Intel svinjarija
(1 korsinik/a gleda/ju temu) (1) Gost

Intel svinjarija


MacPro5,1 | MacPro2,1 | MacMini2,1 | MacbookPro3,1 | iPhone 6S
04.01.2018 | 08:58
skineš update i imaš sporu kantu hahahahaha
04.01.2018 | 10:23
Vidio jučer u podne i odmah mi je pao mrak. Sada treba vidjeti kako će Apple to riješiti, da li će nuditi zamjenu proca (što sumnjam) ili će napraviti OS patch koji će nadam se imati što manji impact na brzinu. Ovih 30% mi je pre strašno. Kao da vozimo sa jednom jezgrom manje. Nabijem ih sve skupa.

UPDATE:
Hmm izgleda da je ovo u 10.13.2 već pokriveno - twitter.com/aionescu/status/948609809540046849

UPDATE 2:
sorry Super tek sam sada vidio da se tvoj post također referencira na istu vijest.
04.01.2018 | 12:03
OK, bez panike, Apple je to izgleda ipak elegantno odradio.

Usporenje je maleno, sada sam mjerio:

Relativno uobičajen i5 quad-core 3.2GHz: prije 52.4 gigaflopsa, a nakon patcha 52.1 gigaflopsa.

"Nothing to see here, move along, move along...'"
04.01.2018 | 13:41
Dobro, jel te informacijske tehnologije s godinama napreduju ili nazaduju? Pitam onako ko sirovi građevinar.
Ovakav scenarij je sličan onom kao od nedavno vezano za ajfone. Prevare za prevarom. Mislim, da su barem kreativniji u tome.
04.01.2018 | 19:51
dpasaric kaže:
"Nothing to see here, move along, move along...'"


05.01.2018 | 17:22
Cijela ova industrija je obična smijurija sa stanovišta sigurnosti. Al ozbiljno.

Ne volim bez veze to stano ponavljati jer djeluje ko ona klasična 'cry wolf' priča, ali svaki dan dolaze nova saznanja da 'naši uređaji' uopće nisu naši. U njih ulazi tko god si da malo truda kad god poželi.

Bilo je tu govora oko NAS uređaja i par puta su ljudi pitali za WD MyBook mrežne diskove i svaki put kad bih to vidio napisao bih da to jednostavno treba izbjegavat. Ja sam nasjeo jer su mi ih preporučili, a koliko vidim svi dućani ih prodaju. Meni su uvijek bili sumnjivi jer po cijele dane nešto roštaju po diskovima umjesto da spavaju kad ih nitko ne dira. Osobno sam se spajao na svoj iz terminala i ubijajo procese ili čak brisao neke stvari sa diskova da se ne pokreću.

E, pa danas nova vijest. Sve je zapravo puno gore nego što sam mislio: Critical Unpatched Flaws Disclosed In Western Digital 'My Cloud' Storage Devices.

Gomila problema, jedan od najbezobraznijih: Researchers also found the existence of a "classic backdoor"—with admin username "mydlinkBRionyg" and password "abc12345cba," which is hardcoded into the binary and cannot be changed.

Svašta.
05.01.2018 | 20:53
Ništa nije slučajno.
Kao diler i ovisnik. Dam ti skoro badava, pa te uzmem jer ti cijeli život ovisi o tome, pa ponekad misliš da je sve pod kontrolom. A u stvari ništa nije pod kontrolom, odnosno ti si pod kontrolom.
06.01.2018 | 00:23
Ma dobro, ali hardkodirani back door... pa to je stvarno - ono... potpuna arogancija... :/
06.01.2018 | 08:29
Kad je snimljen NET sa Sandrom Bullock? Prije 20 godina?... E pa....
06.01.2018 | 08:50
Lamentirate umjesto da date rjesenje.
Treba to i to napraviti.
Smrt komunizmu, fašizmu i antifašizmu.
06.01.2018 | 10:32
Mi maleni i nemamo problem, Apple je sigurnosno rješenje izdao, vozimo dalje. Pravi problem su naši podaci kod drugih koji bi na nedovoljno zaštićenim strojevima mogli lakše procuriti u nekom novom hakerskom skandalu, a tu pak malo možemo učiniti.

Meni je u cijeloj priči bilo zadovoljstvo da je Apple tako super-brzo reagirao i potpuno tiho sredio stvar, dok Microsoftov službeni support nije *niti znao* što se događa!

06.01.2018 | 11:56
A sto je sa starijim OSX-ima? Recimo 10.11 ili sa iOS-m 10.3.3?
Smrt komunizmu, fašizmu i antifašizmu.
06.01.2018 | 11:58
To je dobro pitanje, ali nitko ništa ne spominje o tome, barem ne za sada.
06.01.2018 | 12:29
WTF, ljudi, ajmo malo s razumijevanjem... Dakle, taj problem s intel procesorima mora biti zlonamjerno i ciljano iskorišten, ne može se dogoditi slučajno. To mora biti program koji se izvodi lokalno, jer mora biti napisan low level (ne može to biti neka java skripta s neke web stranice), dakle moraš ga sam na svoj komp staviti i pokrenuti. Također, čim treba takav pristup procesoru, mora biti napisan tako da prilikom pokretanja traži administratorsku ovlast (ili sudo iz terminala).
Dakle, moraš skinuti s neta neki program iz neprovjerenog izvora, pokrenuti ga i passwordom odobriti da napravi rusvaj. Dosta stepenica. Ne postoji bolja zaštita od malo zdrave pameti...
06.01.2018 | 16:08
Ni da ni ne

> Analysis of these techniques revealed that while they are extremely difficult to exploit, even by an app running locally on a Mac or iOS device, they can be potentially exploited in JavaScript running in a web browser. Apple will release an update for Safari on macOS and iOS in the coming days to mitigate these exploit techniques.

support.apple.com/en-us/HT208394
06.01.2018 | 23:12
Morao bi vidjeti daleko precizniju i detaljniju tehničku podlogu pa da povjerujem u to.
07.01.2018 | 00:26
Imaš tu sve što možeš poželjet: spectreattack.com ali mislim da to razumiju samo oni koji dizajniraju procesore za plaću.

A tu imaš nešto za normalne ljude
07.01.2018 | 15:03
Hvala, ali drugi link je broken, a u prvom ne iščitavam ništa na temu toga kako bi malware mogao biti izveden iz javascripta
07.01.2018 | 16:07
Meni drugi link otvara normalno

Evo;



What are Meltdown and Spectre? Here’s what you need to know.
January 5, 2018 Jon Masters, chief ARM architect, Red Hat

Recent press reports talk about a newly discovered form of security threat that involves attackers exploiting common features of modern microprocessors (aka chips) that power our computers, tablets, smartphones, and other gadgets. These attacks, known as “Meltdown” and “Spectre”, are getting a lot of attention. People are (rightly) concerned, and it’s of course very important to apply all of the necessary software updates that have been carefully produced and made available. Technology leaders, including Red Hat, are working together to address these exploits and minimize the risk of potential attacks.

At Red Hat, we’ve been working on mitigations for potential attacks under standard industry security embargos, deploying small, targeted teams operating on a “need to know” basis in order to prepare ahead of public disclosure. I was fortunate enough to be co-leading our efforts at mitigation of Meltdown and Spectre, alternatively known as variants 1, 2, and 3 of a family of similar attacks disclosed by Google Project Zero in a blog post on January 3rd. In the course of our efforts, we reproduced Meltdown (variant 3) in our labs, and examined other variants, while working alongside many of our trusted hardware partners on mitigations.

While we have a solid understanding of these vulnerabilities and the current analysis of the contributing factors as well as patches to mitigate their potential impact, we will continue to collaborate with our partners, customers and researchers on this situation. Additionally, we would like to help others to understand these complex issues, ideally using language and terms that don’t require the reader to be in the chip design business. For those who want in-depth technical details, the original research papers and associated publications are available at meltdownattack.com/ and spectreattack.com/, but it’s worth also keeping in mind that many of those involved in identifying these exploits have extensive backgrounds in academic computer architecture research. At least one of them received a Ph.D. in a related area last year. So don’t feel bad if it takes a few passes to really dig into the technical details - this is very complex and detailed stuff.

To get going, let’s understand a bit about “speculative execution” by looking at an everyday analogy.

Suppose a regular customer visits the same coffee shop and orders the same caffeinated beverage every morning. Over time, the customer gets to know the baristas, who become familiar with the customer’s order. Seeking to offer good service (and save their valued customer some time standing in line) the baristas eventually decide to begin preparing the customer’s order when they wave at them as they enter through the front door. But one day, the customer changes their order. Now the barista has to throw away the previously prepared coffee and make a new one while the customer waits.

Taking the analogy one step further, suppose the baristas know the customer’s name, and they like to write that name using a permanent marker on their cup. When they speculatively prepare the usual beverage, they write the customer’s name on the cup. If the customer comes in with a different order, the speculated cup is thrown away along with its contents. But in so doing, the cup’s personally identifiable information is briefly visible to anyone watching.

This coffee shop scenario involves speculation. The staff doesn’t know for sure when the customer comes in that they’re going to order a latte or an Americano, but they know from historical data what the customer usually orders and they make an educated guess to save the customer waiting. Similar speculation happens throughout our everyday lives because such guesses often turn out to be true, and we can get more done in the same amount of time as a result. It’s like this with our computers. They use a technique known as “speculative execution” to perform certain processing operations before it is known for certain that those operations will be required, on the premise that these guesses often turn out to save time.

In the case of computers, speculative execution is used to decide what to do when confronted by a test like “if A, do this; otherwise, do that”. We call these tests conditions, and the code that executes as a result is part of what we term a conditional branch. A branch just means a section of the program that we choose to run in response to whatever the result of the condition turns out to be. Modern computer chips have sophisticated “branch predictors” that use fancy algorithms to determine what the result of the conditional test is likely to be while that test is still being calculated. In the interim, they speculatively execute code in the branch that seems to be most likely to run. If the guess turns out to be right, the chip appears to run faster than waiting for the test to complete. If the guess is wrong, the chip has to throw away any speculative results and run the other branch. Branch predictors are often over 99% accurate at guessing.

As you can see, the potential performance benefit from a chip speculatively executing the correct branch of code is significant. Indeed, speculative execution is one of the many optimizations that have helped to dramatically speed up our computers over the past couple of decades. When implemented correctly, the resulting performance benefit is substantial. The source of the newly discovered problems come from the chip design attempts to further optimize by assuming that speculation process is a black box that is completely invisible to outside observers (or bad guys).

Conventional industry wisdom was that whatever happened during the process of speculation (known as a “speculative execution window”) was either later confirmed and the results were used by the program, or it was not used and completely discarded. But it turns out that there are ways attackers can view what happened within the speculation window and manipulate the system as a result. An attacker can also steer the behavior of branch predictors to cause certain code sequences to run speculatively that should never normally have been executed. We expect these vulnerabilities and other similar flaws which could exploit speculative execution to lead to fundamental changes in the way that future chips are designed so that we can have speculative execution without security risks.

Let’s dive a bit deeper into the attacks, starting with Meltdown (variant 3) which received a lot of attention because of its broad impact. In this form of attack, the chip is fooled into loading secured data during a speculation window in such a way that it can later be viewed by an unauthorized attacker. The attack relies upon a commonly-used, industry-wide practice that separates loading in-memory data from the process of checking permissions. Again, the industry’s conventional wisdom operated under the assumption that the entire speculative execution process was invisible, so separating these pieces wasn’t seen as a risk.

In Meltdown, a carefully crafted branch of code first arranges to execute some attack code speculatively. This code loads some secure data to which the program doesn’t ordinarily have access. Because it’s happening speculatively, the permission check on that access will happen in parallel (and not fail until the end of the speculation window), and as a consequence special internal chip memory known as a cache becomes loaded with the privileged data. Then, a carefully constructed code sequence is used to perform other memory operations based upon the value of the privileged data. While the normally observable results of these operations aren’t visible following the speculation (which ultimately is discarded), a technique known as cache side-channel analysis can be used to determine the value of the secure data.

Mitigating Meltdown involves changing how memory is managed between application software and the operating system. We introduce a new technology, known as KPTI (Kernel Page Table Isolation), which separates memory such that secure data cannot be loaded into the chip’s internal caches while running user code. Taking extra steps every time application software asks the operating system to do something on its behalf (we call these “system calls”) results in a performance hit. The degree of performance hit varies roughly in line with how frequently an application needs to use such operating system services.

The Spectre attack has two parts. The first (variant 1) has to do with “bounds check” violation. Once again, when speculatively executing code, the chip might load some data that is later used to locate a second piece of data. As part of a performance optimization, the chip might attempt to speculatively load the second piece of data before it has validated that the first is within a defined range of values. If this happens, it is possible to arrange for code to execute speculatively and read data it should not into the system caches, from where it can be extracted using a side-channel attack similar to the one discussed before.

Mitigating the first part of Spectre involves adding what we call “load fences” throughout the kernel. They prevent the speculation hardware from attempting to perform a second load based upon a first load. These require small, trivial, and not particularly performance-impacting changes throughout the kernel source. Our toolchain team has developed some tooling and worked with others to help determine where these load fences should be located.

The second part of Spectre (variant 2) is in some ways the most interesting. It has to do with “training” the branch predictor hardware to favor speculatively executing pieces of code over those it should be executing. A common hardware optimization is to base the behavior of a given branch choice upon the location in memory of the branch code itself. Unfortunately, the way in which this memory location is stored isn’t unique between an application and the operating system kernel. This allows for the predictor to be trained to speculatively run whatever code the attacker would like. By carefully choosing a “gadget” (existing code in the kernel that has access to privileged data) the attacker can load sensitive data in the chip caches, where the same kind of side-channel attack once again serves to extract it.

One of the biggest problems posed by this second part of Spectre is its potential to exploit the boundary between the operating system kernel and a hypervisor, or between different virtual machines running on the same underlying hardware. The branch predictor can be trained by one virtual machine to cause privileged code in the hypervisor (or another virtual machine instance) to access trusted hypervisor data which can be extracted using a side channel. This poses a significant risk to private and public cloud environments running unpatched servers.

Mitigating this second part of Spectre requires that the operating system (selectively) disable branch prediction hardware whenever a program requests operating system (system call) or hypervisor services, so that any attempt by malicious code to train the predictor won’t carry over into the operating system kernel, the hypervisor, or between untrusted virtual machines running on the same server. This approach works well, but it comes at a performance penalty that is not insignificant. Red Hat’s patches will default to implementing the security change and accepting the performance impact, but we’ve also added system administrators the ability to toggle this (and all the implemented settings) on or off. We are also working with the larger Linux community to reduce this impact over time by examining alternatives to disabling branch prediction. One possible alternative is known as a “retpoline”, a specially contrived way to run operating system kernel code the prevents incorrect branch speculation.

Hopefully, this post has given a little more insight into these highly sophisticated attacks. Exploiting them is far from trivial, mitigations are possible, and while some examples are now available online for Meltdown (variant 3), patches are available via updates shipping from major vendors like Red Hat. Over time, additional, related vulnerabilities may be discovered, and example code to exploit them posted online, so it’s important to keep up to date with security fixes as they become available.

It’s important to bear in mind that these are early days following the discovery of an entirely new class of system security vulnerabilities, and, as a result, mitigations and associated best practice advice may change over time. We will continue to work with industry leaders and the open source communities to protect our customers from these and other known vulnerabilities and make Linux even more robust against attacks like Meltdown and Spectre. Over the coming months, we will post more about this work and keep customers updated on any guidance relating to our products. To learn more, visit access.redhat.com/security/vulnerabilities/speculativeexecution


i video iz članka:

07.01.2018 | 19:13
Je, sad s kompa i meni otvara. S iPhonea je bilo 404.
Hvala!
07.01.2018 | 19:51
IgorD kaže:
Imaš tu sve što možeš poželjet: spectreattack.com ali mislim da to razumiju samo oni koji dizajniraju procesore za plaću.

