Red Hat Reverts Spectre Patches to Address Boot Issues (bleepingcomputer.com)

← Back to Stories (view on slashdot.org)

Red Hat Reverts Spectre Patches to Address Boot Issues (bleepingcomputer.com)

Posted by EditorDavid on Saturday January 20, 2018 @05:44AM from the on-second-thought dept.

An anonymous reader quotes BleepingComputer: Red Hat is releasing updates for reverting previous patches for the Spectre vulnerability (Variant 2, aka CVE-2017-5715) after customers complained that some systems were failing to boot. "Red Hat is no longer providing microcode to address Spectre, variant 2, due to instabilities introduced that are causing customer systems to not boot," the company said yesterday. "The latest microcode_ctl and linux-firmware packages are reverting these unstable microprocessor firmware changes to versions that were known to be stable and well tested, released prior to the Spectre/Meltdown embargo lift date on Jan 3rd," Red Had added.

Instead, Red Hat is recommending that each customer contact their OEM hardware provider and inquire about mitigations for CVE-2017-5715 on a per-system basis. Besides Red Hat Enterprise Linux, other RHEL-based distros like CentOS and Scientific Linux are also expected to be affected by Red Hat's decision to revert previous Spectre Variant 2 updates, so these users will also have to contact CPU/OEM vendors.
At least one site "characterized the move as Red Hat washing its hands of the responsibility to provide customers with firmware patches," writes Data Center Knowledge, arguing instead that Red Hat "isn't actually involved in writing the firmware updates. It passes the microcode created by chipmakers to its users 'as a customer convenience.'" "What I would have said if they'd asked us ahead of time is that microcode is something that CPU vendors develop," Jon Masters, chief ARM architect at Red Hat, told Data Center Knowledge in a phone interview Thursday. "It's actually an encrypted, signed binary image, so we don't have the capability, even if we wanted to produce microcode. It's a binary blob that we cannot generate. The only people who can actually generate that are the CPU vendors."

78 comments

Min score:

Reason:

Sort:

Hey by M0j0_j0j0 · 2018-01-20 05:56 · Score: 1

I didn't knew it had the reboot feature!
1. Re:Hey by Anonymous Coward · 2018-01-20 06:28 · Score: 0
  
  Speaking moonian glish? Didn't knew either. Welcome ther!
2. Re:Hey by Anonymous Coward · 2018-01-20 09:03 · Score: 0
  
  How do you reverse the patch if the system does not boot?
3. Re:Hey by innocent_white_lamb · 2018-01-20 10:59 · Score: 1
  
  The microcode is loaded on boot, so you can still boot from a rescue disk (flash drive, CD, whatever) and remove the offending microcode from the directory that it's installed in and even install the "good" microcode while you're there, then reboot and all is well once again.
  
  --
  If you're a zombie and you know it, bite your friend!
Bullshit advice by RH by klingens · 2018-01-20 06:10 · Score: 5, Informative

As written in the summary, the CPU maker is the only entity who can create a fixed microcode, be it for inclusion into firmware (BIOS/UEFI) files or in Linux kernel microcode files. So asking the OEM vendors won't help one bit cause they can simply do nothing at all except use a file create by Intel. If RH is too small to force Intel to create working microcode without boot up bugs, then others aren't big enough either.
Then next thing is: what will RH do in the future? Never apply the Spectre microcodes due to instability? If so, what happens in the future when other microcode updates are needed, like before? Intel has afaik only a single microcode file for Linux for pretty much all CPUs together. There is no mix and match, no way for Linux to selectively choose what to load. That is why RH had to go back to an older version without the breakage for Spectre. they couldn't just disable the new buggy part of the microcode.
This file you can see and download here: https://downloadcenter.intel.c...
Normally it lives in your initrd.
Sooner or later RH has to include a current microcode file from Intel in RHEL again. Would have been nice if they had clearly communicated this to their customers. Not "wash their hands" but "we will continually work with Intel until this issue is resolved."
1. Re:Bullshit advice by RH by Anonymous Coward · 2018-01-20 07:16 · Score: 0
  
