incorrect. Per Apple's statement, all of Apple's ARM designs except the watch are vulnerable to meltdown. Also, the Cortex-A75 is vulnerable to meltdown. I agree that the initial PR spin from Intel was pretty ridiculous, but the good news is it looks like some engineers at Intel released a actual technical response. Reading through the whitepaper, it looks like Intel has figured out how to patch both meltdown and spectre on existing chips using a combination of microcode updates and OS updates.

Re:Zhaoxin

[cyn1c77]

We clearly don't trust Intel ... why would we trust Chinese CPUs??

Who is more likely to put in a backdoor for the NSA? Intel or China?

Yes.

Re:Linus love attention more than money

[JaredOfEuropa]

Not really. Everyone is allowed their opinion. And if he speaks out about OS design, coding standards, or even processor architecture, I’d listen, since he knows a fair bit about those subjects. If he voices an opinion on how to manage a FOSS community, I’d still listen even though I don’t agree with his management style, because he ostensibly has experience on that front either. But if he tells others how to run their business or how to handle PR or legal matters, then yeah, he is largely irrelevant. Because he didn’t join the rat race, and those things lie outside his area of expertise.

His opinions on those matters might still be interesting and insightful, but they don’t really have any more weight than those of the rest of us.

Re:Don't like Linus; Agree with Linus; CEO s/b fir

[Tough+Love]

Excellent capsule summary of the issue, by the way. But you still can't blame the engineers... at the time, this kind of timing attack was not a thing. Nobody had a crystal ball, nobody saw it. Maybe you did, and you just forgot to send the memo.

Re:Don't like Linus; Agree with Linus; CEO s/b fir

[byrtolet]

I think that Meltdown is more architectural and OS problem than just Intel's flaw. CPUs have always been designed to be as fast as possible. If you want fast - you might have to sacrifice the security. If you need secirity - do things right and slow.

Re: Linus love attention more than money

[byrtolet]

How could a recall even be possible at this time? To me a recall implies that it is possible to repair the fault, which is clearly not possible now and for some time to come. As for the other things that you mention, they take time. Nothing happens instantaneously.

Yes, and if they recall the cpus, what will you do with the motherboard and the other periphery?

Re:Zhaoxin

[Hal_Porter]

Linux runs/ran on MIPS too.

Re:kinda naive

[mikael]

I guess they will have to add journaling to the CPU cache levels.

Re:Linus is Einstein Jr.

[Archtech]

It's hard to imagine any objective observer not already having enough evidence at hand to know that America is currently under the control of a criminal gang of thugs.

Now that is certainly true; as it has been true every year since the 1950s, and probably long before.

Re:Linus is Einstein Jr.

[Archtech]

And another publicly known fact is that there are a bunch Russians slimeballs with skin in the game, going so low as to troll-mod community sites like Slashdot. Understand this Ivan: you just provide more evidence every time you do it.

Can you cite the slightest piece of concrete evidence for this lurid fantasy?

Re:Zhaoxin

[ebvwfbw]

It's a monopoly. Intel found this out as well when they tried to move to the Itanium. It's a better chip with a better future. However managers wouldn't buy it because it wasn't the X86. Even though Windows would run on it. Same thing with the digital equipment corp Alpha processors. Way better, however penetrating the market was nearly impossible. I'd bring it up and managers wouldn't even consider it.

Sort of like Standard Oil 100+ years ago. If you bought anything other than standard oil your house could burn down. A lot of people thought that because it happened. Many people wouldn't even think about buying anyone else's kerosene.

Re:Red Hat screws up their implementaition of the

[Aighearach]

The deal with Centos has always been that it gets the same support that RHEL gets, but later.

It is a pretty good deal, actually. They don't hold fixes back, but don't expect their engineers to be doing overtime and getting called in on the weekend to massage a free patch. That's exactly what support subscriptions are for!

Centos will get all the fixes, and they will work well. History teaches this clearly.

Re: Zhaoxin

[davecb]

Thanks!

Re:Zhaoxin

[davecb]

No, there is quite a balancing process to be done by the courts, but the context of the comment was to address a claim that 80-90% was not a monopoly. In fact, it could easily be, depending on the size and market penetration of others in the market.

Re:Zhaoxin

[Aighearach]

You might have misunderstood what you're citing, as being a monopoly is totally legal in the US and so Judges aren't generally ruling on that. There is probably a different thing, worded differently, that the ruling involved. Specifically, they were accused of being a type of monopoly that violates section 2 of the Sherman Act.

