Re: No bold type text for AMD being affected as well,uh?
We'll see. Using AI to exploit CPU bugs is bound to turn up all sorts of stuff. Interesting times ahead.
529 posts • joined 15 Oct 2010
The quote in the article is "Gras also believes AMD's hardware threading technology in its latest Zen processors – Ryzen, Threadripper, and Epyc – are at risk from TLBleed, "
There is no confirmation (yet) AMD is affected by this. Currently there is a reasonably educated suspicion that it *probably* is, and that is because AMD uses SMT which is where the vulnerability crept in for Intel. No testing has been made public yet, and probably isn't completed yet. It is quite possible that Intel and AMD's SMT implementations are sufficiently different that AMD isn't impacted. Until the testing is completed, we have to wait until there is something concrete to discuss. Right now it is a big old MAYBE. :)
Hosted is someone else's computer - and o365 is totally hosted, with little in the way of resiliency.
Strictly speaking, Cloud is quite dynamic/automated and much more resilient and distributed. However... Marketing weenies will call everything on the internet "cloud" to keep a marketing hypewagon of buzzwords rolling. So at this point, the term cloud is virtually meaningless...
o365 isn't actually cloud. It's hosted. *IF* if was actually cloud, it would be more resilient and less susceptible to the issues that keep downing it. :)
Sidenote - In a meeting with MS o365 and Azure Sales and Tech, the o365 drone said "cloud", and I corrected him, with the Azure guys nodding with me. :) They weren't happy about the o365 guys throwing the word "cloud" about when they are a hosted service...
"But it's "lazy IT". Let's just pay a monthly subscription, then that's us sorted because "it's Microsoft". "
That 2nd sentence is an MBA laden CxO talking, not rank and file "proper" IT. IT much of the time doesn't make its own budgets or decisions on stuff like this. A couple of dinners with some MS sales guys at the CxO levels, and this sort of thing gets pushed through over IT's objections. (been there, got the t-shirt). I would say it's probably more Lazy management that's trying to trim both the personnel and equipment budgets while simultaneously getting nice meals...
"And as for Samsung Pay, why the hell would I want to use magnetic payment? No thanks... Even most shops in the US now accept either contactless or chip..."
In the US - Home Depot, Lowes, and most gas stations are still swipe unfortunately along with many others. Lots of shops with chip readers still not enabled even when they have them. In this current interim period - Samsung Pay is a nice way to secure the card from a skimmer since what's transmitted to the magstripe reader isn't usable a second time..
AMD has Secure Memory Encryption and Secure Encrypted Virtualization which encrypts the RAM and keeps processes and VM's completely separate respectively. It is also the path of least resistance, and for SEV doesn't require code changes to anything other than the Hyper-visor which is happening presently. To implement SME in software doesn't require any heavy lifting either.
SGX appears to be the equivalent of AMD's long deprecated 3DNow! instructions (or probably closer to Intel's Itanium) in terms of being setup for non-adoption and deprecation. I don't see it surviving due to requiring too much work to implement. Currently Intel's initial attempt is borked in silicon and still being worked out. Cascade Creek is the earliest release arch now for SGX to work sometime in 2018, To date, I'm not aware of any SGX apps in the wild, given no CPU support. In this case, Intel will likely do what they did with AMD's AMD64 and NX instructions and adopt SME/SEV from AMD, and deprecate SGX like they did with IA64. They're cross-licensed on tech after all since both are using several patents from each other.
"I wouldn't exactly call Core 2 (2017) to the current i7 a "decade of decline"."
Remember that Core/Core2 was simply a souped up, decade old P6 (PentiumPro) architecture which spawned from a black ops project that saved Intel's bacon from the P4/Netburst debacle. Meanwhile work on the more modern (AMD K8 like) Nehalem arch was occurring, which is the lineage of the current Intel chips. Since Nehalem and it's tock followup Westmere, the performance ticks up, haven't been spectacular. Westmere roughly coincides with AMD's architectural equivalent of the Netburst debacle - BULLDOZER....
