Lavalamp Posted January 8, 2018 Share Posted January 8, 2018 Apple: We might see some backlash for making people’s phones run slower.Intel: Hold my beer… 2 Quote Link to comment Share on other sites More sharing options...
_The Doctor__ Posted January 8, 2018 Share Posted January 8, 2018 lmfao... how true.... and what's crazy is ain't sh*t gonna happen to any of 'em Quote Link to comment Share on other sites More sharing options...
jaybird3rd Posted January 8, 2018 Share Posted January 8, 2018 The government (particularly the military) has come under criticism in recent years for continuing to use 30-year-old "legacy technology", but in light of Spectre and Meltdown, maybe running critical systems based on the likes of Atari or Apple ][ computers isn't really such a bad idea! I still maintain that those old systems are among the best investments the government ever made; after all, they're still doing the job decades later. 4 Quote Link to comment Share on other sites More sharing options...
tschak909 Posted January 8, 2018 Share Posted January 8, 2018 cross-posting from another thread: I have read the paper and digested it. What's important to know: (1) the exploit is real, not theoretical (2) there are multiple reproducible attack vectors, as well as a sample exploit that works 99.9999% of the time on current generation Intel CPUs, with similar vectors possible on AMD, and ARM CPUs, all of which have been manufactured in roughly the last decade. This is why the industry is going bonkers. From the CPU manufacturers point of view, they have known that something like this was possible for some time. The fix in hardware is extremely simple, literally throw an exception for memory accesses across protection domains from the L1 cache. But because the silicon makers valued performance (and thus profit) over security, they've decided to push the problem into kernel space, and what's more, The patches themselves, ARE NOT switchable (on/off), and affect (at least in the case of Linux, I would imagine XNU being similarly hodge-podged, just with a smaller number of fixes, Windows...who knows, I haven't seen Windows source code since I had cross corprorate access to the NT 4.0 tree.) lots of kernel code that can't be easily removed. So we're stuck with the protection domain check (which happens EVERY SINGLE TIME there is a context switch), for now.If you read the LKML, you'll see Linus is _VERY_ pissed about this. -Thom 2 Quote Link to comment Share on other sites More sharing options...
+David_P Posted January 9, 2018 Share Posted January 9, 2018 I've got 1.79Mhz, 64K, and no problems 2 Quote Link to comment Share on other sites More sharing options...
+Stephen Posted January 9, 2018 Share Posted January 9, 2018 I've got 1.79Mhz, 64K, and no problems Well certainly a bitch ain't one! Quote Link to comment Share on other sites More sharing options...
R0ger Posted January 9, 2018 Share Posted January 9, 2018 Actually I hear NTSC models are already slowed down. Might some hoax though .. Quote Link to comment Share on other sites More sharing options...
Bryan Posted January 9, 2018 Share Posted January 9, 2018 I've got 1.79Mhz, 64K, and no problems I don't know about that. I just wrote a routine that allows me to read and modify OS variables. Quote Link to comment Share on other sites More sharing options...
phaeron Posted January 9, 2018 Share Posted January 9, 2018 Well, the thing is, there are issues with the Atari and 6502 that resemble these vulnerabilities somewhat -- the 6502 does speculatively fetch code and data one step out. It's just that on a platform that has no server support, no memory protection, and no kernel/user separation, it's a bit like declaring you've found a hole in a colander. The platform wasn't designed with and didn't have any reliance on security to begin with. My main beef with the whole thing is the role of the modern web in amplifying the problem. It wouldn't be nearly as bad on most computers if it were not for the insistence of web sites being able to run arbitrary client-side code from arbitrary sources with no real local control or oversight. With locally installed programs there is usually an obvious and user-initiated step to download new code onto the machine, and even if there is an online updated component the source of the updates is reasonably controlled. JavaScript ads delivered from ad networks are a nightmare, on the other hand, because you have no idea whether tomorrow you'll get a dodgy piece of JavaScript delivered as part of the popular web site you visit every day, and multi-tiered ad networks means that often the sites themselves can't tell what's going on. 3 Quote Link to comment Share on other sites More sharing options...
_The Doctor__ Posted January 9, 2018 Share Posted January 9, 2018 (edited) noscript is your friend as is ublock as is... you get the idea and on and on.... of course then nothing wants to work as you lock everything down... because google wants you to go where they want you to go and see every add a gazillion times... of course I just go somewhere else when a site gets all pissy cause I won't run their java goodies, script goodies, flash goodies, html# video goodies blah fricken blah blah blah... Edited January 9, 2018 by _The Doctor__ 3 Quote Link to comment Share on other sites More sharing options...
Rybags Posted January 9, 2018 Share Posted January 9, 2018 So-called sandboxing is a joke. It's entirely possible to develop these languages so they exist only in their virtualised environment and can't access anything else important. Turning off Javascript isn't much use. Plenty of sites rely on it to the point that they just won't work without it. Quote Link to comment Share on other sites More sharing options...
