You will see roughly 1/5th the performance, if you eliminate all speculation and OOO Execution. (Which means 1/5th the battery life in a mobile device.)
The notion that giving up speculative execution is a reasonable option is deeply flawed.
We need to fix it so that information cannot leak via timing attacks.
Practically speaking we may only be able to reduce the bit rate of the leaks to something very slow, and in combination increasing the size of the secrets we are trying to protect. This will have the effect that meaningful secrets will take years to leak.
Perhaps it might be a good idea to figure out (and fix) the underlying reasons prompting developers to swear in comments.
As an aside, One late evening, I once constructed an sql query to look for a variety of swear words in the bug database used at Alias (before Autodesk bought us) -- Amon several, one stood out. It was originally opened by a customer (working in New Zealand on some small films made there -- something about a ring or whatever). It was epic in its use of invective. It tore a strip off of the software and the cretins who had written it (myself included, but not specifically named). The author had been hired and was working at Alias at the time of my query (this was a few years later) (Hi Dave:-) ). We had some fun passing the link to the bug report around.
"Includes a reserve" What reserve? Does it comply with the reserve requirements for IFR flight? (You have to be able to fly to the planned destination, from there to a designated alternative, and from the alternative for another 30 minutes (at endurance power)). VFR rules are to planned destination plus 45 minutes at endurance power.
(This will also have to be able to maintain a positive rate of climb (and remain controllable) at full load, and at full fore & aft C of G with an engine out)
10.13 works fine with 32 bit apps and processes. I'm running 10.13.2, and Activity monitor shows MS word is a 32 bit App running fine. (MS Word 2011 v14.7.7)
That may be true, but it looks like a change to the WAP can prevent the attack too --- It would be good for someone like Apple to patch their router firmware as well as the clients. That way your macbook can be fairly safe regardless of where you connect it, and your unpatched IoT things strewn about the house can also be secure -- so long as they only connect to your patched router/WAP..
I still wouldn't trust my life to a Quadro -- are all the caches and registers ECC protected? Are all the internal data paths fault tolerant? What happens to performance when an error is detected/corrected? What happens when an uncorrectable error is encountered? If there is a failure, can you determine its cause?
These are things to be concerned about in a hard real-time system like controlling a few tons of steel moving along with significant kinetic energy containing and nearby squishy, fragile meat bags who believe they are self-aware.
These are mostly irrelevant to a GPU producing pretty pictures on a display or two.
Unlike a GPU where a memory error or an ALU or register bit flip might result in a 1 frame glitch, or at worst a frozen GPU, requiring a reboot, failures in this hardware will kill people.
I hope they have ECC on everything, and redundancy everywhere -- possibly a space-shuttle like voting system where multiple computers are fed the same input, and if they don't produce the same output, a majority wins approach is taken.
It should also have very detailed logging -- so every decision taken can be traced, so when there is an accident, a proper root cause analysis can be performed, and corrective measures instituted.
NVidia as a company has a great track record for being on the cutting edge of technology -- but no track record at all for making safety critical systems. That cutting edge will cause people to bleed if they don't get this right.
Of course I could have easily confused them with some other anti-malware vendor when it comes to their advertising -- many of them seem to be pretty scummy - just skimming the border of drive-by installs, piggybacking on other installs (looking at *you* Adobe) etc.
It certainly seemed that way given how they advertised.
It seems that most anti-virus programs slow your machine down more than the malware than they purport to protect you from - and they're as damaging to your privacy too.
I'm not at all clear on what value they bring to the table.
This is as crazy as having closed source software determine guilt (think breathalyser, radar gun etc) -- which means it is probably inevitable.
In the legal system, on every encounter with an object running code, (firmware or otherwise) an accused party should move for discovery and expert analysis of said code, and how it was developed.
Were they using best-practices? Running valgrind? (lets see the exception list) Address-sanitizer, theread-sanitizer, clang static analyser? etc.. Do they have unit tests? Do they track code coverage of those tests? (it had better be 100% across the board)
Even using all the latest tools and with plenty of unit tests with good coverage, there are still bugs.
Or do they have a measure of just how insecure or damaged a person is? (That probably requires many axis)
They probably use celebrities as canonical examples;
How Damaged on a scale of 0 to 1.0 Lindsay Lohans How much drugs abused on a scale of 0 to 1.0 Keith Richards (anything over 0.3 on that scale would kill the average human) etc...:-)
Considerable amusement awaits when defining other measures:-)
How is this table implemented? I don't know. If it is (as I suspect) CAM, it is likely hardwired (in an ASIC) for speed -- that's why you use CAM.
If the mitigation strategy I mentioned above (or some other) is not feasible, it does not look good. In any event, because the firmware on these Modems (even when owned by the end user) are not under customer control (they can only be updated by the cable provider), it's very likely that the majority of these devices will never have their firmware updated, even if there eventually is an update to fix these problems (and this is not the only problem with Puma 6).
In my case in particular, I use TekSavvy in Toronto -- but Rogers cable is the last mile provider, and they will not lift a finger to help an independent ISP or their customers. But they control the firmware that runs on *my* modem. There is something fundamentally wrong about that.
NO This has *Nothing* to do with the gateway capabilities and everything to do with the Cable Modem part of Puma 6. I have been able to hang my Hitron CDA-3 modem (no router/gateway or WiFi in it) by spraying it. Haven't found the magic reboot pattern, but its early yet.
There is apparently a packet spray pattern that causes the CableModem (CM) portion of the Puma 6 to reboot. (likely segfault) The CM on a puma 6 is run by an ARM Cpu (not the x86 atom), the problem is with broken hardware optimization -- specifically the overflow handling on a fairly small table (2032 entry) likely built of CAM (content addressable memory) intended to accelerate external/internal mappings. That table has entries inserted when any packet arrives with a new address. Spew enough packets from enough different addresses and the table overflows -- that overflow requires (slow) processing to handle.
Disabling the accelerator caps bandwidth to ~60Mbps, and the DoS attack is mitigated.
But the fact that there is a pattern of (external) packets that *crashes* the CM indicates a potential vulnerability in the CM firmware that would allow a complete takeover of the CM OS.
That would be a global disaster.
One proposed mitigation is to use software mapping for packets from external sources and only add mappings to that small table for packets from the LAN side (not the WAN). This would probably have minimal impact for most -- capping speeds to 60Mbps on connections until a packet originating from the LAN side of things has gone through the device.
But a hostile (and clever enough) hacker may still be able to trick the device into crashing and exposing it to takeover if they can run software on both sides of the device (LAN and WAN) attacking it from both simultaneously.
The Puma 6 is a bit of a debacle -- it may very well have to be recalled.
It says 2017, but that might be misleading -- it does not fully support C++x14 (release notes say "better" x14 support. I'd like to see "full x14 compliance & support"). And they're a ways from full x17 support.
This is in Ontario Canada. This is most definitely not an "at-will" jurisdiction when it comes to employment. The Ontario Labour Relations Act applies, along with common law. (The entitlements written down are not what applies -- it is what is "usual and customary" that applies in Ontario for severance compensation -- and that is *much* more generous than what is written in the legislation.)
Anyone subject to severance (of any kind) in Ontario should consult with a lawyer experienced with the practice of employment law in Ontario before signing anything.
I think organ donation should be opt-out. And if you have opted out, you are ineligible to receive an organ transplant. (With at least a 12 month waiting period after opting back in.)
Further, there should be a 3 month waiting period to effect an opt-out. No opting out and then killing yourself out of spite, or having next-of-kin object to an accident victim who has not opted out from donating organs & tissue.
From what I've read, this would solve the organ shortage in most regions.
There are a number of alternatives -- flushing the BTB on ring switch seems a reasonable starting point. It should eliminate most privilege escalations. Making the address randomization affect bits outside the range seen by the BTB indexing scheme would also make the attack much more difficult. This would require some non-trivial OS kernel changes
The BTBs themselves can be multi-level and pretty large -- they could form part of a process context, but they'd add several kbytes to it. There is no hardware support to save/restore this resource, and it'd have to be *fast* to be of any use. For paranoid people, flushing the BTB on every process (not thread) switch would pretty much stop this attack in its tracks, with a small performance penalty.
It's not clear that making the BTB part of the process context would make things faster overall -- you'd get better prediction, and worse ctx switch overhead. It's not clear to me which would win.
Slashdot Mirror
You will see roughly 1/5th the performance, if you eliminate all speculation and OOO Execution.
(Which means 1/5th the battery life in a mobile device.)
The notion that giving up speculative execution is a reasonable option is deeply flawed.
We need to fix it so that information cannot leak via timing attacks.
Practically speaking we may only be able to reduce the bit rate of the leaks to something very slow, and in combination increasing the size of the secrets we are trying to protect. This will have the effect that meaningful secrets will take years to leak.
Perhaps it might be a good idea to figure out (and fix) the underlying reasons prompting developers to swear in comments.
As an aside, One late evening, I once constructed an sql query to look for a variety of swear words in the bug database used at Alias (before Autodesk bought us) -- Amon several, one stood out. It was originally opened by a customer (working in New Zealand on some small films made there -- something about a ring or whatever). It was epic in its use of invective. It tore a strip off of the software and the cretins who had written it (myself included, but not specifically named). The author had been hired and was working at Alias at the time of my query (this was a few years later) (Hi Dave :-) ). We had some fun passing the link to the bug report around.
"Includes a reserve" What reserve? Does it comply with the reserve requirements for IFR flight? (You have to be able to fly to the planned destination, from there to a designated alternative, and from the alternative for another 30 minutes (at endurance power)). VFR rules are to planned destination plus 45 minutes at endurance power.
(This will also have to be able to maintain a positive rate of climb (and remain controllable) at full load, and at full fore & aft C of G with an engine out)
10.13 works fine with 32 bit apps and processes. I'm running 10.13.2, and Activity monitor shows MS word is a 32 bit App running fine. (MS Word 2011 v14.7.7)
That may be true, but it looks like a change to the WAP can prevent the attack too --- It would be good for someone like Apple to patch their router firmware as well as the clients. That way your macbook can be fairly safe regardless of where you connect it, and your unpatched IoT things strewn about the house can also be secure -- so long as they only connect to your patched router/WAP..
I still wouldn't trust my life to a Quadro -- are all the caches and registers ECC protected? Are all the internal data paths fault tolerant? What happens to performance when an error is detected/corrected?
What happens when an uncorrectable error is encountered? If there is a failure, can you determine its cause?
These are things to be concerned about in a hard real-time system like controlling a few tons of steel moving along with significant kinetic energy containing and nearby squishy, fragile meat bags who believe they are self-aware.
These are mostly irrelevant to a GPU producing pretty pictures on a display or two.
Apparently it is targeting ASIL-D
https://en.wikipedia.org/wiki/...
https://en.wikipedia.org/wiki/...
So they are at least not unaware of the safety implications. Still would be a shame for a stray cosmic ray to kill someone...
Unlike a GPU where a memory error or an ALU or register bit flip might result in a 1 frame glitch, or at worst a frozen GPU, requiring a reboot, failures in this hardware will kill people.
I hope they have ECC on everything, and redundancy everywhere -- possibly a space-shuttle like voting system where multiple computers are fed the same input, and if they don't produce the same output, a majority wins approach is taken.
It should also have very detailed logging -- so every decision taken can be traced, so when there is an accident, a proper root cause analysis can be performed, and corrective measures instituted.
NVidia as a company has a great track record for being on the cutting edge of technology -- but no track record at all for making safety critical systems. That cutting edge will cause people to bleed if they don't get this right.
Of course I could have easily confused them with some other anti-malware vendor when it comes to their advertising -- many of them seem to be pretty scummy - just skimming the border of drive-by installs, piggybacking on other installs (looking at *you* Adobe) etc.
CCleaner wasn't malware all along?
It certainly seemed that way given how they advertised.
It seems that most anti-virus programs slow your machine down more than the malware than they purport to protect you from - and they're as damaging to your privacy too.
I'm not at all clear on what value they bring to the table.
Long answer Nooooooooooooooo!!!!!!
This is as crazy as having closed source software determine guilt (think breathalyser, radar gun etc) -- which means it is probably inevitable.
In the legal system, on every encounter with an object running code, (firmware or otherwise) an accused party should move for discovery and expert analysis of said code, and how it was developed.
Were they using best-practices? Running valgrind? (lets see the exception list) Address-sanitizer, theread-sanitizer, clang static analyser? etc..
Do they have unit tests? Do they track code coverage of those tests? (it had better be 100% across the board)
Even using all the latest tools and with plenty of unit tests with good coverage, there are still bugs.
Or do they have a measure of just how insecure or damaged a person is? (That probably requires many axis)
They probably use celebrities as canonical examples;
How Damaged on a scale of 0 to 1.0 Lindsay Lohans :-)
How much drugs abused on a scale of 0 to 1.0 Keith Richards (anything over 0.3 on that scale would kill the average human)
etc...
Considerable amusement awaits when defining other measures :-)
How is this table implemented? I don't know. If it is (as I suspect) CAM, it is likely hardwired (in an ASIC) for speed -- that's why you use CAM.
If the mitigation strategy I mentioned above (or some other) is not feasible, it does not look good. In any event, because the firmware on these Modems (even when owned by the end user) are not under customer control (they can only be updated by the cable provider), it's very likely that the majority of these devices will never have their firmware updated, even if there eventually is an update to fix these problems (and this is not the only problem with Puma 6).