So yeah, Intel (so far) hasn't made any huge improvements since the MagnyCours era on the AMD side of things. :) Having competition again is good, and drives higher compute densities in the datacenter so I don't have to pay for more racks on the floor and bigger cages to house them. :)
FYI - The DeX dock has a fan on it to prevent overheating the docked phone. I got one to just play around with. Turns out, for normal (non-dev) usage, it can already replace a laptop in an office setting, even without Linux mode. BUT - undocking closes apps, so re-docking doesn't go back where you started. That gets annoying when you redock after taking the phone out for a quick coffee run or bio-break. As a result, I'm back to the laptop until that gets fixed.
LOL. I've done similar.
Had a new employee that kept having problems and turning in tickets. A new ticket came in midday Friday, and by the time I got to their desk on Monday morning, there was a different person sitting there. Verified everything was working, and closed the ticket with "Replaced user, Tests OK.". Waited on an angry call from the help desk manager who'd I'd had discussions with before over resolution comments, but apparently said user had ticked her off as well. :)
"...and get another nice paying gig ..."
except she no longer needs another gig, EVER. As long as she can keep her living expenses reasonable (actually even unreasonable, just not NFL player crazy spending), she and her family are set for life, all the way to her grandkids' lives, and possibly beyond that with nobody "working" again. Hats off to her for accomplishing that trick while putting the last torpedoes into the USS Yahoo! of which she was captain.
To keep them relevant, I had to update both my original Nexus7 and Nexus7 2013 to the current LineageOS 14.1 version since Google EoS'd them ages ago, but at least I have Android 7.1.2 now. Installing 3rd party firmware isn't for everyone though.
(I'm not sure why I still hold onto my original Nexus7 since I replaced it a couple of years ago. Well, actually I do know, I'm a hardware hoarder, but am seeking treatment for it. :) )
"My Moto G4 ( expected to get Android 7 in Q4 2016 I believe ) has a patch level of July 2016."
I feel your pain. Last unofficial word, is that it got pushed from mid-Dec, to mid-Jan, to Febs-whenever, and now out to March-whatevs. Really getting annoyed by the repeated slips and no security updates either in the meantime. Prior generations of Moto G series got updated pretty quickly.
@Atilla_the_bun - The antenna fiasco as I recall was that the proto case (a mod'd iPhone 3 case) they were testing in the field before release, was NOT the case that went into production. In the pursuit of external design secrecy ahead of the big reveal, they ended up using their customers for alpha testing of the antenna in the final case.
"...weren't Intel phasing out Atom? What is Intel going to do for you? Even if they do have a replacement, those embedded boards with the CPU soldered in... they just increased vendor costs."
This is (mostly) the embedded space, so Intel has contract obligations to continue supply these for as long as the customer contract specifies. :) So Cisco/Dell/Synology/etc are probably taken care of. Smaller end users though, that could get interesting. For the second part - yeah, its OUCH time for Intel. Whatever profits they got off these incredibly low margin and custom chips will get wiped out and then some.
re the phase out and this is somewhat unrelated to the current issue - unless I misunderstood, Intel is going to use their normal x86 Architecture du jour as the base of all the new low power x86 stuff rather than continue to have the expensive one-off that Atom was.
"It might also explain why Intel quit making the Atom line."
You might think that, but these were special purpose Atom based SoC versus regular garden variety Atom's. Trust me, the regular Atom line has plenty going against it, mainly the age of the architecture. There was only so far Intel could tweak on it before the engineering costs on an outdated arch (unrelated to their primary bread/butter x86 cpu lines) outweighed the rewards/profit margins.
Hmmm, for "art/entertainment/poetry/story" purposes, I interpret the phrase "Winter is coming" as referencing the "end of the world/Ragnarök" Fimbulwinter from Norse mythology. There is a REASON its a common phrase for literature/arts and such, even if the majority of the population doesn't understand the significance. Not sure how HBO can issue a takedown on that with a straight face, but I assume their lawyers aren't well versed outside of law classes?
They did some real world testing. But basically you've got it - under normal circumstances with SEV you are much better off. The VM(s) are shielded against other VM(s) on the same host with the proviso that the underlying host has NOT been compromised. Of course, if the underlying host is compromised, you're bantha poodoo anyway, so...
@Tikimon - dude, I really wasn't trying to single out anyone. Yes, I called out Trump first since a) pollsters said he'd lose b) I could make the "red state" observation, and c) I don't live in a Blue state to make a direct observation on people who were reluctant to make their choice known. I could only observe those around me in a red state who were extremely reluctant to declare anything, and who had not been so reluctant in prior years.
I suspect since pollsters said their numbers were underreported on Clinton as well in several areas, that many voters that selected Clinton were equally reluctant/ashamed to do so. Hence me postulating the theory of maybe pollsters just ask people who they will NOT vote for. :) Sorry if I had some clarity issues in previous post.
its done that way to make sure that the large pop states (TX, NY, CA, FL, etc) can't run roughshod over the rest of the country. Even so, it could be argued that with 55 votes, CA in particular may already have too much influence in a Presidential election, particularly with the statewide winner taking all the State's electoral votes.
Well, before the election, I knew very few people (in a heavily "red" state) that would fess up to wanting Trump. Based on that observation, I suspected they were probably too ashamed to admit that to an anonymous pollster and possibly to themselves. I figured *if* Trump was within 10-15% of Hillary poll-wise, he'd probably win, and he was within 10% at the final day... Not a terribly scientific observation, but it turned out a good guesstimate. Somehow have to factor in the psychology of people who vote not FOR a candidate, but AGAINST a candidate. (which seems to be most of the votes submitted this cycle were either AGAINST Hillary OR Trump, but not actually FOR either and might not admit to voting for either) . Maybe they need to change the question - like "which candidate(s) would you NOT vote for?", and not even worry about the "who are you voting for?" questions.
"I've had a few long lunches* and come back to put in a few really productive hours at the office (or so I thought at the time) only to come in the next morning and look at the code and think wha???"
I've had something similar... Had an accident during a weekend where my hand got sliced open and had to be sutured, the obligatory shot of morphine, then some oxy-codone for afterwards... I felt FINE (morethanfine) the following day as I was still taking pain pills, and since I thought I felt "normal", just WFH'd and got some code knocked out. Unfortunately/fortunately I didn't have anyone to code review, so I left it for the following day. Yeah... next day rolls around, and I'm NOT on pain pills... Looking at the code... WTF, who the HELL WROTE THIS? Uhhh, It was indeed me, but I didn't actually recognize "this brilliant code I wrote yesterday". Thankfully I didn't check it in...
the Beer for obvious reasons... Don't drink and code kids! :)
Back in the "olden days" companies would give campaign contributions to both parties, and just kinda stand clear otherwise in order to not make enemies with whomever was elected. Taking sides is a risky business that puts the business at risk. I suspect the various Boards of Directors will put a muzzle on high ranking execs from here on out.
"Might give pause for thought about who they are sharing with and also those "high enough up" to ignore policy wouldn't want to share, they want their own ;)"
Yep, seen that, and as a result, NOT a fan for outsourcing anything other than janitorial services. After having gotten a contract QA engineer up to speed, they were re-assigned to a DIRECT competitor. I was LIVID, and objected to the higher ups. I don't know if it did any good, but the QA Engineer was reassigned back to us a quarter or two later. You really have no idea on contract stuff WHERE your trade secrets go ultimately, and there is no real way to protect yourself and still have the outsourced resource do their job.
"... this is going against corporate policy and procedure. In my world, such loose cannons are terminated without so much as a by-your-leave."
Agreed, but my experiences with these type of folks, is they are smooth talking, fast walking snake oil sales types that come in schmooze/dazzle the board with what they say they can do for their dept, and get approval to pull their whole dept off the grid from normal IT.
