from Hacker News

Microsoft disables Spectre mitigations as Intel’s patches cause instability

by tomtoise on 1/29/18, 6:31 AM with 315 comments

  • by zingmars on 1/29/18, 3:20 PM

    These updates most definitely could've been handled better. I was having a busy week with exams and I get a call about around 10 machines not booting (this was before the announcement). Sure enough, last thing everyone reported was updating. I call the supplier and apparently they have reports of at least 2000 machines (at that moment) that had to be reimaged across the city (from what I could tell, all were older AMD PCs) because of this dumb update. I was used to not being to able to trust software, but if I can't trust hardware now either, farming does suddenly appear much more appealing.

  • by tjoff on 1/29/18, 9:08 AM

    I lost many hours over this last week. The system was unable to boot and finally a thread on reddit came to the rescue ( https://www.reddit.com/r/techsupport/comments/7sbihd/howto_f... ).

    This actually made the system boot but there are some leftovers being installed on first boot that I've been unable to disable that also causes the system to be unable to boot.

    So now, the machine is running but as soon as it is restarted we have to re-image the disk, go through the process of manually removing patches, and then pray that we don't have a power shortage as we'd have to do everything yet again on next boot.

    I'm not convinced that this patch will solve the issue either, because if this updates requires a reboot the fix won't be installed if we can't boot. I might try to install this update from the recovery console see if that works.

    Quite frustrating.

  • by cesarb on 1/29/18, 10:56 AM

    In a related development, there are proposed patches to the Linux kernel (not yet merged) to blacklist the broken microcode updates: https://www.spinics.net/lists/kernel/msg2707159.html

    That patch disables the use by the kernel of the new IBPB/IBRS features provided by the updated microcode, when it's of a "known bad" revision. Since Linux prefers the "retpoline" mitigation instead of IBRS, and AFAIK so far the upstream kernel (and most of the backports to stable kernels) doesn't use IBPB yet, that might explain why Linux seems to have been less affected by the microcode update instabilities than Windows.

    Also interesting: that patch has a link to an official Intel list of broken microcode versions.

  • by ComodoHacker on 1/29/18, 9:52 AM

    >However, Intel does not appear too concerned that the incident will affect its bottom line - the company expects 2018 to be a record year in terms of revenue

    There is an interesting paradox in our industry. If you pay enough attention (read: money) to security, you will be late to the market, your costs will be high and you lose profit. If you don't pay enough attention, you take the market, get your profits, but your product (be it hardware or software) and reputation will be screwed later. And worst of all: there's never enough attention to security.

    So by simple logic, an optimal strategy is to forge your product quickly, take your profits within a [relatively] short period and vanish from the market. I guess we'll see this strategy executed from IoT vendors when market start to punish them for their bad sec.

    For Intel, that "long period" just happened to be REALLY long.

  • by stinos on 1/29/18, 8:39 AM

    "Here's a patch" - "Here's a patch to disable that other patch" - ...

    What's next? Repeat? Sounds like this could turn into a maintainance nightmare quickly. Also because I've introduced things like that myself in the past, and that was for normal applications and not a kernel or OS. Somewhere, someday, there's usually this one exception for which none of your rules hold true and the thing blows up in your face. Anyway, I'd love to see the actual code for this. Not a chance probably?

  • by PerusingAround on 1/29/18, 2:05 PM

    I'm amazed on how Intel's stock price still keeps going UP, despite all these problems... just WOW.

  • by HugoDaniel on 1/29/18, 10:37 AM

    So much for the embargo period. I guess the bsd people were not so wrong after all. They might as well just had published it as soon as it was found.

  • by tallanvor on 1/29/18, 9:46 AM

    By my reading of the article, Microsoft is disabling some mitigations for Spectre due to instabilities that Intel's microcode update have been causing.

    Intel certainly isn't making any friends these days...

  • by notspanishflu on 1/29/18, 10:51 AM

    It is not only Microsoft reverting this patch. HP, Dell or Red Hat are doing that as well.

    https://www.bleepingcomputer.com/news/microsoft/microsoft-is...