In my case in particular, I use TekSavvy in Toronto -- but Rogers cable is the last mile provider, and they will not lift a finger to help an independent ISP or their customers. But they control the firmware that runs on *my* modem. There is something fundamentally wrong about that.
NO This has *Nothing* to do with the gateway capabilities and everything to do with the Cable Modem part of Puma 6. I have been able to hang my Hitron CDA-3 modem (no router/gateway or WiFi in it) by spraying it. Haven't found the magic reboot pattern, but its early yet.
There is apparently a packet spray pattern that causes the CableModem (CM) portion of the Puma 6 to reboot. (likely segfault) The CM on a puma 6 is run by an ARM Cpu (not the x86 atom), the problem is with broken hardware optimization -- specifically the overflow handling on a fairly small table (2032 entry) likely built of CAM (content addressable memory) intended to accelerate external/internal mappings. That table has entries inserted when any packet arrives with a new address. Spew enough packets from enough different addresses and the table overflows -- that overflow requires (slow) processing to handle.
Disabling the accelerator caps bandwidth to ~60Mbps, and the DoS attack is mitigated.
But the fact that there is a pattern of (external) packets that *crashes* the CM indicates a potential vulnerability in the CM firmware that would allow a complete takeover of the CM OS.
That would be a global disaster.
One proposed mitigation is to use software mapping for packets from external sources and only add mappings to that small table for packets from the LAN side (not the WAN). This would probably have minimal impact for most -- capping speeds to 60Mbps on connections until a packet originating from the LAN side of things has gone through the device.
But a hostile (and clever enough) hacker may still be able to trick the device into crashing and exposing it to takeover if they can run software on both sides of the device (LAN and WAN) attacking it from both simultaneously.
The Puma 6 is a bit of a debacle -- it may very well have to be recalled.
Take a wild ass guess -- just take your first best guess.
Then double it, and move to the next larger unit.
1 hour becomes 2 days.
1 day becomes 2 weeks
1 week becomes 2 months, etc.
You will be surprised how accurate it is. And you will virtually always deliver just a little early.
It says 2017, but that might be misleading -- it does not fully support C++x14 (release notes say "better" x14 support. I'd like to see "full x14 compliance & support"). And they're a ways from full x17 support.
You get spoiled using Clang/LLVM
This is in Ontario Canada. This is most definitely not an "at-will" jurisdiction when it comes to employment.
The Ontario Labour Relations Act applies, along with common law. (The entitlements written down are not what applies -- it is what is "usual and customary" that applies in Ontario for severance compensation -- and that is *much* more generous than what is written in the legislation.)
Anyone subject to severance (of any kind) in Ontario should consult with a lawyer experienced with the practice of employment law in Ontario before signing anything.
The courts in Ontario will hand them their asses.
They are playing fast and loose to deprive people of the severance compensation they are entitled to under Ontario Law.
I agree; if I get nagged for a review, you're getting 1 star, and I'll explain why; I paid for the damn app, so stop nagging.
There should be a global pref to turn off all review nags.
I hope you get your kidney in time.
I think organ donation should be opt-out. And if you have opted out, you are ineligible to receive an organ transplant. (With at least a 12 month waiting period after opting back in.)
Further, there should be a 3 month waiting period to effect an opt-out. No opting out and then killing yourself out of spite, or having next-of-kin object to an accident victim who has not opted out from donating organs & tissue.
From what I've read, this would solve the organ shortage in most regions.
I updated my 17 inch late 2011 macbook pro with 10.12.2, and it updated the firmware as part of that upgrade.
So it looks likely that they plugged the hole.
There are a number of alternatives -- flushing the BTB on ring switch seems a reasonable starting point. It should eliminate most privilege escalations.
Making the address randomization affect bits outside the range seen by the BTB indexing scheme would also make the attack much more difficult. This would require some non-trivial OS kernel changes
The BTBs themselves can be multi-level and pretty large -- they could form part of a process context, but they'd add several kbytes to it. There is no hardware support to save/restore this resource, and it'd have to be *fast* to be of any use. For paranoid people, flushing the BTB on every process (not thread) switch would pretty much stop this attack in its tracks, with a small performance penalty.
It's not clear that making the BTB part of the process context would make things faster overall -- you'd get better prediction, and worse ctx switch overhead. It's not clear to me which would win.
https://en.wikipedia.org/wiki/...
My favorite recursive acronym. (EMACS = Emacs Makes A Computer Slow)
*pours gasoline*
oh, and VI is *way* better than emacs.
*whoosh* :-)