should I buy a new mac?

C, the notorious bug killer

Fix your website first

​@@negativesevenIt's the safest language out there

@@oniimaxxxx6479 🤣🤣

As they say, when one door closes, another one opens...

​@@isbestlizard ... And hit your balls ...

NSA be like "Damn, we've been outed." ISIS and others be like "Time to switch to Lenovo." China be like "Sounds good. More data for us."

It doesn't close though, since it's unfixable.

Nah. NSA prefers it's math nerd probablistic cracks. Nobody but NOBODY at the NSA interested or capable of doing field work. If this fault is only locally accessible you can count NSA out of the running to take advantage of.

I like this variant: The two hardest things in computer science: naming things, cache invalidation, and off by one errors

​@@Jeremy-rg9ug And cache invalidation

That's just a 0 indexed array

conditions and race

@@cinderwolf32 I think we forgot cache invalidation.

So true. And most of the time, they are not important until they are.

I was so proud of building my first CPU and ISA in an EE class I was taking in the 90s. Then I learned about superscaler pipelining and micro code, and realized I knew nothing :P. My little ISA and CPU is an Arduino at best :P Still though, I love this job. It helps to understand how things work under the hood when writing code.

@@delarosomccay Yes, it helps to understand how things work under the hood to some extent, but modern CPUs are mindblowingly complex. For programming it helps to grasp the bigger picture of it, but the details are honestly way above my skill and paygrade to understand.

@@jbird4478Back in the 80's, I was able to understand in detail how every part of my computer worked. In the 90's the details started to become challenging. Anything made this century I have no chance, it's hard enough just at a conceptual level.

Yeah tbf the levels of abstraction are wild

"Oh you want a safe cpu, without any (found) vulnerability? That's gonna cost you 2000$ for a mac, thanks!"

Unpathcable?

@@no_name4796Nah, Apple would try to spin it like it's a good thing: "In accordance with the fact that we truly care about our customers, we've generousely decided to offer separate replacement cpus for the price of a whole new pc, just for this occasion. (official replacement procedure costs 7 grand extra)"

@@Eutropios Meant to be unpatchable

@@Eutropios thanks for noticing my typo (:

how do you know what they use

@@phillippereira6468 apple patched it pretty quickly with the m2, right? Seems reasonable that it was discovered and addressed in private in the interest of national security

Apple is trash anyways

@@andrewferguson6901 it’s not patched, I don’t know where you’re getting that information

@@andrewferguson6901 maybe it was placed there to begin with "in the interest of national security"

Niiiiiice

tug student spotted

@@maximilianstallinger735 😂

you're at CISPA or Graz? xD

Woah!

it does reek cause this is some bullshit

Yep. I think he might have confused 'wreak' with the figurative use of 'reek' (ie. ”This reeks of [a bad thing that might not smell in the literal sense]”).

maybe he meant its a stinky bug

If enough people keep making this error they'll just change the dictionary. Sad.

It does reek because this code smells

but if he didn't understand what was talked about either, its just nonsense. Perhaps its more "I know, but let you read it yourself because if I explain it, will go over everyone's head; ...or could just be he has no idea:)

is there a video about it?

@@pawek02 yep there's a good documentary about it but forgot the title and channel

@@keent its called fitmc.

Just say 2b2t, everybody knows it, it's not a secret

@@iwolfman37 The meme is that everyone refers to 2b2t as "the oldest anarchy server in Minecraft"

You need people who know how to make them to begin with

Often the people who find CPU vulnerabilities are people who design them

Most CPU stuff isn't really that hard. Really, the only hard thing about CPUs is the fact that they're all made to use X86 these days, and X86 specifically is RIDICULOUSLY overcomplicated

@@zackbuildit88 maybe for something like RISC V, but for any mainstream ISA including ARM it’s just absurd. Jim Keller’s own words - the ARM instruction set is just unfathomably complex.

I mean, ask any random Joe on the street how a CPU works and 99% of them won’t give a sufficient answer.

I remember those days.

I used the TRS-80 when I was 13. My middle school bought a few of them and would let students sign up to take them home over the weekend. The ROM had a BASIC interpreter and supported a cassette tape player for mass storage. I never tried to do assembly code for the thing, but I understood that the games I played were written in assembly/machine code.

As an Apple user I would like to state that is very obvious.

What you mean Apple hardware isn't perfect??? 😂😂😂

ok nerd

Y’all do some weird stuff, I reverse engineer macOS on a regular basis for fun Some of the stuff you guys do is odd to say the least

@@nathantaylor2026 said the guy who reverse engineers macOS for fun

Power based side channel attacks are really "common", it's part of why secure programs sometimes use branchless programming so you can't correlate power draw and process state as easily.

It's quite common. Over the air power analysis is also one way

Side channel attacks are cray cray

that's interesting, I thought uni was only for people with nose rings, neon-colored hair and 'right opinions' on gender and social justice

@illegalsmirf Those you mention are in the "humanities", this is on the "Exact" department

Fixed sorry

@@LowLevelLearning thanks sir

Tracks

Exactly‼🤣🤣😂😂

🤣🤣🤣 Classic…

User: I tried holding the rabbit ears different ways, then I shook it and tapped on it, but what really worked was when I crushed it with a hammer. No more bugs. Apple dweeb: Oh yea, we've heard that from some other loyal users too.

It's a feature.

just about everything is. or maybe people are are in denial..... You choose.

NSA doesn’t need this LOL

​@@inverlock Correction.. NSA has not mentioned it, so the *assumption* is "they don''t". There is no truth to that, but there is also no true they don't either.

That was my thought too. If the cpu needs to pretend the cache hit took as long as a memory fetch then why bother in the first place

Description was incorrect. I asked my son the same question. It is _much_ more complicated... It involves the malicious code predicting cache locations used, filling those with own values, then seeing if overwritten by using the access timing, and probably much more that he left out or I could not absorb...

@ericelfner That describes the problem that constant time programming would solve: if cache hits and misses take the same amount of time, then you can't get any information out of dumping part of the cache and then timing other processes to see if they access it. My question is, if constant time programming makes them take the same amount of time, why have a cache at all? My guess is that there's probably some specialized set of constant time operations that are very slow but can be used with extremely sensitive data, in addition to the normal variable time operations, but that wasn't explained in the video, which I think it should have been

@@ericelfneryes!! also bleeds into any Iphone nearbye. Its a big problem as it destroys your logic board by writing over ssd so much. I have a 2021 imac m1 that has had 3 logic board replacements(they paid $700/board). also that its not a bug it is a feature for some, very unsafe feature!! my first mac and iphone because i thought they would be a little more safer then others....wrong again! Good day sir + smart son!

​@@Howtheheckarehandleswit Unfortunately those instructions don't exist, and because of the way memory modules work, they *can't* guarantee constant time to a high degree of precision. There's a complicated shuffling of so called "physical" addresses to the actual physical circuits. This is done for load-balancing reasons and possibly to mitigate row-hammer attacks. There's also a timing interaction between addresses and memory refresh commands. So what programmers do is: don't allow sensitive data values to determine the order in which memory accesses are requested or the addresses they use - just like you don't allow that data to influence branch instructions. We *know* this isn't completely watertight. Intel in particular has data dependent prefetch and there's no way for a normal application to turn it off. (It's possible for something in kernel mode to configure regions of memory without cache - very slow, accesses do go straight to the memory controller or IO interfaces. In practice this is used for control registers that belong to peripheral devices. Still isn't 100% constant time because those read-write operations pass through different clock domains, different bus protocols and whatever kind of IO queuing and reordering that implies.)

Brave browser works seamlessly on mobile and on windows.

uBlock

Brave browser.

I haven't had them for years 🤷

But at what cost? :)

@@yukinoryu maybe a slight performance hit?

That bit only exists on M3 and Intel 13th gen. It does not work for M1 and M2. For these, input blinding seems to be the only mitigation, at least according to the exploit's website. However, it seems that input blinding might not work for all cryptographic algorithms (at least the website seems to imply that, if any experts could clear that up, would be great!)

DOS the CPU to force it to only run when blinding is off. It would take longer to peek the key but doesn't fully stop it.

