I gotta say, as much as this is awful, it’s an absolutely beautiful piece of work. And it’s gonna need a major rethinking of everything we know about CPUs to fix. It’s gonna take years, and it’s gonna be super interesting to watch.
1 Like
It indeed is very interesting from an academical point of view, both how the vulnerabilities work, and how possible mitigations could work, and considering how speculative execution, branch prediction and out-of-order execution are ingrained in modern processors, i agree it will be quite interesting to see how this is solved, not to mention which other modern processor techniques could be abused to obtain similar results.
32GB RAM? I’m not quite sure how you’re actually going to use the most out of it since I’ve never actually seen a 32GB RAM computer in action. Are you sure 16GB RAM just won’t suffice for your needs?
Quite an interesting bug they’ve found, I’ve gotta say. I am thankful that security researchers found out about it before attackers could wreak havoc on the entire internet (Or did they???) as it helps make the world a safer place and whatnot~
Naturally it does bring some frustration as we had to reboot a bunch of our instances on AWS but it was just a minor setback for our own safety.
What it does bring up is an issue of security vs convenience (or perhaps, security vs efficiency) and how we must balance these things. I think this kind of decision is a thing that makes a lot of sense on personal computers where the worst that metldown and spectre can do is have a computer virus invade your personal programs’ data (in which case, you’re already screwed for having a virus infect your pc in the first place). Sure, you lose data, but only in the scope of a PC which you have full control over anyway.
A cloud system, on the other hand, is particularly vulnerable; it allows anyone running a non-infectious program to spy on data on other peoples programs, thus leaking private information with the victim being literally unable to stop them (until AWS patched their systems). It makes me wonder if it is worth it for hardware vendors to separate the architecture for personal PCs and server PCs, with the former focusing on speed so people can do their stuff faster, and the latter focusing on security, since they can just have their services scale (either horizontally or vertically) if the processor isn’t efficient enough.
All-in-all, this kind of attack perfectly explains why government security policies require you, even on cloud hosting, to provision a non-shared instance when hosting your data. it’s a bother, but it keeps everyone safe when the unexpected things like this come to bite you in the butt.
1 Like
One thing to note about a very large problem like this is that it is safe to assume that while security experts are relatively quick to find and try (especially in the case of Spectre) to fix problems, that some of the best criminals out there are about as expedient and proficient.
There is no “if” when it comes to whether criminals are going to exploit this or not because the best ones that wanted to exploit either of these problems and (think) that they the ability to do it without getting caught already have. What concerns me right now is that there are major government and banking sector computers and servers that have little to no protection against these flaws and will not do what they can to protect consumers expediently.
2 Likes
It is entirely possible that they could have been exploited before, the vulnerabilities in question have been there for years, decades even, and they leave no trace, that’s whats shocking about this, we were vulnerable for all these years, and we didn’t even know.
Indeed, in light of this i believe processor manufacturers are going to have to rethink the design of their products focusing a little more on security and not so much on blind performance.
While there are mitigations currently available for Spectre, they require recompiling kernel, libraries, and applications that could be attacked, to quote the website “As it is not easy to fix, it will haunt us for quite some time.”.
Because I have a penchant for reviving dead threads.
Hi.
Some background information: I just got myself a second hand Lenovo ThinkPad T450 several weeks ago as a secondary laptop, upgraded its RAM to 8 gigs and installed a 250GB Samsung 860 EVO SSD. Ended up liking it more than my Acer machine which has vastly superior specs minus the HDD in the Acer. I wouldn’t think of using GNOME 3 in the past, but the recent two major updates have made it a much better experience in terms of speed and fluidity.
Btw I use- uhm no.
1 Like
What are some good websites to follow if you’re interested in Comp Sci related news? Cause I feel like I need to know more about current Comp Sci events and I’m looking for some good sites so that I can keep track of that
Regards, 9apps app
cartoon hd apk
1 Like
Most popular one ia probably HackerNews: https://news.ycombinator.com/
But I usually end up uing flipboard.com for my usual news bites 
1 Like
