This article doesn't have great references, but does state that Itanium isn't impacted. I'd be surprised if it's horrible EPIC architecture is vulnerable in the same ways. I'd also be surprised if it doesn't have a zillion other problems, but it's unlikely anyone cares enough at this point to uncover them. EPIC was an extreme take on "fuck ASM coders, let the compiler do the work." and the ASM coders won by default.
Anyone know how this affects really strange x86 CPUs like the Transmeta Crusoe, or VIA stuff? I'm also curious about MIPS, HPPA, Alpha, VAX, and POWER.
I think he's calling bullshit. Meaning hand-waving is not the same as having-shit-to-back-up-what-you-say-right-fucking-now. So, where is the code to said exploit?
No, it had squat for impact because it was bullshit. I'm guessing you weren't there. It was much ado about nothing, not because "people did work" to mitigate it, but because it was a bullshit media circus to begin with.
My firewalls and NIDS sure would thank you. If they have such a wonderful setup over there, why not just make the "Great Wall" the Great Cliff and just go ahead and fuck off forever? The rest of the internet would be cheering for joy, trust me.
Not really.... only sometimes. I definitely remember days where flaws followed up minutes, hours, or days later with REAL exploits. The rpc.statd exploits were that way and so were Samba 2.x flaws. It didn't take 11 months for someone to "unwrap the onion", more like 11 minutes for actual flaws that aren't made up of pure fear and unicorn farts.
Well, running thousands of Internet-legal IP hosts, managing firewalls & NIDS across dozens of sites globally, and finally having a shitton of Intel servers gives me at least some idea. Is some uber-hacker sitting on a secret unused megaspoit? Sure, maybe, or maybe they have an even worse method. However, that's an argument like "How do you know there is no God?" It's tough to disprove anything completely. However, some of us are pragmatists and not "security experts" with vivid imaginations about what "might" happen. My whole point is that all these "potential" problems haven't amounted to enough of an actual real exploitable problem to get so excited that we have a collective freakout. In fact, they haven't resulted in hardly any fallout at all besides security circle-jerks and finger wagging. Where's the spoits!? (said like "Where's the BEEF?"). I'm saying "let's all ignore security" either. It's just that you can only talk shit and wave your arms for so long before at least some of the people in the room walk off and say "Fuck this. You guys are whining, hand-wringing, pussies. I have real work to do."
A potential vulnerability is one that has or shows the capacity to become or develop into something in the future. An actual one exists right now. Did someone block dictionary.com for you or something?
"If you do nothing, it'll be definitely catastrophic." I hear this argument a lot these days. Still sounds like bullshit. Nobody gets rich betting on the end of the world.
That'd be all fancy and nice and smart-debater-like if that actually had anything to do with my actual point. I never said I didn't understand it or that I can't understand how it could happen. So, that makes your entire post moot and totally ridiculous. Try re-reading your Wikipedia list of logical fallacies before you post more tripe.
Didn't say I didn't understand. I said it's histrionic bullshit until one of these 4-5 "severe flaws" produces some significant non-whitepaper non-researcher impact. The fact is that they haven't.
No, I'm not saying take no action, I'm saying don't tell me it's the end of computing unless it really is. Quit acting like all these *potential* vulnerabilities amount to anything but a "possible fear". They aren't fully-formed threats, they are nebulous bullshit until they can be shown to be something else. Also, this shit has been going on all through 2018 if it's so bad that we all need to prepare so much, then why haven't ANY of these flaws really resulted in 4/5ths of 5/8ths of FUCK ALL?
"Alexa, what is mom getting me for Christmas?"
"Hey Google, what was Dad doing to Mom last night?"
"Alexa, send me a six-pack of rubbers."
"Alexa, show me all the tobacco vaping products I can buy right now."
"Hey NEST theromstat, please record all mom's conversations today and save to 'momsaid.txt' on my phone."
Spectre, Meltdown, a few others I forgot, and now this one. Okay security fearmongering douches, I just have one fucking question. If all this shit is so bad, where are the exploits for SSH? The phrases "tempest in a teapot" and "much ado about bullshit" come to mind. Why aren't there worms ravaging the internet and pwning every intel-based router and host machine on the net? Perhaps because all these TLB exploits and crypto hand wringing make for much better copy on some wired article than they make research material for real exploits. Send all the fucking links to "whitepapers' you want, but nobody has a fucking leg to stand on until there is some real fallout here, and it's just not materializing.
I can't remember, no. Probably because Fedora already sucked ass before systemd. They've been a kitchen-sink GNOME / Let's-turn-Linux-Into-WinNT distro choice of assholes way before systemd came along to poison the rest of the Linux environment. However, they did cheerlead it more than anyone else, for which I'll never forgive them. However, it doesn't matter much since, as I mentioned we already hated each other well before they hopped on Pottering's dick.
Is that why you posted as a Coward? Because "everyone agrees". Most clueful Linux users bailed to BSD or Devuan post-Systemd. So maybe... but I seriously fucking doubt it.
You are completely fucking wrong. It uses unit files to define boot behavior, not "C libraries". Unit files can callout to scripts, but have very little logic embedded in them. The whole idea is that if they take some of your toys away (init + shell scripts) you'll be less likely to screw things up. Unit files are pretty much identical to Windows.ini files. They use a section header, followed by key value pairs. This is much less flexible and functional versus using shell scripts (which could already call "common things and any language", in fact that's basically the whole point of shell script, you fucking dumbass coward). In systemd if you need some kind of logic, you are faced with trying to define the condition in a unit file that has no Turing-style logic, or bake in yet-another-step-to-follow as it calls out some random script in some random language (often some shitty back-trace generating Python crap). You might want to actually learn about systemd before you go sucking it's dick.
haha! Excellent. Spot on. You forgot about the inclusion of the 'sjw' CLI tool also from the Pottering/Fedora crusaders. It searches your system for any racist or mysogynistic binaries (things like 'touch', 'finger', or 'grep') and overwrites them with copies of Das Capital.
Well the trouble is that we *do* have a fucked up distribution of wealth. I'm sure the wealthy don't think so, but when enough average folks do, the society has a problem. If democracy can't deliver the goods, then people will be tempted to turn to right-wing strong-men demagogues like Hitler & Mussolini or left-wing socialists & communists like Pol Pot, Stalin, Chavez, or Mao. So, I'm a bit afraid that if people stand back and hand-wring over the poor rich people and their pet corporations for too long, then things will get bad enough to create a space for the worst kind of politics. The idea that if we just make sure government is broken by partisanship that nothing bad can happen is equal to burying one's head in the sand. People will keep voting "change" until they get it, or they vote in a tyrant who takes the vote from them. That's the simple message of all the recent elections that have thrust forward extreme candidates into power.
Well, it's true enough. I didn't even look at their hardware. You missed or ignored the fact that I don't give a fuck what they are selling since I find them to be personally annoying. I don't look at BMW's either. They can put 1000 HP in one and I still think they almost all look like a car mom drives when the minivan is broken down. Other things matter besides performance. For example, my co-worker has a System76 laptop and it's build quality is terrible plasticy crap (and it's ugly as homemade sin). They aren't *even* on the level of a Thinkpad, regardless of if they are 2012 or 1998 editions.
Slashdot Mirror
Pandemic virus that kills only a certain race? No problem. Live to 1000 years old? Sure, man. As long as you have the cash, it's a brave new world.
This article doesn't have great references, but does state that Itanium isn't impacted. I'd be surprised if it's horrible EPIC architecture is vulnerable in the same ways. I'd also be surprised if it doesn't have a zillion other problems, but it's unlikely anyone cares enough at this point to uncover them. EPIC was an extreme take on "fuck ASM coders, let the compiler do the work." and the ASM coders won by default.
Wrong. You can't exploit speculative execution on a CPU that doesn't have it.
Anyone know how this affects really strange x86 CPUs like the Transmeta Crusoe, or VIA stuff? I'm also curious about MIPS, HPPA, Alpha, VAX, and POWER.
I think he's calling bullshit. Meaning hand-waving is not the same as having-shit-to-back-up-what-you-say-right-fucking-now. So, where is the code to said exploit?
No, it had squat for impact because it was bullshit. I'm guessing you weren't there. It was much ado about nothing, not because "people did work" to mitigate it, but because it was a bullshit media circus to begin with.
My firewalls and NIDS sure would thank you. If they have such a wonderful setup over there, why not just make the "Great Wall" the Great Cliff and just go ahead and fuck off forever? The rest of the internet would be cheering for joy, trust me.
Not really.... only sometimes. I definitely remember days where flaws followed up minutes, hours, or days later with REAL exploits. The rpc.statd exploits were that way and so were Samba 2.x flaws. It didn't take 11 months for someone to "unwrap the onion", more like 11 minutes for actual flaws that aren't made up of pure fear and unicorn farts.
Well, running thousands of Internet-legal IP hosts, managing firewalls & NIDS across dozens of sites globally, and finally having a shitton of Intel servers gives me at least some idea. Is some uber-hacker sitting on a secret unused megaspoit? Sure, maybe, or maybe they have an even worse method. However, that's an argument like "How do you know there is no God?" It's tough to disprove anything completely. However, some of us are pragmatists and not "security experts" with vivid imaginations about what "might" happen. My whole point is that all these "potential" problems haven't amounted to enough of an actual real exploitable problem to get so excited that we have a collective freakout. In fact, they haven't resulted in hardly any fallout at all besides security circle-jerks and finger wagging. Where's the spoits!? (said like "Where's the BEEF?"). I'm saying "let's all ignore security" either. It's just that you can only talk shit and wave your arms for so long before at least some of the people in the room walk off and say "Fuck this. You guys are whining, hand-wringing, pussies. I have real work to do."
A potential vulnerability is one that has or shows the capacity to become or develop into something in the future. An actual one exists right now. Did someone block dictionary.com for you or something?
"If you do nothing, it'll be definitely catastrophic." I hear this argument a lot these days. Still sounds like bullshit. Nobody gets rich betting on the end of the world.
Link, asshole. Link? Funny cause Googling: "remote root exploit openssh spectre meltdown side channel tlb" doesn't return anything useful.
Well, my mom is dead, so I hope you like necrophilia, Mr Coward.
That'd be all fancy and nice and smart-debater-like if that actually had anything to do with my actual point. I never said I didn't understand it or that I can't understand how it could happen. So, that makes your entire post moot and totally ridiculous. Try re-reading your Wikipedia list of logical fallacies before you post more tripe.
Didn't say I didn't understand. I said it's histrionic bullshit until one of these 4-5 "severe flaws" produces some significant non-whitepaper non-researcher impact. The fact is that they haven't.
The reality of 2018 is that they have had SQUAT for impact. Hand wave and fear dance all you want, but that's the reality.
No, I'm not saying take no action, I'm saying don't tell me it's the end of computing unless it really is. Quit acting like all these *potential* vulnerabilities amount to anything but a "possible fear". They aren't fully-formed threats, they are nebulous bullshit until they can be shown to be something else. Also, this shit has been going on all through 2018 if it's so bad that we all need to prepare so much, then why haven't ANY of these flaws really resulted in 4/5ths of 5/8ths of FUCK ALL?
"Alexa, what is mom getting me for Christmas?"
"Hey Google, what was Dad doing to Mom last night?"
"Alexa, send me a six-pack of rubbers."
"Alexa, show me all the tobacco vaping products I can buy right now."
"Hey NEST theromstat, please record all mom's conversations today and save to 'momsaid.txt' on my phone."
Spectre, Meltdown, a few others I forgot, and now this one. Okay security fearmongering douches, I just have one fucking question. If all this shit is so bad, where are the exploits for SSH? The phrases "tempest in a teapot" and "much ado about bullshit" come to mind. Why aren't there worms ravaging the internet and pwning every intel-based router and host machine on the net? Perhaps because all these TLB exploits and crypto hand wringing make for much better copy on some wired article than they make research material for real exploits. Send all the fucking links to "whitepapers' you want, but nobody has a fucking leg to stand on until there is some real fallout here, and it's just not materializing.
I can't remember, no. Probably because Fedora already sucked ass before systemd. They've been a kitchen-sink GNOME / Let's-turn-Linux-Into-WinNT distro choice of assholes way before systemd came along to poison the rest of the Linux environment. However, they did cheerlead it more than anyone else, for which I'll never forgive them. However, it doesn't matter much since, as I mentioned we already hated each other well before they hopped on Pottering's dick.
Is that why you posted as a Coward? Because "everyone agrees". Most clueful Linux users bailed to BSD or Devuan post-Systemd. So maybe... but I seriously fucking doubt it.
You are completely fucking wrong. It uses unit files to define boot behavior, not "C libraries". Unit files can callout to scripts, but have very little logic embedded in them. The whole idea is that if they take some of your toys away (init + shell scripts) you'll be less likely to screw things up. Unit files are pretty much identical to Windows .ini files. They use a section header, followed by key value pairs. This is much less flexible and functional versus using shell scripts (which could already call "common things and any language", in fact that's basically the whole point of shell script, you fucking dumbass coward). In systemd if you need some kind of logic, you are faced with trying to define the condition in a unit file that has no Turing-style logic, or bake in yet-another-step-to-follow as it calls out some random script in some random language (often some shitty back-trace generating Python crap). You might want to actually learn about systemd before you go sucking it's dick.
haha! Excellent. Spot on. You forgot about the inclusion of the 'sjw' CLI tool also from the Pottering/Fedora crusaders. It searches your system for any racist or mysogynistic binaries (things like 'touch', 'finger', or 'grep') and overwrites them with copies of Das Capital.
Well the trouble is that we *do* have a fucked up distribution of wealth. I'm sure the wealthy don't think so, but when enough average folks do, the society has a problem. If democracy can't deliver the goods, then people will be tempted to turn to right-wing strong-men demagogues like Hitler & Mussolini or left-wing socialists & communists like Pol Pot, Stalin, Chavez, or Mao. So, I'm a bit afraid that if people stand back and hand-wring over the poor rich people and their pet corporations for too long, then things will get bad enough to create a space for the worst kind of politics. The idea that if we just make sure government is broken by partisanship that nothing bad can happen is equal to burying one's head in the sand. People will keep voting "change" until they get it, or they vote in a tyrant who takes the vote from them. That's the simple message of all the recent elections that have thrust forward extreme candidates into power.
Well, it's true enough. I didn't even look at their hardware. You missed or ignored the fact that I don't give a fuck what they are selling since I find them to be personally annoying. I don't look at BMW's either. They can put 1000 HP in one and I still think they almost all look like a car mom drives when the minivan is broken down. Other things matter besides performance. For example, my co-worker has a System76 laptop and it's build quality is terrible plasticy crap (and it's ugly as homemade sin). They aren't *even* on the level of a Thinkpad, regardless of if they are 2012 or 1998 editions.