  They will do what Microsoft does. They will not apply microcode updates through WU any more. The Spectre patch will also not activate when the microcode is loaded after the system is booted (for example via the VMware Microcode Update Driver). The documentation is also specific about having your OEM do the microcode update through a BIOS update.
2. Re:Bullshit advice by RH by ls671 · 2018-01-20 07:20 · Score: 3, Interesting
  
  Actually, here is the approach we have adopted with regards to this problem; Don't apply the patches until this is sorted out, I give it about 3 months before we can make up our minds but any guess is as good as mine.
  Something that critically linked to the hardware as to be tested with all available hardware and configurations which is pretty hard to do. So, as usual, let the users do the testing and the testing cycle isn't completed yet! ;-)
  
  --
  Everything I write is lies, read between the lines.
3. Re:Bullshit advice by RH by Espectr0 · 2018-01-20 07:48 · Score: 1
  
  red hat didn't cause this bug, they are just an OS. why can't intel put the microcode file up for download on their website? Oh wait they did
  
  --
  Open Source Java Web Forum with LDAP authentication
4. Re:Bullshit advice by RH by Anonymous Coward · 2018-01-20 08:29 · Score: 0
  
  "If RH is too small to force Intel to create working microcode without boot up bugs"
  Intel created a patch and used RH as one of the delivery channels to hopefully lead to more people adopting and installing the patch. Intel rushed to create and release a patch for the vulnerability all in an effort to silence those demanding an immediate fix. Never mind that the reported vulnerabilities have existed for long time so taking more time to create and test a patch would have been the correct call. And low and behold the patch released did have a bug. Damn near every application, OS, and Microcode images contain exploitable bugs.
  Intel releases a patch with bug and makes it available to RH for distribution. It would be nice to know if RH actually tests the patches before packaging them up for distribution. Users encounter bug and complain. RH removes the offending patch and provide the users with the necessary tools to revert back to previous OS version. Intel are still working on the patch which will eventually be released when they are done.
5. Re: Bullshit advice by RH by Anonymous Coward · 2018-01-20 08:51 · Score: 0
  
  Reasonable expectation is that this is non-patchable 100%. Should only be patched for VM hypervisors and OS where client initiated execution takes place; for example a terminal server of some sort. For systems where that doesnâ(TM)t apply, and stability and data integrity is of paramount importance, do not patch.
  Well just have to wait for either a new paradigm in computer science security to solidify in silicon, or patched sooner in next gen CPUs.
6. Re:Bullshit advice by RH by Anonymous Coward · 2018-01-20 10:35 · Score: 0
  
  Intel has afaik only a single microcode file for Linux for pretty much all CPUs together. There is no mix and match, no way for Linux to selectively choose what to load.
  That's not true, there are tools to split it up. On gentoo, for example, the intel-microcode package installs these files:
  $ ls -l /lib64/firmware/intel-ucode/
  total 1700
  -rw-r--r-- 1 root root 2048 Jan 16 05:03 06-03-02
  -rw-r--r-- 1 root root 6144 Jan 16 05:03 06-05-00
  -rw-r--r-- 1 root root 2048 Jan 16 05:03 06-05-01
  -rw-r--r-- 1 root root 6144 Jan 16 05:03 06-05-02 ...etc...
7. Re:Bullshit advice by RH by arth1 · 2018-01-20 13:35 · Score: 1
  
  Each file is a microcode update for one CPU.family-model-stepping, not different versions for the same CPU.
  If you set MICROCODE_SIGNAURES="-S" in make.conf before you emerge sys-firmware/intel-microcode, it only installs the one for your CPU (or should have - it's slightly broken and will install all the steppings for the same family/model)
  But anyhow, you can only load one file. They're signed and the CPU will refuse to load anything else, whether you use the full microcode.dat or the ff-mm-ss file.
  To avoid the latest microcode without any of the Spectre fixes, you need to download and install an older version (and for gentoo, mask newer versions).
8. Re:Bullshit advice by RH by joemck · 2018-01-20 18:56 · Score: 1
  
  This looks like a case of Red Hat telling its customers to go tell their OEMs to go tell Intel they broke stuff with their microcode patch and need to fix it. It's a common strategy to take if you don't think you have enough leverage telling them yourself.
9. Re:Bullshit advice by RH by sjames · 2018-01-21 07:11 · Score: 1
  
