backtop


Print 93 comment(s) - last by kalak.. on Aug 8 at 2:42 PM


Developers told not to panic over new Intel Core 2 Duo steppings

OpenBSD founder Theo de Raadt publicly denounced Intel’s Core 2 processors on the OpenBSD mailing list. Raadt cited 38 pages of processor errata from Intel’s published CPU specifications (PDF).

“These processors are buggy as hell, and some of these bugs don’t just cause development/debugging problems, but will *ASSUREDLY* be exploitable from userland code," Raadt said. "Some of these are things that cannot be fixed in running code, and some are things that every operating system will do until about mid-2008, because that is how the MMU has always been managed on all generations of Intel/AMD/whoeverelse hardware."

Linux coordinator and former Transmeta employee Linus Torvalds, thought otherwise and considers these bugs “totally insignificant.”

Processor errata is nothing new, Torvalds said. Commodity CPUs such as chips based on the Intel Core 2 architecture have a considerably lower bug rate than proprietary boutique CPUs.

“Yeah, x86 errata get more attention," said Torvalds. "But those things are pretty damn well tested. Better than most.”

The errata document specifically mentions the Core 2 Duo E4000, E6000, and X6800 series processors. None of the errata are nearly as insidious or widespread as more infamous problems, like the original Pentium floating-point bug, although some can lead to buffer overflow exploits, claims de Raalt. All of the current errata have patches in the works or can be — and have been — worked around by developers.

In a statement from Intel Global Communications, Nick Knuppfer writes:

“Months ago, we addressed a processor issue by providing a BIOS update for our customers that in no way affects system performance. We publicly documented this as an erratum in April. All processors from all companies have errata, and Intel has a well-known errata communication process to inform our customers and the public. Keep in mind the probability of encountering this issue is extremely low."

“Specification Updates for the affected processors are available at http://developer.intel.com. All errata are thoroughly investigated for issues and vulnerabilities, should they have any we fix them, usually through a microcode update.”


Comments     Threshold


This article is over a month old, voting and posting comments is disabled

well duhhhhhh............
By ncage on 7/1/2007 6:33:26 PM , Rating: 2
I think this rant is just stupid and i think Theo de Raadt needs a head examination. As as a developer he should understand eliminating all bugs is nearly impossible. Think how hard it becomes when you can't easily just go in software and fix it and then recompile. These bugs are hardwired into the chips so its much much harder to fix. Unfortunatly as hardware (and software) gets more complex these bugs will become even more common. I would consider myself a competent and very through/careful developer...and ive introduced bugs before. Its just nearly impossible to think of and find everything especially when your gets very complex (which our code is). Unfortunatly too with MultiCore coming our way these bugs will not only be present more but they will be way harder to find. It will be interesting to see how the future unfolds.

Ncage




RE: well duhhhhhh............
By Treckin on 7/1/07, Rating: -1
RE: well duhhhhhh............
By eyebeeemmpawn on 7/1/2007 8:24:53 PM , Rating: 5
unfortunately your not a careful...

don't you mean you're?


RE: well duhhhhhh............
By oTAL on 7/2/2007 7:17:11 AM , Rating: 2
pwned...


RE: well duhhhhhh............
By mindless1 on 7/2/07, Rating: -1
RE: well duhhhhhh............
By Willie on 7/1/2007 8:26:35 PM , Rating: 2
quote:
unfortunately your not a careful/*thorough* typer and speller.


And obviously you're not one, either. BTW....your is a possessive word. The word you were looking to use was you're, a contraction meaning you are.

So, we now have a hypercritical teenager criticizing when he has no idea of what he criticizes....or no idea how to spell. People in glass houses.......maybe you know the rest, but then again, you probably don't.


RE: well duhhhhhh............
By zsouthboy on 7/1/2007 9:41:39 PM , Rating: 2
He's interested in security, and security only.

Pretending that his arguments are because he's biased (take a look, he's not) is silly.

He's not some sort of anti-Intel fanboy.


RE: well duhhhhhh............
By mindless1 on 7/2/2007 2:34:34 PM , Rating: 2
NObody said everything is bug free, but fixing what you can (and already know about) is a lot better than not. To me it reads more like you're being subjective then using that as an extrapolated excuse for Intel. These are not errata they didn't find, they're the ones they did already.

If I was using your software and you had been informed of the flaws and potential for them to be exploited, you would do well to address those flaws. I wouldn't expect combing through a lot of code to find them all as a first point of recognition, but when they're pointed out by another party, made public, they should be addressed, patched.

The only question was really how likely anyone was to use these for exploits and now that the word is out to the masses, it becomes a lot more likely people are working towards that end. Some hackers are able to take the ball and run with it, but first might have to be passed that ball, given the idea.


RE: well duhhhhhh............
By Ringold on 7/2/2007 5:34:07 PM , Rating: 1
Except that in many cases fixing a flaw in code involves a little typing, a few mouse clicks, letting a compiler do its work, and whoola. Changing the silicon is, as I understand it, an extremely expensive proposition, and when errors are found that essentially amount to nothing it's understandable that Intel lets it go with a simple BIOS fix rather than having highly-paid engineers first redesign the chips, and then other engineers change the industrial process, and then having a new production run just to fix errors. Software is nice in the whole zero marginal cost aspect, but you (and OpenBSD's homeboy) are getting ahead of yourselves assuming you already know that the cost of fixing the errors would be outweighed by the benefits.

Plus, Torvalds, of higher esteem and not a known radical, essentially threw the BS flag on the whole arguement. As I said in a previous post, the guys probably an attention whore.


"Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town." -- Charlie Miller











botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki