# [Various] Spectre & Meltdown: Critical vulnerabilities in modern processors



## PostalTwinkie




----------



## ENTERPRISE

We have known this for a while but it is still good to see that it is not being left alone as it is something Intel need to step up and resolve. Regarding there current platforms, yeah they are slave to OS developers patching the software side of things to try and help fix the mess. Good news for AMD to some degree however.


----------



## Avonosac

Brilliant article, they include a tweet saying there is a 49% performance hit on AMD EPYC processors and immediately follow that up with the statement that says this switch is unnecessary on EPYC.

I can't facepalm hard enough.


----------



## KyadCK

Quote:


> Originally Posted by *Avonosac*
> 
> Brilliant article, they include a tweet saying there is a 49% performance hit on AMD EPYC processors and immediately follow that up with the statement that says this switch is unnecessary on EPYC.
> 
> I can't facepalm hard enough.


They wouldn't need it anyway because a major selling point on Epyc is per-VM hardware memory encryption. I can steal a book from someone all I want, but if I can't read the language then it doesn't do me much good, does it?

Boy I bet that marketing line is being taken a lot more seriously now.


----------



## tpi2007

Quote:


> Originally Posted by *Avonosac*
> 
> Brilliant article, they include a tweet saying there is a 49% performance hit on AMD EPYC processors and immediately follow that up with the statement that says this switch is unnecessary on EPYC.
> 
> I can't facepalm hard enough.


Yeah, they should have included results from an Intel CPU so we could see what the performance impact is. Bringing AMD into the discussion when it's not affected seems pointless to say the least.

Well, at least they went on to clarify and quote someone from AMD saying that it doesn't apply to AMD CPUs and I'm assuming that the patched OSes will automatically choose the best path for AMD CPUs, or in other words, apply this (or equivalent in Windows) automatically:
Quote:


> Disable page table isolation by default on AMD processors by not setting
> the X86_BUG_CPU_INSECURE feature, which controls whether X86_FEATURE_PTI
> is set.


https://lkml.org/lkml/2017/12/27/2

Now I really want to see what the performance impact on Intel CPUs is going to be. From 5% to 49% is a big gap and we need to know the usage scenarios to see if this is a big issue or not. If a 49% impact is only on exotic workloads, Intel will get away with it, but a more general scenario could (I never thought I'd say this) actually break them. Even if 5% performance impact is what will happen in most cases, that means that the IPC advantage Intel has over AMD right now is going to be mostly wiped out.


----------



## PiOfPie

Quote:


> Originally Posted by *tpi2007*
> 
> I'm assuming that the patched OSes will automatically choose the best path for AMD CPUs, or in other words, apply this (or equivalent in Windows) automatically:


Unless Intel decides to grease some palms to ensure the AMD CPUs are also flagged for the instruction so that they also get hit with the performance decrease.


----------



## AlphaC

I remember reading about using ASLR disabled when the Ryzen segfaulting occurred to minimize the segfaults.

It remains to been seen how it affects Intel CPUs.


----------



## figuretti

A lot of info here

http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-the-linux-page-table

https://news.ycombinator.com/item?id=16046636 -> Good discussion here...

Windows have been working on some fixes too
https://twitter.com/aionescu/status/930412525111296000

This is the resume of the patch status
https://lwn.net/SubscriberLink/741878/eb6c9d3913d7cb2b/

And a page on wikipedia was created on dec 29
https://en.wikipedia.org/wiki/Kernel_page-table_isolation

AWS instances apparently are going to be rebooted on jan 4... Azure instances on jan 10... (some people are commenting about emails received previously)

Edit: and the Intel CEO sold a lot of shares on dec 19... https://www.fool.com/investing/2017/12/19/intels-ceo-just-sold-a-lot-of-stock.aspx


----------



## azanimefan

Quote:


> Originally Posted by *figuretti*
> 
> Edit: and the Intel CEO sold a lot of shares on dec 19... https://www.fool.com/investing/2017/12/19/intels-ceo-just-sold-a-lot-of-stock.aspx


thats a sign of one of three possibilities.

1) Intel's CEO is planning to leave
2) Intel's CEO is expecting some awful news to affect intel's stock in a bad bad way. (remember Equifax? their whole board of directors withheld the news about the hack so they could divest themselves from the company, once they were divested they released the news about the hack). I would expect company affecting bad news to result in most of the directors divesting, not just the CEO; so unless the rest of intel's directors also recently sold off shares, then this probably isn't why he's selling.
3) Intel's CEO wants to invest in something else, or needs a lot of liquid assets for some reason (this is unlikely unless he plans to buy or massively invest in a company; or he's going to be sat on the board of another company and that company has share requirements to be seated... this is more common then you'd expect)


----------



## tpi2007

Quote:


> Originally Posted by *PiOfPie*
> 
> Quote:
> 
> 
> 
> Originally Posted by *tpi2007*
> 
> I'm assuming that the patched OSes will automatically choose the best path for AMD CPUs, or in other words, apply this (or equivalent in Windows) automatically:
> 
> 
> 
> Unless Intel decides to grease some palms to ensure the AMD CPUs are also flagged for the instruction so that they also get hit with the performance decrease.
Click to expand...

That would last for about half a day, at best. The complaints would be so numerous and so loud that Intel would stop before it began.


----------



## Just a nickname

Quote:


> Originally Posted by *azanimefan*
> 
> thats a sign of one of three possibilities.
> 
> 1) Intel's CEO is planning to leave
> 2) Intel's CEO is expecting some awful news to affect intel's stock in a bad bad way. (remember Equifax? their whole board of directors withheld the news about the hack so they could divest themselves from the company, once they were divested they released the news about the hack). I would expect company affecting bad news to result in most of the directors divesting, not just the CEO; so unless the rest of intel's directors also recently sold off shares, then this probably isn't why he's selling.
> 3) Intel's CEO wants to invest in something else, or needs a lot of liquid assets for some reason (this is unlikely unless he plans to buy or massively invest in a company; or he's going to be sat on the board of another company and that company has share requirements to be seated... this is more common then you'd expect)


I don't like your hypothesis.
1) he's leaving - does he really needs to sell share / keep the bare minimum for that?
2) and 3) pretty much the same - bad stock performance.

I've heard the rise of silicon pricing, not sure how this is affecting Intel considering that they probably make their own ingot. I like to think tech stock will perform poorly due to rising production and R&D cost.


----------



## azanimefan

2 and 3 aren't the same thing at all

Lots of corporate officers hold seats on multiple companies. It's really inbred that way. I would not be surprised at all if he was being added to the board of another company; one which requires a min percentage of ownership. Look it up, I wouldn't be surprised to learn he's already on several corporate boards already.


----------



## EightDee8D




----------



## mouacyk

Do I sense a wave of incoming cheap Xeons for hobbyists?







Sorry...


----------



## Pro3ootector

Intel will relase new socket, and a new CPU


----------



## Avonosac

Quote:


> Originally Posted by *KyadCK*
> 
> 
> 
> Spoiler: Warning: Spoiler!
> 
> 
> 
> They wouldn't need it anyway because a major selling point on Epyc is per-VM hardware memory encryption. I can steal a book from someone all I want, but if I can't read the language then it doesn't do me much good, does it?
> 
> Boy I bet that marketing line is being taken a lot more seriously now.


I know, but my point is that **THEY** also knew it, and yet included something so completely stupid in the article. This is so inflammatory it's at honest-to-god shill level. Intel didn't even need to PAY for this kind of negative association.

Quote:


> Originally Posted by *tpi2007*
> 
> 
> 
> Spoiler: Warning: Spoiler!
> 
> 
> 
> Yeah, they should have included results from an Intel CPU so we could see what the performance impact is. Bringing AMD into the discussion when it's not affected seems pointless to say the least.
> 
> Well, at least they went on to clarify and quote someone from AMD saying that it doesn't apply to AMD CPUs and I'm assuming that the patched OSes will automatically choose the best path for AMD CPUs, or in other words, apply this (or equivalent in Windows) automatically:
> https://lkml.org/lkml/2017/12/27/2
> 
> Now I really want to see what the performance impact on Intel CPUs is going to be. From 5% to 49% is a big gap and we need to know the usage scenarios to see if this is a big issue or not. If a 49% impact is only on exotic workloads, Intel will get away with it, but a more general scenario could (I never thought I'd say this) actually break them. Even if 5% performance impact is what will happen in most cases, that means that the IPC advantage Intel has over AMD right now is going to be mostly wiped out.


Pointless, ha. This might be a somewhat rare exception to Hanlon's razor. They should immediately remove the tweet and any reference to the 49% number as the *HARDWARE* already provides this security. Any retraction of the AMD numbers should be replaced by the worst case scenario of Intel's numbers.


----------



## JackCY

Intel's new CPUs do not improve performance but security, well try to


----------



## tpi2007

Quote:


> Originally Posted by *Avonosac*
> 
> Quote:
> 
> 
> 
> Originally Posted by *tpi2007*
> 
> 
> 
> Spoiler: Warning: Spoiler!
> 
> 
> 
> Yeah, they should have included results from an Intel CPU so we could see what the performance impact is. Bringing AMD into the discussion when it's not affected seems pointless to say the least.
> 
> Well, at least they went on to clarify and quote someone from AMD saying that it doesn't apply to AMD CPUs and I'm assuming that the patched OSes will automatically choose the best path for AMD CPUs, or in other words, apply this (or equivalent in Windows) automatically:
> https://lkml.org/lkml/2017/12/27/2
> 
> Now I really want to see what the performance impact on Intel CPUs is going to be. From 5% to 49% is a big gap and we need to know the usage scenarios to see if this is a big issue or not. If a 49% impact is only on exotic workloads, Intel will get away with it, but a more general scenario could (I never thought I'd say this) actually break them. Even if 5% performance impact is what will happen in most cases, that means that the IPC advantage Intel has over AMD right now is going to be mostly wiped out.
> 
> 
> 
> 
> 
> 
> Pointless, ha. This might be a somewhat rare exception to Hanlon's razor. They should immediately remove the tweet and any reference to the 49% number as the *HARDWARE* already provides this security. Any retraction of the AMD numbers should be replaced by the worst case scenario of Intel's numbers.
Click to expand...

I agree with them posting Intel numbers.

When it comes to AMD, that part has perhaps the unintended consequence that people will know that something happened behind the scenes if AMD CPUs also degrade in performance when they shouldn't.

The correct way to post that story would be:

1. Here are the Intel numbers;
2. Here are the AMD numbers if _something behind the scenes happens_.


----------



## Avonosac

Quote:


> Originally Posted by *tpi2007*
> 
> 
> 
> Spoiler: Warning: Spoiler!
> 
> 
> 
> I agree with them posting Intel numbers.
> 
> When it comes to AMD, that part has perhaps the unintended consequence that people will know that something happened behind the scenes if AMD CPUs also degrade in performance when they shouldn't.
> 
> The correct way to post that story would be:
> 
> 1. Here are the Intel numbers;
> 2. Here are the AMD numbers if _something behind the scenes happens_.


I disagree completely with any association with AMD. This is disclosed and referenced as a solely *INTEL* bug. If at any point in the future something in this affects AMD directly somehow, then and *ONLY* then do they even get mentioned. The only exception being the statement AMD is unaffected by this bug and has no performance impact.

This legitimately may make EPYC superior in performance to intel, not just better PPD. The new normal is to compare AMD throughput on all tasks to Intel's new throughput when the fixes are released to all kernels.


----------



## tpi2007

Quote:


> Originally Posted by *Avonosac*
> 
> Quote:
> 
> 
> 
> Originally Posted by *tpi2007*
> 
> 
> 
> Spoiler: Warning: Spoiler!
> 
> 
> 
> I agree with them posting Intel numbers.
> 
> When it comes to AMD, that part has perhaps the unintended consequence that people will know that something happened behind the scenes if AMD CPUs also degrade in performance when they shouldn't.
> 
> The correct way to post that story would be:
> 
> 1. Here are the Intel numbers;
> 2. Here are the AMD numbers if _something behind the scenes happens_.
> 
> 
> 
> 
> 
> 
> I disagree completely with any association with AMD. This is disclosed and referenced as a solely *INTEL* bug. If at any point in the future something in this affects AMD directly somehow, then and *ONLY* then do they even get mentioned. The only exception being the statement AMD is unaffected by this bug and has no performance impact.
> 
> This legitimately may make EPYC superior in performance to intel, not just better PPD. The new normal is to compare AMD throughput on all tasks to Intel's new throughput when the fixes are released to all kernels.
Click to expand...

I was referring to AMD's reply to someone's opinion that:
Quote:


> /* *Assume for now that ALL x86 CPUs are insecure* */
> - setup_force_cpu_bug(X86_BUG_CPU_INSECURE);
> + if (c->x86_vendor != X86_VENDOR_AMD)
> + setup_force_cpu_bug(X86_BUG_CPU_INSECURE);
> 
> fpu__init_system(c);


https://lkml.org/lkml/2017/12/27/2

Edit: Just to be clear, I agree that without trying to source Intel numbers for the article, they do seem incompetent. It's hard to say that it's outright bad faith because you'd somehow have to selectively not read parts of the article both before and after that part with the AMD numbers tweet to not understand that AMD CPUs are not affected.


----------



## Ghoxt

So correct me if I'm wrong...Did Intel lose control of one of the vulnerabilities they designed on purpose for 3 letter "Agencies", /tinfoil


----------



## mouacyk

[email protected] breaks it down (matches up with explanations on ycombinator as well):
Quote:


> It sounds like this is tied to speculative execution. If you're speculatively executing an instruction then it is possible you'll just end up throwing away the result anyway, so you want to do it as cheaply as possible. Maybe Intel figured out that they can skip the priv checks while speculatively executing, and then perform them before actually implementing the results if it turns out the instruction was needed. However, maybe it turns out that the speculative execution opens up some back-door way of getting at the data, such as via the cache/timing/etc, which wouldn't be exposed if an exception was raised sooner.


Sucks. Intel's 30% performance lead is rearing it's ugly head, and the debt is due.


----------



## tpi2007

Quote:


> Originally Posted by *Ghoxt*
> 
> So correct me if I'm wrong...Did Intel lose control of one of the vulnerabilities they designed on purpose for 3 letter "Agencies", /tinfoil


You're probably wrong because those are usually software bugs where plausible deniability means that you'll never know if it was incompetence or on purpose, and the fix does not entail significant performance loss, not on a hardware problem that, if confirmed, will mean that their CPUs will lose a not insignificant amount of performance when the OSes are patched for security. That's many millions, potentially billions of dollars worth of a mistake, so the simplest explanation is that this was a mistake, an oversight in the design.

Quote:


> Originally Posted by *mouacyk*
> 
> [email protected] breaks it down (matches up with explanations on ycombinator as well):
> Quote:
> 
> 
> 
> It sounds like this is tied to speculative execution. If you're speculatively executing an instruction then it is possible you'll just end up throwing away the result anyway, so you want to do it as cheaply as possible. Maybe Intel figured out that they can skip the priv checks while speculatively executing, and then perform them before actually implementing the results if it turns out the instruction was needed. However, maybe it turns out that the speculative execution opens up some back-door way of getting at the data, such as via the cache/timing/etc, which wouldn't be exposed if an exception was raised sooner.
> 
> 
> 
> Sucks. Intel's 30% performance lead is rearing it's ugly head, and the debt is due.
Click to expand...

It's kind of ironically fitting that in a world that is speeding up with cheap speculations of all sorts that this would happen. Let's hope that those AIs that make their own code don't choose to speculate cheaply too much.


----------



## sugarhell

This doesnt look good.

https://www.phoronix.com/scan.php?page=article&item=linux-415-x86pti&num=2


----------



## randomizer

Quote:


> Originally Posted by *tpi2007*
> 
> I was referring to AMD's reply to someone's opinion that:
> https://lkml.org/lkml/2017/12/27/2


This patch never happened. AMD CPUs are impacted in the current kernel source. Here's the commit:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/arch/x86/kernel/cpu/common.c?id=a89f040fa34ec9cd682aed98b8f04e3c47d998bd


----------



## tpi2007

Quote:


> Originally Posted by *sugarhell*
> 
> This doesnt look good.
> 
> https://www.phoronix.com/scan.php?page=article&item=linux-415-x86pti&num=2


Syntehtics look quite bad for Coffe Lake compared to Broadwell-E (between -38% and -54% after the patch). Probably applies to all Skylake based CPUs (Skylake, Kaby Lake and Coffee Lake). Let's see if it translates that badly in some real life applications. The 8700K is still faster than the 6800K at the end of the day, but how does it compare to Ryzen without the same patch? That'll be interesting to see.

Compile Bench is ~14.8% down for both Coffee Lake and Broadwell-E.
H.264 video encoding is within margin of error (less than 1% for both systems), same for Linux Kernel compilation and FFmpeg transcoding.

It seems, at least for now, as they say, "applications mostly limited to user-space activity should see minimal change (if any) in performance."

The problem seems to be mostly with heavy duty stuff. PostgreSQL is down ~13% for the 8700K and ~19% for Broadwell-E (still faster than the 8700K in either case though) and Redis is down ~5,8% for the 8700K and ~7,2% for the 6800K, with the 8700K still winning in either case.

He says more benchmarks are incoming. Will be interesting to follow.

Quote:


> Originally Posted by *randomizer*
> 
> Quote:
> 
> 
> 
> Originally Posted by *tpi2007*
> 
> I was referring to AMD's reply to someone's opinion that:
> https://lkml.org/lkml/2017/12/27/2
> 
> 
> 
> This patch never happened. AMD CPUs are impacted in the current kernel source. Here's the commit:
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/arch/x86/kernel/cpu/common.c?id=a89f040fa34ec9cd682aed98b8f04e3c47d998bd
Click to expand...

Yep, hence why it's important to mention this.


----------



## tpi2007

Phoronix has good news for games (at least on Linux, but should probably be the same on Windows), no impact on the games tested - CS:GO, the latest Deus Ex, Dota 2, Dawn of War III, F1 2017 and The Talos Principle):

https://www.phoronix.com/scan.php?page=news_item&px=x86-PTI-Initial-Gaming-Tests

Edit: relevant to what we were discussing above, randomizer:

https://www.phoronix.com/scan.php?page=news_item&px=x86-PTI-EPYC-Linux-4.15-Test
Quote:


> For Now At Least AMD CPUs Are Also Reported As "Insecure"


Quote:


> But over one week later, that patch has yet to be merged to the mainline kernel. When booting the Linux 4.15 kernel on an AMD EPYC box, indeed, for now the AMD CPU is still treated with a bug of "insecure_cpu."
> 
> An immediate workaround at least until the AMD patch lands where PTI isn't applied to AMD CPUs is by booting the kernel with the nopti kernel command-line parameter. This can also be applied to Intel systems too on a patched kernel if wanting to regain the performance and are not too concerned about this vulnerability.


----------



## Mysticial

Quote:


> Originally Posted by *tpi2007*
> 
> Edit: relevant to what we were discussing above, randomizer:
> 
> https://www.phoronix.com/scan.php?page=news_item&px=x86-PTI-EPYC-Linux-4.15-Test


How many figures did Intel pay off someone to do that?


----------



## Blameless

Quote:


> Originally Posted by *tpi2007*
> 
> Phoronix has good news for games (at least on Linux, but should probably be the same on Windows), no impact on the games tested - CS:GO, the latest Deus Ex, Dota 2, Dawn of War III, F1 2017 and The Talos Principle)


Games don't access the kernel that much. I/O heavy tasks do.

Databases and servers are probably in trouble. Consumer tasks, not so much.

Windows users should bench their most common tasks while they have the "show kernel times" option checked in taskmgr's graphs. The more kernel time, the bigger the performance hit from a fix is likely to be.


----------



## Causality1978

Quote:


> Originally Posted by *Ghoxt*
> 
> So correct me if I'm wrong...Did Intel lose control of one of the vulnerabilities they designed on purpose for 3 letter "Agencies", /tinfoil


yes. look at snowden and wikileaks twitter about this mega corrupt intel scandale . also why this "profesional server" move all negative corrupt and defraud news about usa company s but truly to "rumour"
this is not long time "professional" news.. or??

overclock, techpowerup all usa servers just hopeloss deny deny deny lie lie lie
i will hint some zerohedge staff write about that some article.. and there will admins without "deny" power

soo why is it in rumours ???


----------



## Avonosac

Quote:


> Originally Posted by *tpi2007*
> 
> 
> 
> Spoiler: Warning: Spoiler!
> 
> 
> 
> I was referring to AMD's reply to someone's opinion that:
> https://lkml.org/lkml/2017/12/27/2
> 
> Edit: Just to be clear, I agree that without trying to source Intel numbers for the article, they do seem incompetent. It's hard to say that it's outright bad faith because you'd somehow have to selectively not read parts of the article both before and after that part with the AMD numbers tweet to not understand that AMD CPUs are not affected.


The most positive way you can frame it is in bad faith, especially with the understanding of kernel development constraints at AMD and LF. Shortcut, assume everything is bad because they didn't know if it was an x86 bug or a specific vendor bug. This is fine for the vendors, not fine for the article writers who know 1. AMD isn't effected, and 2. a patch exists to correct the immediate 'OH SHIIIIIII' reaction.

Quote:


> Originally Posted by *randomizer*
> 
> 
> 
> Spoiler: Warning: Spoiler!
> 
> 
> 
> This patch never happened. AMD CPUs are impacted in the current kernel source. Here's the commit:
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/arch/x86/kernel/cpu/common.c?id=a89f040fa34ec9cd682aed98b8f04e3c47d998bd


Just because the patch hasn't been completely merged, doesn't mean it doesn't exist. Look at the diff in the patch, it clearly applies to the conservatively patched kernel code.


----------



## orlfman

if its really going to hit performance that much intel should issue a recall. but i doubt they will.


----------



## Defoler

If more sites, and especially in windows gaming, show very high decrease in performance, it mean AMD are going to start ordering crates of champagne, and the market is going to look a lot different in 2018.

I wonder if this bug is going to continue into their 2018 chips, as they are most likely out of design phase by now.


----------



## tpi2007

Quote:


> Originally Posted by *Blameless*
> 
> Quote:
> 
> 
> 
> Originally Posted by *tpi2007*
> 
> Phoronix has good news for games (at least on Linux, but should probably be the same on Windows), no impact on the games tested - CS:GO, the latest Deus Ex, Dota 2, Dawn of War III, F1 2017 and The Talos Principle)
> 
> 
> 
> Games don't access the kernel that much. I/O heavy tasks do.
> 
> Databases and servers are probably in trouble. Consumer tasks, not so much.
> 
> Windows users should bench their most common tasks while they have the "show kernel times" option checked in taskmgr's graphs. The more kernel time, the bigger the performance hit from a fix is likely to be.
Click to expand...

Yeah, pretty much as expected from the previous article (and my previous post), applications that mostly stay in the user-space aren't likely to be affected, but as the first round of benchmarks has already shown, databases do seem to be affected.

If no performance loss mitigation solution is found in the meantime, this is going to be a very tough year for Intel on the Xeon front.

And Lisa Su is going to be taking daily sips from the world's largest champagne glass for at least a year and savour every moment of it.

On another note, Avonosac: I'll wait until tomorrow for work hours in Germany to see if they update that article in the OP now that Phoronix has done tests on Intel systems and shown the performance impact, before assuming bad faith instead of just incompetence.


----------



## Ashura

Quote:


> Originally Posted by *Defoler*
> 
> If more sites, and especially in windows gaming, show very high decrease in performance, it mean *AMD are going to start ordering crates of champagne*, and the market is going to look a lot different in 2018.
> 
> I wonder if this bug is going to continue into their 2018 chips, as they are most likely out of design phase by now.












But isn't workstations & Servers a bigger & most important market for Intel & AMD?


----------



## hhuey5

is i9 affected?


----------



## tpi2007

Quote:


> Originally Posted by *hhuey5*
> 
> is i9 affected?


Yes, it's architecture related, so everything from Celeron to Xeon is affected. The degree will depend on the workload. Typical consumer workloads may not be affected much if at all, but server workloads will. Workstation workloads will depend on what exactly you do with it. Phoronix is going to do more benchmarks soon, so we'll see what is what.

For now check out these two:

https://www.phoronix.com/scan.php?page=article&item=linux-415-x86pti&num=2

https://www.phoronix.com/scan.php?page=news_item&px=x86-PTI-Initial-Gaming-Tests


----------



## KarathKasun

Quote:


> Originally Posted by *hhuey5*
> 
> is i9 affected?


It has been hinted that it goes back from the latest Intel chips all the way to around nehalem/sandy/ivy.

