If it was an AMD CPU it wasn't vulnerable to Meltdown anyway. Spectre is a slightly different exploit which doesn't (currently) break permissions. Dangerous, yes, and will probably soon have an exploit designed, but that hasn't happened yet (that we know of). And the OS update doesn't protect against Spectre anyway.
How about you reformat your disk and recover from backup? I remember having to do that a couple of times. Of course that was decades ago.
It wasn't quality control that drove me away from MSWind, it was their EULA, but I've got to admit that the current quality on Linux is better than the quality was on MSWind around 2000. Can't even guess about their current quality (outside of aggravated posts, which are biased) because I won't agree to their EULA.
To be fair, a lot of the blame this time goes to Intel. I speak, however, as someone who hasn't allowed any Microsoft software on my computers in nearly two decades.
Spectre is going to require a redesign of the CPUs for everything that does speculative execution. Someone commented that it might be enough to freeze the clock during speculative execution, but to me that sounds pretty major, and potentially crippling.
OTOH, *so far* nobody has demonstrated a use of Spectre to break confinement, so it may be handleable in software. Perhaps without undue costs.
But ALL the main chips are vulnerable to Spectre. Sorry about that. (I think someone said the Rasberry Pi chip wasn't vulnerable, and there are lots of older chips that aren't vulnerable. Like the i6502, or the z80.... Well, OK, that's a bit extreme, but I'm not sure which SMP capable chips aren't vulnerable.
Many people who know much more than I about this attack say this is a new form of attack. I can accept that timing attacks are well known, but there is something about this particular form of timing attack that was not expected by anyone that I believe to have had detailed knowledge. And those without detailed knowledge aren't in a position to have expected it, which certainly includes me. It's not just a timing attack, though that's clearly a necessary component.
IIUC (not at all sure) Trehalose is digested further down the digestive tract than is sucrose. They also seem to imply that only some people have the enzymes needed to digest it.
I tend to consider that to be due to a "safe" level of multiple pesticide residues rather than to mainly be due to insufficiently tested food additives. Not saying there can't be interactions between the two phenomena.
Just because overuse of antibiotics is the primary cause of many problems doesn't make that the primary cause of all problems. Vaguely tested food additives are also the primary cause of many problems, and this may well be one of them.
IIUC, there actually *is* a possible microcode fix...but the cost would be greater time delays than the software patch causes. Basically, with the current chip design you would need to disable speculative execution at all times.
The software patch is actually better, even though not good.
I read that as "Is Intel going to be having this same design flaw in the next chip design released?". A valid question, and only rhetorical because nobody expects Intel to give an answer.
Yes, Meltdown is the result of a mistake in design. But it wasn't (or doesn't appear to have been) a *known* mistake in design. These cross-channel timing attacks are a new mode of attack. An, IIUC, essentially all CPUs that do speculative execution may be vulnerable. (I.e., Spectre.) There aren't *yet* any proven executions of the Spectre attack that break confinement, but I think everyone expects that's just a matter of time.
My take on this whole matter is that hyperthreading is probably a mistake. We should have gone for smaller, simpler, CPUs packed more tightly on the die to eliminate crosstalk, and make the CPUs easier to reason about. I understand reasons why this wasn't done, but I still think those were a false economy. (OTOH, this would mean each CPU would need a larger cache, because communication with main RAM would have been slower.)
Excuse me, but if there were an exploit in the wild, what evidence would you expect to see? Do you have any valid reason not to assume that the exploits are currently being exploited?
. . . . If the exploits weren't going to be exploited this month, would that make them less serious? Why or why not?
I need NXN communicating cells with hidden mutable internal state (and various other features). It's not exactly the ATOM model, but that's close. It needs to have a serial pipeline in a few places that doesn't slow down the cells feeding into the pipeline. Etc. After looking at a whole bunch of options I've nearly decided that Erlang is the best choice. I can use either the process dictionary or ets tables to hold the mutable state. It's ugly, but it seems less ugly than any other approach I've been able to come up with.
I'm saying the gods are real and exist in all humans in essentially identical potential forms which are actualized in way that derive from personal experiences. The gods are direct creations of the DNA machines that underly us, but because of this they aren't adapted to the local situations that we encounter. Which is why they need to be instantiated during development...but the instantiated instance is not the real god.
Don't think of them as "mental", or as "physical", because they exist at a lower mental layer than those concepts. If consciousness is python code, then the gods are the instructions in the python virtual machine. Not, by the way, the binary code of the python virtual machine, or the microcode of the CPU. Things we *can* be aware of are at a much higher level. We even have difficulty directly perceiving the gods, and when we do we tend to garble them, and come up with limited understanding of their more general nature.
Note that different species have evolved different virtual machines, so mapping their thought processes onto our own will never work well as a means of understanding them.
Too many languages making too many unfulfilled promises.
Personally, it looked like an OK language, but one whose parallel processing model wouldn't easily work for my purposes. It also seemed overly complex in places, but that may have reasons that aren't immediately obvious.
I don't think you understand just how much of a redesign is needed. And Intel had no reason to believe that others would know until Google told them. So that's not evidence as to when Intel learned about it...at least it doesn't pin things down very strongly. I'll grant that if they'd known about it back wen they were designing the latest round of chips they would have altered the design, but after the masks were cut and the factories readied for manufacture....that's a lot of sunk cost to just write off if you don't really need to, and the flaw had been there for generations of chips already.
So I don't thing you argument hold water...but neither does that of the GP. There isn't enough information available to decide.
Weelllll..... I don't think it's that simple going forwards. Meltdown can be ameliorated by OS patches, but it can't be fixed. Spectre, though, that's a different beast. All the systems that do speculative execution are vulnerable to Spectre. So the basic underlying design needs to be addressed.
My favorite choice would be to go for a bunch of simpler processors that didn't do hyperthreading, but using less die space so you could get more CPUs on each die, but I'm sure not expert in the field. Actually, my ideal design would also have an on-chip RAM cache for each of the "simpler" CPUs. 64K registers would be nice, but I admit that more CPUs would probably be even nicer. This design gives more isolation between each thread of execution, so it has more inherent security. Hyperthreading has always seemed to me as if it were a kludge to implement the appearance multiple CPUs, and as wonderful as most kludges.
Every chip that has speculative execution has the Spectre problem. The Meltdown problem is because the Intel chips execute code that they could know is invalid rather than detecting that it's invalid before they execute it. AFAIK, nobody but Intel has that problem.
OTOH, the entire family of weaknesses means that EVERYBODY is going to need to redesign their chips. So far Spectre hasn't been shown to be usable in a way that breaks protection, but I think everyone believes it's only a matter of time.
He almost got it right, and he would have gotten it right if he hadn't needed to fit it into the storyline.
All positions of power have the tendency to attract those who are more interested in the power than in doing the job those positions were (sometimes only ostensibly) created to fulfill.
And that is an oversimplified version, e.g. even those who are more interested in the job are also tempted to exercise the power for personal ends, and *that* becomes addictive.
And the ability to exercise violence without repercussions is a way of demonstrating the degree of power available.
There are lots of side notes and corollaries. Herbert clearly understood the principles, but the story line constrained what he could say and how he could say it. The quotations needed to be short and grabbing, where the actual detailed workings of them would be *boring*.
I don't have an answer, but the problem with Socialism is the concentration of power, so that someone gets to decide what is best for everyone else. Unfortunately, every other form of government seems to have the same flaw. And anarchy leads to war-lordism, which has the same problem.
An ideal situation would be a Socialist dictatorship of some variety where the entity controlling it was guaranteed to not be an over-controlling interfering busy-body. But that lets out every human controlled government, and we don't yet have a capable AI, much less one with the proper motivations.
No. Wealth are things that you use directly. Food, shelter, companionship, that kind of thing. Money is not wealth, it's a tool that can be used to obtain wealth. For it to be so used it depends on others being willing to accept it in exchange for actual wealth. The value of money is how much wealth you think you can get for it. I'm not sure that the value of wealth even makes sense, but if it does it would be how much money you would require in a fair trade to part with it.
Slashdot Mirror
Only if they want Linux installed. I won't agree to the MS EULA even as a proxy.
Then make it optional until it's been well field tested. Since they don't, they deserve a lot more blame than they're getting.
