It's Operating As Designed (ROFL!)
The Market Ticker - Commentary on The Capital Markets
Logging in or registering will improve your experience here
Main Navigation
Sarah's Resources You Should See
Full-Text Search & Archives

Legal Disclaimer

The content on this site is provided without any warranty, express or implied. All opinions expressed on this site are those of the author and may contain errors or omissions.

NO MATERIAL HERE CONSTITUTES "INVESTMENT ADVICE" NOR IS IT A RECOMMENDATION TO BUY OR SELL ANY FINANCIAL INSTRUMENT, INCLUDING BUT NOT LIMITED TO STOCKS, OPTIONS, BONDS OR FUTURES.

The author may have a position in any company or security mentioned herein. Actions you undertake as a consequence of any analysis, opinion or advertisement on this site are your sole responsibility.

Market charts, when present, used with permission of TD Ameritrade/ThinkOrSwim Inc. Neither TD Ameritrade or ThinkOrSwim have reviewed, approved or disapproved any content herein.

The Market Ticker content may be sent unmodified to lawmakers via print or electronic means or excerpted online for non-commercial purposes provided full attribution is given and the original article source is linked to. Please contact Karl Denninger for reprint permission in other media, to republish full articles, or for any commercial use (which includes any site where advertising is displayed.)

Submissions or tips on matters of economic or political interest may be sent "over the transom" to The Editor at any time. To be considered for publication your submission must include full and correct contact information and be related to an economic or political matter of the day. All submissions become the property of The Market Ticker.

2018-01-03 17:03 by Karl Denninger
in Company Specific , 568 references Ignore this thread
It's Operating As Designed (ROFL!)
[Comments enabled]

Intel's "big dude" was just on CNBC with a dog and pony show and a host asking questions who obviously doesn't know what the hell he's talking about.

CNBC's people should all be fired.  Not bringing someone in to ask questions who actually understands what is going on here is criminally stupid -- but this is exactly what you'd expect from a channel that has as it's highest calling protecting the stock price of various firms.

Including Intel, I might add.

Let me make this clear:

Anyone who believes that a processor is "operating exactly as designed" when through any combination of unprivileged operations it allows access to data in a higher-privileged ring or one of equivalent privilege but not under the same guest instance, no matter how it happens, is a flat-out liar and in the context of a public company should be indicted NOW for making knowingly-false statements in relationship to their firm and its value.

To claim that this is not a "bug" or "flaw" is equally outrageous; this certainly was not documented or expected behavior by anyone.  That is the very definition of a bug.

The entire premise of privilege "rings" on a CPU is to allow the partitioning of said CPU so that certain data can only be accessed or modified through a series of known, documented and permitted operations.  Said operations then can implement whatever gating functions are appropriate and thus prohibit someone from extracting or changing privileged data without permission -- whether that extraction be from the supervisory code running with said privilege or from another "guest" running at a similar privilege to the item doing the extracting.

If you can get access to any such data via any other means then the entire premise on which the CPU's security model rests is void As just one example of how ugly this can get if I can steal arbitrary data from the running ("ring 0") hypervisor that means I can steal a password hash used to access same or the allegedly-secure private key.  Having done so I can then take all the time in the world to crack that hash offline or simply use said private key and now I'm able to sign into the hypervisor and steal all of the data and software from all of the guest instances on that physical piece of hardware, including any encryption keys that are in use and there is exactly no way for the victim guest(s) to know that it happened.

If you sell someone a product that represents it has such a security model and it can be breached in this fashion, and such person(s) bought that product believing that the security model actually works when it does not it is my contention you have committed fraud and are liable not only for the price of the CPU but also all the consequential damages that, in this case, include the cost of replacement motherboards and system RAM since newer-generation chips without said flaw will not work in the older boards and with older memory designs.

That there are "workarounds" that come with outrageously high performance penalties -- in this case it's being discussed that they may be as much as 50% or more does not change any of this.  You didn't sell said processors disclosing that said "workarounds" were necessary and if you did you might not have sold any of said processors because at the degraded performance level they are likely worthless in the market when compared against others made by competitors.

Intel should be forced to buy back all of the impacted CPUs and the boards and RAM they run with at their original invoiced price, or to replace impacted system boards including the CPU, board itself and RAM with non-defective units of at least equivalent performance since newer CPUs will not socket into the existing boards -- and that assumes the chip is not soldered in place as is the case with some newer laptops, in which case the entire machine needs to be replaced.

Intel knows all of this and they also know that any such obligation imposed upon them going this far back into their product line (hint: we're talking the 1990s here!) would bankrupt the company so now what we have is a dance taking place with media figures that are too ****ing stupid to know what questions to ask and where and when to push back when the game of "dodge" takes place instead of taking that executive and skewering him on live television.

Oh, and if you think this is a "new" discovery by Google as claimed, and "nobody else has or has used it" -- you're nuts.  That I may not be able to prove but there is utterly no reason to believe that state-level actors have had no knowledge of this until the last couple of weeks.

Go to responses (registration required to post)
 
 
Comments.......
User: Not logged on
Login Register Top Blog Top Blog Topics FAQ
Showing Page 1 of 2  First12Last
User Info It's Operating As Designed (ROFL!) in forum [Market-Ticker]
Bodhi
Posts: 185
Incept: 2008-02-23

Georgia
Report This As A Bad Post Add To Your Ignored User List
Quote:
and that assumes the chip is not soldered in place as is the case with some newer laptops, in which case the entire machine needs to be replaced.


Most electronic devices these days are so small they don't have room for a socket, and chips must be soldered directly to the board. If it's one of the BGA type that are soldered out of sight on the bottom of the chip, you're pretty much SOL if it goes bad.

Reason: grammar
Tsherry
Posts: 1013
Incept: 2008-12-09

Spokane WA
Report This As A Bad Post Add To Your Ignored User List
So the moron admitted that it is operating exactly as designed, meaning, it was designed with a fatal flaw, released to the world, can be exploited by Bad Actors, they knew it, and that this was intentional.

Got it.

Let the lawsuits commence.

----------
Omne mendacium est.
Tickerguy
Posts: 151190
Incept: 2007-06-26
A True American Patriot!
Report This As A Bad Post Add To Your Ignored User List
Let the hangings commence.

----------
Winding it down.
Keenan
Posts: 267
Incept: 2013-01-11

Western PA
Report This As A Bad Post Add To Your Ignored User List
Doesn't this matter evoke some similarities to VW's chicanery of rigging their diesel engine controller electronics ?
Tickerguy
Posts: 151190
Incept: 2007-06-26
A True American Patriot!
Report This As A Bad Post Add To Your Ignored User List
No, this is way worse.

The VW scam didn't actually impact YOU -- in fact, it benefited you, in that the car got BETTER fuel economy by not running as much EGR (and more power too.)

This ****S you.

----------
Winding it down.
Flyanddive
Posts: 2501
Incept: 2008-10-10

Detroit
Report This As A Bad Post Add To Your Ignored User List
Linus:

----------
"I've seen people go into real poverty trying to pretend to be rich."
Keenan
Posts: 267
Incept: 2013-01-11

Western PA
Report This As A Bad Post Add To Your Ignored User List
Yes, that is indeed a positive benefit to the VW owner, while the control system was designed to only appear to deliver on attaining the purported clean air objectives. The similarity I see is in the intent to deceive - to achieve some better benchmarks at a hidden cost, and in this case, at an enormous risk.

RE potential bankruptcy: Is Intel "too big to fail" ?

Tsherry
Posts: 1013
Incept: 2008-12-09

Spokane WA
Report This As A Bad Post Add To Your Ignored User List
I wanted to see mass wealth extraction prior to disemboweling, dismemberment, and heads on pikes.

Bit I'm OK with neck stretching, too.

----------
Omne mendacium est.
Beango
Posts: 749
Incept: 2009-06-05

Report This As A Bad Post Add To Your Ignored User List
I wonder if the performance hit brings it down to par with the virtualization performance of RISC-based chips. I wouldn't mind seeing the cesspool that is the x86 arch go poof...
Sancho
Posts: 19
Incept: 2013-12-06

Way, way south of Rio Grande
Report This As A Bad Post Add To Your Ignored User List
This is speculative and may be just smiley

But what if he is saying a half thruth: that it was designed this way, but... at the request of 3 letter organization. Legally. Out of pure hubris. Perhaps by a secret directive.

----------
Face a bear robbed of her cubs,
but never a fool in his folly!
Proverbs 17:12
Goldini
Posts: 2
Incept: 2010-06-10

Los Angeles
Report This As A Bad Post Add To Your Ignored User List
I have read there is more to this than just Intel's vulnerability. Zero Hedge is quoting Nicole Perlroth - cybersecurity reporter at the NYT - according to whom today's "bug" is "not an Intel problem but an entire chipmaker design problem that affects virtually all processors on the market." In fact, according to the cybersecurity expert, one aspect of the bug is extremely troubling simply because there is no fix. She is quoted as saying....
4. We're dealing with two serious threats. The first is isolated to #IntelChips, has been dubbed Meltdown, and affects virtually all Intel microprocessors. The patch, called KAISER, will slow performance speeds of processors by as much as 30 percent.
5. The second issue is a fundamental flaw in processor design approach, dubbed Spectre, which is more difficult to exploit, but affects virtually ALL PROCESSORS ON THE MARKET (Note here: Intel stock went down today but Spectre affects AMD and ARM too), and has NO FIX.
6. Spectre will require a complete re-architecture of the way processors are designed and the threats posed will be with us for an entire hardware lifecycle, likely the next decade.
7. The basic issue is the age old security dilemma: Speed vs Security. For the past decade, processors were designed to gain every performance advantage. In the process, chipmakers failed to ask basic questions about whether their design was secure. (Narrator: They were not)
Link to Zero Hedge article here: https://www.zerohedge.com/news/2018-01-0....
Is this really an industry wide cluster? Sounds like a James Bond thriller!
Inline
Ricebowl
Posts: 48
Incept: 2010-06-21

