hate these ads?, log in or register to hide them
Page 16 of 34 FirstFirst ... 61314151617181926 ... LastLast
Results 301 to 320 of 674

Thread: Antivirus is shit, everything is compromised, etc etc (Cybersecurity thread)

  1. #301
    root's Avatar
    Join Date
    April 26, 2011
    Location
    The Camel Empire
    Posts
    3,100
    The Rapier is my love boat
    ~lowsec smallscale pvp 'n stuff~

  2. #302
    Daneel Trevize's Avatar
    Join Date
    April 10, 2011
    Location
    T L A
    Posts
    12,378
    And this is also why you run a FOSS OS, so you aren't worrying whether MS will force everyone to take this hit, or just Intel CPUs. Because I don't think they've clarified that yet.

    And later, Intel will need to coordinate with all OSs to ensure a future fixed CPU has the new features used to avoid this vuln and be excluded from the slow workaround too.

    All the while everyone sane's buying Ryzen+ instead.
    Quote Originally Posted by QuackBot View Post
    Idk about that, and i'm fucking stupid.

  3. #303

    Join Date
    April 13, 2011
    Posts
    6,553
    holy fuck what are these people doing running servers at 10-20% cpu utilisation and what the fuck is that guy doing to his poor kafka brokers to push them out to 80%

    Quote Originally Posted by Daneel Trevize View Post
    Looks like easily more than 100% increase to me... You could just about run 4 instances with that 16:00 peak, but only 1 with the 12:00 one.
    If you live in a magical world where CPU is the only resource or where a resource at 10% utilisation is the bottleneck

    And this is also why you run a FOSS OS, so you aren't worrying whether MS will force everyone to take this hit, or just Intel CPUs. Because I don't think they've clarified that yet.
    No, you just haven't read it yet. MS had the details of their mitigation out at the same time as everyone else. Terrifyingly it'll be off by default.

    And again, there is no reason to not turn on the whole suite of fixes. This is a class of bugs, no one is immune.

    All the while everyone sane's buying Ryzen+ instead.
    Meanwhile back in the real world, no they're not.

  4. #304
    Daneel Trevize's Avatar
    Join Date
    April 10, 2011
    Location
    T L A
    Posts
    12,378
    Quote Originally Posted by elmicker View Post
    And again, there is no reason to not turn on the whole suite of fixes. This is a class of bugs, no one is immune.
    Are you mixing up Meltdown and Spectre again?
    Quote Originally Posted by QuackBot View Post
    Idk about that, and i'm fucking stupid.

  5. #305

    Join Date
    April 13, 2011
    Posts
    6,553
    No.

  6. #306
    Daneel Trevize's Avatar
    Join Date
    April 10, 2011
    Location
    T L A
    Posts
    12,378
    AMD is immune to Meltdown.
    Quote Originally Posted by QuackBot View Post
    Idk about that, and i'm fucking stupid.

  7. #307

    Join Date
    April 13, 2011
    Posts
    6,553
    Wonderful, now read what I actually said. Meltdown and Spectre are two (well, three) forms of the same class of attack, a class of attack we can entirely mitigate with software changes. AMD's CPU's, like every other CPU on the planet, are probably vulnerable to at least two of the known forms of this class of attack.

    But yeah, you go ahead and turn off those protection features to get your extra 20% cpu performance in an age where we haven't been CPU bound on anything for nearly twenty years
    Last edited by elmicker; January 8 2018 at 01:40:44 PM.

  8. #308
    Shaikar's Avatar
    Join Date
    April 9, 2011
    Location
    Kador
    Posts
    2,318
    Quote Originally Posted by elmicker View Post
    in an age where we haven't been CPU bound on anything for nearly twenty years
    Clearly elmicker is languishing in the Dark Times before Dwarf Fortress...

