Slashdot Mirror
Intel Discloses Three More Chip Flaws (reuters.com)
Intel on Tuesday disclosed three more possible flaws in some of its microprocessors that can be exploited to gain access to certain data from computer memory. From a report: Its commonly used Core and Xeon processors were among the products that were affected, the company said. "We are not aware of reports that any of these methods have been used in real-world exploits, but this further underscores the need for everyone to adhere to security best practices," the company said in a blog post. Intel also released updates to address the issue and said new updates coupled those released earlier in the year will reduce the risk for users, including personal computer clients and data centres. In January, the company came under scrutiny after security researchers disclosed flaws that they said could let hackers steal sensitive information from nearly every modern computing device containing chips from Intel, Advanced Micro Devices and ARM.
The Reuters article quote Intel's blog: "...this further underscores the need for everyone to adhere to security best practices," the company said in a blog post.
That first best practice would be not buying Intel chips. Glad there's an alternative.
No doubt Intel found out that someone else was going to disclose these flaws, so they got out ahead of it. They're pulling a Rudy here; try to beat the scandal, but then create one with their attempt to deflect responsibility to someone else:
Yeah, Intel. Everyone. Including the folks who have done the worst job of adhering to security best practices... Intel. You guys skipped security checks until after they were necessary to gain a performance advantage over AMD, and now you're trying to deflect attention from that by suggesting that security is someone else's responsibility. But the CPU is the heart of the machine, and you're responsible for deliberately compromising its security for a business advantage.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Intel seems to be having problems again, while AMD is rolling out 2nd Gen Ryzen Threadrippers this week. AMD's got the high-end processor market all to itself, while Intel is revealing that they were never that good as they advertised.
Intel could have had a monopoly if they didn't make the Pentium bug math error. Computers are supposed to be "perfect" at computations, but the Intel bug threw some court cases in the wrong direction. I'm not sure they can be trusted anymore.
Now AMD is rolling out processor changes that were discussed here on Slashdot years ago, and they're off in the speed races and higher core limits. (Intel maxes out at about 6, new Threadripers offer 32 hyperthreaded cores that simulate 64 processors.)
Intel better go back to the drawing boards... they're behind in a game they used to always win.
The lack of disclosed vulnerabilities does not mean vulnerabilities do not exist.
To think "no news is good news" is not that far from "Security through Obscurity".
A brief history...
Intel followed the very successful Pentium 3 design with Netburst, a radical new architecture that used a VERY long pipeline in the chase for a 10GHz (eventually) clock. It was terrible, but Intel paid outlets at the time, like Slashdot, to promote it as the second coming of chr-st.
Meanwhile AMD was using its newly aquired team of CPU architects to build the world's first 64-bit compatible x86 chip, and the world's first true dual core x64 chip. And it was fantastic.
No matter how much lies Slashdot et al were paid to say about Netburst, its hopelessness was obvious from day one (who would have guessed an ultra-long-pipeline stunk for this type of application). So after a few generations, Intel went back to the Pentium 3 design, crossed it with AMD's best patents (legal cos of a croos patent agreement between Intel and AMD), and made the Core 2 which today continues as the improved 'core' architecture in Intel's Slylake etc.
What we did not know at the time was that Intel removed hardware memory access tests that a multi-core and or multi-threaded architecture that shares memory resourses must use. These tests are supposed to take the form of "lock and key" where a thread has a 'key' (id number) that must be tested in a 'lock' for any shared memory access. No lock and key means MUCH faster memory access and higher clocks/lower power- curiously EXACTLY those benefits seen over AMD til the release of AMD's Zen (but even then Intel keeps the clock advantage).
Yes today's Intel parts, at best get 5Ghz while AMD's Zen+ is at 4.3 GHz cos of that 'illegal' (in computer science terms) Intel CHEATING. And that cheating is why Intel suffers from the terrible unstoppable exploits that Zen does not.
Buy Intel and you are buying broken by design. Buy AMD's Ryzen and you are getting 'best of class' unless that buggy 0.7 GHz really matters to you.
Tiday Intel compounds its cheating with buying the review methodology used to benchmark AMD products. So AMD just launched a 32-core 64-thread processor and Intel paid the usual suspects to bench only using programs known to use 8-cores or less. Whereas you or I would then run FOUR instances of the benchmark at the same time to actually stress the 32-cores, not one of the review sites even attempted this.
Actually the Linux reviews were different since so many key Linux apps scale to any number of threads. They, of course, showed AMD's new threadripper to be a monster. But the bought and paid for Windows 10 reviews sites all 'wondered' who would want a 32-core part, given that "no windows user ever does more than one thing at a time on their computer". This is Intel's dirty money in play.
PS I use the AMD 8-core 1700 in windows. It is jaw-droppingly awesome. Unlike Intel, you can just have everything working at the same time (and I came from Intel systems where one heavy app means you must close down other heavy apps first). Evey bad word currently said about AMD is financially sponsored by Intel's gigantic PR fund.
Good lord, you can't be serious. The road to silicon nirvana is paved with errata sheets. (And always has been.)
Furthermore, the division bug is a terrible example to bolster your cause, because the algorithm was correct in the first place, and the implementation of the algorithm in digital logic was correct in the first place, and then they dropped a very small stitch in the transfer to silicon layout. Had the stitch been any larger, they would have easily caught it during silicon validation. Hint: on randomized inputs, the bug is only triggered about once in 9 billion cases.
Achieving 100% test coverage for all 3.1 million transistors is non-trivial, especially given the processing power available in 1990 three years before the Pentium was first released (what with cheap-ass PC memory costing $60,000/GB in 1990 dollars; double that for server-grade ECC).
The only shitty thing Intel did in this chapter was try to sweep it under the run after the horse bolted the barn.
And the truth of this is that back then, not a lot of software used the FP unit (most people had previously saved a few bucks by purchasing the 486SX castrato, which lacked the hardware floating point unit altogether, and most development shops pretty much assumed this was the defacto situation on the ground, so integer math was almost always preferred).
It really was true that 90% of the people purchasing these chips were at low risk of any real consequence (the two-frame bump in the night right as you're closing in for the money shot in Falcon 3.0 possibly excepted—Falcon 3.0 was legendary for actually using the hardware floating point unit to actually compute a (mildly degraded) military-calibre flight model back in the 486 era (when nothing else did). The accurate inertial momentum effects when rolling hard simply blew everyone's mind. It was so good, you almost felt it through your feet (if you had been wise enough to invest in the 486DX).
Poof! VERTIGO! VERTIGO! as the conspicuous fourth wall universally present in every kinetic 3-space simulator up until then suddenly vanished without a trace.
There was just no way to point this recall at only those who needed it (proof of a previous 486DX purchase order would have been a not-bad fence; hard to believe if you had previously purchased the 486SX that just now you suddenly gave a shit, though wankers are gonna wank).
So it's either pay to recall 9 processors causing a problem for every 1 processor that really needs to be replaced (at an enormous, globally unproductive expense), or panic and do a fatally stupid PR snow job. Intel picked door #2.
"Daddy, daddy, where does CO2 come from?"
"Well, son, it comes from flushing $500 million worth of almost perfectly good CPUs down the crapper practically unused, and then baking up a fresh set."
Guess what? I'm old as fuck, and still sharp as a tack. So if your asbestos underpants are in any kind of mild disrepair, I'd stick to spinning mythical stories about the 1970s or the 1960s, if I were you.
(Hint: I was already reading the 8008 data sheet to pass the time in my grade eight literature classroom. I would have had to mow my weekends to smithereens to actual own one at the price back in the day—not the very first version from 1972—but right around the time they came up with a simplified version reducing the number of mandatory voltage supplies from -12, +12, +5 to just +5. So even the mid-seventies are not quite free and clear for mythical reconstruction, wherever my lawn is found.)