  • by mosselman on 1/29/18, 1:04 PM

    So what can I do for my next self-built pc? Get some AMD equipment, or is that not enough?

  • by megaman22 on 1/29/18, 9:39 AM

    I've not been impressed with my Windows 10 installations of late. All my machines that don't have the Long Term Servicing Branch have had wild instabilities and performance issues the past few months - crazy things, like the task manager taking minutes to launch, and the whole shell periodically crashing. The Fall Creators Update was so bad I had to wipe and start over on some boxes. It's not engendering a lot of confidence in their competence of late.

  • by nippples on 1/29/18, 8:46 AM

    Gee, if only they had a Linus Torvalds type around to block irresponsible commits.

  • by Thimothy on 1/29/18, 11:14 AM

    I never got them. The last update in my windows is from Dec 2017. My antivirus is compliant, the registry key correctly set up and yet it refuses to update.

    I still haven't had the time to debug it, but I wonder how many people are out there with their OS silently refusing to update.

  • by speedie on 1/29/18, 1:31 PM

    So , Linus was right for cursing at Intel ?

  • by ohiovr on 1/29/18, 11:57 AM

    My brother was hit by a recent update to Windows 7 that prevented the machine from booting. He went to Microcenter to buy a hard drive. There were a lot of people doing the same thing for the same reason when he was there.

  • by shultays on 1/29/18, 10:30 AM

    Amount of fuck-up in this whole issue is mind blowing. I am getting more surprised with every new I get

  • by bartl on 1/29/18, 6:19 PM

    >Intel, AMD and Apple face class action lawsuits over the Spectre and Meltdown vulnerabilities.

    I sure hope Intel will face a class action suit over this botched update. Many professionals have wasted countless hours dealing with this junk.

  • by cjsuk on 1/29/18, 8:05 AM

    Not what I wanted to wake up to this morning. I suspect we’re in for a rough ride for a long time thanks to this mess.

  • by chrisper on 1/29/18, 8:00 AM

    Just checked for Updates, but there don't seem to be any?

  • by mm-vorticesoft on 1/29/18, 8:08 AM

    Linus was right

  • by debt on 1/29/18, 7:50 PM

    I mean, is this an unmitigated disaster on Intel's part? It's like a train wreck in slow motion.

    A part of me feels this stories like this are going to keep getting worse until Spectre is finally used in the wild.

  • by dsign on 1/29/18, 3:47 PM

    What a mess!

    The day this blew up we rented our first physical server for the express purpose of running secure critical workloads in unpatched environments. Yes, I know that there is nothing secure, but not everything we do is running a chunk of logic uploaded by an attacker, so we will take our chances.

  • by hi41 on 2/1/18, 6:49 PM

    What does the Spectre bug mean for a person planning to buy a new windows computer? Should I buy an AMD CPU based computer instead of an Intel based computer?

  • by Roritharr on 1/29/18, 8:34 PM

    I'm pretty sure these patches were responsible for my notebook crashing everytime i hooked it up to our Thunderbolt 3 Dockingstations.

  • by kuon on 1/29/18, 1:31 PM

    Anybody know what is the status of FreeBSD? I googled a bit and found nothing except "we wait", is it still the case?

  • by mehrdadn on 1/29/18, 9:20 AM

    Anyone know if people who had disabled the mitigations via FeatureSettingsOverride = 3 were still affected?

  • by mark_l_watson on 1/29/18, 11:46 AM

    A more accurate title would be that Microsoft disabled the specter mitigation’s due to a flawed Intel update, right? I thought this was all Microsoft’s fault until getting half way through the article.

  • by rootw0rm on 1/29/18, 9:57 AM

    Ugh, is this the cause of the weird bugchecks I've been having this week? Just gave myself 64gb page file and enabled full memory dumps so I could track it down in WinDbg. I always forget something on fresh installs...

  • by IanSanders on 1/29/18, 1:29 PM

    Meanwhile Intel stock is at 5 year highest