​@@daasdingo I believe you're correct. The DMP prefetcher is only available in apple M and Intel Raptor Lake (and likely upcoming chips from more manufacturers). The DIT bit which is supposed to disable DMP on the apple M1 and M2 is non or mal functional, which means that the these chips need input blinding code. M3 and Intel can use the bit to avoid DMP.

well.. technically .. yes

Assembly is rarely the source code though

Which is wrong. Just because you can read the source doesn't mean they'll let you use it. Seriously, I hated the shirt so much that I stopped the video after reading it. (I'm watching it again for the first time now.)

@@eksortso Open source doesn't mean it's free to use either, it depends on the license.

@@eksortso Way to deliberately misunderstand a sentence. It means, 'as opposed to secret, commercial, closed-source projects like Windows'. It obviously doesn't mean you get to use reverse-engineered coder as if it's FOSS. Gah!

So you forgot about specter and meltdown? Ever heard of stuxnet? If not check out how America might have (never claimed guilt) stifled Iran's nuclear program for years.

Not just Apple, this also effects 13th gen Intel CPUs.

And now we need a super super Mario!

Congratulations?

Do you have kids now?

You are the fastest man alive sir.

Bro is flexing his one pump chump pull out game. 🎉😂

Are the kids now grown up enough to get their own home?

…and by using a word no one has heard of simultaneously showing your audience they are lower.

Not low enough for me. Still working on "2 + 2 = 4."

@@Tailspin80 Yes we are, at least me, this watching to learn, big time!

@@jimgardner5129 ASM...

I speak the language of assembly everyday! On Monday I demolished an exterior landing and began re-assembling it, sloped for code. Yesterday I finished the framework. Today I'm installing backerboard and a waterproofing/anti fracture membrane. Then the venetian tile. My assembly language is so good a hacker would have to show up on site with heavy duty hacking tools! You would probably catch him based off the noise he was making while hacking away on my work!

Yeah what I was thinking 😂 but shh their marketing overlords would have a Meltdown (hehe) over this...

But what about the backdoor then?

*if the entire cache adheres. That's why some parts do and some don't. The fact they didn't do it at the point where they should have is the reason of this vulnerability

I remember first hearing it in 2010 for the _TRON: Legacy_ ARG. It was kind of implied that you trying to find Flynn by participating in one let CLU find out about the outside world.

This, it seems this attack doesn't need physical access? can someone confirm?

this sounds scary, allowing for existing apps to upgraded automatically that would listen in via osx caching api + timers/custom cleverness.

It doesn't. This is a catastrophic vulnerability and it is wildly irresponsible to say "rest assured". You should not rest remotely assured. Any executable running on your machine can steal crytographic keys from any other process. Download a game from Steam? Screwed. Download a tool? Screwed. Does anything on your PC autoupdate? Screwed.

the attack itself is "easy", the harder part is getting that info back to the attacker, which in that case would require the same sort of malware as usual anyway

@@DDracee all corporations are saints with honor

That is exactly what I was about to comment. If you add in enough randomness to where statistical tests can't tell you anything about the likelihood of thisTime corresponds to a multiply and thatTime corresponds to an add, then you've effectively solved this time-to-compute vulnerability. Also, I've heard that that bit exists. It's called a Chicken Bit because it's a bit that you purposely turn on in order to avoid something else (in this case, avoiding faster execution and therefore avoiding the vulnerability). I read about it on Sophos's website I think.

smells like a bunch of bad apples.

@@JasonKaler Smells like BoeingMAX.

Linux has boot option to disable those fix. But Apple don't. I recall my iMac actually slow down after those meltdown fix went in.

Only apple cpu's, in this case.

@@brandonhoffman4712It was am Intel iMac. I am not sure if current M1/M2 cpu has those mitigations.

Every CPU has some sort of this vulnerability, it's not just Apple. And the frustrating part of this is it is very hard to fix without affecting performance!

​@@tylerdurden9083except in case of other manufacturers, it's easier to apply fixes etc.

​@@tylerdurden9083 well no. Many had this issue. Years ago. Right now it's apple who put old known bugs in their new architectures.

Remember a few years ago the Bit-Banger attack on Androids exploiting RAM? Chip design in the future will have to include protection against these attacks.

That’s right, but what he meant was, you must have access to run code on the machine first. This particular vulnerability doesn’t give you remote access.

It's amazing how far you can get with a phishing email. Re: the Apple silicon bug... meh. So you've gotta have physical access to the machine, and want to peer into another process' secrets. I'm not sure if that's another Spectre/Meltdown, exactly, but if it is, this is far less of a big deal, because the point of those vulns was that they existed on processors that power the vast majority of the world's cloud computing servers, meaning there's a real chance you're sharing the machine with someone else. Very, very, very few Macs host cloud servers.

Hey thank you for watching! Always hydrated lol. (there's water in coffee)

Cache is king* It was right there man

From what i know, a process can just stop DMP from reading its memory by setting a flag.

​@@xE92vD It can be prevented by simply disabling DMP. This will cost some performance. Fun Fact: You can't "adjust the CPU's internal hardware" after the hardware has been delivered. So Apple will have to rely on software to fix this.

@@xE92vD I wrote it probably can be mitigated. Mitigated != patched, but it will prevent the vulnerability from being exploited.

@@oberpenneraffe with fuses you can remove functionality

@@oberpenneraffeNo, this is only possible on M3 (the bit to disable the feature)

Know that it is possible! You've just got to keep going. I mean he even says, he doesn't understand all of it! No one finds it easy and everyone has been exactly where you have been with programming. Just keep going and focus on the fundamentals

Plenty of apples features bug be enough not to buy.

Anyone else have to read this a couple of times to understand that there weren’t physical spikes being put in pizzas, just an increase in number of deliveries?

The Manhattan Project could have been compromised because all of a sudden, all these scientists were changing their mailing addresses...

I’ve burned my mouth on pizza before, but I’ve never encountered spikes in my pizza. It must be painful. 😂

Cache isn't about speeding up the processor... It's about speeding up memory access, which speeds up code execution. The code itself is what determines how much of an effect cache has, not the processor.

L1 Cache can be accessed instantly, L3 cache already takes 21 clock cycles to access, RAM takes at much as 1ms. This doesn't sound like much until you realize thst a single clock cycle on a 5Ghz CPU is 0.2ns. Your PC would feel like a Commodore 64 without cache.

I think the point of confusion here stems from when it was said that "most processes adhere to constant-time programming." This perhaps makes it sound like they removed most of the cache fetching-vs.-failing variability but I think that in the case of actual fact they just underscored which opcodes use it and put in the processor's instruction manual "use these only if you'd like to admit time variability in your process." In terms of actual use, almost every program *will* use these almost as much as it did before, but e.g. encryption programs won't. Anyway, that's my takeaway after puzzling about this same issue. Someone who actually knows should weigh in.

Yup, I am aware! Constant time programming is a software technique, not a hardware technique. I found it to be slightly misleading how it was mentioned in-context in the video. While secure software can be written using constant time programming techniques, that can't be used to mitigate this issue on the hardware side, since it would involve also mitigating the effectiveness of cache and the CPU would have to wait around for memory all the time. (Or do something like speculative execution, which can also run into this issue.) The multiple levels at which security needs to be analyzed is why FIPS certification is so stringent even about the operating system and hardware a software package runs on.

@@danielbriggs991 I don't know if you are correct. But I know what you said is far more reasonable than the other statements made here. And you even qualified your answer. You are a refreshing change from normal commenting behavior.

I can imagine the design was probably finished already when these came out, the timelines for new chips are loooong.

Developers of cryptographic libraries can either set the DOIT bit and DIT bit bits, which disable the DMP on some CPUs. Additionally, input blinding can help some cryptographic schemes avoid having attacker-controlled intermediate values, avoiding key-dependent DMP activation

Apple may push a tweaked copy of CryptoKit, their wrapper, used by many an app, to access the standard crypto functions, to mitigate the issue. Along with tweaking their app approval processes, to scan for any app apparently attempting the exploit. The CryptoKit performance hit should be minimal, while the App approval process should protect the non-side loading majority.

Any code running locally can exploit this bug, that's my understanding.

LLL said access, not _physical_ access. I assume he meant access to the machine as in access to the processor, as in ability to execute code on it.