That is to say, every socketed CPU from intel for the last ~10 years. Perhaps excluding Atom derivatives and the Knights series chips, as they have simpler execution cores.


----------



## Blameless

I would definitely like to see a comparison of the various architectural generations.


----------



## tpi2007

Quote:


> Originally Posted by *Blameless*
> 
> I would definitely like to see a comparison of the various architectural generations.


Me too.


----------



## Vipu

So will there be some windows update to this "soon" that I need to download?
I havent updated my win10 for long time now but guess I should for this.


----------



## tpi2007

Quote:


> Originally Posted by *Vipu*
> 
> So will there be some windows update to this "soon" that I need to download?
> I havent updated my win10 for long time now but guess I should for this.


They are saying that Amazon's AWS and Microsoft's Azure servers are going to be rebooted sometime between this week and the next to apply the patches, so a consumer rollout should happen soon too, although servers usually run Linux and that one appears more or less ready (even if the patch includes AMD too by seemingly unnecessary precaution), no word yet on Windows patches.


----------



## sumitlian

Quote:


> Originally Posted by *Blameless*
> 
> I would definitely like to see a comparison of the various architectural generations.


Quote:


> Originally Posted by *tpi2007*
> 
> Me too.


^These.


----------



## Disharmonic

This looks like the worst hardware bug in history, considering how many generations of CPUs seem to be affected. I wonder if this is even fixed in upcoming Intel CPUs. If it isn't, which is very likely considering it was seemingly discovered during very recently, it is probably too late for Ice Lake already.


----------



## delboy67

I hope I can keep my performance and run the risk I only game.


----------



## Panzerfury

I just bought a 8700k. For gaming, and some .NET development. I hope this doesn't affect either.


----------



## shredded

A drop in 5-10% performance on my 3930k for what i use it for might be enough for me to finally upgrade.


----------



## Offler

Quote:


> Originally Posted by *delboy67*
> 
> I hope I can keep my performance and run the risk I only game.


If it can be used to elevate privilegies, microsoft will be patching everything way back to Windows XP. Remember WannaCry.


----------



## Darkpriest667

I wonder if one of the tech websites is going to run a before and after performance comparison. I'd guess not because it might really piss off Intel.


----------



## Alex132

This will be very interesting, and I have a strong feeling a lot of strained large companies might not even patch their systems for this.

I am interested to see how this affects the home user as well, as that may be more apparent.


----------



## Pro3ootector

_The design flaw means that the open-source Linux kernel's virtual memory system needs to be changed and some patches are already out Microsoft will have to release a patch in this month's Patch Tuesday:

The bad news is that Intel processors will take a performance hit of between 5-30 percent depending on the task and the processor model. *The older the chip, the more it will slow down as the new models have features which could reduce the performance hit.*

Apple's 64-bit macOS will also need to be updated so expect that in a few years time, after they have got the clock going again.

Word on the Street is that the flaw is in the Intel x86 hardware, and it appears a microcode update can't address it. It has to be fixed in software at the OS level, or buy a new processor which lacks the design blunder.

So far Intel has kept details of the vulnerability within Intel's silicon are under wraps presumably on security grounds until Microsoft issues its patch. It is understood the bug is present in modern Intel processors produced in the past decade.

It allows normal user programs to snuffle the contents of protected kernel memory. The fix is to separate the kernel's memory completely from user processes using what's called Kernel Page Table Isolation, or KPTI. But this will slow things down a lot.

These KPTI patches move the kernel into a completely separate address space. This shouldn't be needed, but there is a flaw in Intel's chips which at allows kernel access protections to be bypassed.

Of course, you could upgrade to a nice new AMD processor, which does not have the ****-up. AMD says that its microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault.

All this is a disaster for Intel. It is pretty grim when your chip has marginal performance improvements over your much cheaper rivals, but this puts the numbers well below anything Amdish. It will be interesting to see what the new benchmarks will be._

http://fudzilla.com/news/processors/45296-intel-stuff-up-forces-redesign-of-windows-and-linux

Will users be able to keep the old kernel? Without forced update?


----------



## ku4eto

If you have a VM with 2 assigned cores, and then run a program, which has a function, to access extra L3 cache (double the amount it uses), isn't this actually using the said vulnerability? Because, the program by default, should only be able to access the resources of those 2 assigned CPU's.


----------



## Osbios

Quote:


> Originally Posted by *Darkpriest667*
> 
> I wonder if one of the tech websites is going to run a before and after performance comparison. I'd guess not because it might really piss off Intel.


Many tech websites did not report anything on the issue so far. That already should tell you how serious this issue must be for them all to be so muzzled.


----------



## guttheslayer

Can we dont patch this at all? Anyway to prevent that?

Also how bad is the impact on benchmarking like 3dmark as well as gaming?


----------



## Pro3ootector

Even 5-10% performance drop will mean disaster for Intel.


----------



## Offler

Quote:


> Originally Posted by *Osbios*
> 
> Many tech websites did not report anything on the issue so far. That already should tell you how serious this issue must be for them all to be so muzzled.


If there would be benchmarks of new intel CPU (not released yet) and they will claim that they gained 5-30% in performance i will definitely link back this issue, only to reminder that Intel did not added any performance at all, they merely fixed a security flaw.

Quote:


> Originally Posted by *guttheslayer*
> 
> Can we dont patch this at all? Anyway to prevent that?
> 
> Also how bad is the impact on benchmarking like 3dmark as well as gaming?


So far almost none. Anyway i would be more concerned about security impacts.


----------



## guttheslayer

Quote:


> Originally Posted by *Disharmonic*
> 
> This looks like the worst hardware bug in history, considering how many generations of CPUs seem to be affected. I wonder if this is even fixed in upcoming Intel CPUs. If it isn't, which is very likely considering it was seemingly discovered during very recently, it is probably too late for Ice Lake already.


Actually this is thanks to intel anti innovation for these years sticking to old architecture for so long. Now i wonder what happen to ice lake since it is simply another "lake" rebrand.


----------



## guttheslayer

Quote:


> Originally Posted by *Offler*
> 
> If there would be benchmarks of new intel CPU (not released yet) and they will claim that they gained 5-30% in performance i will definitely link back this issue, only to reminder that Intel did not added any performance at all, they merely fixed a security flaw.
> So far almost none. Anyway i would be more concerned about security impacts.


They gained 5-30% but they ain faster than the next gen amd cpu. That will be a real laughing stock.

Unfortunately Ryzen will serve as a very powerful gauge as a reference point for this.


----------



## Offler

Quote:


> Originally Posted by *guttheslayer*
> 
> They gained 5-30% but they ain faster than the next gen amd cpu. That will be a real laughing stock.
> 
> Unfortunately Ryzen will serve as a very powerful gauge as a reference point for this.


As for reviewers on certain portals - I definitely expect they will test set of older Intel CPUs (with patch which lowers their current performance), while the new one would be miraculously better, regardless its almost the same core as when they first introduced I7-2700K.

Not even considering that reviewers would re-benchmark all the Intel CPUs 5 years back, admitting that AMD FX is somehow suprisingly with better performance as certain Intels.


----------



## delboy67

According to phoronix gaming isnt affected thank god. Cheap 6-8 core intels about to hit ebay maybe??


----------



## Glottis

This thread is hilarious

"the worst hardware bug in history"
"disaster for Intel"
"the Intel CEO sold a lot of shares"

No one will remember this in a month, just like no one remembers that massive Wifi WPA2 KRACK vulnerability.

Internet is all about moment to moment sensationalism and click baits


----------



## MadRabbit

Quote:


> Originally Posted by *azanimefan*
> 
> thats a sign of one of three possibilities.
> 
> 1) Intel's CEO is planning to leave
> 2) Intel's CEO is expecting some awful news to affect intel's stock in a bad bad way. (remember Equifax? their whole board of directors withheld the news about the hack so they could divest themselves from the company, once they were divested they released the news about the hack). I would expect company affecting bad news to result in most of the directors divesting, not just the CEO; so unless the rest of intel's directors also recently sold off shares, then this probably isn't why he's selling.
> 3) Intel's CEO wants to invest in something else, or needs a lot of liquid assets for some reason (this is unlikely unless he plans to buy or massively invest in a company; or he's going to be sat on the board of another company and that company has share requirements to be seated... this is more common then you'd expect)


Yeah, if he sold because he was expecting this to hit the news, good luck with SEC getting involved. That's textbook insider trading ie. "I *know* the stock is going to plummet so I better sell now"


----------



## Alex132

Quote:


> Originally Posted by *Glottis*
> 
> This thread is hilarious
> 
> "the worst hardware bug in history"
> "disaster for Intel"
> "the Intel CEO sold a lot of shares"
> 
> No one will remember this in a month, just like no one remembers that massive Wifi WPA2 KRACK vulnerability.
> 
> Internet is all about moment to moment sensationalism and click baits


This is affecting a lot of businesses/MSPs at the moment like the WannaCry outburst.

It's a catch 22, either incur a potentially huge performance degradation (ie; have to buy new hardware), or run the risk of getting potential crypto on all your VMs (someone will write a crypto for this, considering the price of BTC and how everyone loves crypto).

Oddly enough I only know of 1 large scale company that has AMD that isn't affected, the rest are Intel and straining their resources already.


----------



## Maximization

this looks like more a designed back door. find out on the 4th I guess


----------



## Profiled

my win 10 and 4 cores are safe









-disable updates service


----------



## therealjustin

I think it's a conspiracy. This is Intel's way of enticing Sandy Bridge, etc owners to finally upgrade. Make the chips slower.


----------



## delboy67

Quote:


> Originally Posted by *Maximization*
> 
> this looks like more a designed back door. find out on the 4th I guess


The more i read the more it looks deliberate to gain permformance advantage at the expense of security.


----------



## Grummpy

Lmao @ NEW


----------



## Blameless

Quote:


> Originally Posted by *delboy67*
> 
> I hope I can keep my performance and run the risk I only game.


If you only game, then the patch likely won't hurt your performance anyway.
Quote:


> Originally Posted by *ku4eto*
> 
> If you have a VM with 2 assigned cores, and then run a program, which has a function, to access extra L3 cache (double the amount it uses), isn't this actually using the said vulnerability? Because, the program by default, should only be able to access the resources of those 2 assigned CPU's.


No.

L3 cache slices may be on the same ring stop as cores on some architectures, but L3 cache isn't part of the CPU core and every core has full access to the entire L3 on all Intel architectures.
Quote:


> Originally Posted by *guttheslayer*
> 
> Can we dont patch this at all? Anyway to prevent that?


You can not install the patches...unless you have Windows 10.
Quote:


> Originally Posted by *guttheslayer*
> 
> Also how bad is the impact on benchmarking like 3dmark as well as gaming?


From the testing that's been done so far, zero.

If it doesn't access kernel functions heavily, there won't be a performance hit.

I/O heavy tasks will be most affected.


----------



## Asterox

Quote:


> Originally Posted by *PiOfPie*
> 
> *Unless Intel decides to grease some palms* to ensure the AMD CPUs are also flagged for the instruction so that they also get hit with the performance decrease.


Not posible today in this situation. In reality Intel CPU sales it will fall harder then rock from 10 000 meters.

Intel CEO, who will be guilty of such a debacle?


----------



## guttheslayer

Quote:


> Originally Posted by *Blameless*
> 
> You can not install the patches...unless you have Windows 10.
> From the testing that's been done so far, zero.


I am using window 10

Quote:


> Originally Posted by *therealjustin*
> 
> I think it's a conspiracy. This is Intel's way of enticing Sandy Bridge, etc owners to finally upgrade. Make the chips slower.


And we know what happen to Apple after the news is officially confirmed.

Then again it take more than a few hard punch for Intel to fall from their mighty throne. We need something more so that they start giving us real quality product. (Such as discarding their toothpaste TIM for solder etc.)


----------



## nanotm

wait so in july 2017 a major hardware bug was noticed on lake cpu's the bios fix to which was to lock out HT (which somehow didn't affect performance) now theres another major hardware bug that disables their IPC boost and yet again their claiming it doesn't affect performance ......

yeah so you lost half your compute power 6 months back and now your loosing 30% of your compute power on the remaining part of the cpu and magically intel owned gaming press is claiming "games performance is unaffected"

something stinks and this reminds me of the p3 debacle where intel and its press corp denied that its cpu's were turning into fireballs for 9 months and only when faced with serious legal action from credit card companies did they actually do something about it (at least in the UK i dont know about other countries)

there is no way in hell that intel cpu performance isn't crippled by locking out more than half of its processing capability and any benchmarks are unreliable especially since most of the companies making the "benchmarking software" are intel subsidiaries and have been for more than a decade....


----------



## Grummpy

Anyone talk about performance loss from the patch if it can be patched are just misdirecting away from the real story.
we all been driving without door locks for a very long time.
Only now do we get the truth.
Its a disgrace.


----------



## Shatun-Bear

So when is the whole gigantic Intel enterprise coming crashing down to earth in flames? It won't happen? No?! That's no fun for all concerned.


----------



## sumitlian

Will we ever get the climax of the full story on where exactly Intel's architecture differed than AMD and if it was intentional then why did they allow so for so long if the security faults were already known and why exactly AMD CPUs are not having this issue despite the uArch is same, that is x86-64 ?
I would love to read the full anandtech's kinda very detailed article regarding this in coming days.









A "Happy New Year" wish by Intel as well as so much IPC boost in 2018 ?


----------



## Grummpy

uArch is same
WHAT
Pls explain what exactly is the same.


----------



## Panzerfury

I wonder if this has been an issue for a decade, why it hasn't been exploited earlier.
Surely someone must have noticed this before?


----------



## sumitlian

Quote:


> Originally Posted by *Grummpy*
> 
> uArch is same
> WHAT
> Pls explain what exactly is the same.


My bad, both Intel and AMD CPUs use same *architecture* (x86-64 instruction sets at highest level), it is the microarchitecture (instruction set implementation at the lowest level) they differ in.


----------



## Grummpy

https://hothardware.com/news/intel-cpu-bug-kernel-memory-isolation-linux-windows-macos
AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against. The AMD micro architecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault.


----------



## AmericanLoco

X86
Quote:


> Originally Posted by *sumitlian*
> 
> My bad, both Intel and AMD CPUs use same *architecture* (x86-64 instruction sets at highest level), it is the microarchitecture (instruction set implementation at the lowest level) they differ in.


X86 is just an instruction set these days, not an architecture. AMD and Intel CPUs internally decode x86 instructions into RISC-like micro-ops. AMD and Intel CPUs are completely different - they just "speak" the same language.


----------



## Grummpy

Quote:


> Originally Posted by *sumitlian*
> 
> My bad, both Intel and AMD CPUs use same *architecture* (x86-64 instruction sets at highest level), it is the microarchitecture (instruction set implementation at the lowest level) they differ in.


They share nothing its a completely different substrate and silicon and layout,
even the manufacturing is different.

EPYC are going to win big in the coming months .
How long have intel known about this and continue to sell us their faulty goods.


----------



## Blameless

Quote:


> Originally Posted by *guttheslayer*
> 
> I am using window 10


Then you're almost certain to be getting a patch sometime soon.


----------



## sumitlian

Quote:


> Originally Posted by *AmericanLoco*
> 
> X86
> X86 is just an instruction set these days, not an architecture. AMD and Intel CPUs internally decode x86 instructions into RISC-like micro-ops. AMD and Intel CPUs are completely different - they just "speak" the same language.


Yeah it can be said that as well. And I understand that too. But I was asking the same, where and why exactly Intel missed in the microarchitecture parts as compared to AMD, if it was intentional or it is just that the issues were unbeknownst to them until now ? is what interests me. All this exists when we compare it to AMD's microarchitecture. It is better than becoming a conspiracy theorist.
Quote:


> Originally Posted by *Grummpy*
> 
> They share nothing its a completely different substrate and silicon and layout,
> even the manufacturing is different.


Oh boy wel yeah I wasn't talking about that low level though. Access to the memory references should be certainly not caused by fabrication level implementation, unless Intel were to be really unlucky, which looks highly unlikely to me.


----------



## Grummpy

only one winner.
https://www.networkworld.com/article/3204013/servers/epyc-win-for-amd-in-the-server-security-battle.html


----------



## geoxile

Quote:


> Originally Posted by *Glottis*
> 
> This thread is hilarious
> 
> "the worst hardware bug in history"
> "disaster for Intel"
> "the Intel CEO sold a lot of shares"
> 
> No one will remember this in a month, just like no one remembers that massive Wifi WPA2 KRACK vulnerability.
> 
> Internet is all about moment to moment sensationalism and click baits


Just because a bunch of laymen don't remember doesn't make it a big deal. It's going to costs tens of hundreds of millions for businesses to mitigate the problem


----------



## guttheslayer

Quote:


> Originally Posted by *Blameless*
> 
> Then you're almost certain to be getting a patch sometime soon.


And that is why I am dead concern, as I am using an Intel CPU.


----------



## ibb27

Here we go boys, PostgreSQL test:
https://www.postgresql.org/message-id/[email protected]

Worst case scenario, 23% performance loss.


----------



## nanotm

Quote:


> Originally Posted by *ibb27*
> 
> Here we go boys, PostgreSQL test:
> https://www.postgresql.org/message-id/[email protected]
> 
> Worst case scenario, 23% performance loss.


thats for one workload scenario another news site has indicated that the performance degradation when combined with the earlier disable ht "bug fix" puts the total closer to 50% across the board


----------



## sumitlian

Quote:


> Originally Posted by *ibb27*
> 
> Here we go boys, PostgreSQL test:
> https://www.postgresql.org/message-id/[email protected]
> 
> Worst case scenario, 23% performance loss.


Should similar loss be with MSSQL and MySQL as well ?


----------



## sugarhell

Also, I want to see directx performance. It does a lot more syscalls than opengl or Vulkan


----------



## Bugzzz

Quote:


> Originally Posted by *sugarhell*
> 
> Also, I want to see directx performance. It does a lot more syscalls than opengl or Vulkan


Might i add, specifically those making heavy use of drm like the latest assassins creed, weren't they using around 35% of cpu on average?


----------



## Shatun-Bear

Quote:


> Originally Posted by *nanotm*
> 
> thats for one workload scenario another news site has indicated that the performance degradation when combined with the earlier disable ht "bug fix" puts the total closer to 50% across the board


50%? Holy.


----------



## nanotm

Quote:


> Originally Posted by *Shatun-Bear*
> 
> 50%? Holy.


yeah but take it with a pinch of salt

that's quite likely just a headline figure on a specific task (dont know cos they dont give details) and thats claimed to only affect 6/7th gen cpu's (i dont actually believe that to be true since intel openly admits that every core cpu iteration is based on the exact same architecture for over a decade which means it includes 8th through 10th gen cpu's at minimum)

its also possible that was a conservative figure or related to non game general tasks or even just a specific game, who knows theres so much information out there right now and intel's market price is crashing pretty hardcore (intel's ceo is likely about to make a killing buying double his old shares for a fraction of its sale price)

the conspiraloon in me actually belives that intel did this "bad news" on purpose as part of a long marketing ploy to flog its next generation of cpu's given its flagging sales profile of recent years, this clearly isn't a new problem (they knew about it back in the days of the p4 first generation) which must mean they took a different route with the upcoming cpu lineup's release and are desperate to pump the sales hype.... it wouldn't be the first time they used a disaster of their own making in this way...


----------



## Imouto

Quote:


> Krzanich is keeping the bare minimum. Intel's corporate bylaws mandate a certain amount of stock ownership by executives and board members by the time they've been with the company for five years.
> 
> After the options exercises and subsequent sales (which left Krzanich's position unchanged at 495,743 shares), Krzanich then made two more transactions: a sale of 242,830 shares and a sale of 2,913 shares, with each transaction happening at an average price of $44.555, per the filing.
> 
> *Those two transactions left Krzanich with exactly 250,000 shares -- the bare minimum that he's required to hold as CEO.*


- Salsa -

Doesn't look good at all. I needed to get rid of this 4790K, now that it is practically a dead weight someone in my family is going to be very happy.


----------



## Causality1978

Maybe that's why Krzanich dumped so much of his Intel Stock about a month ago and now is only holding the bare minimum necessary to be able to keep his CEO position.
https://www.fool.com/investing/2017/12/19/intels-ceo-just-sold-a-lot-of-stock.aspx


----------



## Leopardi

Since it's all related to virtual memory, can't you just disable pagefile and get 100% performance back?


----------



## kd5151

Make Intel great again.


----------



## nanotm

Quote:


> Originally Posted by *Leopardi*
> 
> Since it's all related to virtual memory, can't you just disable pagefile and get 100% performance back?


isnt page file just a clever trick to increase the ammount of ram your pc has without spending any money ?


----------



## sugarhell

It seems that you can just read from cache directly..

https://twitter.com/brainsmoke/status/948561799875502080


----------



## AyeYo

Quote:


> Originally Posted by *nanotm*
> 
> yeah but take it with a pinch of salt
> 
> that's quite likely just a headline figure on a specific task (dont know cos they dont give details) and thats claimed to only affect 6/7th gen cpu's (i dont actually believe that to be true since intel openly admits that every core cpu iteration is based on the exact same architecture for over a decade which means it includes 8th through 10th gen cpu's at minimum)
> 
> its also possible that was a conservative figure or related to non game general tasks or even just a specific game, who knows theres so much information out there right now and intel's market price is crashing pretty hardcore (intel's ceo is likely about to make a killing buying double his old shares for a fraction of its sale price)
> 
> the conspiraloon in me actually belives that intel did this "bad news" on purpose as part of a long marketing ploy to flog its next generation of cpu's given its flagging sales profile of recent years, this clearly isn't a new problem (they knew about it back in the days of the p4 first generation) which must mean they took a different route with the upcoming cpu lineup's release and are desperate to pump the sales hype.... it wouldn't be the first time they used a disaster of their own making in this way...


That'd all be well and good, but that's assuming some really dumb consumers and epically dumb commercial users.

"Hey guys, we know we just screwed you out of your expensive new hardware through incompetence or shady behavior ... but don't worry, we're ready to sell great newer hardware at full over-price that we promise will work better!!!"

Who's going to buy that crap, both figuratively and literally?


----------



## ku4eto

Quote:


> Originally Posted by *sugarhell*
> 
> It seems that you can just read from cache directly..
> 
> https://twitter.com/brainsmoke/status/948561799875502080


Its seems like he can directly read from the memory addresses of the cache.


----------



## sugarhell

Quote:


> Originally Posted by *ku4eto*
> 
> Its seems like he can directly read from the memory addresses of the cache.


Yes without a page fault


----------



## cplifj

So this is the new sales/marketing technique being used in a collapsing industry....

If people are happy with their 5/6 year old cpu's which still perform top notch to current day, the industry quickly finds ways to get a new salesboost....

HILLARYOUS.

As if they wouldn't have know this for years if it were true. And if they didn't... , in any case makes me wonder if they deserve to be in business really.

This is all just too much of the "good" thing.


----------



## nanotm

Quote:


> Originally Posted by *AyeYo*
> 
> That'd all be well and good, but that's assuming some really dumb consumers and epically dumb commercial users.
> 
> "Hey guys, we know we just screwed you out of your expensive new hardware through incompetence or shady behavior ... but don't worry, we're ready to sell great new hardware that we promise will work better!!!"
> 
> Who's going to buy that crap, both figuratively and literally?


um everyone who went out and bought an intel cpu after the Pentium 3 fireball fiasco happened
and well pretty much everyone ever who bought an intel cpu after the 2nd generation of core processors were released since you got nothing new for the money not even a real world performance increase.....


----------



## mouacyk

Quote:


> Originally Posted by *Leopardi*
> 
> Since it's all related to virtual memory, can't you just disable pagefile and get 100% performance back?


No, the pagefile you're thinking of, which extends available RAM, is not relevant. Everything is happening at levels above the pagefile. The performance hit itself comes from the need to flush caches on context-switching for system calls. This is why PCID (process context IDs) mitigates some of that penalty, by not flushing for calls from the same process. You can see that penalty is not as heavy with PCID enabled when PTI is also enabled.

From StackOverflow:
Quote:


> Consider now a system call that involves blocking of the caller until some event or availability of data. Manipulating mutexes and reading files would be examples of such system calls. In this case the kernel is forced to save the full context of the caller, mark it as blocked so the scheduler can't run it until that event or data arrives, and load the context of another ready thread/process, so it can run.
> 
> That's how system calls are related to context switches.


----------



## ku4eto

Quote:


> Originally Posted by *sugarhell*
> 
> Yes without a page fault


If i remember correctly, even reading from the cache could cause errors - something like observing the information is enough to change it.

But, can he write to it







?


----------



## AyeYo

Quote:


> Originally Posted by *nanotm*
> 
> um everyone who went out and bought an intel cpu after the Pentium 3 fireball fiasco happened
> and well pretty much everyone ever who bought an intel cpu after the 2nd generation of core processors were released since you got nothing new for the money not even a real world performance increase.....


Well that's just simply false.


----------



## DerBademeister

Quote:


> Originally Posted by *MadRabbit*
> 
> Yeah, if he sold because he was expecting this to hit the news, good luck with SEC getting involved. That's textbook insider trading ie. "I *know* the stock is going to plummet so I better sell now"


Plus he'll pay $300.000 more in taxes (if my calculations are correct) on that sale because he didn't wait two more weeks for the Trump tax cuts to kick in. It's 11am at Wall Street and Intel is already down 2.5%.

If it quacks like a duck...

While insider trading can be punished with up to 20 years in prison, three years seems to be the average sentence. Of course the CEO of one of the largest corporations is a different kind of perpetrator and threat to the "integrity of the game" than a random no-name trader at Goldman's. Let's hope there's a DA out there who's looking to make his mark, so that this criminal doesn't walk away with a slap on the wrist.


----------



## sumitlian

Is music stopping for Intel ? Haven't they claimed their CPUs are industry proven technology while mocking Epyc last year.


----------



## Alex132

I know I'm gonna grab some of their stocks when they tank in a few days.


----------



## SectorNine50

Edit: Old article, sorry.


----------



## Alex132

Quote:


> Originally Posted by *SectorNine50*
> 
> Quote:
> 
> 
> 
> The good news is that Intel spotted the howler in its processor blueprints, and corrected the issue: chips built from January 2011 and onwards (Sandy Bridge Core CPUs and later) are not affected.
> 
> 
> 
> https://www.theregister.co.uk/AMP/2015/08/11/memory_hole_roots_intel_processors/?__twitter_impression=true
Click to expand...

Posted in The Channel, 11th August 2015 07:31 GMT


----------



## DerBademeister

Quote:


> Originally Posted by *Alex132*
> 
> I know I'm gonna grab some of their stocks when they tank in a few days.


AMD is this month's Bitcoin at the moment. It's already up 7% after two hours since trading session has started at NYSE.


----------



## ku4eto

Quote:


> Originally Posted by *DerBademeister*
> 
> AMD is this month's Bitcoin at the moment. It's already up 7% after two hours since trading session has started at NYSE.


I got in at 11.30$ , gonnna wait for 15$


----------



## doritos93

Quote:


> Originally Posted by *Alex132*
> 
> Posted in The Channel, 11th August 2015 07:31 GMT


Quote:


> Originally Posted by *SectorNine50*
> 
> https://www.theregister.co.uk/AMP/2015/08/11/memory_hole_roots_intel_processors/?__twitter_impression=true


Not the same exploit I don't think


----------



## SectorNine50

Quote:


> Originally Posted by *Alex132*
> 
> Posted in The Channel, 11th August 2015 07:31 GMT


Good catch ?

Edited post and removed source.


----------



## DerBademeister

Quote:


> Originally Posted by *ku4eto*
> 
> I got in at 11.30$ , gonnna wait for 15$


Kinda kicking myself in the butt for being too lazy to open an e-trading account somewhere. This would be an opportunity for some quick cash.


----------



## Particle

Quote:


> Originally Posted by *Leopardi*
> 
> Since it's all related to virtual memory, can't you just disable pagefile and get 100% performance back?


It's a different sort of thing. From what I can tell the problem is related to kernel memory being mapped into the page table. It has been done for a long time in the name of improved performance. Normally that memory is largely off limits to user space applications, but it would seem that a way has been found to leak information out.
Quote:


> Originally Posted by *ku4eto*
> 
> I got in at 11.30$ , gonnna wait for 15$


I bought in at about $2.15 in 2015. heh


----------



## doritos93

Truly excited to see the effects of this on Windows machines. Public perception is really going to sway once we see how the home user is affected


----------



## Buris

5-30% performance hit..... Ryzen 2 here I come


----------



## Shatun-Bear

Quote:


> Originally Posted by *DerBademeister*
> 
> Kinda kicking myself in the butt for being too lazy to open an e-trading account somewhere. This would be an opportunity for some quick cash.


If you had any sense you would forget that idea and buy some cryptocurrencies instead. I mean $11 to $15 is a paltry return.

Take for example Litecoin. As early as early December a Litecoin was worth $72 but then by the middle of that month price soared to $275 and has since dropped to around $180. Still, imagine you'd bought £10,000 at the start of December.


----------



## figuretti

This pic was posted on reddit recently...

The Insider Preview has the PTI changes applied to all CPU's


----------



## HMBR

Quote:


> Originally Posted by *Buris*
> 
> 5-30% performance hit..... Ryzen 2 here I come


I think these numbers are for specific uses, while some uses might show 0 decrease, the phoronix tests are showing that at least.

I'm hoping more typical desktop usage is not affected,
anyway, hopefully AMD can capitalize on this;


----------



## Offler

Quote:


> Originally Posted by *figuretti*
> 
> This pic was posted on reddit recently...
> 
> The Insider Preview has the PTI changes applied to all CPU's


Thats most likely a hoax.


----------



## Diablosbud

Quote:


> Originally Posted by *Offler*
> 
> Thats most likely a hoax.


I wouldn't doubt it, the Linux patch for this vulnerability is applied to AMD as well.


----------



## figuretti

Quote:


> Originally Posted by *Offler*
> 
> Thats most likely a hoax.


I really expect that... Ryzen 7 1700 owner with a lot of Databases & VM's on my PC


----------



## figuretti

Quote:


> Originally Posted by *Diablosbud*
> 
> I wouldn't doubt it, the Linux patch for this vulnerability is applied to AMD as well.


Apparently the modifications to skip AMD for the patch are in, on a newest version of the Kernel

Source: https://www.reddit.com/r/hardware/comments/7nqy3h/apparently_amds_request_to_be_excluded_from_the/ds42kks/
"This will be merged in 4.14.12 and 4.15rc7 the patch already got reviewed by a third party (from openSUSE) that has access to the cve ("security bugtracker"). There is no need to worry for AMD CPUs by this."


----------



## Causality1978

https://www.computerbase.de/2018-01/intel-cpu-pti-sicherheitsluecke/#update2

"here we go again" vw


----------



## geoxile

Quote:


> Originally Posted by *figuretti*
> 
> This pic was posted on reddit recently...
> 
> The Insider Preview has the PTI changes applied to all CPU's


So a problem is identified on Intel core derived processors and the solution is to gimp ALL x86 processors, clearly without proper testing, despite AMD's engineers insisting Ryzen doesn't have the problem

Yeah, nothing shady about that.


----------



## pas008

who found this vulnerability?


----------



## Causality1978

Quote:


> Originally Posted by *geoxile*
> 
> So a problem is identified on Intel core derived processors and the solution is to gimp ALL x86 processors, clearly without proper testing, despite AMD's engineers insisting Ryzen doesn't have the problem
> 
> Yeah, nothing shady about that.


WINDOWS AFFECT ALL X86 NO AMD. you try defending intel, of course , make intel great again


----------



## Offler

Quote:


> Originally Posted by *Diablosbud*
> 
> I wouldn't doubt it, the Linux patch for this vulnerability is applied to AMD as well.


Source is little bit too random, and I really can hardly imagine how to get that patch so early.

Meanwhile the part of the industry, which has an option to migrate (at least temporarily) certain services to AMD machines and servers to retain some performance would have to advocate that applying the patch on unaffected CPU is simply not a solution.

That is true for both Windows and Linux.

Edit + has been reported that Cinebench does not seem to show any performance degradation.


----------



## KarathKasun

The Linux patch also hamstrings AMD components, even though they are not impacted by this speculative execution bug.

https://www.phoronix.com/scan.php?page=news_item&px=x86-PTI-EPYC-Linux-4.15-Test

AMD has supplied a patch to correct this but it is getting delayed in the GIT tree.


----------



## tpi2007

Quote:


> Originally Posted by *figuretti*
> 
> Quote:
> 
> 
> 
> Originally Posted by *Diablosbud*
> 
> I wouldn't doubt it, the Linux patch for this vulnerability is applied to AMD as well.
> 
> 
> 
> Apparently the modifications to skip AMD for the patch are in, on a newest version of the Kernel
> 
> Source: https://www.reddit.com/r/hardware/comments/7nqy3h/apparently_amds_request_to_be_excluded_from_the/ds42kks/
> "This will be merged in 4.14.12 and 4.15rc7 the patch already got reviewed by a third party (from openSUSE) that has access to the cve ("security bugtracker"). There is no need to worry for AMD CPUs by this."
Click to expand...

Good to know.

Quote:


> Originally Posted by *Causality1978*
> 
> In der ComputerBase-Redaktion wurde das zuletzt genutzte Prozessor-Testsystem nach den Feiertagen noch einmal mit einem Intel Core i7-7700K zum Einsatz gebracht. Auf einer zweiten SSD wurden exakt die gleichen Benchmarks geladen, dort war aber nicht das Windows 10 Fall Creators Update installiert, sondern die aktuellste Insider Preview Build 17063 vom 19. Dezember 2017, in der der Patch schon aktiv ist. Die gewählten Benchmarks sind nicht von der Leistungsfähigkeit der SSD abhängig
> 
> https://www.computerbase.de/2018-01/intel-cpu-pti-sicherheitsluecke/#update2
> 
> "here we go again" vw


Also good to know that they updated the article two times since yesterday with Intel related information and benchmarks using Windows. Now in addition to consumer workloads they need to test workstation and server workloads.


----------



## Offler

Quote:


> Originally Posted by *KarathKasun*
> 
> The Linux patch also hamstrings AMD components, even though they are not impacted by this speculative execution bug.
> 
> https://www.phoronix.com/scan.php?page=news_item&px=x86-PTI-EPYC-Linux-4.15-Test


In linux, kernel can be started with "nopti" parameter...


----------



## KarathKasun

Quote:


> Originally Posted by *Offler*
> 
> In linux, kernel can be started with "nopti" parameter...


Im sure you can do the same in Windows if you dig up the switch to do so. Does not change that the assumption was made in the code without testing.

Doesnt matter anymore anyway, looks like the AMD patch to auto-disable it finally got pushed through.


----------



## TMatzelle60

I really dont think gaming will be that affected


----------



## Kand

Linux Gaming Performance Doesn't Appear Affected By The x86 PTI Work

Calm down.
https://www.phoronix.com/scan.php?page=news_item&px=x86-PTI-Initial-Gaming-Tests


----------



## Shogoki

Quote:


> Originally Posted by *TMatzelle60*
> 
> I really dont think gaming will be that affected


And streaming ? Since rendering videos is a CPU heavy task.


----------



## KyadCK

Quote:


> Originally Posted by *ku4eto*
> 
> If you have a VM with 2 assigned cores, and then run a program, which has a function, to access extra L3 cache (double the amount it uses), isn't this actually using the said vulnerability? Because, the program by default, should only be able to access the resources of those 2 assigned CPU's.


That isn't how VMs work.

When you assign a VM two cores, you're telling it that it may use up to two cores worth of performance, not that it uses "those two" cores.
Quote:


> Originally Posted by *Leopardi*
> 
> Since it's all related to virtual memory, can't you just disable pagefile and get 100% performance back?


Wrong type of virtual memory, PageFile is on the harddrive.
Quote:


> Originally Posted by *nanotm*
> 
> Quote:
> 
> 
> 
> Originally Posted by *Leopardi*
> 
> Since it's all related to virtual memory, can't you just disable pagefile and get 100% performance back?
> 
> 
> 
> isnt page file just a clever trick to increase the ammount of ram your pc has without spending any money ?
Click to expand...

PageFile (and SWAP on linux) is a place for the OS to put files that want to be in RAM but are used so rarely that they really don;t need to be in RAM, so it puts them on the drive.

It is also used for RAM dumps on BSOD and kernel panic, which is why default pagefile is equal to total ram.
Quote:


> Originally Posted by *nanotm*
> 
> Quote:
> 
> 
> 
> Originally Posted by *AyeYo*
> 
> That'd all be well and good, but that's assuming some really dumb consumers and epically dumb commercial users.
> 
> "Hey guys, we know we just screwed you out of your expensive new hardware through incompetence or shady behavior ... but don't worry, we're ready to sell great new hardware that we promise will work better!!!"
> 
> Who's going to buy that crap, both figuratively and literally?
> 
> 
> 
> um everyone who went out and bought an intel cpu after the Pentium 3 fireball fiasco happened
> and well pretty much everyone ever who bought an intel cpu after the 2nd generation of core processors were released since you got nothing new for the money not even a real world performance increase.....
Click to expand...

You got plenty of new things for the money, such as NVMe. Just not performance worth much until Coffee.
Quote:


> Originally Posted by *geoxile*
> 
> Quote:
> 
> 
> 
> Originally Posted by *figuretti*
> 
> This pic was posted on reddit recently...
> 
> The Insider Preview has the PTI changes applied to all CPU's
> 
> 
> 
> So a problem is identified on Intel core derived processors and the solution is to gimp ALL x86 processors, clearly without proper testing, despite AMD's engineers insisting Ryzen doesn't have the problem
> 
> Yeah, nothing shady about that.
Click to expand...

Fix one of the largest security concerns the world has seen now, fix the casualties of the fix later. There is no time to worry about testing, places like AWS needed the fix NOW.

Either way the 2nd round of fixing that disables it for AMD is coming out soon.


----------



## Kand

Quote:


> Originally Posted by *Shogoki*
> 
> And streaming ? Since rendering videos is a CPU heavy task.


Not either.
https://www.phoronix.com/scan.php?page=article&item=linux-415-x86pti&num=2


----------



## gigafloppy

Now we know why Coffee Lake was launched months ahead of time. Who's going to buy a new Intel CPU now? It's either Ryzen or wait for a nextgen (fixed) Intel CPU.


----------



## mouacyk

Quote:


> Originally Posted by *KarathKasun*
> 
> The Linux patch also hamstrings AMD components, even though they are not impacted by this speculative execution bug.
> 
> https://www.phoronix.com/scan.php?page=news_item&px=x86-PTI-EPYC-Linux-4.15-Test
> 
> AMD has supplied a patch to correct this but it is getting delayed in the GIT tree.


The thing that's still up in the air is the RyZen segfault bug, that seems to be doing the same speculative execution and sometimes the instruction pointer jumps 64 bytes randomly. AMD has since fixed it in their physical process, but not all symptoms are known, besides the seg faults. AMD employees stating that "this" speculative execution issue does not affect them doesn't come with any proof to the kernel devs, hence their hesitation.


----------



## Shogoki

Quote:


> Originally Posted by *Kand*
> 
> Not either.
> https://www.phoronix.com/scan.php?page=article&item=linux-415-x86pti&num=2


I don't really understand how are these tests linked to streaming.


----------



## sugarhell

Quote:


> Originally Posted by *Shogoki*
> 
> I don't really understand how are these tests linked to streaming.


Also, this is on Linux.


----------



## DerBademeister

Quote:


> Originally Posted by *Shatun-Bear*
> 
> If you had any sense you would forget that idea and buy some cryptocurrencies instead. I mean $11 to $15 is a paltry return.
> 
> Take for example Litecoin. As early as early December a Litecoin was worth $72 but then by the middle of that month price soared to $275 and has since dropped to around $180. Still, imagine you'd bought £10,000 at the start of December.


You don't just need to buy at the right time, you also need to sell at the right time. Bitcoin and those kryptos that depend on it have cooled off since Mid-December, probably because many of the initial buyers (a thousand people owned 40% of bitcoins) cashed out to give themselves a nice fat Christmas present. Plus, wallets constantly get hacked and there's no legal remedy against that, as there is with stocks, which are at least somewhat regulated.


----------



## Kand

X264 encoding performance. Basically what gets uploaded live to sites like twitch.

Linux got the patch first so have this as a preview.

Quote:


> Originally Posted by *Shogoki*
> 
> I don't really understand how are these tests linked to streaming.


----------



## KarathKasun

Quote:


> Originally Posted by *sugarhell*
> 
> Also, this is on Linux.


The patches are live on Linux now, a Windows patch is incoming.


----------



## ibb27

Quote:


> Originally Posted by *pas008*
> 
> who found this vulnerability?


Author of this (https://cyber.***/2017/07/28/negative-result-reading-kernel-memory-from-user-mode/ ) article (from July) describe his attempts to abuse speculative execution on Intel CPU, but he was unable to come up with any working proof-of-concept code. Same month, group of hackers from Graz University of Technology (Austria) made a publication with code for Linux - implementation of KAISER, a kernel isolation technique to close hardware side channels on kernel address information.
Probably with all this info, someone has succeeded in breaking through Intel CPUs.
You can read the Register article for more info.

Asterisks above are w t f (without spaces). Come on OCN... this is stupid.


----------



## Shogoki

Quote:


> Originally Posted by *Kand*
> 
> X264 encoding performance. Basically what gets uploaded live to sites like twitch.
> 
> Linux got the patch first so have this as a preview.


Thanks, that's good news. I hope the Windows 10 patch will be on par with the Linux one.


----------



## pas008

Quote:


> Originally Posted by *pas008*
> 
> who found this vulnerability?


someone plz?

also I am curious if ryzen is actually affected, ryzen pro model didnt completely make sense to me but now does

which would mean they could have know for awhile


----------



## pas008

Quote:


> Originally Posted by *ibb27*
> 
> Author of this https://cyber.***/2017/07/28/negative-result-reading-kernel-memory-from-user-mode/]article[/URL] (from July) describe his attempts to abuse speculative execution on Intel CPU, but he was unable to come up with any working proof-of-concept code. Same month, group of hackers from Graz University of Technology (Austria) made a publication with code for Linux - implementation of KAISER, a kernel isolation technique to close hardware side channels on kernel address information.
> Probably with all this info, someone has succeeded in breaking through Intel CPUs.
> You can read the Register article for more info.


thx will read more later


----------



## ibb27

Quote:


> Originally Posted by *pas008*
> 
> thx will read more later


Alex Ionescu (Windows Internals expert) probably had information ahead of time (NDA ofc), cause he tweeted on 14 Nov:
https://twitter.com/aionescu/status/930412525111296000


----------



## PepsixDoggo

Quote:


> "Linux Will End Up Disabling x86 PTI For AMD Processors"
> 
> "While at the moment with the mainline Linux kernel Git tree AMD CPUs enable x86 PTI and are treated as "insecure" CPUs, the AMD patch for not setting X86_BUG_CPU_INSECURE will end up being honored. "


It looks like AMD cpus will not be affected by the patch.

Source:
https://www.phoronix.com/scan.php?page=news_item&px=Linux-Tip-Git-Disable-x86-PTI


----------



## Jokesterwild

Quote:


> Originally Posted by *pas008*
> 
> someone plz?
> 
> also I am curious if ryzen is actually affected, ryzen pro model didnt completely make sense to me but now does
> 
> which would mean they could have know for awhile


its been stated in numerous news outlets that AMD chips are not affected....


----------



## flippin_waffles

Quote:


> Originally Posted by *KyadCK*
> 
> ...
> 
> Fix one of the largest security concerns the world has seen now, fix the casualties of the fix later. There is no time to worry about testing, places like AWS needed the fix NOW.
> 
> Either way the 2nd round of fixing that disables it for AMD is coming out soon.


This hinges on when intel knew of this hardware flaw. If intel's next architectures have this hardware redesigned then they knew of this problem long ago. That would imply that the fix could have been mainlined long ago, and hindering performance on competing products would have been unnecessary, hence a lawsuit would need to be considered.


----------



## chispy

Right now this is what's happening at NASDAQ :

Intel shares are coming down and AMD shares are climbing up







, Karma is a biatch !



http://www.nasdaq.com/article/intel-falls-amd-rises-on-alleged-kernel-bug-cm899673


----------



## Kand

https://www.computerbase.de/2018-01/intel-cpu-pti-sicherheitsluecke/#update2

Windows patch shows Little to No perfromance impact on the consumer level.


----------



## Lord Venom

Looks like Apple already fixed this in macOS High Sierra 10.13.2 (with more coming in 10.13.3) via "Double Map" according to Alex Ionescu.

https://twitter.com/aionescu/status/948610973987831809


----------



## Offler

Quote:


> Originally Posted by *Kand*
> 
> https://www.computerbase.de/2018-01/intel-cpu-pti-sicherheitsluecke/#update2
> 
> Windows patch shows Little to No perfromance impact on the consumer level.


Higher res>lesser impact = GPU bound scenarios. In general the fix will make drivers to slow down on their base operations, so ... there will be impact which is yet not measurable.


----------



## Kand

Quote:


> Originally Posted by *Offler*
> 
> Higher res>lesser impact = GPU bound scenarios. In general the fix will make drivers to slow down on their base operations, so ... there will be impact which is yet not measurable.


Feels like you missed the part where they tested cinebench and handbrake.


----------



## Alex132

Quote:


> Originally Posted by *Kand*
> 
> Quote:
> 
> 
> 
> Originally Posted by *Offler*
> 
> Higher res>lesser impact = GPU bound scenarios. In general the fix will make drivers to slow down on their base operations, so ... there will be impact which is yet not measurable.
> 
> 
> 
> Feels like you missed the part where they tested cinebench and handbrake.
Click to expand...

While it's almost an across-the-board loss, it's so small it's within margin of error.

I really hope this turns out to be true.


----------



## pas008

Quote:


> Originally Posted by *Jokesterwild*
> 
> its been stated in numerous news outlets that AMD chips are not affected....


thats not the point,

amd's TSME was added to ryzen pro which means they knew it was able to happen?


----------



## Alex132

Quote:


> Originally Posted by *pas008*
> 
> Quote:
> 
> 
> 
> Originally Posted by *Jokesterwild*
> 
> its been stated in numerous news outlets that AMD chips are not affected....
> 
> 
> 
> thats not the point,
> 
> amd's TSME was added to ryzen pro which means they knew it was able to happen?
Click to expand...

Or just 'future-proofing'.


----------



## Causality1978

Don't worry, if he knew of this crap, there's all kinds of claw back provisions for avoiding responsibility... I would think Intel's board is smarter than to let anyone, including Krzanich get away with any crap.
Nope. All he has to do is not spill the secret that he knew of this problem beforehand. Remember, innocent until proven guilty.

Have the Equifax execs that sold stock before the recent breach been charged with insider trading? I know DOJ said they'd investigate, but is anyone aware of any charges? (Even if Equifax ex-execs are charged, lots of other people in the past have been let off for lack of proof of something obvious - obviousness isn't legal proof)

That said, I hope he does get held legally responsible. Oh so bad.

...


----------



## KyadCK

Quote:


> Originally Posted by *flippin_waffles*
> 
> Quote:
> 
> 
> 
> Originally Posted by *KyadCK*
> 
> ...
> 
> Fix one of the largest security concerns the world has seen now, fix the casualties of the fix later. There is no time to worry about testing, places like AWS needed the fix NOW.
> 
> Either way the 2nd round of fixing that disables it for AMD is coming out soon.
> 
> 
> 
> This hinges on when intel knew of this hardware flaw. If intel's next architectures have this hardware redesigned then they knew of this problem long ago. That would imply that the fix could have been mainlined long ago, and hindering performance on competing products would have been unnecessary, hence a lawsuit would need to be considered.
Click to expand...

Oh I am absolutely certain that Intel is in deeeeeeeeeeeep for this. I'm just saying the fact that the Round One patch also hits AMD isn't a huge deal when Round Two is already on the way.
Quote:


> Originally Posted by *pas008*
> 
> Quote:
> 
> 
> 
> Originally Posted by *Jokesterwild*
> 
> its been stated in numerous news outlets that AMD chips are not affected....
> 
> 
> 
> thats not the point,
> 
> amd's TSME was added to ryzen pro which means they knew it was able to happen?
Click to expand...

Or, and this is far more likely, its their first new Arch since Bulldozer and they decided it was a good idea to include it now.


----------



## Offler

Quote:


> Originally Posted by *pas008*
> 
> thats not the point,
> 
> amd's TSME was added to ryzen pro which means they knew it was able to happen?


Apparenlty the original vulnerability was described more than 6 months ago. Even when functional exploit wasnt presented at that time, possible fixes were tested. Original performance loss was expected to be 50%. In general = is it really worth to fix it immedieatelly?


----------



## KyadCK

Quote:


> Originally Posted by *Offler*
> 
> Quote:
> 
> 
> 
> Originally Posted by *pas008*
> 
> thats not the point,
> 
> amd's TSME was added to ryzen pro which means they knew it was able to happen?
> 
> 
> 
> Apparenlty the original vulnerability was described more than 6 months ago. Even when functional exploit wasnt presented at that time, possible fixes were tested. Original performance loss was expected to be 50%. In general = *is it really worth to fix it immedieatelly?*
Click to expand...

In your desktop? Na. Probably not.

In Azure, AWS, and ANY OTHER virtualized hosting services?
*YES.*

Unless you like things like your data being stolen just because your stuff was on the same computer as a hacker that rented a VM anyway.

If this comes at any serious CPU performance hit at all (>10%), especially in virtualization, Intel is in _massive_ pain. AMD's encrypted memory being on the marketing slide from day one is a huge beacon to security conscious people right now, and I expect Intel to add it as soon as they are physically capable.

EDIT: You know what? I'll make it simple. Do you remember HeartBleed? This is HeartBleed for CPUs, and its in hardware. Their fix is a workaround to disable parts/features of the chips responsible.


----------



## Curvy Groyper

But what about ONLINE gaming? League of Legends,or PUBG with 100 players playing together.

I just bought new pc,parts delivered today,i5 8600k still sitting unopened in my room.I am strongly considering sending it back and getting Ryzen.


----------



## Kand

Scroll up or go back a page.


----------



## mouacyk

With the focus shifted to performance penalties, are we all forgetting a larger security issue? Perhaps it's wise to remove your personal payment options in Amazon services and other online services that may be hosted on Intel CPUs? You never know if a breach is in progress, or has happened in silence.


----------



## Curvy Groyper

Quote:


> Originally Posted by *Kand*
> 
> Scroll up or go back a page.


Bunch of OFFLINE games and ssd benchmark

On these offline singleplayer games,its no surprise performance is not affected,I mean you can play these without even having internet connection,the windows might as well turn off the fixed version when offline to boost performance.

Online multiplayer gaming thats entirely different thing,not only do servers run Intel cpus,in PUBG tor example 100 players can play together at once on one server.I never saw any benchmark with multillayer game with both the host and server having the fixed windows version.


----------



## kithylin

So from everything I've read and understand so far... this entire patch is a bunch of to-do about nothing. Supposedly this flaw has been in Intel chips since the core2 era, and is only just now getting the light of day because after all these years, someone only just now figured out how to exploit it. And that exploit it's self, is only delivered/deployed via malicious javascript in unscrupulous websites. And all modern web-browsers (chrome, firefox, and opera) will just patch up and prevent scripts from accessing that part of memory and the problem will disappear. And the big down side is all windows 10 users will be automatically forced to take this performance-impacting patch, whether they want it or not via windows 10 forced auto-updates. Fortunately us windows 7 users with updates on manual only can choose to hide this one and just not install it. And then we won't have any issues what so ever as long as we use modern, updated web browsers. And we get to enjoy normal performance as if nothing ever happened.


----------



## geoxile

Quote:


> Originally Posted by *Midnight ***per*
> 
> Bunch of OFFLINE games and ssd benchmark


Online isn't really the concern. The problem is basically that processes running on the same CPU can potentially access each other's memory allocated to them by the OS. For data centers with virtual machine hosting it means one virtual machine could access the memory of another vm as long as they run on the same CPU.

Edit: accidentally hit submit. From what I understand the fix puts a penalty on memory changing operation (moving stuff on and off ram) so stuff that gets hit the most is stuff that does tons of input/output operations like file transfers and database operations. For games I don't think it will be a big deal either way since most games aren't bound by memory in the first place and today you can load like 90% of what you need for a level anyway or stream the rest without affecting performance


----------



## Defoler

Quote:


> Originally Posted by *Midnight ***per*
> 
> But what about ONLINE gaming? League of Legends,or PUBG with 100 players playing together.
> 
> I just bought new pc,parts delivered today,i5 8600k still sitting unopened in my room.I am strongly considering sending it back and getting Ryzen.


The panic...

Here is the thing. The issue is that programs running at a certain level, can access data they shouldn't, on the host they are running.

For those who aren't running unknown software on their computers, like PUBG running only their software on their servers which are less likely to be hacked, this is not going to affect their servers performance.

But those who offer virtual hosted machines for companies, this is going to affect, because they need their systems protected, to not allow one host to attack another. So they need to apply the patch, which means their hosted systems are going to be affected to a certain measure by the slow-down.

To the gaming industry, the banking industry, all sort of closed markets, this isn't going to affect much if they can choose to disable the kernel protection when they don't need it.


----------



## KarathKasun

Quote:


> Originally Posted by *Defoler*
> 
> The panic...
> 
> Here is the thing. The issue is that programs running at a certain level, can access data they shouldn't, on the host they are running.
> 
> For those who aren't running unknown software on their computers, like PUBG running only their software on their servers which are less likely to be hacked, this is not going to affect their servers performance.
> 
> But those who offer virtual hosted machines for companies, this is going to affect, because they need their systems protected, to not allow one host to attack another. So they need to apply the patch, which means their hosted systems are going to be affected to a certain measure by the slow-down.
> 
> To the gaming industry, the banking industry, all sort of closed markets, this isn't going to affect much if they can choose to disable the kernel protection when they don't need it.


This vulnerability would also theoretically allow a rootkit to be installed directly from a javascript. Its a credential elevation bug at the hardware level.


----------



## Phixit

Intel response :

https://newsroom.intel.com/news/intel-responds-to-security-research-findings/


----------



## kidwolf909

Update: Intel refuting today's claims... shares paring losses and AMD shares coming back to earth.

Link


----------



## nanotm

Quote:


> Originally Posted by *Phixit*
> 
> Intel response :
> 
> https://newsroom.intel.com/news/intel-responds-to-security-research-findings/


rather reminiscent of their previous claims when their hardware was found to be defective "nah nah nah never happened but were working with others to ensure such things dont matter going forwards"

no matter the fans will still buy their product and intel will keep charging way over the odds for their product...


----------



## AyeYo

Quote:


> Originally Posted by *kidwolf909*
> 
> Update: Intel refuting today's claims... shares paring losses and AMD shares coming back to earth.
> 
> Link


"Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time."

That doesn't sound like refuting. Enterprise users were the concern from the get-go and this statement didn't really do anything to ease those concerns.


----------



## tpi2007

They aren't really refuting anything, just trying to downplay things with creative language. Let's parse it:

https://newsroom.intel.com/news/intel-responds-to-security-research-findings/
Quote:


> Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed. Intel believes these exploits do not have the potential to *corrupt, modify or delete* data.


Skirting around the issue of the exploit being able to _*read*_ data that it's not supposed to. Later in the press release they pretty much admit that the security problem exists, so it's all the more apparent what they are trying to do in this first paragraph.

Quote:


> Recent reports that these exploits are caused by a "bug" or a "flaw" and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices - with many different vendors' processors and operating systems - are susceptible to these exploits.


Trying to put other vendors in the same boat without naming anyone in specific or any product.

Quote:


> Intel is committed to product and customer security and is working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively. Intel has begun providing software and firmware updates to mitigate these exploits.


Leaving in the air with creative language that AMD and ARM CPUs are also affected without actually saying it.

Quote:


> Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.


Basically confirms what we know already. The issue exists and server workloads are going to be meaningfully affected; consumer ones not really.

Quote:


> Intel is committed to the industry best practice of responsible disclosure of potential security issues, which is why Intel and other vendors had planned to disclose this issue next week when more software and firmware updates will be available. However, Intel is making this statement today because of the current inaccurate media reports.
> 
> Check with your operating system vendor or system manufacturer and apply any available updates as soon as they are available. Following good security practices that protect against malware in general will also help protect against possible exploitation until updates can be applied.
> 
> Intel believes its products are the most secure in the world and that, with the support of its partners, the current solutions to this issue provide the best possible security for its customers.


AMD might disagree with that last paragraph right about now.


----------



## Dunan

Ok well I was about to upgrade from a i5 3570 to a i7 7700, hold off now or look at ryzen instead?


----------



## KyadCK

Quote:


> Originally Posted by *Midnight ***per*
> 
> Quote:
> 
> 
> 
> Originally Posted by *Kand*
> 
> Scroll up or go back a page.
> 
> 
> 
> Bunch of OFFLINE games and ssd benchmark
> 
> On these offline singleplayer games,its no surprise performance is not affected,I mean you can play these without even having internet connection,the windows might as well turn off the fixed version when offline to boost performance.
> 
> Online multiplayer gaming thats entirely different thing,not only do servers run Intel cpus,in PUBG tor example 100 players can play together at once on one server.I never saw any benchmark with multillayer game with both the host and server having the fixed windows version.
Click to expand...

There is no significant CPU use case difference between online and offline games client side.

Server side is irrelevant as well. You do not run one instance on a server, you run many. If performance is hit by this patch, you buy more servers. Issue solved.
Quote:


> Originally Posted by *kidwolf909*
> 
> Update: Intel refuting today's claims... shares paring losses and AMD shares coming back to earth.
> 
> Link


"It's not just us, it's them too ok guys, it doesnt even do a dozen bad things ok, we were going to tell everyone when we got the chance, geez, lay off!"

Or what @tpi2007 said if you want to be professional about it.


----------



## TFL Replica

First the Management Engine vulnerability and now this. They're going to need more than a bit of spin sorcery.


----------



## nanotm

Quote:


> Originally Posted by *AyeYo*
> 
> "Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time."
> 
> That doesn't sound like refuting. Enterprise users were the concern from the get-go and this statement didn't really do anything to ease those concerns.


yeah its more like a carefully worded statement of "we dont accept liability for making a known buggy product so you cant sue us for doing so"


----------



## Curvy Groyper

tpi2007 is right,the Intel response is sleazy corporate PR bullschmitt.They dance at the edge of lie without actually crossing the border,effectively they say that AMD have the problem too but if someone confronted them,its worded in way that they can say they never claimed that,disgusting & disappointing.

I read rumor that Intel can fix the issue easily with bios update but they dont want to do it so the burden rests on shoulders of third parties like Microsoft and Linux.Becose writting different software version for both AMD and Intel requires extra money,the companies might start only making the Intel version so even if you have AMD,you will still use the slowed down Intel version.Intel might want the slowdown affect AMD too this way so they dont get performance advantage.


----------



## zeall0rd

Quote:


> Originally Posted by *Midnight ***per*
> 
> I read rumor that Intel can fix the issue easily with bios update but they dont want to do it so the burden rests on shoulders of third parties like Microsoft and Linux.Becose writting different software version for both AMD and Intel requires extra money,the companies might start only making the Intel version so even if you have AMD,you will still use the slowed down Intel version.Intel might want the slowdown affect AMD too this way so they dont get performance advantage.


Okay, Sorry to disappoint you, but TLB is hardware-based and this requires a new CPU stepping in the best case.


----------



## Gunderman456

Quote:


> Originally Posted by *Ghoxt*
> 
> So correct me if I'm wrong...Did Intel lose control of one of the vulnerabilities they designed on purpose for 3 letter "Agencies", /tinfoil


I don't want to read the article, but it sounds to me that Linux has inadvertently uncovered the CIA backdoors that Intel was willingly including in their CPU, no aluminum foil required here and something that is further confirmed by this latest news.


----------



## Curvy Groyper

Quote:


> Originally Posted by *zeall0rd*
> 
> Sorry to disappoint you, but TLB is hardware-based and this requires a new CPU stepping in the best case.


Its hardware based but the security fix patches for Windows and Linux will be software,so there is software solution to it.


----------



## Particle

Quote:


> Originally Posted by *Midnight ***per*
> 
> Its hardware based but the security fix patches for Windows and Linux will be software,so there is software solution to it.


It depends on what you mean by solution. The software "solution" is essentially to assume that the hardware is broken and no longer trust it to do what it is supposed to do.


----------



## kithylin

This is only a web-browser based, website-based javascript exploit issue folks... why is everyone acting like it's some big hoopla over this crap? Browsers patch it, problem disappears, flaw or not, issue gone. I still can't wrap my head around why everyone is getting their panties in a twist over this.

The only reason the OS's are being patched at the OS level is because users can't be relied upon to use modern web browsers that auto-update.


----------



## KarathKasun

Quote:


> Originally Posted by *kithylin*
> 
> This is only a web-browser based, website-based javascript exploit issue folks... why is everyone acting like it's some big hoopla over this crap? Browsers patch it, problem disappears, flaw or not, issue gone. I still can't wrap my head around why everyone is getting their panties in a twist over this.


No, the problem is in the CPU hardware. The OS has to be patched to perform more strict non-hardware assisted security, this is why there is a performance penalty.

The java example is just that, an example. Any code running on the CPU can take advantage of this.

The exploit can also gain access to another virtual machine on the same CPU as another example.


----------



## Curvy Groyper

Quote:


> Originally Posted by *Particle*
> 
> It depends on what you mean by solution. The software "solution" is essentially to assume that the hardware is broken and no longer trust it to do what it is supposed to do.


By "solution" I mean preventing people from exploiting this flaw.Ofcourse the PROPER solution would be hardware that doesnt contain that flaw.Anyway,the rumor I heard is valid in my eyes,the argument that its bulls..t becose the problem is hardware is incorrect.

The Windows update to fix the issue,is software obviously,so software can fix it,and by forcing companies to only make the Intel version,they will bring the performance degradation upon all AMD users.


----------



## Ascii Aficionado

Is there even a slight chance Coffee Lake isn't affected.


----------



## KarathKasun

Quote:


> Originally Posted by *Ascii Aficionado*
> 
> Is there even a slight chance Coffee Lake isn't affected.


No chance.


----------



## sugarhell

Our hardware is the most secure in the world.

Yeah right.... ME anyone?


----------



## Fifth Horseman

I guess my real question is, will we know when this fix will be released or will it be hidden behind the scenes. The users should be a able to test if this severely impact performance but we wont know if we cannot do a before and after test?


----------



## Ascii Aficionado

Quote:


> Originally Posted by *KarathKasun*
> 
> No chance.


Time to OC to 6GHz to compensate for the patch

(explosion noises)


----------



## kithylin

Quote:


> Originally Posted by *KarathKasun*
> 
> No, the problem is in the CPU hardware. The OS has to be patched to perform more strict non-hardware assisted security, this is why there is a performance penalty.
> 
> The java example is just that, an example. Any code running on the CPU can take advantage of this.
> 
> The exploit can also gain access to another virtual machine on the same CPU as another example.


So.. just don't download random malicious crap from shady websites on the internet and only run trusted things from places you know and trust, and have a modern updated anti-virus and ignore this?

I'm really having a hard time understanding why it's so critically important to patch and make our systems suffer -30% performance for what is basically no real issue here.

I mean sure the hardware flaw is there but surely there's some less-drastic way to mitigate this issue than just rape performance off our chips off the top.

Surely we're not all going to be blind sheeples and just install the patch herpy derpy and go on with life.. surely we'll sit back and carefully monitor the outcome and what happens after patch before deciding to install it.


----------



## doritos93

A good read that will provide some context for some

https://lwn.net/SubscriberLink/741878/1a52f79ffe567125/


----------



## Particle

Quote:


> Originally Posted by *kithylin*
> 
> This is only a web-browser based, website-based javascript exploit issue folks... why is everyone acting like it's some big hoopla over this crap? Browsers patch it, problem disappears, flaw or not, issue gone. I still can't wrap my head around why everyone is getting their panties in a twist over this.
> 
> The only reason the OS's are being patched at the OS level is because users can't be relied upon to use modern web browsers that auto-update.


Everyone is acting like it's a big deal when you are not because your presumption about when and what is vulnerable is entirely incorrect. This is a hardware flaw where processors are failing to enforce privilege rings under certain circumstances. This is a hardware security feature that has existed since its introduction with the 286. Code executing on ring 3 is being allowed to read small bits of cache that should only be available to ring 0 (ie the kernel). Any program can exploit this. Web browsers are a scary example, but anything running on your system can now take advantage of this error. A good non-browser example would be virtual machines. This exploit would allow a program in one virtual machine on a server to read memory from either another virtual machine or even the hypervisor itself. It's a big, big deal.


----------



## kithylin

Quote:


> Originally Posted by *Particle*
> 
> Everyone is acting like it's a big deal when you are not because your presumption about when and what is vulnerable is entirely incorrect. This is a hardware flaw where processors are failing to enforce privilege rings under certain circumstances. This is a hardware security feature that has existed since its introduction with the 286. Code executing on ring 3 is being allowed to read small bits of cache that should only be available to ring 0 (ie the kernel). Any program can exploit this. Web browsers are a scary example, but anything running on your system can now take advantage of this error. A good non-browser example would be virtual machines. This exploit would allow a program in one virtual machine on a server to read memory from either another virtual machine or even the hypervisor itself. It's a big, big deal.


But if this has existed all these years in all of these chips, and everyone has been using our computers for years without ever patching it until 2018, why have there not been big news articles about this being exploited and hacked before? Why is it only now such a big deal? This could of been exploited anywhere over the past 10-20 years and suddenly in 2018 it's suddenly a big scary issue?







What is making using my computer today without the patch any different than using my computer without the patch over the past 20 years? This is really what I can't understand. It's like all of a sudden everyone's screaming about this. But no one said anything about this over the past 20 years or so.


----------



## Marios145

Quote:


> Originally Posted by *kithylin*
> 
> Quote:
> 
> 
> 
> Originally Posted by *KarathKasun*
> 
> No, the problem is in the CPU hardware. The OS has to be patched to perform more strict non-hardware assisted security, this is why there is a performance penalty.
> 
> The java example is just that, an example. Any code running on the CPU can take advantage of this.
> 
> The exploit can also gain access to another virtual machine on the same CPU as another example.
> 
> 
> 
> So.. just don't download random malicious crap from shady websites on the internet and only run trusted things from places you know and trust, and have a modern updated anti-virus and ignore this?
> 
> I'm really having a hard time understanding why it's so critically important to patch and make our systems suffer -30% performance for what is basically no real issue here.
> 
> I mean sure the hardware flaw is there but surely there's some less-drastic way to mitigate this issue than just rape performance off our chips off the top.
> 
> Surely we're not all going to be blind sheeples and just install the patch herpy derpy and go on with life.. surely we'll sit back and carefully monitor the outcome and what happens after patch before deciding to install it.
Click to expand...

Well...sites that you visit get downloaded on your PC and run on your cpu, they are supposedly not allowed to access any other part of ram until someone exploits this vulnerability

You guys should check some black hat videos on YouTube... hardware bugs can easily be exploited over the internet


----------



## Ascii Aficionado

If the performance hit post patch is substantial then AMD can expect an army of new buyers.


----------



## mouacyk

Quote:


> Originally Posted by *Particle*
> 
> Everyone is acting like it's a big deal when you are not because your presumption about when and what is vulnerable is entirely incorrect. This is a hardware flaw where processors are failing to enforce privilege rings under certain circumstances. This is a hardware security feature that has existed since its introduction with the 286. Code executing on ring 3 is being allowed to read small bits of cache that should only be available to ring 0 (ie the kernel). Any program can exploit this. Web browsers are a scary example, but anything running on your system can now take advantage of this error. A good non-browser example would be virtual machines. This exploit would allow a program in one virtual machine on a server to read memory from either another virtual machine or even the hypervisor itself. It's a big, big deal.


Hence secure your online accounts right now if not done already. Disable any payment methods that can be used just by logging into a service. Employ 2FA if available. Remove sensitive info if not necessary.

There have been big data breaches in 2017 and this certainly sheds a light on how it happened. Even at places like the NSA.


----------



## Particle

Quote:


> Originally Posted by *kithylin*
> 
> But if this has existed all these years in all of these chips, and everyone has been using our computers for years without ever patching it until 2018, why have there not been big news articles about this being exploited and hacked before? Why is it only now such a big deal? This could of been exploited anywhere over the past 10-20 years and suddenly in 2018 it's suddenly a big scary issue?
> 
> 
> 
> 
> 
> 
> 
> What is making using my computer today without the patch any different than using my computer without the patch over the past 20 years? This is really what I can't understand. It's like all of a sudden everyone's screaming about this. But no one said anything about this over the past 20 years or so.


The discovery of this exploitable flaw only dates back to the middle of last year. What makes it different now versus ten years ago is that now the attack is known. Obviously. Nothing is a security problem until somebody works out how to get around it. Once they do, it's dangerous.


----------



## kithylin

Quote:


> Originally Posted by *mouacyk*
> 
> Hence secure your online accounts right now if not done already. Disable any payment methods that can be used just by logging into a service.


But seriously, why? Can anyone anywhere find any concrete confirmation that we're suddenly, today, in 2018, some how less secure than we were 2 weeks ago in 2017 without the patch? Why are we just now subject to this intrusion that we weren't subject to 3 weeks ago, 6 months ago, or 5 years ago? Can someone please explain this clearly.


----------



## Contagion

Quote:


> Originally Posted by *kithylin*
> 
> But seriously, why? Can anyone anywhere find any concrete confirmation that we're suddenly, today, in 2018, some how less secure than we were 2 weeks ago in 2017 without the patch? Why are we just now subject to this intrusion that we weren't subject to 3 weeks ago, 6 months ago, or 5 years ago? Can someone please explain this clearly.


The exploit was only recently discovered.


----------



## KarathKasun

Quote:


> Originally Posted by *kithylin*
> 
> But seriously, why? Can anyone anywhere find any concrete confirmation that we're suddenly, today, in 2018, some how less secure than we were 2 weeks ago in 2017 without the patch? Why are we just now subject to this intrusion that we weren't subject to 3 weeks ago, 6 months ago, or 5 years ago? Can someone please explain this clearly.


Once its discovered and in the open then the exploits follow. I assume you are not old enough to remember the blaster outbreak?

Overnight nearly every XP and NT5 machine was compromised, but the exploit had existed for years prior.


----------



## nanotm

Quote:


> Originally Posted by *kithylin*
> 
> But seriously, why? Can anyone anywhere find any concrete confirmation that we're suddenly, today, in 2018, some how less secure than we were 2 weeks ago in 2017 without the patch? Why are we just now subject to this intrusion that we weren't subject to 3 weeks ago, 6 months ago, or 5 years ago? Can someone please explain this clearly.


someone already posted something from twitter where an individual streamed his using this attack on a server via a drive by advert in a web page..... which fortunately for me was an attack on facebook, fortunate because i dont use face book


----------



## kithylin

Quote:


> Originally Posted by *Contagion*
> 
> The exploit was only recently discovered.


So out of the millions of blackhat hackers out there spending every last waking breath of their life trying to find some sort of security flaw to exploit in processors to get in our systems, they only some how just found this one (And this is apparently a really big flaw) in 2018? They've had 20 years to figure it out and it just now came out? Do you folks realize the odds of this being true?


----------



## Particle

Quote:


> Originally Posted by *kithylin*
> 
> So out of the millions of blackhat hackers out there spending every last waking breath of their life trying to find some sort of security flaw to exploit in processors to get in our systems, they only some how just found this one (And this is apparently a really big flaw) in 2018? They've had 20 years to figure it out and it just now came out?


Yes. (Well, mid-late 2017, but essentially yes.)


----------



## Offler

Quote:


> Originally Posted by *Contagion*
> 
> The exploit was only recently discovered.


Nope. The vulnerability was described during summer and examples how to take an advantage of it were described at least three months ago by a guy who works for Microsoft.

Edit:
this guy
https://twitter.com/aionescu?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor


----------



## nanotm

Quote:


> Originally Posted by *kithylin*
> 
> So out of the millions of blackhat hackers out there spending every last waking breath of their life trying to find some sort of security flaw to exploit in processors to get in our systems, they only some how just found this one (And this is apparently a really big flaw) in 2018? They've had 20 years to figure it out and it just now came out?


two researchers figured it out when they were trying to backtrack how Experian got hacked 2 years ago, the details of that hack were never made public, this isn't a new exploit nor is it newly discovered its been used likely a lot more than is publicly known to infiltrate a lot of places we the public are only just really hearing about it because operating system providers have finally figured out how to fix the issue


----------



## Contagion

Quote:


> Originally Posted by *Offler*
> 
> Nope. The vulnerability was described during summer and examples how to take an advantage of it were described at least three months ago by a guy who works for Microsoft.


In reference to over a decade that's pretty recent.


----------



## Causality1978

now keep presure on intel-usa
https://www.cnbc.com/2018/01/03/amd-rebukes-intel-says-flaw-poses-near-zero-risk-to-its-chips.html


----------



## KarathKasun

Quote:


> Originally Posted by *kithylin*
> 
> So out of the millions of blackhat hackers out there spending every last waking breath of their life trying to find some sort of security flaw to exploit in processors to get in our systems, they only some how just found this one (And this is apparently a really big flaw) in 2018? They've had 20 years to figure it out and it just now came out? Do you folks realize the odds of this being true?


