Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Wednesday January 17 2018, @07:51PM   Printer-friendly
from the oughta-be-a-law dept.

Vox Media website theverge.com reports that Rep. Jerry McNerney (D-CA) wants answers about the recent computer chip chaos.

Congress is starting to ask hard questions about the fallout from the Meltdown and Spectre vulnerabilities. Today, Rep. Jerry McNerney (D-CA) sent a letter [(pdf)] requesting a briefing from Intel, AMD, and ARM about the vulnerabilities’ impact on consumers.

[...] The two vulnerabilities are “glaring warning signs that we must take cybersecurity more seriously,” McNerney argues in the letter. “Should the vulnerabilities be exploited, the effects on consumers’ privacy and our nation’s economy and security would be absolutely devastating.”

Privately disclosed to chipmakers in June of 2016, the Meltdown and Spectre bugs became public after a haphazard series of leaks earlier this month. In the aftermath, there have been significant patching problems, including an AMD patch that briefly prevented Windows computers from booting up. Intel in particular has come under fire for inconsistent statements about the impact of the bugs, and currently faces a string of proposed class-action lawsuits relating to the bugs.

Meltdown can be fixed through a relatively straightforward operating-system level patch, but Spectre has proven more difficult, and there have been significant patching problems in the aftermath. The most promising news has been Google’s Retpoline approach, which the company says can protect against the trickiest Spectre variant with little negative performance impact.

The letter calls on the CEOs of Intel, AMD, and ARM to answer (among other things) when they learned about these problems and what they are doing about it.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 2) by Snotnose on Wednesday January 17 2018, @07:53PM (26 children)

    by Snotnose (1623) on Wednesday January 17 2018, @07:53PM (#623752)

    Someone didn't contribute enough to someone else's "campaign fund".

    Does anyone really think these 2 issues can be dumbed down enough so a CongressClown can understand the hows and whys of this?

    --
    Why shouldn't we judge a book by it's cover? It's got the author, title, and a summary of what the book's about.
    • (Score: 1) by starvingboy on Wednesday January 17 2018, @08:09PM (1 child)

      by starvingboy (6766) on Wednesday January 17 2018, @08:09PM (#623763)

      My thoughts exactly. Congress people bloviating in order to get their name in the media, nothing more, and nothing will come of it.

      • (Score: 2) by realDonaldTrump on Wednesday January 17 2018, @11:32PM

        by realDonaldTrump (6614) on Wednesday January 17 2018, @11:32PM (#623902) Homepage Journal

        I get a lot of coverage by the media. Because I'm good looking, smart, with a great personality. I'm the least boring person in the entire world. I don't always like the things they say, when they do the Fake News. But they did a lot to get me elected. Even the negative coverage. For a politician, getting your name out there is the biggest thing. Other politicians have NO PERSONALITY, so they have to buy ads. A lot of their money goes to buying ads. This guy McNerney, he's a Dem but he's not dumb. Congress holds a hearing, they look like they care about they cyber (they don't care), they get a little coverage. If they don't screw up, they look good. And they didn't have to pay. They didn't have to go to their donors.

    • (Score: 3, Interesting) by Azuma Hazuki on Wednesday January 17 2018, @08:12PM (1 child)

      by Azuma Hazuki (5086) on Wednesday January 17 2018, @08:12PM (#623766) Journal

      Ron Wyden might actually be able to follow it halfway. I'm not sure about anyone else in the Senate though, not even dear Bernie.

      --
      I am "that girl" your mother warned you about...
      • (Score: 1, Interesting) by Anonymous Coward on Wednesday January 17 2018, @10:51PM

        by Anonymous Coward on Wednesday January 17 2018, @10:51PM (#623881)

        Ron Wyden is the only one who has consistently vote for sane tech laws. And while I can't remember what else, he's at least been a voice of reason on a few other issues, compared to most of the muck there.