First of all, rulings have context. The context of United States v. Alcoa that you cite was the aluminum market. It isn't presumed to be a one-size-fits-all answer. Certainly for businesses similar to aluminum manufacture, those types of numbers are considered relevant. Specifically, they found that Alcoa would substantially increase their own production capacity in anticipation of competition, and that they did so successfully in a way that prevented competitors from becoming established. The large capital investment required in the aluminum industry is very important to this.

Compare that to Intel's situation, where they compete very hard but companies like ARM who don't own a single factory can not only compete, but dominate some niches. They're not going to measure Intel based on whatever accusation you make, Intel will respond pointing to the whole computer processor market, and the Court will have to accept some portion of that definition. Who the customer is, or if the product goes in your pocket or on your desk, those are not real differences that the court will take seriously as being separate markets. It isn't enough to show that there is a monopoly, you have to show a monopoly that harms competition. If competition requires a giant factory, then 90% market share is going to get you there for obvious reasons, but if no giant factory is required, and an office with a handful of engineers can actually design a new product and sell it just fine, then 90% would be meaningless.

Like with Microsoft; having lots of market share wasn't the problem, competitors who failed to get access to that market due to behavior by Microsoft, in the context of microsoft's market share, was the problem. Compare that to Google's market share in their market; Google doesn't do anything to keep people out, their market partners aren't encouraged to sign lock-in agreements or anything. A company partnering with Google this year might partner with Bing next year, and they don't get punished in the market for that. So it doesn't matter how high Google's market share goes.

Another thing the courts look at is if a monopoly is a natural monopoly or not. If it is natural, then they don't care. If you had to do things to create it, then they do care. If you're the only person who has Magic Foo Rocks on your land, because they only come from one place, and you therefore have 100% of the Magic Foo Rock market, you have a natural monopoly and it is totally legal. Lack of competition isn't something you did, it flows naturally from the nature of your business. Whereas if you go out and buy up all the Magic Foo Rock mines, and now own them all, then that is not a natural monopoly but a created one. A more common natural monopoly is utility delivery, where it is impractical to have multiple sets of water pipes going to homes, and the investment in new pipes only makes sense when there is a lack of existing pipes. In that sort of case, a monopoly is totally legal and doesn't harm competition. Note, however, that if prices are too high you can still have problems because it is illegal for monopolies to harm competition, or customers. The remedy for high prices would likely only be partial refunds, though, not substantial changes to business practices.

Also, "80-90% of x86 CPUs" is like saying, "McDonalds has a monopoly on restaurants named McDonalds." Sure, it sounds good, but whatever "monopoly" means there, it doesn't mean any of the things talked about in the Sherman Act. Their market would include not only all the x86 CPUs, but also all the alternatives like ARM and MIPS. While it may be true that AMD's market share isn't enough to prevent Intel from being a monopoly, ARM's market share is easily enough to make it a joke. You'll be sitting there in a courtroom where most of the people in the room have an ARM CPU in their pocket, after all. Some lawyer will likely point that out.

Re:Zhaoxin

[davecb]

That's very long and informative, but regrettably off-topic. I was actually replying to a chap who appeared to think that you needed to have 100% of a market to be a monopoly.

Re:Don't like Linus; Agree with Linus; CEO s/b fir

[Aighearach]

You either didn't read Apple's statement before linking it, or you didn't understand it.

What it actually says is that Apple's ARM designs are all vulnerable to [Meltdown or Spectre]. So you got the most important part muddled.

Re:Linus is Einstein Jr.

[Tough+Love]

And another publicly known fact is that there are a bunch Russians slimeballs with skin in the game, going so low as to troll-mod community sites like Slashdot. Understand this Ivan: you just provide more evidence every time you do it.

Can you cite the slightest piece of concrete evidence for this lurid fantasy?

Why don't you just go ahead and cite your concrete evidence that Russian slimeballs are not slithering around this site, Igor.

Re:the many forks of speculation -- So WHAT ?

[redelm]

Nice description. Now tell me how knowing the _addresses_ in L[123] cache is any kind of exploitable breech? No-one is talking _data_, and the 'sploit described (history dumped) is pure userspace, most likely a cleverly crafted URL like file:///C\:Users\ .

If you're as worried as Theo, just turn off RDTSC (seccomp) as MS did long ago (Win98?), likely to disable a less-than-favorable benchmark.