Very probable, especially with devices that have billions of transistors and massive complexity.

It took many years for the ME bugs to be fully exploited, people knew about that can of worms since the ME's inception during the Core 2 Duo days.


----------



## mouacyk

Quote:


> Originally Posted by *Contagion*
> 
> The exploit was only recently discovered.


The exploit was discovered in late 2016 after a Black Hat conference. It's only now made understandable to the average computer user.


----------



## Offler

Quote:


> Originally Posted by *mouacyk*
> 
> The exploit was discovered in late 2016 after a Black Hat conference. It's only now made understandable to the average computer user.


Well, ability to read data in CPU cache, without proper privilegies? It depends only on the imagination what to do with it.


----------



## nanotm

Quote:


> Originally Posted by *mouacyk*
> 
> The exploit was discovered in late 2016 after a Black Hat conference. It's only now made understandable to the average computer user.


and nobody worth their salt publicises what they found until there finished playing with it, last time a major issue like this that was baked into an OS was discovered (like the accidentally baked in backdoor security password to all ami bios some decades ago) it wasn't made public in any form for nigh on 5 years, by which time countless thousands of systems had been breached through that attack vector (and it took a new mobo to fix the issue) similarly with the hardware invoked boot security lockout on cf28's it was 4 years before that was leaked to more than the few folks who discovered it in the first place ....

you make your money exploiting something for a while before you get bored and let someoen else get caught using it (if your half way smart) and then blamed for all prior known or attrributable uses


----------



## mouacyk

Quote:


> Originally Posted by *Offler*
> 
> Well, ability to read data in CPU cache, without proper privilegies? It depends only on the imagination what to do with it.


I guarantee you that the graduating population of hackers over the last few days just exploded. Think NK, China,Russia, Iran, various territories in Africa.


----------



## Offler

Much fun, comments from people who are in better connection to the Intel, AMd and ARM devs atm

https://twitter.com/rhhackett/status/948678957163040768


----------



## Lipos

Intel slides:

https://s21.q4cdn.com/600692695/files/doc_presentations/2018/Side-Channel-Analysis-Security.pdf


----------



## chispy

Quote:


> Originally Posted by *sugarhell*
> 
> Our hardware is the most secure in the world.
> 
> Yeah right.... ME anyone?


I was thinking the same thing







...

Prohibited to forget : https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00086&languageid=en-fr

Summary:
In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of our Intel® Management Engine (ME), Intel® Server Platform Services (SPS), and Intel® Trusted Execution Engine (TXE) with the objective of enhancing firmware resilience.

As a result, Intel has identified security vulnerabilities that could potentially place impacted platforms at risk.

Description:
In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of its Intel® Management Engine (ME), Intel® Trusted Execution Engine (TXE), and Intel® Server Platform Services (SPS) with the objective of enhancing firmware resilience.

As a result, Intel has identified several security vulnerabilities that could potentially place impacted platforms at risk. Systems using ME Firmware versions 6.x/7.x/8.x/9.x/10.x//11.0/11.5/11.6/11.7/11.10/11.20, SPS Firmware version 4.0, and TXE version 3.0 are impacted.

Affected products:

1st, 2nd, 3rd, 4th, 5th, 6th, 7th & 8th Generation Intel® Core™ Processor Family
Intel® Xeon® Processor E3-1200 v5 & v6 Product Family
Intel® Xeon® Processor Scalable Family
Intel® Xeon® Processor W Family
Intel® Pentium® Processor G Series
Intel® Atom® C3000 Processor Family
Apollo Lake Intel® Atom Processor E3900 series
Apollo Lake Intel® Pentium™
Celeron™ G, N and J series Processors
Based on the items identified through the comprehensive security review, an attacker could gain unauthorized access to platform, Intel® ME feature, and 3rd party secrets protected by the Intel® Management Engine (ME), Intel® Server Platform Service (SPS), or Intel® Trusted Execution Engine (TXE).

This includes scenarios where a successful attacker could:

Impersonate the ME/SPS/TXE, thereby impacting local security feature attestation validity.
Load and execute arbitrary code outside the visibility of the user and operating system.
Cause a system crash or system instability.
For more information, please see this Intel Support article


----------



## Kand

Quote:


> Originally Posted by *Offler*
> 
> Much fun, comments from people who are in better connection to the Intel, AMd and ARM devs atm
> 
> https://twitter.com/rhhackett/status/948678957163040768


The part where the amd rep says "at this time" got me. Especially when Intel and Arm are acknowledging vulnerabilities.


----------



## Curvy Groyper

Intel CEO sold 10 million $ worth of Intel stock month ago,wow,what a coincidence!


----------



## kithylin

Quote:


> Originally Posted by *Lipos*
> 
> Intel slides:
> 
> https://s21.q4cdn.com/600692695/files/doc_presentations/2018/Side-Channel-Analysis-Security.pdf


From slide #4:
Quote:


> What it is, what it is NOT
> IS
> • A method for an attacker to observe contents of privileged memory, circumventing
> expected privilege levels
> • *Malware using this method and running locally* could expose sensitive data such as
> passwords and encryption keys
> IS NOT
> • A denial of service attack
> • A network attack
> • A means to inject malicious code or corrupt memory


So just as I suspected. It's not a hardware flaw after all. It's only even possible if you download and run malicious malware on your computer. So don't download sketchy crap from sketchy websites and it doesn't even effect us.

The *ONLY* Reason Intel and microsoft are patching this is because they have to legally. And because they would look bad to the public if this went unchecked and they didn't fix it.


----------



## Offler

Quote:


> Originally Posted by *Kand*
> 
> The part where the amd rep says "at this time" got me. Especially when Intel and Arm are acknowledging vulnerabilities.


"At this time" was about a week ago. Current statement is that "not all three methods work on AMD".


----------



## Particle

Quote:


> Originally Posted by *kithylin*
> 
> From slide #4:
> So just as I suspected. It's not a hardware flaw after all. It's only even possible if you download and run malicious malware on your computer. So don't download sketchy crap from sketchy websites and it doesn't even effect us.
> 
> The *ONLY* Reason Intel and microsoft are patching this is because they have to legally. And because they would look bad to the public if this went unchecked and they didn't fix it.


I don't understand why you're doubling down. The text you quoted is directly at odds with the conclusion you wrote below it. You've given evidence for why your own assertion is incorrect.

"A method for an attacker to observe contents of privileged memory, circumventing expected privilege levels."

This is enforced by hardware. The issue being discussed is that Intel processors are failing to enforce this correctly. That is by definition a failure of the hardware. It's a hardware flaw.


----------



## EniGma1987

Quote:


> Originally Posted by *kithylin*
> 
> From slide #4:
> So just as I suspected. It's not a hardware flaw after all. It's only even possible if you download and run malicious malware on your computer. So don't download sketchy crap from sketchy websites and it doesn't even effect us.
> 
> The *ONLY* Reason Intel and microsoft are patching this is because they have to legally. And because they would look bad to the public if this went unchecked and they didn't fix it.


.........?

It is a hardware flaw. The flaw in how the hardware handles data in cache and the TLB (also a cache) allows software to exploit the hardware flaw. The fact that you think you must install sketchy programs yourself to become vulnerable is insane. Have you never heard of a virus? Or other malware? You know that most of the time these are not purposefully installed right?


----------



## kithylin

Quote:


> Originally Posted by *Particle*
> 
> I don't understand why you're doubling down. The text you quoted is directly at odds with the conclusion you wrote below it. You've given evidence for why your own assertion is incorrect.
> 
> "A method for an attacker to observe contents of privileged memory, circumventing expected privilege levels."
> 
> This is enforced by hardware. The issue being discussed is that Intel processors are failing to enforce this correctly. That is by definition a failure of the hardware. It's a hardware flaw.


Then I suggest you go read slide #3, here: https://s21.q4cdn.com/600692695/files/doc_presentations/2018/Side-Channel-Analysis-Security.pdf
Quote:


> Background & summary
> Security researcher notified Intel, AMD, and ARM of a new side-channel
> analysis exploit
> • A method for an attacker to observe contents of privileged memory, circumventing expected
> privilege levels
> • Exploits speculative execution techniques common in modern processors
> • NOT unique to any one architecture or processor implementation
> • *NOT a result of product errata; processors are operating to specification*
> • Mitigations include updates to system software, firmware and future hardware
> Industry-wide collaboration to facilitate responsible disclosure with
> mitigation options


Directly quoted direct from the intel documentation right there. There is no error or errata in Intel processors. It's black and white.


----------



## EniGma1987

Quote:


> Originally Posted by *kithylin*
> 
> Then I suggest you go read slide #3, here: https://s21.q4cdn.com/600692695/files/doc_presentations/2018/Side-Channel-Analysis-Security.pdf
> Directly quoted direct from the intel documentation right there. There is no error or errata in Intel processors. It's black and white.


Again, what you just quoted shows it is a hardware flaw.


----------



## Particle

Quote:


> Originally Posted by *kithylin*
> 
> Then I suggest you go read slide #3, here: https://s21.q4cdn.com/600692695/files/doc_presentations/2018/Side-Channel-Analysis-Security.pdf
> Directly quoted direct from the intel documentation right there. There is no error or errata in Intel processors. It's black and white.


Can you post that from a legitimate source? I'd like to read it, but as a policy I don't open unsourced PDF documents.


----------



## kithylin

Quote:


> Originally Posted by *Particle*
> 
> Can you post that from a legitimate source? I'd like to read it, but as a policy I don't open unsourced PDF documents.


You do realize opening pdf's in chrome and viewing them in-browser as well can't possibly allow anything malicious to "escape" and get on your system due to how chrome works, right?

God you guys are so terrible at interneting around here.


----------



## nanotm

Quote:


> Originally Posted by *kithylin*
> 
> Then I suggest you go read slide #3, here: https://s21.q4cdn.com/600692695/files/doc_presentations/2018/Side-Channel-Analysis-Security.pdf
> Directly quoted direct from the intel documentation right there. There is no error or errata in Intel processors. It's black and white.


you realise this is intel's ass covering in overdrive right?

they claim not to be aware of any live exploits using this process.... yet there are at least two tools available on the internet that are indeed live exploit kits for this exact thing and only work on intel cpu's ......

intel claim there is no error in their hardware because if they admit to having any then they are liable to a flood of law suits.... this is purely a legal technicality the specification exists to state the hardware will verify security level is correct.... the hardware is certified to do this.... the hardware fails to do this... the hardware is faulty....

amd has something that works in a similar fashion but in a different way so its cpu's are not at risk in the same way (currently) arm cpu's do something similar again but again not exactly the same way intel does them, its cpu's are also at risk (due to mobile prevalence) however thats primarily an android issue and to a large degree is mitigated by not having uefi bios....


----------



## Kand

Quote:


> Originally Posted by *Offler*
> 
> "At this time" was about a week ago. Current statement is that "not all three methods work on AMD".


https://twitter.com/rhhackett/status/948676213505232897?s=17

"At this time" was today.


----------



## Particle

Quote:


> Originally Posted by *kithylin*
> 
> You do realize opening pdf's in chrome and viewing them in-browser as well can't possibly allow anything malicious to "escape" and get on your system due to how chrome works, right?
> 
> God you guys are so terrible at interneting around here.


If your understanding of security and malware is really as limited as that statement implies, I don't really see any point in continuing. What you just posted is naive nonsense.


----------



## chispy

Better grab more popcorn , this is going to last a while


----------



## Fallendreams

Whitepapers have been posted about Meltdown and Spectre.

Quote:


> Meltdown breaks the most fundamental isolation between user applications and the operating system.


Quote:


> Spectre breaks the isolation between different applications.


https://meltdownattack.com/


----------



## kithylin

Well the only reason I came to this thread is to "get to the bottom of this" as to where this actually comes from and how it gets in to our system. And I've found that out: It's only if we download random nasty crap from random nasty websites and run it on our system. Don't do that, we can't get infected, nothing can bother us.

And fortunately being a win7 user I have the option to not install the update / forced-performance-degrading-patch.

So fortunately for me, I'm completely unaffected by this what so ever. I already don't run random downloaded exe's, and I don't have to patch.. yay. Back to gaming and business as usual and ignore this.

Yet another solid confirmation to stay on win7 with optional updates forever, and avoid the virus / plague that is windows 10 forever. RIP windows 10 users and your PC's running -30% slower.


----------



## Mysticial

Quote:


> Originally Posted by *chispy*
> 
> Better grab more popcorn , this is going to last a while


Here's the sense that I'm getting reading this argument







:

"I have a window in my bathroom facing outside. It works according to spec because it separates inside and outside. The warm air can't get out and nobody can get in. It has worked fine for 10 years. But recently my neighbor cut down that tree that's outside and now everybody can see me shower."

The short term fix is to board it up. It's not optimal, but it works. The long term fix is to replace the window with a solid wall.

Either way, it's something that should probably be fixed regardless.


----------



## nanotm

Quote:


> Originally Posted by *kithylin*
> 
> Well the only reason I came to this thread is to "get to the bottom of this" as to where this actually comes from and how it gets in to our system. And I've found that out: It's only if we download random nasty crap from random nasty websites and run it on our system. Don't do that, we can't get infected, nothing can bother us.
> 
> And fortunately being a win7 user I have the option to not install the update / forced-performance-degrading-patch.
> 
> So fortunately for me, I'm completely unaffected by this what so ever. I already don't run random downloaded exe's, and I don't have to patch.. yay. Back to gaming and business as usual and ignore this.
> 
> Yet another solid confirmation to stay on win7 with optional updates forever, and avoid the virus / plague that is windows 10 forever. RIP windows 10 users and your PC's running -30% slower.


ahh the good old "only random .exe downloads cause problem"

every web page you open is full of random .exe on this page alone there are over 20 of them you dont need to do anything for one of them to steal controll of your computer just opening the webpage is enough if they happen to be malicious ones


----------



## PepsixDoggo

Quote:


> AMD rebukes Intel, says flaw poses 'near-zero risk' to its chips:
> 
> An initial report claimed that AMD chips were not affected, but then Intel issued a statement saying it's working with AMD, among others to resolve the issue.
> AMD stock rose slightly after hours.
> "To be clear, the security research team identified three variants targeting speculative execution. The threat and the response to the three variants differ by microprocessor company, and AMD is not susceptible to all three variants. Due to differences in AMD's architecture, we believe there is a near zero risk to AMD processors at this time."


Source:
https://www.cnbc.com/2018/01/03/amd-rebukes-intel-says-flaw-poses-near-zero-risk-to-its-chips.html


----------



## Offler

Reading whitepapers. Interesting and understandable part here:
Quote:


> Meltdown exploits a privilege escalation vulnerability
> specific to Intel processors


Quote:


> Unlike Meltdown, the Spectre attack works on nonIntel
> processors, including AMD and ARM processors.
> Furthermore, the KAISER patch [19], which has been
> widely applied as a mitigation to the Meltdown attack,
> does not protect against Spectre.


So the mail by AMD representative regarding patching Linux kernel wasnt incorrect, he was referring to patch which is about to negate escalation of privilegies. That is NOT an issue for AMD, and the patch wont solve it anyway.


----------



## ibb27

Quote:


> Originally Posted by *Fallendreams*
> 
> Whitepapers have been posted about Meltdown and Spectre.
> 
> https://meltdownattack.com/


Thank you, and the Google Project Zero explanation:
https://googleprojectzero.blogspot.bg/


----------



## LancerVI

.


----------



## tpi2007

Quote:


> Originally Posted by *kithylin*
> 
> Quote:
> 
> 
> 
> Originally Posted by *Particle*
> 
> I don't understand why you're doubling down. The text you quoted is directly at odds with the conclusion you wrote below it. You've given evidence for why your own assertion is incorrect.
> 
> "A method for an attacker to observe contents of privileged memory, circumventing expected privilege levels."
> 
> This is enforced by hardware. The issue being discussed is that Intel processors are failing to enforce this correctly. That is by definition a failure of the hardware. It's a hardware flaw.
> 
> 
> 
> Then I suggest you go read slide #3, here: https://s21.q4cdn.com/600692695/files/doc_presentations/2018/Side-Channel-Analysis-Security.pdf
> Quote:
> 
> 
> 
> Background & summary
> Security researcher notified Intel, AMD, and ARM of a new side-channel
> analysis exploit
> • A method for an attacker to observe contents of privileged memory, circumventing expected
> privilege levels
> • Exploits speculative execution techniques common in modern processors
> • NOT unique to any one architecture or processor implementation
> • *NOT a result of product errata; processors are operating to specification*
> • Mitigations include updates to system software, firmware and future hardware
> Industry-wide collaboration to facilitate responsible disclosure with
> mitigation options
> 
> Click to expand...
> 
> Directly quoted direct from the intel documentation right there. There is no error or errata in Intel processors. It's black and white.
Click to expand...

Let me parse the PR / legalese for you:

Quote:


> • Mitigations include updates to system software, firmware *and future hardware*


They are saying that the current hardware is working according to spec and it's not an errata because they intentionally wanted the performance benefits of doing it that way and didn't care for security measures. It's like saying that an older car without ABS brakes is working according to spec. Of course, but the new one is going to feature ABS.

Also, you seem to forget that reputable software has been compromised before, as so have reputable sites. Not downloading sketchy .exes is a misleading oversimplification of the issue.


----------



## kithylin

Quote:


> Originally Posted by *nanotm*
> 
> ahh the good old "only random .exe downloads cause problem"
> 
> every web page you open is full of random .exe on this page alone there are over 20 of them you dont need to do anything for one of them to steal controll of your computer just opening the webpage is enough if they happen to be malicious ones


Chrome doesn't even allow you to download an executable file *.exe and flags it as a suspicious download and shows you a warning. If you're seriously being presented with download windows to download a *.exe file every time you visit any website.. you're already infected with some sort of malware or virus on your system. That's -NOT- standard for web browsing.
Quote:


> Originally Posted by *LancerVI*
> 
> Please tell me you aren't serious....


Do you really not know how the internet works? The only way to get "infected" with "malicious pdf files" is to save them to your hard drive and open them with some pdf viewer program or microsoft word/office. Viewing a PDF inside a web browser is not going to infect your computer with anything. At least for chrome users. Firefox won't let you view it in-browser, makes you download and then open.


----------



## zeall0rd

Quote:


> Originally Posted by *kithylin*
> 
> Chrome doesn't even allow you to download an executable file *.exe and flags it as a suspicious download and shows you a warning. If you're seriously being presented with download windows to download a *.exe file every time you visit any website.. you're already infected with some sort of malware or virus on your system. That's -NOT- standard for web browsing.
> Do you really not know how the internet works? The only way to get "infected" with "malicious pdf files" is to save them to your hard drive and open them with some pdf viewer program or microsoft word/office. Viewing a PDF inside a web browser is not going to infect your computer with anything. At least for chrome users. Firefox won't let you view it in-browser, makes you download and then open.


Firefox Quantum does, just sayin'


----------



## tpi2007

Quote:


> Originally Posted by *kithylin*
> 
> Firefox won't let you view it in-browser, makes you download and then open.


Firefox has had a built-in PDF viewer for years.

Edit: Since Firefox 19 (yes, 19, we're at version 57 right now), released in February of 2013.

https://www.cnet.com/news/mozilla-puts-native-pdf-viewer-in-firefox-19/


----------



## kithylin

Quote:


> Originally Posted by *zeall0rd*
> 
> Firefox Quantum does, just sayin'


I legit didn't know that.. the last firefox version I used earlier last year didn't, learn something new every day.


----------



## ibb27

Spectre attack works on AMD Rizen CPUs too. It's not the "Intel only" problem.


----------



## jaredismee

Quote:


> Originally Posted by *ibb27*
> 
> Spectre attack works on AMD Rizen CPUs too. It's not the "Intel only" problem.


everything i have seen has pretty much said you need to intentionally open yourself up to them on AMD?


----------



## mouacyk

@kithylin You are not considering that a subscribed user can upload a program with the exploit to their guest VM on a VM host and snoop host-level information to compromise the host or any of its other guests.


----------



## 161029

Quote:


> Originally Posted by *ibb27*
> 
> Spectre attack works on AMD Rizen CPUs too. It's not the "Intel only" problem.


Where has it said that? Almost everywhere including the papers have said that it's unknown that AMD and ARM are affected at all.

Unknown =/= there must be something plaguing them as well.

If you're basing it off the fact that AMD processors are also getting a performance hit from the preliminary fixes: https://www.techpowerup.com/240187/amd-struggles-to-be-excluded-from-unwarranted-intel-vt-flaw-kernel-patches

tl;dr: AMD is getting screwed because software developers are just going to hinder both Intel and AMD chips, even though some developers (probably AMD developers) are trying to get chip detection code in.


----------



## kithylin

Quote:


> Originally Posted by *mouacyk*
> 
> @kithylin You are not considering that a subscribed user can upload a program with the exploit to their guest VM on a VM host and snoop host-level information to compromise the host or any of its other guests.


Yes of course that's a problem for hosting companies and they'll patch the VM software. But us end-users.. as long as we don't run random BS programs from random BS websites, end-users will be largely unaffected for us smart users. The biggest reason for patching it is sadly, I'd say at least 80% of windows users aren't smart and download and run anything from the internet anywhere. It's part of why microsoft had to start forcing people to run anti-virus inside of windows 10. That's largely what the patch is for: to protect stupid people from their own stupidity.


----------



## PepsixDoggo

Quote:


> Originally Posted by *ibb27*
> 
> Spectre attack works on AMD Rizen CPUs too. It's not the "Intel only" problem.


Nope, AMD's statement:
Quote:


> "To be clear, the security research team identified three variants targeting speculative execution. The threat and the response to the three variants differ by microprocessor company, and AMD is not susceptible to all three variants. Due to differences in AMD's architecture, we believe there is a near zero risk to AMD processors at this time."


Source:
https://www.cnbc.com/2018/01/03/amd-rebukes-intel-says-flaw-poses-near-zero-risk-to-its-chips.html


----------



## ibb27

Quote:


> Originally Posted by *HybridCore*
> 
> Where has it said that? Almost everywhere including the papers have said that it's unknown that AMD and ARM are affected at all.


From the "Spectre attack" publication:
"1.3 Targeted Hardware and Current Status Hardware.
We have empirically verified the vulnerability of several Intel processors to Spectre attacks, including Ivy Bridge, Haswell and Skylake based processors. We have also verified the attack's applicability to AMD Ryzen CPUs. Finally, we have also successfully mounted Spectre attacks on several Samsung and Qualcomm processors (which use an ARM architecture) found in popular mobile phones.

Current Status.
Using the practice of responsible disclosure, we have disclosed a preliminary version of our results to Intel, AMD, ARM, Qualcomm as well as to other CPU vendors. We have also contacted other companies including Amazon, Apple, Microsoft, Google and others. The Spectre family of attacks is documented under CVE-2017-5753 and CVE-2017-5715.
....
Unlike Meltdown, the Spectre attack works on non-Intel processors, including AMD and ARM processors. Furthermore, the KAISER patch [19], which has been widely applied as a mitigation to the Meltdown attack, does not protect against Spectre."


----------



## hitman928

AMD and ARM CPUs are vulnerable to the Spectre exploit, you can read it in the Spectre research paper. However, it already has a software fix that should not effect performance.

However, this is very different than what most people are talking about which is the Meltdown bug which is intel specific and can come with a large performance penalty to fix in software.


----------



## 161029

Quote:


> Originally Posted by *ibb27*
> 
> Quote:
> 
> 
> 
> Originally Posted by *HybridCore*
> 
> Where has it said that? Almost everywhere including the papers have said that it's unknown that AMD and ARM are affected at all.
> 
> 
> 
> From the "Spectre attack" publication:
> "1.3 Targeted Hardware and Current Status Hardware.
> We have empirically verified the vulnerability of several Intel processors to Spectre attacks, including Ivy Bridge, Haswell and Skylake based processors. We have also verified the attack's applicability to AMD Ryzen CPUs. Finally, we have also successfully mounted Spectre attacks on several Samsung andQualcomm processors (which use an ARM architecture)
> found in popular mobile phones.
> 
> Current Status.
> Using the practice of responsible disclosure, we have disclosed a preliminary version of our results to Intel, AMD, ARM, Qualcomm as well as to other CPU vendors. We have also contacted other companies including Amazon, Apple, Microsoft, Google and others. The Spectre family of attacks is documented under CVE-2017-5753 and CVE-2017-5715.
> ....
> Unlike Meltdown, the Spectre attack works on non-Intel processors, including AMD and ARM processors. Furthermore, the KAISER patch [19], which has been widely applied as a mitigation to the Meltdown attack, does not protect against Spectre."
Click to expand...

