Debian Security ~ Intels' ME and likewise

Here you can discuss every aspect of Debian. Note: not for support requests!

Re: Debian Security ~ Intels' ME and likewise

Postby None1975 » 2018-01-04 14:05

Another seriuos security bug-Meltdown and Spectre.
OS: Debian 9.3 / WM: Herbstluftwm
Debian Wiki | DontBreakDebian, Herbstluftwm
User avatar
None1975
 
Posts: 266
Joined: 2015-11-29 18:23
Location: Lithuania

Re: Debian Security ~ Intels' ME and likewise

Postby acewiza » 2018-01-04 15:08

zerubbabel wrote:Who would buy a house if he knew that the builder reserved the "right" to build a hidden chamber below the apparent foundation, having a control panel with which to monitor everything that happens in the house, and having a secret tunnel connecting it to some other unknown realm?

Of course, except it wasn't designed that way. It cropped up like most software security vulnerabilities do, as an unintended consequence of bad programming.

Maybe nobody should ever buy anything ever again, just in case there is a hidden security flaw. :roll:
Nobody would ever ask questions If everyone possessed encyclopedic knowledge of the man pages.
User avatar
acewiza
 
Posts: 294
Joined: 2013-05-28 12:38
Location: Out West

Re: Debian Security ~ Intels' ME and likewise

Postby kopper » 2018-01-05 08:54

Wheelerof4te wrote:^Average non-gamer users won't notice much difference in performance.

That's a good point. I just wanted to see first hand the difference with pre- and post-patch performance. You are right that the actual impact to average user is minimal. Gamers also shouldn't be too much affected, unless the game is especially CPU intensive. Like you said, most impact will be suffered by business users, service providers and users who need to squeeze out every bit of performance from their hardware.

So I ran following sysbench tests, which seemed to show some change. I ran three tests before and after the patch, below results are my own redacted summary of all six tests. System load and processes for all tests was the same, but I doubt my test setup would fulfill scientific standards.. :) Thought I'd share them with you anyway, maybe someone's interested.

EDIT: Disclaimer, I'm not really big on system benchmarking. There probably is lot better ways to test it. Maybe someone could comment on this?

Code: Select all
Hardware:
Intel i5-3570k @ 4.4Ghz, 8Gb DDR 3

Tests run with:
$sysbench --batch --batch-delay=5 --num-threads=2 --max-requests=50000 --test=threads run

Pre-patch, with kernel 4.9.65-3+deb9u1
Pre-patch Test 1-3
total time:                          5.3247s - 5.4139s
total time taken by event execution: 10.6455 - 10.8239
per-request statistics:
   min:                                            0.18ms - 0.19ms
   avg:                                            0.21ms - 0.22ms
   max:                                           0.57ms - 0.92ms
   approx.  95 percentile:               0.23ms - 0.24ms
Threads fairness:
events (avg/stddev):                  25000.0000/2.00
execution time (avg/stddev):     5.3228 - 5.4119/0.00


Post-patch, with kernel 4.9.65-3+deb9u2
Post-patch Test 1-3
total time:                          8.7143s - 8.8911s
total time taken by event execution: 17.4244 - 17.7782
per-request statistics:
   min:                                            0.32ms
   avg:                                            0.35ms - 0.36ms
   max:                                           0.97ms - 1.03ms
   approx.  95 percentile:               0.36ms - 0.37ms
Threads fairness:
events (avg/stddev):                  25000.0000/2.00
execution time (avg/stddev):     8.7122 - 8.8891/0.00
Debian 9.3 Stable with i3
Secure your stuff: Securing Debian Manual
Don't break your stuff: Source List Management DontBreakDebian
kopper
 
Posts: 92
Joined: 2016-09-30 14:30

Re: Debian Security ~ Intels' ME and likewise

Postby pylkko » 2018-01-05 21:16

I guess a better test would be to perform something cpu intesive that you care about, like decompress large archives or compile kernels.
User avatar
pylkko
 
Posts: 1224
Joined: 2014-11-06 19:02

Re: Debian Security ~ Intels' ME and likewise

Postby alan stone » 2018-01-07 09:10

Researchers discovered an undocumented configuration setting that can used to disable Intel ME 11 that has been likened to a backdoor.

Use at your own risk: How to disable Intel ME 11 'backdoor' thanks to the NSA.

NSA's name should be changed to NRA, National Risk Agency.

Oh wait, NRA already stands for National Rifle Association.

Then how about National Security Abomination?
Debian 8.9 32bit, WM: Openbox
America is great because she is good. If America ceases to be good, America will cease to be great. - Alexis de Tocqueville
User avatar
alan stone
 
Posts: 234
Joined: 2011-10-22 14:08
Location: In my body.

Re: Debian Security ~ Intels' ME and likewise

Postby Seventh » 2018-01-07 09:43

^^ fixed the subject heading for that article....

"Now you, too, can disable NSA's Intel ME 'backdoor' thanks to the NSA" :!:
Seventh
 
Posts: 44
Joined: 2017-04-01 10:13

Re: Debian Security ~ Intels' ME and likewise

Postby alan stone » 2018-01-07 15:21

^ Oh my doG! How did I dare to edit the title of the article? Naughty, naughty. :lol:
Debian 8.9 32bit, WM: Openbox
America is great because she is good. If America ceases to be good, America will cease to be great. - Alexis de Tocqueville
User avatar
alan stone
 
Posts: 234
Joined: 2011-10-22 14:08
Location: In my body.

Re: Debian Security ~ Intels' ME and likewise

Postby makh » 2018-01-07 19:21

@alan stone:

Your last post seems very unethical. Kindly remove the words before exclamation. Thankyou.
HP Probook 440 G2: Arch, Debian Stable
Server: none
Past: Debian, Centos, Ubuntu, Opensuse
GUI: Openbox, Cinnamon
Chroot: Debian, Ubuntu, Fedora
VM: Devuan

Employing the best:
Arabic
Debian
Homeopathic

For new: Try Linux Mint
User avatar
makh
 
Posts: 582
Joined: 2011-10-09 09:16

Re: Debian Security ~ Intels' ME and likewise

Postby alan stone » 2018-01-12 09:23

^ I don't rent space to anyone in my head.
- Anonymous

The human race will never stop being entertaining... even if it's in strange ways.
- Sarah Denninger

In the end everything will to be ok. And if it's not ok, it's not the end.
- John Paul Dejoria
Debian 8.9 32bit, WM: Openbox
America is great because she is good. If America ceases to be good, America will cease to be great. - Alexis de Tocqueville
User avatar
alan stone
 
Posts: 234
Joined: 2011-10-22 14:08
Location: In my body.

Previous

Return to General Discussion

Who is online

Users browsing this forum: No registered users and 2 guests

fashionable