OpenBSD Co-Founder Drops Hyper-Threading Support to Mitigate Foreshadow Attacks

Discussion in 'HardForum Tech News' started by cageymaru, Aug 24, 2018.

  1. cageymaru

    cageymaru [H]ard as it Gets

    Messages:
    19,803
    Joined:
    Apr 10, 2003
    Theo de Raadt, an OpenBSD co-founder has officially announced that the open-source operating system will not utilize Hyper-threading for Intel processors. He complains that Intel isn't telling them about upcoming discovered threats and the steps that an OS developer needs to take to mitigate against TLBleed and T1TF; otherwise known as "Foreshadow." He has dropped support for older versions of OpenBSD and asks users to upgrade to version 6.4 as he doesn't have the manpower to backport the changes.

    DISABLE HYPERTHREADING ON ALL YOUR INTEL MACHINES IN THE BIOS. Also, update your BIOS firmware, if you can. OpenBSD -current (and therefore 6.4) will not use hyperthreading if it is enabled, and will update the cpu microcode if possible. I'm going to spend my money at a more trustworthy vendor in the future.
     
    LightsOut41, dgz and Red Falcon like this.
  2. bobdabilder

    bobdabilder Limp Gawd

    Messages:
    292
    Joined:
    Oct 7, 2009
  3. naib

    naib [H]ard|Gawd

    Messages:
    1,264
    Joined:
    Jul 26, 2013
    Thanks intel, I should be able to push for a custom thread ripper build instead of a cookie cutter dell for a simulation box at work
     
    LightsOut41 and jnemesh like this.
  4. whatevs

    whatevs Limp Gawd

    Messages:
    199
    Joined:
    Jun 23, 2017
    I disabled HT a while back. They keep saying this is enterprise only.

    But this is making Swiss cheese of the native protections on your PC. Malware gets the tip of a fingernail of a pinky on your system and it's game over.

    This is Windows XP all over again. They average users PC is going to become part of a botnet that ruins everything for everybody else.
     
  5. seanreisk

    seanreisk Gawd

    Messages:
    886
    Joined:
    Aug 29, 2011
    Intel ThreadDumper ™
     
    phillyboy, Stimpy88, jnemesh and 2 others like this.
  6. Probleminfected

    Probleminfected [H]ard|Gawd

    Messages:
    1,372
    Joined:
    Dec 20, 2013
    Nice. I like the passive AMD shill at the end.
     
  7. BloodyIron

    BloodyIron 2[H]4U

    Messages:
    3,443
    Joined:
    Jul 11, 2005
    FYI, OpenBSD is one of the most secure OS' on the planet. Chances are, he knows what the fuck he's talking about.

    Also, they are the original developers of openSSH. Which is used in Cisco environments, every Linux/Unix environment, and more. If you want to support them, consider donating -> https://www.openbsd.org/donations.html
     
    Last edited: Aug 25, 2018
    LightsOut41, glutto, Stimpy88 and 7 others like this.
  8. Stanley Pain

    Stanley Pain 2[H]4U

    Messages:
    2,386
    Joined:
    Apr 5, 2001
    Something like only 2 remote exploits found in the last how many years now? :)
     
    BloodyIron likes this.
  9. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    28,218
    Joined:
    Oct 29, 2000
    Hmm.

    Many downstream projects rely on OpenBSD, including pfSense.

    I have that shit running on a dual core with hyperthreading. I hope this doesn't impact performance too much.
     
  10. /dev/null

    /dev/null [H]ardForum Junkie

    Messages:
    14,046
    Joined:
    Mar 31, 2001
    New Desktop - I5-8400 , no HT
    Servers: Dual E5-2643. I can disable HT and still have enough cores to go around
    Old Desktop: i7-4770k -- my destkop has been demoted to an i5
    Laptop: I5-7300u....ouch, 2 cores is painful...
     
  11. ChadD

    ChadD 2[H]4U

    Messages:
    4,068
    Joined:
    Feb 8, 2016
    Considering what type of work BSD does, this is a pretty logical fix.
     
  12. Jailer

    Jailer Limp Gawd

    Messages:
    234
    Joined:
    Sep 4, 2002
    pfSense is based on FreeBSD, not OpenBSD. A quote like that would ruffle quite a few feathers on the pfSense forum. ;)
     
    Stimpy88 likes this.
  13. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    28,218
    Joined:
    Oct 29, 2000
    Damn, you are right . I'm losing my touch!
     