Oddly enough they actually do have the talent necessary to do it (at first), some brilliant engineers who can handle it, and it works great for about a year, maybe TWO. Their brilliant/but short handed staff which had been working just fine? They've had attrition, and the replacements aren't as capable as their predecessors, OR their predecessors didn't document themselves well enough for a replacement to step in and have a snowball's chance in hell at success, and they leave. Starting in on year 3 or 4? Its falling apart or has collapsed completely, the department is in a lot of trouble, and begging corporate IT to help out, and bad mouthing IT to the board for not being team players... Effectively a Kobyashi Maru scenario for Corporate IT... (I've also seen where it went wrong from the get go, but the end result is the same, somehow the rogue's failure was still IT's fault)
Moral of the story, hire/retain ONE smooth talking snake oil type in corporate IT to politically counter the rogue in whatever dept that is pitching a breakaway movement.
Its because of UCI regulations with a MINIMUM bike weight that make it possible to have a hidden motor on the bike without a weight penalty. You can't use a hidden motor for very long due to battery capacity restrictions. Any benefit of the motor is cancelled out by the extra effort of hauling an extra kilogram or so for 200km. HOWEVER, since the weight rule took effect, bike weights have come down dramatically due to better manufacturing techniques. Since you have to make up the difference to get it back up to the minimum weight, it paves the way to put a motor in, either that or lead weights. Bikes you see at the Tour, have to have weights added to them to make them "legal", or at least this year they did. Not sure what was used for "ballast" last year.
UCI response on all this- "Are we going to repeal/revise the weight rule? Nawwww, we're just going to spend a lot of money on testing equipment (some of it dubious) to find motors that likely wouldn't be there if we didn't have a minimum weight restriction...."
may not be enough for a proper statistical sample, but it does match what I've been seeing out in the real world where people just don't give a flip anymore. I've basically been told repeatedly by different people (and I'm paraphrasing) "All this security stuff is just a downer, so stop harshing my mellow." and this was corporate IT folks, although family members and friends have been no different.
I agree with their findings that there is massive security burnout in a large swath of the population.
"Just like TV, people will want more than one iPhone..."
Based on what I've seen around me (and YMMV), people that would have more than 1 phone would not have two iPhones they'd have two or more Android devices for playing around with (like one they didn't mind getting lost/broken/whatevs at the concert,vacay, or at the lake), or they'd have one of each (like an iPhone for work and Android based for personal). Those are the scenarios I see around me currently for people that have more than one. In either scenario, its not ultimately good for Apple since both devices aren't Apple.
"Or a HD recorder. ..."
I refuse to spend $100/month to have to fast forward constantly. Last time I had cable TV, the channel providers had gotten sneaky putting up a quick splashscreen making it look like the program was starting, but then shove two-four more commercials.
Its far cheaper to have Netflix/Hulu/Prime and for stuff not on them, to just buy it outright, and then you don't have all that annoying fast forwarding nonsense. (I pay the extra $ for ad free Hulu, so awesome)
"Why LinkedIn Monetizers yes, and Microsoft Monetizers not?"
LinkedIn is mostly neutral with no direct ties to anyone. Microsoft has a vested interest in Microsoft (as it should). So now, a site used mostly for professional networking* is all of a sudden owned by a very biased party.
* so there HAVE been an awful lot of Facebook style posts there lately, which is forcing me to re-eval my relationship with them, prior to the MS buyout.
"Maybe the "guys in their 50s doing COBOL" who quit when hearing "agile" were like that, in which case they deserve the job market they will encounter"
@DAM - actually - the COBOL guys have been making BANK for a while (since before Y2K), so at this point unless they did something foolish with their money, they can just retire and be done with it. If they quit when they heard Agile, I suspect they could have left at any time and were just there for "fun". Let that be a lesson for anyone with legacy systems where the only folks that can *properly* develop on it are in their 50's. Its time to do a crash program migration (or get fresh blood that likes COBOL ha), since many folks in their 50's can just up and walk at any time if they so choose, and those two did so choose. I've seen well positioned guys in their 40's do that as well.
Biting the hand that feeds IT © 1998–2019