    • (Score: 4, Insightful) by The Mighty Buzzard on Wednesday January 17 2018, @08:18PM

      by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Wednesday January 17 2018, @08:18PM (#623772) Homepage Journal

      They don't really need to understand anything beyond "they fucked up badly". I know it's too much to ask of Congress, what with their horribly empty pockets, but I'd like to see an example made along the lines of "there's no such thing as too big to have to pay for your mistakes".

      --
      My rights don't end where your fear begins.
    • (Score: 4, Interesting) by DannyB on Wednesday January 17 2018, @08:39PM (20 children)

      by DannyB (5839) Subscriber Badge on Wednesday January 17 2018, @08:39PM (#623789) Journal

      What exactly is congress expecting? That the management of these chipmakers, or even people designing the chips, could foresee this particular type of weakness? When I read a decent explanation [raspberrypi.org] of how information can be leaked from the kernel, I was thinking, who could have foreseen that?

      "The approach will not be easy. You are required to maneuver straight down this trench and skim the surface to this point. The target area is only two meters wide. It's a small thermal exhaust port, right below the main port. The shaft leads directly to the reactor system. A precise hit will start a chain reaction which should destroy the station."

      Of course, new chips and death stars won't be vulnerable, now that we know about the exploit.

      But then, the death star vulnerability could have been deliberately planted. I wonder about the chip vulnerability?

      --
      People today are educated enough to repeat what they are taught but not to question what they are taught.
      • (Score: 0) by Anonymous Coward on Wednesday January 17 2018, @09:12PM (2 children)

        by Anonymous Coward on Wednesday January 17 2018, @09:12PM (#623809)

        For many years now, there have been mumblings about how caches or hyperthreading could be used to leak secrets. Although neither is fundamental to Spectre or Meltdown, both are part of the currently published attacks.

        There is also a little bit of similarity with rowhammer. Some of the same researchers are even involved.

        So although the specific attacks were not known, people were clearly headed in that direction. Intel should have been aware. Instead, Intel actively made things worse by introducing memory transactions in the latest chips. Memory transaction support makes these attacks much faster and easier.

        • (Score: 0) by Anonymous Coward on Wednesday January 17 2018, @10:59PM (1 child)

          by Anonymous Coward on Wednesday January 17 2018, @10:59PM (#623885)

          Was literally warned about back in the 1996-1999 range.

          I had multiple people arguing with me about it, and I had mostly scoffed because at the time it would have essentially required pegging the cpu and degrading system performance for a non-trivial length of time to get most of the data out. With current generation hardware and software, especially online software, already pegging out at least one core at all times, it is much harder to differentiate valid use from exploits/data analysis attempts.

          • (Score: 2) by frojack on Thursday January 18 2018, @12:25AM

            by frojack (1554) on Thursday January 18 2018, @12:25AM (#623923) Journal

            Scale that to several thousand machines in a Typical Google or Amazon Data Center. [amazonaws.com].

            How would you even know this was happening?

            I would thing Amazon would be more at risk for this than Google, because Amazon rents you machines, real or virtual, for your own use, whereas most of google's machines are for Google's own use - not so much customer instances.

            --
            No, you are mistaken. I've always had this sig.
      • (Score: 0) by Anonymous Coward on Wednesday January 17 2018, @09:19PM (8 children)

        by Anonymous Coward on Wednesday January 17 2018, @09:19PM (#623814)

        > What exactly is congress expecting? That the management of these chipmakers, or even people designing the chips, could foresee this particular type of weakness?

        I'm ready to give Spectre a pass -- we do speculative execution, we *have* to touch the cache, which then we can't un-touch if we guessed wrong. Fine.

        But Meltdown? Hey, let's touch memory we wouldn't have privileges for, then check privileges only if it's time to commit the speculative work? What could possibly go wrong?

        Was this done maliciously by someone who knew it could be exploited later, or was it an innocent mistake by someone eager to squeeze out that last percent of speedup and beat competition? We'll never know, but that's what we'll have to live with as long as proprietary hardware with secret, closed design/development/fabrication is the only feasible option.

