New side-channel vulnerability codenamed "PortSmash" impacts all CPUs with SMT
OpenBSD is not vulnerable, time to install OpenBSD
Theo tried to warn us.
We didn't listen.
OpenBSD is also not usable
you can disable SMT in the kernel
Intel is now a random vulnerability generator.
I listened though. I bought a non-x86 hardware that's not vulnerable to any of these bugs.
That stmnt proofs that you haven't even tried it. OpenBSD is usable as a desktop OS. It has world-class documentation (on par with GNU Emacs) and it does most things out-of-box but it isn't bloated. OpenBSD takes security very seriously, the OpenBSD team even cuts out crappy stuff, like Bluetooth support and the Linux compatibility layer (I am not saying Linux sucks).
I don't know if the AMD version will be as egregious. You have to remember that Intel's HT is a hacky version that was designed to get around IBM's patents.
BSD was vulnerable and still can be if users reactivate it, if gnu/linux users don't want to be vulnerable they just have to do the same by deactivating it.
most exploits don't work on openbsd because almost nothing runs on openbsd period
Fuck it. I'm going to build a ZX Spectrum clone and be done with all this shit. Fuck you for ruining computing, Intel. By implimenting all these lazy hacks to give poo-in-loos more wiggle room in their shitty software you've managed to shit up both the hardware and software worlds at the same fucking time. Now everything is so bloated that any given task takes 500 times the system resources it took back in the 90s. Now your shiny new shit-chips have gotten their proformance nearly halved, and now they will need to be be halved yet again. At this rate we will be reduced to the performance of single core Pentium 4s and all the software will still be shit. Fuck you.
what can it run?
OpenBSD 6.4 was released not long ago, and by default it's not vulnerable because they disabled the SMT when that version was still in development. Most OpenBSD users run either the latest stable release (in this case 6.4) or the development snapshots. So what he said is correct, and OpenBSD is not vulnerable unless you're running an old version or have re-enabled the vulnerability yourself. In some very rare cases, you might be stuck on an old release because of hardware issues, but otherwise there's no excuse to not run at least the most up-to-date stable release. If you choose not to, that's basically the equivalent of ignoring security patches that were offered to you.
>The PoC steals an OpenSSL (
Haven't been able to try much yet, as I only installed an OS (NetBSD) two days ago, and finally got U-boot to work 100% unattended (without me typing shit over the serial port). Right now I'm struggling to get the framebuffer into a mode < 1280x1024, so I can run the wsvt X server in a mode that doesn't overwhelm the CPU. Because yeah, this being NetBSD there's no Mali driver (or Lima, the open-source replacement, which so far is only for Linux). But my board comes with Android pre-installed on the eMMC, and I could play youtube videos in full screen (1024x768 was what Android used) without any noticeable glitches. And of course, browsing the web with Chrome just worked. But that was only for testing the board. So in theory it can do a whole lot, but since I'm running non-accelerated X server it won't do so great. No problem for me, since I don't need much, else I'd have installed Linux instead (to get the GPU benefits). I only need to be able to run Firefox on occasions. I tried it in 1280x1024 and it lags badly. Want to try 800x600 and see (that would be sufficient for my purposes).
Just wait for the Raptor Blackbird.
800x600 is still quite nice for a strict 90s workflow but rather lousy for all this modern web 2.0 shit
Core 2 Duo don't have Hyper-Threading.
...
g-great OS there, bro!
keep your hipster toys
If your standards for "usable" are still in the last century, sure.
And you call that usable?
Great security model right here
Taking out bad code is better than having it remain in the codebase. Besides, Bluetooth is worse than using USB cable.
Niggaz, arent we living in some cool ass time?
Like, few years ago buffer/stack/heap overflows were all the rage, now it is hardware exploits that are getting abused.
Rowhammer, Spectre, meltdown, now this?
Shiiiieeetttt
Just lemme check what JS libraries allow for accurate timing attacks and whatnot lmao
enjoy dimished responsiveness
Where's the proof?
Windows scheduling
Pick one.
Didn't Microshit fix their retarded scheduler that got slower with the more resources you gave it?
I do love it how you can actually get schematics for Olimex hardware.
Speak for yourself. I had already disabled hyper threading on my openbsd machines because it was noticeably slower. After Theo's warning I disabled it everywhere.
I don't know because I am running Windows 7 without updates. But I doubt there will ever be a scheduler that can use SMT without having performance drawbacks. SMT is only useful if programs actually take advantage of it, otherwise it's actually worse.
Another misleading thread title, so far it’s only confirmed on Intel.
INTEL IS THE ONLY COMPANY WHICH APPEARS TO BE VULNERABLE TO THE VAST GRAND MAJORITY OF THESE ISSUES.
...
They might have only proven it on Intel so far, but they plan to do so with AMD next.
By the time this shit is all said and done my Core i7 workstation is gonna have the performance of a 500MHz Pentium 3 with one core. What the fuck
I'm so glad i never spent money on intel shit.
Don't worry fam, that's still enuf to play Super Intel Smash Bros.