  I imagine they will if/when Intel gives them a blob that doesn't make systems crash. I can understand their frustration, Intel hands them a blob of microcode but provides no way to debug or even understand the contents. It fails miserably and RH is left holding the bag with it's customers. They get to deal with the angry calls and the hit to reputation while Intel skates.
  If they punt to the OEMs, then the OEMs get to deal with the angry calls and perhaps re-thinks Intel as a CPU source. More likely, they add an "Intel upcharge" to their Intel based boards to compensate for the headache and AMD looks just a little better to system buyers.
I hope that RedHat start distributing it again by Alain+Williams · 2018-01-20 06:19 · Score: 5, Insightful

I understand why they stopped distributing the microcode. It is something that they cannot test fully, cannot fix and which might brick customers' hardware. If something goes wrong I expect someone to try to sue them. Distributing the microcode bring little benefit (to RedHat) but brings potential risk/cost.
The onus is really on AMD/Intel/... to test the new microcode on *every* CPU that they have produced and with a large selection of releases & configurations of operating systems (MS Windows, Linux, macOS, ...) with different support chips (RAM, USB, ...). Yes: a lot of work, but they are the ones who screwed up here. They have also known about these problems for some 6 months - so it is a complete disgrace that they have not already produced the microcode updates AND tested them.
Hopefully in a month or two, when the testing has been done properly: RedHat, Microsoft, ... will push out the microcode updates. We need these distributors, or vendors, to do so because otherwise very few machines will end up patched. Large organisations might contact the CPU vendors, most SME or home users probably don't know what the machines contain and won't think to worry about the update... which would just leave them vulnerable for when someone works out how to produce a real Spectre cracker program. It is ''when'' not ''if''.
1. Re:I hope that RedHat start distributing it again by Anonymous Coward · 2018-01-20 08:40 · Score: 1
  
  The did not "stop distributing the microcode", they "rolled back to the last known stable release".
  What CPU microcode is available via the microcode_ctl package to mitigate CVE-2017-5715 (variant 2)?
  
  The latest microcode_ctl and linux-firmware packages from Red Hat do not include resolutions to the CVE-2017-5715 (variant 2) exploit. Red Hat is no longer providing microcode to address Spectre, variant 2, due to instabilities introduced that are causing customer systems to not boot. The latest microcode_ctl and linux-firmware packages are reverting these unstable microprocessor firmware changes to versions that were known to be stable and well tested, released prior to the Spectre/Meltdown embargo lift date on Jan 3rd. Customers are advised to contact their silicon vendor to get the latest microcode for their particular processor.
2. Re:I hope that RedHat start distributing it again by Anonymous Coward · 2018-01-20 09:27 · Score: 1
  
  >Which might brick customers' hardware
  Microcode is non-persistent. It is loaded by either the motherboard or the OS at boot time. OS-loaded microcode can't brick your hardware; worst case, reinstall. A bad BIOS flash may be more problematic
3. Re:I hope that RedHat start distributing it again by arth1 · 2018-01-20 14:42 · Score: 1
  
  Microcode is non-persistent. It is loaded by either the motherboard or the OS at boot time.
  Most commonly either through a initramfs that loads it directly, or a udev rule that loads it when the devices are set up early in boot.
  But also after boot, by calling micocode_ctl or iucode_tool specifying what microcode update should be loaded, or signaling the kernel by writing 1 to /sys/devices/system/cpu/microcode/reload if there is a /lib/firmware/intel-ucode/ file that matches the family/model/stepping, or by writing the extracted firmware directly into /dev/cpu/microcode
  I prefer to do it with microcode_ctl or iucode_tool, so I retain full control, and maintain a way to boot without it. So far no problems on any system, but we'll see.
Spectre Patches Anyone? by mschwanke97402 · 2018-01-20 06:34 · Score: 5, Funny

Seems like there is more damage being done by the Meltdown / Spectre hysteria and attendant patch frenzy than by exploits of the vulnerabilities themselves.
Friends don't let friends Spectre patch their computers!
1. Re:Spectre Patches Anyone? by HiThere · 2018-01-20 08:29 · Score: 3, Insightful
  
  You've got a point. The question is, how would you know if you were penetrated by Meltdown? Spectre is something that needs to be dealt with carefully. Meltdown? That's a bit more dangerous.
  My personal suggestion is to start by blocking javascript execution. That's not enough, but it buys you some time. But beyond that, I don't know. I'm presuming that it will get sorted out, so buying yourself some time is valuable.
  