        • (Score: 2) by DannyB on Wednesday January 17 2018, @09:49PM (4 children)

          by DannyB (5839) Subscriber Badge on Wednesday January 17 2018, @09:49PM (#623833) Journal

          I agree with you about both Spectre and Meltdown. Got to have speculative execution. But why leak timing info for memory you aren't allowed to fondle.

          But this is the biggest insight in what you said, and I don't have mod points left:

          We'll never know, but that's what we'll have to live with as long as proprietary hardware with secret, closed design/development/fabrication is the only feasible option.

          That is a profound concern. As systems grow ever more complex, instead of more simple and open, we can never be sure that there isn't a small thermal exhaust port that can lead to the destruction of the entire death star.

          And we still have to worry about software binary problems like "Trusting Trust". Can you be sure the binary of your C compiler isn't compromised even though the source code appears clean, but recompiling the clean source with the compromised compiler will bake the compromise into the newly compiled compiler.

          --
          People today are educated enough to repeat what they are taught but not to question what they are taught.
          • (Score: 2) by DannyB on Wednesday January 17 2018, @10:02PM

            by DannyB (5839) Subscriber Badge on Wednesday January 17 2018, @10:02PM (#623846) Journal

            I wrote it after this comment, but further down is a hypothetical type of invalid opcode compromise that could be baked into a microprocessor.

            --
            People today are educated enough to repeat what they are taught but not to question what they are taught.
          • (Score: 0) by Anonymous Coward on Wednesday January 17 2018, @10:02PM (2 children)

            by Anonymous Coward on Wednesday January 17 2018, @10:02PM (#623847)

            > And we still have to worry about software binary problems like "Trusting Trust"

            There's David A. Wheeler's proposed solution for that: Diverse Double Compilation [dwheeler.com] where you take your suspect compiler's clean sources, and build them with itself (A) and another, unlikely-to-be-malicious-in-the-same-manner compiler (B). You get C and D, respectively. They're different binaries (built with different compilers, duh), but they're the *same* functionality (same source specifying what they do). So, for identical inputs, C and D should produce identical outputs.

            Now, we compile the clean A sources again, with C and D. Same input should give us identical binary output. If the original A binary was clean, then C should have been clean, thus the output of C should match the (clean) output of D. If they don't, you can tell it's time to start hand-assembling your sources :)

            • (Score: 2) by DannyB on Wednesday January 17 2018, @10:16PM (1 child)

              by DannyB (5839) Subscriber Badge on Wednesday January 17 2018, @10:16PM (#623854) Journal

              Yes. That is why it would be good to have a number of C compilers written in other languages. Especially a few written in interpreted languages. Python. JavaScript. Lisp. Etc. (Even if JIT'ed) These C compilers aren't meant to be fast or to generate great code. They are merely intended to work and provide a diversity of C compilers that also happen to run on many hardware platforms. I'm sure you can find a way to compile your target compiler using multiple of these compilers on multiple platforms. Then take those resulting binaries and re-compile your target compiler with each of those binaries which should generate identical optimized binaries of your target compiler.

              --
              People today are educated enough to repeat what they are taught but not to question what they are taught.
              • (Score: 0) by Anonymous Coward on Thursday January 18 2018, @06:46PM

                by Anonymous Coward on Thursday January 18 2018, @06:46PM (#624286)
                This was the subject of a Ph.D. Thesis, called Double Diverse Compiling. You can read about it at https://www.dwheeler.com/trusting-trust/ [dwheeler.com]
        • (Score: -1, Flamebait) by Anonymous Coward on Wednesday January 17 2018, @11:05PM (2 children)

          by Anonymous Coward on Wednesday January 17 2018, @11:05PM (#623889)

          Israeli techies or pro-Zionist Jewish sympathizers involved at Intel.

          Intel ME is now wholly developed in Israel. Much of the 686 development since the 90s and especially today is coming out of Israel.

          And how much of the really black art computer espionage research that has been DOCUMENTED has come out of Israel?

          Mossad would have a field day with an exploit like meltdown, and perhaps they already have.