Re:Zhaoxin

[Aighearach]

Right, but it wasn't off-topic. I didn't mean to imply that all my comments were uniquely tailored as a narrow response to you. You brought up Alcoa but cited it in a weird way for this context, and didn't explain why it would be relevant. The short answer is just that it isn't relevant, but bare conclusions have less value than explanations. I really don't care if the guy you were replying to was even more wrong. Lots of slashdot readers don't remember the details and haven't read any explanations since the MS antitrust trial, and it has been a couple years now.

If I saved one neckbeard from blathering on about how Intel is going to get in trouble and making a fool of himself, it is a successful public service for the listeners spared. :)

Re:Zhaoxin

[stoatwblr]

"It's a better chip with a better future."

When Itanium showed up the prime factors against using it weren't "It's not x86"

They were that it was far more expensive than the x86, ran slower for most workloads, generated a LOT more heat and were primarily targetted as server CPUs (no desktop/laptop CPUs) - meaning you had to run multiple architectures across your fleet, which most managers don't like doing.

If you want to sell a new architecture, then making it hard/expensive for developers to actually have test systems, etc is not a good way to go about it.

Intel discovered very quickly that they couldn't leverage their near-monopoly on x86 supply into market dominance in another processor type based on the manufacturer name alone. Even IBM stopped being able to sell simply on the strength of their name decades ago.

Re:Zhaoxin

[ebvwfbw]

Sounds to me that you're not that familiar with the Alpha. Here is the DEC Alpha Multia - http://www.computinghistory.or... . They would run Windows NT, also Linux which is what I used them for. That's a desktop, made to be a desktop and used as a desktop. It even had the sound card. It was a really nice neat little box.

I used to buy these. I had no trouble buying them for less than the slower intel desktops at the time. The Intel boxes were not just a bit slower, they were clearly a lot slower. Annoyingly a lot slower.

I have a lot of experience with the alpha, from the Multia up to big mainframes. That multia even when you could buy them as surplus machines would still beat the current Intel boxes. We did extensive testing on it. It wasn't until around 2000 that Intel finally caught up enough that I was willing to part with the multia. When processors were moving towards the 1ghz range. The frames we kept around until 2013. Not that they were faster, they weren't for years, however moving off was tough.

Re:Don't like Linus; Agree with Linus; CEO s/b fir

[stoatwblr]

"at the time, this kind of timing attack was not a thing."

It's a classic race condition.

Any time there's a possibility of a race condition, sooner or later it will bite you in the ass. The only way to win is to ensure there's never a race to be won.

Re: Linus love attention more than money

[stoatwblr]

"The right thing for intel to do IS to recall all CPUs for users that request it."

Are you kidding?

This is the same Intel who released Atom chips which _will_ drop dead at ~2 years of runtime and will only exchange them if they do so within the warranty period.

Re:Don't like Linus; Agree with Linus; CEO s/b fir

[Tough+Love]

It's a classic race condition.

Not it isn't, it's a statistical timing thing.

Re:Zhaoxin

[stoatwblr]

I'm very familiar with the Alpha thanks - and still have a couple of ancient DS20s that are on life support.

Itanium was no Alpha.

Re:Don't like Linus; Agree with Linus; CEO s/b fir

[stoatwblr]

| Not it isn't, it's a statistical timing thing.

What do you think a race condition is?

Re:Zhaoxin

[Agripa]

Backdoor for domestic police state? That would be China. At least the USA has structural separation between businesses (like Intel), and the government. And is a country of laws.

Do you mean like the separation between the NSA and RSA, Inc.?

Re:Don't like Linus; Agree with Linus; CEO s/b fir

[Tough+Love]

Please stay far away from any code I care about.

Re: Red Hat screws up their implementaition of the

[Aaden42]

Ubuntu has fixed kernels in testing now for 14.04. I don't see any final release date slated. They're not currently available via the standard package trees. You need to add a PPA to get the testing version. Ubuntu SecurityTeam Spectre and Meltdown

Re:Zhaoxin

[david_thornley]

IANAL, but I don't think "natural monopoly" matters here. It is illegal to leverage a monopoly in one area to get an unfair advantage in another. Certain forms of anticompetitive behavior are illegal, monopoly or not. It's legal to have a monopoly, but your actions will be followed much more attentively.

Also, the x86 market includes almost all of the laptop, desktop, and server markets, and those are distinct from the tablet and phone markets (almost all ARM). An ARM tablet won't run a large amount of software that can be business-critical, for example, so it's not an acceptable substitute.

