LinkBack URL
About LinkBacksRead more.Report says Intel's delay in advancing to 10nm has lead to insufficient 14nm capacity in-house.
Read more.Report says Intel's delay in advancing to 10nm has lead to insufficient 14nm capacity in-house.
Wow, now that is surprising!
Also very telling of the dire situation Intel has themselves in. They are burning resources to get 10nm out the door and those resources are affecting their live market right now.
I find it more baffling that there's an apparent shortage of Intel processors when everyone and his/her dog knows Intel is suffering much more from Spectre & Co. than AMD. Apparenty the Intel brand carries so much weight that proper functioning of its processors comes in at a distant second.
Well, considering the amount of people who say "Spectre and Meltdown" don't affect normal people so why should people update leads to the ridiculous mentality of not updating because "I'm not the target". You may not be but you don't go out and not buy car insurance because you're not the target for being ram raided by a 14 tonner whose driver fell asleep at the wheel?Originally Posted by azrael-
Oh great we all know what happened when Apple outsourced iPhone 6 production. Sub par screens prone to scratching and cracking. Really hope they stay on point with quality control.
Businesses will always plump for Intel. I remember the days of the P4 Vs Athlon 64 and the place I worked insisted on buying underperforming, hot running, expensive P4s apparently as a means of ensuring they didn't have any extra cash in the bank and keeping the place warm. AMD had the superior product on almost all objective criteria as well as being cheaper but we still got P4s.
AMD will have a right result......
I think it's more the case that for the vast majority of users the performance impact of patching for Spectre and Meltdown is negligible. I sit on my Kaby Lake laptop, fully patched, and rarely see beyond 25% CPU utilisiation. Typing this I'm barely breaking 5%, just the occasional spike to ~ 20%. So the vast majority of "normal" users won't care because they can just apply patches - delivered by a variety of automatic updating programs - and their laptop or desktop performs exactly the same as it always has.
There are cases where the patches make a significant difference, but in consumer land they're few, far between, and in many cases patched Intel CPUs will still be as fast as an AMD equivalent, so the majority of consumers - who apparently are sill swayed by the "you want an Intel processor" line - won't make the switch...
It's not the demand for 14nm processors that have lead to a shortage, it's the decision to move chipsets to 14nm, I'm guessing Intel expected 10nm to be in full swing by now so transitioning chipsets to 14nm would've taken up growing spare capacity on the old fab machinery.
The question is why they didn't postpone the transitioning of chipsets to 14nm once they knew 10nm was delayed, another guess is that the sale of the old 22nm fab machinery was a done deal and they couldn't back-out of it without incurring large penalties.
That's not what I'm getting at, people are focusing on "it won't affect me, I won't bother patching" mentalities which have been pushed further by people saying don't bother alongside the performance stuff. Most of the patches are applied at BIOS microcode level, some mitigations are done via OS/application but they are limited in scope.
I would argue this is not the case as (in my case certainly) the mobo manufacturer did not see fit to release an update. Most patches are probably not applied at all.
</pedant>
</bitter>
</last time I buy a high end mobo>
By some people it looks like you mean me.
Extending your analogy, people don't just buy car insurance because a 14 tonner may not be targeting them. They buy it because there's a significant risk of needing it during their lifetimes.
What people don't buy is meteor insurance "just in case" a meteor hits them. Incidentally, this is about the same as the likelihood of a home user that's up to date software patch wise with decent anti malware actually being negatively affected by someone exploiting Spectre/meltdown type bugs on their system.
As a average home user, the fact that OS based mitigations are automatic means that they can just forget spectre and meltdown aren't worth worrying about at all. Particularly if they have up to date decent anti malware software installed and enabled.
"In a perfect world... spammers would get caught, go to jail, and share a cell with many men who have enlarged their penises, taken Viagra and are looking for a new relationship."
Which motherboard was it?
</sarcasticly copying> (what prompted you to doing these weird code injections to your posts?)
I would argue that being hacked and your computer being used as a zombie to then attack somewhere else is between having a car crash and being hit by a meteor, probably substantially closer to car crash than meteor.
OS level fixes are only available for some of the variants and issues and to be truly protected they will need to be fixed on a hardware level. For instance, Meltdown has been mitigated by OS update if you are actually performing Windows Updates. Some on this forum (and in turn, using this sample means a far larger swathe of the worldwide community) refuse Windows 10 because they don't want to update, then my security hat asks how often they actually update and which ones do they do?
Spectre NG and Foreshadow require both updates and microcode updates to resolve of which many in the community would not fully be aware of how to do or even know of in the first place.
Last edited by Tabbykatze; 10-09-2018 at 04:40 PM.
Can you please explain how Information disclosure vulnerabilities can be used to turn a computer into a zombie?Which motherboard was it?
</sarcasticly copying> (what prompted you to doing these weird code injections to your posts?
I would argue that being hacked and your computer being used as a zombie to then attack somewhere else is between having a car crash and being hit by a meteor, probably substantially closer to car crash than meteor.
Can you then please explain how it is economically viable to use said process to make lots of money. Or explain how someone with the vast resources required to create said process will use it in such a way that it ends up indiscriminately attacking members of the public.
I'd say the changes of using an information disclosure vulnerability for remote code execution are closer to random black hole swallows the earth up out of nowhere than risk of a meteor hitting
This scaremongering around extremely difficult to exploit vulnerabilities is distracting people from real risks to them. Such as email payment interception scams, general phishing or even keeping an eye on their credit/debit card bills for fraudulent payments.
"In a perfect world... spammers would get caught, go to jail, and share a cell with many men who have enlarged their penises, taken Viagra and are looking for a new relationship."
By your logic, Heartbleed was a null and void security risk as well.Can you please explain how Information disclosure vulnerabilities can be used to turn a computer into a zombie?
Can you then please explain how it is economically viable to use said process to make lots of money. Or explain how someone with the vast resources required to create said process will use it in such a way that it ends up indiscriminately attacking members of the public.
I'd say the changes of using an information disclosure vulnerability for remote code execution are closer to random black hole swallows the earth up out of nowhere than risk of a meteor hitting
This scaremongering around extremely difficult to exploit vulnerabilities is distracting people from real risks to them. Such as email payment interception scams, general phishing or even keeping an eye on their credit/debit card bills for fraudulent payments.
Using information disclosure vulnerabilities you can extract information piecemeal until eventually you will get something valuable which means running the information disclosure multiple times you could get passwords, PID and other information from processes as they are running. Using the extracted information will allow an easier attack on other subsystems within the computer to continue the malicious operation of a system. Meltdown is a bit worse because you can read the entire memory, that is serious beyond the extremes and will allow far more than Spectre.
You're right, Spectre and Meltdown on their own are like a Condom machine in a Nunnery but just because they're useless on their own doesn't mean they don't make malicious lives easier in other areas. Another example would be that a diamond tipped drill makes a bank robbery dramatically easier if used in the right place at the right time but it's not always useful unless all the other conditions contribute to the ability to use it.
Even the wikipedia entries detail some elements of what they can be used for. You have distilled the issue into its individual components and aren't considering that hacks/viruses actually use broad swathes and combinations of attacks, vulnerabilities and exploits.
Last edited by Tabbykatze; 10-09-2018 at 08:36 PM.
The worry for Spectre was that one tab in a browser could read banking details in another tab. Fairly easy to see how money can be made by that.
Vast resources? It didn't look that hard to exploit, and given an exploit could be written in Javascript and served via an advert server you don't even have to infect websites to grab those details.
Which is why microcode updates are also applied on operating system startup by Windows and Linux distributions.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote
