SoylentNews is people
SoylentNews
Back at the start of the year, a set of attacks that leveraged the speculative execution capabilities of modern high-performance processors was revealed. The attacks were named Meltdown and Spectre. Since then, numerous variants of these attacks have been devised. In tandem, a range of mitigation techniques has been created to enable at-risk software, operating systems, and hypervisor platforms to protect against these attacks.
A research team—including many of the original researchers behind Meltdown, Spectre, and the related Foreshadow and BranchScope attacks—has published a new paper disclosing yet more attacks in the Spectre and Meltdown families. The result? Seven new possible attacks. Some are mitigated by known mitigation techniques, but others are not. That means further work is required to safeguard vulnerable systems.
The previous investigations into these attacks have been a little ad hoc in nature: examining particular features of interest to provide, for example, a Spectre attack that can be performed remotely over a network or Meltdown-esque attack to break into SGX enclaves. The new research is more systematic, looking at the underlying mechanisms behind both Meltdown and Spectre and running through all the different ways the speculative execution can be misdirected.
(Score: 2) by inertnet on Monday November 19 2018, @11:18AM (1 child)
Off topic:
Searching for "Fuck MDC" gets me over 4 million hits: "Ongeveer 4.040.000 resultaten".
On topic: which current processors would the people here recommend for building a new Linux desktop? Just ignore the Spectre and Meltdown hype? I read somewhere that Intel is selling (or planning to sell) processors without hyper-threading.
(Score: 0) by Anonymous Coward on Tuesday November 20 2018, @08:58AM
If your budget is under 100 dollars, RaspPi, Rock64/Rock64Pro (latter has a hex core with 2xOoO cores, non-pro and the other 4 cores of the Pro are In-Order), most other Pi marketed SBCs, specifically 2-4GB models. Out of those the Rock64Pro is the most usable. 2-4GB of GDDR4, and a 4x PCIe slot with an open end. If you have the money for addons, get a PCIe x16 bridge board intended for 8x PCIe x1 slots over USB3 cables and populate 4 of them. You will need an external power supply or a molex to 5v barrel to power the Rock64Pro, but that gives you a Quad In-Order processor, PCIe expansion, and if you customize your linux configuration to either blacklist or sandbox the Out of Order cores, it is just as safe as an in-order processor with some extra horsepower if you want to game or something.
Alternately if you have 1-5 grand, you can buy a Talos/Blackbird system from Raptor Engineering, who is producing IBM Power 8(9?) workstation boards capable of running between 128GB and 2TB of Registered DDR4, depending on motherboard model. Each processor can support up to 1TB of RAM using 128GB RDIMMs, although the Blackbird motherboard only has dual channel and 2 dimm sockets limiting it to 256GB maximum, and based on research, only 64-128GB given current ram availability and pricing.
If you mean Intel or AMD, they are both crap now. No manual reflashing of bios. Only accepting signed bios images, firmware tpms which if entrusted with your crypto keys makes it invisible for a remote adversary to gain access to if they have the keys and either an exploit or a signing key for the Intel ME/AMD SP (Latter is ARM Trustzone, with the same risks on your CellPhone, ignoring the baseband processor, which is its own can of worms.)