          • (Score: 2) by frojack on Thursday January 18 2018, @12:32AM (1 child)

            by frojack (1554) on Thursday January 18 2018, @12:32AM (#623926) Journal

            For some people all problems are Jewish problems.

            --
            No, you are mistaken. I've always had this sig.
            • (Score: 0) by Anonymous Coward on Friday January 19 2018, @06:59AM

              by Anonymous Coward on Friday January 19 2018, @06:59AM (#624604)

              remember kids, don't touch the third rail or you're a nazi!

      • (Score: 2) by Snotnose on Wednesday January 17 2018, @09:36PM (7 children)

        by Snotnose (1623) on Wednesday January 17 2018, @09:36PM (#623822)

        What exactly is congress expecting? That the management of these chipmakers, or even people designing the chips, could foresee this particular type of weakness? When I read a decent explanation [raspberrypi.org] of how information can be leaked from the kernel, I was thinking, who could have foreseen that?

        I think it's more like chip makers haven't had hackers first and forment in their minds, unlike software makers have for the past 30 years.

        I write device drivers and poke around in kernels when the boss isn't looking. A lot of what I do is getting the product spec from the manufacturer, taking sample code or a table of registers/values, adjusting some values as needed, and popping it into my code. I seldom (ok, never have before) stopped to think "Hmmm, what happens if I do this, this, this, then don't do that?". I suspect this is how the chip maker's are struggling to think now. Kinda like the designers of TCP/IP would never think people would do 2/3 of a three way handshake and refuse to finish it, all for the purpose of tying up a socket.

        --
        Why shouldn't we judge a book by it's cover? It's got the author, title, and a summary of what the book's about.
        • (Score: 3, Interesting) by DannyB on Wednesday January 17 2018, @09:57PM (6 children)

          by DannyB (5839) Subscriber Badge on Wednesday January 17 2018, @09:57PM (#623843) Journal

          In a microprocessor instruction set, not every possible binary pattern is used as a valid instruction. I wonder if or how many undocumented instructions there are? What they might do?

          Imagine trying to explore that.

          Might they all trap as invalid opcode unless some other special condition is met?

          Suppose:
          1. store certain pattern of magic values V1 . . . Vn into registers R1 . . . Rn.
          2. Execute a certain specific invalid opcode

          *poof* [magic black smoke appears and quickly disburses]

          Now several other invalid opcodes are enabled to give you magical powers instead of invalid opcode exceptions. You can now use registers as you see fit once again. The magic values were merely to authenticate your magical status. One of the new invalid opcodes is to return everything back to the non magical state.

          Your mere mortal user space code would walk among the clouds like gods, tiptoeing through kernel space and doing other mischief.

          --
          People today are educated enough to repeat what they are taught but not to question what they are taught.
          • (Score: 3, Interesting) by Azuma Hazuki on Wednesday January 17 2018, @10:40PM (4 children)

            by Azuma Hazuki (5086) on Wednesday January 17 2018, @10:40PM (#623872) Journal

            So, you're thinking of a HCAYD (halt and capture all yer data) opcode then? I wish i were merely joking, but this is precisely the kind of sneaky shit I'd do in this situation. Once I read about undocumented opcodes the first concern was "shit, THIS is where the boys at the puzzle palace have their backdoor, isn't it?"

            --
            I am "that girl" your mother warned you about...
            • (Score: 3, Insightful) by frojack on Thursday January 18 2018, @12:52AM (3 children)

              by frojack (1554) on Thursday January 18 2018, @12:52AM (#623936) Journal

              Well, yes, in a purely evil world.

              But look we are talking about Intel here. Made up of smart people, but not blindingly so. Not god like or devil like. Just ordinary nerds who like beer and football an nice cars, and good looking women. They change jobs, retire, get fired at similar rates to other high functioning nerds.

              Look how many people knew about the Volkswagen pollution defeat. It was whispered about for years, and finally one company figured out how to test for it, notified US Authorities and Game Over. Even with the wagons circled, and protected by their government, the truth is coming out and some high placed German executives dare not step outside their own country.

              Honest Question: How long could this have been kept secret if it were actually planned, and even narrowly known?

              How many programmers seriously consider the possibility that the value the put into a register at line 358 in the code might no longer be the same at line 361 due to a gama ray or something. Who sets and checks parity on every value written and read back?

              So I'm invoking Occam's Razor. I doubt anyone thought any of these shortcuts could be leveraged in the real world. It took 30 years to find the first examples.

              --
              No, you are mistaken. I've always had this sig.
              • (Score: 2) by Azuma Hazuki on Thursday January 18 2018, @05:58AM

                by Azuma Hazuki (5086) on Thursday January 18 2018, @05:58AM (#624037) Journal

                Hanlon's Razor, a different one, has long since lost its edge with these people. We are dealing with a situation where ignorance, at least in terms of its effects, differs little from malice.

                --
                I am "that girl" your mother warned you about...
              • (Score: 2) by DannyB on Thursday January 18 2018, @02:26PM

                by DannyB (5839) Subscriber Badge on Thursday January 18 2018, @02:26PM (#624135) Journal

                I always thought I was a bit paranoid. After Snowden I realized that every paranoid thing I had thought was not only reality but already had been reality for a long time. Now I realize that no matter how paranoid a scenario I may imagine, it is probably not paranoid enough.

                These people can and would implement magical invalid opcodes in microprocessors. After all, they implemented the Management Engine. Who would have even thought of that? There are no limits to how far these people will go to access your pr0n collection.

                Management Engine was kinda sorta publicly known but remained under the radar for years until fairly recently. It's baked into microprocessors that are in everything now.

                The beauty of an invalid opcode implementation like what I described is that you can't detect it even though any reasonable amount of exploration. The "unlock magic mode" opcode traps as an invalid opcode unless an improbable pattern of values are in certain registers.

                I continued thinking about this later after I had posted. Let me continue that thought. One way this type of magic might get discovered is by scanning executable code for invalid opcodes. So let's not use any invalid opcodes. The magic mode opcode would require the improbable pattern of values in all registers, followed by a Jump To Subroutine PC relative addressing into the immediate argument value of some nearby instruction. That other instruction's immediate argument value is the invalid opcode, and it then does a return so that execution continues after the jump to subroutine instruction. All other invalid opcodes are implemented the same way. You must code the invalid opcode as an immediate value argument in some other nearby instruction, then JSR to it, it returns and performs it's magic function. This improved approach to what I described protects against discovery of invalid opcodes by mere scanning of executables for invalid opcodes.

                There could be a whole menu of new invalid opcodes. Instructions to access kernel memory. Change processor privilege level. Communicate with the management engine in devious ways. Dare to imagine the possibilities.

                Don't even think that they might not devise some devilish thing like this. They don't care about you or me. They just want absolute power. And absolute power tweets absolute crazy.

                --
                People today are educated enough to repeat what they are taught but not to question what they are taught.
              • (Score: 2) by schad on Thursday January 18 2018, @04:47PM

                by schad (2398) on Thursday January 18 2018, @04:47PM (#624199)

                I've worked at Intel, and they are staggeringly paranoid about their IP. There are so many levels of classification, including compartmentalized need-to-know, that it may well be possible to slip in a back door that won't be detected. The asinine secrecy probably makes back doors easier to create.

          • (Score: 5, Interesting) by dbe on Thursday January 18 2018, @12:12AM

            by dbe (1422) on Thursday January 18 2018, @12:12AM (#623916)

            Ask and you shall be answered...
            https://www.youtube.com/watch?v=KrksBdWcZgQ [youtube.com]

            Basically this guy did exactly that, looking at holes in the binary instruction code tables and "glitches" in the application notes where the PDF tables cells were left blanks...
            Then using fuzzing to create new undisclosed instructions.
            The interesting part is how he could find the length of each instruction by using a read only page and sticking the instruction close enough from the boundary to not create an exception.

            TLDR, the processors are full of magic unknown/undocumented instructions...

