It isn't possible all these people independently "discovered" a 20 year old flaw at the same time. Think about it. Google supposedly discovered it six months ago. I don't believe it.
I don't think you understand: Meltdown can only be fixed by replacing your Intel processor. There are mitigation steps in software, but it is not possible to fix.
I think people still don't understand: there is no "fix" for Meltdown other than to replace your Intel chip with another one that doesn't have this flaw. The software patches are just mitigation, but they won't fix this issue.
Exactly. As CERT originally said, the only solution is to replace your Intel processor:
Solution
Replace CPU hardware
The underlying vulnerability is primarily caused by CPU architecture design choices. Fully removing the vulnerability requires replacing vulnerable CPU hardware.
Exactly. What is interesting is that Intel apparently got to CERT and made them change their solution from "replace the hardware" to "apply updates". Look at the difference between the two notifications:
Here is your executive summary: your Intel chip has a flaw that allows any program to read memory it isn't supposed to. As CERT said, the only fix is to replace the hardware:
Meltdown cannot be fixed in microcode or software. There are already programs out there that exploit it. It affects all modern Intel processors. The fixes just mitigate the problem. You are talking about Spectre.
I don't know if they help with the performance loss, or even what the performance loss really is. I'm not an expert, but I do know this isn't fixable in software or microcode. The explanation of the flaw makes this clear. I am talking about the Intel flaw though, not the other one.
You can make it harder to exploit, but the flaw is in the hardware and is fundamental to the Intel architecture. At this point if you are really worried about it you need to replace all your Intel processors that contain this flaw with ones that do not.
It isn't possible. Intel is desperate to spin this story. There is no software solution to this flaw, but there are mitigation steps that can be done in software.
Wrong. You cannot fix this flaw using software or microcode. The only way to fix this is to replace the flawed microprocessor. The fixes being released just mitigate the threat.
The short story is that there is no fix to stop any process from reading the entire memory contents of the machine. You need to replace the Intel processor with processor that doesn't have this flaw to fix this problem.
He is wrong. There are already PoC available that demonstrate "breaking out of a web browser". There is nothing magical about a web browser. It is just a program like any other.
Don't be confused. Intel is lying. As CERT just announced the only solution to this fix is to replace the processor. The software fixes are just workarounds that make it more difficult.
Do you visit websites? You are running code. That code can be malicious. And don't say "I only visit trusted sites". Those sites can be compromised. You don't need to click on an ad to run JavaScript.
It isn't possible all these people independently "discovered" a 20 year old flaw at the same time. Think about it. Google supposedly discovered it six months ago. I don't believe it.
I don't think you understand: Meltdown can only be fixed by replacing your Intel processor. There are mitigation steps in software, but it is not possible to fix.
I think people still don't understand: there is no "fix" for Meltdown other than to replace your Intel chip with another one that doesn't have this flaw. The software patches are just mitigation, but they won't fix this issue.
You cannot spend money to "upgrade" your system. Your Intel processors are flawed and there is no fixed version of the processor available.
I always wonder why people lie about this. The CVSS is not a 1.5. Your link even proves you wrong. How is it overblown? This is a huge issue.
Exactly. As CERT originally said, the only solution is to replace your Intel processor:
Solution
Replace CPU hardware
The underlying vulnerability is primarily caused by CPU architecture design choices. Fully removing the vulnerability requires replacing vulnerable CPU hardware.
Forget about Spectre. Meltdown is an Intel flaw that cannot be fixed without replacing the processor.
Exactly. What is interesting is that Intel apparently got to CERT and made them change their solution from "replace the hardware" to "apply updates". Look at the difference between the two notifications:
Original CERT notification:
https://webcache.googleusercon...
Replaced CERT notification:
https://www.kb.cert.org/vuls/i...
Here is your executive summary: your Intel chip has a flaw that allows any program to read memory it isn't supposed to. As CERT said, the only fix is to replace the hardware:
https://webcache.googleusercon...
Meltdown cannot be fixed in microcode or software. There are already programs out there that exploit it. It affects all modern Intel processors. The fixes just mitigate the problem. You are talking about Spectre.
They can't disable speculative executions. That would take us back to the stone age.
I don't know if they help with the performance loss, or even what the performance loss really is. I'm not an expert, but I do know this isn't fixable in software or microcode. The explanation of the flaw makes this clear. I am talking about the Intel flaw though, not the other one.
You can make it harder to exploit, but the flaw is in the hardware and is fundamental to the Intel architecture. At this point if you are really worried about it you need to replace all your Intel processors that contain this flaw with ones that do not.
It isn't possible. Intel is desperate to spin this story. There is no software solution to this flaw, but there are mitigation steps that can be done in software.
Wrong. You cannot fix this flaw using software or microcode. The only way to fix this is to replace the flawed microprocessor. The fixes being released just mitigate the threat.
Actually Google has a really good overview: https://googleprojectzero.blog...
The short story is that there is no fix to stop any process from reading the entire memory contents of the machine. You need to replace the Intel processor with processor that doesn't have this flaw to fix this problem.
They are trying to use damage control to stop the falling stock price.
He is wrong. There are already PoC available that demonstrate "breaking out of a web browser". There is nothing magical about a web browser. It is just a program like any other.
Don't be confused. Intel is lying. As CERT just announced the only solution to this fix is to replace the processor. The software fixes are just workarounds that make it more difficult.
How would a kernel know what is your gmail password and what is your grocery list?
Thanks Intel.
All hardware is "shared". Javascript in your browser can read other processes memory. You aren't safe. Any website can exploit this.
It already has. It begins by losing "p"'s. Hel !
Yes. It means you can read the contents. Google has a good overview of the bug and has proven that it works.
Do you visit websites? You are running code. That code can be malicious. And don't say "I only visit trusted sites". Those sites can be compromised. You don't need to click on an ad to run JavaScript.