Security? LOLOL

[jakell]

There are three (related) bugs, one major one and two minor ones. The AMD processor negates the first two so I shouldn't incur the slowdown.
However, I'm certainly not complacent which is why I'm taking steps and that is the way to approach things. I'm also documenting the process in the spirit of open source.

Your turn now.. what steps are you taking?

None. Never have. I realised 30 years ago, after taking a course in Cobol at college, that 'security' in a digital context was meaningless.

It is meaningful, but it is a relative term - you are treating it as a black and white issue. So, in the real world, it's possible to take steps to enhance one's security as long as one doesn't get wistful about being 100% secure.

It seems to me that you are suggesting that no-one else should take steps because it's a waste of time.

Also, there was a video (can't be arsed to find it - it's dry, technical and features a Norwegian (I think) mathemetician explaining why the algebraic expression used as the backbone of the entire internet security googleplex is hopelessly compromised - incidentally, did you know that the NIST (https://www.nist.gov/) is responsible for this particular algebra - and that there is absolutely no such thing as a secure connection, transaction or messaging system via the internet as we know it. But I already knew that.

Information is power. And boy, are we going to see some of that power wielded shortly.

[C_D]

It is meaningful, but it is a relative term - you are treating it as a black and white issue. So, in the real world, it's possible to take steps to enhance one's security as long as one doesn't get wistful about being 100% secure.

I'm struggling here - to comprehend the concept that whether something is secure or not - isn't a black or white issue.

Is this secure?
Yes Sir, 99.9999%
I'm sorry, I guess you missheard - I asked - is this secure?
As I said Sir, yes - almost completely.
So, it's not completely secure?
Yes, Sir.
Is that a Yes to secure, or a Yes to not secure?
Both Sir, this is not a black or white issue.

Applying shades of grey to an issue that is limited to a cognitive, understanding-based binary outcome may be all the rage in many aspects of political correctness, but applying it to real-world, mechanical outcomes on which unbreakable tenets are founded is a fools game.

Or maybe it's me - maybe the world has moved on - to a place where the language used to convey concepts is so blurred as to effectively have no meaning any more. It's a possibility.

[jakell]

Consider your doorway to the house.
You may close door to stop people wandering casually in, a first level of security.

People can still enter easily though so you put a lock on it which would be the next level of security. A lock can be picked however and even if the lock can't be picked, the door can be kicked in relatively easily if there is only only one fastener,

To make it a lot harder to kick the door in one could add a couple of deadbolts, or even other locks. Which would be another level of security. Even with this though, extra force will gain entry, or the intruder may go looking for an easier way in than the door.

Once it's understood that no amount of tackle will stop a determined intruder from entering then we move to burglar alarms, guard dogs and security people, another level of security. Even these can be circumvented though and we realise that one is never 100% secure.

So, it's not a black and white issue, there are degrees of security.

What you provided is the sort of conversation one would have with a child (characteristically, the child is the questioner):

Is this secure?
Yes Sir, 99.9999%
I'm sorry, I guess you missheard - I asked - is this secure?
As I said Sir, yes - almost completely.
So, it's not completely secure?
Yes, Sir.
Is that a Yes to secure, or a Yes to not secure?
Both Sir, this is not a black or white issue.

[C_D]

Consider your doorway to the house.

There was no door.
Or even, I suspect, a frame to enclose it.

I've said what I had to say - take it as you will.

[jakell]

At least we've established that 'security' is not a black and white thing. I would say that is a no-brainer, but some people might be tempted to go with it and then get pissy that they've been misled.. let the buyer beware is a good one to remember, especially as we had a stark scenario above starring a manchild and evil-salesperson.

I mentioned the spirit of open-source above and a component of that would be the assumption that almost anyone (even that manchild) could be looking in on, and influenced by, what is said. Based upon this I would say it important to be as factual as possible.

[C_D]

There's a stark choice on the horizon for us all, jakell.

It's going to boil down to belief.

Belief in the relative safety but monotony of The Way Things Are or belief in the unpredictable Way Things Might Be.

