'Kernel memory leaking' Intel processor -- a serious cpu bug!?!

Configure and optimize you computer for Audio.
Post Reply New Topic
RELATED
PRODUCTS

Post

Burillo wrote:
aciddose wrote:"Web assembly" and the like are the stupidest idea ever. They're just inventing new attack vectors for everyone to turn the web into a massive botnet.
actually, of the whole "new Browser API allows access to USB dildos and buttfuck you" variety, WebAssembly is the one good idea. it will basically allow to ditch that JavaScript abomination and write safer and more performant web code (i.e. write it in Rust, for example). anything that relegates JavaScript to being a relic of the past is a good thing. the problem isn't WebAssembly - it's the new API's that attempt to replace the OS.
:tu:
I also would be more worried about requestDevice() than WebAsm.. If they must spend 4 chapters on the RFC to write about Security and Privacy Considerations and it sends with "we recommend device manufacturers to practice defense in depth by designing their devices" ... idk .. doesn't really help to build trust on it. :clown:

Post

EvilDragon wrote:So after some encouraging results from people at VI-C and GS, I pulled the patch. I did a DAWbench VI in Reaper before the patch and after, and I'm getting much the same numbers: 820 voices at 128 samples buffer with my RME UFX+, and with the factory library on Samsung 850 EVO. i7-6700K at 4.5 GHz here.

So, it seems that ASIO performance wasn't affected one bit (at least as far as Reaper is concerned). Looks like DAW users fall into "average workload" crowd. :)
:party: :party: :party:

Post

Ok, I correct what I wrote before in the thread: Sierra and El Capitan are already patched since december for Meltdown only (search for CVE-2017-5754 in the Apple doc, they edited the page yesterday):

https://support.apple.com/en-ca/HT208331

Mitigations will come as updates on browsers mainly if I understand correctly. Firefox and Chrome are already patched in OSX since yesterday...
Last edited by Patrice Brousseau on Fri Jan 05, 2018 4:01 pm, edited 1 time in total.
Patrice Brousseau

Post

aciddose wrote:They're a horrible idea for the same reason everyone using Chome is a horrible idea: it means in order to access a page you'll be required to give permission to run arbitrary code on your machine.
You do it now already....
I remeber a bug on IE where a manipluated PNG file cause a buffer overflow on the image decoder, that lead to execution of PNG file data instead of programm code.
So I can run arbitrary code on your machine by sending you PNG and you open it on that broken IE version. No JScript or WebASM.. not even <html> is needed.

Post

aciddose wrote:There is no way to be 100% certain of the security of the system without replacing the CPU.
Or pull your DAW off the net and not do any more OS updates. I would take that over a possible 30% reduction in performance ( although it looks like that hit may not be an issue for DAWs). I'd lose several plugins whose Copy Protection does require a constant connection but again I'd rather lose them than take a substantial performance hit.

The whole thing reeks of douche baggery. This flaw has existed for 10 years and now it's a concern ? Anybody been hurt by this over the years ? Black Hats haven't discovered the flaw after all these years?

I might buy something like this for banking only:

https://lasvegas.craigslist.org/sys/d/c ... 00100.html

I'll continue using this computer for net / email and if it takes the performance hit it won't be a big deal. If nothing else I've got an old Pentium 4 system laying around. I could slap Linux on it and use if for banking only. I've been spending more and more time on Linux lately anyway. :shrug:
None are so hopelessly enslaved as those who falsely believe they are free. Johann Wolfgang von Goethe

Post

Frankly, the Internet is messed up, anyway. Too many governments, criminals, hackers etc. trying to get access and do bad things. I doubt it will ever be safe again, if it ever was to begin with...

Post

fluffy_little_something wrote:Frankly, the Internet world is messed up, anyway. Too many governments, criminals, hackers etc. trying to get access and do bad things. I doubt it will ever be safe again, if it ever was to begin with...
Fixed that for you. :hihi:

Post

EvilDragon wrote:So after some encouraging results from people at VI-C and GS, I pulled the patch. I did a DAWbench VI in Reaper before the patch and after, and I'm getting much the same numbers: 820 voices at 128 samples buffer with my RME UFX+, and with the factory library on Samsung 850 EVO. i7-6700K at 4.5 GHz here.

So, it seems that ASIO performance wasn't affected one bit (at least as far as Reaper is concerned). Looks like DAW users fall into "average workload" crowd. :)
Whoa there, this thread is for wild speculation and arguing. Take your hard data somewhere else.

Post

Apple says no performance issues....what else.
But Geekbench 4 is not what i would call a decent test for that.
https://support.apple.com/en-us/HT208394

Post

Apple says no performance issues....what else.
Rumours say that BSD kernel (where OSX is based on) does page table isolation since a long time already.
It was the reason why kernel calls on OSX where generally slower than on Linux up to now. Now linux is also slow (on Intel) and for BSD / OSX there is no change.
But no clue about the BSD kernel and if it is true or just one more speculation :lol:

Post

https://newsroom.intel.com/news-release ... -exploits/

Seems like Intel is pushing firmware patches for CPUs from last 5 years to manufacturers as of now (> Haswell / 4xxx ? ).

So check your Asus/MSI/whatever page next week or so and pull the update to get tight sleep again... unless you'r on an old intel, than you must slow your Win or Linux kernel instead, or use OSX, which is slow already :clown:

Post

Patrice Brousseau wrote:Ok, I correct what I wrote before in the thread: Sierra and El Capitan are already patched since december for Meltdown only (search for CVE-2017-5754 in the Apple doc, they edited the page yesterday):

https://support.apple.com/en-ca/HT208331

Mitigations will come as updates on browsers mainly if I understand correctly. Firefox and Chrome are already patched in OSX since yesterday...
They removed the reference for El Cap and Sierra, so not safe. Will they stop to change their idea?
Patrice Brousseau

Post

This article gives the jist of the problem with Specter: https://www.raspberrypi.org/blog/why-ra ... -meltdown/

Post


Post

camsr wrote:This article gives the jist of the problem with Specter: https://www.raspberrypi.org/blog/why-ra ... -meltdown/
Great explanation. Thanks.

Post Reply

Return to “Computer Setup and System Configuration”