            -dbe

  • (Score: 4, Insightful) by archfeld on Wednesday January 17 2018, @08:10PM (9 children)

    by archfeld (4650) <treboreel@live.com> on Wednesday January 17 2018, @08:10PM (#623765) Journal

    Congress will do ANYTHING but what they are supposed to do. Having resolved the budget, corrected the FCC, solved the immigration issues, and dealt with the tax reform, they then move on to telling a tech business they can't possible understand how to fix its problems. Go Congress Go...

    --
    For the NSA : Explosives, guns, assassination, conspiracy, primers, detonators, initiators, main charge, nuclear charge
    • (Score: 2) by legont on Wednesday January 17 2018, @09:04PM (6 children)

      by legont (4179) on Wednesday January 17 2018, @09:04PM (#623805)

      Who is more dangerous - an engineer who designed a faulty bridge or a computer "architect"? Congress should as a bare minimum require licenses for developing software similar to engineers, doctors, and most importantly dentists. Existing "dentists" with at least 10 years of American experience shall be granted the license. Moreover, the association of such programmers shall decide how much foreign workers certification shall cost. Say 5 years 50K per year for now? That would put a nice floor under our compensation packages.

      --
      "Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
      • (Score: 2) by PartTimeZombie on Wednesday January 17 2018, @09:16PM (3 children)

        by PartTimeZombie (4827) on Wednesday January 17 2018, @09:16PM (#623811)

        Your suggestion sounds a lot like the Medieval Guilds, and they wound up opponents of innovation and often ran cartels. [wikipedia.org]

        • (Score: 2) by legont on Wednesday January 17 2018, @09:37PM (1 child)

          by legont (4179) on Wednesday January 17 2018, @09:37PM (#623825)

          No matter what label is attached to it, but that's how professionals work in this country. Programmers so far are not professionals and that's why we have all this. Yes, I know that every new profession started this unlicensed way but ones it became important it had to be licensed.

          BTW, no, I don't believe they will do it - not until after the blackout. But the blackout could happen anytime and just may be it is in progress and the spectre exploit is in the wild wiping out everything in sight as we speak. Who knows... what I think is that the crash will look exactly like it looks right now. The bugs have all the necessary properties.

          --
          "Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
          • (Score: 0) by Anonymous Coward on Wednesday January 17 2018, @10:40PM

            by Anonymous Coward on Wednesday January 17 2018, @10:40PM (#623873)

            Programmers so far are not professionals and that's why we have all this.

            No, it is electronic engineers who design the chips that are at the centre of this. The programmers are the ones who have spent the past 6 months creating the workarounds (not "fixes", despite what Intel would have you believe) for these insecure chip designs.

        • (Score: 0) by Anonymous Coward on Wednesday January 17 2018, @11:10PM

          by Anonymous Coward on Wednesday January 17 2018, @11:10PM (#623894)

          Screen Actor's Guild
          Writer's Guild
          Maintenance Engineer's Union
          Welder's Union
          Machinist's Union
          etc.

          We have Guilds today, some of them named as such, some of them not. Some actually invest time in innovation, while others spend time in legislation.

          The real problem here has nothing to do with certifying professionals in the field. It has to do with public documentation, review, quality assurage, and then periodic public audits after the fact.

          Without all these steps and probably a few I forgot practiced regularly and frequently, we will never be able to trust hardware, software, or standard engineering or common practices and procedures basically anywhere.

      • (Score: 1) by tftp on Wednesday January 17 2018, @11:07PM (1 child)

        by tftp (806) on Wednesday January 17 2018, @11:07PM (#623893) Homepage

        Congress should as a bare minimum require licenses for developing software similar to engineers, doctors, and most importantly dentists.

        Don't know about licensing of dentists. However licensing of coders will not have any effect simply because they are not the deciding force in any project. If they say "stop, we must rewrite the existing code from PHP to Forth to improve safety" they will be asked to do what they are told or quit.

        Most software is designed for speed, cost and functionality. Optimizations like security are left for later (a.k.a. never.) You cannot do that when you design a bridge. The professional engineer has the law on his side, the management has no power to force the engineer to produce a defective construction. But consequences of a defective, insecure code are next to zero - just issue a patch if you are generous. The typical response is to upgrade to the new version. It might have a different set of bugs.

        • (Score: 2) by legont on Wednesday January 17 2018, @11:37PM

          by legont (4179) on Wednesday January 17 2018, @11:37PM (#623905)

          Yes, current software age is very similar to times when cold was treated by a mixture of cocaine and morphine. It is very effective - costs and otherwise - and enjoyable. Unfortunately, those times are gone. Similarly "free" approach to software development will be gone one day.

          BTW, when Congress says "fix it or we will" I suspect it's what they mean. I also suspect it is the main reason why say Google calls his workers engineers and develops certification programs. When the shit hits the fan Google wants to be prepared.

          --
          "Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
    • (Score: 2) by Dr Spin on Wednesday January 17 2018, @09:10PM (1 child)

      by Dr Spin (5239) on Wednesday January 17 2018, @09:10PM (#623807)

      Congress will do ANYTHING but what they are supposed to do.

      Pass a law requiring Intel to provide FOC all necessary information to anyone interested in _selling_ replacement chips for out-of-warranty Intel chips with the problems.

      For some people (with old CPUs) the value of the system far exceeds the value of the CPU, and they would be happy to buy a reasonably priced plug-in replacement
      at a realistic new CPU price (obviously not Intel's idea of a new CPU price). This is a valuable market for someone. (Cyrix? The Chinese). If Intel wont get their customers
      out of the hole they threw them in to make money, then they deserve all they get.

      There are other things they could do too - but I believe public hangings may not be the American way. YMMV

      --
      Warning: Opening your mouth may invalidate your brain!
      • (Score: 0) by Anonymous Coward on Thursday January 18 2018, @04:52AM

        by Anonymous Coward on Thursday January 18 2018, @04:52AM (#624017)

        offtopic: please stop with your funky CR/LFs, it's UGLEE

  • (Score: 4, Informative) by legont on Wednesday January 17 2018, @08:54PM (4 children)

    by legont (4179) on Wednesday January 17 2018, @08:54PM (#623798)

    significant patching problems, including an AMD patch that briefly prevented Windows computers from booting up

    It was Windows patch for Intel that broke perfectly good - for that particular bug anyway - AMD processors. AMD so far does not even have an exploitable issue - just a pure theoretical one - but it's being put into the same shithole or even implied as worst. Also, released patches slow down AMD without any value. An honest article should advise not to update AMD/Linux systems for now (and short Intel while buying AMD).

    --
    "Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
    • (Score: 0) by Anonymous Coward on Wednesday January 17 2018, @09:12PM (3 children)

      by Anonymous Coward on Wednesday January 17 2018, @09:12PM (#623810)

      It makes one wonder what NSA backdoors Intel chips have that AMD chips don't have. The press obviously does not want the public aware there are still two vendors for x86 chips.

      • (Score: 3, Insightful) by turgid on Wednesday January 17 2018, @09:30PM (2 children)

        by turgid (4318) Subscriber Badge on Wednesday January 17 2018, @09:30PM (#623817) Journal

        You credit the press with too much intelligence. Malice and stupidity and all that.

        • (Score: 0) by Anonymous Coward on Wednesday January 17 2018, @11:05PM (1 child)

          by Anonymous Coward on Wednesday January 17 2018, @11:05PM (#623891)

          Just heard some media dipstick refer to an AT-6 as a jet. Where do they come up with some of these people?

          • (Score: 2) by The Archon V2.0 on Thursday January 18 2018, @04:52PM

            by The Archon V2.0 (3887) on Thursday January 18 2018, @04:52PM (#624201)

            > Where do they come up with some of these people?

            Journalism school, but they only keep the ones who get the most eye-grabbing articles to press the fastest. They get rid of the ones who waste time on pointless tasks like verifying information and seeking the truth.

