That's one of the reasons I don't really like this whole "give companies 5 months to fix everything" strategy. It just gives the big wigs time to bail, gives the people who know time to exploit it, while the consumers only get shitty patches.
While both _very_ serious issues, the video is blowing things out of proportion a little bit. Meltdown is essentially an Intel issue, though there are a number of ARM cores (and not widely used ones at that) which are affected. Most ARM processors don't do speculative execution in a way that's affected by Spectre. Spectre requires out-of-order execution, and those affected are a small number of cores in total. However, those that are are concentrated amongst iPhones, iPads, various other i-devices, and higher-end Android devices. The only ARM core affected by Meltdown is the A75. I can't think of a prominent-ish use of that core outside the Qualcomm Kryo 385, and that's _very_ new. AMD processors are designed to prevent the very issue exploited by Meltdown.
I am so glad I don't own any Intel processors. This is an AMD CPU household. I do however hope Intel recovers, as AMD needs competent competition to keep them on their toes. I'm also glad I decided to wait on that new RYZEN build, and am still on a 9590. Now when I eventually get one, it should already be tweaked to remove the exploit.
Hey guys my specs are: OS: Windows 7 CPU: None GPU: GTX 1080Ti Or OS: Windows 7 CPU: GTX Titan (Don't ask me how I installed a GPU as a CPU) GPU: 8 GTX Titan's SLI'd
actually, AMD processors are a lot less affected, also, the new patches for windows 10 do actually hit performance, not for gaming, but 4k read speeds...rip also, as these exploits are hard to exploit and require a lot of time, hackers won't target your measly hundreds of thousands of dollars, so the general public is safe, and I would actually wait until anything actually happens with these exploits and wait for a patch that doesn't hit CPU performance as much if you do productivity tasks
John Mertz maybe they should use EPYC cpus :), but no seriously, do you think using a hybrid processing power (that amd unsuccessfully envisioned with apus) using the new volta chips could be comparable to cpus today and become the dominant force in server power markets?
From what I understand, Meltdown is more dangerous and also affects only Intel CPUs. I also think with some cleverness you could've extended the real world analogies and made these vulnerabilities make more sense.
you'd think it would be well known, but when i took business in highschool (which despite its name is all about Microsoft office and photoshop), we spent the first class learning how to turn on and off a computer. And people needed it. So it turns out there are people that dumb
Nickjc1999 I work in a library and we offer free basic computer classes all the time. People who don’t know how to turn on a computer aren’t unintelligent - they just probably haven’t been exposed to the technology in a way where they would learn how to use it. It happens so much more than most people think.
Nickjc1999 Thanks for the clarification. I had wrongly interpreted your statement based on the most common usage of the word around my section of the US. My apologies. In any case, it distresses me as well that so many people are missing these basic lessons in technology. I see so many young people in this category and, if the public schools were better supported, this probably wouldn’t be the case.
Actually, you even need to be careful about downloading and installing updates. A Windows update caused a number of systems with older AMD processors to bluescreen on bootup, to the point where even a system restore point couldn't undo the damage- the only way to recover (outside of a complete reinstall) was a rather tricky technique to uninstall the problematic part of the update.
I work in IT and I don't know if anyone else has noticed, but I've had 5 computers in the last week on Windows 10 have their partitions go RAW after a reboot with some recent updates. A chkdsk can be done on the raw partition, but then it's not accessible with all permissions corrupted. Basically have to do data recovery and format reinstall. So annoying when you're just trying to fix something simple like wifi problems.
beayn I haven't noticed anything like that recently. Although, I'm just a local comp repair guy, and there hasn't been much work in my area for the past few weeks. Maybe I'm just lucky. Could you share the make/model of the workstations and the particular version of windows 10 they were on? Also, do you know which update caused the issue? It might save me a bit of hassle in the future =P
In case you didn't know Microsoft blocked the update to users with old AMD processors soon after it's reported. They are working on a fix with AMD to solve this. As long as you don't install updates immediately you should be fine.
The Rogue Wolf 🐺 I found this out the hard way! But luckily my operating system Win7 gave me options on boot up to either fix boot up or restore my computer to a later date. I tried both not sure which one fixed it but 8 restated my laptop and it works!
The horrifying thing is this isn't getting better. I just sat through a conference on it, and while a lot of what I heard is confidential, I will say that those doing evil are outpacing those trying to protect us. At this point any entity with its own data infrastructure needs a security professional AND to hire security contractors, and you need a positive working relationship between security, server, network, and programming teams just to stay afloat. At this point, the baseline is both internal and external security audits and pen testing, encryption of all key data, 2FA, password policies, all-employee security training, update management, device management, layered endpoint monitoring and general network monitoring, multiple off-site backups, offline backups and write-once backups, backup integrity checks, and having both internal and external security professionals and pre-established working relationships with law enforcement. It's hard to fathom just how much it's changed in the last 30 years. We went from computers where passwords were optional to even have on some PCs, and major government websites that could be defaced by anyone who was bored and had minimal computer knowledge, to now having massive security overhead for anything larger than a mom & pop store and a mix of state sponsored and large organized malicious groups exploiting extremely complicated and unique security vulnerabilities of individual organizations over periods of sometimes even years and who even do things like coordinating their attacks to hit on a weekend to overwhelm the international community of security professionals as a whole as they try to respond to timed breaches across the globe in unrelated businesses and organizations. It's a far cry from the jerks in college who sent a "restart" command to your PC the moment you started to beat them in Doom II on the dorm's LAN. It's also the sole reason I worry about self driving cars. While anything made by human hands can't be perfect, they already are far safer than anything driven by human hands by an extreme margin. There are risks of corporate policies doing evil things, but that can be dealt with. But unlike a zero day exploit taking down networks and doing a billion in damages to equipment, a zero day exploit causing something as simple as the accelerator being stuck on in one car manufacturer's products could do insane amounts of harm to people. To be clear, the Toyota "stuck accelerator" problem turned out to be a mixture of physical hardware and stupid human tricks, not software, but it illustrates the risk of even a simple function being misused. (That happened to 90 people and even that number is believed to be mostly human error rather than the pedal sticking because testing showed a stuck accelerator would be overridden by the brakes and the black boxes showed those people never once pressed the brakes during their acceleration.) But a state actor deciding to use it maliciously could kill millions of people in mere hours if even one manufacturer has an exploitable vulnerability. To be clear, I do want to see self driving cars become widespread, but not from any of the manufacturers who want them to have network capability. Stuxnet had to be walked in on thumb drives because the systems weren't connected to a wider area network like the internet or a car-to-car network. The only area where this is a more significant risk than continued human drivers is these manufacturers thinking they need to have their cars communicate with one another and with online traffic control systems.
My Linux system had Intel microcode updates and kernel patches available for both exploits the very same day the news announcement about them was made. So it obviously wasn't too difficult to patch. They did have about a month to work on it, because these were actually only theoretical exploits, that were found by a contracted security company, not hackers. Which also means there was a lot more unnecessary hype about it than there should have been.
patched the microcode of my CPU for this and updated the OS to fix it. So I'm fine for this. While Meltdown only affect Intel. Specter also affect AMD. BUT, with Intel, you can be hacked remotely through Specter, while for AMD, the hacker needs to physically be at your PC to do anything. So AMD's flaw isn't as bad as Intel's, regardless of the PR disaster that Intel is trying to spin.
MrGeekGamer it's true. There are two Variants of Spectre (1 & 2) AMD affects only Spectre 1 and can be patched by OS, the rest Spectre 2 and Meltdown are unaffected due to the architectual differentes than intel, I use both AMD and Intel, please do your homework
Yeah, but if you cannot afford them on their release date you are stuck with an obsolete OS unless you do some magic by rooting and using custom ROM or whatever.
i guess it would be easier for them if there was less variety in hardware, but windows manages so idk why android won't...:( i'm fixing my broken 2,5 year old phone instead of buying a new one:D hardware is still fine (other than the shattered screen), but no more updates for me! buy a new one and throw it out after 2 years! edit: i was talking about google, not manufacturers..i should read what i'm responding to:D
Is there any CPU producing company NOT affected by either issue? Is it even possible to own a computer without it? (The news people always talk about the companies, but not about how many people are actually affected. My grandfather surely doesn't know what cpu his PC has, but if he hears that literally everyone is affected he will allow the updates)
kd1s lately microsoft only create updates or anything else to make people expend money... The company innovation is dead... But they are too huge to die... Honestly just trash since bill left
Because it's close enough to us to be gravitationally bound to the Milky Way. That's why these two and a few more galaxies form the Local Cluster. There are lots of other galactic clusters out there, their galaxies stay near each other due to gravity, but the clusters themselves are far enough from each other that as gravity weakens over distance, Dark Energy takes over and takes them further away from each other.
Because gravity. Ever heard of gravity? It's pretty neat. Dark Energy pulls everything apart, Gravity pulls everything back together. The balance between these two forces is what allows our universe to exist.
Because we are close enough to each other that gravity wins. Anything in the local group is gravitationally locked to each other, primarily us and andromeda. Remember, gravity is dictated by the amount of matter (aka mass) an object has and distance (dictated by the inverse-square law). Yes, the distance is constantly being added to, and the mind-boggling distance between galaxies should weaken gravity farther, but the mind-boggling mass of said galaxies is stronger and just happen to be close enough that expansion doesn't play a big enough factor. Star trek's warp drive might be a good enough analogy to understand the basics of Einstein's general relativity (aka theory of gravitation). The mass of an entire galaxy warps spacetime to effectively push things into itself, nevermind to other things. Do this experiment at home, take a bowl of water and carefully put a paperclip into it til it floats. Notice how, despite being denser than water, it floats due to surface tension. Put another one in nearby and they stick to each other. If you look carefully, the water curves down and under the paperclip. The water effectively pushes the clips together in a manner similar to spacetime warping. It's Okay to be Smart has a good video on this experiment: ruclips.net/video/mbKAwk-OG_w/видео.html. This isn't a perfect analogy, but gives you an idea. You also have to keep in mind that the matter we see is less than 5% of the universe. The rest we can't see is dark energy (about 68% and is the thing responsible for expansion) and dark matter (about 27% and is the thing most of the mass of the galaxy is). Turns out, without dark matter, the galaxies we know would just fly apart, doesn't matter if dark energy expands the space or not. There just isn't enough visible stars, planets, and (invisible) black holes to hold our galaxy together. To put it simply, the mass of our galaxies, the distance apart, and the math happens to work out in favor of gravity rather than expansion.
Wow, this comments section is basically a warzone between cancerous fanboys. Intel patched meltdown, and the performance degradation is basically 0 for people like us, so that makes Intel and AMD equal. Both are affected by spectre, both are safe from meltdown right now afaik. Now stop boasting like little kids.
@@TexelGuy Intel only patched MELTDOWN on newer generations. Older ones are screwed. I'm on an i5 2500 and this is the last time i buy something from Intel.
I was expecting this after one of my professors explained to me how computer programs typically operate. He emphasized C and Linux but I assumed all computers used the branch processing, once it was explained. From there, it was only a matter of time till someone figured out how to retrieve the extra data
I can guarantee you that Spectre and Meltdown will cause less damage than people asking for users passwords. The single hardest computer vulnerability in existence to prevent in PEBKAC, but it doesn't get nearly as much publicity because fixing it isn't as simple as releasing a software update.
(Indian accent) Hello. I am calling from Microsoft. We noticed that your computer is infected with viruses and errors. Please go to this address and allow me to take remote control of your computer so that we may fix your problems. Uh... OKAY. Here you go.
tbh, my grandma knows so little about computers that last week while she was checking her email, she opened a new tab and asked me for help on how to "fix it". So she's safe from viruses as long as I am XD
Outer M. Oh yes. Large servers and data centers are far more vulnerable to attacks like this. It's just that videos like this are generally aimed at the public and most hackers don't care about personal computers outside of ransom-ware and back accounts. On the flip side, data centers have a lot more valuable information and are generally maintained by people who know how not to fall for social engineering attacks meaning that hackers will use more complex strategies like these exploits.
it isn't "read only" if it can be accessed and changed, firmware is authorized access only, and that can always be circumvented by physical access to the hardware, very difficult to do remotely, although still roughly possible and it even happens sometimes though usually those times it is from an authorized source. keep in mind that the software on your cable modem or your router is "firmware" and if you are smart you update that every now and then yourself. if you can do it, so can somebody else, with whatever software they want.
Most supercomputers aren't PCs. A raspberry Pi isn't really a PC. A whole lot of integrated systems aren't PCs. SPARCs, MIPSes and what not aren't PCs.
1:35 "Speculative execution means the CPU grabs data and executes a few instructions along the most likely branch" - Nope, That is just Branch Prediction. The CPU simultaneously executes instructions along BOTH branches and when the result of the branch is available it discards the effects of the instructions in the branch not taken. That's what makes it speculative execution. en.wikipedia.org/wiki/Speculative_execution
living in this world is becoming increasingly complicated by the hour, when you think you finally get it, is already obsolete and keeping up with everything is just overwhelming. Same applies to social and environmental issues.
It’s not even “clever coding” You don’t need to write 18 pages of C++, it could just be some JavaScript. Which is taught in high schools and is considered the entry level coding. It’s just insane!
John Mertz where did I say that? I’m just making a point that the vulnerability is so great, the coding techniques are taught to high schoolers. You don’t need to be a professional inferencer to work that out. Don’t take everything so literally.
Beyond clever coding, we're talking about burgling a house through a keyhole. These exploits theoretically allow someone access to anything on your system but they would have to create a basic AI like a worm in order to take advantage of the exploit because they would be relying on branch prediction many millions of times just to navigate a megabyte or so of data. Their malware would need solid access to your cpu for hours before they had a decent map of what was on your system and whether or not anything was valuable, so they'd have to throttle it, hide it and hijack any antivirus software you have or they'd get nothing. When this finally gets taken advantage of it will be by the likes of a Russian or Chinese agency and it'll be used against western agencies, it won't be used by scriptkiddies.
Closest thing to a computer when I was in high school was a calculator. YEAH YEAH. I KNOW I'M OLD ==just remember you don't get to be old by being stupid
Can we talk about how you said "PC, Mac & Linux" Mac and Linux are operating system that run on PCs (Personal Computers) (Also Mac is based on Linux, but that's a different topic) You should say "Windows, Mac and Linux". Mac is to PC as Ford is to Truck. That is all. :)
This proves we humans aren't ready for sentient AI or machine learning. Imagine 10 years into the robot age: "A vulnerability in the robots of the last decade is turning our servile robots into rogue killers; companies working on a patch" lmao
I was distracted, but I didn't hear the word "Meltdown" except at the intro. Was there a mistake in the video because all I heard was "Spectre" being explained the whole video?
But will be replaced by a whole list of other problems as we don't ever have to leave the house, just teleporting our food in as we do with our hardware.
