Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News Editorials & Other Articles General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

steve2470

(37,463 posts)
Mon Jan 22, 2018, 05:18 PM Jan 2018

Linus Torvalds declares Intel fix for Meltdown/Spectre COMPLETE AND UTTER GARBAGE

https://techcrunch.com/2018/01/22/linus-torvalds-declares-intel-fix-for-meltdown-spectre-complete-and-utter-garbage/

The always outspoken Linus Torvalds, best known for his continuing work on the innermost code of Linux systems, has harsh words to say and accusations to level against Intel. His evaluation of Intel’s latest proposed fix for the Meltdown/Spectre issue: “the patches are COMPLETE AND UTTER GARBAGE.” As a potential line of inquiry, he suggests: “Has anybody talked to them and told them they are f*cking insane?” (asterisk his.)

These and other kind epithets are awarded by Torvalds in a public email chain between him and David Woodhouse, an engineer at Amazon in the U.K., regarding Intel’s solution as relating to the Linux kernel. The issue is (as far as I can tell as someone far out of their depth) a clumsy and, Torvalds argues, “insane” implementation of a fix that essentially does nothing while also doing a bunch of unnecessary things.

The fix needs to address Meltdown (which primarily affects Intel chips), but instead of just doing so across the board, it makes the whole fix something the user or administrator has to opt into at boot. Why even ask, if this is such a huge vulnerability? And why do it at such a low level when future CPUs will supposedly not require it, at which point the choice would be at best unnecessary and at worst misleading or lead to performance issues?

Meanwhile, a bunch of other things are added in the same patch that Torvalds points out are redundant with existing solutions, for instance adding protections against an exploit already mitigated by Google Project Zero’s “retpoline” technique
1 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
Linus Torvalds declares Intel fix for Meltdown/Spectre COMPLETE AND UTTER GARBAGE (Original Post) steve2470 Jan 2018 OP
" it makes the whole fix something the user or administrator has to opt into at boot" earthshine Jan 2018 #1
 

earthshine

(1,642 posts)
1. " it makes the whole fix something the user or administrator has to opt into at boot"
Mon Jan 22, 2018, 05:37 PM
Jan 2018

Among the effects of these fixes are spontaneous crashes and slowing systems down. As such, for some, it could be desirable to make this choice at boot time.

For example, a system used for high-speed processing, such as video editing or computer simulations, would not need to be connected to the net. Therefore, such a system is not vulnerable to any kind of attack, so why slow it down?

My limited understanding is that such an attack would involve gathering many bits of data generated by other system processes and then interpreting them so as to steal something meaningful like a password or other identifying bit of info. It's a needle-and-haystack situation. An attack exploiting these weaknesses would have to be highly targeted, and very specific to the person or business under attack.

Many tech gurus say that low-profile, common users like me, should not rush to patch. High-profile people and businesses could be targeted.

Steve Gibson (of Tech.TV) has created a free program that informs you as to whether you are vulnerable to these attacks. Further, the program allows you to turn the patches on and off, which can be useful for testing and measuring benchmarks.

https://www.grc.com/inspectre.htm

Latest Discussions»Help & Search»Computer Help and Support»Linus Torvalds declares I...