It's Operating As Designed (ROFL!)
The Market Ticker - Commentary on The Capital Markets
Main Navigation
Full-Text Search & Archives

Legal Disclaimer

The content on this site is provided without any warranty, express or implied. All opinions expressed on this site are those of the author and may contain errors or omissions.

NO MATERIAL HERE CONSTITUTES "INVESTMENT ADVICE" NOR IS IT A RECOMMENDATION TO BUY OR SELL ANY FINANCIAL INSTRUMENT, INCLUDING BUT NOT LIMITED TO STOCKS, OPTIONS, BONDS OR FUTURES.

The author may have a position in any company or security mentioned herein. Actions you undertake as a consequence of any analysis, opinion or advertisement on this site are your sole responsibility.

Market charts, when present, used with permission of TD Ameritrade/ThinkOrSwim Inc. Neither TD Ameritrade or ThinkOrSwim have reviewed, approved or disapproved any content herein.

The Market Ticker content may be sent unmodified to lawmakers via print or electronic means or excerpted online for non-commercial purposes provided full attribution is given and the original article source is linked to. Please contact Karl Denninger for reprint permission in other media, to republish full articles, or for any commercial use (which includes any site where advertising is displayed.)

Submissions or tips on matters of economic or political interest may be sent "over the transom" to The Editor at any time. To be considered for publication your submission must include full and correct contact information and be related to an economic or political matter of the day. All submissions become the property of The Market Ticker.

2018-01-03 17:03 by Karl Denninger
in Company Specific , 564 references Ignore this thread
It's Operating As Designed (ROFL!)
[Comments enabled]

Intel's "big dude" was just on CNBC with a dog and pony show and a host asking questions who obviously doesn't know what the hell he's talking about.

CNBC's people should all be fired.  Not bringing someone in to ask questions who actually understands what is going on here is criminally stupid -- but this is exactly what you'd expect from a channel that has as it's highest calling protecting the stock price of various firms.

Including Intel, I might add.

Let me make this clear:

Anyone who believes that a processor is "operating exactly as designed" when through any combination of unprivileged operations it allows access to data in a higher-privileged ring or one of equivalent privilege but not under the same guest instance, no matter how it happens, is a flat-out liar and in the context of a public company should be indicted NOW for making knowingly-false statements in relationship to their firm and its value.

To claim that this is not a "bug" or "flaw" is equally outrageous; this certainly was not documented or expected behavior by anyone.  That is the very definition of a bug.

The entire premise of privilege "rings" on a CPU is to allow the partitioning of said CPU so that certain data can only be accessed or modified through a series of known, documented and permitted operations.  Said operations then can implement whatever gating functions are appropriate and thus prohibit someone from extracting or changing privileged data without permission -- whether that extraction be from the supervisory code running with said privilege or from another "guest" running at a similar privilege to the item doing the extracting.

If you can get access to any such data via any other means then the entire premise on which the CPU's security model rests is void As just one example of how ugly this can get if I can steal arbitrary data from the running ("ring 0") hypervisor that means I can steal a password hash used to access same or the allegedly-secure private key.  Having done so I can then take all the time in the world to crack that hash offline or simply use said private key and now I'm able to sign into the hypervisor and steal all of the data and software from all of the guest instances on that physical piece of hardware, including any encryption keys that are in use and there is exactly no way for the victim guest(s) to know that it happened.

If you sell someone a product that represents it has such a security model and it can be breached in this fashion, and such person(s) bought that product believing that the security model actually works when it does not it is my contention you have committed fraud and are liable not only for the price of the CPU but also all the consequential damages that, in this case, include the cost of replacement motherboards and system RAM since newer-generation chips without said flaw will not work in the older boards and with older memory designs.

That there are "workarounds" that come with outrageously high performance penalties -- in this case it's being discussed that they may be as much as 50% or more does not change any of this.  You didn't sell said processors disclosing that said "workarounds" were necessary and if you did you might not have sold any of said processors because at the degraded performance level they are likely worthless in the market when compared against others made by competitors.

Intel should be forced to buy back all of the impacted CPUs and the boards and RAM they run with at their original invoiced price, or to replace impacted system boards including the CPU, board itself and RAM with non-defective units of at least equivalent performance since newer CPUs will not socket into the existing boards -- and that assumes the chip is not soldered in place as is the case with some newer laptops, in which case the entire machine needs to be replaced.

Intel knows all of this and they also know that any such obligation imposed upon them going this far back into their product line (hint: we're talking the 1990s here!) would bankrupt the company so now what we have is a dance taking place with media figures that are too ****ing stupid to know what questions to ask and where and when to push back when the game of "dodge" takes place instead of taking that executive and skewering him on live television.

Oh, and if you think this is a "new" discovery by Google as claimed, and "nobody else has or has used it" -- you're nuts.  That I may not be able to prove but there is utterly no reason to believe that state-level actors have had no knowledge of this until the last couple of weeks.

View with responses (opens new window)