Someone can help me? I installed some... let me call it... "stuff.exe" (it was a legit program) in 17 December 2017 in 11 January i scanned that installer and found "*Ransom:Win32/WannaCrypt!bit*" i have still all files usable and nothing happen after installing this. (But i'm in panic and scanned PC with Defender - who found this Ransom). Please tell me... i'm safe?
Antivirus software will do absolutely nothing to protect against this. Why tell people to ensure it's updated? You might as well tell them to carry a lucky rabbits foot.
Actually it will. Do you even know what software is? For someone to try to do something to exploit this, they have to remotely infect your computer with a piece of software first, or physically plug something into the computer. Anti-Viruses are not "perfect", but not having one is waay dumber than having one.
What even is Antivirus software capable of defending against? It mostly stops the user from running malicious software and visiting malicious websites. Antivirus software doesn't protect you from most vulnerabilities, it only protects you from running code on your computer that exploit these vulnerabilities. And it will do the same for Meltdown and Specter, once the first viruses using them emerge.
I'd just like to interject for moment. What you're refering to as Linux, is in fact, GNU/Linux, or as I've recently taken to calling it, GNU plus Linux. Linux is not an operating system unto itself, but rather another free component of a fully functioning GNU system made useful by the GNU corelibs, shell utilities and vital system components comprising a full OS as defined by POSIX. Many computer users run a modified version of the GNU system every day, without realizing it. Through a peculiar turn of events, the version of GNU which is widely used today is often called Linux, and many of its users are not aware that it is basically the GNU system, developed by the GNU Project. There really is a Linux, and these people are using it, but it is just a part of the system they use. Linux is the kernel: the program in the system that allocates the machine's resources to the other programs that you run. The kernel is an essential part of an operating system, but useless by itself; it can only function in the context of a complete operating system. Linux is normally used in combination with the GNU operating system: the whole system is basically GNU with Linux added, or GNU/Linux. All the so-called Linux distributions are really distributions of GNU/Linux!
Meltdown: It only affects Intel and some Qualcomm and ARM CPUs. Me: Good thing that I use AMD Spectre: It can affect Intel, Qualcomm, ARM, and AMD CPUs. Me: OH COME ON!!!
Important note: If you have an AMD processor, you probably won't be able to update to the Windows patch. It's been reported to brick some computers that use AMD CPUs, so play it safe. One other thing: some anti-virus programs actually interfere with the Windows patch. Whether yours interferes or not should be fairly easy to find out because a list is being compiled and updated. Depending on which anti-virus program you have, it may be as simple as getting the update hassle-free or as complicated as changing a registry.location. Even if you're not super tech-savvy, this is one problem you'll want to keep an eye on.
The fanboys in the comments are so annoying. We get it, you use AMD cpus. It's not like the latest AMD cpus had other problems of their own when they launched. It's amazing how cancerous the PC hardware game has got, it's almost as bad as iOS vs Android where it's a huge circlejerk of either platform when something bad happens.
This video makes me feel like a Luddite. Haven’t heard of ANY of these things (I know about Speculative Execution, I did a Electrical Technology Course straight out of High School in which I learnt to Design, Build, Program & Repair PCs) 😕.
Apparently, the ARM architecture on the Raspberry Pi is not affected. Source: www.raspberrypi.org/blog/why-raspberry-pi-isnt-vulnerable-to-spectre-or-meltdown/
Computerphile has a great, more in-depth explanation of all this if anyone's interested :) I'll try to explain an overview of the details here, though. So basically, as mentioned, speculative execution will guess the next set of instructions and run them while data is being fetched from memory, thereby speeding up the process when the data finally comes in. If the guess was wrong and the instruction shouldn't have been run, the changes are undone and the memory cleared of any trace of them... except the cache is not cleared. When data is pulled in from memory, some of it is stored in the "cache", which is a much faster (but smaller) bit of memory physically closer to the CPU. The idea is that if you access a certain bit of memory once in a program, you'll likely need it again, so it's stored somewhere that it can be accessed faster next time you need it. Caches can be cleared ("invalidated"), but that process can slow down a program, so deciding when to do that is tricky. (There's an old computer science joke that the two hardest things for a programmer are cache invalidation, naming things, and off-by-one errors.) So it's often not cleared, and most importantly, it's often not cleared *of speculative results*. In comes Spectre. A program can't access the cache directly, for obvious security reasons. But we know that getting data from the cache is faster than getting data from memory. So what Spectre does is the following process: 1. Run a loop over an array you have access to, using a variable in memory as the upper bound. Because the upper bound must be taken from memory, speculative execution will actually continue that loop beyond the bounds of your array without any issues. 2. In the loop, use the out-of-bounds values as the index of an array entry in a second array that you have access to. 3. When the loop ends, any indexes that are cached will be faster to read than indexes which were not cached. So if you read the entire (second) array from start to finish and time how long it takes to read each entry, you can figure out which indexes were cached. And since the indexes were actually the values of memory that were read, you can get those memory values. And since that includes all values that were read speculatively, you can get the data that was read speculatively, beyond the bounds of your program's memory, by simply checking off the indexes in order. That's still a simplified explanation, but it's basically how things work. You trick the CPU into speculatively reading bytes beyond the program's memory, use those as indexes for arrays inside your program's memory, then time how long it takes each of your array indexes to read. The fastest ones are cached, meaning they were the values of bytes read that shouldn't be accessible.
3:42 wait what? Installing Linux turned my PC into some weird hardware? Just a gentle reminder that PC either means "personnal computer" (so your calculator is actually a PC) or descendants of what we used to call "IBM PC compatble" as stated by a yearly document (discontinued as of 2000 IIRC) jointly produced by Microsoft and Intel describing what *is* a PC.
Early benchmark tests suggest that SSD writes could be very significantly affected by updates. (up to 41%) ruclips.net/video/JbhKUjPRk5Q/видео.htmlm22s
Can you do a video on Intel Management engine, and also the AMD equivalent? Intel ME is able to operate at ring -3, so that anything that hacks the ME can operate without any way for the main OS to detect it. An apparently researchers have been able to come up with such hacks.
These also affect some smartphones, i know that its primarly in iphones since they use intel chips for cellular data (tmobile and verizon.... if im correct, it could be att) but sprint and (one of those verizon or att) use qualcomm chips (the X uses AMD instead of qualcomm) but the x that use Intel are vulnerable too..... so this affects basiclly anything... also affects qualcomms and even amd if im correct, and theres “no fix” because its hardwear, not softwear... given microsoft and apple have put out updates to prevent it, but.... it will still happen... yikes... Edit: you did put it in that iphones have intel ayee, also.... im not updating im risking, i want the jailbrake for ios 11.1 on my iphone X... lmfao its cool it has the amd chip....
Dude, the entire worry about meltdown and Specter are that Anti-virus is pretty much useless to protect against these. If you could update your Antivirus to protect against these like ransomware or a keylogger, people in tech wouldn't be freaking out so much. Since your AV uses CPU cycles to inspect the system activity, it doesn't really solve the issue when it is the CPU that is running those cycles itself doing the work of exploiting the system through pulling in segments of memory or executing code it shouldn't. It might be able to help identify that package as containing a known "bad" segment of code, but that doesn't help much in today's world of rapid iteration and mutation of viruses and other compromising code. TLDR: Pure hardware vulnerabilities are scary. Apply the new BIOS patches once they get released and patch your OS when the updates become available.
I dunno. "the update fails to install and results in a black screen that just ends up reverting to the previous version.... And I don't know how to fix it; all the trouble shooting instructions didn't help or didn't make sense, involved things I'm not comfortable messing with. Please stop trying to brick my computer Windows update!" Seems like a pretty good excuse. My days of being good at fixing computers has long since crumbled at the feet of debilitating depression. If it doesn't just work I don't have the fight left in me to make it work......
Video rendering is actually not going to be affected very much. The slowdown comes from communication between the program and the operating system. A video rendering program spends 99% of its time just crunching numbers in its own address space, so if the remaining 1% of its operations are slowed down by 50%, overall you're still getting 99,5% of the original performance. What's going to be hit hardest are programs the rely on the OS heavily, like database servers that constantly need to access files and send and receive data over the network (both of which are handled by the OS).
Well, actually threat of Meltdown and Spectre is quite low, IF 1) you dont run any random code (application) 2) you use patched enough software (and i done mean meltdown mitigations) 3) if you browsing web you use latest version of browser, since browser is MOST easy way to run arbitrary code on host systems and modern browsers already includes antiSpectre measures. for most cases enabling spectre\meltdown mitigations is unacceptable performance lost.
It's a shitty situation for game studios. I've noticed lots of issues in all of the big online multiplayer games I've played over the past few days due to the security updates. Epic Games went public with screencaps of their server performance after the Meltdown fix and it's pretty much cut in half. These game studios now have to bite the bullet and pay for twice as many Intel-based servers or fork out the cash for brand new AMD EPYC servers. Glad I'm not publishing a game right now...
Telling people to update their antivirus in this case is a very, very bad idea. I know you mean well, but unfortunately the antivirus software these days have dropped considerably in quality, to the point where they are causing more security flaws than not. Several of them are preventing the Meltdown patches from working, because it turns out they think the patches are viruses, or they’ll stop working. Furthermore, most modern antiviruses introduce dozens of vulnerabilities into our browsers. It has gotten so bad that engineers at Google and Mozilla are recommending us to not install antivirus. Norton and McAfee both perform man in the middle attacks on all your HTTPS traffic to tech point where HSTS breaks and you can’t visit Microsoft.com as an example. Read more here: arstechnica.com/information-technology/2017/01/antivirus-is-bad/
What you're referring as Linux is in fact... No, that meme needs to die. Although I amend one of the lines from "patches by Linux" to "patches by Linux Foundation".
6 лет назад
You got almost everything right. Only the part where programs that use more the CPU are going to get affected is wrong. What is going to slow down is when a program call the OS using any kernel API. Mainly programs like databases and webservers, that need to constantly use I/O.
Too many "maybes" and "probablies", weighting the risk of a known impact of what a CPU slowdown would imply vs an estimated low risk of being exploited in the immediate future. And a rushed response to this theoretical threat. This is one case where I will definitely wait for the "test results" to come back from the first few million "early adopters" of any security patch, before I apply them myself.
AAAAND Intel CEO sold his stock before this was publicly known
They knew since June or July last year and sold the CPUs and launched the refresh anyway. Pretty shady as the usual intel shenanigans
That's one of the reasons I don't really like this whole "give companies 5 months to fix everything" strategy. It just gives the big wigs time to bail, gives the people who know time to exploit it, while the consumers only get shitty patches.
Sounds like insider trading inside, not Intel inside.
While both _very_ serious issues, the video is blowing things out of proportion a little bit. Meltdown is essentially an Intel issue, though there are a number of ARM cores (and not widely used ones at that) which are affected. Most ARM processors don't do speculative execution in a way that's affected by Spectre. Spectre requires out-of-order execution, and those affected are a small number of cores in total. However, those that are are concentrated amongst iPhones, iPads, various other i-devices, and higher-end Android devices.
The only ARM core affected by Meltdown is the A75. I can't think of a prominent-ish use of that core outside the Qualcomm Kryo 385, and that's _very_ new. AMD processors are designed to prevent the very issue exploited by Meltdown.
I am so glad I don't own any Intel processors. This is an AMD CPU household. I do however hope Intel recovers, as AMD needs competent competition to keep them on their toes. I'm also glad I decided to wait on that new RYZEN build, and am still on a 9590. Now when I eventually get one, it should already be tweaked to remove the exploit.
but Intel sponsors this show
+tytube3001 So?
Ill just use my pc without a cpu then, its too unsafe
Hey guys my specs are:
OS: Windows 7
CPU: None
GPU: GTX 1080Ti
Or
OS: Windows 7
CPU: GTX Titan (Don't ask me how I installed a GPU as a CPU)
GPU: 8 GTX Titan's SLI'd
If the connections worked, it probably would.
i'll just use no gpu then
Use an Exynos processor.
1:18 "Speculative execution." A good idea for computers, not a good idea for a legal system.
"He might be guilty. Off with his head!"
guilty until proven innocent
Master Therion but if it turns out to be incorrect you can reattach his head.
fun fact, 1 in 25 sentenced to death in the USA is innocent.
guilty until we think he is innocent enough.
its more like, "he might be guilty, get the guillotine ready"
How does no one notice his third button isnt buttoned!?
... "no one" ... you are about the 500th comment I've seen on it across several videos..... ?
Thank you I thought I was the only who noticed it
Because the captions are covering it up; I always watch these things with captions...
I did, in 5 seconds
Did anyone notice he wears shoes with Velcro rather than laces?
Spectre and Meltdown? I thought those were the new Pokemon games coming out.
That would be some cool names for the Nintendo Switch Pokemon game. It should also have two enemies one coloured blue and one coloured red
Ghost/Ice and Fire/Water? (Come to think of it, are there any Fire/Water Pokemon? *Quick check* Answer: Oh, right, Volcanion; whoops!)
Oooh, new idea :3
Seriously, it's scary to know that they could stop one day because they ran out of ideas ._.
Lunala and Solgaleo xD
computer vulnerability is for the weak (computers)
Muscle Hank the name lol
I ain't got time to heartbleed.
I just wannacry
that makes the raspberry pi powerful
Steven M RPI master race lol
protip: ARM is pronounced like the body part, not spelled out.
v true, my bad
Thank you for mentioning Linux. It drives me bonkers when people pretend the whole world runs Microsoft Windows.
CPUs are just doing a few things over and over again. Sounds like my life!
yeah...just like me also. Specially doing the few same mistakes over and over again. Like eating a whole pizza.
At least it will usually not get bored and make mistakes after the billionth time.
Eating a whole pizza should never be referred to as a mistake.
You should become more like a GPU, then. They do everything they need to do at once!
Yeah, pizza is pretty much the answer to everything, and anything pizza can't handle spaghetti will pwn.
actually, AMD processors are a lot less affected, also, the new patches for windows 10 do actually hit performance, not for gaming, but 4k read speeds...rip
also, as these exploits are hard to exploit and require a lot of time, hackers won't target your measly hundreds of thousands of dollars, so the general public is safe, and I would actually wait until anything actually happens with these exploits and wait for a patch that doesn't hit CPU performance as much if you do productivity tasks
Thanks for explaining
themegadude900 np, benchmarks can be found on Hardware Unboxed's channel
also more on redgamingtech an official release from MS. it does effect some quite a bit, not in gaming but general usage the average was 10% loss
3800Tech disk read and writes are the hardest hit apparently
John Mertz maybe they should use EPYC cpus :), but no seriously, do you think using a hybrid processing power (that amd unsuccessfully envisioned with apus) using the new volta chips could be comparable to cpus today and become the dominant force in server power markets?
I have AMD so, slightly safer.
Tom Hubbard - unless the update kills your AMD.
More like MUCH MORE safer. Just today yet another Intel Vulnerability got reported.
From what I understand, Meltdown is more dangerous and also affects only Intel CPUs. I also think with some cleverness you could've extended the real world analogies and made these vulnerabilities make more sense.
xkcd explained it like "a phantom trolley" in the trolley problem, which was a really cool analogy.
Yeah, I read that one. That was a pretty good analogy.
Ah i see your problem. Your computer is on fire.
At least he's cooking something for the first time
"Software updates called, patches".
I'm sad this was explained like it's not already well known..
you'd think it would be well known, but when i took business in highschool (which despite its name is all about Microsoft office and photoshop), we spent the first class learning how to turn on and off a computer. And people needed it. So it turns out there are people that dumb
Nickjc1999 I work in a library and we offer free basic computer classes all the time. People who don’t know how to turn on a computer aren’t unintelligent - they just probably haven’t been exposed to the technology in a way where they would learn how to use it. It happens so much more than most people think.
Come to think of it, I totally believe that. I've unplugged a computer and had somebody call IT because they couldn't figure it out.
Sorry, I meant "dumb" as ignorant or unknowledgeable, not unintelligent. It is a correct, albeit rare use of the word.
Nickjc1999 Thanks for the clarification. I had wrongly interpreted your statement based on the most common usage of the word around my section of the US. My apologies. In any case, it distresses me as well that so many people are missing these basic lessons in technology. I see so many young people in this category and, if the public schools were better supported, this probably wouldn’t be the case.
I didn't get a choice to update my computer. Windows force restarted it self.
Good for it, unless you're using an AMD(?) Athlon, I hear.
I got a AMD Radeon R6. Is this type of processor affected like the Athlon?
The Hank Norris is never vulnerable to anything less than The Hank Norris. If The Hank Norris were to fight The Hank Norris, the world would end.
Kinononono Mnemomomomo - Crank Norris
Actually, you even need to be careful about downloading and installing updates. A Windows update caused a number of systems with older AMD processors to bluescreen on bootup, to the point where even a system restore point couldn't undo the damage- the only way to recover (outside of a complete reinstall) was a rather tricky technique to uninstall the problematic part of the update.
I work in IT and I don't know if anyone else has noticed, but I've had 5 computers in the last week on Windows 10 have their partitions go RAW after a reboot with some recent updates. A chkdsk can be done on the raw partition, but then it's not accessible with all permissions corrupted. Basically have to do data recovery and format reinstall. So annoying when you're just trying to fix something simple like wifi problems.
beayn I haven't noticed anything like that recently. Although, I'm just a local comp repair guy, and there hasn't been much work in my area for the past few weeks. Maybe I'm just lucky. Could you share the make/model of the workstations and the particular version of windows 10 they were on? Also, do you know which update caused the issue? It might save me a bit of hassle in the future =P
In case you didn't know Microsoft blocked the update to users with old AMD processors soon after it's reported. They are working on a fix with AMD to solve this. As long as you don't install updates immediately you should be fine.
The Rogue Wolf / exactly what I don’t buy AMD, been bit before
The Rogue Wolf 🐺 I found this out the hard way! But luckily my operating system Win7 gave me options on boot up to either fix boot up or restore my computer to a later date. I tried both not sure which one fixed it but 8 restated my laptop and it works!
I assume if your cpu is melted or haunted, it's vulnerability wouldn't be in question.
Where is SciShow Computer Science?
They don't seem to have anybody with knowledge to talk on the subject. You can see by the poor word choice throughout this video.
Crash Course Computer Science is close enough.
The horrifying thing is this isn't getting better. I just sat through a conference on it, and while a lot of what I heard is confidential, I will say that those doing evil are outpacing those trying to protect us. At this point any entity with its own data infrastructure needs a security professional AND to hire security contractors, and you need a positive working relationship between security, server, network, and programming teams just to stay afloat.
At this point, the baseline is both internal and external security audits and pen testing, encryption of all key data, 2FA, password policies, all-employee security training, update management, device management, layered endpoint monitoring and general network monitoring, multiple off-site backups, offline backups and write-once backups, backup integrity checks, and having both internal and external security professionals and pre-established working relationships with law enforcement.
It's hard to fathom just how much it's changed in the last 30 years. We went from computers where passwords were optional to even have on some PCs, and major government websites that could be defaced by anyone who was bored and had minimal computer knowledge, to now having massive security overhead for anything larger than a mom & pop store and a mix of state sponsored and large organized malicious groups exploiting extremely complicated and unique security vulnerabilities of individual organizations over periods of sometimes even years and who even do things like coordinating their attacks to hit on a weekend to overwhelm the international community of security professionals as a whole as they try to respond to timed breaches across the globe in unrelated businesses and organizations. It's a far cry from the jerks in college who sent a "restart" command to your PC the moment you started to beat them in Doom II on the dorm's LAN.
It's also the sole reason I worry about self driving cars. While anything made by human hands can't be perfect, they already are far safer than anything driven by human hands by an extreme margin. There are risks of corporate policies doing evil things, but that can be dealt with. But unlike a zero day exploit taking down networks and doing a billion in damages to equipment, a zero day exploit causing something as simple as the accelerator being stuck on in one car manufacturer's products could do insane amounts of harm to people. To be clear, the Toyota "stuck accelerator" problem turned out to be a mixture of physical hardware and stupid human tricks, not software, but it illustrates the risk of even a simple function being misused. (That happened to 90 people and even that number is believed to be mostly human error rather than the pedal sticking because testing showed a stuck accelerator would be overridden by the brakes and the black boxes showed those people never once pressed the brakes during their acceleration.) But a state actor deciding to use it maliciously could kill millions of people in mere hours if even one manufacturer has an exploitable vulnerability.
To be clear, I do want to see self driving cars become widespread, but not from any of the manufacturers who want them to have network capability. Stuxnet had to be walked in on thumb drives because the systems weren't connected to a wider area network like the internet or a car-to-car network. The only area where this is a more significant risk than continued human drivers is these manufacturers thinking they need to have their cars communicate with one another and with online traffic control systems.
My Linux system had Intel microcode updates and kernel patches available for both exploits the very same day the news announcement about them was made. So it obviously wasn't too difficult to patch. They did have about a month to work on it, because these were actually only theoretical exploits, that were found by a contracted security company, not hackers. Which also means there was a lot more unnecessary hype about it than there should have been.
“Heckin’ lot of machines” got me good! 😂
You lost me at “the”
Yes Uncle Hank, going to go update my software Uncle Hank.
patched the microcode of my CPU for this and updated the OS to fix it. So I'm fine for this. While Meltdown only affect Intel. Specter also affect AMD. BUT, with Intel, you can be hacked remotely through Specter, while for AMD, the hacker needs to physically be at your PC to do anything. So AMD's flaw isn't as bad as Intel's, regardless of the PR disaster that Intel is trying to spin.
Um... Spectre could be used to 'hack' intel, amd, and arm remotely thanks to javascript... So ya...
Nice try, AMD fan boy.
MrGeekGamer it's true. There are two Variants of Spectre (1 & 2) AMD affects only Spectre 1 and can be patched by OS, the rest Spectre 2 and Meltdown are unaffected due to the architectual differentes than intel, I use both AMD and Intel, please do your homework
So AMD products are affected.
MrGeekGamer yes but not as much, and it is a lot harder to exploit.
I would patch my smartphone if manufacturers didn't stop making patches after 2 years of the first release of the model.
Yeah, but if you cannot afford them on their release date you are stuck with an obsolete OS unless you do some magic by rooting and using custom ROM or whatever.
i guess it would be easier for them if there was less variety in hardware, but windows manages so idk why android won't...:( i'm fixing my broken 2,5 year old phone instead of buying a new one:D hardware is still fine (other than the shattered screen), but no more updates for me! buy a new one and throw it out after 2 years!
edit: i was talking about google, not manufacturers..i should read what i'm responding to:D
Well the charge for Windows, Android is free. Even so my sgs7 still hasn't been updated. :/
Get a Tracfone. If somebody tries to patch it the thing'll burst into flames. It's total virus protection.
Is there any CPU producing company NOT affected by either issue? Is it even possible to own a computer without it?
(The news people always talk about the companies, but not about how many people are actually affected. My grandfather surely doesn't know what cpu his PC has, but if he hears that literally everyone is affected he will allow the updates)
Raspberry Pi: www.raspberrypi.org/blog/why-raspberry-pi-isnt-vulnerable-to-spectre-or-meltdown/
So, yeah, update, unless you have an Athlon CPU and the Windows updates bricks your PC.
And if you own Windows machines (There's Win7 and Win10 here) you'll know Microsoft just pushed updates to handle the issue.
kd1s lately microsoft only create updates or anything else to make people expend money... The company innovation is dead... But they are too huge to die... Honestly just trash since bill left
As is Apple since Jobs died, but probably worse.
98% of everything is crap. That's why I go for serious crap and buy Tracfones.
Why does the andromeda galaxy moves closer to us when the universe is expanding?
This is my first petition
Why does the ball you throw to your buddy gets closer to him, even though universe is expanding?
Because it's close enough to us to be gravitationally bound to the Milky Way. That's why these two and a few more galaxies form the Local Cluster. There are lots of other galactic clusters out there, their galaxies stay near each other due to gravity, but the clusters themselves are far enough from each other that as gravity weakens over distance, Dark Energy takes over and takes them further away from each other.
This seems like more of a topic for scishow space
Because gravity. Ever heard of gravity? It's pretty neat.
Dark Energy pulls everything apart, Gravity pulls everything back together.
The balance between these two forces is what allows our universe to exist.
Because we are close enough to each other that gravity wins. Anything in the local group is gravitationally locked to each other, primarily us and andromeda. Remember, gravity is dictated by the amount of matter (aka mass) an object has and distance (dictated by the inverse-square law). Yes, the distance is constantly being added to, and the mind-boggling distance between galaxies should weaken gravity farther, but the mind-boggling mass of said galaxies is stronger and just happen to be close enough that expansion doesn't play a big enough factor.
Star trek's warp drive might be a good enough analogy to understand the basics of Einstein's general relativity (aka theory of gravitation). The mass of an entire galaxy warps spacetime to effectively push things into itself, nevermind to other things. Do this experiment at home, take a bowl of water and carefully put a paperclip into it til it floats. Notice how, despite being denser than water, it floats due to surface tension. Put another one in nearby and they stick to each other. If you look carefully, the water curves down and under the paperclip. The water effectively pushes the clips together in a manner similar to spacetime warping. It's Okay to be Smart has a good video on this experiment: ruclips.net/video/mbKAwk-OG_w/видео.html. This isn't a perfect analogy, but gives you an idea.
You also have to keep in mind that the matter we see is less than 5% of the universe. The rest we can't see is dark energy (about 68% and is the thing responsible for expansion) and dark matter (about 27% and is the thing most of the mass of the galaxy is). Turns out, without dark matter, the galaxies we know would just fly apart, doesn't matter if dark energy expands the space or not. There just isn't enough visible stars, planets, and (invisible) black holes to hold our galaxy together.
To put it simply, the mass of our galaxies, the distance apart, and the math happens to work out in favor of gravity rather than expansion.
Willing to bet Hank wasn't wearing pants in this video.
Can the next video be full of nice pictures becouse my brain died after this.
*laughs in AMD*
John Mertz I'm laughing because I have one, I'm not laughing at them
Only industrial workloads can utilize that, I just game so there is no reason for me to get something so overkill.
Wow, this comments section is basically a warzone between cancerous fanboys. Intel patched meltdown, and the performance degradation is basically 0 for people like us, so that makes Intel and AMD equal. Both are affected by spectre, both are safe from meltdown right now afaik. Now stop boasting like little kids.
@@TexelGuy Intel only patched MELTDOWN on newer generations. Older ones are screwed. I'm on an i5 2500 and this is the last time i buy something from Intel.
God damnit cheat engine is lagging now for obvious reasons
good thing all my devices have MediaTek processors
I was expecting this after one of my professors explained to me how computer programs typically operate. He emphasized C and Linux but I assumed all computers used the branch processing, once it was explained. From there, it was only a matter of time till someone figured out how to retrieve the extra data
I can guarantee you that Spectre and Meltdown will cause less damage than people asking for users passwords.
The single hardest computer vulnerability in existence to prevent in PEBKAC, but it doesn't get nearly as much publicity because fixing it isn't as simple as releasing a software update.
(Indian accent) Hello. I am calling from Microsoft. We noticed that your computer is infected with viruses and errors. Please go to this address and allow me to take remote control of your computer so that we may fix your problems.
Uh... OKAY. Here you go.
beayn, legitimately happened to my grandma, she felt like such an idiot
tbh, my grandma knows so little about computers that last week while she was checking her email, she opened a new tab and asked me for help on how to "fix it". So she's safe from viruses as long as I am XD
Outer M. Oh yes. Large servers and data centers are far more vulnerable to attacks like this. It's just that videos like this are generally aimed at the public and most hackers don't care about personal computers outside of ransom-ware and back accounts. On the flip side, data centers have a lot more valuable information and are generally maintained by people who know how not to fall for social engineering attacks meaning that hackers will use more complex strategies like these exploits.
I feel erked that you pronounced arm A-R-M. But recognize that this is irrational
it isn't "read only" if it can be accessed and changed, firmware is authorized access only, and that can always be circumvented by physical access to the hardware, very difficult to do remotely, although still roughly possible and it even happens sometimes though usually those times it is from an authorized source. keep in mind that the software on your cable modem or your router is "firmware" and if you are smart you update that every now and then yourself. if you can do it, so can somebody else, with whatever software they want.
When the PC is flaming you should be worrying about security...
Sounds like the NSA backdoors in Intel processors I heard about years ago might not have been just a crazy conspiracy theory.
Love it, thank you for this basic public service announcement that our government should be doing...
justin miller wich one?
Basically* all of them that use broadcasting communications in any way.
Do you even watch government broadcasting?
PC, mac or linux? Since when is a computer with linux not a PC?
You could argue that smartphones are more PC than PCs. Often "PCs" are used my multiple people while a smartphone really is "personal" to each user.
Most supercomputers aren't PCs. A raspberry Pi isn't really a PC. A whole lot of integrated systems aren't PCs. SPARCs, MIPSes and what not aren't PCs.
Unfortunately for phones, tablets and IoT devices more than a year old there most likely will never be any updates.
How is this channel qualified for this topic? There are much better videos already made.
Hahahaha, I love how he eventually buttoned his middle button on his shirt, that was bugging me the whole time!
Any one else annoyed by the uneven spacing of his shirt buttons? Did Hank forget a button?
I bet there were a lot of admins wishing they had stuck with Sparc Stations.
5:27 The proposed patches affect the speed of system calls, not speculative execution.
1:35 "Speculative execution means the CPU grabs data and executes a few instructions along the most likely branch" - Nope, That is just Branch Prediction.
The CPU simultaneously executes instructions along BOTH branches and when the result of the branch is available it discards the effects of the instructions in the branch not taken. That's what makes it speculative execution.
en.wikipedia.org/wiki/Speculative_execution
"Qualcomm and A-R-M..."
*you* *mean* *_ARM_*
Since when is there a manufacturer called ARM?
0:27 so a computer without a CPU is just a r
this really put the 'e' in e-bola
Wow you guys are so quick at reporting this (sarcasm)
4:46 - I love how he says "Linux" like it's a company.
living in this world is becoming increasingly complicated by the hour, when you think you finally get it, is already obsolete and keeping up with everything is just overwhelming.
Same applies to social and environmental issues.
great job, but i knew you were uploading this video before you did it !
It’s not even “clever coding”
You don’t need to write 18 pages of C++, it could just be some JavaScript. Which is taught in high schools and is considered the entry level coding. It’s just insane!
What's "CC+"?
At this point even if you think it was a typo, I'm sure someone out there has named a coding language or program like that.
John Mertz where did I say that? I’m just making a point that the vulnerability is so great, the coding techniques are taught to high schoolers. You don’t need to be a professional inferencer to work that out. Don’t take everything so literally.
Beyond clever coding, we're talking about burgling a house through a keyhole. These exploits theoretically allow someone access to anything on your system but they would have to create a basic AI like a worm in order to take advantage of the exploit because they would be relying on branch prediction many millions of times just to navigate a megabyte or so of data. Their malware would need solid access to your cpu for hours before they had a decent map of what was on your system and whether or not anything was valuable, so they'd have to throttle it, hide it and hijack any antivirus software you have or they'd get nothing.
When this finally gets taken advantage of it will be by the likes of a Russian or Chinese agency and it'll be used against western agencies, it won't be used by scriptkiddies.
Closest thing to a computer when I was in high school was a calculator. YEAH YEAH. I KNOW I'M OLD ==just remember you don't get to be old by being stupid
Can we talk about how you said "PC, Mac & Linux" Mac and Linux are operating system that run on PCs (Personal Computers) (Also Mac is based on Linux, but that's a different topic) You should say "Windows, Mac and Linux". Mac is to PC as Ford is to Truck. That is all. :)
Mac is not based on Linux but its kernel is based on BSD which is a close cousin, so to speak.
MacOS is not based on Linux. Its also not really based on BSD, it just took some userspace from it
www.quora.com/Is-Mac-OS-X-considered-to-be-a-BSD-UNIX
Still, macOS kernel is not from BSD, it's XNU
Mike L Linux, Windows, everything else, Mac. In order of customizability.
Knock knock...
Branch Prediction
Who's there?
This proves we humans aren't ready for sentient AI or machine learning. Imagine 10 years into the robot age: "A vulnerability in the robots of the last decade is turning our servile robots into rogue killers; companies working on a patch" lmao
I'm grumpy now.
Isn't the Computer's Firewall supposed to stop unauthorized access?!!
Most of it, but there are still backdoors and loopholes, and the fact someone can OK a program that has already been hijacked.
I was distracted, but I didn't hear the word "Meltdown" except at the intro. Was there a mistake in the video because all I heard was "Spectre" being explained the whole video?
Possible future video topic: what makes freckles and birthmarks form
... Hold on, one of your buttons is either undone or missing, and now I can't focus on anything else in the video since I saw this :|
I came as soon as I was notified. It's nice to comment with no one caring much, and I hope this is one of those times.
Was there a missing button on Hank's shirt?! Love the ending note though. Thank you for keeping us updated!
when we can upgrade hardware through the Internet these problems will disappear.
But will be replaced by a whole list of other problems as we don't ever have to leave the house, just teleporting our food in as we do with our hardware.
Yes, but in the end technology brings more solutions than problems.
Sci-show Bob!
Someone can help me?
I installed some... let me call it... "stuff.exe" (it was a legit program) in 17 December 2017
in 11 January i scanned that installer and found "*Ransom:Win32/WannaCrypt!bit*"
i have still all files usable and nothing happen after installing this. (But i'm in panic and scanned PC with Defender - who found this Ransom).
Please tell me... i'm safe?
Spectre actually stands for Special Tactics and Reconnaissance
SpecTRe
Antivirus software will do absolutely nothing to protect against this. Why tell people to ensure it's updated? You might as well tell them to carry a lucky rabbits foot.
Because they prevent people from running software/ visit websites that will exploit these vulnerabilities.
Actually it will. Do you even know what software is? For someone to try to do something to exploit this, they have to remotely infect your computer with a piece of software first, or physically plug something into the computer. Anti-Viruses are not "perfect", but not having one is waay dumber than having one.
Actually yes, I am a professional software developer. Antivirus software isn't capable of defending against this.
What even is Antivirus software capable of defending against? It mostly stops the user from running malicious software and visiting malicious websites.
Antivirus software doesn't protect you from most vulnerabilities, it only protects you from running code on your computer that exploit these vulnerabilities. And it will do the same for Meltdown and Specter, once the first viruses using them emerge.
The very nature of the problem means that it is not possible to distinguish between a "virus" and regular program execution.
I'd just like to interject for moment. What you're refering to as Linux, is in fact, GNU/Linux, or as I've recently taken to calling it, GNU plus Linux. Linux is not an operating system unto itself, but rather another free component of a fully functioning GNU system made useful by the GNU corelibs, shell utilities and vital system components comprising a full OS as defined by POSIX.
Many computer users run a modified version of the GNU system every day, without realizing it. Through a peculiar turn of events, the version of GNU which is widely used today is often called Linux, and many of its users are not aware that it is basically the GNU system, developed by the GNU Project.
There really is a Linux, and these people are using it, but it is just a part of the system they use. Linux is the kernel: the program in the system that allocates the machine's resources to the other programs that you run. The kernel is an essential part of an operating system, but useless by itself; it can only function in the context of a complete operating system. Linux is normally used in combination with the GNU operating system: the whole system is basically GNU with Linux added, or GNU/Linux. All the so-called Linux distributions are really distributions of GNU/Linux!
Meltdown: It only affects Intel and some Qualcomm and ARM CPUs.
Me: Good thing that I use AMD
Spectre: It can affect Intel, Qualcomm, ARM, and AMD CPUs.
Me: OH COME ON!!!
Important note: If you have an AMD processor, you probably won't be able to update to the Windows patch. It's been reported to brick some computers that use AMD CPUs, so play it safe.
One other thing: some anti-virus programs actually interfere with the Windows patch. Whether yours interferes or not should be fairly easy to find out because a list is being compiled and updated. Depending on which anti-virus program you have, it may be as simple as getting the update hassle-free or as complicated as changing a registry.location. Even if you're not super tech-savvy, this is one problem you'll want to keep an eye on.
The fanboys in the comments are so annoying. We get it, you use AMD cpus. It's not like the latest AMD cpus had other problems of their own when they launched. It's amazing how cancerous the PC hardware game has got, it's almost as bad as iOS vs Android where it's a huge circlejerk of either platform when something bad happens.
This video makes me feel like a Luddite. Haven’t heard of ANY of these things (I know about Speculative Execution, I did a Electrical Technology Course straight out of High School in which I learnt to Design, Build, Program & Repair PCs) 😕.
Apparently, the ARM architecture on the Raspberry Pi is not affected. Source: www.raspberrypi.org/blog/why-raspberry-pi-isnt-vulnerable-to-spectre-or-meltdown/
Computerphile has a great, more in-depth explanation of all this if anyone's interested :)
I'll try to explain an overview of the details here, though.
So basically, as mentioned, speculative execution will guess the next set of instructions and run them while data is being fetched from memory, thereby speeding up the process when the data finally comes in. If the guess was wrong and the instruction shouldn't have been run, the changes are undone and the memory cleared of any trace of them... except the cache is not cleared. When data is pulled in from memory, some of it is stored in the "cache", which is a much faster (but smaller) bit of memory physically closer to the CPU. The idea is that if you access a certain bit of memory once in a program, you'll likely need it again, so it's stored somewhere that it can be accessed faster next time you need it.
Caches can be cleared ("invalidated"), but that process can slow down a program, so deciding when to do that is tricky. (There's an old computer science joke that the two hardest things for a programmer are cache invalidation, naming things, and off-by-one errors.) So it's often not cleared, and most importantly, it's often not cleared *of speculative results*.
In comes Spectre. A program can't access the cache directly, for obvious security reasons. But we know that getting data from the cache is faster than getting data from memory. So what Spectre does is the following process:
1. Run a loop over an array you have access to, using a variable in memory as the upper bound. Because the upper bound must be taken from memory, speculative execution will actually continue that loop beyond the bounds of your array without any issues.
2. In the loop, use the out-of-bounds values as the index of an array entry in a second array that you have access to.
3. When the loop ends, any indexes that are cached will be faster to read than indexes which were not cached. So if you read the entire (second) array from start to finish and time how long it takes to read each entry, you can figure out which indexes were cached. And since the indexes were actually the values of memory that were read, you can get those memory values. And since that includes all values that were read speculatively, you can get the data that was read speculatively, beyond the bounds of your program's memory, by simply checking off the indexes in order.
That's still a simplified explanation, but it's basically how things work. You trick the CPU into speculatively reading bytes beyond the program's memory, use those as indexes for arrays inside your program's memory, then time how long it takes each of your array indexes to read. The fastest ones are cached, meaning they were the values of bytes read that shouldn't be accessible.
Now if only I could update my PC without having to install Wins 10...
3:42 wait what?
Installing Linux turned my PC into some weird hardware?
Just a gentle reminder that PC either means "personnal computer" (so your calculator is actually a PC) or descendants of what we used to call "IBM PC compatble" as stated by a yearly document (discontinued as of 2000 IIRC) jointly produced by Microsoft and Intel describing what *is* a PC.
Early benchmark tests suggest that SSD writes could be very significantly affected by updates. (up to 41%)
ruclips.net/video/JbhKUjPRk5Q/видео.htmlm22s
Who else is bothered by the unbuttoned button on his shirt...
Bernard DeRoxas "telling him in the comments isn't going to magically fix the butto-" 5:06 "oh, it did"
Can you do a video on Intel Management engine, and also the AMD equivalent? Intel ME is able to operate at ring -3, so that anything that hacks the ME can operate without any way for the main OS to detect it. An apparently researchers have been able to come up with such hacks.
These also affect some smartphones, i know that its primarly in iphones since they use intel chips for cellular data (tmobile and verizon.... if im correct, it could be att) but sprint and (one of those verizon or att) use qualcomm chips (the X uses AMD instead of qualcomm) but the x that use Intel are vulnerable too..... so this affects basiclly anything... also affects qualcomms and even amd if im correct, and theres “no fix” because its hardwear, not softwear... given microsoft and apple have put out updates to prevent it, but.... it will still happen... yikes...
Edit: you did put it in that iphones have intel ayee, also.... im not updating im risking, i want the jailbrake for ios 11.1 on my iphone X... lmfao its cool it has the amd chip....
Dude, the entire worry about meltdown and Specter are that Anti-virus is pretty much useless to protect against these. If you could update your Antivirus to protect against these like ransomware or a keylogger, people in tech wouldn't be freaking out so much. Since your AV uses CPU cycles to inspect the system activity, it doesn't really solve the issue when it is the CPU that is running those cycles itself doing the work of exploiting the system through pulling in segments of memory or executing code it shouldn't. It might be able to help identify that package as containing a known "bad" segment of code, but that doesn't help much in today's world of rapid iteration and mutation of viruses and other compromising code.
TLDR: Pure hardware vulnerabilities are scary. Apply the new BIOS patches once they get released and patch your OS when the updates become available.
I dunno. "the update fails to install and results in a black screen that just ends up reverting to the previous version.... And I don't know how to fix it; all the trouble shooting instructions didn't help or didn't make sense, involved things I'm not comfortable messing with. Please stop trying to brick my computer Windows update!" Seems like a pretty good excuse. My days of being good at fixing computers has long since crumbled at the feet of debilitating depression. If it doesn't just work I don't have the fight left in me to make it work......
Video rendering is actually not going to be affected very much. The slowdown comes from communication between the program and the operating system. A video rendering program spends 99% of its time just crunching numbers in its own address space, so if the remaining 1% of its operations are slowed down by 50%, overall you're still getting 99,5% of the original performance. What's going to be hit hardest are programs the rely on the OS heavily, like database servers that constantly need to access files and send and receive data over the network (both of which are handled by the OS).
I thought SPECTRE was that evil group from James Bond movies... the villain guy in the grey suit with the cat...
Well, actually threat of Meltdown and Spectre is quite low, IF 1) you dont run any random code (application) 2) you use patched enough software (and i done mean meltdown mitigations) 3) if you browsing web you use latest version of browser, since browser is MOST easy way to run arbitrary code on host systems and modern browsers already includes antiSpectre measures.
for most cases enabling spectre\meltdown mitigations is unacceptable performance lost.
It's a shitty situation for game studios. I've noticed lots of issues in all of the big online multiplayer games I've played over the past few days due to the security updates. Epic Games went public with screencaps of their server performance after the Meltdown fix and it's pretty much cut in half. These game studios now have to bite the bullet and pay for twice as many Intel-based servers or fork out the cash for brand new AMD EPYC servers. Glad I'm not publishing a game right now...
Yup Linux users have been protected for months with next to no CPU processing impact. Enjoy your 20-30% decrease in CPU power windows users lol
Telling people to update their antivirus in this case is a very, very bad idea. I know you mean well, but unfortunately the antivirus software these days have dropped considerably in quality, to the point where they are causing more security flaws than not. Several of them are preventing the Meltdown patches from working, because it turns out they think the patches are viruses, or they’ll stop working.
Furthermore, most modern antiviruses introduce dozens of vulnerabilities into our browsers. It has gotten so bad that engineers at Google and Mozilla are recommending us to not install antivirus. Norton and McAfee both perform man in the middle attacks on all your HTTPS traffic to tech point where HSTS breaks and you can’t visit Microsoft.com as an example.
Read more here: arstechnica.com/information-technology/2017/01/antivirus-is-bad/
So my pentium 200Mhz with MMX is vulnerable? THEY AIN'T GETTING MY DOOM SAVEGAMES
Little surprised they didn't mention BIOS updates.
Yes they did, they referred to it as firmware.
Did they? Huh, I must need my ears checked then. I heard them mention the operating system but must have missed that bit for some reason.
4:50 is when he mentions it. I hope I won’t need to update my bios though because it’s a hassle and resets my settings.
yes, he mentioned the microcode patch, which is done via the bios update
What you're referring as Linux is in fact... No, that meme needs to die.
Although I amend one of the lines from "patches by Linux" to "patches by Linux Foundation".
You got almost everything right. Only the part where programs that use more the CPU are going to get affected is wrong. What is going to slow down is when a program call the OS using any kernel API. Mainly programs like databases and webservers, that need to constantly use I/O.
Too many "maybes" and "probablies", weighting the risk of a known impact of what a CPU slowdown would imply vs an estimated low risk of being exploited in the immediate future. And a rushed response to this theoretical threat. This is one case where I will definitely wait for the "test results" to come back from the first few million "early adopters" of any security patch, before I apply them myself.