  --
  
  I think we've pushed this "anyone can grow up to be president" thing too far.
2. Re:Spectre Patches Anyone? by tlhIngan · 2018-01-20 23:21 · Score: 2
  
  Seems like there is more damage being done by the Meltdown / Spectre hysteria and attendant patch frenzy than by exploits of the vulnerabilities themselves.
  That's because the most serious vulnerabilities affect virtualized systems more, and given the popularity of the cloud, they are extremely affected because there is no control over what software is run.
  These attacks may seem theoretical, and for a desktop user, they mostly are. Even server users with dedicated machines are generally safe as they own the entire machine and thus control the software on it. Virtualized hosts, not so much, and this ranges from simple VPS hosting companies, to cloud service companies like Amazon and Google. In this case, accessing not-your-memory can be beneficial, like trying to find the encryption keys used by someone sharing your machine. Cloud providers are especially scared because during high peak retail times, encryption keys may be spun to many instances to handle the load, and crafty attackers may simply spin up instances to extract those keys.
3. Re:Spectre Patches Anyone? by mschwanke97402 · 2018-01-24 16:35 · Score: 1
  
  That's because the most serious vulnerabilities affect virtualized systems more, and given the popularity of the cloud, they are extremely affected because there is no control over what software is run.
  These attacks may seem theoretical, and for a desktop user, they mostly are. Even server users with dedicated machines are generally safe as they own the entire machine and thus control the software on it. Virtualized hosts, not so much, and this ranges from simple VPS hosting companies, to cloud service companies like Amazon and Google. In this case, accessing not-your-memory can be beneficial, like trying to find the encryption keys used by someone sharing your machine. Cloud providers are especially scared because during high peak retail times, encryption keys may be spun to many instances to handle the load, and crafty attackers may simply spin up instances to extract those keys.
  Very good points. I agree that it is the shared environments that have to take the Meltdown / Spectre threats seriously.
4. Re:Spectre Patches Anyone? by mschwanke97402 · 2018-01-24 16:43 · Score: 1
  
  Your personal system won’t be penetrated by Meltdown. Your system will need to be compromised by malware for Meltdown / Spectre vulnerabilities to be exploited. There is literally no point to it if your system is already compromised. Now JavaScript exploits might be possible but all of the major browser vendors have already patched their JavaScript engines. I can see disabling JavaScript on certain secure systems but it would break alot of things users want on popular websites. Note that Amazon seems to limp along OK even with scripting disabled ;)
Translation by Mister+Liberty · 2018-01-20 06:36 · Score: 1

"each customer contact their OEM hardware provider and inquire about mitigations for CVE-2017-5715 on a per-system basis. "

Translation: each customer of Intel better think twice next time they consider and trust said company.
Microcode updates from OSes? by thegarbz · 2018-01-20 06:41 · Score: 2

So Linux provides the ability to update the CPU microcode during boot. Does Windows do something similar? I know that Microsoft has control over their Surface devices and often rolls out UEFI / BIOS updates via Windows updates, but does the OS itself have this functionality too?
It would seem there's a pretty big exposure if Linux is able to push out updates directly from Intel, but Microsoft says: Apply a BIOS update from your PC OEM. Last BIOS issued to my motherboard was in 2014 and it is listed as beta.
1. Re:Microcode updates from OSes? by ELCouz · 2018-01-20 06:53 · Score: 2
  
  You can do it yourself...use the linux microcode file from Intel website and patch at startup the microcode with the vmware windows microcode update tool.
  
  I did this this summer when there was a bug regarding threads for the Skylake CPUs until I had the BIOS update available.
2. Re:Microcode updates from OSes? by ELCouz · 2018-01-20 06:54 · Score: 2
  
  Here's the link ------>>>>https://labs.vmware.com/flings/vmware-cpu-microcode-update-driver
3. Re:Microcode updates from OSes? by Anonymous Coward · 2018-01-20 07:13 · Score: 0
  
  Yes, Microsoft's able to and has done it in the past. I'd hazard to guess they've been holding off on this one until more testing is done, for the fear of encountering exactly what Red Hat has.
4. Re:Microcode updates from OSes? by Anonymous Coward · 2018-01-20 07:18 · Score: 0
  
  This will however *not* activate the Spectre mitigations in Windows. The microcode has to be updated by the BIOS for it to work since the checks are earlier in the boot process than the VMware driver activation.
5. Re:Microcode updates from OSes? by Anonymous Coward · 2018-01-20 07:24 · Score: 0
  
  Yes. Microsoft has had CPU microcode driver (which often contains a TON of different CPU microcodes) since at least XP (update.sys), but probably even earlier.
6. Re:Microcode updates from OSes? by thegarbz · 2018-01-20 08:19 · Score: 1
  
  Cheers!
Don't like Redhat usually, but good for them. by Anonymous Coward · 2018-01-20 06:47 · Score: 0

This is Intel's fault, they should front the cost, effort and storm of support calls from the industry to get their microcode patches out (and wash, rinse, repeat until they get it *right*).
They want to control their ISA with an iron fist, including sticking encrypted, secret blobs and extra processors in their North/South/East/Westbridges or whatever, then they can deal with the fallout when *they* screw up.
If this were the auto industry they'd be already be banned from selling any units in warehouses with this flaw, and working on little boxes to put a new CPU in and a return voucher to send with it for every single damn CPU out there. Hell, Samsung at least tried to get people to send their undeniably defective products back in exchange for fixed ones. The fact that Intel is "too big to fail" is just another sign the industry has been too anticompetitive for far too long.
I miss the choice of architectures that were actually in commodity systems.
Re: Rumor Has It That by Anonymous Coward · 2018-01-20 07:01 · Score: 0

And reality have it that you are full of shit.
Re:Ah, the POWER of "OpenSORES"!!! apk by Anonymous Coward · 2018-01-20 07:05 · Score: 0

Closed-source encrypted binary blobs from Intel are causing booting problems and you're trying to blame it on open source? And then pretending to be another AC to praise yourself? Seriously, APK?
I've said it before... by GerryGilmore · 2018-01-20 07:05 · Score: 5, Insightful

...and I'll say it again: there has been WAY too much hype and hysteria (Hhhhmmm: Hype and Hysteria would be a GREAT band name!) around these issues. A) The vulnerabilities are far too esoteric to be really useful when there are a gazillion very easy, well-worn paths to get at your systems. B) Yes, ultimately, these vulnerabilities need to be addressed, but in a much more reasoned, thoroughly tested fashion as opposed to the current "OMG! I must flash my BIOS, install the latest microcode and update the kernel AT ONCE or all my base are belong to them!!" mindset. Perspective, please.
1. Re:I've said it before... by Anonymous Coward · 2018-01-20 07:33 · Score: 0
  
  Obviously you have nothing running in the cloud. If you did you'd understand the cause for alarm.
2. Re:I've said it before... by Anonymous Coward · 2018-01-20 07:42 · Score: 0
  
  What does that have to do with anything?
3. Re: I've said it before... by Anonymous Coward · 2018-01-20 07:47 · Score: 0
  
  No, wrong. 100%.
  ESXi was already patched last fall, so two VMs in the same host can't snoop on each other. Other hypervisor vendors have similar fixes. The only way "the cloud" will cause you an issue is if you're sharing the same top layer OS which would be plain stupid.
  The at risk systems are primarily end users, since web browsers run arbitrary code a lot (JavaScript, etc.) Which can, and has been, fixed through browser patches.
  The rush to correct this at the cpu and even OS kernel layers is premature and largely not necessary. Most people should step back and wait for solid fixes to become fully vetted.
4. Re: I've said it before... by iggymanz · 2018-01-20 08:36 · Score: 1
  
  Wrong, patches only released January 9 for meltdown and spectre, and it remains to be seen if all possibilities of spectre attack are even addressed
  https://www.vmware.com/securit...
5. Re:I've said it before... by iggymanz · 2018-01-20 08:39 · Score: 1
  
  Your lazy and careless attitude is typical of a PC owner who thinks what is true for his little home devices are true for virtualized systems
6. Re: I've said it before... by Anonymous Coward · 2018-01-20 10:37 · Score: 0
  