Ah my bad, was thinking Meltdown, not Spectre.

That being said, Meltdown is the main point here. Spectre is much more different in nature. Meltdown is the ability for programs to read memory not allocated to a program and is inherent to Intel architectures. Spectre is more software based than hardware and is a bit more different.


----------



## mouacyk

"AMD not susceptible to all three" means it is susceptible to at least 1 and at most 2. Unless, they mis-wrote their statement.


----------



## kithylin

Anyway.. business as usual for me, time to unsubscribe from this thread. There's nothing new to be learned from this point in time, just wait for benchmarks to see what all the patches do to everyone's computer to slow em down later.

I would still probably suggest (for normal smart users that know not to run random programs off the internet willy-nilly) to wait and see what impact the patch has on our systems, if you have the option to defer the patch until later from windows updates. Remember, some windows updates can not be removed without a system reformat / windows re-install. I don't know but I would suspect this might be one of em and likely a 1-way-street.

Good luck with all that.


----------



## jaredismee

Quote:


> Originally Posted by *ibb27*
> 
> From the "Spectre attack" publication:
> "1.3 Targeted Hardware and Current Status Hardware.
> We have empirically verified the vulnerability of several Intel processors to Spectre attacks, including Ivy Bridge, Haswell and Skylake based processors. We have also verified the attack's applicability to AMD Ryzen CPUs. Finally, we have also successfully mounted Spectre attacks on several Samsung and Qualcomm processors (which use an ARM architecture) found in popular mobile phones.
> 
> Current Status.
> Using the practice of responsible disclosure, we have disclosed a preliminary version of our results to Intel, AMD, ARM, Qualcomm as well as to other CPU vendors. We have also contacted other companies including Amazon, Apple, Microsoft, Google and others. The Spectre family of attacks is documented under CVE-2017-5753 and CVE-2017-5715.
> ....
> Unlike Meltdown, the Spectre attack works on non-Intel processors, including AMD and ARM processors. Furthermore, the KAISER patch [19], which has been widely applied as a mitigation to the Meltdown attack, does not protect against Spectre."


Variant 1: Bounds check bypass
This section explains the common theory behind all three variants and the theory behind our PoC for variant 1 that, when running in userspace under a Debian distro kernel, can perform arbitrary reads in a 4GiB region of kernel memory in at least the following configurations:

Intel Haswell Xeon CPU, eBPF JIT is off (default state)
Intel Haswell Xeon CPU, eBPF JIT is on (non-default state)
AMD PRO CPU, eBPF JIT is on (non-default state)

https://googleprojectzero.blogspot.bg/

so only when running in this non-default state?


----------



## ibb27

Quote:


> Originally Posted by *jaredismee*
> 
> Variant 1: Bounds check bypass
> This section explains the common theory behind all three variants and the theory behind our PoC for variant 1 that, when running in userspace under a Debian distro kernel, can perform arbitrary reads in a 4GiB region of kernel memory in at least the following configurations:
> 
> Intel Haswell Xeon CPU, eBPF JIT is off (default state)
> Intel Haswell Xeon CPU, eBPF JIT is on (non-default state)
> AMD PRO CPU, eBPF JIT is on (non-default state)
> 
> https://googleprojectzero.blogspot.bg/
> 
> so only when running in this non-default state?


Haven't read much of the publication, but it's more detailed than the Project Zero article.
Spectre attacks CVEs are still "reserved":
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753


----------



## AmericanLoco

Quote:


> Originally Posted by *kithylin*
> 
> Well the only reason I came to this thread is to "get to the bottom of this" as to where this actually comes from and how it gets in to our system. And I've found that out: It's only if we download random nasty crap from random nasty websites and run it on our system. Don't do that, we can't get infected, nothing can bother us.
> 
> And fortunately being a win7 user I have the option to not install the update / forced-performance-degrading-patch.
> 
> So fortunately for me, I'm completely unaffected by this what so ever. I already don't run random downloaded exe's, and I don't have to patch.. yay. Back to gaming and business as usual and ignore this.
> 
> Yet another solid confirmation to stay on win7 with optional updates forever, and avoid the virus / plague that is windows 10 forever. RIP windows 10 users and your PC's running -30% slower.


You don't need to download anything for this exploit to work. The point of of the "Metldown" exploit, is that it bypasses hardware-protected memory regions. A rouge piece of javascript on a website could potentially start reading protected kernel memory through your browser. You are not safe just because you don't "download anything".


----------



## flippin_waffles

intel should shut up about any other processors and worry about fixing their own broken hardware....


----------



## PepsixDoggo

Quote:


> Originally Posted by *mouacyk*
> 
> "AMD not susceptible to all three" means it is susceptible to at least 1 and at most 2. Unless, they mis-wrote their statement.


There are actually 3 variants, see:
https://googleprojectzero.blogspot.co.at/2018/01/reading-privileged-memory-with-side.html
Quote:


> So far, there are three known variants of the issue:
> 
> Variant 1: bounds check bypass (CVE-2017-5753)
> Variant 2: branch target injection (CVE-2017-5715)
> Variant 3: rogue data cache load (CVE-2017-5754)
> Before the issues described here were publicly disclosed, Daniel Gruss, Moritz Lipp, Yuval Yarom, Paul Kocher, Daniel Genkin, Michael Schwarz, Mike Hamburg, Stefan Mangard, Thomas Prescher and Werner Haas also reported them; their [writeups/blogposts/paper drafts] are at:
> 
> Spectre (variants 1 and 2)
> Meltdown (variant 3)


----------



## nanotm

Quote:


> Originally Posted by *kithylin*
> 
> Chrome doesn't even allow you to download an executable file *.exe and flags it as a suspicious download and shows you a warning. If you're seriously being presented with download windows to download a *.exe file every time you visit any website.. you're already infected with some sort of malware or virus on your system. That's -NOT- standard for web browsing.


hmm lets see how do browser work, well they run a common module that lets a user download a file and then they execute the code within that file so the user can see the "web page" on their terminal in the manner that the provider (host) desires....

advertising space on a webpage is laid out according to the hosts desires and when connected to a site like google's ad sense those adverts refresh frequently by the user terminal downloading sub files and then auto executing and displaying the adverts in the pre set "boxes" on the user terminal screen.....

hmm how does "browser history work" well it stores those downloaded web pages in a file directory so that the user can quickly reload the page if they desire to revist something they were looking at earlier....

how do drive by executions work, well you have a few options, by far the most commonly used one is to craft malicious code into an advertising script and let adsense push it out to millions of "browsers" although since google got into trouble this is more often a problem wiht standalone networks like facebook as the google A.I. has gotten better at identifying such scripts and not distributing them although ha few do still get through the net until they are positively identified.....

is there any way that a browser can stop such things from happening .... no only not connecting to the internet can actually prevent such things of course some security applications can mitigate many of these problems unfortunately not all of them and in special circumstances the security software can actually make it worse as was the case with a recent MSE bug on windows 10..

internet 101


----------



## Kand

Quote:


> Originally Posted by *PepsixDoggo*
> 
> Source:
> https://www.cnbc.com/2018/01/03/amd-rebukes-intel-says-flaw-poses-near-zero-risk-to-its-chips.html


There's the "at this time" statement. Meaning they aren't 100% stating that AMD chips are free from the exploit.

It possibly exists but means they haven't figured how to manifest it as of yet.


----------



## Offler

Re-posting again:

Reading whitepapers. Interesting and understandable part here:
Quote:


> Meltdown exploits a privilege escalation vulnerability
> specific to Intel processors


Quote:


> Unlike Meltdown, the Spectre attack works on nonIntel
> processors, including AMD and ARM processors.
> Furthermore, the KAISER patch [19], which has been
> widely applied as a mitigation to the Meltdown attack,
> does not protect against Spectre.


So the mail by AMD representative regarding patching Linux kernel wasnt incorrect, he was referring to patch which is about to negate escalation of privilegies. That is NOT an issue for AMD, and the patch wont solve it anyway.]

AMD IS vulnerable to Spectre, BUT patch known as KAISER wont fix it anyway.

AMD IS NOT vulnerable to Meltdown attack. ONLY INTEL is, KAISER patch WILL fix it.


----------



## nanotm

Quote:


> Originally Posted by *Kand*
> 
> There's the "at this time" statement. Meaning they aren't 100% stating that AMD chips are free from the exploit.
> 
> It possibly exists but means they haven't figured how to manifest it as of yet.


there is an exploit that exists that utilised the windows defender in w10 to perform something similar to the meltdown attack (but not actually meltdown itself), microsoft patched defender a few days ago though so what they mean by "at this time" is "only unpatched systems are at risk, and since those updates are automatic thats not very likely,

there is another attack platform (spectre) that only works on ryzen cpu's (currently) that requires you to deliberatly make them vulnerable in order for it to work (and nobody is likely to deliberatly go into the bios just ot make their cpu vilnerable to attack)

and its highly likely there are as yet unknown options but not the listed ones that make it a hardware problem.... so technically he's 100% correct there is a near zero proability of someone suffering from this stuff if they are using an amd cpu at this time


----------



## nanotm

Quote:


> Originally Posted by *Offler*
> 
> Re-posting again:
> 
> Reading whitepapers. Interesting and understandable part here:
> 
> So the mail by AMD representative regarding patching Linux kernel wasnt incorrect, he was referring to patch which is about to negate escalation of privilegies. That is NOT an issue for AMD, and the patch wont solve it anyway.]
> 
> AMD IS vulnerable to Spectre, BUT patch known as KAISER wont fix it anyway.
> 
> AMD IS NOT vulnerable to Meltdown attack. ONLY INTEL is, KAISER patch WILL fix it.


by defualt amd ryzen cpu's are not vulnerable to spectre, you have to deliberatly make bios changes to make that happen which is why there is a near zero chance of it being a problem

and the kaiser patch to fix meltdown is the one that will cause performance degredation


----------



## kithylin

Quote:


> Originally Posted by *nanotm*
> 
> hmm lets see how do browser work, well they run a common module that lets a user download a file and then they execute the code within that file so the user can see the "web page" on their terminal in the manner that the provider (host) desires....
> 
> advertising space on a webpage is laid out according to the hosts desires and when connected to a site like google's ad sense those adverts refresh frequently by the user terminal downloading sub files and then auto executing and displaying the adverts in the pre set "boxes" on the user terminal screen.....
> 
> hmm how does "browser history work" well it stores those downloaded web pages in a file directory so that the user can quickly reload the page if they desire to revist something they were looking at earlier....
> 
> how do drive by executions work, well you have a few options, by far the most commonly used one is to craft malicious code into an advertising script and let adsense push it out to millions of "browsers" although since google got into trouble this is more often a problem wiht standalone networks like facebook as the google A.I. has gotten better at identifying such scripts and not distributing them although ha few do still get through the net until they are positively identified.....
> 
> is there any way that a browser can stop such things from happening .... no only not connecting to the internet can actually prevent such things of course some security applications can mitigate many of these problems unfortunately not all of them and in special circumstances the security software can actually make it worse as was the case with a recent MSE bug on windows 10..
> 
> internet 101


Adblock and ublock origin prevent ad scripts from outside sources out of the website from loading, chrome runs all websites "sandboxed" inside it's own fake virtual process and doesn't allow any scripts, programs, from any websites to access system memory, and even goes so far as to sandbox each individual tab inside of it's own virtual section and doesn't let one tab even communicate with any other tab open in the same browser session. Firefox does this as well. It's basic security as part of modern web browsers going back multiple years. Patched up browsers against this latest security threat and others will prevent anything from escaping the browser and getting in to your system. As long as you stay up to date with browser updates, there's very minimal risk from anything harming your computer from browsing websites. I'm a strong advocate of using ruthless adblockers on all websites to prevent outside code from being loaded. Chrome at least goes so far as to use "alternative desktops" that websites and web-based scripts see instead of our actual desktop, and prevent any website or web-based javascript code from accessing your actual computer, actual desktop, or even your system clipboard either.

https://blog.chromium.org/2008/10/new-approach-to-browser-security-google.html

Go take a moment to read how modern browsers work, this has been in place in all current versions of chrome from 2008 -> Current-Day. It's literally physically impossible for anything from any website to "escape" chrome and get out and "Infect" your system with anything. If the things you worry about day to day are getting a virus from browsing websites.. perhaps you should examine your priorities in life and put your tin-foil-hat back on.


----------



## Offler

yes.

+ some official statements by AMD's Ryan
https://twitter.com/ryanshrout

to Nanotm:
Are there any specifications regarding older AMD CPUs? Opterons, Phenoms, FX series...


----------



## geoxile

So by default AMD isn't affected by two, including the big rogue attack one, and the last exploit is solved with a software fix that doesn't affect performance much if at all.


----------



## nanotm

Quote:


> Originally Posted by *kithylin*
> 
> 
> 
> Spoiler: Warning: Spoiler!
> 
> 
> 
> Adblock and ublock origin prevent ad scripts from outside sources out of the website from loading, chrome runs all websites "sandboxed" inside it's own fake virtual process and doesn't allow any scripts, programs, from any websites to access system memory, and even goes so far as to sandbox each individual tab inside of it's own virtual section and doesn't let one tab even communicate with any other tab open in the same browser session. Firefox does this as well. It's basic security as part of modern web browsers going back multiple years. Patched up browsers against this latest security threat and others will prevent anything from escaping the browser and getting in to your system. As long as you stay up to date with browser updates, there's very minimal risk from anything harming your computer from browsing websites. I'm a strong advocate of using ruthless adblockers on all websites to prevent outside code from being loaded. Chrome at least goes so far as to use "alternative desktops" that websites and web-based scripts see instead of our actual desktop, and prevent any website or web-based javascript code from accessing your actual computer, actual desktop, or even your system clipboard either.
> 
> https://blog.chromium.org/2008/10/new-approach-to-browser-security-google.html
> 
> Go take a moment to read how modern browsers work, this has been in place in all current versions of chrome from 2008 -> Current-Day. It's literally physically impossible for anything from any website to "escape" chrome and get out and "Infect" your system with anything. If the things you worry about day to day are getting a virus from browsing websites.. perhaps you should examine your priorities in life and put your tin-foil-hat back on
> 
> 
> .


yes so thats why meltdown and spectre are particularly worrysome since they can "leak" out and access those things which might trigger a bsod (if your lucky) and alert you that there was a problem but more likely will just do their thing leaving you totally oblivious whilst its going on.

i used the advertising thing as a vector for the attack, its not even the most likely one, its far more likely someone would craft their script into a forum post and no chrome doesn't stop you from getting infected because of how it operates nor does running an older version of windows both of those things are just false security blankets which is why you need a patch that will hit performance to some degree.... and the worst part about this is not that it happened but that intel new it was a problem 15 years ago and decided not to fix it preferring to hope nobody noticed whilst they had "better performance per clock cycle" only now its come out and the story wasn't the one they had pre scripted and there running damage control hoping and preying nobody looses their shirt and they dont go down in flames in the process


----------



## EniGma1987

Quote:


> Originally Posted by *kithylin*
> 
> chrome runs all websites "sandboxed" inside it's own fake virtual process and doesn't allow any scripts, programs, from any websites to access system memory,


its so funny you keep saying that you are immune to this because you wont download any virus on purpose. The entire issue of this hardware exploit is specifically that it allows malicious code including those in a VM to escape the VM by getting to memory outside. How is this so hard for you to understand?


----------



## kithylin

Quote:


> Originally Posted by *EniGma1987*
> 
> its so funny you keep saying that you are immune to this because you wont download any virus on purpose. The entire issue of this hardware exploit is specifically that it allows malicious code including those in a VM to escape the VM by getting to memory outside. How is this so hard for you to understand?


https://support.google.com/faqs/answer/7622138

Chrome already has a patch in place and chrome 64 releasing on Jan 23'rd will include patches to fix this current problem, and shows how to enable a feature to isolate web processes into their own section further than the already sandboxed security in place. After the 23'rd this will be a complete non-issue and just something of the past to remember and look back on. Just like Wannacry was patched out and you never hear about it anymore.
Quote:


> Originally Posted by *EniGma1987*
> 
> its so funny you keep saying that you are immune to this because you wont download any virus on purpose. The entire issue of this hardware exploit is specifically that it allows malicious code including those in a VM to escape the VM by getting to memory outside. How is this so hard for you to understand?


I don't run virtual machines on my computer, and the only thing "Virtual" may possibly be chrome's sandboxed environment for websites. See the above link about turning on website isolation and prevent that as well.


----------



## ibb27

I like the ARM way of resolving the issue:
https://developer.arm.com/support/security-update
Table with all their affected processors, and to what attack variant they are affected. Period!
AMD and Intel are throwing half truths I think...


----------



## Lipos

AMD statement
An Update on AMD Processor Security


----------



## Dimaggio1103

I love how people are trying to justify this blatant scam scenario. Its obvious to anyone with minor knowledge in computer science that this had to have been known for awhile. Looks to me like they omitted info on the subject and possible fixes because of the inevitable performance hit this is gonna take on their products. ANYTHING that relies on sys cals and uses Intel CPUs will be permanently affected im willing to bet.


----------



## aweir

First there was the Intel Management Engine "backdoor", and now this...my next CPU will be an AMD. Intel knew about this since 1995.


----------



## tpi2007

Quote:


> Originally Posted by *ibb27*
> 
> I like the ARM way of resolving the issue:
> https://developer.arm.com/support/security-update
> Table with all their affected processors, and to what attack variant they are affected. Period!
> AMD and Intel are throwing half truths I think...


So ARM is affected after all, although not all CPUs. The popular A53 isn't affected it seems. Interestingly, the higher performance A57 is. Goes to show the sacrifices in security these companies made to get there.

Anyway, good to see them laying it out clearly. Also good to know that Intel wasn't deflecting as much as it seemed in their press release.

Quote:


> Originally Posted by *Lipos*
> 
> AMD statement
> An Update on AMD Processor Security


Will be interesting to see what the penalty will be for nr. 1. It seems odd they mention negligible performance impact; from my understanding from reading Google's blog AMD's CPU was only affected if it was used in a non default state:
Quote:


> Variant 1: Bounds check bypass
> This section explains the common theory behind all three variants and the theory behind our PoC for variant 1 that, when running in userspace under a Debian distro kernel, can perform arbitrary reads in a 4GiB region of kernel memory in at least the following configurations:
> 
> Intel Haswell Xeon CPU, eBPF JIT is off (default state)
> Intel Haswell Xeon CPU, eBPF JIT is on (non-default state)
> AMD PRO CPU, eBPF JIT is on *(non-default state*)
> 
> The state of the eBPF JIT can be toggled using the net.core.bpf_jit_enable sysctl.


https://googleprojectzero.blogspot.pt/2018/01/reading-privileged-memory-with-side.html


----------



## superstition222

Quote:


> Originally Posted by *Offler*
> 
> Re-posting again:
> 
> Reading whitepapers. Interesting and understandable part here:
> 
> So the mail by AMD representative regarding patching Linux kernel wasnt incorrect, he was referring to patch which is about to negate escalation of privilegies. That is NOT an issue for AMD, and the patch wont solve it anyway.]
> 
> AMD IS vulnerable to Spectre, BUT patch known as KAISER wont fix it anyway.
> 
> AMD IS NOT vulnerable to Meltdown attack. ONLY INTEL is, KAISER patch WILL fix it.


Correction. Patch will not fix it. It will work around it.

Fixing implies that it doesn't come with a serious performance penalty.

People like to use the word fix euphemistically but when something is fixed it's not broken. Something is broken when it does not perform to its original specifications, at least quite significantly. A work-around means something is still broken but it functions better than it did without the work-around.

Example: CPU ships with TLB crash bug. Company issues work-around patch that causes a 2-10% performance hit. That is not a fix. It is a work-around. The fix is when the company issues a new stepping that gets rid of the problem and the performance hit. However, that is a fix for the architecture, not the affected chips.

I wonder how much this will be brushed under the rug like the Skylake hyperthreading bug was. Plenty of boards didn't even get non-BETA BIOS patches for that, if they were patched at all.


----------



## kmac20

Everyone freaked out over the Ryzen segfault thing but very few people realize that Intel has published all the errata with their CPUs and the list is like.....the size of a small book.


----------



## superstition222

Quote:


> Originally Posted by *kmac20*
> 
> Everyone freaked out over the Ryzen segfault thing but very few people realize that Intel has published all the errata with their CPUs and the list is like.....the size of a small book.


Compare the number of pages on that topic here vs. the Intel hyperthreading bug. Stark contrast.

Also, even though Intel released the code to work around that in April many boards still don't have anything but hidden beta BIOS versions that implement it. I had been checking, for instance, AsRock's page for the ITX Skylake board I got to build a portable VR system for a colleague with and the only reason I found out that the company had bothered to implement the patch at all is because someone told me to look for the beta BIOS. Well, it was not in the main BIOS list at all. I doubt the work around ever made it into a finalized version.


----------



## Grummpy

https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html

thx


----------



## superstition222

Quote:


> Originally Posted by *Grummpy*
> 
> https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html
> 
> thx


Does any of that contradict this?:
Quote:


> Originally Posted by *Lipos*
> 
> AMD statement
> An Update on AMD Processor Security


Or, is the old appraisal mostly correct: Intel faces a serious performance hit from any work-around and AMD chip's don't.


----------



## ZealotKi11er

So this problem its all Intels fault when they wanted to get free performance.


----------



## superstition222

Quote:


> Originally Posted by *ZealotKi11er*
> 
> So this problem its all Intels fault when they wanted to get free performance.


I like the spyware angle, personally. I think it's a bit naive, especially after Snowden, to play Pollyanna by default.

Of course, the two aren't mutually exclusive. Free performance and make the powers that be happy.


----------



## superstition222

What about IBM's Power CPUs. Have they had issues like this?

People talk about AMD potentially gaining share but I wonder about IBM.


----------



## doritos93

Didn't someone post something about the update having been pushed in December already?

https://www.onmsft.com/news/microsoft-to-release-emergency-windows-update-to-address-intel-amd-processors-security-concerns


----------



## tpi2007

Microsoft has been testing the patches in the Insider builds since November (probably with a select sub-group given the nature of the problem, I'd say).

It's still to be seen how Anti-virus programs will perform after these patches given how they interact with the OS. Also make sure that your AV provider has made the necessary changes to be compatible with the patches if installing them manually before they are set for automatic distribution.

Edit: Articles are coming out fast, here's a new one: https://www.onmsft.com/news/microsoft-responds-to-amd-and-intel-processor-exploits-now-rolling-out-emergency-fix


----------



## superstition222

Microsoft for the win, again. An _emergency_ update they're going to withhold from Windows 7 and 8 users for 13 days.
Quote:


> Originally Posted by *MSFT*
> the security update is set to automatically roll out to all Windows 10 desktops today starting at 5 PM ET, and later to other Windows 7 and Windows 8 on January 16th


Quote:


> Originally Posted by *MSFT*
> It's really great to see Microsoft stepping up here and supporting their consumers and customers.


Sure, everyone on Windows 7 and 8 should definitely be exposed for an extra 13 days to do even more to force-feed 10.


----------



## tpi2007

Quote:


> Originally Posted by *superstition222*
> 
> Microsoft for the win, again. An _emergency_ update they're going to withhold from Windows 7 and 8 users for 13 days.
> Quote:
> 
> 
> 
> Originally Posted by *MSFT*
> the security update is set to automatically roll out to all Windows 10 desktops today starting at 5 PM ET, and later to other Windows 7 and Windows 8 on January 16th
> 
> 
> 
> Quote:
> 
> 
> 
> Originally Posted by *MSFT*
> It's really great to see Microsoft stepping up here and supporting their consumers and customers.
> 
> Click to expand...
> 
> Sure, everyone on Windows 7 and 8 should definitely be exposed for an extra 13 days to do even more to force-feed 10.
Click to expand...

Yeah, I was just about to say that. Not cool. At all.

They will probably anticipate those too, that is an unacceptable timeframe.


----------



## AmericanLoco

Quote:


> Originally Posted by *kithylin*
> 
> Go take a moment to read how modern browsers work, this has been in place in all current versions of chrome from 2008 -> Current-Day. It's literally physically impossible for anything from any website to "escape" chrome and get out and "Infect" your system with anything. If the things you worry about day to day are getting a virus from browsing websites.. perhaps you should examine your priorities in life and put your tin-foil-hat back on.


