Spork Boards

iBox (the hardware)

Cloudscout's Avatar Picture Cloudscout – January 14, 2008 03:08PM Reply Quote
iBox
Box mini
Box Pro
BoxBook
BoxBook Pro

The more the boxes change, the more they stay the same... or don't.

(talk about the hardware here)

ARL (Moderator) – January 03, 2018 08:11PM Reply Quote
I whinge therefore I am!
Quote
John Willoughby
Secure or fast. Pick one. Security fix will slow down Intel machines up to 30%.

Fast please...

John Willoughby – January 04, 2018 12:07AM Reply Quote
Cyberdyne Systems Customer Support
Quote
ARL
Quote
John Willoughby
Secure or fast. Pick one. Security fix will slow down Intel machines up to 30%.

Fast please...

Apple and Microsoft will make the decision for you. Enjoy!

YDD – January 04, 2018 09:37AM Reply Quote
Have Apple even noticed there's an issue with such a minor part of their product line? I'm not seeing any updates in AppStore.

Currently, a lot of people have fingers crossed about the Windows update, as it rolls across servers. We'd been expecting a few more days to test and prepare.

porruka (Admin) – January 04, 2018 11:23AM Reply Quote
Failure is pre-greatness.
Quote
YDD
Have Apple even noticed there's an issue with such a minor part of their product line? I'm not seeing any updates in AppStore.

Currently, a lot of people have fingers crossed about the Windows update, as it rolls across servers. We'd been expecting a few more days to test and prepare.

This was reportedly fixed a couple months ago on the MacOS side. No link ATM but I think it was on Cult of Mac.

John Willoughby – January 04, 2018 01:50PM Reply Quote
Cyberdyne Systems Customer Support
Supposedly it was partially fixed in 10.13.2 (what does a partially-fixed security hole mean?) and the rest of the fix is due in 10.13.3.

ARM confirms that their chips are vulnerable. They just provide reference designs, but this is a low-level enough issue that Apple's custom ARM chips are probably impacted.

[EDIT]
From the comments, a description of the 10.13.2 fix, and hints as to what still needs to be done:

Essentially, the vulnerability resides in Intel Processors ability to 'speculate' as to what code needs to be executed next, and execute it in advance so that it is cached and ready for the real execution. The vulnerability allows for the security context of that code execution to escalate from user land (referred to as ring 3) to kernel land (referred to as ring 0). The significance is that the Kernel memory houses sensitive information on the system that, once read, can be leveraged to escalate privileges. Double mapping adds an additional buffer between the kernel and user, which mitigates but doesn't completely solve the vulnerability. That is why additional 'tweaks' are necessary in 10.13.3.



Edited 1 time(s). Last edit at 01/04/2018 01:54PM by John Willoughby.

porruka (Admin) – January 04, 2018 02:06PM Reply Quote
Failure is pre-greatness.
The extended twitter comment stream (https://twitter.com/aionescu/status/948609809540046849/photo/1) has more interesting tidbits (safely padded by sufficient noise) for the ambitious in the crowd.

John Willoughby – January 04, 2018 02:08PM Reply Quote
Cyberdyne Systems Customer Support

Mokers (Moderator) – January 04, 2018 02:20PM Reply Quote
Formerly Remy Martin

John Willoughby – January 04, 2018 03:25PM Reply Quote
Cyberdyne Systems Customer Support

John Willoughby – January 04, 2018 05:39PM Reply Quote
Cyberdyne Systems Customer Support
If you've got a non-Microsoft Windows PC, you must wait for a firmware update to get the fix. Yeah, I'm sure that all those manufacturers will be right on that.

John Willoughby – January 04, 2018 05:41PM Reply Quote
Cyberdyne Systems Customer Support

YDD – January 04, 2018 06:51PM Reply Quote
I suspect that we're going to see quite a few more issues like this in the future. Having read the detailed descriptions of Meltdown and Spectre, the basic flaw is going to be present in any chip with speculative execution (up to 188 instructions apparently in some chips) and some suitable side channel (processor caches being used this time). Meltdown itself was further due to Intel chips not checking for privileged access during speculative execution, so that bit is fixable (with new silicon). However, the basic mechanism of Spectre.... not so easy to work around.

One of my colleagues has been pointing out that Itanium is immune to this, since it relied on the compiler ordering the instruction stream ;-)

John Willoughby – January 04, 2018 07:15PM Reply Quote
Cyberdyne Systems Customer Support
My abacus is likewise immune, but in no way desirable. I suspect that you're right about future issues.

Cloudscout – January 04, 2018 07:27PM Reply Quote
Det finnes ikke dårlig vær, bare dårlige klær!
I think my MOS 6510-based systems are okay.

John Willoughby – January 04, 2018 09:20PM Reply Quote
Cyberdyne Systems Customer Support
Apple says all Macs, iPhones, and tvOS devices affected. Front page of CNN. No such thing as bad publicity...

porruka (Admin) – January 05, 2018 03:42PM Reply Quote
Failure is pre-greatness.

Dr Phred (Moderator) – January 05, 2018 08:37PM Reply Quote
owned by the mothership.
I’m sticking with my Newton until all this blows over.

John Willoughby – January 05, 2018 09:11PM Reply Quote
Cyberdyne Systems Customer Support
Still an ARM chip, probably still vulnerable. Of course, I don't think too many people are looking to exploit Newton vulnerabilities.

El Jeffe – January 06, 2018 02:01PM Reply Quote
What a journey.
my mainframe co workers are gloating, but not sure they can... watching news

johnny k – January 10, 2018 09:55AM Reply Quote
Anyone bought a third-party battery for a MBP? For my 2010, seems to be three tiers: $100 from known vendors like NewerTech, $70 from random Chinese vendors that seem to have solid Amazon reviews (thanks for Fakespot, BS), and ~$40-50 for somewhat sketchier Chinese vendors (tempted to go with Puredick for the name).



Edited 1 time(s). Last edit at 01/10/2018 09:56AM by johnny k.

Sorry, only registered users may post in this forum.

Click here to login