It's going to be very, very close as to which way it swings.

One result leads to much of the same, the other to something radically different. Something possibly wonderful, or possible horrible.

I've always a enjoyed a gamble, so I've booked a seat in the front carriage of The Way Things Might Be.

[jakell]

For those of a conspiratorial bent, there is an interesting wrinkle occurring, but first a little history (again):

Possibly through both having a hitherto independantly earned lion's share in the business market, Intel (hardware) and Microsoft (software) became intertwined for quite a long time and up to the present day. This is not to suggest that they have collaborated, but at some point the benefits of this relationship will have become obvious to both.
Outside of the two companies people were not so shy of remarking on this and therefore the products of this intersection were dubbed 'Wintel' machines.. this probably comprises 70%+ of desktop computers out there and very likely 95% of laptops.

Microsoft have been the first (4th Jan) to release a public patch for the Meltdown and Spectre bugs and, surprise surprise, it causes problems on AMD machines (sometimes severe), the main competitor of Intel.
Linux should be releasing theirs today, it seems they want to 'get it right' and not rush it out.

[C_D]

I run an 8-core AMD chip - Windows 10 has updated today and I've noticed no drop in framerate on my most labour intensive games.
That's not to say that something might be coming down the pipeline that fucks it all up - these fixes are rushed, under-pressure knee-jerk responses that will possibly - long term - prove to be ineffective.
There will also be seemingly redundant, as-yet undetected fallback exploits to keep that information flowing.
At least hackers with a conscience know where to look, now that the sacrosanct has been broken.

[C_D]

https://cloudblogs.microsoft.com/micros ... s-systems/

[jakell]

I run an 8-core AMD chip - Windows 10 has updated today and I've noticed no drop in framerate on my most labour intensive games.
That's not to say that something might be coming down the pipeline that fucks it all up - these fixes are rushed, under-pressure knee-jerk responses that will possibly - long term - prove to be ineffective.
There will also be seemingly redundant, as-yet undetected fallback exploits to keep that information flowing.
At least hackers with a conscience know where to look, now that the sacrosanct has been broken.

Sounds like you have been one of the lucky ones, the problems I've heard of are mostly in booting, probably once you have got a good startup then things are ok, I'm not sure what the Windows update does (does anyone?), but maybe it selectively only applies the Meltdown patch to Intel CPU's and not to AMD, which is the way it should be. I've just found out that this is what the Linux one will do so when I get around to building the AMD system (which might be a while) then I should benefit from that.

I find it quaint that Microsoft provide info on the various bugs, and also on their alleged fixes when (on W10) you have no control over updates anyway. It's pretty useless information if one cannot act on it.

[jakell]

My Linux system is now patched for the Meltdown bug and the microcode updates for Spectre** are applied. Windows user should probably use one of the checks available to see if these are actually active rather than just relying on vague updates that may or may not be doing what they claim.
I haven't noticed any significant slowdown, but then I'm not really a power-user and there is plenty of overhead in modern CPU's (less so for Intel for the near future). The problem with an Intel machine is that a software fix can be switched off by malware once has been allowed into the system so the only real solution is a hardware fix. Therefore the only definite solution for Meltdown is to use an AMD processor (or buy one of the upcoming 'fixed' intel ones).

It's going to take a while to develop these exploits into usable Malware, and Spectre is by far the most tricky one to do, so I'm not too worried about sticking with Intel for the time being, especially as I'm not a Windows user. Eventually though, my Intel machines will only be used for my secondary workstations and for gaming, they won't be going on the internet.

** Apparently this exploit also needs patched applications in most cases, so Firefox should be updated to v57.0.4

[C_D]

Priceless.

Fitness Tracking App Accidentally Reveals Secret US Military Bases, CIA "Black" Sites

An interactive online fitness tracking map published in November of 2017 which compiles a running history of the location and routes of 27 million fitness-device users has unwittingly revealed the location, staffing, patrol routes and layout of U.S. and foreign military bases around the world.

https://www.zerohedge.com/news/2018-01- ... lack-sites