Jump to content
Have You Played Atari Today?
2600|5200|7800|Lynx|Jaguar|Forums|Store
IGNORED

A8 not affected by Spectre or Meltdown

Lavalamp

By Lavalamp
in Atari 8-Bit Computers

 Share

Recommended Posts

jaybird3rd Quadrunner

jaybird3rd

Posted
Posted

The government (particularly the military) has come under criticism in recent years for continuing to use 30-year-old "legacy technology", but in light of Spectre and Meltdown, maybe running critical systems based on the likes of Atari or Apple ][ computers isn't really such a bad idea!

 

I still maintain that those old systems are among the best investments the government ever made; after all, they're still doing the job decades later.

  • Like 4
Link to comment
Share on other sites
tschak909 Quadrunner

tschak909

Posted
Posted

cross-posting from another thread:

 

I have read the paper and digested it.

What's important to know:

(1) the exploit is real, not theoretical

(2) there are multiple reproducible attack vectors, as well as a sample exploit that works 99.9999% of the time on current generation Intel CPUs, with similar vectors possible on AMD, and ARM CPUs, all of which have been manufactured in roughly the last decade.

This is why the industry is going bonkers.

From the CPU manufacturers point of view, they have known that something like this was possible for some time. The fix in hardware is extremely simple, literally throw an exception for memory accesses across protection domains from the L1 cache.

But because the silicon makers valued performance (and thus profit) over security, they've decided to push the problem into kernel space, and what's more, The patches themselves, ARE NOT switchable (on/off), and affect (at least in the case of Linux, I would imagine XNU being similarly hodge-podged, just with a smaller number of fixes, Windows...who knows, I haven't seen Windows source code since I had cross corprorate access to the NT 4.0 tree.) lots of kernel code that can't be easily removed. So we're stuck with the protection domain check (which happens EVERY SINGLE TIME there is a context switch), for now.

If you read the LKML, you'll see Linus is _VERY_ pissed about this.

-Thom

  • Like 2
Link to comment
Share on other sites
phaeron River Patroller

phaeron

Posted
Posted

Well, the thing is, there are issues with the Atari and 6502 that resemble these vulnerabilities somewhat -- the 6502 does speculatively fetch code and data one step out. It's just that on a platform that has no server support, no memory protection, and no kernel/user separation, it's a bit like declaring you've found a hole in a colander. The platform wasn't designed with and didn't have any reliance on security to begin with.

 

My main beef with the whole thing is the role of the modern web in amplifying the problem. It wouldn't be nearly as bad on most computers if it were not for the insistence of web sites being able to run arbitrary client-side code from arbitrary sources with no real local control or oversight. With locally installed programs there is usually an obvious and user-initiated step to download new code onto the machine, and even if there is an online updated component the source of the updates is reasonably controlled. JavaScript ads delivered from ad networks are a nightmare, on the other hand, because you have no idea whether tomorrow you'll get a dodgy piece of JavaScript delivered as part of the popular web site you visit every day, and multi-tiered ad networks means that often the sites themselves can't tell what's going on.

  • Like 3
Link to comment
Share on other sites
_The Doctor__ Quadrunner

_The Doctor__

Posted
Posted (edited)

noscript is your friend as is ublock as is... you get the idea and on and on.... of course then nothing wants to work as you lock everything down... because google wants you to go where they want you to go and see every add a gazillion times... of course I just go somewhere else when a site gets all pissy cause I won't run their java goodies, script goodies, flash goodies, html# video goodies blah fricken blah blah blah...

Edited by _The Doctor__
  • Like 3
Link to comment
Share on other sites
Rybags Quadrunner

Rybags

Posted
Posted

So-called sandboxing is a joke. It's entirely possible to develop these languages so they exist only in their virtualised environment and can't access anything else important.

Turning off Javascript isn't much use. Plenty of sites rely on it to the point that they just won't work without it.

Link to comment
Share on other sites
mytek Quadrunner

+mytek

Posted
Posted

None of this would be a problem if it weren't for the fact that computers now days are tied together via the internet. This is really the only reason that the A8's are immune at present. It's not because they are based on older technology. Also the A8's OS is ROM based, so rather difficult to affect any permanent damage (just power down and back up). However as the A8 gets networked and connected to the internet, and as applications begin to have key parts written to the disk, they become vulnerable.

 

In the remake of Battlestar Galactica they made a big deal out of this aspect, and Adama's ship survived the Cylon attack because they had kept their computers non-networked.

  • Like 1
Link to comment
Share on other sites
MrFish Quadrunner

+MrFish

Posted
Posted (edited)

None of this would be a problem if it weren't for the fact that computers now days are tied together via the internet. This is really the only reason that the A8's are immune at present. It's not because they are based on older technology. Also the A8's OS is ROM based, so rather difficult to affect any permanent damage (just power down and back up). However as the A8 gets networked and connected to the internet, and as applications begin to have key parts written to the disk, they become vulnerable.

 

"Vulnerable", but we'd be pretty low on the totem pole as targets for anyone.

 

"Tied together via the internet"... the plug is right there at your fingertips...

 

Now where's that thread about packet radio... :P

Edited by MrFish
Link to comment
Share on other sites
mytek Quadrunner

+mytek

Posted
Posted

 

"Vulnerable", but we'd be pretty low on the totem pole as targets for anyone.

 

"Tied together via the internet"... the plug is right there at your fingertips...

 

Now where's that thread about packet radio... :P

 

I wasn't worried about people, but I don't dare play Star Raiders for very long because those Zylons might gain control at any moment ;) .

  • Like 1
Link to comment
Share on other sites
Bryan Quadrunner

Bryan

Posted
Posted

So-called sandboxing is a joke. It's entirely possible to develop these languages so they exist only in their virtualised environment and can't access anything else important.

Turning off Javascript isn't much use. Plenty of sites rely on it to the point that they just won't work without it.

 

None of this would be a problem if it weren't for the fact that computers now days are tied together via the internet. This is really the only reason that the A8's are immune at present. It's not because they are based on older technology. Also the A8's OS is ROM based, so rather difficult to affect any permanent damage (just power down and back up). However as the A8 gets networked and connected to the internet, and as applications begin to have key parts written to the disk, they become vulnerable.

 

The biggest problem is people want the browser to be able to so anything the host computer can do. Microsoft's solution to this was ActiveX which literally allowed web pages to run code on the host CPU. Sandboxed languages should be a solution, but again, people want to be able to do anything an application can do, so the language must be extended to the point that it can do damage.

 

I think the ultimate solution is to run the browser on dedicated hardware (like a Raspberry Pi) and send the display to the PC using a safe protocol. If the browser is compromised, the PC is not. Then you can go to whatever sites you wish, and just restore the Pi to its default state when you're done.

Link to comment
Share on other sites
Lavalamp Chopper Commander

Lavalamp

Posted
  • Author
Posted

None of this would be a problem if it weren't for the fact that computers now days are tied together via the internet. This is really the only reason that the A8's are immune at present. It's not because they are based on older technology. Also the A8's OS is ROM based, so rather difficult to affect any permanent damage (just power down and back up). However as the A8 gets networked and connected to the internet, and as applications begin to have key parts written to the disk, they become vulnerable.

 

In the remake of Battlestar Galactica they made a big deal out of this aspect, and Adama's ship survived the Cylon attack because they had kept their computers non-networked.

 

 

Great reference, shame that show went on to be a commentary on modern politics (season 3) killed it with that one season. Maybe i should store my important info on my A8...

Link to comment
Share on other sites
R.Cade Stargunner

R.Cade

Posted
Posted

Well, the thing is, there are issues with the Atari and 6502 that resemble these vulnerabilities somewhat -- the 6502 does speculatively fetch code and data one step out. It's just that on a platform that has no server support, no memory protection, and no kernel/user separation, it's a bit like declaring you've found a hole in a colander. The platform wasn't designed with and didn't have any reliance on security to begin with.

 

Yes, our old CPUs have no memory protection, so they were always "vulnerable" to this. You always have access to all of CPU, RAM, registers, everything.

 

That is how all the memory snapshot cartridges worked back in the 80's (and 90's). Action Replay... :)

  • Like 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
AtariAge
Forums
Store
General
Follow AtariAge

Copyright ©1998-2023 AtariAge

×
×
  • Create New...