Login

**robkelk** · 01-24-2018, 07:13 AM

An aside: Moore's Law was already on its last legs; Meltdown and Spectre drove the final nails into its coffin.

**robkelk** · 02-23-2018, 09:05 AM

OpenBSD releases Meltdown patch

**robkelk** · 02-24-2018, 10:09 AM

Intel knew about Meltdown/Spectre and didn't inform CERT

Time to seriously investigate AMD chips for the next PC...

Inquisitive Raven · 02-24-2018, 07:53 PM

You did notice that AMD was part of the non-informing cabal, right?

**robkelk** · 02-24-2018, 08:30 PM

<sigh> No, I missed that. But Intel was the company that discovered the issue.

LynnInDenver · 02-25-2018, 07:30 AM

Probably time to seriously consider making my next web surfing computer be a Raspberry Pi then...

Star Ranger4 · 02-25-2018, 01:38 PM

Raspberry Pi ala Modem, then?

***Bob Schroeck*** · 02-26-2018, 08:07 AM

Dartz · (This post was last modified: 03-13-2018, 05:15 PM by Dartz.)

Apparently it's AMD's turn. Although, instead of having months to work on a solution and arrange a quick sell off of corporate shares there's only been 24 hours notice in this case.

Things are a bit light on the technical description and eyebrows are being raised at the lab itself.

It seems like a sort of perfectly normal level of insecurity that you'd expect in such hideously complex systems - insecurity and untrustworthiness is the normal state of affairs. The more complex a thing is, the more likely there'll be holes in it somewhere. This is, after all, the reason why Europe is laughing at the idea of a hard border in NI - it's got more holes and crossings than any other EU border.

Also. Why the fuck does every security vulnerability have to have a fucking brand these days? Is it some idiotic way of drawing attention to the brander.

**robkelk** · (This post was last modified: 03-14-2018, 05:52 AM by robkelk.)

(03-13-2018, 05:12 PM)Dartz Wrote: Also. Why the fuck does every security vulnerability have to have a fucking brand these days? Is it some idiotic way of drawing attention to the brander.

That's for the system administrators' benefit.

Have we patched CVE-2715? I don't know, there's a lot of CERT alerts for stuff that often doesn't apply to our servers.
Have we patched Meltdown? Yes.

(CVE-2715 is one of Meltdown's CERT serial numbers, IIRC. Not the only one.)

Dartz · 03-14-2018, 04:33 PM

Maybe I'm just feeling catastrophically cynical about this one....

It came with premade branding - so was known about it for long enough for someone to cook up said branding, without actually revealing the problem to the manufacturer.

And as much as branding the things helps with public (and managerial awareness), it just feels a bit foolish for me. If it's utterly catastrophic, then yeah - but you're quickly into a sort of semantic satiation if you're naming every vulnerability you discover.

Login
Username:
Password:	Lost Password?
	Remember me