CPU Security Flaws MELTDOWN and SPECTRE

Discussion in 'PC Industry' started by Bondrewd, Jan 2, 2018.

  1. Malo

    Malo Yak Mechanicum
    Legend Veteran Subscriber

    Joined:
    Feb 9, 2002
    Messages:
    7,030
    Likes Received:
    3,101
    Location:
    Pennsylvania
    Yes pretty much. It was an absurdity just meant to highlight that you generally want more security, not less.
     
  2. pcchen

    pcchen Moderator
    Moderator Veteran Subscriber

    Joined:
    Feb 6, 2002
    Messages:
    2,750
    Likes Received:
    127
    Location:
    Taiwan
    It's a reasonable solution for desktop computers, but for mobile devices, slowing down Javascript could mean shorter battery life, and that's a problem for current mobile usage pattern (many apps also depends on Javascript engines).
    Ideally this should no longer be a problem once newer MELTDOWN/SPECTRE-proof hardware are out. Of course, it's entirely possible that some newer side channel attacks will be discovered on those future devices.
    Maybe eventually we'll have physically separated compartmentalization. As transistors getting even denser and power envelope becoming the major performance limiter, it might be cheap enough to have completely separate CPU cores designated for running different processes, thus reducing the possibilities of data leak through side channels.
     
  3. Rootax

    Veteran Newcomer

    Joined:
    Jan 2, 2006
    Messages:
    1,173
    Likes Received:
    576
    Location:
    France
    Didn't Chrome implanted a software mitigation for this ? Granted it does nothing for the virtualisation environment, but for the end user just browsing...
     
  4. swaaye

    swaaye Entirely Suboptimal
    Legend

    Joined:
    Mar 15, 2003
    Messages:
    8,457
    Likes Received:
    580
    Location:
    WI, USA
  5. Silent_Buddha

    Legend

    Joined:
    Mar 13, 2007
    Messages:
    16,145
    Likes Received:
    5,081
    Hell, while it isn't for most people, I just disable JavaScript on my general browser (which is in a VM) and only enable it on a per site per usage scenario limited to 15-30 minutes at a time after which JavaScript is disabled for that site again.

    For my work browser that only goes to trusted sites, I still have JavaScript enabled, however. So there is a small chance that something could potentially slip through there.

    Hence, while I'm tempted at times to disable some of these security patches, I don't ever seriously consider it. After having gone through Code Red back at the turn of the century, I don't want to have to go through anything remotely similar again. IE - I take security a lot more seriously now.

    I really miss the ability from Internet Explorer of being able to set separate levels based on what security zone a site is in.

    Regards,
    SB
     
    #385 Silent_Buddha, Jul 11, 2019
    Last edited: Jul 11, 2019
    orangpelupa and BRiT like this.
  6. orangpelupa

    orangpelupa Elite Bug Hunter
    Legend Veteran

    Joined:
    Oct 14, 2008
    Messages:
    7,154
    Likes Received:
    1,305
    I just glad windows still allows the mitigations to be disabled. The performance hit was too much for my tablet

    Hopefully MS won't make it mandatory, ever
     
  7. Malo

    Malo Yak Mechanicum
    Legend Veteran Subscriber

    Joined:
    Feb 9, 2002
    Messages:
    7,030
    Likes Received:
    3,101
    Location:
    Pennsylvania
    Your tablet will be the catalyst for Skynet
     
    Lightman and orangpelupa like this.
  8. Silent_Buddha

    Legend

    Joined:
    Mar 13, 2007
    Messages:
    16,145
    Likes Received:
    5,081
    Fixed it for you. ;) Self aware robotic cats incoming.

    Ter-mew-nators?

    Regards,
    SB
     
    entity279, orangpelupa and Malo like this.
  9. Gubbi

    Veteran

    Joined:
    Feb 8, 2002
    Messages:
    3,528
    Likes Received:
    862
    Any ad is a risk, and considering how modern JS apps are developed with thousands of external npm dependencies, - very few of which are vetted, there is a non-zero risk when using JS on trusted sites as well.

    IMO, running without full mitigations is insane.

    Cheers
     
    Silent_Buddha likes this.
  10. BRiT

    BRiT (╯°□°)╯
    Moderator Legend Alpha Subscriber

    Joined:
    Feb 7, 2002
    Messages:
    12,502
    Likes Received:
    8,707
    Location:
    Cleveland
    It's only insane if the server actively runs any web browser(s) against internet content. None of my servers do, so no need for those mitigations.
     
Loading...

Share This Page

  • About Us

    Beyond3D has been around for over a decade and prides itself on being the best place on the web for in-depth, technically-driven discussion and analysis of 3D graphics hardware. If you love pixels and transistors, you've come to the right place!

    Beyond3D is proudly published by GPU Tools Ltd.
Loading...