Do I have to be worried
I wouldn't be
Do I have to be worried
So when someone breaks into a car, all models of that car are recalled?This may be a silly question but why don’t tech companies have to do recalls when there is a security issue like this found that can’t be patched?
I mean, you buy a new car and they find an issue, they do recalls on the vehicle. Just curious.
Do not be worried. That’s easier said than done with an anxiety disorder, but this will not be an issue for you, unless you happen to be someone extremely famous and a “high value” target. Even then, M3 processors have a built in fix.Ok, maybe someone with a bit more knowledge could hear me out.
Anxious person here, first ever Mac since a month ago: MBP 14” M3Pro.
I’ve only gotten used to it and still explore after a life of windows.
I thought I’ve “got it all” now, speed, durability, safety, efficiency.
Do I have to be worried or is this machine a lost case like, let’s say the dilemma with the butterfly keyboard or something completely flawed?
Thanks for the help!
Turning off DMP will cripple M3 chips performance so not really a fix.Do not be worried. That’s easier said than done with an anxiety disorder, but this will not be an issue for you, unless you happen to be someone extremely famous and a “high value” target. Even then, M3 processors have a built in fix.
Turning off DMP will cripple M3 chips performance so not really a fix.
Disabling DMP is meant to severely reduce performance the white paper says "DMP can be disabled on M3 CPUs, but not M1 and M2 chips, the researchers note, adding that disabling DMP is likely to seriously degrade performance" It says third party cryptographic programs can be used to improve implementations to prevent attacks from succeeding. Similar fixes are available for Intel chips too. The thing is Apple will want to I imagine keep the playing field as level as possible as people who just bought a M2 Pro mac Mini or Mac Studio M2 for something like 4K rendering wont be happy.The idea is turning off prefetching only when doing cryptography. It won’t have any effect on performance-oriented code.
Disabling DMP is meant to severely reduce performance the white paper says "DMP can be disabled on M3 CPUs, but not M1 and M2 chips, the researchers note, adding that disabling DMP is likely to seriously degrade performance" It says third party cryptographic programs can be used to improve implementations to prevent attacks from succeeding. Similar fixes are available for Intel chips too. The thing is Apple will want to I imagine keep the playing field as level as possible as people who just bought a M2 Pro mac Mini or Mac Studio M2 for something like 4K rendering wont be happy.
Right! If folks get near the end of the Ars Technica article they'll see this crucial bit of "the sky is not falling" info:The idea is turning off prefetching only when doing cryptography. It won’t have any effect on performance-oriented code.
Save the gnashing of the teeth for the gnoshing on your breakfast and enjoy your weekend. Life is still good. ✌️Readers should remember that whatever penalties result will only be felt when affected software is performing specific cryptographic operations. For browsers and many other types of apps, the performance cost may not be noticeable.
Yes but since you can’t do that on M1 and M2 this will leave a lot of people with issues of loss of performance as those chips can’t have DMP turned off, even with your workaround (have you got a link to this workaround being effective)Maybe I didn’t express my self clearly, I apologize. You would only disable DMP when entering the cryptographic function and reenable it on exit. General performance won’t suffer.
Well… Kia and Hyundai cars were recalled to for an exploit with possibility to turn on car without a key as immobilizer was not present due to Brands being cheap…So when someone breaks into a car, all models of that car are recalled?
I am just not sure what this all really means
I wonder what this all means for the three M2 MacBooks I have in my family.
This is mere smoke and mirrorsJust convinced, yesterday, a friend to buy a 13” M3 MacBook Air to replace her 2015 intel MacBook. She got 34GB ram and 1TB drive to hope to last the next 9 years. Told her today to cancel her order until more is know.
I am just not sure what this all really means, and a solution to turn off DMP at the app level (if I understand it correctly), does not seem like a good enough option To me. Yes, she is a fastidious user who knows not to download suspicious stuff, but still.
I wonder what this all means for the three M2 MacBooks I have in my family.
Yes, definitely. This has been said multiple times before. In order to execute this exploit, you need to be able to run your code on the target machine.This still requires the attacker to run their resource-intensive exploit code within the web server. So they need to gain access to your machine first somehow.
Because no one would go in to the business of making computers knowing they would be out of business as soon as an odd exploit like this is found.This may be a silly question but why don’t tech companies have to do recalls when there is a security issue like this found that can’t be patched?
I mean, you buy a new car and they find an issue, they do recalls on the vehicle. Just curious.
I was just thinking that. If it is patched, at least give the option to leave it turned off.Well, I just hope apple gives us the OPTION of opting into doing the software patch and crippling our machines vs not and having better performance. Not all of us have nuclear launch codes on our machines
Yes, definitely. This has been said multiple times before. In order to execute this exploit, you need to be able to run your code on the target machine.
We should not downplay the importance of this exploit though, as it is basically unfixable globally. Is it the most scary thing and does it mean all Macs are going to be hacked? Not at all. Is it something completely harmless? Unfortunately no.
This kind of vulnerability is bad - future hardware revisions should solve it and mitigations should be put into place. However, glossing over the paper, this currently does not seem like a big threat to most users:
I fully agree. At the same time I don’t see any reason for panicky doomsday attitude that permeates this discussion. Many here would do good to learn from your level-headed posts for example.
Secure computing is tremendously hard and there will be challenges ahead. It is good that we are having this conversations.
Reading this on my 14 year old MacBook Pro 17' with INTEL processor, feeling totally save. I just ordered me a brand new replacement Battery from OWC. Its the third battery now. Since I do all the heavy lifting on my Mac Pro 5.1 , only 12 years old. I guess I will have to wait another two years to switch to Apple Silicon, giving Apple more time again to fix it and work out those kinks. Well Apple take your time, my devices become even more economical over time. Thanks Apple for an 2010 Ecosystem with a very USER-FRIENDLY replaceable Battery, SSD drive Upgrade path, RAM Memory Upgradability and CD/DVD drive that was replaced with a second HDD. Non of which today's devices have.Apple might now decide to switch from Silicon to Intel processors