If it was an AMD CPU it wasn't vulnerable to Meltdown anyway. Spectre is a slightly different exploit which doesn't (currently) break permissions. Dangerous, yes, and will probably soon have an exploit designed, but that hasn't happened yet (that we know of). And the OS update doesn't protect against Spectre anyway.
How about you reformat your disk and recover from backup? I remember having to do that a couple of times. Of course that was decades ago.
It wasn't quality control that drove me away from MSWind, it was their EULA, but I've got to admit that the current quality on Linux is better than the quality was on MSWind around 2000. Can't even guess about their current quality (outside of aggravated posts, which are biased) because I won't agree to their EULA.
To be fair, a lot of the blame this time goes to Intel. I speak, however, as someone who hasn't allowed any Microsoft software on my computers in nearly two decades.
They should have spelled it "doggycoin" or "doggiecoin"...though that latter might be mistaken for cattle based coinage.
Spectre is going to require a redesign of the CPUs for everything that does speculative execution. Someone commented that it might be enough to freeze the clock during speculative execution, but to me that sounds pretty major, and potentially crippling.
OTOH, *so far* nobody has demonstrated a use of Spectre to break confinement, so it may be handleable in software. Perhaps without undue costs.
But ALL the main chips are vulnerable to Spectre. Sorry about that. (I think someone said the Rasberry Pi chip wasn't vulnerable, and there are lots of older chips that aren't vulnerable. Like the i6502, or the z80. ... Well, OK, that's a bit extreme, but I'm not sure which SMP capable chips aren't vulnerable.
Many people who know much more than I about this attack say this is a new form of attack. I can accept that timing attacks are well known, but there is something about this particular form of timing attack that was not expected by anyone that I believe to have had detailed knowledge. And those without detailed knowledge aren't in a position to have expected it, which certainly includes me. It's not just a timing attack, though that's clearly a necessary component.
IIUC (not at all sure) Trehalose is digested further down the digestive tract than is sucrose. They also seem to imply that only some people have the enzymes needed to digest it.
I tend to consider that to be due to a "safe" level of multiple pesticide residues rather than to mainly be due to insufficiently tested food additives. Not saying there can't be interactions between the two phenomena.
Just because overuse of antibiotics is the primary cause of many problems doesn't make that the primary cause of all problems. Vaguely tested food additives are also the primary cause of many problems, and this may well be one of them.
IIUC, there actually *is* a possible microcode fix...but the cost would be greater time delays than the software patch causes. Basically, with the current chip design you would need to disable speculative execution at all times.
The software patch is actually better, even though not good.
I read that as "Is Intel going to be having this same design flaw in the next chip design released?". A valid question, and only rhetorical because nobody expects Intel to give an answer.
Yes, Meltdown is the result of a mistake in design. But it wasn't (or doesn't appear to have been) a *known* mistake in design. These cross-channel timing attacks are a new mode of attack. An, IIUC, essentially all CPUs that do speculative execution may be vulnerable. (I.e., Spectre.) There aren't *yet* any proven executions of the Spectre attack that break confinement, but I think everyone expects that's just a matter of time.
My take on this whole matter is that hyperthreading is probably a mistake. We should have gone for smaller, simpler, CPUs packed more tightly on the die to eliminate crosstalk, and make the CPUs easier to reason about. I understand reasons why this wasn't done, but I still think those were a false economy. (OTOH, this would mean each CPU would need a larger cache, because communication with main RAM would have been slower.)
Excuse me, but if there were an exploit in the wild, what evidence would you expect to see?
Do you have any valid reason not to assume that the exploits are currently being exploited?
. . . .
If the exploits weren't going to be exploited this month, would that make them less serious? Why or why not?
I need NXN communicating cells with hidden mutable internal state (and various other features). It's not exactly the ATOM model, but that's close. It needs to have a serial pipeline in a few places that doesn't slow down the cells feeding into the pipeline. Etc. After looking at a whole bunch of options I've nearly decided that Erlang is the best choice. I can use either the process dictionary or ets tables to hold the mutable state. It's ugly, but it seems less ugly than any other approach I've been able to come up with.
I'm saying the gods are real and exist in all humans in essentially identical potential forms which are actualized in way that derive from personal experiences. The gods are direct creations of the DNA machines that underly us, but because of this they aren't adapted to the local situations that we encounter. Which is why they need to be instantiated during development...but the instantiated instance is not the real god.
Don't think of them as "mental", or as "physical", because they exist at a lower mental layer than those concepts. If consciousness is python code, then the gods are the instructions in the python virtual machine. Not, by the way, the binary code of the python virtual machine, or the microcode of the CPU. Things we *can* be aware of are at a much higher level. We even have difficulty directly perceiving the gods, and when we do we tend to garble them, and come up with limited understanding of their more general nature.
Note that different species have evolved different virtual machines, so mapping their thought processes onto our own will never work well as a means of understanding them.
Too many languages making too many unfulfilled promises.
Personally, it looked like an OK language, but one whose parallel processing model wouldn't easily work for my purposes. It also seemed overly complex in places, but that may have reasons that aren't immediately obvious.
I don't think you understand just how much of a redesign is needed. And Intel had no reason to believe that others would know until Google told them. So that's not evidence as to when Intel learned about it...at least it doesn't pin things down very strongly. I'll grant that if they'd known about it back wen they were designing the latest round of chips they would have altered the design, but after the masks were cut and the factories readied for manufacture....that's a lot of sunk cost to just write off if you don't really need to, and the flaw had been there for generations of chips already.
So I don't thing you argument hold water...but neither does that of the GP. There isn't enough information available to decide.
Weelllll..... I don't think it's that simple going forwards. Meltdown can be ameliorated by OS patches, but it can't be fixed. Spectre, though, that's a different beast. All the systems that do speculative execution are vulnerable to Spectre. So the basic underlying design needs to be addressed.
My favorite choice would be to go for a bunch of simpler processors that didn't do hyperthreading, but using less die space so you could get more CPUs on each die, but I'm sure not expert in the field. Actually, my ideal design would also have an on-chip RAM cache for each of the "simpler" CPUs. 64K registers would be nice, but I admit that more CPUs would probably be even nicer. This design gives more isolation between each thread of execution, so it has more inherent security. Hyperthreading has always seemed to me as if it were a kludge to implement the appearance multiple CPUs, and as wonderful as most kludges.
Every chip that has speculative execution has the Spectre problem. The Meltdown problem is because the Intel chips execute code that they could know is invalid rather than detecting that it's invalid before they execute it. AFAIK, nobody but Intel has that problem.
OTOH, the entire family of weaknesses means that EVERYBODY is going to need to redesign their chips. So far Spectre hasn't been shown to be usable in a way that breaks protection, but I think everyone believes it's only a matter of time.
He almost got it right, and he would have gotten it right if he hadn't needed to fit it into the storyline.
All positions of power have the tendency to attract those who are more interested in the power than in doing the job those positions were (sometimes only ostensibly) created to fulfill.
And that is an oversimplified version, e.g. even those who are more interested in the job are also tempted to exercise the power for personal ends, and *that* becomes addictive.
And the ability to exercise violence without repercussions is a way of demonstrating the degree of power available.
There are lots of side notes and corollaries. Herbert clearly understood the principles, but the story line constrained what he could say and how he could say it. The quotations needed to be short and grabbing, where the actual detailed workings of them would be *boring*.
I don't have an answer, but the problem with Socialism is the concentration of power, so that someone gets to decide what is best for everyone else. Unfortunately, every other form of government seems to have the same flaw. And anarchy leads to war-lordism, which has the same problem.
An ideal situation would be a Socialist dictatorship of some variety where the entity controlling it was guaranteed to not be an over-controlling interfering busy-body. But that lets out every human controlled government, and we don't yet have a capable AI, much less one with the proper motivations.
And how do you feel about "ATM machine"?
No. Wealth are things that you use directly. Food, shelter, companionship, that kind of thing. Money is not wealth, it's a tool that can be used to obtain wealth. For it to be so used it depends on others being willing to accept it in exchange for actual wealth. The value of money is how much wealth you think you can get for it. I'm not sure that the value of wealth even makes sense, but if it does it would be how much money you would require in a fair trade to part with it.