You don't get it do you? With these bugs, you can virtualize and sandbox until your eyes are blue - the code can still jump out of app and access kernel memory. It doesn't have to be unknown javascript from unknown sources - it could just be the website itself has been compromised.


----------



## Vlada011

Because of these problems Russia slowly work and invest in idea to replace completely Intel and AMD processors in government institutions.
They will improve security with them on completely new level. Now they have 28nm Elbrus 8 with 8 cores.
For 5 years they will be able to use own processors and OS.
Much lower Futuremark score, much higher security than Intel-AMD and governments who use them.


----------



## Dimaggio1103

Quote:


> Originally Posted by *AmericanLoco*
> 
> You don't get it do you? With these bugs, you can virtualize and sandbox until your eyes are blue - the code can still jump out of app and access kernel memory. It doesn't have to be unknown javascript from unknown sources - it could just be the website itself has been compromised.


He dont realize that the Kernal handles lots of calls and requests from multiple apps. You cant underplay this. In data centers its going to be madness for a long time. A patch that most likely will increase wait time for executing tasks up to 35% in some cases. That is beyond huge for them.


----------



## Asus11

I'm assuming the main issue is the servers & business users, for the average user what kind of scenario could we be faced with?


----------



## chispy

Welp , there is another patch freshly baked also for Windows and it has been just posted now at Microsoft Update catalog as a critical update ( KB4058702 ) it is so new and fresh out of the oven it does not have any description n/a and posted January 4, 2018. I do not know how many Windows patches , critical updates , windows security updates we will get as it seems they still working on them currently at this time ...

https://www.catalog.update.microsoft.com/Search.aspx?q=kb4058702


----------



## ZealotKi11er

Quote:


> Originally Posted by *chispy*
> 
> Welp , there is another patch freshly baked also for Windows and it has been just posted now at Microsoft Update catalog as a critical update ( KB4058702 ) it is so new and fresh out of the oven it does not have any description n/a and posted January 4, 2018. I do not know how many Windows patches , critical updates , windows security updates we will get as it seems they still working on them currently at this time ...
> 
> https://www.catalog.update.microsoft.com/Search.aspx?q=kb4058702


Thanks for the update. Installed.

https://www.3dmark.com/compare/fs/13392748/fs/14602580#


----------



## kithylin

Quote:


> Originally Posted by *AmericanLoco*
> 
> You don't get it do you? With these bugs, you can virtualize and sandbox until your eyes are blue - the code can still jump out of app and access kernel memory. It doesn't have to be unknown javascript from unknown sources - it could just be the website itself has been compromised.


So you would prefer what as an alternative? Attempt to fear-monger everyone in to stop browsing the internet because of this? Because according to you every website we load is a potential minefield going to infect our system with malware and steal all our passwords just because we looked at facebook or myspace or ebay or twitter, or overclock.net. Even though that could of happened any time in the past 20 years just as much as it could happen tomorrow. Maybe you could take a step back from the computer a moment and repeat what you just wrote in your post to yourself in your head. Maybe then you might understand how insane that sounds.


----------



## S1L3Nt

Is it me or am I missing something. If I am, please save me from my ignorance.

From what I am hearing, this vulnerability is mainly allowing an application to read memory that is outside of its allocated space. Nowhere does it say it can rewrite memory anywhere it wants to. So if the application can read memory, it can potentially steal sensitive information. However, you will probably need to dump all of the memory into something to analyze it. So the vulnerability is big, but the implications are a bit blown out of proportion.

Thoughts?


----------



## mouacyk

It's 2018 and there are still some online services who do not have 2FA security! Bah -- They're asking for it.


----------



## chispy

One of the windows critical update just went live on my PC updates , downloading now ... will check tomorrow if my Ryzen 1700x / w10 rig is affected in performance.


----------



## GeneO

Quote:


> Originally Posted by *chispy*
> 
> One of the windows critical update just went live on my PC updates , downloading now ... will check tomorrow if my Ryzen 1700x / w10 rig is affected in performance.


Realbench scores down 10%.

x264 performance the same

Asus AISuite broken.


----------



## Hequaqua

Patch seemed to improve scores a little(+4.3%). Just looking at CPU scores here BTW:



https://www.3dmark.com/compare/fs/14602908/fs/14602877

SS of Updates:


Spoiler: Warning: Spoiler!








I have a good Data Base of score for the CPU...I'll have to do a few more tests to verify. Looks fine to me though.

EDIT: Add CPU Performance Test 9. That was ran in July:


Spoiler: Warning: Spoiler!


----------



## sumitlian

Don't worry guys IPC differences across various Intel CPU generations will still be the same since all holding Intel CPUs are victims.


----------



## AlphaC

https://www.computerbase.de/2018-01/intel-cpu-pti-sicherheitsluecke/

Benchmarks

7zip:

Core i7-7700K (Win10 Final 1709)
27.794
Core i7-7700K (Win10 Insider 17063)
27.308

Blender 2.80.1 Experimental:

Core i7-7700K (Win10 Final 1709)
11:01
Core i7-7700K (Win10 Insider 17063)
11:01

Cinebench R15 x-CPU:

Core i7-7700K (Win10 Final 1709)
983
Core i7-7700K (Win10 Insider 17063)
977

Handbrake 1.0.7:

Core i7-7700K (Win10 Final 1709)
4:35
Core i7-7700K (Win10 Insider 17063)
4:38

VeraCrypt 1.21:

Core i7-7700K (Win10 Final 1709)
7.578
Core i7-7700K (Win10 Insider 17063)
7.475

Assassin's Creed Full HD Highest Preset
Core i7-7700K (Win10 Final 1709)
97,5
Core i7-7700K (Win10 Insider 17063)
97,3

Full HD, Lowest Preset:

Core i7-7700K (Win10 Final 1709)
126,3
Core i7-7700K (Win10 Insider 17063)
122,6


----------



## tpi2007

Quote:


> Originally Posted by *sumitlian*
> 
> Don't worry guys IPC differences across various Intel CPU generations will still be the same since all holding Intel CPUs are victims.


Just to add some more info on that, from Westmere onwards (for desktop users, that's x58 32nm Core i7 hexacores) Intel CPUs have PCID, which helps mitigate the performance impact:
Quote:


> - Reiterating from yesterday's article, systems having PCID (Process Context ID) should lessen the impact of PTI being enabled. (Those interested can check for the presence of "pcid" in their "/proc/cpuinfo" output.) PCID has been present on Intel hardware since the Westmere days, so basically any Sandy Bridge era system or newer should be in better shape.


https://www.phoronix.com/scan.php?page=article&item=linux-more-x86pti&num=1

Core 2 Duos and Quads and 45nm first gen Core i series will be more impacted.


----------



## sumitlian

@tpi2007, and that looks good for most desktop users/gamers around the world.








Edit: I mean it could have been worse. And who knows in the upcoming months, Intel may somehow provide more info related to one of its secret/classified/hidden features(of course if there are any) within the architecture that might help further to mitigate the issue to the point it will be considered virtually nonexistence.


----------



## Diablosbud

Quote:


> Originally Posted by *chispy*
> 
> Welp , there is another patch freshly baked also for Windows and it has been just posted now at Microsoft Update catalog as a critical update ( KB4058702 ) it is so new and fresh out of the oven it does not have any description n/a and posted January 4, 2018. I do not know how many Windows patches , critical updates , windows security updates we will get as it seems they still working on them currently at this time ...
> 
> https://www.catalog.update.microsoft.com/Search.aspx?q=kb4058702


With this update installed, there seems to be no performance difference in multi-core Cinebench R15 performance on my Ryzen. I was expecting at least a small decrease, but if there is it's within margin of error.


----------



## kithylin

Quote:


> Originally Posted by *Diablosbud*
> 
> With this update installed, there seems to be no performance difference in multi-core Cinebench R15 performance on my Ryzen. I was expecting at least a small decrease, but if there is it's within margin of error.


If you believe all the "news" running around, only Intel users will see a performance impact, supposedly. Remember, AMD says their chips aren't vulnerable, so the patch should have zero effect on AMD processors.


----------



## ku4eto

Quote:


> Originally Posted by *kithylin*
> 
> So you would prefer what as an alternative? Attempt to fear-monger everyone in to stop browsing the internet because of this? Because according to you every website we load is a potential minefield going to infect our system with malware and steal all our passwords just because we looked at facebook or myspace or ebay or twitter, or overclock.net. Even though that could of happened any time in the past 20 years just as much as it could happen tomorrow. Maybe you could take a step back from the computer a moment and repeat what you just wrote in your post to yourself in your head. Maybe then you might understand how insane that sounds.


You either are a Intel fanboy/troll, or you lack the needed knowledge and refuse to accept, that YOU ARE WRONG. Nobody gives a damn about javascript based attacks. Because, critical systems, the ones that cost bilions of dolars, are servers, which are not used for facebook surfing. The normal Cotton eye Joe can only have his own personal computer exposed.


----------



## Avonosac

Quote:


> Originally Posted by *kithylin*
> 
> If you believe all the "news" running around, only Intel users will see a performance impact, supposedly. Remember, AMD says their chips aren't vulnerable, so the patch should have zero effect on AMD processors.


Holy false logic batman!

Just because AMD mostly isn't vulnerable doesn't mean kernel developers can't and _aren't_ already enabling the software flags for them anyway. AFAIK the linux kernel git still has the /justincase commit in master without the patch to remove the unnecessary flag from the AMD systems.


----------



## tictoc

Quote:


> Originally Posted by *Avonosac*
> 
> Quote:
> 
> 
> 
> Originally Posted by *kithylin*
> 
> If you believe all the "news" running around, only Intel users will see a performance impact, supposedly. Remember, AMD says their chips aren't vulnerable, so the patch should have zero effect on AMD processors.
> 
> 
> 
> Holy false logic batman!
> 
> Just because AMD mostly isn't vulnerable doesn't mean kernel developers can't and aren't already enabling the software flags for them anyway. AFAIK the linux kernel git still has the /justincase commit in master without the patch to remove the unnecessary flag from the AMD systems.
Click to expand...

Patch to exclude AMD hit the Linux kernel 5 or 6 hours ago. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=00a5ae218d57741088068799b810416ac249a9ce


----------



## kithylin

Quote:


> Originally Posted by *ku4eto*
> 
> You either are a Intel fanboy/troll, or you lack the needed knowledge and refuse to accept, that YOU ARE WRONG. Nobody gives a damn about javascript based attacks. Because, critical systems, the ones that cost bilions of dolars, are servers, which are not used for facebook surfing. The normal Cotton eye Joe can only have his own personal computer exposed.


Except of course (most likely) no one here reading overclock.net in this thread is a manager for a multi-billion dollar datacenter company coming to overclock.net for their source for where to find security fixes for this thing or the latest news on this thing. Most of us here in this discussion are actual end users, and concerned with how this will effect us.

Also I guess I'll explain a little how "Sandboxing" in chrome and modern web browser security in general works. The entire point of it is literally nothing you view or load inside of any website or web page, including any javascript or any other script, physically can not by any means access your computer, your hard drive, or your memory via chrome the web browser. They also can not install any software on your system and execute it without your permission. Literally there is no way out, there is no path, it does not exist. That's exactly what "Sandboxing" means, it means everything in every website done in modern web browsers has it's own private little walled off area and nothing can escape. That's how modern browser security works these days. The only way for -anything- to infect your computer or even access your computer's memory, security flaw or not, is for you to download it out of your browser and execute or open it with some other program.


----------



## ku4eto

Quote:


> Originally Posted by *kithylin*
> 
> Except of course (most likely) no one here reading overclock.net in this thread is a manager for a multi-billion dollar datacenter company coming to overclock.net for their source for where to find security fixes for this thing or the latest news on this thing. Most of us here in this discussion are actual end users, and concerned with how this will effect us.
> 
> Also I guess I'll explain a little how "Sandboxing" in chrome and modern web browser security in general works. The entire point of it is literally nothing you view or load inside of any website or web page, including any javascript or any other script, physically can not by any means access your computer, your hard drive, or your memory via chrome the web browser. They also can not install any software on your system and execute it without your permission. Literally there is no way out, there is no path, it does not exist. That's exactly what "Sandboxing" means, it means everything in every website done in modern web browsers has it's own private little walled off area and nothing can escape. That's how modern browser security works these days. The only way for -anything- to infect your computer or even access your computer's memory, security flaw or not, is for you to download it out of your browser and execute or open it with some other program.


I am not THAT stupid, to not know what Sandboxing is.

Running a VM is a sandbox as well.

Guess what, the security vulnerability is a HARDWARE BUG, that allows to BYPASS THE SANDBOXING. And Chrome is not really secure, so you know.


----------



## AlphaC

Quote:


> Originally Posted by *kithylin*
> 
> If you believe all the "news" running around, only Intel users will see a performance impact, supposedly. Remember, AMD says their chips aren't vulnerable, so the patch should have zero effect on AMD processors.


Alas only one bug is specific to Intel, Meltdown.

_Meltdown allows malicious programs to gain access to higher-privileged parts of a computer's memory_
Quote:


> Originally Posted by *https://www.wired.com/story/critical-intel-flaw-breaks-basic-security-for-most-computers/*
> VUSEC's Bosman confirmed that when Intel processors perform that speculative execution, they don't fully segregate processes that are meant to be low-privilege and untrusted from the highest-privilege memory in the computer's kernel. That means a hacker can trick the processor into allowing unprivileged code to peek into the kernel's memory with speculative execution.
> 
> "The processor basically runs too far ahead, executing instructions that it should not execute," says Daniel Gruss, one of the researchers from the Graz University of Technology who discovered the attacks.


Spectre affects AMD& ARM CPUs. If it affects ARM CPUs as well, that means pretty much all phones.

_Spectre steals data from the memory of other applications running on a machine._

https://www.reuters.com/article/us-cyber-intel/security-flaws-put-virtually-all-phones-computers-at-risk-idUSKBN1ES1BO

https://www.laptopmag.com/articles/cpu-security-flaw-intel-pcs-macs

http://www.kb.cert.org/vuls/id/584653

Quote:


> Originally Posted by *https://www.nytimes.com/2018/01/03/business/computer-flaws.html*
> The Meltdown flaw is specific to Intel, but Spectre is a flaw in design that has been used by many processor manufacturers for decades. It affects virtually all microprocessors on the market, including chips made by AMD that share Intel's design and the many chips based on designs from ARM in Britain.
> 
> Spectre is a problem in the fundamental way processors are designed, and the threat from Spectre is "going to live with us for decades," said Mr. Kocher, the president and chief scientist at Cryptography Research, a division of Rambus.
> 
> "Whereas Meltdown is an urgent crisis, Spectre affects virtually all fast microprocessors," Mr. Kocher said. An emphasis on speed while designing new chips has left them vulnerable to security issues, he said.
> 
> "We've really screwed up," Mr. Kocher said. "There's been this desire from the industry to be as fast as possible and secure at the same time. Spectre shows that you cannot have both."


----------



## kithylin

Quote:


> Originally Posted by *ku4eto*
> 
> I am not THAT stupid, to not know what Sandboxing is.
> 
> Running a VM is a sandbox as well.
> 
> Guess what, the security vulnerability is a HARDWARE BUG, that allows to BYPASS THE SANDBOXING. And Chrome is not really secure, so you know.


And so far (from everything we've been told about it to date) it only effects virtual machines like vmware, and web browsers. And chrome's already released a temporary work-around for it (I posted a link earlier in this thread) and a full patch comes on the 23'rd. Not sure about FireFox or anything else.


----------



## RiverOfIce

Quote:


> Originally Posted by *kithylin*
> 
> Except of course (most likely) no one here reading overclock.net in this thread is a manager for a multi-billion dollar datacenter company coming to overclock.net for their source for where to find security fixes for this thing or the latest news on this thing. Most of us here in this discussion are actual end users, and concerned with how this will effect us.
> 
> Also I guess I'll explain a little how "Sandboxing" in chrome and modern web browser security in general works. The entire point of it is literally nothing you view or load inside of any website or web page, including any javascript or any other script, physically can not by any means access your computer, your hard drive, or your memory via chrome the web browser. They also can not install any software on your system and execute it without your permission. Literally there is no way out, there is no path, it does not exist. That's exactly what "Sandboxing" means, it means everything in every website done in modern web browsers has it's own private little walled off area and nothing can escape. That's how modern browser security works these days. The only way for -anything- to infect your computer or even access your computer's memory, security flaw or not, is for you to download it out of your browser and execute or open it with some other program.


You need to stop. You literally have no real clue how this flaw works. This flaw could careless about sandboxing or vm. And that IS the problem. Please stop for general information sake.


----------



## tictoc

Quote:


> Originally Posted by *kithylin*
> 
> Quote:
> 
> 
> 
> Originally Posted by *ku4eto*
> 
> You either are a Intel fanboy/troll, or you lack the needed knowledge and refuse to accept, that YOU ARE WRONG. Nobody gives a damn about javascript based attacks. Because, critical systems, the ones that cost bilions of dolars, are servers, which are not used for facebook surfing. The normal Cotton eye Joe can only have his own personal computer exposed.
> 
> 
> 
> Except of course (most likely) no one here reading overclock.net in this thread is a manager for a multi-billion dollar datacenter company coming to overclock.net for their source for where to find security fixes for this thing or the latest news on this thing. Most of us here in this discussion are actual end users, and concerned with how this will effect us.
> 
> Also I guess I'll explain a little how "Sandboxing" in chrome and modern web browser security in general works. The entire point of it is literally nothing you view or load inside of any website or web page, including any javascript or any other script, physically can not by any means access your computer, your hard drive, or your memory via chrome the web browser. They also can not install any software on your system and execute it without your permission. Literally there is no way out, there is no path, it does not exist. That's exactly what "Sandboxing" means, it means everything in every website done in modern web browsers has it's own private little walled off area and nothing can escape. That's how modern browser security works these days. The only way for -anything- to infect your computer or even access your computer's memory, security flaw or not, is for you to download it out of your browser and execute or open it with some other program.
Click to expand...

Sandboxing processes is good practice in general, but it is not the be all end all for security on the web.

2014 - Sandbox excape - https://threatpost.com/google-fixes-159-flaws-in-chrome/108772/

2015 - Sandbox excape - https://threatpost.com/google-fixes-sandbox-escape-in-chrome/112899/

2016 - Sandbox excape - https://threatpost.com/google-fixes-sandbox-escape-in-chrome-again/119428/


----------



## kithylin

Right.. everything's infected on the internet and everything's going to exploit our computers and steal our passwords no matter what we do. Nothing on the internet is safe according to the people in this thread. Better just turn off the computer until this is patched and go outside for a few weeks. At least you'll be safe from this big bad threat at the moment.

Intel's releasing a patch, Chrome announced a patch, Windows will release a patch for it soon. It'll all be fixed soon. Seriously, everyone in here fear-mongering and flailing your arms around and screaming about this is just hilarious. It's just another big security bug in the long line of big bugs that have cropped up over the past few years. It'll be fixed in a few days and we can all forget that this ever happened.


----------



## ku4eto

Quote:


> Originally Posted by *kithylin*
> 
> Right.. everything's infected on the internet and everything's going to exploit our computers and steal our passwords no matter what we do. Nothing on the internet is safe according to the people in this thread. Better just turn off the computer until this is patched and go outside for a few weeks. At least you'll be safe from this big bad threat at the moment.
> 
> Intel's releasing a patch, Chrome announced a patch, Windows will release a patch for it soon. It'll all be fixed soon. Seriously, everyone in here fear-mongering and flailing your arms around and screaming about this is just hilarious. It's just another big security bug in the long line of big bugs that have cropped up over the past few years. It'll be fixed in a few days and we can all forget that this ever happened.


No, its not going to be fixed up. Its going to be by-passed, thus incurring performance losses.
And the issue still remains.
And before it gets patched on all critical systems, it can get exploited.

All because Intel skimped on Security, for the sake of Performance.

Do you see where the issues is?

And its not downplaying. If everybody keeps quiet, Intel will think, there is nothing wrong (morally and technically), and keep up the same stuff.


----------



## Dhalmel

I've installed the emergency update from windows update, will a BIOS update or something need to be done too?


----------



## Kalpa

This twitter feed was linked to me elsewhere, found it a pretty good overall look on the situation https://twitter.com/nicoleperlroth/status/948686265477685248


----------



## AlphaC

Quote:


> Originally Posted by *Dhalmel*
> 
> I've installed the emergency update from windows update, will a BIOS update or something need to be done too?


for now it's OS patches only

https://www.cnet.com/how-to/how-to-fix-meltdown-spectre-intel-amd-arm-windows-mac-android-ios/
Quote:


> On Jan. 23, a new version of Google Chrome should also include mitigations to protect your desktop and phone from web-based attacks. But if you don't want to wait, Google says an experimental feature called Site Isolation can help right away.
> 
> Instead of grouping different websites you browse together in a single process -- which helps save your computer's memory, among other things -- Site Isolation appears to make each website use its own individual instance of the Chrome browser. That way, it's harder for a malicious website to access data from other websites you're browsing (using these new CPU exploits) and potentially do bad things.
> 
> To turn on Site Isolation on Windows, Mac, Linux, Chrome OS or Android:
> 
> Type or copy-paste chrome://flags/#enable-site-per-process into the URL field at the top of your Chrome web browser, then hit the Enter key.
> Look for Strict Site Isolation, then tap or click the box labeled Enable.
> If your work is saved, hit Relaunch Now. Otherwise, save your work, then quit and relaunch Chrome.


Comedic relief?:
https://www.theregister.co.uk/2018/01/04/intels_spin_the_registers_annotations/
Quote:


> To help put Intel's claims into context, we've annotated the text. Bold is Intel's spin.
> 
> *Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed.*
> 
> _Translation: When malware steals your stuff, your Intel chip is working as designed. Also, this is why our stock price fell. Please make other stock prices fall, thank you._
> 
> By the way, here's what Linux kernel supremo Linus Torvalds had to say about this: "I think somebody inside of Intel needs to really take a long hard look at their CPUs, and actually admit that they have issues instead of writing PR blurbs that say that everything works as designed.
> 
> "Is Intel basically saying 'we are committed to selling you **** forever and ever, and never fixing anything'?"
> 
> What Intel described as "software analysis methods," security researchers describe thus: "Meltdown breaks all security assumptions given by the CPU's memory isolation capabilities."
> 
> "Meltdown" is the name given to a side-channel attack on memory isolation that affects most Intel chips since 2010, as well as a few Arm cores. Intel's chips may be "operating as designed" but it is this processor design that's the issue; based on the research that has been published, the current design is inadequate and insecure.
> 
> Meltdown - on Intel CPUs and the Arm Cortex-A75 - allows normal applications to read protected kernel memory, allowing them to steal passwords and other secrets. It is easy to exploit, but easy to patch - and workarounds to kill the vulnerability are available for Windows and Linux, and are already in macOS High Sierra, for Intel parts. There are Linux kernel patches available for the Cortex-A75.
> 
> There's also another security flaw named Spectre that affects, to varying degrees, Intel, AMD, and Arm. Depending on your CPU, Spectre allows normal apps to potentially steal information from other apps, the kernel, or the underlying hypervisor. Spectre is difficult to exploit, but also difficult to fully patch - and is going to be the real stinger from all of this.
> 
> *Intel believes these exploits do not have the potential to corrupt, modify or delete data.*
> 
> _Translation: Look, over here! Scary words! And we deny them! And you'll forget that this is about stealing information, not tampering with it._
> 
> Funnily enough, no one said the security flaws could be used to directly alter data. Instead of talking about what these exploits don't do, let's focus on what they make possible.
> 
> On vulnerable systems, Meltdown allows user programs to read from private and sensitive kernel address spaces, including kernel-sharing sandboxes like Docker or Xen in paravirtualization mode. And when you've stolen the keys to the kingdom, such as cryptographic secrets, you'll probably find you can indeed corrupt, modify or delete data, pal.
> 
> *Recent reports that these exploits are caused by a "bug" or a "flaw" and are unique to Intel products are incorrect.*
> 
> _Translation: Pleeeeeease, pleeeeease do not sue us for shipping faulty products or make us recall millions of chips._
> 
> Bug. Flaw. Security shortcoming. Design oversight. Blueprint blunder. Bungled architecture. It's the same difference. Security researchers, describing Meltdown, said: "On the microarchitectural level (e.g., the actual hardware implementation), there is an exploitable security problem."
> 
> The exploits described this week against processors rely on unsafe system designs. Flawed system designs, if you will. Buggy system designs.
> 
> *Based on the analysis to date, many types of computing devices - with many different vendors' processors and operating systems - are susceptible to these exploits.
> *
> _Translation: We weren't the only one. And if we're going down, we're taking every last one of you with us._
> 
> Chipzilla doesn't want you to know that every Intel processor since 1995 that implements out-of-order execution is potentially affected by Meltdown - except Itanium, and the Atom before 2013.


https://lkml.org/lkml/2018/1/3/797


----------



## hhuey5

will intel get class action lawsuit?


