hate these ads?, log in or register to hide them
Page 15 of 27 FirstFirst ... 51213141516171825 ... LastLast
Results 281 to 300 of 537

Thread: Antivirus is shit, everything is compromised, etc etc (Cybersecurity thread)

  1. #281
    XenosisMk4's Avatar
    Join Date
    July 13, 2017
    Location
    More turbo-lightspeed neoliberal platitudes/virtue signaling/misplaced priorities on full display.
    Posts
    2,821
    Linux xenosis 4.14.11-xxxx-std-ipv6-64 #1 SMP Thu Jan 4 14:46:47 UTC 2018 x86_64 GNU/Linux
    Didn't even manage to brick whatever OVH had setup, good work me

  2. #282

    Join Date
    April 13, 2011
    Posts
    5,987
    Quote Originally Posted by Hel OWeen View Post
    Quote Originally Posted by elmicker View Post
    Quote Originally Posted by Daneel Trevize View Post
    reject tautology.
    With desktop stats? No ta - they don't even really matter in this context and they're basically a rounding error on the market as a whole anyway.

    The numbers I've got access to tell me our customer base are 98.1% Intel (based on c. 3M CPUs that I can see) [...]
    Honest question, because I'm curious, but I don't have a clue how that works: Are those actual iron, or does that include virtual machines, where the emulated/reported processor of the VM might or might not be the real one. Not sure if the later is even possible (=emulating a CPU that's different from the host's one).
    That's as reported by cpuinfo on physical machines only. There's about half as many cloud "CPUs" in play and they're all intel.

  3. #283
    Donor Rami's Avatar
    Join Date
    April 10, 2011
    Location
    London/Snuffbox
    Posts
    1,346
    So much hype, so much terrible fanboi trolling. It affects all CPUs but Meltdown was uniquely made easier on Intel thanks to transactional memory ops. ARM/AMD are exploitable too, it's just harder in practise.

    Good low-down is https://www.renditioninfosec.com/fil...nd_Spectre.pdf

  4. #284
    Movember 2012 Stoffl's Avatar
    Join Date
    April 10, 2011
    Location
    The original viennese waffle
    Posts
    21,354
    Noone managed to use the meltdown exploit on arm/AMD CPUs


    Performance hit on (database) servers seems to be around 10% so yeah not as bad as initially assumed in the postgresql Benchmarks

    Derpin from Chinaphone
    Last edited by Stoffl; January 5 2018 at 02:54:04 PM.
    2/10/17 Greatposthellpurge never forget
    23/10/17 The Greatreposteninging ?

  5. #285

    Join Date
    April 13, 2011
    Posts
    5,987
    10% is exactly what the postgres benchmark showed. Unfortunately The Register, being the shit-tier rag that it is, chose to report the synthetic (i.e. with all performance enhancements disabled) worst case 'SELECT 1' benchmark, which showed a 23% slowdown, rather than the TCP-H(ish) benchmark in the very same post which showed something like a 7% dropoff.

    Most of our workloads (heavy sequential IO) are showing no detectable slowdown. It's only the very unusually CPU-heavy ones that are taking a beating, and they're 10% slower at worst. Bigger concern for us is we've now got literally every customer applying kernel patches without taking any fucking time to test them. Support cases ahoy.

    Big ol' meh. Should've bought Intel at the bottom of yesterday...
    Last edited by elmicker; January 5 2018 at 03:32:11 PM.

  6. #286
    root's Avatar
    Join Date
    April 26, 2011
    Location
    The Camel Empire
    Posts
    3,050
    https://twitter.com/CCP_SnowedIn/sta...80181577875456

    Last edited by root; January 6 2018 at 12:53:27 PM.
    The Rapier is my love boat
    ~lowsec smallscale pvp 'n stuff~

  7. #287
    Movember 2011Movember 2012 Nordstern's Avatar
    Join Date
    April 10, 2011
    Posts
    8,831
    Quote Originally Posted by root View Post
    https://twitter.com/CCP_SnowedIn/sta...80181577875456

    Because you're a bad.

    "Holy shit, I ask you to stop being autistic and you debate what autistic is." - spasm
    Quote Originally Posted by Larkonis Trassler View Post
    WTF I hate white people now...

  8. #288
    Donor Sparq's Avatar
    Join Date
    April 11, 2011
    Location
    Strayastan
    Posts
    9,355
    Quote Originally Posted by elmicker View Post
    Unfortunately The Register, being the shit-tier rag that it is, chose to report the synthetic (i.e. with all performance enhancements disabled) worst case 'SELECT 1' benchmark, which showed a 23% slowdown, rather than the TCP-H(ish) benchmark in the very same post which showed something like a 7% dropoff.
    Meanwhile,


  9. #289
    Daneel Trevize's Avatar
    Join Date
    April 10, 2011
    Location
    T L A
    Posts
    12,279
    ...AMD gets lucky that a buffer overflow in PSP is leaked this week, but patches are ready and it required physical access anyway.

    And re: CCP, Marco makes a good point that "do ESI's servers even need patching for Meltdown & Spectre if they're totally in-house and not running untrusted code, and the impact's so huge?"
    Quote Originally Posted by QuackBot View Post
    Idk about that, and i'm fucking stupid.

  10. #290

    Join Date
    April 13, 2011
    Posts
    5,987
    Where's the x axis labels?

    Quote Originally Posted by Daneel Trevize View Post
    "do ESI's servers even need patching for Meltdown & Spectre if they're totally in-house and not running untrusted code, and the impact's so huge?"
    Yes.

