A Call For Calm Panic

Avatar

Patrick

Patrick is a mid-40 year old geek with an undergraduate degree in mathematics and a master's degree in Information Systems. Nothing he says here has anything to do with the official position of his employer or any other institution.

Related Post Roulette

65 Responses

  1. Avatar Jaybird says:

    First off, the CEO of Intel just sold a bunch of stock before this announcement.

    That guy should be publicly shamed.

    Second off, I’m waiting to hear that the (acronym) knew about this for years and years and years.

    Third off, if you are a young person wondering what they should do with their life, have you considered IT? Get a CASP if you’re an engineer type, get a CISSP if you’re more into sitting in meetings.Report

    • Avatar Patrick says:

      Concur with all three.

      What’s interesting is after Snowden’s dump revealed a lot of NSA tricks in the goodie bag, this didn’t come up. So it’s possible that “alphabet-soup-agency” hadn’t found this trick yet…Report

    • Avatar Joe M. says:

      Jaybird:
      First off, the CEO of Intel just sold a bunch of stock before this announcement.

      I’ll offer an alternate explanation: Tax avoidance. Per TCJA, he would likely pay about 5% more of his gains to the Federal Govt after Jan 1, 2018. Living in CA with a base salary of $10M, he surely will max the SALT deduction of $10k. So any incremental tax paid to CA at 13.3% would no longer be deductible on his Federal income tax. He ain’t the only one either. Lots of folks rushed at EOY to pull income into 2017.

      This is one of the tricks in TCJA to make things look rosy for 2018 election, but that is another discussion.Report

  2. Avatar Oscar Gordon says:

    Because the Equifax data breach wasn’t enough of a pain…Report

  3. Avatar Kazzy says:

    What if I watch semi-normal porn in Incognito windows?

    Asking for a friend.Report

    • Avatar Brandon Berg says:

      It’s less about the actual content than about how shady the sites hosting it are.

      That said, I’ve been getting a lot of browser-redirecting ads on my phone from (non-porn) sites I would have expected to be pretty trustworthy. It looks like some of the ad networks are allowing advertisers to embed JavaScript in their ads, which may mean all bets are off pretty much everywhere.Report

      • Avatar Kazzy says:

        I guess I use most of the more common streaming sites? I don’t (knowingly) download anything.

        I mean he… he… my friend…Report

        • Avatar Fnord says:

          Exploiting this in javascript requires a browser bug as well as a vulnerable CPU (in order to give javascript access to the high-precision timing information required). However, if the browser bug and vulnerable CPU are present, you don’t have to download anything to be affected.

          The latest Windows 10 update included a fix for Edge (and, probably incomplete, mitigation for everything) and the Chrome and Firefox fixes are scheduled for around January 23.Report

          • Reports earlier today that the latest Microsoft update is semi-bricking some machines that have AMD processors. Machines won’t boot normally, but will support a re-installation of the OS. Later reports speculate that MS distributed an Intel patch that didn’t check for non-Intel processors.Report

  4. Avatar North says:

    But.. I really really want/need a new computer… six months? Really? God(ess?) damn it!Report

    • Avatar Jaybird says:

      You can get one now if you’re willing to look at the speed and get rid of 30% of whatever you see.

      Hell, you can probably get some good deals!Report

      • Avatar North says:

        I am infinitely too cheap to buy a brand new machine and write off 30% of its processing power. Hell, I was already struggling because buying premade machines seems like overpaying, I don’t have the confidence/skills to design/build a box of my own but my social circle of tech nerds is limited. Guh!Report

        • Avatar Oscar Gordon says:

          It’s really not hard to do. I taught myself how to do it back in the late 90’s. And honestly, since about 2005, I have to reteach myself how to do it everytime I need to build a new machine every 3 or 4 years because the technology has changed so much since the previous build.Report

        • Avatar Dark Matter says:

          I was already struggling because buying premade machines seems like overpaying,

          @north
          Go to Dell refurbished and buy the cheapest 64 bit computer they have. This is about $100.

          You’ll get a 4-years-old-out-of-the-box computer which (by definition) is slow and sucks.

          Then install Ubuntu on it (which is free), and now it’s changed from “slow” to “acceptable”. Windows is serious bloatware, and requires serious hardware to deal with that. Linux sidesteps that issue.

          This will last 5 years, maybe longer.

          Because it’s four year old hardware you can handwave Linux’s normal “drivers don’t exist” potential problems, the hardware has been out there far more than long enough.Report

          • Hear, hear! (I’ve been a Linux evangelist since ’92.) Linux gets a lot out of old hardware [1]. The laptop I use when I need to have one is a ThinkPad old enough that it says “IBM” on it (which makes it at least nine years old). For a surprising number of things the user interface and application software is plenty snappy enough to be comfortable. I do some things that are processor-bound, and those take an unpleasant amount of time, but they do eventually finish.

            The Mac Mini I use for my desktop machine now is probably my last non-Linux box. The only Apple-specific program that I’ll be reluctant to give up is Mail, but that’s more because I’ve used it long enough to be habituated.

            If you are dependent on Windows-only software, and insist on Windows 7, Amazon is still selling it (~$150), there’s free virtual machine software available for Linux, and if your hardware is only $100… you can connect the dots.

            I prefer Debian to Ubuntu, but I’m a really old UNIX guy.

            [1] At the tail end of my R&D career at <giant telecom company>, I was doing a variety of research things that Windows simply wouldn’t support (okay, absent spending a lot of money for a license to the source code and permission to hack at it) but Linux would. People frequently came by my office, cradling a beige/black box or laptop in their arms, with some variation of, “IT says my baby won’t support the required upgrade to the new Windows; can you find him/her something useful to do?”Report

          • Avatar North says:

            Ok, so how does a person who knows absolutely nothing about computers install and use Ubuntu on a new computer? Also will Linux run all the games I want to play which is the entire point of getting the box?Report

            • Avatar Jaybird says:

              Well, you can check Steam’s Linux lineup here and GOG.com has a list here.

              So, for Gog, the short answer is “not really” but the longer answer is “yes, if you’re hoping to play Heroes III or Arcanum or Master of Orion 1+2.”

              Steam shows a little more promise… I’ll recommend everything by Klei (check out Invisible Inc!), Dungeon Warfare, Gunpoint, FTL, X-Com: Enemy Within… but none of those are really games that you’d buy a graphics card from the last year or so for.

              But if you’d rather play tried-and-true than the latest fad, yeah, the Linux box is exactly what you need.

              And get a PS4 for the new hotness. You can, at least, use that as a Blu-Ray/Netflix box when you’re not playing it.Report

              • Avatar North says:

                Oh yes, we have a PS4, it’s a useful and versatile machine and has replaced cable entirely for us (with huge savings). God(ess?) bless fiber internet.Report

              • Avatar Morat20 says:

                Not for much longer. I saw a lengthy reddit post on “the future of the internet” (specifically, ISP’s goals for it) and it was both unpleasant and very, very likely.

                The short version? Over the next five years, expect data caps to drop to very, very small numbers. While your ISP also offers “packages” that exempt programs from counting towards your cap.

                10 GB monthly cap, with ridiculous fees after that, for 50 bucks a month.

                But for another 8 bucks, Netflix doesn’t count towards your cap. Another 8 and Hulu doesn’t. 5 gets you HBO Go…..

                In short, this whole net neutrality fight is cable’s response to cord cutters. They’re going to make you pay for your channels, come hell or high water. And streaming services are basically just premium channels….

                Add in the FCC cheerfully looking to reclassify broadband so more of the country is magically covered, well….Report

              • Avatar North says:

                Hmmm, that sounds horrific and just the kind of thing Comcast or their ilk would merrily do. Our fiber provider is US Internet and we could kick them to the curb if they tried jacking rates that way. I live snuggled up next to the Minneapolis urban core so we have a couple internet options. I believe you with what you’re predicting is coming but I suspect I live in one of the areas where such an impact will arrive last if it arrives at all.Report

              • Avatar Kazzy says:

                @morat20

                How will that impact non-cord cutters who still stream? I have an HBO subscription with my cable company but sometimes watch HBOGo on my AppleTV in another room (without a cable box).Report

              • Avatar North says:

                Most likely two snakes one tunnel. You’d wanna change your habits pronto.Report

              • Avatar Oscar Gordon says:

                Well, if the FCC won’t, the states might.

                At the very least, I’d like to see states doing more to break up local monopolies of ISPs.Report

              • Avatar Oscar Gordon says:

                @morat20

                On an unrelated note, you and I once had a discussion about finding jeans to fit guys who are not in the skinny jeans set, but don’t want to be baggy.

                I just got a pair of Mugsy jeans (the athletic cut) and I love the hell out of them. Super comfy, but without the droopy butt you get with jeans to fit guys with actual thighs. Material has a respectable amount of stretch so things don’t bunch up in bad places.

                Highly recommend.Report

              • Avatar Morat20 says:

                I’ll have to check those out.Report

            • Avatar dragonfrog says:

              Installing Ubuntu is quite easy. Download an installation disk image, burn it to DVD, reboot from that DVD, follow the largely next-next-next-ish prompts, eject the DVD, reboot.

              Not knowing what games in particular you want to play – I’d guess you might find some don’t work. The Steam games I’ve bought for Linux do work fine (the last two Civilization games, and some older titles), but I’m not a big gamer, so that’s a small sample size.

