Major Intel CPU vulnerability

momurda

@dashrender They already made money. More than 2 trillion dollars. Even a 20B fix is less than 1% of the money they made selling these cpus

Dashrender

@momurda said in Major Intel CPU vulnerability:

@dashrender They already made money. More than 2 trillion dollars. Even a 20B fix is less than 1% of the money they made selling these cpus

You're point? They aren't a charity. It wouldn't matter if it was 0.00001% if it doesn't make financial sense, you don't do it.

scottalanmiller

@momurda said in Major Intel CPU vulnerability:

@dashrender They already made money. More than 2 trillion dollars. Even a 20B fix is less than 1% of the money they made selling these cpus

Not of the profits, though, that's just the money passing through them.

momurda

Who cares if their margins get affected for a year?
The company i work for designs and makes electronics. Our revenues are less than 20million/year. Intel makes more than 3000 dollars for every dollar we make. Yet we still have devices over 10 years old in the field that we still provide hardware support and software updates for. No excuse for this.

scottalanmiller

@momurda said in Major Intel CPU vulnerability:

Who cares if their margins get affected for a year?
The company i work for designs and makes electronics. Our revenues are less than 20million/year. Intel makes more than 3000 dollars for every dollar we make. Yet we still have devices over 10 years old in the field that we still provide hardware support and software updates for. No excuse for this.

Also no reason to expect it. Sure, they COULD fix these old things. But just because they can, doesn't mean anything. Profits, size of the field, what other people do... none of these things are factors. All you are doing is showing that Intel could do something, but that's not relevant to if they should or need to or whatever. Sure we need to know that it is possible before knowing if they should, but that's not enough alone to even suggest that that is the case.

momurda

@scottalanmiller I wasnt trying to compare what intel could do to what the company i work for does. It is just an example of another electronics manufacturer. One with far less resources.
One that knows its customers are the only reason it exists. A rather basic economic concept Intel doesnt seem to grasp.
Intel have issued patches for the cpus theyre going to patch within 10 days of this knowledge being released. Are you suggesting that another couple weeks of R&D and a patch for cpus going back to Westmere would be too much of a burden for Intel? That is a ludicrous idea.

scottalanmiller

@momurda said in Major Intel CPU vulnerability:

@scottalanmiller I wasnt trying to compare what intel could do to what the company i work for does. It is just an example of another electronics manufacturer. One with far less resources.
One that knows its customers are the only reason it exists. A rather basic economic concept Intel doesnt seem to grasp.
Intel have issued patches for the cpus theyre going to patch within 10 days of this knowledge being released. Are you suggesting that another couple weeks of R&D and a patch for cpus going back to Westmere would be too much of a burden for Intel? That is a ludicrous idea.

Intel is primarily a consumer products company, though. And that makes things very, very different. Intel also has a strong incentive not to patch old procs - because it is confident that by not doing so they will sell more new ones. And if that happens, which I assure you it will, then their customers have spoken and not only do they not care that their old procs are not patched, they are willing to pay to make sure that they aren't.

Intel has a fiduciary responsibility by law, and if not patching makes them money, they are required to do it. Now they have to truly believe that they will make more money that way, but that's how the system works with public companies in the US.

mlnews

https://arstechnica.com/gadgets/2018/01/good-newsbad-news-in-quest-to-get-meltdown-and-spectre-patched/

momurda

Anybody know Supermicro's update stance with this? Have they posted anything?

dbeato

@momurda said in Major Intel CPU vulnerability:

Anybody know Supermicro's update stance with this? Have they posted anything?

https://www.supermicro.com/support/security_Intel-SA-00088.cfm

https://www.supermicro.com/support/faqs/faq.cfm?faq=27105

https://tinkertry.com/meltdown-and-spectre-info#supermicro

EddieJennings

@dbeato said in Major Intel CPU vulnerability:

@momurda said in Major Intel CPU vulnerability:

Anybody know Supermicro's update stance with this? Have they posted anything?

https://www.supermicro.com/support/security_Intel-SA-00088.cfm

https://www.supermicro.com/support/faqs/faq.cfm?faq=27105

https://tinkertry.com/meltdown-and-spectre-info#supermicro

You beat me to it! I just found the Supermicro links and was about to post them here :D.

Obsolesce

Dell Advising All Customers To Not Install Spectre BIOS Updates

Revert back to pre-meltdown/spectre BIOSs, or wait it out if you aren't effected.

https://www.bleepingcomputer.com/news/security/dell-advising-all-customers-to-not-install-spectre-bios-updates/

Linux Torvalds is pissed:
https://www.bleepingcomputer.com/news/linux/linus-torvalds-thinks-the-linux-spectre-patches-are-utter-garbage/

dafyre

I'm researching our environment and right now, it looks like the beginning of armageddon here, lol... But I'm not worried about it too much.

Yes, it can be bad, but I haven't seen enough to actually totally terrify me.

Obsolesce

Ours seem fine, so I'm leaving the Dell BIOS 2.7.0 on for now. I'll revert back only if we experience issues, but so far it's been just dandy.

DustinB3403

@tim_g said in Major Intel CPU vulnerability:

Dell Advising All Customers To Not Install Spectre BIOS Updates

Revert back to pre-meltdown/spectre BIOSs, or wait it out if you aren't effected.

https://www.bleepingcomputer.com/news/security/dell-advising-all-customers-to-not-install-spectre-bios-updates/

Linux Torvalds is pissed:
https://www.bleepingcomputer.com/news/linux/linus-torvalds-thinks-the-linux-spectre-patches-are-utter-garbage/

I'm not sure why he is bitching about it. If he has a better idea, put it down on paper and tell people to test it.

Sometimes things are just messy. Blame Intel for creating crap to start with, not your fellow devs who are simply attempting to resolve a crap situation.

momurda

@dustinb3403 said in Major Intel CPU vulnerability:

@tim_g said in Major Intel CPU vulnerability:

Dell Advising All Customers To Not Install Spectre BIOS Updates

Revert back to pre-meltdown/spectre BIOSs, or wait it out if you aren't effected.

https://www.bleepingcomputer.com/news/security/dell-advising-all-customers-to-not-install-spectre-bios-updates/

Linux Torvalds is pissed:
https://www.bleepingcomputer.com/news/linux/linus-torvalds-thinks-the-linux-spectre-patches-are-utter-garbage/

I'm not sure why he is bitching about it. If he has a better idea, put it down on paper and tell people to test it.

Sometimes things are just messy. Blame Intel for creating crap to start with, not your fellow devs who are simply attempting to resolve a crap situation.

He is blaming Intel. For giving guidance to the Linux kernel devs to write garbage hotfixes. That is the point of his rant.

DustinB3403

@momurda said in Major Intel CPU vulnerability:

@dustinb3403 said in Major Intel CPU vulnerability:

@tim_g said in Major Intel CPU vulnerability:

Dell Advising All Customers To Not Install Spectre BIOS Updates

Revert back to pre-meltdown/spectre BIOSs, or wait it out if you aren't effected.

https://www.bleepingcomputer.com/news/security/dell-advising-all-customers-to-not-install-spectre-bios-updates/

Linux Torvalds is pissed:
https://www.bleepingcomputer.com/news/linux/linus-torvalds-thinks-the-linux-spectre-patches-are-utter-garbage/

I'm not sure why he is bitching about it. If he has a better idea, put it down on paper and tell people to test it.

Sometimes things are just messy. Blame Intel for creating crap to start with, not your fellow devs who are simply attempting to resolve a crap situation.

He is blaming Intel. For giving guidance to the Linux kernel devs to write garbage hotfixes. That is the point of his rant.

I took it has he is screaming at the Linux kernel devs for writing crap hotfixes, regardless of what intel proposed.

Essentially "a toddler could code better than this!"

momurda

@dustinb3403 said in Major Intel CPU vulnerability:

@momurda said in Major Intel CPU vulnerability:

@dustinb3403 said in Major Intel CPU vulnerability:

@tim_g said in Major Intel CPU vulnerability:

Dell Advising All Customers To Not Install Spectre BIOS Updates

Revert back to pre-meltdown/spectre BIOSs, or wait it out if you aren't effected.

https://www.bleepingcomputer.com/news/security/dell-advising-all-customers-to-not-install-spectre-bios-updates/

Linux Torvalds is pissed:
https://www.bleepingcomputer.com/news/linux/linus-torvalds-thinks-the-linux-spectre-patches-are-utter-garbage/

I'm not sure why he is bitching about it. If he has a better idea, put it down on paper and tell people to test it.

Sometimes things are just messy. Blame Intel for creating crap to start with, not your fellow devs who are simply attempting to resolve a crap situation.

He is blaming Intel. For giving guidance to the Linux kernel devs to write garbage hotfixes. That is the point of his rant.

I took it has he is screaming at the Linux kernel devs for writing crap hotfixes, regardless of what intel proposed.

Essentially "a toddler could code better than this!"

He is saying that, but about Intel not the kernel developers. The hotfixes are crap because Intel is telling the kernel devs that the only fix is to turn things off, at a high cost(performance) and nobody will want to enable the fixes because of the cost.

dbeato

@tim_g said in Major Intel CPU vulnerability:

Ours seem fine, so I'm leaving the Dell BIOS 2.7.0 on for now. I'll revert back only if we experience issues, but so far it's been just dandy.

Mine are also working well.

DustinB3403

@momurda said in Major Intel CPU vulnerability:

@dustinb3403 said in Major Intel CPU vulnerability:

@momurda said in Major Intel CPU vulnerability:

@dustinb3403 said in Major Intel CPU vulnerability:

@tim_g said in Major Intel CPU vulnerability:

Dell Advising All Customers To Not Install Spectre BIOS Updates

Revert back to pre-meltdown/spectre BIOSs, or wait it out if you aren't effected.

https://www.bleepingcomputer.com/news/security/dell-advising-all-customers-to-not-install-spectre-bios-updates/

Linux Torvalds is pissed:
https://www.bleepingcomputer.com/news/linux/linus-torvalds-thinks-the-linux-spectre-patches-are-utter-garbage/

I'm not sure why he is bitching about it. If he has a better idea, put it down on paper and tell people to test it.

Sometimes things are just messy. Blame Intel for creating crap to start with, not your fellow devs who are simply attempting to resolve a crap situation.

He is blaming Intel. For giving guidance to the Linux kernel devs to write garbage hotfixes. That is the point of his rant.

I took it has he is screaming at the Linux kernel devs for writing crap hotfixes, regardless of what intel proposed.

Essentially "a toddler could code better than this!"

He is saying that, but about Intel not the kernel developers. The hotfixes are crap because Intel is telling the kernel devs that the only fix is to turn things off, at a high cost(performance) and nobody will want to enable the fixes because of the cost.

The performance hit are affecting every system though, not just linux. So where is Linus getting this idea that the performance hit can be avoided?