"bored"
Funny way to spell banned.
C.
3261 publicly visible posts • joined 21 Sep 2011
"True, I suspect security was pretty low on the list in the '70s when the original 8086 was designed"
The security hole was introduced way after the 8086. Basically, Intel and others screwed up. They're trying to spin this away as a design side effect.
Like a plane crashing mid-flight is a side effect of a substantial fuel tank leak.
C.
"Well, to be fair to Intel, they perfected prefetch as a performance boost..."
I think you missed the point of my post. I meant Meltdown/Spectre reveals an embarrassing cockup in Intel's processor designs (and Arm, AMD, etc for Spectre). Yeah yeah, prefetching and speculative exec and branch prediction speeds stuff up. That wasn't the point of my post.
The point is that chip engineers left security in the glovebox the day they parked up in the company lot and walked in to design those parts of the pipeline.
It's like a manager told them: "Speed. Security. Price. Pick one."
C.
>"Secrets" ? Who wants those "secrets" ? Does the "other end" even know I've got any "secrets" ?
By secrets, I mean: passwords and personal information. And yes, you have them in your computer. This is why it's good to patch - when good patches arrive, natch.
>Show me proof people are being attacked, left and right, thanks to Spectre and Meltdown.
No one's said people are. Relax guy. You're overreacting.
C.
"I mean, what's the probability for me to become a target ?"
Spectre is irritating because it's hard to fix and lets software read stuff it shouldn't. This means JavaScript in the browser can sniff out secrets from the kernel and other tabs. There are PoC exploits for this out there. It's important for ppl to update their stuff, hence the attention on the flaws.
Likewise Meltdown: malware will be along to lift stuff out of the kernel.
PS: For us, the biggest thing about it is the embarrassing design cockup and the messy fixes, rather than this being the total end of the world (because it isn't).
C.
>It DOES NOT not prevent your ISP from tracking sites or pages you visit.
It does prevent ISPs from tracking pages. All the ISP sees is an encrypted connection to, say, a Wikipedia server. It has no idea which pages I'm reading.
And I'm not so sure about your other claims, either.
C.
Big publications – from the NYT with its huge army of copy editors to the Grauniad with a sizable editing team - still let through errors. We have 3 region editors (North America, Europe, APAC), 1 news editor (UK) and 1 sub-editor (UK).
It's frankly fucking amazing there aren't more errors slipping through on El Reg given the resources available. The current rate is pretty low. It's hard to find good editors who can do sperlinng, snarky headlines, and are experts in tech and science.
C.
Due to a technical cockup, an old draft of the piece went live instead of the final edit. We keep a history of all article revisions, and an early revision overwrote the latest one.
I just restored the final edit. The piece was edited hours ahead of publication, and set to go live at 8am PT / 4pm UTC. We don't publish stuff straight to the web - it gets edited by at least one editor.
Basically, someone with a browser tab open with an old version of the story clicked on 'save and close', rather than 'close', in our web publishing system, and overwrote the clean version. Oops. But it's fixed.
Don't forget to email corrections@theregister.com if you spot anything wrong.
C.
"Oracle believes that certain versions of Oracle Solaris on SPARCv9 are affected by the Spectre vulnerabilities"
and
"Oracle is working on producing the patches for all affected versions that are under Premier Support or Extended Support."
Pretty clear to us. SPARC v9, running Solaris, is vulnerable to Spectre.
C.
"QUIC is not been deployed yet because it is still not a standard !! IETF is working on it and has recently pushed back the dates (to end of 2018)"
Yeah, so as we said, only Google seems excited by it. Everyone else seems to be taking their sweet time - of course, they're allowed to do whatever they want. But the point is, only Google seems excited by it, mostly.
C.
Eh, I dunno. We called it The Fappening in the past, and it just seemed the name had morphed to Celebgate.
And I'm all about a writing style that's like your mate at the local boozer. Just not so sure about playing into the hands of a bunch of 4chan degenerates jerking off over people's stolen private images, so to speak.
C.
Mate, none of what you said above is cool. If you're delivering stuff to someone, serving them food, any kind of day-to-day thing, taking their phone number and texting them weird flirty stuff is awful. The number was provided for business purposes, not to set up a date.
It's one thing to ask a person for their number in a social setting. It's another to delve into a customer record and pull out a contact detail and pester them.
Now imagine this happening every week - it could be on twitter, uber, just eat, work email. It gets old really quick and it's just creepy and sad. If you want to ask someone out, do it properly.
C.
"The racial makeup of Cupertino"
Cupertino is a small city in California that happens to have Apple HQ next to it. People who work at Apple, by and large, don't live in Cupertino. They live all over the Bay Area and the world.
No idea what point you're trying to make, anonymous coward.
C.
We asked Intel what was going on, twice, and had no response - not even a no comment, or an off-the-record explanation. We were certain with what we had - given the LKML discussions and information from other sources - so, why not warn the world that big changes are coming?
We offered no exploit code. Just a heads up that important alterations were being made to crucial bits of software. It's not our job to do companies' PR. We can't read minds.
And these changes were being done in the open, so any bad people paying attention could have known what we knew or more, and started exploiting it.
A lot of vendors hold us at arm's length, hoping we'll go away. We regularly get the silent treatment from various - but not all - companies. We're not going to sit on stories just because we get a no comment/no reply. Turned out this one was quite a big one. We had no idea it would be this big.
C.
Gaming is pretty much unaffected - it doesn't involve the kernel, you're talking direct to the GPU. Most desktop apps are not IO intensive so you won't see a big hit. It's not great news for stuff that slams the disk and network, or works in real time - however, as we said, if you have PCID supported, the hit is minimized.
C.