  14. jnemesh

    jnemesh [H]ard|Gawd

    Messages:
    1,084
    Joined:
    Jan 21, 2013
    And just like that, Intel lost half it's performance...and the performance advantage against AMD.
     
    LightsOut41 and Stimpy88 like this.
  15. jnemesh

    jnemesh [H]ard|Gawd

    Messages:
    1,084
    Joined:
    Jan 21, 2013
    Also, since macs use BSD, I wonder what their policy/advice on this issue is going to be going forward. They have already stated that they will be moving away from Intel anyway. Should be interesting to watch.
     
  16. Nobu

    Nobu 2[H]4U

    Messages:
    3,128
    Joined:
    Jun 7, 2007
    They don't use bsd, not in a long time (unless they switched back). It's a forked kernel based on bsd, probably heavily modified by now, and some standard base tools.
     
  17. IdiotInCharge

    IdiotInCharge [H]ardForum Junkie

    Messages:
    11,291
    Joined:
    Jun 13, 2003
    Hyperthreading = 50% performance...

    :ROFLMAO:
     
    Stimpy88 likes this.
  18. thebufenator

    thebufenator [H]ard|Gawd

    Messages:
    1,179
    Joined:
    Dec 8, 2004
  19. dgz

    dgz [H]ardness Supreme

    Messages:
    5,231
    Joined:
    Feb 15, 2010
    This is good news. Time for the big boys to do the same. I am glad Intel is hurting.
    Also, anything that gives SMT a bad name is welcome. It's always been a scam.

    Ah, you must have missed this guy I had arguments with in the Intel section a couple of years ago. He repeatedly posted benchmarks where HT is faster than real cores.
     
    IdiotInCharge likes this.
  20. IdiotInCharge

    IdiotInCharge [H]ardForum Junkie

    Messages:
    11,291
    Joined:
    Jun 13, 2003
    Perhaps the marketing is, but it absolutely has utility when properly addressed by software. Which it isn't always, of course ;)
     
  21. S-F

    S-F Gawd

    Messages:
    652
    Joined:
    Aug 5, 2010
    It's close to 50% for video encoding.
     
    LightsOut41 and IdiotInCharge like this.
  22. dgz

    dgz [H]ardness Supreme

    Messages:
    5,231
    Joined:
    Feb 15, 2010
    Yes, I admit the blind followers is what bugs me the most. Of course it has some utility when used appropriately. Almost sure I'll turn it off on my next AMD build. Man, I can't stop drooling at those core numbers. Damn RAM prices. I am not paying that out of principle.
     
    IdiotInCharge likes this.
  23. mashie

    mashie Mawd Gawd

    Messages:
    4,184
    Joined:
    Oct 25, 2000
    Well this could explain why Intel are launching an 8-core non-HT CPU.
     
    LightsOut41 likes this.
  24. IdiotInCharge

    IdiotInCharge [H]ardForum Junkie

    Messages:
    11,291
    Joined:
    Jun 13, 2003
    ...like they've launched six- and four-core non-HT CPUs?

    Their halo products still have HT.
     
  25. ChadD

    ChadD 2[H]4U

    Messages:
    4,068
    Joined:
    Feb 8, 2016
    BSD is used in virtualization setups fairly often... and the mitigations for this tank performance in those scenarios.

    From what I have seen I don't think turning off HT is going to be enough. They will still need mitigations and performance will still tank.

    I feel for the companies that have 10s of thousands and potentially much more sunk into Intel hardware running customized versions of BSD. Well frankly it doesn't matter what OS they are running... the mitigations for Linux and Windows are going to tank performance in those types of setups as well.
     
  26. BloodyIron

    BloodyIron 2[H]4U

    Messages:
    3,443
    Joined:
    Jul 11, 2005
    Might be 3 now, but yeah, that's the point.

    Also, the openBSD project developed openSSH, so any Cisco or other SSH user should thank and _DONATE_ to the openBSD project. They do seriously awesome _and important_ work.

    You can donate here -> https://www.openbsd.org/donations.html

     
  27. velusip

    velusip [H]ard|Gawd

    Messages:
    1,578
    Joined:
    Jan 24, 2005
    Brutal. I love it.
     
  28. tangoseal

    tangoseal [H]ardness Supreme

    Messages:
    7,401
    Joined:
    Dec 18, 2010
    Does this mean that future kernels of FreeBSD are going to be ban hammered as well from using HT?