Security PortSmash attack punches hole in Intel's Hyper-Thread CPUs.

Bad, but not that bad: the attacker has to already be running programs on the machine. In a nutshell, it amounts to a privilege escalation: A non-privileged (user) process can read memory from a different user, or from root. There are presumably worse problems around.

I'm so glad my home server is an Atom, which doesn't do speculative execution at all.
 
ralphbsz said:
I'm so glad my home server is an Atom, which doesn't do speculative execution at all.
Click to expand...

"Intel received notice of the research," the chipmaker's spokesperson said. "This issue is not reliant on speculative execution, and is therefore unrelated to Spectre, Meltdown or L1 Terminal Fault.
Click to expand...
 
I've disabled HT on all our edge- or public facing machines for quite a while now. Given the corpses that still come out of intel's closet nearly every month, I think this was the right decision...

Nice bonus: I've got some extra budget to upgrade systems which can't handle their load without HT any more at all times. Although I'm still waiting for some more ARM-based solutions to be available though - I'll try to stay away from the intel can of worms for quite a while if possible...
I really wish there were something like the old Sparc64 machines available now - these things were properly fast without tons of opaque in-silicon-cheating for "muh' benchmark" :rolleyes: (and ldoms were amazing!)
 
sko

You could have a look on some POWER9 hardware, FreeBSD seems to be reasonable stable already on it. FreeBSD on Cavium (AArch64) stuff is also supposedly to be very stable.
 
Rigoletto

Problem with both is the availability here in Germany: almost non-existent. If you manage to find a reseller willing to order some kit for you, prices are extremely steep. Also they usually only offer the top-of-the-line variants for which we really don't have any use. I'd love to get some of the low-end Cavium ThunderX2 for Routing and Firewalling.
As said: ldoms were amazing - Just take a 128-thread behemoth and split it up into several machines of usable size without any virtualization overhead. I've played/tested with my old Sun T1000 and 4 OpenBSD ldoms for BGP routing the last few weeks. This little machine still easily maxes out all 8 1GBit links even with NAT and some Firewalling and with 2 ldoms ingesting full BGP tables.
Meanwhile in the virtualization world I'm still struggling to get >500MBit/s routing /w NAT out of a bhyve VM on smartOS on a Xeon-D 1528. So it seems we're back nowadays to using several smaller machines when real performance/throughput is needed...
 
You must log in or register to reply here.
Back
Top