  Listen man, we don't all own virtualized systems. It's not that mainstream. But if u do, patch and hope for the best. If you don't(which is most likely 80% of computer users), then don't patch.
  Just because you guys are vulnerable don't spread the FUD our way. We are doing just fine.
7. Re:I've said it before... by GerryGilmore · 2018-01-20 10:41 · Score: 1
  
  And your stupid post indicates how little you know. VMWare has already issued patches to isolate any infection, protecting virtualized environments. Beyond which, I challenge you (or anyone) to show me a real working infiltration outside a very carefully crafted environment where you can A) gather enough memory data in this abtruse fashion to be useful and then B) make any sense out of this data. But go ahead, crash the delicately balanced ecosystem encompassing everything evolved over the last 40 years or so so that you can be "secure" (while phishers, etc wreak havoc through regular, working methods). Go ahead.
8. Re: I've said it before... by GerryGilmore · 2018-01-20 10:42 · Score: 1
  
  Then you should apply even MORE patches! Hurry!! Doom is imminent!!!
9. Re:I've said it before... by iggymanz · 2018-01-20 13:48 · Score: 1
  
  False, you are the ignorant one fearing bad press for vmware, maybe your stock will take a hit? The truth is VMware has reverted several SPECTRE and MELTDOWON patches for causing instability. All intel and AMD issues are NOT currently patched.
10. Re: I've said it before... by iggymanz · 2018-01-20 13:51 · Score: 1
  
  Meanwhile, your checks, credit card transactions, banking accounts, insurance, merchant payments pass through virtualized systems. Everyone here depends on virtualized systems. 100% of the people here depend on virtualized systems, and it isn't just Intel and AMD that have speculative execution bugs, the POWER chips in IBM Z Mainframes and AIX boxes do too...
11. Re:I've said it before... by johannesg · 2018-01-20 21:15 · Score: 1
  
  Your lazy and careless attitude is typical of a PC owner who thinks what is true for his little home devices are true for virtualized systems
  Anyone who puts his data and his software on _someone else's computer_ didn't really care about its security in the first place. Otherwise he would have invested in a computer of his own, and kept everything in-house.
12. Re:I've said it before... by thegarbz · 2018-01-20 22:40 · Score: 1
  
  VMWare has already issued patches to isolate any infection
  The VMWare "patches" are little more than the same patches that everyone else is rolling out, and requires the same microcode update. That same update that VMware has pulled just like the rest of the industry has.
  
  But go ahead, crash the delicately balanced ecosystem encompassing everything evolved over the last 40 years or so so that you can be "secure" (while phishers, etc wreak havoc through regular, working methods).
  There's different risk profiles and different attack vectors for different systems. They all should be addressed as needed. Oh and for making that statement: You're a complete moron.
13. Re: I've said it before... by thegarbz · 2018-01-20 22:40 · Score: 1
  
  It's not that mainstream.
  
  Fuck me are you in for a surprise when you hear of this thing called "the cloud".
14. Re: I've said it before... by tlhIngan · 2018-01-20 23:10 · Score: 1
  
  Meanwhile, your checks, credit card transactions, banking accounts, insurance, merchant payments pass through virtualized systems. Everyone here depends on virtualized systems. 100% of the people here depend on virtualized systems, and it isn't just Intel and AMD that have speculative execution bugs, the POWER chips in IBM Z Mainframes and AIX boxes do too...
  Even worse, IBM has only been releasing half-patches, the complete fix is due in mid-February. With the speed that Intel and AMD have released fixes, and OS vendors have too, IBM seems slow off the mark.
  And I won't really call it a bug, but an optimization people did that no one realized would open up serious security vulnerabilities. It's a cheat because you're not doing all the proper checks when you should, because if you did, you'd slow down and stall the pipeline. Instead, you begin speculative execution, kick off tasks to fetch operands and other metadata (including security and maps) and hope by the time the instruction needs the information, it's there.. It's why we moved from fetch-and-execute cycles to full OOO execution - the speed up is immense. It's also why everyone did it, and why we're all seeing the result now.
  Of course, doing it right avoided the issues, but then your processor ends up slower and thus, less competitive.
15. Re: I've said it before... by iggymanz · 2018-01-21 04:26 · Score: 1
  
  Except the actual fixes prevent booting many machines, so patches are being reverted and only partial fixes are available in Intel/AMD land.
  Actually, it was realized in the mid 1990s intel's optimization had the security holes we are now calling MELTDOWN and SPECTRE, The NSA sponsored paper is "The Intel 80x86 Processor Architecture: Pitfalls for Secure Systems". No one took it seriously, is all.
16. Re:I've said it before... by Joey+Vegetables · 2018-01-22 05:46 · Score: 1
  
  I have no problem sending properly encrypted data to the cloud, and I've had isolated incidents in past workplaces where employees and contractors stole information that was local. In general, cloud storage does pose security challenges, but not insurmountable ones. People who do not understand those challenges, and people who take advantage of them, are the bigger issues IMO.
  
  --
  
  Nonaggression works!
17. Re: I've said it before... by iggymanz · 2018-01-22 14:12 · Score: 1
  
  hahaha, and VMWare has now reverted ALL the SPECTRE patches
  https://kb.vmware.com/s/articl...
  "ESXi was already patched last fall"....BWAHAHAHA you are really a naive shill aren't you?
18. Re:I've said it before... by johannesg · 2018-01-25 09:58 · Score: 1
  
  Dude, talk about missing the point. If your data is already encrypted anyway it's no problem if it gets sniffed by Spectre and/or Meltdown, now is it? The discussion was about when your data is potentially available for sniffing, i.e. when it is not encrypted.
Ah, the POWER of "OpenSORES"!!! apk by Anonymous Coward · 2018-01-20 07:12 · Score: 0

See subject: POWER to make a system unbootable! Power to secure so well you can't use a computer!
Yes, yes: I know - UNJUSTIFIABLE 'downmods' FROM DUBAI (/.'s BizX is outta there) are forthcoming AGAIN https://linux.slashdot.org/comments.pl?sid=11639297&cid=55967889/ on this post too like last time of course (mark my words - it's "the best they got" (lol, ALL they got) vs. fact).
(POWER that makes me lmao!)
* Hahahaha!
APK
P.S.=> "PoWeR" to make your system go "POOF" - it's "MaGiC", lmao (openSORES truly IS for 'poofs' as the brits say, lol!)... apk
Intel by zdzichu · 2018-01-20 07:24 · Score: 4, Insightful

Wow, few paragraphs about Intel's fuckup and the culprit name isn't mentioned even once. It's Intel. Red Hat merely retracted updates developed and provided by Intel.

--
:wq
1. Re:Intel by HiThere · 2018-01-20 08:33 · Score: 1
  
  Ah, so that's why they said to contact the OEM. The OEM will know which patches (from Intel) are safe to use on their system.
  
  --
  
  I think we've pushed this "anyone can grow up to be president" thing too far.
Re:Ah, the POWER of "OpenSORES"!!! apk by Anonymous Coward · 2018-01-20 07:26 · Score: 0

Oh, I see. So you can't find someone else's code to copy and call your own OpenSORES to fix it? Ok. I understand.
Re:Ah, the POWER of "OpenSORES"!!! apk by Fancy+Feast+Cat+Food · 2018-01-20 08:00 · Score: 0

If he could justify the "STRAIGHT FROM DUBAI" comment, it would put these idiot "editors" in their place.
Re:Ah, the POWER of "OpenSORES"!!! apk by Anonymous Coward · 2018-01-20 08:19 · Score: 0

Are you insane? Don't you have some meds that might help?
Re:Ah, the POWER of "OpenSORES"!!! apk by Anonymous Coward · 2018-01-20 08:25 · Score: 0

Here's 1 https://www.bizx.com/contact/ and another https://www.bizx.com/about/team/ want more? Lookup "Dubai" and "BizX" (parent company of slashdot) on any search engine. How do you think the otherwise worthless toad that owns this place got money to buy it? His non-existent 'intellect'?? A trustfund baby or funding from Dubai is how.
Re:Ah, the POWER of "OpenSORES"!!! apk by Anonymous Coward · 2018-01-20 08:40 · Score: 0

Whipslash/Logan Abbott the power of DUBAI compels you https://linux.slashdot.org/comments.pl?sid=11639297&cid=55968457/ do they have more money to supply to you to buy up US media to program more sheeple with more traitor SJW bullcrap with your blackhat SEO tactics you're known to use?
Re: Rumor Has It That by Anonymous Coward · 2018-01-20 09:40 · Score: 0

The poster isn't suggesting Poettering literally did that, but rather suggesting that Poettering is that evil.
captcha: domineer
Re:Ah, the POWER of "OpenSORES"!!! apk by Anonymous Coward · 2018-01-20 09:44 · Score: 0

The post was fucking useless. I guess I need to look up what actually justifies a downmod, but that should.
Re:Ah, the POWER of "OpenSORES"!!! apk by Anonymous Coward · 2018-01-20 09:54 · Score: 0

Whipslash/Logan Abbott the power of DUBAI compels you https://linux.slashdot.org/comments.pl?sid=11639297&cid=55968457/ do they have more money to supply to you to buy up US media to program more sheeple with more traitor SJW bullcrap with blackhat SEO tactics you're known to use?
Re: Ah, the POWER of "OpenSORES"!!! apk by Anonymous Coward · 2018-01-20 10:38 · Score: 0

I hope BizX sues you for slander lol.
Re:Ah, the POWER of "OpenSORES"!!! apk by Betty+Crocker · 2018-01-20 10:40 · Score: 1

Thanks. This site was purchased to push an agenda. The timing went along with a lot of other weird things. Sucks that it isn't publicly traded. I looked on EDGAR a while back, and there are a ton of entries on Slashdot Media, but it looks as though it's just a little piece of someone's portfolio pushed around like a poker chip or a liquored up 19-year-old floozie at a frat party. California secretary of state office didn't have much to report either.
Thanks god my Sgi Octane is finally stable by ReneR · 2018-01-20 10:59 · Score: 2

so I do not need to worry about Intel's f*ckups anymore: https://www.youtube.com/watch?... ;-)
1. Re:Thanks god my Sgi Octane is finally stable by iggymanz · 2018-01-20 13:35 · Score: 1
  
  The R10000, 12 and 14K had speculative execution, you may be vulnerable to spectre-like attacks
Re: Ah, the POWER of "OpenSORES"!!! apk by Anonymous Coward · 2018-01-20 12:37 · Score: 0

Hey Von Braino It's in written form (no slander) or even libel. BizX is out of dubai in the links posted in the link you clicked on and his own former employees say he does blackhat seo on glassdoor reviews Von Braino!
Re:Ah, the POWER of "OpenSORES"!!! apk by Anonymous Coward · 2018-01-20 12:43 · Score: 0

Does look like a dubai connection. Most sites push someone's agenda. A globalist agenda that's not out for your good as a U.S. Citizen.
Lots of microcode files. by emil · 2018-01-20 12:54 · Score: 1

Under Oracle Linux 7.4, the command "ls /lib/firmware/intel-ucode/ | wc -l" reports 95 files in that location.
You can run "rpm -qi microcode_ctl" and "rpm -ql microcode_ctl" to get more information about what these are.
Brick? I think not. by emil · 2018-01-20 12:57 · Score: 1

The microcode update "should not" brick hardware. The output of the command "rpm -qi microcode_ctl | tail -3" tells you why:
The microcode update is volatile and needs to be uploaded on each system boot i.e. it doesn't reflash your cpu permanently, reboot and it reverts back to the old microcode.
AMD Ryzen with Vega by Anonymous Coward · 2018-01-20 13:30 · Score: 0

I'm curious about AMD Ryzen with Vega graphics. Will they have all the fixes when they come out? Will they do a good job at 4k graphics?
It looks like an interesting chip and something worth considering, but only if I can ditch the standalone video card and maybe make a super compact PC. Maybe something like a NUC PC with M.2. and 16GB..?
I could possibly just strap that directly to my 4k tv's monitor arm. It is not as if you really need a CD drive anymore for much.
If AMD can make a nice integrated solution and sell it as a replacement to Intel's security problems, well this might be a good year for them..
Signed microcode update by manu0601 · 2018-01-20 13:48 · Score: 2

I wondered about CPU micrcode hacking and I got the answer here: the micrcode update is signed. That suggests modern Intel CPU have a crypto engine to verify the update. I wonder how long will we live before someone leaks private key.