  • (Score: 2, Informative) by fustakrakich on Wednesday January 17 2018, @09:03PM

    by fustakrakich (6150) on Wednesday January 17 2018, @09:03PM (#623803) Journal

    Ohhh, I think we know the answer to that [businessinsider.com].

    You got to know when to hold 'em, know when to fold 'em
    Know when to walk away and know when to run.

    --
    La politica e i criminali sono la stessa cosa..
  • (Score: 1, Funny) by Anonymous Coward on Wednesday January 17 2018, @09:21PM

    by Anonymous Coward on Wednesday January 17 2018, @09:21PM (#623815)

    T: "Can't you chip people stop making loooser chips? I know chips better than Frito Lay, beliebe me! I put them in my McTaco salad all the time. And they don't have security problems: always come out of the right hole the right way at the right time. Bigly efficient. Enjoy!"

  • (Score: 2, Touché) by Anonymous Coward on Wednesday January 17 2018, @10:19PM

    by Anonymous Coward on Wednesday January 17 2018, @10:19PM (#623857)

    It's fun to watch clueless old guys try to understand technology. More likely they are shaking down companies for bribes/donations.

  • (Score: 3, Insightful) by drussell on Wednesday January 17 2018, @11:36PM (2 children)

    by drussell (2678) on Wednesday January 17 2018, @11:36PM (#623904) Journal

    In the aftermath, there have been significant patching problems, including an AMD patch that briefly prevented Windows computers from booting up.

    Wait a minute... I thought that was Microsoft's fault for screwing up the patch, not AMD!?

    It affected AMD processors but it was MICROSOFT'S fault, wasn't it?!

    Any references would be appreciated....

    • (Score: 0) by Anonymous Coward on Thursday January 18 2018, @12:42AM

      by Anonymous Coward on Thursday January 18 2018, @12:42AM (#623929)

      I think there is enough colossal fuckup to go around there.

      If I were AMD after what happened in linux world I would have flown 10 top engs out to redmond and made sure THEY got it right too...

    • (Score: 2) by terrab0t on Thursday January 18 2018, @03:03PM

      by terrab0t (4674) on Thursday January 18 2018, @03:03PM (#624156)

      If you”re talking about the Windows updates that caused blue screens on boot with some AMD processors, I read that those were because of bad documentation on AMD’s part [arstechnica.com].

  • (Score: 0, Disagree) by Anonymous Coward on Wednesday January 17 2018, @11:57PM (2 children)

    by Anonymous Coward on Wednesday January 17 2018, @11:57PM (#623915)

    Its not congress's job to be involved.

    If there is criminal behavior, then get DOJ involved, if not, its commerce and they can mind their own business, and get back to work.

    • (Score: 0) by Anonymous Coward on Thursday January 18 2018, @12:42AM (1 child)

      by Anonymous Coward on Thursday January 18 2018, @12:42AM (#623930)

      It's just a big head line, so the politicians are grabbing onto it.

      • (Score: 0) by Anonymous Coward on Thursday January 18 2018, @04:57AM

        by Anonymous Coward on Thursday January 18 2018, @04:57AM (#624018)

        motherfucker

  • (Score: 1) by ElizabethGreene on Thursday January 18 2018, @03:26PM

    by ElizabethGreene (6748) Subscriber Badge on Thursday January 18 2018, @03:26PM (#624164) Journal

    I don't think this is the important computer security issue Congress should be examining. There are thousands of insecure-by-default IoT devices manufactured every day that are abandonware by the time the products hits store shelves. That is a much greater structural risk than Intel and AMD's response to this vulnerability.

  • (Score: 0) by Anonymous Coward on Thursday January 18 2018, @04:11PM

    by Anonymous Coward on Thursday January 18 2018, @04:11PM (#624182)

    Well Congressman, I first learned about it when the NSA ordered me not to fix it and not to talk about it.

  • (Score: 1) by metarox on Thursday January 18 2018, @05:52PM

    by metarox (788) on Thursday January 18 2018, @05:52PM (#624249) Homepage

    June 2016 -> June 2017

(1)