Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Wednesday March 14 2018, @12:34PM   Printer-friendly
from the I'm-going-back-to-using-an-Abacus dept.

Security Researchers Publish Ryzen Flaws, Gave AMD 24 hours Prior Notice

Through the advent of Meltdown and Spectre, there is a heightened element of nervousness around potential security flaws in modern high-performance processors, especially those that deal with the core and critical components of company business and international infrastructure. Today, CTS-Labs, a security company based in Israel, has published a whitepaper identifying four classes of potential vulnerabilities of the Ryzen, EPYC, Ryzen Pro, and Ryzen Mobile processor lines. AMD is in the process of responding to the claims, but was only given 24 hours of notice rather than the typical 90 days for standard vulnerability disclosure. No official reason was given for the shortened time.

[...] At this point AMD has not confirmed any of the issues brought forth in the CTS-Labs whitepaper, so we cannot confirm in the findings are accurate. It has been brought to our attention that some press were pre-briefed on the issue, perhaps before AMD was notified, and that the website that CTS-Labs has setup for the issue was registered on February 22nd, several weeks ago. Given the level of graphics on the site, it does look like a planned 'announcement' has been in the works for a little while, seemingly with little regard for AMD's response on the issue. This is compared to Meltdown and Spectre, which was shared among the affected companies several months before a planned public disclosure. CTS-Labs has also hired a PR firm to deal with incoming requests for information, which is also an interesting avenue to the story, as this is normally not the route these security companies take. CTS-Labs is a security focused research firm, but does not disclose its customers or research leading to this disclosure. CTS-Labs was started in 2017, and this is their first public report.

CTS-Labs' claims revolve around AMD's Secure Processor and Promontory Chipset, and fall into four main categories, which CTS-Labs has named for maximum effect. Each category has sub-sections within.

Severe Security Advisory on AMD Processors from CTS.

Also at Tom's Hardware, Motherboard, BGR, Reuters, and Ars Technica.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by DannyB on Wednesday March 14 2018, @03:45PM (3 children)

    by DannyB (5839) Subscriber Badge on Wednesday March 14 2018, @03:45PM (#652440) Journal

    Ten years ago I did not find it straightforward to think this way.

    I considered that, logically, having to parallelize is the way of the future. Inevitable, IMO.

    So I begin trying to think this way. I think it like learning to code in the first place. You just have to practice. Maybe early in one's learning, the whole idea of thinking this way needs to be introduced. With examples. And it doesn't hurt if more languages had easy to use frameworks to easily do map/reduce operations easily with ease quite easily.

    --
    People today are educated enough to repeat what they are taught but not to question what they are taught.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by The Mighty Buzzard on Wednesday March 14 2018, @04:01PM (1 child)

    by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Wednesday March 14 2018, @04:01PM (#652450) Homepage Journal

    Well, not everything's big data even today, so map reduce proficiency would be of limited usefulness to programmers as a whole. Being able to write your program in such a way as to eliminate threading bottlenecks though, that should be required for every code monkey's mental toolbox.

    --
    My rights don't end where your fear begins.
    • (Score: 2) by DannyB on Wednesday March 14 2018, @04:38PM

      by DannyB (5839) Subscriber Badge on Wednesday March 14 2018, @04:38PM (#652479) Journal

      Map / Reduce is not just for big data.

      It is something any Lisp programmer understands, long before big data.

      I just gave an example where I did map/reduce in a desktop GUI application. (I mentioned "Swing" on Java) And got a dramatic performance improvement.

      I increasingly see applications of the technique without big data.

      (Unless you consider my input data file of tens of millions of data points to be big data.)

      Using map / reduce, or message passing frameworks are both ways for an average code monkey to write correct multi-threaded code. Part of this is to have higher order languages that provide suitable abstractions.

      --
      People today are educated enough to repeat what they are taught but not to question what they are taught.
  • (Score: 3, Insightful) by TheRaven on Wednesday March 14 2018, @05:03PM

    by TheRaven (270) on Wednesday March 14 2018, @05:03PM (#652496) Journal
    I think that the difficult thing is not writing parallel code or writing serial code, but writing code that is mostly serial but has some parallel parts. If you start by making everything that is logically independent into a parallel task and use actor-model or CSP communication, then it's quite easy to express most problems. It's then very difficult to statically determine which bits want to be combined into a single serial task for best performance. The strength of something like Erlang is that it encourages you to think in this way (a message send in Erlang is about as cheap as a function call and creating a new parallel task isn't much more expensive) and then dynamically combines tasks into sequential operations for your processor.
    --
    sudo mod me up