Go Back   Pace and Cap - Sartin Methodology & The Match Up > General Discussion
Mark Forums Read
Google Site Search Get RDSS Sartin Library RDSS FAQs Conduct Register Site FAQ Members List Search Today's Posts

General Discussion General Horse Racing Discussion

Reply
 
Thread Tools Display Modes
Old 01-06-2018, 12:54 PM   #1
mick
Abiding Student
 
Join Date: May 2016
Posts: 711
Meltdown/Spectre patch

This is not for the faint of heart. If you are not computer savvy, you may want to spend the money and have an IT professional do it for you. If you're game, however, here are two websites that should help:

http://www.thewindowsclub.com/how-to...-in-windows-10

https://www.bleepingcomputer.com/new...tre-cpu-flaws/

PowerShell is a command-line program that's hidden away down in the Windows engine room for use by said IT professionals. You need to run it with elevated privileges, i.e. as Administrator, and the first website above will show you how.

The second link contains somewhat understandable instructions for downloading and installing the patch. Caveat - it will take hours and it ain't easy. (I've installed the patch on two Windows 10 machines and now I'm going to work on two Windows 7 machines. Please wish me luck.)
__________________
mick

Illustrated Glossary
mick is offline   Reply With Quote
Old 01-07-2018, 12:08 PM   #2
mick
Abiding Student
 
Join Date: May 2016
Posts: 711
Windows 7 patch

This is a follow-up to my previous post and pertains to Windows 7.

If you do not have automatic updates activated, you should manually install the following patch: "2018-01 Security Monthly Quality Rollup for Windows 7"

If you have a problem, it's probably your anti-virus software. I use Microsoft's Security Essentials and had no problem but McAfee and other AV programs may prevent the patch from being applied.

Apparently, that's about all you can do now and it only protects you from Meltdown. For Spectre, we'll all need firmware patches from our hardware vendors.
__________________
mick

Illustrated Glossary
mick is offline   Reply With Quote
Old 01-08-2018, 01:47 PM   #3
mick
Abiding Student
 
Join Date: May 2016
Posts: 711
For those who might be interested, this is a brief explanation of Meltdown and Spectre written by a UNIX "kernel" programmer. (BTW, in the computer world, they don't come much smarter than kernel programmers.)

http://lists.dragonflybsd.org/piperm...ry/313758.html

Here are few selected quotes if you're not interested in wading through the heavy technical stuff:

"Meltdown is an Intel-specific bug. AMD is immune."

"What Meltdown is is basically a FULL KERNEL MEMORY disclosure bug. An unprivileged user program can essentially discern the contents of all of kernel memory on an Intel CPU. The bug works because Intel CPUs will do speculative reads across protection domains, allowing the user program to massage the memory and branch prediction cache to cause a speculative read of kernel memory (even though it crosses the protection domain) followed by a speculative conditional execution. Timing can then be used to scan for and distinguish the contents of kernel memory."

"I should note that we kernel programmers ... are all pretty pissed off at Intel right now. Intel's press releases have also been HIGHLY DECEPTIVE. In particular, they are starting to talk up 'microcode updates', but those are mitigations for the Spectre bug, not for the Meltdown bug."

"Spectre is another bug, far more difficult to exploit than Meltdown, which leaks information from other processes or the kernel based on those other processes or kernel doing speculative reads and executions which are partially managed by the originating user process. Spectre does NOT involve a protection domain violation like Meltdown, so the Meltdown mitigation cannot mitigate Spectre."

"These bugs (both Meltdown and Spectre) really have to be fixed in the CPUs themselves. Meltdown is the 1000 pound gorilla. I won't be buying any new Intel chips that require the mitigation. I'm really pissed off at Intel."

So, if you have an Intel CPU and you're running Windows 10 or 7, you really need to install the latest security update from Microsoft. (I don't know what you would do if you're still running XP.) It's only a partial fix but it's all we can do at this point. If you have an AMD CPU, then you've dodged one bullet but not the other. If there's any "good" news (relative use of the word), it's that these hardware flaws are difficult to exploit and folks like us won't be the targets, although we may be collateral damage. The perpetrators will be Russian hackers (or their ilk) going after sensitive government / corporate / financial institution / power grid information.
__________________
mick

Illustrated Glossary
mick is offline   Reply With Quote
Old 01-10-2018, 08:52 AM   #4
mick
Abiding Student
 
Join Date: May 2016
Posts: 711
Curious. Very curious.

https://www.fool.com/investing/2017/...-of-stock.aspx
__________________
mick

Illustrated Glossary
mick is offline   Reply With Quote
Old 01-10-2018, 09:10 AM   #5
mick
Abiding Student
 
Join Date: May 2016
Posts: 711
For those who use Linux (my OS of choice), Linus Torvalds and his team released a new kernel overnight that addresses these bugs, to the degree they can be addressed with software. One of the projects on my to-do list is to run RDSS on Linux using VirtualBox. When I get around to it, I'll post the instructions on Pace and Cap.
__________________
mick

Illustrated Glossary
mick is offline   Reply With Quote
Old 01-10-2018, 11:45 AM   #6
Ted Craven
Grade 1
 
Ted Craven's Avatar
 
Join Date: Jun 2005
Location: Nanaimo, British Columbia, Canada
Posts: 8,853
Thanks Mick for all this! It's on my To Do list, or To Check list that my Win 10 computers get automatically updated. I'm checking with P&C's web host how their servers are being patched.

I read how Linus Torvalds (Linux godfather) reamed out Intel for not knowing this issue, or not caring.

I'll wait to see what Intel's CEO has to say about the curious timing re his sale of stock.

Please do let us know how Virtual Box on Linux (and what flavour) manages to run RDSS, and presumably some kind of spreadsheet program and browser.

Ted
__________________

R
DSS -
Racing Decision Support System™
Ted Craven is offline   Reply With Quote
Old 01-17-2018, 08:59 AM   #7
mick
Abiding Student
 
Join Date: May 2016
Posts: 711
The following is from this week's edition of distrowatch.com, the Linux/Unix, open-source distribution website:

"There is a lot of information, and sometimes misinformation, about two processor (CPU) bugs which affect millions of computers and their users. This week we are going to try to clear up some of the details of the CPU vulnerabilities commonly referred to as Spectre and Meltdown.

First, let's talk about what each one is. The two issues are similar in many ways, but are two separate set of bugs. Meltdown is the name of an issue which affects Intel x86 CPUs and some complex ARM CPUs. Meltdown allows a malicious program to read parts of the kernel's memory. This makes the whole operating system vulnerable as some important and private information is kept inside the kernel's memory. At this time it appears as though AMD x86 processors and some of the more simple ARM CPUs are not affected by the Meltdown bug.

Spectre is a little different. The Spectre bugs affect a wider range of hardware processors, including all modern Intel, AMD and ARM CPUs. The Spectre bug allows one malicious program to read the memory of other programs running on the same system. This means one program's password or security keys might be read by another program. Further, it has been shown that Spectre could allow a malicious program to send data to a guest operating system running in a virtual environment. Spectre can be triggered through JavaScript, meaning we can be affected simply by visiting an infected website.

These two issues are getting a lot of attention. Partly because they are very wide-spread, affecting millions of devices. And partly because successfully exploiting either issue can give an attacker a lot of access to the computer's memory and potentially critical information.

Fixing these two issues is complicated. Unfortunately, since both bugs are located in the CPU hardware itself, the problem cannot be truly fixed in software. At best, software like an operating system's kernel can be patched to work around the flaws. In the case of Meltdown, each operating system's kernel (whether it is Linux, macOS, a BSD or Windows) can be patched to work around the CPU flaw. The kernel patch is applied like any other security update by the operating system's package manager. The fixed kernel may cause some applications to run slower, but usually not to a noticeable amount on personal computers.

Spectre is harder to fix. The Spectre flaws represent a whole class of attacks, not just one specific flaw in the processor's hardware. This means working around the issue needs to happen in several places. Web browsers need to be patched to prevent JavaScript on web pages from performing attacks, Google is looking at compiler fixes to steer software away from Spectre flaws. Dealing with Spectre is an on-going issue and will likely involving patching quite a lot of packages.

So what can we do about Meltdown and Spectre? From an end-user's point of view, not much. These problems exist in the CPU and affect processors going back years. Because the issues exist in hardware which cannot simply be patched, we need to wait for software developers to work around the issues. For most of us, the best we can do is apply security updates through our operating system's package manager when fixes become available. Fortunately, most major Linux distributions have already tested and made Meltdown patches available. Some patches to deal with Spectre have been published and more will likely become available in the coming weeks."

https://distrowatch.com/weekly.php?i...180115&mode=67
__________________
mick

Illustrated Glossary
mick is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.

All times are GMT -4. The time now is 04:08 PM.