nanog mailing list archives
Re: bloomberg on supermicro: sky is falling
From: Pete Carah <pete () altadena net>
Date: Sat, 6 Oct 2018 23:17:01 -0700
On 10/04/2018 03:13 PM, Scott Weeks wrote:
I always loved the early "HIPPA" systems at the doctor's office where the web browser was not restricted, nor the email client, and they ran XP. These didn't even need a hardware feature to exploit...--- eric.kuhnke () gmail com wrote: From: Eric Kuhnke <eric.kuhnke () gmail com> many contractors *do* have sensitive data on their networks with a gateway out to the public Internet. ---------------------------------------- I could definitely imagine that happening. scott
Even in a server, though, given spectre or an equivalent (remember this could be exploited from javascript in a browser or php or...) if apps were present on a machine with both kinds of info/connections, we don't even need custom chips, the path is there in cache-management/pipeline-management bugs. I once ran into a cute bug in a power-pc chip (405ep, used in some older switches as the management processor) where I had to mark all I/O buffers non-cachable (yes, this is a good idea anyhow, but the chip documentation said that an invalidate/flush in the right places took care of that, and I really needed the speed later during packet parsing. And no, copying the packets was prohibitive...) Anyhow, with an 30 (or so) mbit stream coming into ram, about every 30 seconds, the ethertype byte came in 0 instead of 0800 (the responsible bug was in cache management, and the errata item describing it required 5 separate steps involving both processor and I/O access to that address or one in that cache line. At least this system wasn't multiuser... A friend who read the errata item said (and I agree) it looks like a Rube Goldberg sequence. (yes, I'm dating myself.) As far as I know, 10 years later, the bug has never been fixed in the masks (of course, most ppc (and embedded mips) designs are now going to ARM chips. Don't know how much better that is; some of the speed-demon versions of that have a version of spectre.)
-- Pete
Current thread:
- RE: bloomberg on supermicro: sky is falling, (continued)
- RE: bloomberg on supermicro: sky is falling Scott Weeks (Oct 04)
- Re: bloomberg on supermicro: sky is falling valdis . kletnieks (Oct 04)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 04)
- Re: bloomberg on supermicro: sky is falling Randy Bush (Oct 04)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 04)
- Re: bloomberg on supermicro: sky is falling William Herrin (Oct 04)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 04)
- Re: bloomberg on supermicro: sky is falling Jason Hellenthal (Oct 04)
- Re: bloomberg on supermicro: sky is falling valdis . kletnieks (Oct 04)
- RE: bloomberg on supermicro: sky is falling Scott Weeks (Oct 04)
- Re: bloomberg on supermicro: sky is falling Scott Weeks (Oct 04)
- Re: bloomberg on supermicro: sky is falling Scott Weeks (Oct 04)
- Re: bloomberg on supermicro: sky is falling Pete Carah (Oct 06)
- Re: bloomberg on supermicro: sky is falling Bryce Wilson (Oct 09)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 07)
- Re: bloomberg on supermicro: sky is falling Randy Bush (Oct 07)
- Re: bloomberg on supermicro: sky is falling Daniel Taylor (Oct 08)
- Re: bloomberg on supermicro: sky is falling valdis . kletnieks (Oct 08)
- Re: bloomberg on supermicro: sky is falling Daniel Taylor (Oct 08)
- Re: bloomberg on supermicro: sky is falling Pete Carah (Oct 06)
- Re: bloomberg on supermicro: sky is falling Alfie Pates (Oct 09)
- Re: bloomberg on supermicro: sky is falling Saku Ytti (Oct 10)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 10)
- Re: bloomberg on supermicro: sky is falling Brian Kantor (Oct 10)