              But not everything is available for Linux, so your existing library likely includes some that aren’t compatible with Linux if it was never a consideration previously.Report

            • Avatar greginak says:

              If you want to go Linux try Linux Mint before Ubuntu. Installation is easy peasy however you do have to decide if you also want to boot into Windows on that computer. If it will only be a linux computer then very easy. If you want to dual boot than it’s a bit more complex though doable.

              I can’t speak to games since i haven’t been able to stay involved in them, despite thinking about it, for years. For just about everything else Linux is great.Report

            • Here, I’ll be blunt.

              Take your old hard disk to Best Buy (or its equivalent), go to the pro desk, tell them you want an up-to-date box that will boot Windows 7 from that disk and run all the software that’s already loaded. I’m willing to bet that they will quote you a price that is roughly the cost of a comparable Dell box plus $250. If you have local independent strip-mall computer stores (there are at least a couple near where I live), they might cut that to $200 over the Dell price.

              Dell is willing to give you a heck of a discount if you buy their mass-market box. And can afford to do that because Intel’s price for a processor is quite different when you buy them 10,000 at a time. As is MS’s license fee.Report

            • Avatar Dark Matter says:

              Ok, so how does a person who knows absolutely nothing about computers install and use Ubuntu on a new computer? Also will Linux run all the games I want to play which is the entire point of getting the box?

              RE: Games
              Ask the internet “is anyone running GAME-X on Ubuntu”?
              Or “is anyone running GAME-X on linux with Wine”? (Wine is “Windows Emulator”).

              The gaming community is big, spends money, and is thus very well supported.

              RE: Install.
              I’d get the most recent LTS (long term support) rev.

              Instructions are here. https://www.ubuntu.com/download/desktopReport

      • Avatar PD Shaw says:

        For today’s fast-paced world, Intel offers you a product that gives you the extra time you need to enjoy the moment and reflect, and for a limited time only, you get “the blue screen of remembrance” to reconnect to the past and share those precious experiences of early pioneers.

        Intel — isn’t it about time you pulled off the information highway and enjoyed the view?Report

        • Avatar Jaybird says:

          Have you ever played a video game on your computer and thought “man, I wish I could take this character and play this character in some other video game I own”?

          Well, this chip lets you do that!

          Only with financial information.Report

  5. Avatar Damon says:

    NOTHING is secure.

    Welcome to the future.Report

    • Avatar Patrick says:

      Not the future. Just another day.

      Side-channel attacks have been a staple at Black Hat for… forever. So it was inevitable that this (or something like it) would come out eventually.

      Amusing that this is a bug that goes back to 1995, in a way. But not a surprise.Report

      • Avatar Damon says:

        My comment was more about the rose colored glasses of technology that some people have–that tech will solve all the worlds problems. Frankly, stuff like this makes me even more dubious of autonomous vehicles and automated systems with little to no human involvement.Report

  6. Avatar aaron david says:

    This is just solidifying my dislike of the cloud. I still back everything up on a few different thumb drives as well as my hard drive. Nothing is worse than having to rely on the cloud when your internet is spotty.Report

    • Avatar Joe M. says:

      aaron david: This is just solidifying my dislike of the cloud.

      I would suggest that this should mitigate some of your distaste for the cloud. They were told about this before you and I. They get the fixes before us. They have an army that takes care of protecting their systems and your data. Who do you trust more to fix this and fix it right, You or an army of nerds?Report

  7. Various reports say:

    1) The Meltdown vulnerability is specific to Intel chips, and is the one that can be fixed by the operating system with a 5-30% performance hit. At least preliminary reports are that this one does not affect AMD processors. I’m waiting for the sh*t to hit the fan if Microsoft’s patches impose the performance hit on AMD processors as well as Intel.

    2) The Spectre vulnerability affects most all of the high-end processors to one degree or another (opinions seem to vary). ARM has stated that some of their chips are affected by some versions of the problem, others not. The processor on the latest Raspberry Pi is not on the vulnerable list. I keep muttering about how I could get by on a Pi…Report

  8. Avatar Brandon Berg says:

    Update on performance. Google and Intel are claiming to have found better-performing fixes that have only minor performance impact.Report

  9. Dang, I just bought a new desktop about 3 or 4 months ago.

    I do manually check for updates, less because I’m security conscious and more because I hate getting interrupted with a “we’re updating your computer and you’ll have to restart now and not at any other time” message at some random point in the day.

    I do have a question. What do the more tech/computer savvy among you think of “NoScript,” at ? Is it legit? Does it help any with this kind of problem?Report

  10. Avatar George Turner says:

    Oh, so the tech elites are insisting that it’s a catastrophic flaw to have non-privileged (read poor and minority) programs getting access to privileges reserved for trusted kernel (read white) processes. Would someone remind me why we are letting these blatant racist misogynists write OS code?Report

  11. This is a *huge* deal in terms of net impact.

    Pun intended?Report

Leave a Reply

Your email address will not be published. Required fields are marked *