  11. #291
    Straight Hustlin's Avatar
    Join Date
    April 14, 2011
    Posts
    10,188
    ? X axis label is obvious given the graph title, it's a 1 minutes average, the bottom shows the time

    Sent from my XT1565 using Tapatalk

  12. #292
    Daneel Trevize's Avatar
    Join Date
    April 10, 2011
    Location
    T L A
    Posts
    12,279
    Quote Originally Posted by elmicker View Post
    Quote Originally Posted by Daneel Trevize View Post
    "do ESI's servers even need patching for Meltdown & Spectre if they're totally in-house and not running untrusted code, and the impact's so huge?"
    Yes.
    Y tho
    Quote Originally Posted by QuackBot View Post
    Idk about that, and i'm fucking stupid.

  13. #293

    Join Date
    April 13, 2011
    Posts
    5,987
    Quote Originally Posted by Straight Hustlin View Post
    ? X axis label is obvious given the graph title, it's a 1 minutes average, the bottom shows the time

    Sent from my XT1565 using Tapatalk
    Herp. Meant Y. I.e. is that graph autoscaled or are there suddenly servers hitting 100%*

    *In which case what on earth are they doing where processing an API request is CPU bound...

    Quote Originally Posted by Daneel Trevize View Post
    Quote Originally Posted by elmicker View Post
    Quote Originally Posted by Daneel Trevize View Post
    "do ESI's servers even need patching for Meltdown & Spectre if they're totally in-house and not running untrusted code, and the impact's so huge?"
    Yes.
    Y tho
    Because there is no such thing as a "totally in house" server and there is no such thing as "trusted code". (With very, very few exceptions.)

  14. #294
    SAI Peregrinus's Avatar
    Join Date
    December 13, 2011
    Posts
    1,690
    Quote Originally Posted by elmicker View Post
    Quote Originally Posted by Straight Hustlin View Post
    ? X axis label is obvious given the graph title, it's a 1 minutes average, the bottom shows the time

    Sent from my XT1565 using Tapatalk
    Herp. Meant Y. I.e. is that graph autoscaled or are there suddenly servers hitting 100%*

    *In which case what on earth are they doing where processing an API request is CPU bound...

    Quote Originally Posted by Daneel Trevize View Post
    Quote Originally Posted by elmicker View Post
    Quote Originally Posted by Daneel Trevize View Post
    "do ESI's servers even need patching for Meltdown & Spectre if they're totally in-house and not running untrusted code, and the impact's so huge?"
    Yes.
    Y tho
    Because there is no such thing as a "totally in house" server and there is no such thing as "trusted code". (With very, very few exceptions.)
    EG today's NPM outage, wherein at least one major package got taken over by an attacker. Have you audited your dependencies lately?

  15. #295
    Donor Aea's Avatar
    Join Date
    April 13, 2011
    Location
    Colorado
    Posts
    14,392
    Audit my dependencies? Ainít nobody got time for that.


    Sent from my iPhone using Tapatalk

  16. #296
    Movember 2012 Stoffl's Avatar
    Join Date
    April 10, 2011
    Location
    The original viennese waffle
    Posts
    21,354
    https://www.theverge.com/2018/1/6/16...games-fortnite

    ~20% performance degradation for Fortnite login servers

    2/10/17 Greatposthellpurge never forget
    23/10/17 The Greatreposteninging ?

  17. #297
    Daneel Trevize's Avatar
    Join Date
    April 10, 2011
    Location
    T L A
    Posts
    12,279
    Looks like easily more than 100% increase to me... You could just about run 4 instances with that 16:00 peak, but only 1 with the 12:00 one.
    Quote Originally Posted by QuackBot View Post
    Idk about that, and i'm fucking stupid.

  18. #298
    Lana Torrin's Avatar
    Join Date
    April 13, 2011
    Location
    Bonding around
    Posts
    18,295
    So if I'm getting this right.. With meltdown if you run a vm in a cloud provider that is running Intel cpus (all of them) then there is a chance your secure vm is running on the same host as some who is running this exploit and they can basically take all of your stuff..

    It's the massive vulnerability everyone has warned about with public cloud.. Vendor that you have no control over gets compromised and so do you with no way of knowing or being able to do anything about it.
    Quote Originally Posted by lubica
    And her name was Limul Azgoden, a lowly peasant girl.

  19. #299
    SteeleResolve's Avatar
    Join Date
    April 13, 2011
    Location
    AKA Pubbie McLemming
    Posts
    3,140
    Quote Originally Posted by Lana Torrin View Post
    So if I'm getting this right.. With meltdown if you run a vm in a cloud provider that is running Intel cpus (all of them) then there is a chance your secure vm is running on the same host as some who is running this exploit and they can basically take all of your stuff..

    It's the massive vulnerability everyone has warned about with public cloud.. Vendor that you have no control over gets compromised and so do you with no way of knowing or being able to do anything about it.
    Yes

  20. #300
    Donor Aea's Avatar
    Join Date
    April 13, 2011
    Location
    Colorado
    Posts
    14,392
    Quote Originally Posted by SteeleResolve View Post
    Quote Originally Posted by Lana Torrin View Post
    So if I'm getting this right.. With meltdown if you run a vm in a cloud provider that is running Intel cpus (all of them) then there is a chance your secure vm is running on the same host as some who is running this exploit and they can basically take all of your stuff..

    It's the massive vulnerability everyone has warned about with public cloud.. Vendor that you have no control over gets compromised and so do you with no way of knowing or being able to do anything about it.
    Yes
    But wait thereís much more...


    Sent from my iPhone using Tapatalk

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •