Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Debian Security ~ Intels' ME and likewise

Here you can discuss every aspect of Debian. Note: not for support requests!
Message
Author
User avatar
acewiza
Posts: 357
Joined: 2013-05-28 12:38
Location: Out West

Re: Debian Security ~ Intels' ME and likewise

#31 Post by acewiza »

zerubbabel wrote:Who would buy a house if he knew that the builder reserved the "right" to build a hidden chamber below the apparent foundation, having a control panel with which to monitor everything that happens in the house, and having a secret tunnel connecting it to some other unknown realm?
Of course, except it wasn't designed that way. It cropped up like most software security vulnerabilities do, as an unintended consequence of bad programming.

Maybe nobody should ever buy anything ever again, just in case there is a hidden security flaw. :roll:
Nobody would ever ask questions If everyone possessed encyclopedic knowledge of the man pages.

kopper
Posts: 137
Joined: 2016-09-30 14:30

Re: Debian Security ~ Intels' ME and likewise

#32 Post by kopper »

Wheelerof4te wrote:^Average non-gamer users won't notice much difference in performance.
That's a good point. I just wanted to see first hand the difference with pre- and post-patch performance. You are right that the actual impact to average user is minimal. Gamers also shouldn't be too much affected, unless the game is especially CPU intensive. Like you said, most impact will be suffered by business users, service providers and users who need to squeeze out every bit of performance from their hardware.

So I ran following sysbench tests, which seemed to show some change. I ran three tests before and after the patch, below results are my own redacted summary of all six tests. System load and processes for all tests was the same, but I doubt my test setup would fulfill scientific standards.. :) Thought I'd share them with you anyway, maybe someone's interested.

EDIT: Disclaimer, I'm not really big on system benchmarking. There probably is lot better ways to test it. Maybe someone could comment on this?

Code: Select all

Hardware:
Intel i5-3570k @ 4.4Ghz, 8Gb DDR 3

Tests run with:
$sysbench --batch --batch-delay=5 --num-threads=2 --max-requests=50000 --test=threads run

Pre-patch, with kernel 4.9.65-3+deb9u1
Pre-patch Test 1-3
total time:                          5.3247s - 5.4139s
total time taken by event execution: 10.6455 - 10.8239
per-request statistics:
   min:                                            0.18ms - 0.19ms
   avg:                                            0.21ms - 0.22ms
   max:                                           0.57ms - 0.92ms
   approx.  95 percentile:               0.23ms - 0.24ms
Threads fairness:
events (avg/stddev):                  25000.0000/2.00
execution time (avg/stddev):     5.3228 - 5.4119/0.00


Post-patch, with kernel 4.9.65-3+deb9u2
Post-patch Test 1-3
total time:                          8.7143s - 8.8911s
total time taken by event execution: 17.4244 - 17.7782
per-request statistics:
   min:                                            0.32ms
   avg:                                            0.35ms - 0.36ms
   max:                                           0.97ms - 1.03ms
   approx.  95 percentile:               0.36ms - 0.37ms
Threads fairness:
events (avg/stddev):                  25000.0000/2.00
execution time (avg/stddev):     8.7122 - 8.8891/0.00
Debian 10.2 Stable with i3
Secure your stuff: Securing Debian Manual
Don't break your stuff: Source List Management DontBreakDebian

User avatar
pylkko
Posts: 1802
Joined: 2014-11-06 19:02

Re: Debian Security ~ Intels' ME and likewise

#33 Post by pylkko »

I guess a better test would be to perform something cpu intesive that you care about, like decompress large archives or compile kernels.

User avatar
alan stone
Posts: 269
Joined: 2011-10-22 14:08
Location: In my body.

Re: Debian Security ~ Intels' ME and likewise

#34 Post by alan stone »

Researchers discovered an undocumented configuration setting that can used to disable Intel ME 11 that has been likened to a backdoor.

Use at your own risk: How to disable Intel ME 11 'backdoor' thanks to the NSA.

NSA's name should be changed to NRA, National Risk Agency.

Oh wait, NRA already stands for National Rifle Association.

Then how about National Security Abomination?

Seventh
Posts: 44
Joined: 2017-04-01 10:13

Re: Debian Security ~ Intels' ME and likewise

#35 Post by Seventh »

^^ fixed the subject heading for that article....

"Now you, too, can disable NSA's Intel ME 'backdoor' thanks to the NSA" :!:

User avatar
alan stone
Posts: 269
Joined: 2011-10-22 14:08
Location: In my body.

Re: Debian Security ~ Intels' ME and likewise

#36 Post by alan stone »

^ Oh my doG! How did I dare to edit the title of the article? Naughty, naughty. :lol:

User avatar
makh
Posts: 651
Joined: 2011-10-09 09:16

Re: Debian Security ~ Intels' ME and likewise

#37 Post by makh »

@alan stone:

Your last post seems very unethical. Kindly remove the words before exclamation. Thankyou.
ThinkPad E14: Arch, Debian Stable
GUI: Xfce

For new: Try MX Linux, Linux Mint; later join Debian Stable

User avatar
alan stone
Posts: 269
Joined: 2011-10-22 14:08
Location: In my body.

Re: Debian Security ~ Intels' ME and likewise

#38 Post by alan stone »

^ I don't rent space to anyone in my head.
- Anonymous

The human race will never stop being entertaining... even if it's in strange ways.
- Sarah Denninger

In the end everything will to be ok. And if it's not ok, it's not the end.
- John Paul Dejoria

Post Reply