  9. #309

    Join Date
    May 30, 2011
    Location
    asleep
    Posts
    6,318
    reading on Ars, the entire release schedule of the faults had to be scrambled forward after an AMD engineer submitted some kernel patches with documented fixes in - sending peopel hunting for the previously undisclosed bugs. if true gg wp.

    Apaprently (too) MS have patched Azure so azure users don't have to patch individual servers on the platform. Hoepfully VMWare can do something similar though iam fast going off them as a company and wouldn't be surprised if it takes them 6 months and they break everything on the way through.
    Please don't teach me what to do with my pc.

  10. #310
    Daneel Trevize's Avatar
    Join Date
    April 10, 2011
    Location
    T L A
    Posts
    12,378
    Quote Originally Posted by elmicker View Post
    Wonderful, now read what I actually said. Meltdown and Spectre are two (well, three) forms of the same class of attack, a class of attack we can entirely mitigate with software changes. AMD's CPU's, like every other CPU on the planet, are probably vulnerable to at least two of the known forms of this class of attack.

    But yeah, you go ahead and turn off those protection features to get your extra 20% cpu performance in an age where we haven't been CPU bound on anything for nearly twenty years
    root's examples are literally referencing "#Meltdown patch", so it seems reasonable to assume they're Intel, Meltdown-specific patches.

    And you can't complain that people are "running servers at 10-20% cpu utilisation" and also that "we haven't been CPU bound on anything for nearly twenty years".
    You think they should be stacking more VMs on few physical CPUs, without appreciating if they're architecturally able to consolidate more processes onto specific probably-IO-bottlenecked hardware to any benefit?
    Quote Originally Posted by QuackBot View Post
    Idk about that, and i'm fucking stupid.

  11. #311

    Join Date
    April 13, 2011
    Posts
    6,553
    I'm saying they should be using fewer vCores so they pay less. Or if they're intentionally buying bigger boxes to get the greater IO they shouldn't really be complaining about an immaterial hit to their CPU.

  12. #312

    Join Date
    April 13, 2011
    Posts
    6,553
    Quote Originally Posted by Itiken View Post
    Apaprently (too) MS have patched Azure so azure users don't have to patch individual servers on the platform.
    Yes. One of the things MS does way better than AWS is articulate your failure and availability domains. If you configured your Azure Availability Sets properly everything just quietly rebooted overnight before the bugs were fully public - weeks ago in many cases.

    Many people did not configure their Availability Sets properly. And when I said "everything quietly rebooted", that's probably better said as "almost everything" - Azure regions can be wildly inconsistent at times, for fun reasons.

    AWS is having you reboot yourself, so while instances are protected from one another there is still a vulnerability within an instance.

  13. #313
    Lana Torrin's Avatar
    Join Date
    April 13, 2011
    Location
    Bonding around
    Posts
    18,924
    VMware has a Spector patch out already. It looks like they are possibly not vulnerable to meltdown as they do page allocation and isolation differently.. We will have to wait and see.

    Remember they are one of the few hypervisors that existed before process protection existed in the cpu.
    Quote Originally Posted by lubica
    And her name was Limul Azgoden, a lowly peasant girl.

  14. #314
    Donor Aea's Avatar
    Join Date
    April 13, 2011
    Location
    Colorado
    Posts
    14,392
    Quote Originally Posted by elmicker View Post
    Quote Originally Posted by Itiken View Post
    Apaprently (too) MS have patched Azure so azure users don't have to patch individual servers on the platform.
    Yes. One of the things MS does way better than AWS is articulate your failure and availability domains. If you configured your Azure Availability Sets properly everything just quietly rebooted overnight before the bugs were fully public - weeks ago in many cases.

    Many people did not configure their Availability Sets properly. And when I said "everything quietly rebooted", that's probably better said as "almost everything" - Azure regions can be wildly inconsistent at times, for fun reasons.

    AWS is having you reboot yourself, so while instances are protected from one another there is still a vulnerability within an instance.
    Azure is such unreliable shite that Availability Sets are a must. At least that was my experience with them a long long time ago. I don't know how they are now but their broken initial product really left a bad bad taste in my mouth.

