Reality Meets Hype, Film At 11
The Market Ticker - Commentary on The Capital Markets
Login or register to improve your experience
Main Navigation
View what THE MEDIA does NOT want read

MUST-READ Selection(s):
Ok, I'll Do It Again

Stick To Your Beliefs

The 28th Amendment

America Is DONE

Revolt Or Collapse: Pick One

The Bill To Permanently Fix Health Care For All

Display full list of topics

Sarah's Resources You Should See
Sarah's Blog
Full-Text Search & Archives
Archive Access
Leverage, the book
Legal Disclaimer

The content on this site is provided without any warranty, express or implied. All opinions expressed on this site are those of the author and may contain errors or omissions. For investment, legal or other professional advice specific to your situation contact a licensed professional in your jurisdiction.

NO MATERIAL HERE CONSTITUTES "INVESTMENT ADVICE" NOR IS IT A RECOMMENDATION TO BUY OR SELL ANY FINANCIAL INSTRUMENT, INCLUDING BUT NOT LIMITED TO STOCKS, OPTIONS, BONDS OR FUTURES.

Actions you undertake as a consequence of any analysis, opinion or advertisement on this site are your sole responsibility; author(s) may have positions in securities or firms mentioned and have no duty to disclose same.

Market charts, when present, used with permission of TD Ameritrade/ThinkOrSwim Inc. Neither TD Ameritrade or ThinkOrSwim have reviewed, approved or disapproved any content herein.

The Market Ticker content may be sent unmodified to lawmakers via print or electronic means or excerpted online for non-commercial purposes provided full attribution is given and the original article source is linked to. Please contact Karl Denninger for reprint permission in other media, to republish full articles, or for any commercial use (which includes any site where advertising is displayed.)

Submissions or tips on matters of economic or political interest may be sent "over the transom" to The Editor at any time. To be considered for publication your submission must be complete (NOT a "pitch"), include full and correct contact information and be related to an economic or political matter of the day. Pitch emails missing the above will be silently deleted. All submissions become the property of The Market Ticker.

Considering sending spam? Read this first.

2023-11-15 07:00 by Karl Denninger
in Technology , 300 references Ignore this thread
Reality Meets Hype, Film At 11
[Comments enabled]

This one got my attention; compliments of Janet sending me the article....

A 112-page class action complaint was filed this week by plaintiffs represented by Bathaee Dunne. News of a Bathaee Dunne-led lawsuit against Intel over the Downfall vulnerability emerged in late August, when the law firm announced that it was preparing to file a complaint.

The plaintiffs say the Intel CPUs they have purchased are “defective” because they are either left vulnerable to cyberattacks or they have significantly slower performance due to the vulnerability fixes made available by the chip giant.

The complaint says Intel has known about speculative execution vulnerabilities in its processors since 2018, when cybersecurity researchers disclosed the existence of two attack methods named Meltdown and Spectre. 

The speculative execution problem has in fact been known as a "risk" since 2018 but the technique pre-dates that, and not by a little.

The basic problem is that one can accurately "guess" what is in some other allegedly "protected" part of the CPU's execution space by causing it to take what amounts to a complex form of a cache miss.  Modern CPUs get a decent amount of their performance by "pipelining" things that they believe will be next and if you can force that belief to be false you can, in some cases, figure out what is in the unit's cache which you're not supposed to have access to.

The bad part of this is that things used for high-intensity computational determinations -- that is, which are used a lot when moving data around -- tend to include important stuff like encryption keys.

If you manage to get that you can break into someone else's data stream or worse, potentially break into data at-rest which you get ahold of but is in encrypted form.

The suit rests on the premise that Intel promised and published performance information, and thus induced people to buy their products, knowing that this risk, if mitigated, would make those performance claims false and if not mitigated the CPU in fact is not secure when used by a mixture of tasks, some of which are untrusted.

Of course fair and full disclosure would not be a liability-generating event.  But there was, the suit alleges, no fair and full disclosure and in fact the claim is that Intel knew damn well that these sorts of "side attacks" are possible due to design decisions which they had to make in order to hit performance metrics that form the basis for all of the marketing which references, of course, the speed of performing calculations.

Were I on a jury I'd be inclined to find for the plaintiffs based on my knowledge of how all modern CPUs work and given the performance claims made, coming at this as someone who has bought said CPUs and then had the fact that they required these performance-destroying updates to be used in order to be secure in a mixed-trust environment.  My mind could be changed, however, depending on what is developed at trial.  It will be interesting to watch the progress of this suit in that in order to win the plaintiffs have to convince either a Judge or Jury of those facts, and I suspect most people lack the intellectual chops to analyze the issue in any sort of reasonable fashion.

We'll see.