A tu imaš nešto za normalne ljude


Onaj tko je opisao taj problem za obične ljude, je vjerovatno profesor, jer sam i ja, koji o tome nemam pojma stekao dobar uvid kako to funkcionira. Osobno bi uvjek bio za to da pričekam koju sekundu ili milisekundu i bio siguran da ću dobiti to što sam tražio, nego da mi procesor bude baba vanga.
Odmah sam se sjetio tropskih krajeva, kad sam tražio kakav starbuck coffee, da popijem normalnu kavu, a ne onu njihovu od dva decilitra. Uvjek me je iritiralo kad sam morao reći kako se zovem, pa da mi napiše ime na šalici...daj mi kavu i pusti me da živim.
07.01.2018 | 20:04
U kojem je to svemiru Starbuck's kava - normalna?
07.01.2018 | 20:12
smayoo kaže:
U kojem je to svemiru Starbuck's kava - normalna?

Pa tamo ima i espresso kave...ustvari jedino tamo ili u nekom Hiltonu i sl.
07.01.2018 | 20:44
A, to...? Misliš - imaju espresso makinu pa je onda to što oni iscijede iz nje - kobajagi normalna kava?
07.01.2018 | 20:56
Neznam jel zaebavaš ili ne, ali imaju kratki espresso. Ustvari meni je najbolji espresso doma, imam ovaj aparat www.elipso.hr/mali-kucanski/aparati-za-k...LONGHI-ECAM22.360.S/ i kupim si kilu kave za 250 kn i guštam
07.01.2018 | 21:15
cariblanco kaže:

Onaj tko je opisao taj problem za obične ljude, je vjerovatno profesor, jer...


Nije profesor
Mislim da trenutno radi kao kernel developer u RedHatu, a inače je prije pisao za LinuxMagazine pa je stekao iskustvo pisanja jednostavnim jezikom da ga narod razumije
09.01.2018 | 11:56
I koji je onda zaključak na kraju? Napraviti IOS update na 11.2.2!
09.01.2018 | 16:27
Ja sam napravio update na 11.2.2. i ne primjećujem neke probleme. Neka tako i ostane.
13.01.2018 | 01:41
Ovo sa Intelom iz dana u dan postaje sve gore i nekako mi se čini da su u Intelu dobro znali što su napravili

thehackernews.com/2018/01/intel-amt-vulnerability.html

... i onda pogledate malo širu sliku oko Intela i naletitie na ovo: www.fool.com/investing/2017/12/19/intels...-a-lot-of-stock.aspx

Sad malo teorije urote, ali možda nije bez vraga Apple još 2010. godine počeo petljati oko kombinacije OSX-a + ARM.
  • Stranica:
  • 1
  • 2

Vikalica™

Zadnja poruka: pred 10 minuta
  • Yonkis: Od Androida preferiram Sony i Motorola. Ako već moram birati.
  • Daddo: i primarni
  • Daddo: a općenito mi android nije opcija za privatni telefon.
  • Daddo: od svih brand name android uređaja samsung mi je najmanje drag :)
  • robee: s7
  • Daddo: 3GS je idealan uređaj za reprodukciju glazbe, da glumi ipod :D (iako imam i ipod nano 4 GB koji još uvijek radi)
  • Yonkis: Daddo, svaka čast! Definitivno nisam očekivao takav "rasplet" :) Robee: a koji Android?
  • robee: android na zalost...privremeno dok si ne rijesim neki iph :)
  • Daddo: nova baterija je unutra... skoro nikad korišten
  • Yonkis: Damn bro! Živiš opasno! :D Trčiš li od utičnice do utičnice ili.. Kako uspijevaš?
  • Daddo: inače, imam ja i 3GS funkcionalan i u radu :D
  • Yonkis: Allright, misunderstanding :)
  • Daddo: pričam o platformi kao takvoj, ne o uređajima fizički. MS više ne radi na Windows Mobile OS-u, developeri ne razvijaju nove aplikacije etc...
  • Yonkis: Daddo, pusti ti to mrtav, jučer vidio iPhone 4/s u tramvaju, mislio sam da je taj model mrtav tj da se koristi in real life. :)
  • Daddo: windows phone je mrtav... vjerojatno je u pitanju Android.
  • Yonkis: Koji je to susjedni tabor? Neki windows phone?
  • robee: privremeno sam u susjednom taboru ali tako mi je bilo dok sam imao i7...nebitno, vratio sam se na jpg kao zadani format
  • robee: ako stavim da je zadani format heic onda ga uploada takvog a heic nitko ne prepoznaje
  • Yonkis: Robee: Settings / Photos / i dolje na dnu, što ti je označeno?
  • robee: meni je kod uploada na Njuskalo stavio .heic i to ne prepoznaje
  • big_mac: tnx idem onda s tim
  • Yonkis: da, go with High Efficiency, a kod slanja ili skidanja slika se convertiraju u jpg tako da druga strana nema problema sa gledanjem *.HEIC formata slike.
  • big_mac: Going with “High Efficiency” gets you half smaller videos/photos without losing quality.
  • big_mac: Moze li mi netko tko se kuzi reci da li da za format fotografija na ajfonu koristim visoka ucinkovitost ilinajkompatibilnije?
  • Yonkis: Shvatio sam, radi se o slijedećem: [link]
  • Yonkis: Čemu služi ova opcija [link] Meni ništa ne "zalocka"
  • Yonkis: big_mac: osobno smatram da uopće nije loše. Baterija se puni i dok ga koristiš.. Što je, npr, sa situacijom da ti je iPhone na docku i slušaš muziku ili koristiš Siri (malo vjerojatno :)
  • big_mac: A koliko je lose koristiti uredaj dok je na punjacu?
  • Soffoklo: Osnovno pravilo je izbjegavati da se uređaj sa Li-ion baterijom isprazni do kraja. Nije drama, ali nije preporučljivo. O samim baterijama u Apple uređajima ima više ovdje [link] i ovdje [link]
  • robee: Puni ga kada ti dodje do 20%
  • dodoonn: 100% praznim na 0 i onda punim?? Koji je barem malo "korisniji" nacin ??
  • dodoonn: Cekajte, kad smo kod baterija ja zapravo radim krivo kada je od 100
  • JOHN: :-) možda i 3%.
  • JOHN: Mislim da se ajfonu X baterija NAPUNI za 2% preko noći.
  • drlovric: Zar ga logicno ne punis nocu?
  • Mislav2222: Meni ne padne niti jedan posto, iphone X
  • big_mac: 6% da padne u stanju mirovanja preko noci je puno
  • smayoo: PIši u forum
  • Yonkis: Jutro.. Opet ja sa baterijom, znam, dosadan sam ali me zanimaju vaša iskustva. Točnije, koliko vam postotka "iscuri" tijekom noći, za koliko padne preko noći. Meni kada sve pogasim (avio mode, Battery saver, Location serv Off) padne 6%, a sa time svime upaljeno 11%. Nije li to puno s obzirom da se Apple hvali kako malo troši bateriju u pozadini.
  • smayoo: Što se desnog klika tiče, možeš staviti na desni klik što god želiš. Piši u forum
  • smayoo: To je radilo normalno (i meni radi i sad normalno) na 10.11
  • robee: Taj Stay ne radi naravno...
  • robee: znaci nisam lud :) ne kontam kako taj osx stalno isticu kao super jednostavan i sve radi a za svaku trivijalnu radnju morma traziti upute na netu :(, isto tako i za rar da bi ga napravio nema desni klik nego moram otvoriti app i vuci u nju ono sto zelim rar-ati, hrpa sitnica koje izludjuju...
  • Bertone: ... o lijepi moj Linux :)
  • Bertone: ... otišao je OSX u maunu kad mora postojati aplikacija "Stay to remember" da bi korisnik mogao upravljati otvorenim prozorima :)
  • Bertone: @smayoo, ja ću se raniti na ovaj tvoj link :D
  • cariblanco: Nema nigdje prijenosa trke, a medijski je katastrofalno popraćeno. Svugdje u svijetu je to događaj koji pljeni pažnju, samo smo mi sami sebi dostatni :(
  • cariblanco: Maloprije mi je ispred zgrade prošao Tour of Croatia, žalosno je da sam bio ja i još jedan mladić koji smo fotkali...i jedna baka koja je čekala bus :(
  • smayoo: [link]
  • robee: Znaci bas otvaranje sa duplim klikom a ne samo pogled sa space

Za vikanje moraš biti prijavljen.

Prijava

Prisutni jabučari

Novo na Jabučnjaku

Teme

Poruke

Anketa

Kupujete li profesionalni Mac?

Page Speed 1.42 Seconds

Provided by iJoomla SEO