  15. #315

    Join Date
    April 13, 2011
    Posts
    6,553
    It's a lot more reliable than it used to be, but still occasionally implodes. However for developers it's still unpleasant for a number of reasons, all of them by design.

    One of the major ones is that not all Azure regions are born equal. This applies to AWS to an extent, but Microsoft has heavily outsourced Azure. Regions have subtle quirks and don't behave the same under the same operations (see the link I posted earlier), right down to differing performance between otherwise identical machine types. Heaven help you if you're German.

    The others all fall into the category of "We're not going to hide the complexity". For example let's say you want to authorize an application to launch instances on your behalf. On AWS you just copy your little secret string and you're away (until you need to convert to something more complete). On Azure you have to go all in from the start:
    - Use Azure Active Directory (no relation to Actual Active Directory) to provision a service account for your new application within your subscription (hey, new lingo!)
    - Grant privileges to that service account (and if you're not a full administrator, no scripting for you!!)
    - Extract the secrets specifically for that service account
    and then you get to use it

    Essentially Azure exposes the complexity you end up using on AWS anyway, but from the start. This actually demos and sells really well in big enterprises, which is why Azure has been selling like fucking hot cakes for the last 18 months, so they're not arsed that it annoys the likes of us who are sitting there thinking "Why can't I just fucking deploy.."


    Also it is astonishingly expensive if you're not on an enterprise licensing deal with a hefty discount. They halved the price of one of their native PaaS products a couple of weeks ago and it's still about 30% more expensive than our equivalent fully-managed-on-AWS offering.

  16. #316

    Join Date
    April 12, 2011
    Posts
    2,488
    As somebody doing pretty much exactly what elmicker is talking about above, I can back up what he's saying. Azure has some nice parts to it, but other parts make you want to kill yourself.

  17. #317

    Join Date
    May 30, 2011
    Location
    asleep
    Posts
    6,318
    Quote Originally Posted by Lana Torrin View Post
    VMware has a Spector patch out already. It looks like they are possibly not vulnerable to meltdown as they do page allocation and isolation differently.
    Ah thanks for the heads up i was using a slightly wrong combination of search parentheses to try to get sense out of their shitty website.

    I'm hoping this means all vm's running on VMWare are (hypothetically) immune, which is pretty huge as, well, their market share is not shabby.
    Please don't teach me what to do with my pc.

  18. #318
    Keckers's Avatar
    Join Date
    July 31, 2012
    Posts
    16,867
    Quote Originally Posted by Daneel Trevize View Post
    All the while everyone sane's buying Ryzen+ instead.
    Not that there are enough sane people to matter tbh.

    Consumers are generally uninformed/don't care and I'm unaware of any existing server centres ripping out their intel chips and ordering replacements.
    Quote Originally Posted by Paul Mason
    It is absurd that we are capable of witnessing a 40,000 year old system of gender oppression begin to dissolve before our eyes yet still see the abolition of a 200 year old economic system as an unrealistic utopia.

  19. #319
    Movember 2012 Stoffl's Avatar
    Join Date
    April 10, 2011
    Location
    The original viennese waffle
    Posts
    21,977
    I've had a user request a new CPU the other day.

    Mild keks were had.
    2/10/17 Greatposthellpurge never forget
    23/10/17 The Greatreposteninging ?

  20. #320
    SAI Peregrinus's Avatar
    Join Date
    December 13, 2011
    Posts
    1,705
    Hardware fixes are at least 2 years out. Probably more. Meltdown is an easy fix, just need to check permissions BEFORE doing a speculative read instead of after. AMD already do that. Spectre is a lot harder, since it's an attack on branch predictors. Making those constant-time will probably require a pretty substantial change to many CPU architectures, which would normally take about 5 years. 2-2.5 if the manufacturers/designers really rush.

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •