Announcement

Collapse
No announcement yet.

Linux Kernel Developer Criticizes Intel for Meltdown, Spectre Response

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Linux Kernel Developer Criticizes Intel for Meltdown, Spectre Response

    http://www.eweek.com/security/linux-...ectre-response
    Kroah-Hartman said that when Intel finally decided to tell Linux developers, the disclosure was siloed."Normally when we get a kernel security bug, it goes to the Linux kernel security team, we drag in the right people, we work with the distributions getting everyone on the same page and push out patches," he said. "Intel siloed SUSE, they siloed Red Hat, they siloed Canonical. They never told Oracle, and they wouldn't let us talk to each other."
    For an initial set of vulnerabilities, Kroah-Hartman said the different Linux vendors that typically work together. However, in this case they ended up working on their own, and each came up with different solutions.
    "It really wasn't working, and a number of us kernel developers yelled at [Intel] and pleaded, and we finally got them to allow us to talk to each other the last week of December [2017]," he said. "All of our Christmas vacations were ruined.

    ...

    "The majority of the world runs Debian or they run their own kernel," Kroah-Hartman said. "Debian was not allowed to be part of the disclosure, so the majority of the world was caught with their pants down, and that's not good."
    ...

    An interesting side effect of the Meltdown and Spectre vulnerabilities is that Linux and Windows developers are now working together, since both operating systems face similar risks from the CPU vulnerabilities.
    "Windows and Linux kernel developers now have this wonderful back channel. We're talking to each other and we're fixing bugs for each other," Kroah-Hartman said. "We are working well together. We have always wanted that."
    ...
    The latest variant of Spectre/Meltdown is called "Foreshadow".
    http://www.eweek.com/security/intel-...ecution-attack

    Foreshadow is the latest in a series of side-channel vulnerabilities that have been reported in 2018, the first being Meltdown and Spectre, which were disclosed on Jan. 3. Additional variants were disclosed on May 22 and on July 26 with the NetSpectre
    "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
    – John F. Kennedy, February 26, 1962.

    #2
    In this instance, I will grudgingly agree that cooperation between Linux and Windows is "a good thing". It is taking place at a very low level in the shared architecture, so it is unlikely to invite "fiddling" with the code to the advantage of only one OS.

    Intel got called out for their attitude, which is a Very good thing.
    Kubuntu 24.11 64bit under Kernel 6.11.0, Hp Pavilion, 6MB ram. Stay away from all things Google...

    Comment


      #3
      I googled "why intel hates debian" but nothing turned up. I wonder what the exclusion of Debian was all about? There must be story there.

      Comment


        #4
        I did a non-google search, via Startpage.com, on the same search phrase and also found nothing. While it is possible that nobody has written a piece using those words in some combination, it does seem odd that both Intel and Debian are not used in the same context as "hate".

        Is there a filter being applied to search requests? Linus himself seems to get coverage, even though he is noted to use purple prose...
        Kubuntu 24.11 64bit under Kernel 6.11.0, Hp Pavilion, 6MB ram. Stay away from all things Google...

        Comment


          #5
          I tried
          Code:
          intel debian
          and
          Code:
          debian intel
          both just showed fairly innocuous results. While there could be a relationship of hiding between or among them, there doesn't seem to be a public "hating" relationship ...
          The next brick house on the left
          Intel i7 11th Gen | 16GB | 1TB | KDE Plasma 5.27.11​| Kubuntu 24.04 | 6.8.0-31-generic



          Comment


            #6
            I asked on siduction forum and the leader of that project says Intel has no way to conduct confidential communications with a community-based distro. In other words, there's no one in the Debian project authorized to bind everyone to a non-disclosure agreement, or something like that. So Intel deals with corporations, not community projects. Pretty poor excuse for hiding such a problem, IMHO.

            Comment


              #7
              "We don't deal with peons"?

              It also sounds like very poor public relations tactics. I'd think someone in the legal department would have been consulted on this, particularly considering the "stink" that is being raised about the lack of communication.

              Must we all upgrade to the latest hardware? No guarantee that it is bug free either...
              Kubuntu 24.11 64bit under Kernel 6.11.0, Hp Pavilion, 6MB ram. Stay away from all things Google...

              Comment


                #8
                Within the industry, there has never been any guarantees beyond those specifically spelled out in very fine print within their respective EULA's, and those by design, severely limit any liability against them. For all practical purposes, you buy and use hardware/software "at your own risk".
                Windows no longer obstructs my view.
                Using Kubuntu Linux since March 23, 2007.
                "It is a capital mistake to theorize before one has data." - Sherlock Holmes

                Comment


                  #9
                  Snowhog,

                  So do not those same EULA protect them (Intel in this case) from damage to users? Sounds like they don't feel safe behind those walls of their own design. Shades of IBM and Bell Telephone are walking the halls...

                  I just want the problems fixed so I can use my systems.
                  Kubuntu 24.11 64bit under Kernel 6.11.0, Hp Pavilion, 6MB ram. Stay away from all things Google...

                  Comment


                    #10
                    The only way hardware or software can be made fool-proof, is to ensure no fool uses either.
                    Windows no longer obstructs my view.
                    Using Kubuntu Linux since March 23, 2007.
                    "It is a capital mistake to theorize before one has data." - Sherlock Holmes

                    Comment


                      #11
                      Originally posted by TWPonKubuntu View Post

                      I just want the problems fixed so I can use my systems.
                      The best advice I can find says to do two things:

                      1. Keep the intel-microcode firmware package updated.

                      2. Install the latest kernel your distro offers.

                      Comment


                        #12
                        You're preaching to the choir here. What you describe is SOP on all my systems. I've been doing this for a few decades now...

                        Hopefully other Linux users will follow this same path.

                        Let's hope that Intel can see through their corporate blinders and do what is best for their users... Such as making and announcing timely fixes to their code, maybe even without the restrictions mentioned in the article linked earlier.
                        Kubuntu 24.11 64bit under Kernel 6.11.0, Hp Pavilion, 6MB ram. Stay away from all things Google...

                        Comment


                          #13
                          Another report on this brouhaha. Linus Torvalds discusses what happened.

                          Linus Torvalds talks frankly about Intel security bugs


                          https://www.zdnet.com/article/linus-torvalds-talks-frankly-about-intel-security-bugs/


                          There is a video, but I found the text which follows it to be a better description.
                          Kubuntu 24.11 64bit under Kernel 6.11.0, Hp Pavilion, 6MB ram. Stay away from all things Google...

                          Comment


                            #14
                            Not to pile on to Intel, but I have NO DOUBT that they were entirely aware of Meltdown/Spectra for years, and probably created those security holes in the CPUs specifically for NSA types, given that those CPUs are used around the entire world. I also have no doubt that those holes made Linux just as vulnerable as any other OS for all those years. If there is any good news in any of this it is that the non-governmental bad actors didn't know about them either. And, as these new security announcements make plain, the holes, in some form or another, still plague Intel's CPUs.

                            Then, Kroah-Hartman continued, "When we get a kernel security bug, it goes to the Linux kernel security team, we drag in the right people, we work with the distributions getting everyone on the same page and push out patches" Not this time. "Intel siloed SUSE, they siloed Red Hat, they siloed Canonical. They never told Oracle, and they wouldn't let us talk to each other."
                            Mono cultures in biology or machinery are not good.
                            Last edited by GreyGeek; Sep 03, 2018, 12:27 PM.
                            "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
                            – John F. Kennedy, February 26, 1962.

                            Comment


                              #15
                              I very glad to see the gag order is being made public knowledge. While I'm sure it is not the only instance of this and other restrictions may (perhaps, maybe) exist with other manufacturers. Definitely not "open source", but they never called it that anyway.

                              I would like to find processors with all open source code... Still looking.
                              Kubuntu 24.11 64bit under Kernel 6.11.0, Hp Pavilion, 6MB ram. Stay away from all things Google...

                              Comment

                              Working...
                              X