Re:Don't like Linus; Agree with Linus; CEO s/b fir

[david_thornley]

Okay, so why isn't this a race condition, and what IS the difference between a race condition and a statistical timing condition?

Linus Torvalds needs to admit ...

[micahraleigh]

Linux has a problem with OS's.

What about AMD CPU users?

[martinfb]

My concern is that since AMD CPUs are (nearly completely) immune from these issues, will software patch/band-aids for these issues also affect software on AMD platforms?

Re:Zhaoxin

[ebvwfbw]

Then you should know. Did you buy the machines? Well Never mind I suppose. I always have been known to get a great deal. I always thought they were competitively priced for what was out there at the time. It's a DEC, just like HP, IBM, they put good parts in them. I never did have one go bad.

The Itanium had a lot of the Alpha technology in it believe it or not. DEC was bought by Compaq that was bought by HP and HP teamed up with Intel on the Itanium. I met a lot of those guys that did the work in NY State someplace. I'm friends with a super HP fan. He and I still have a HP3000/III nameplate. I was thinking this new processor will be it. HP Superdome.... to replace the PA chips... Should Rock. It'll get adopted into data centers.... Didn't. Face plant into the pavement.

Sooner or later we'll get away from the X86.... I keep thinking that. Maybe before I retire? I used to wonder why the MC88000 didn't take off and rule the world.

Re:Don't like Linus; Agree with Linus; CEO s/b fir

[Tough+Love]

The timing thing is about a side channel. Race conditions are not about side channels, they are about lack of essential synchronization.

Re:Zhaoxin

[stoatwblr]

It predates me. This is running VMS for support of ancient spacecraft software. We had a farm of DS10s and DS20s at one point. The only reason it survives is that keeping it is cheaper than moving to a VMS emulation environment.

I know the history of the Itanium. Sat, watched and waited for it. x86 is a mess and needed replacement even then.

(Hell, we would have bought more alphas if we could, but x86 won the war on both the bang-per-buck front and being the default for the original PC. This isn't so much VHS beating Beta as a souped up, revved out audio cassette format beating Beta.)

Was bitterly disappointed when it showed up with stupidly high pricing, high power consumption and relatively poor performance figures that precluded us buying any, quite apart from the inability to actually get any in Europe for quite a while.

In the meantime AMD released x86-64 CPUs which solved the 4GB barrier, then Intel bowed to pressure and crosslicensed them.
X86 Prices stayed low, relative performance kept climbing and Itanium effectively fell further and further behind, being repositioned from the idea of a general 64-bit server CPU to a high end one, then into niche spots like the Nonstops.

Itanium could have taken the market if Intel had been willing to sell it at a loss for a while. Yes there was resistance from the x86 desktop crowd but what ultimately sank it was the poor bang-per-buck it provided. Intel's marketing always seemed to lack conviction and once they crosslicensed x86-64, the writing was on the wall.

It's not as if it's the only Intel CPU that tanked over the years. The x86 is their moneymaker and what they've always come back to, despite its instruction set being a pile of fetid dingo kidneys. The sad truth is that they've never tried particularly hard to replace it because to do so would damage existing sales, even when they had better architectures to offer.

Itanic sank on the x86-64 iceberg.

Re:Zhaoxin

[ebvwfbw]

OMG, hell... You just brought back a flood of memories. A bunch from 35+ years ago. VMS, probably fortran. I was thinking Tru-64. I used to know vms 3.8-4.0. We moved all of our stat stuff up to Linux. Not hard going from Fortran to something like C or perl. Not hard for me at least. They have a descent Fortran compiler for Linux now. I think Microfocus' might work for you if you're interested. Maybe it's too risky to move to something else? I have a feeling it's very risky to continue to run it under VMS. The pool of people that even know what VMS is has to be small and shrinking. Good luck! I hope you find something that works and isn't so expensive.

Ok, so you're talking about the later boxes. Hell yes, you're right. The later ones they wanted a kidney and a date with your wife expensive. We couldn't support it either and moved on. In our case everything worked out and our refrigerator size Alphas went to GSA surplus.

Re:Zhaoxin

[Aighearach]

You're allowed to have advantages, and it doesn't have to be fair.

What you can't do is harm competition, or harm the customers. If you don't raise prices, you can do a lot to maintain market advantages.

Re:Zhaoxin

[stoatwblr]

"I was thinking Tru-64"

We turned those ones off about a decade ago.... :)