Florida
Report This As A Bad Post Add To Your Ignored User List
It's amusing to see Intel in the hot seat, but the actual likelihood of this bug being successfully exploited in the wild is pretty close to zero. Bitsquatting and Rowhammer are more practical attacks that have mostly gone ignored. (Seriously, google "bitsquatting", read Artem's paper, and prepare to be terrified.)

There are no security implications for hypervisors because hypervisor memory is already in a separate address space, and this bug only allows you to read mapped memory for which you lack sufficient privilege. An attacker could only use this bug to read kernel memory. Linux is more vulnerable than other OSes because Linux normally creates a kernel mapping for all of physical memory, and this mapping could be used to read memory in other processes' working sets.

To exploit this, you would first need code execution on the box. It's not as easy as using JavaScript because JS won't let you dereference kernel addresses.

Next, you would first need to find a mapped kernel address. There is a paper from a couple of years ago that presented a timing attack to detect whether a given kernel address was in the TLB, but a defender could easily fix this by assuming a user fault on a kernel address is malicious and killing the process.

Since details haven't yet been disclosed, it's possible that the bug is more severe, but my assumption is that the attack uses timings to detect branch mispredicts and thereby infer the values of bits read during speculative execution. If that's the case, once you found an address to read, you could get at most 1 bit per ~50 cycles. (I am assuming that you would need 4~5 mispredicts at ~10 cycles each to create branch history.) That gives you ~10.5 MiB/s on a 4 GHz processor. However, this pattern is detectable, and to avoid detection you'd have to throttle back possibly even below 1 KiB/s.

The performance impact of the work-around really isn't going to be that bad because PCID eliminates all of the TLB invalidations you would otherwise suffer from switching address spaces. For Linux, the hardest part is dealing with race conditions involving user pages being migrated, which could lead to another dirty CoW type bug. Windows is ****ed because it's designed around the ability of the kernel to directly read/write user memory for performance. Quite a few 3rd party drivers do this and will break if Microsoft patches the kernel, so I expect they'll ignore it.

I am actually shocked that there isn't some bit in some MSR that can be flipped to disable speculation. It would still have caused a significant performance loss, but it would have been fixable in the BIOS.
Invis
Posts: 3
Incept: 2018-01-02

Report This As A Bad Post Add To Your Ignored User List
This all comes from here: https://meltdownattack.com/

(All exploits must have catchy names now, so we have Meltdown and Spectre).

Meltdown is essentially an Intel-only problem, and caused by such a basic design error that Intel should be made to replace affected CPUs no matter how old. This one is unforgivable and I'd love nothing more than to see Intel hang for it. They took a shortcut to gain some performance and, metaphorically, should be kicked in the balls repeatedly until they swear on pain of castration not only not to do it again, but show how they're not doing it. On the plus side, it's unlikely this can be exploited via JavaScript, so in the real world it's probably not all that serious for desktop users, but for a lot of "the cloud" it's catastrophic:

"Meltdown allows an unprivileged process to read data mapped in the kernel address space, including the entire physical memory on Linux and OS X, and a large fraction of the physical memory on Windows. This may include physical memory of other processes, the kernel, and in case of kernel-sharing sandbox solutions (e.g., Docker, LXC) or Xen in paravirtualization mode, memory of the kernel (or hypervisor), and other co-located instances"

Spectre is quite esoteric, probably impossible to work around in software, and the paper has a JavaScript PoC. Of the two it's probably the more serious for desktop users, and as I understand it, not an issue for "the cloud". I'm annoyed, but not surprised, by Spectre; the chip designers should know better, but given that micros were never thought of as real computers they likely never considered hostile code targeting the CPU itself.

Basically, both of these are cache poisoning attacks combined with an optimisation that should be transparent but isn't quite.

The /correct/ solution is for the silicon to return the /entire/ CPU to the state it was in before whatever speculative action took place, i.e. as if the optimisation had never happened, but whether that's at all practical I'll leave for someone with actual hardware knowledge.
Idiom
Posts: 121
Incept: 2015-02-20

New Zealand
Report This As A Bad Post Add To Your Ignored User List
If you were hosted on Azure, you just got your ass rebooted.

Good times.
Amgrace
Posts: 2295
Incept: 2008-02-15

New Castle, PA 16101
Report This As A Bad Post Add To Your Ignored User List
From Linus:
"We translated Intel's crap attempt to spin its way out of CPU security bug PR nightmare"

https://www.theregister.co.uk/2018/01/04....

----------
American politics as a system has ceased to function, because the system has gone from representing people to representing money. And that is something that can only go well as long as the people have at least some of that money. - Automatic Earth 3/17/2010
Banditfist
Posts: 814
Incept: 2007-09-20
A True American Patriot!
Huntsville, Alabama
Report This As A Bad Post Add To Your Ignored User List
If only Dennis Kneale was still with CNBC, he would have been all over this! /sarcasm

----------
"Are you sure you can't remember?"
"I'm sure I can't remember" ~ Ben Bernake 25 Jun 2009

Elkad
Posts: 358
Incept: 2009-09-04

Report This As A Bad Post Add To Your Ignored User List
Saw an estimate that if you have a database or other I/O intensive task hosted and pay based on CPU time used, your bill is going to go up about 20%.
Tickerguy
Posts: 151190
Incept: 2007-06-26
A True American Patriot!
Report This As A Bad Post Add To Your Ignored User List
That's a reasonable guess from what I've seen thus far.

The problem is that this isn't going to work out for the so-called "industry" very well because that 20% hit exceeds the "savings" most places recognized by doing it in the first place. While people won't dump it immediately (it takes too long) there's likely to be a SEVERE impact on further customer acquisition.

----------
Winding it down.
Vernonb
Posts: 1951
Incept: 2009-06-03

East of Sheol
Report This As A Bad Post Add To Your Ignored User List
This whole debacle sounds like a wet dream for bad actors - many of which are likely inside of governments.

Credit card and identity theft are bad enough. What happens when that compromised security cause people their lives?

"All your base are belong to us".- pwned.

Intel's new logo- "We don't do espionage. We make espionage easier."

----------
"Mass intelligence does not mean intelligent masses."
Aztrader
Posts: 7913
Incept: 2007-09-10

Scottsdale, AZ
Report This As A Bad Post Add To Your Ignored User List
Kroyl
Posts: 27
Incept: 2015-11-12

Report This As A Bad Post Add To Your Ignored User List
The basic attack works with practically all CPUs, AMD Ryzen included.
https://gist.github.com/ErikAugust/724d4....

Where Intel is different is that on Intel, it can be exploited directly, even across different privilege levels.
On the rest of CPUs, the attacker has to be able to trick the "victim" code so that it loads (or evicts) interesting data into cache lines.
The data itself is exposed through timing differences after the "victim" code has accessed the data (even speculatively).

This is a very common pattern in lightweight sandboxes (e.g. JavaScript interpreters) - there is no hardware-enforced privilege boundary at all, and the sandbox exposes a lot of surface area to JavaScript code to exploit.
The issue is never going to be completely fixed at the hardware level (it will require disabling either out-of-order execution and/or caching).

Sandbox implementers will have to insert "memory barrier" instructions in strategic places (such as after checking the parameters, but before the actual data access).
Ckaminski
Posts: 4384
Incept: 2011-04-08

Mass-Hole!
Report This As A Bad Post Add To Your Ignored User List
Quote:
The problem is that this isn't going to work out for the so-called "industry" very well because that 20% hit exceeds the "savings" most places recognized by doing it in the first place.


Except for production stuff that's always running and has a need for autoscale, I don't think ANYONE actually saves money.

I'm getting pressured to retire internal ESXi servers that are paid for and move to Azure.

Every place I've worked that uses Azure/AWS extensively puts in huge custom apps designed to auto-manage when servers are on and how many a user can have, simply to keep costs from exploding.

Of course Amazon and AWS don't have this built-in because it would hurt their bottom line too much.
Tickerguy
Posts: 151190
Incept: 2007-06-26
A True American Patriot!
Report This As A Bad Post Add To Your Ignored User List
Don't underestimate the margin hit damage this will impose across the industry and the impact on "new installs" -- it's going to be quite material.

----------
Winding it down.
Johnnyb
Posts: 46
Incept: 2014-10-21

Tulsa, OK
Report This As A Bad Post Add To Your Ignored User List
If I understand it correctly, the attack that affects all processors (Spectre) is not really an attack on the CPU per se. It is actually an attack on JIT compilation, that just uses the CPU as a conduit. Since the CPU doesn't enforce separation of userspace data, then the ability to read userspace data via other means does not seem to be a CPU bug per se. It is a JIT bug, where the JIT is not employing adequate protections.
Login Register Top Blog Top Blog Topics FAQ
Showing Page 1 of 2  First12Last