Lavalamp Posted January 9, 2018 Author Share Posted January 9, 2018 Actually I hear NTSC models are already slowed down. Might some hoax though .. Thats funny Quote Link to comment Share on other sites More sharing options...
+mytek Posted January 9, 2018 Share Posted January 9, 2018 None of this would be a problem if it weren't for the fact that computers now days are tied together via the internet. This is really the only reason that the A8's are immune at present. It's not because they are based on older technology. Also the A8's OS is ROM based, so rather difficult to affect any permanent damage (just power down and back up). However as the A8 gets networked and connected to the internet, and as applications begin to have key parts written to the disk, they become vulnerable. In the remake of Battlestar Galactica they made a big deal out of this aspect, and Adama's ship survived the Cylon attack because they had kept their computers non-networked. 1 Quote Link to comment Share on other sites More sharing options...
+MrFish Posted January 9, 2018 Share Posted January 9, 2018 (edited) None of this would be a problem if it weren't for the fact that computers now days are tied together via the internet. This is really the only reason that the A8's are immune at present. It's not because they are based on older technology. Also the A8's OS is ROM based, so rather difficult to affect any permanent damage (just power down and back up). However as the A8 gets networked and connected to the internet, and as applications begin to have key parts written to the disk, they become vulnerable. "Vulnerable", but we'd be pretty low on the totem pole as targets for anyone. "Tied together via the internet"... the plug is right there at your fingertips... Now where's that thread about packet radio... Edited January 9, 2018 by MrFish Quote Link to comment Share on other sites More sharing options...
+mytek Posted January 9, 2018 Share Posted January 9, 2018 "Vulnerable", but we'd be pretty low on the totem pole as targets for anyone. "Tied together via the internet"... the plug is right there at your fingertips... Now where's that thread about packet radio... I wasn't worried about people, but I don't dare play Star Raiders for very long because those Zylons might gain control at any moment . 1 Quote Link to comment Share on other sites More sharing options...
+MrFish Posted January 9, 2018 Share Posted January 9, 2018 (edited) I wasn't worried about people, but I don't dare play Star Raiders for very long because those Zylons might gain control at any moment . Now I think you're really being affected. Edited January 9, 2018 by MrFish Quote Link to comment Share on other sites More sharing options...
Bryan Posted January 10, 2018 Share Posted January 10, 2018 So-called sandboxing is a joke. It's entirely possible to develop these languages so they exist only in their virtualised environment and can't access anything else important. Turning off Javascript isn't much use. Plenty of sites rely on it to the point that they just won't work without it. None of this would be a problem if it weren't for the fact that computers now days are tied together via the internet. This is really the only reason that the A8's are immune at present. It's not because they are based on older technology. Also the A8's OS is ROM based, so rather difficult to affect any permanent damage (just power down and back up). However as the A8 gets networked and connected to the internet, and as applications begin to have key parts written to the disk, they become vulnerable. The biggest problem is people want the browser to be able to so anything the host computer can do. Microsoft's solution to this was ActiveX which literally allowed web pages to run code on the host CPU. Sandboxed languages should be a solution, but again, people want to be able to do anything an application can do, so the language must be extended to the point that it can do damage. I think the ultimate solution is to run the browser on dedicated hardware (like a Raspberry Pi) and send the display to the PC using a safe protocol. If the browser is compromised, the PC is not. Then you can go to whatever sites you wish, and just restore the Pi to its default state when you're done. Quote Link to comment Share on other sites More sharing options...
_The Doctor__ Posted January 10, 2018 Share Posted January 10, 2018 I never wanted my browser to be a remote access terminal, ever... nuff said... Quote Link to comment Share on other sites More sharing options...
Lavalamp Posted January 10, 2018 Author Share Posted January 10, 2018 None of this would be a problem if it weren't for the fact that computers now days are tied together via the internet. This is really the only reason that the A8's are immune at present. It's not because they are based on older technology. Also the A8's OS is ROM based, so rather difficult to affect any permanent damage (just power down and back up). However as the A8 gets networked and connected to the internet, and as applications begin to have key parts written to the disk, they become vulnerable. In the remake of Battlestar Galactica they made a big deal out of this aspect, and Adama's ship survived the Cylon attack because they had kept their computers non-networked. Great reference, shame that show went on to be a commentary on modern politics (season 3) killed it with that one season. Maybe i should store my important info on my A8... Quote Link to comment Share on other sites More sharing options...
R.Cade Posted January 10, 2018 Share Posted January 10, 2018 Well, the thing is, there are issues with the Atari and 6502 that resemble these vulnerabilities somewhat -- the 6502 does speculatively fetch code and data one step out. It's just that on a platform that has no server support, no memory protection, and no kernel/user separation, it's a bit like declaring you've found a hole in a colander. The platform wasn't designed with and didn't have any reliance on security to begin with. Yes, our old CPUs have no memory protection, so they were always "vulnerable" to this. You always have access to all of CPU, RAM, registers, everything. That is how all the memory snapshot cartridges worked back in the 80's (and 90's). Action Replay... 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.