The unappreciated part of this, however, is that there's a way to avoid needing these microcode updates, and modern operating systems load them as part of the boot which means they can be turned off.  That is, you don't need to take the performance penalty (and its extremely severe) if you have control over everything that runs on that machine.

This of course means you own the computer and what is on it.

If you don't, however, then the provider of said resource is basically compelled to enable these patches because if they don't, knowing the risk exists and you get screwed the provider is now potentially liable and that liability could, in many cases, be literal enterprise-ending in terms of damages particularly if you get hit with punitive damages and given actual knowledge of the risk that would be reasonable too.

In other words the promise of "cheaper" by putting it on the "cloud" just got smoked, not by a little, and it can't be fixed except by not using cloud infrastructure for anything that has a security context associated with it -- which is damn near everything except public-facing information you intend for anyone and everyone to see (like this article, for instance.)

Oops.

Go to responses (registration required to post)
 


 
Comments on Reality Meets Hype, Film At 11
Login Register Top Blog Top Blog Topics FAQ
Page 1 of 2  First12Last
Discernment 6 posts, incept 2021-09-27
2023-11-15 08:43:32

Part of intel ME I suppose? How unsurprising, the backdoor is a backdoor. The CIA must be fuming.
Tickerguy 200k posts, incept 2007-06-26
2023-11-15 08:46:56

No @Discernment; ME is a different issue and a potential backdoor (but nobody has demonstrated a viable attack using it -- yet. Using ME "as intended" is not an attack.)

Essentially what you do here is perform operations in an order that allows you to "infer" what is in some OTHER processes' protected space, in the CPU's cache. By forcing a branch miss after it "predicted" you'd take it, for example, you can (by difference in timing) infer what is "across the Chinese wall" although you can't directly access it. What's particularly nasty is that hardware acceleration of things like encryption (e.g. AES-NI instructions) are put into the CPU specifically because doing that in software is quite slow where doing it with dedicated hardware is a LOT faster, but this in turn means that the keying has to be in the CPU's cache lines and if you infer THAT the other guy is fucked.

----------
"Anyone wearing a mask will be presumed to be intending armed robbery and immediately shot in the face. Govern yourself accordingly."
Twiggler 217 posts, incept 2021-02-02
2023-11-15 08:56:59

Question: If (and it may be a big if given todays jury pool ) the plaintiffs win, could this case set precedent in other enterprise verticals, say healthcare and pharmaceuticals?
Tickerguy 200k posts, incept 2007-06-26
2023-11-15 08:57:52

This is rather-specific @Twiggler to that fact set I suspect. But the fact set, that is, knowing something LIKELY bullshit and selling someone on "benefits" that are not real, collecting money from them, well, you'd think that's generalized right?

----------
"Anyone wearing a mask will be presumed to be intending armed robbery and immediately shot in the face. Govern yourself accordingly."
Smooth 152 posts, incept 2020-03-26
2023-11-15 09:15:56

I remember back in the 90s when one of Intel's Pentium iterations was unable to add digits correctly. Intel told people it wasn't a big deal because people don't use computers as calculators anyway, and refused to provide any remedy. Ultimately they were forced to fix the issue.

This is the central issue with the PREP Act and the Vaccine Injury Act that the fake conservative Reagan signed in 1986 -- companies will do whatever they can to not be held accountable.

The primary thing that makes companies create non-defective products is the threat of litigation.

Remove that, provide immunity, and you get poison masqueraded as drugs, or "vaccines" by a the definition Pharma and FDA came up with together.
Tickerguy 200k posts, incept 2007-06-26
2023-11-15 09:16:17

That was floating point @Smooth and yeah, it sucked big ones.

----------
"Anyone wearing a mask will be presumed to be intending armed robbery and immediately shot in the face. Govern yourself accordingly."
Onething@atime 147 posts, incept 2020-04-25
2023-11-15 09:57:04

Smooth wrote..
Intel told people it wasn't a big deal because people don't use computers as calculators anyway
I remember that one. It still sounds stunningly stupid even by today's standards.
Bw3 57 posts, incept 2011-12-04
2023-11-15 10:44:05

Is the personal remedy to use a computer with a Ryzen chip by AMD?
Tickerguy 200k posts, incept 2007-06-26
2023-11-15 10:44:45

Why do you care @Bw3 if you control the software on the box?

----------
"Anyone wearing a mask will be presumed to be intending armed robbery and immediately shot in the face. Govern yourself accordingly."
Lt.slothrop 133 posts, incept 2023-05-01
2023-11-15 12:06:49

Their sh!t doesn't work because they're backdooring everything. The idea of anonymity online is absurd. Hence Nikki Haley wanting to ban online anonymity is not only, on a scale of 1 to Stalin, now a sold 7, but totally fk'g stoopid.

TPTB are scared, and they should be.
Twiggler 217 posts, incept 2021-02-02
2023-11-15 12:07:04

@TG

This suit and all the circumstances surrounding really speak to use of 'the cloud'.

My take ever since 'cloud' computing became more mainstream was alluded to in a sports show I watch. One of the talking heads were talking about agents and others trying to inject to a highly thought of college player to not try and get back from injury quickly; that it would hurt his future professional status. One of the talking heads made the statement that everyone is working an angle.

The people and companies running 'cloud' offerings all have some angle or stake in driving others to use their services. Follow the cash.

I'm still of the opinion if its core and/or has business critical information, it is far better to be on-prem than off. If you don't own it, it ain't yours. Yes, it may cost more; but does it really long term?
Raven 16k posts, incept 2017-06-27
2023-11-15 12:07:26

"That is, you don't need to take the performance penalty (and its extremely severe) if you have control over everything that runs on that machine."

If i am understanding the risk as it was explained to me a long while back, this rules out any commercial OS and software packages as one does not know the complete background processes contained within them. They themselves could be the exploits by accident or design.

Truly owning something means that one can discover the design and every function of it.

Am i completely off base with this?

----------
Mission Complete
Tickerguy 200k posts, incept 2007-06-26
2023-11-15 12:09:17

Well @Raven there is nothing preventing someone from using (for example) FreeBSD (open source, you can look at it all) or even Xen (also open source) hosting FreeBSD, Postgres on top of that for a database (again, open source, you can look at it all), OpenSSL for encryption (same), apache or ngnix for web (same) and build your application(s) in-house (same.)

Oh wait... I do that, don't I? Hmmmm.... guess its not impossible.

----------
"Anyone wearing a mask will be presumed to be intending armed robbery and immediately shot in the face. Govern yourself accordingly."
Zanker 107 posts, incept 2022-12-06
2023-11-15 12:26:30

This means turn off javascript if you plan on browsing the web with an intel cpu.
But I'll have to reassess this.
Apple ARM chips uniquely among ARM implementations got caught up in both spectre and meltdown dating back to the iPhone 5 or so, because apple cpu designers are largely intel sandy bridge recruits.
I should take a closer look at downfall to see if they're an affected product since we all have apple devices be it a work phone or a personal choice.

I have trust issues with ME as well. My high trust environment consists of three hosts: one is a core2duo+ddr3 thinkpad (q45 chipset I think) with libreboot firmware, an ivy bridge supermicro host whose firmware has received me_cleaner and BMC is left disconnected, and a pcengines box running openbsd booted by coreboot. These are also internet facing boxes, and for extra measure (against ME exposure) the supermicro box doesn't have its intel NICs connected to anything but instead broadcom dual 10Gb card.
Mixed trust is a few desktops and servers, and by mixed trust I mean I don't necessarily vet the code I run, but it is all my execution.
Ajkalian 222 posts, incept 2015-09-16
2023-11-15 12:54:05

Microsoft Windows is Spyware plain and simple, always has been.
In Version 7 there were about 500 Event Logs.
In my Windows 10 there are over 1,146 Event Logs.

They have an extension of .EVTX and are stored in: C:\Windows\System32\winevt\Logs

And if you want to take a look at each of the Event Logs download Event Log Explorer from here:
https://www.eventlogxp.com


If you want to clear all of them, open up a CMD window as administrator and run this script.

FWIW, I do this once a day since I have never needed to use any information contained in any of the event logs.



goto around.this
:: Created by: Shawn Brink
:: Created on: August 15th 2016
:: Updated on: July 25th 2018
:: Tutorial: https://www.tenforums.com/tutorials/1658....

:around.this
@echo off

FOR /F "tokens=1,2*" %%V IN ('bcdedit') DO SET adminTest=%%V
IF (%adminTest%)==(Access) goto noAdmin

for /F "tokens=*" %%G in ('wevtutil.exe el') DO (call :do_clear "%%G")
echo.
echo Event Logs have been cleared! ^
goto theEnd

:do_clear
echo clearing %1
wevtutil.exe cl %1
goto :eof

:noAdmin
echo You must run this script as an Administrator!
echo ^

:theEnd
pause>NUL




.

Last modified: 2023-11-15 13:08:54 by ajkalian
Raven 16k posts, incept 2017-06-27
2023-11-15 13:26:44

Makes sense Karl, thanks for the examples.


----------
Mission Complete
Djsnola 371 posts, incept 2009-03-16
2023-11-15 13:50:56

Smooth 147 posts, incept 2020-03-26
2023-11-15 09:15:56

I remember back in the 90s when one of Intel's Pentium iterations was unable to add digits correctly. Intel told people it wasn't a big deal because people don't use computers as calculators anyway, and refused to provide any remedy. Ultimately they were forced to fix the issue.

This is the central issue with the PREP Act and the Vaccine Injury Act that the fake conservative Reagan signed in 1986 -- companies will do whatever they can to not be held accountable.

Thanks for sharing this @Smooth

The more I learn about Reagan the more confused I am about why the guys is so lauded when so much of the crap we deal with today is a result of his shortsighted decisions. Amnesty the biggest one!

Tickerguy 200k posts, incept 2007-06-26
2023-11-15 13:51:31

Well I for one voted for him but then I woke up and today I'll like to skullfuck his corpse.

----------
"Anyone wearing a mask will be presumed to be intending armed robbery and immediately shot in the face. Govern yourself accordingly."
Erroldo 681 posts, incept 2013-09-12
2023-11-15 17:54:57

Yep, that floating pint bug was costly. I was just starting my career in the semi space then.
Hapie 304 posts, incept 2020-07-25
2023-11-15 18:35:26

I have switched to Fedora 38 Workstation on all my PCs that used to run Windows, except for one. One PC is still running Windows 10 only because of a much needed software package that runs only on Windows.

Windows is a POS compared to Security Enhanced Linux (SELINUX).

Despite all the stealing Microsoft did from Apple, UNIX, Linux etc. etc., they could never get is right, even in 35 years.

How can Bill Gates ever get the "vaccines" right??

Doladin 201 posts, incept 2022-01-15
2023-11-15 20:29:57

Everyone seems to think the technology will just get better, smaller, faster, more efficient.

It seems not only is that not happening, but everything is becoming proprietary and closed system

Worst of all, tech problems are being exported to every industry imaginable. Did anyone see the Rivian thread where they made a mistake in their OTA update? As if computers and sensors in cars weren't bad enough, they now have constant OTA WITH ERRORS.
Smooth 152 posts, incept 2020-03-26
2023-11-16 09:23:38

@djsnola --

Fake conservative Reagan talked a great game, but he was a raging big-government liberal at heart. IMO he did four major things that completely fucked us long-term that we are suffering from today:

1. He, along with his budget guru David Stockman, continually ran huge (by the measures of the early-mid 80s) deficits, to the point where they essentially became normalized. Now almost everyone in the US seems to accept the idea that running deficits year after year is OK. The notion of a balanced budget is a joke, anyone who still advocates for that is looked at as a kook. People are too dumb to understand that the gigantic debt/deficits result in higher taxation in the form of currency devaluation, just as raising taxes to actually balance the budget would.

2. He granted amnesty to 11 million criminal aliens with the stroke of a pen, with the idea that it would be the "last time". He knew damn well that was a lie. All it did was attract more criminal aliens with the hope that they would get amnesty too.

3. Signed the vaccine injury act which gave full immunity to all manufacturers of vaccines, which has led to the explosion in vaccines against every possible disease to make money even with unnecessary, defective products and now even drugs which are intentionally mislabeled as vaccines, like the experimental COVID drugs. In a free market, no one should ever get legal immunity for any product, period.

4. He signed into law the EMTALA Act, which formalized and normalized cost-shifting of medical expenses from people who had no money to those who did have money. Essentially it mandated that doctors/hospitals give free medical care under certain circumstances (specifically, if an argument could be made that denial of such care would result in a threat of loss of life/limb). The law essentially mandated that goods and services must be handed over for free -- no different than government-mandated theft.

Reagan was one of the worst presidents we ever had. I think we would have been much better off long-term if we had had another four years of Carter.
Metalqueen 439 posts, incept 2021-09-10
2023-11-16 13:38:45

@Smooth

Couldn't agree more. I would add that the Federal government coercion to raise the drinking age to 21 which was promoted and endorsed by his administration was the final death knell to any remnants of federalism or "states rights". Once this action was okayed by SCROTUS, states were left with no other choice than doing what they were told by Fedgov or else getting kicked off of the money train.

Fuck Reagan's dessicated corpse with a rusty smiley

----------
Make smiley building great again!
Raven 16k posts, incept 2017-06-27
2023-11-16 15:20:59

My Mother saw right through Reagan when he first appeared on the National scene. She was quite vocal about it. Had a lot to do with his party shifting and his record in the State of California where Mom also noted that he set in motion the things which would ultimately create the mess which we know and love now.

Never forget that during the so-called Reaganomics our problems of trade and de-industrialization were solidified by his administration. Look at the origin of much of the chips, hardware and other items of the Electronics and by extension the Computer Revolution. We should have owned that.

There is so much more, however people were all caught up in the false prosperity and promised prosperity in his build up of .gov employment and the new business of turning over money instead of making things.

----------
Mission Complete
Login Register Top Blog Top Blog Topics FAQ
Page 1 of 2  First12Last

Click for DMCA and User Conduct complaints, along with our privacy policy.
AKCS V52.3 Copyright 1993-2022 Karl Denninger. All Rights Reserved. [Elapsed: 94 ops in 0.041, 0.001 log, 0.119 runtime seconds]
Email the AKCS Owner