----------



## ku4eto

Quote:


> Originally Posted by *hhuey5*
> 
> will intel get class action lawsuit?


It depends. There needs to be first investigation, to see if they knew about this vulnerability, and if they chose to get extra performance, instead more security.


----------



## Pro3ootector

Quote:


> Originally Posted by *kithylin*
> 
> Right.. everything's infected on the internet and everything's going to exploit our computers and steal our passwords no matter what we do. Nothing on the internet is safe according to the people in this thread. Better just turn off the computer until this is patched and go outside for a few weeks. At least you'll be safe from this big bad threat at the moment.
> 
> Intel's releasing a patch, Chrome announced a patch, Windows will release a patch for it soon. It'll all be fixed soon. Seriously, everyone in here fear-mongering and flailing your arms around and screaming about this is just hilarious. It's just another big security bug in the long line of big bugs that have cropped up over the past few years. It'll be fixed in a few days and we can all forget that this ever happened.


_
From Linus Torvalds <>
Date Wed, 3 Jan 2018 15:51:35 -0800
Subject Re: Avoid speculative indirect calls in kernel
share 0
share 129
On Wed, Jan 3, 2018 at 3:09 PM, Andi Kleen wrote:
> This is a fix for Variant 2 in
> https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
>
> Any speculative indirect calls in the kernel can be tricked
> to execute any kernel code, which may allow side channel
> attacks that can leak arbitrary kernel data.

Why is this all done without any configuration options?

A *competent* CPU engineer would fix this by making sure speculation
doesn't happen across protection domains. Maybe even a L1 I$ that is
keyed by CPL.

I think somebody inside of Intel needs to really take a long hard look
at their CPU's, and actually admit that they have issues instead of
writing PR blurbs that say that everything works as designed.

.. and that really means that all these mitigation patches should be
written with "not all CPU's are crap" in mind.

Or is Intel basically saying "we are committed to selling you ****
forever and ever, and never fixing anything"?

Because if that's the case, maybe we should start looking towards the
ARM64 people more.

Please talk to management. Because I really see exactly two possibibilities:

- Intel never intends to fix anything

OR

- these workarounds should have a way to disable them.

Which of the two is it?

Linus_

https://lkml.org/lkml/2018/1/3/797


----------



## sumitlian

Quote:


> Originally Posted by *ku4eto*
> 
> It depends. There needs to be first investigation, to see if they knew about this vulnerability, and if they chose to get extra performance, instead more security.


There is no proof that Intel chose to go less secure path because they wanted more performance, because there is no proof that making a system by world class engineers that would be immune to Meltdown and alike attacks would cost any IPC regression as compared to current system that is not immune to Meltdown.


----------



## iamjanco

Additional info, perhaps of interest to some in this discussion:

*Tom Lendacky email dated Dec 27 about the issue.*
*Linus Torvalds Trusts Lisa Su's Commitment to AMD CPU Security*

The code in question:

Code:



Code:


-    /* Assume for now that ALL x86 CPUs are insecure */
-       setup_force_cpu_bug(X86_BUG_CPU_INSECURE);
+       if (c->x86_vendor != X86_VENDOR_AMD)
+               setup_force_cpu_bug(X86_BUG_CPU_INSECURE);

*The source of that code.*


----------



## sumitlian

_".....Everything works as designed"_


----------



## iamjanco

Quote:


> Originally Posted by *sumitlian*
> 
> _".....Everything works as designed"_


Always.


----------



## azanimefan

Quote:


> Originally Posted by *hitman928*
> 
> AMD and ARM CPUs are vulnerable to the Spectre exploit, you can read it in the Spectre research paper. However, it already has a software fix that should not effect performance.
> 
> However, this is very different than what most people are talking about which is the Meltdown bug which is intel specific and can come with a large performance penalty to fix in software.


AMD cpus are only vulnerable in a non-default state. meaning you have to turn stuff off in the bios to make it happen. I'm sure there will be some bios updates released to patch that flaw. -end of story-


----------



## $ilent

I just read on BBC news that the patch wont be released for pre win 10 OS...is this true? If so wth...im not updating to windows 10.


----------



## KarathKasun

Quote:


> Originally Posted by *kithylin*
> 
> Adblock and ublock origin prevent ad scripts from outside sources out of the website from loading, chrome runs all websites "sandboxed" inside it's own fake virtual process and doesn't allow any scripts, programs, from any websites to access system memory, and even goes so far as to sandbox each individual tab inside of it's own virtual section and doesn't let one tab even communicate with any other tab open in the same browser session. Firefox does this as well. It's basic security as part of modern web browsers going back multiple years. Patched up browsers against this latest security threat and others will prevent anything from escaping the browser and getting in to your system. As long as you stay up to date with browser updates, there's very minimal risk from anything harming your computer from browsing websites. I'm a strong advocate of using ruthless adblockers on all websites to prevent outside code from being loaded. Chrome at least goes so far as to use "alternative desktops" that websites and web-based scripts see instead of our actual desktop, and prevent any website or web-based javascript code from accessing your actual computer, actual desktop, or even your system clipboard either.
> 
> https://blog.chromium.org/2008/10/new-approach-to-browser-security-google.html
> 
> Go take a moment to read how modern browsers work, this has been in place in all current versions of chrome from 2008 -> Current-Day. It's literally physically impossible for anything from any website to "escape" chrome and get out and "Infect" your system with anything. If the things you worry about day to day are getting a virus from browsing websites.. perhaps you should examine your priorities in life and put your tin-foil-hat back on.


Take a moment to realize that this bypasses sandboxing. That is why this bug is causing such a stir. Sandboxing, VMs, and app level security patches do not work. The only fix is an OS level memory management patch for the one while the other may have no simple fix.

The fix so far has been to flush caches on kernel context switches as far as I can tell, this is why the performance hit can be so large in specific I/O heavy tasks.


----------



## Offler

Quote:


> Originally Posted by *KarathKasun*
> 
> Take a moment to realize that this bypasses sandboxing. That is why this bug is causing such a stir. Sandboxing, VMs, and app level security patches do not work. The only fix is an OS level memory management patch for the one while the other may have no simple fix.
> 
> The fix so far has been to flush caches on kernel context switches as far as I can tell, this is why the performance hit can be so large in specific I/O heavy tasks.


Not just sandboxing. Also virtualization









Which is making a lot of fun considering how easy you can obtain virtual server...


----------



## KarathKasun

Quote:


> Originally Posted by *Offler*
> 
> Not just sandboxing. Also virtualization
> 
> 
> 
> 
> 
> 
> 
> 
> 
> Which is making a lot of fun considering how easy you can obtain virtual server...


I mentioned VMs.


----------



## Alex132

It is interesting how people are so quick to attack products for being less secure, but soon as they impact performance that could even be within margin of error of benchmarks they are suddenly not interested and refuse to adopt the security feature.

You can't have your cake and eat it, unfortunately.


----------



## Marios145

Quote:


> Originally Posted by *Alex132*
> 
> You can't have your cake and eat it, unfortunately.


Unless you own an amd x86 pc and a cortex a53 phone like me.
I'm not saying I'm 100% secure, but at least I'm not affected from this


----------



## Alex132

So it begins


----------



## Skrillex

You are still
Quote:


> Originally Posted by *Marios145*
> 
> Unless you own an amd x86 pc and a cortex a53 phone like me.
> I'm not saying I'm 100% secure, but at least I'm not affected from this


You are affected by Spectre however, which has no patch as of yet.


----------



## KarathKasun

Quote:


> Originally Posted by *Skrillex*
> 
> You are still
> You are affected by Spectre however, which has no patch as of yet.


It seems that the AMD vulnerability to Spectre is only possible with a specific model specific register configuration. Further, the Spectre bug has yet to be demonstrated on AMD hardware.

We will see if this holds true in the coming weeks with continued testing and research.


----------



## Skrillex

Quote:


> Originally Posted by *KarathKasun*
> 
> It seems that the AMD vulnerability to Spectre is only possible with a specific model specific register configuration. Further, the Spectre bug has yet to be demonstrated on AMD hardware.
> 
> We will see if this holds true in the coming weeks with continued testing and research.


"AMD insists its processors are practically immune to Variant 2 Spectre attacks. As for Variant 1, you'll have to wait for microcode updates or recompile your software with forthcoming countermeasures described in the technical paper on the Spectre website.

The researchers say AMD's Ryzen family is affected by Spectre. Googlers have confirmed AMD FX and AMD Pro cores can allow arbitrary data to be obtained by a user process; the proof-of-concept worked just within one process, though.

An AMD Pro running Linux in a non-default configuration - the BPF JIT is enabled - also lets a normal user process read from 4GB of kernel virtual memory.

For Arm, Cortex-R7, Cortex-R8, Cortex-A8, Cortex-A9, Cortex-A15, Cortex-A17, Cortex-A57, Cortex-A72, Cortex-A73, and Cortex-A75 cores are affected by Spectre. Bear in mind Cortex-R series cores are for very specific and tightly controlled embedded environments, and are super unlikely to run untrusted code. To patch for Arm, apply the aforementioned KPTI fixes to your kernel, and/or recompile your code with new defenses described in the above-linked white paper."

https://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/


----------



## Damn_Smooth

Well, this thread was entertaining for seeing the same Intel apologist keep proving him/her/itself wrong trying to defend, if nothing else.


----------



## marduke83

Hardware Unboxed did some read/write tests and gaming tests pre and post patch for windows 10 (I 'm assuming this is the same issue)
https://www.youtube.com/watch?v=_qZksorJAuY


----------



## Vipu

Quote:


> Originally Posted by *marduke83*
> 
> Hardware Unboxed did some read/write tests and gaming tests pre and post patch for windows 10 (I 'm assuming this is the same issue)
> https://www.youtube.com/watch?v=_qZksorJAuY


Yeah thats it, so pretty much no impact, on that setup at least.


----------



## kd5151

Lurking in the shadows.


----------



## Wishmaker

Just saw on CNN that INTEL, ARM, and AMD are affected


----------



## sumitlian

Quote:


> Originally Posted by *Wishmaker*
> 
> Just saw on CNN that INTEL, ARM, and AMD are affected


Did ya copy and paste the headline too in here from CNN ?







Because this^ exactly tells in the CNN's style, ie "half truth".


----------



## Alex132

https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/

Quote:


> AWS is aware of recently disclosed research regarding side-channel analysis of speculative execution on modern computer processors (CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754).
> 
> This is a vulnerability that has existed for more than 20 years in modern processor architectures like Intel, AMD, and ARM across servers, desktops, and mobile devices. All but a small single-digit percentage of instances across the Amazon EC2 fleet are already protected. The remaining ones will be completed in the next several hours, with associated instance maintenance notifications.
> 
> While the updates AWS performs protect underlying infrastructure, in order to be fully protected against these issues, customers must also patch their instance operating systems. Updates for Amazon Linux have been made available, and instructions for updating existing instances are provided further below along with any other AWS-related guidance relevant to this bulletin.
> 
> Updated EC2 Windows AMIs will be provided as Microsoft patches become available.
> 
> Please consult with the vendor of any alternative / third-party operating system, software, or AMI for updates and instructions as needed.
> 
> This bulletin will be updated as we have new information to share on the availability of improved AMIs, patches, and any other recommended actions for AWS customers.
> 
> Amazon Linux AMI (Bulletin ID: ALAS-2018-939)
> 
> An updated kernel for Amazon Linux is available within the Amazon Linux repositories. Instances launched with the default Amazon Linux configuration on or after 10:45 PM (GMT) January 3rd, 2018 will automatically include the updated package. Customers with existing Amazon Linux AMI instances should run the following command to ensure they receive the updated package:
> 
> yum update kernel


----------



## Assirra

So since the full fix most likely will require a firmware update from intel, does that mean that people with a legecy platform like me are utterly screwed over?


----------



## Alex132

Quote:


> Originally Posted by *Assirra*
> 
> So since the full fix most likely will require a firmware update from intel, does that mean that people with a legecy platform like me are utterly screwed over?


Not sure if it may affect end-users nearly as much as virtual hosts.


----------



## Particle

*A bit of warning regarding KPTI:*

I built a 4.14.11 kernel yesterday and updated. I didn't know it at the time, but 4.14.11 has had KPTI backported to it whereas 4.14.10 did not have it yet. The reason I mention this event is because on my system 4.14.11 was producing a hard lock every time once my startup programs started running. I had to go back to 4.14.10 until I figured out what was going on (that KPTI had been added). I've built a new kernel with KPTI disabled, but I've not tried it yet. The reason I built the kernel that way is that I couldn't remember the boot flag to disable it and decided against changing the GRUB defaults so that the flag would be included every time update-grub runs.


----------



## Blameless

Quote:


> Originally Posted by *Leopardi*
> 
> Since it's all related to virtual memory, can't you just disable pagefile and get 100% performance back?


Virtual memory is not synonymous with page file and disabling the page file won't do anything to mitigate the performance hit the workaround causes.
Quote:


> Originally Posted by *nanotm*
> 
> isnt page file just a clever trick to increase the ammount of ram your pc has without spending any money ?


No.
Quote:


> Originally Posted by *Shogoki*
> 
> And streaming ? Since rendering videos is a CPU heavy task.


Kernel time seems to be key.

Transcoding wasn't affected much at all in the Phoronix tests. However, the actual frame capture via DX or the GPU driver might be impacted.
Quote:


> Originally Posted by *Shogoki*
> 
> I don't really understand how are these tests linked to streaming.


Streaming is two things, grabbing frames, and encoding them.

Encoding is much more CPU heavy, but doesn't touch kernel space at all, so doesn't see a performance impact.
Quote:


> Originally Posted by *Midnight ***per*
> 
> Bunch of OFFLINE games and ssd benchmark
> 
> On these offline singleplayer games,its no surprise performance is not affected,I mean you can play these without even having internet connection,the windows might as well turn off the fixed version when offline to boost performance.
> 
> Online multiplayer gaming thats entirely different thing,not only do servers run Intel cpus,in PUBG tor example 100 players can play together at once on one server.I never saw any benchmark with multillayer game with both the host and server having the fixed windows version.


Onlline games aren't any more likely to be accessing kernel memory than offline games.

Unless you are doing heavy database work or other extremely I/O heavy tasks, you aren't likely to see much of an impact from these patches.
Quote:


> Originally Posted by *Midnight ***per*
> 
> Its hardware based but the security fix patches for Windows and Linux will be software,so there is software solution to it.


They could probably patch the flaw with microcode firmware, but you'd still get the performance hit, where applicable.
Quote:


> Originally Posted by *kithylin*
> 
> I'm really having a hard time understanding why it's so critically important to patch and make our systems suffer -30% performance for what is basically no real issue here.


There is no reason not to patch.

Either you are running a database server or some other relevant use scenario, and should prioritize security enough to be willing to take the performance hit, or you aren't, and won't see enough of a performance hit from the patch to matter, in which case even a small security benefit outweighs the downsides.
Quote:


> Originally Posted by *kithylin*
> 
> But if this has existed all these years in all of these chips, and everyone has been using our computers for years without ever patching it until 2018, why have there not been big news articles about this being exploited and hacked before? Why is it only now such a big deal?


Because it was only recently discovered. Can't exploit the unknown.

Now that it's out in the open, there will be people taking advantage of it.
Quote:


> Originally Posted by *kithylin*
> 
> Do you folks realize the odds of this being true?


The odds are 100%.

These are phenomenally complex systems, and most errata is never going to be discovered by anyone, let alone patched.
Quote:


> Originally Posted by *kithylin*
> 
> It's not a hardware flaw after all.


It's a hardware flaw.

Just because you need software to take advantage of it doesn't remotely imply otherwise.
Quote:


> Originally Posted by *Particle*
> 
> "A method for an attacker to observe contents of privileged memory, circumventing expected privilege levels."
> 
> This is enforced by hardware. The issue being discussed is that Intel processors are failing to enforce this correctly. That is by definition a failure of the hardware. It's a hardware flaw.


Yep.
Quote:


> Originally Posted by *kithylin*
> 
> Directly quoted direct from the intel documentation right there. There is no error or errata in Intel processors. It's black and white.


A deliberate design choice that turns out to be a poor one doesn't mean there are no problems.

It's like the height of the water tight bulkheads on the Titanic. It was designed like an icecube tray, and the bulkheads performed exactly as designed...meaning that when the flooding plus degree of list was enough, water flowed right over the top.

Intel is saying that their parts are working as designed, not that they aren't going to have to redesign things because their previous design choice proved to be poor.
Quote:


> Originally Posted by *kithylin*
> 
> Well the only reason I came to this thread is to "get to the bottom of this" as to where this actually comes from and how it gets in to our system. And I've found that out: It's only if we download random nasty crap from random nasty websites and run it on our system. Don't do that, we can't get infected, nothing can bother us.


The same sort of comment can be made about literally every security flaw ever.

If you can guarantee you'll never run software that takes advantage of it, you'll never have an issue. This has never been contested, it's a complete given.
Quote:


> Originally Posted by *kithylin*
> 
> Anyway.. business as usual for me, time to unsubscribe from this thread. There's nothing new to be learned from this point in time, just wait for benchmarks to see what all the patches do to everyone's computer to slow em down later.
> 
> I would still probably suggest (for normal smart users that know not to run random programs off the internet willy-nilly) to wait and see what impact the patch has on our systems, if you have the option to defer the patch until later from windows updates. Remember, some windows updates can not be removed without a system reformat / windows re-install. I don't know but I would suspect this might be one of em and likely a 1-way-street.
> 
> Good luck with all that.


Your recommendation is dangerous and based in ignorant assumptions that almost certainly understates the risks of not patching and overstates the performance hit of patching.


----------



## Curvy Groyper

Does anybody have 900P Optane ssd? Either the 280gb or 480gb version,preferabely with Coffee Lake cpu.If you have,please please run ssd benchmark.And dont post just fastest result like that Hardware Unboxed youtube guy,run it atleast three times and post all three reports,or atleast post average.

The deciding factor I bought Intel over AMD is Optane,and with report of ssd being up to 70% slower,it makes no sense to buy Intel.I have 8600k still in the box from yesterday delivery,deciding if I should return it and get Ryzen,or open it and build my rig.


----------



## Pheatton

Intel has released a tool for detecting if your machines are affected or not. I ran it against my Asus UX31A and it came back as not affected...strange.

How to protect your PC against the major 'Meltdown' CPU security flaw


----------



## Defoler

Quote:


> Originally Posted by *KarathKasun*
> 
> This vulnerability would also theoretically allow a rootkit to be installed directly from a javascript. Its a credential elevation bug at the hardware level.


A system that doesn't get outside javascript, this is also a none issue. Do you think you can send a javascrpty to run on PUBG / blizzard / whatever servers through the client?
I don't think a closed system has anything to worry about.
A full open system is vulnerable.
Thought getting to exploit this through javascript feels like a stretch to pull it off.


----------



## KyadCK

Quote:


> Originally Posted by *kithylin*
> 
> Well the only reason I came to this thread is to "get to the bottom of this" as to where this actually comes from and how it gets in to our system. And I've found that out: It's only if we download random nasty crap from random nasty websites and run it on our system. Don't do that, we can't get infected, nothing can bother us.
> 
> And fortunately being a win7 user I have the option to not install the update / forced-performance-degrading-patch.
> 
> So fortunately for me, I'm completely unaffected by this what so ever. I already don't run random downloaded exe's, and I don't have to patch.. yay. Back to gaming and business as usual and ignore this.
> 
> Yet another solid confirmation to stay on win7 with optional updates forever, and avoid the virus / plague that is windows 10 forever. RIP windows 10 users and your PC's running -30% slower.


You are aware that websites get downloaded to your PC and run on your CPU when you access them, and that the site itself can be hacked to include pretty much whatever, including JavaScript right? And that this bug explicitly breaks sandbox (chrome) and does not require any administrative permission to function (OS). A small bit of JavaScript injected in a trusted webpage is enough to compromise you PC without your interaction.

Also, EXEs are .ZIP files with automation, they are not the only way to run code on a PC. Ever hear of a .JAR file for example? .VBS? An EXE or MSI file unzipps itself, copies somewhere, then runs the actual code. You can actually unzip most EXE files and have a look inside if you want to.
Quote:


> Originally Posted by *kithylin*
> 
> Quote:
> 
> 
> 
> Originally Posted by *nanotm*
> 
> hmm lets see how do browser work, well they run a common module that lets a user download a file and then they execute the code within that file so the user can see the "web page" on their terminal in the manner that the provider (host) desires....
> 
> advertising space on a webpage is laid out according to the hosts desires and when connected to a site like google's ad sense those adverts refresh frequently by the user terminal downloading sub files and then auto executing and displaying the adverts in the pre set "boxes" on the user terminal screen.....
> 
> hmm how does "browser history work" well it stores those downloaded web pages in a file directory so that the user can quickly reload the page if they desire to revist something they were looking at earlier....
> 
> how do drive by executions work, well you have a few options, by far the most commonly used one is to craft malicious code into an advertising script and let adsense push it out to millions of "browsers" although since google got into trouble this is more often a problem wiht standalone networks like facebook as the google A.I. has gotten better at identifying such scripts and not distributing them although ha few do still get through the net until they are positively identified.....
> 
> is there any way that a browser can stop such things from happening .... no only not connecting to the internet can actually prevent such things of course some security applications can mitigate many of these problems unfortunately not all of them and in special circumstances the security software can actually make it worse as was the case with a recent MSE bug on windows 10..
> 
> internet 101
> 
> 
> 
> Adblock and ublock origin prevent ad scripts from outside sources out of the website from loading, *chrome runs all websites "sandboxed" inside it's own fake virtual process and doesn't allow any scripts, programs, from any websites to access system memory, and even goes so far as to sandbox each individual tab inside of it's own virtual section and doesn't let one tab even communicate with any other tab open in the same browser session.* Firefox does this as well. It's basic security as part of modern web browsers going back multiple years. Patched up browsers against this latest security threat and others will prevent anything from escaping the browser and getting in to your system. As long as you stay up to date with browser updates, there's very minimal risk from anything harming your computer from browsing websites. I'm a strong advocate of using ruthless adblockers on all websites to prevent outside code from being loaded. Chrome at least goes so far as to use "alternative desktops" that websites and web-based scripts see instead of our actual desktop, and prevent any website or web-based javascript code from accessing your actual computer, actual desktop, or even your system clipboard either.
> 
> https://blog.chromium.org/2008/10/new-approach-to-browser-security-google.html
> 
> Go take a moment to read how modern browsers work, this has been in place in all current versions of chrome from 2008 -> Current-Day. It's literally physically impossible for anything from any website to "escape" chrome and get out and "Infect" your system with anything. If the things you worry about day to day are getting a virus from browsing websites.. perhaps you should examine your priorities in life and put your tin-foil-hat back on.
Click to expand...

One, yes it is in system memory. Where else would it be, the HDD?

Two, this bug explicitly breaks sandboxing by not performing *any* permissions check.

_It literally ignores the sandbox by design._ That is why this important, it grants any random bit of code that wants it full blooded ring zero (kernel) read access. The "fix" is to never let Kernel memory and Program memory be in cache at the same time. That's why it's a performance hit.
Quote:


> Originally Posted by *kithylin*
> 
> Quote:
> 
> 
> 
> Originally Posted by *AmericanLoco*
> 
> You don't get it do you? With these bugs, you can virtualize and sandbox until your eyes are blue - the code can still jump out of app and access kernel memory. It doesn't have to be unknown javascript from unknown sources - it could just be the website itself has been compromised.
> 
> 
> 
> So you would prefer what as an alternative? Attempt to fear-monger everyone in to stop browsing the internet because of this? Because according to you every website we load is a potential minefield going to infect our system with malware and steal all our passwords just because we looked at facebook or myspace or ebay or twitter, or overclock.net. Even though that could of happened any time in the past 20 years just as much as it could happen tomorrow. Maybe you could take a step back from the computer a moment and repeat what you just wrote in your post to yourself in your head. Maybe then you might understand how insane that sounds.
Click to expand...

Install the patch and the problem goes away. Granted at a cost.

Also you are aware that things do "just change" right? One day no one had nukes, the next we had some. One day no one had touched the moon, then we had. One day the modern CPU was impossible, then it wasn't.

The exploit was found, and publicly declared. How to use it is now widespread info. You are in more danger now than before, if you do not use the patch.
Quote:


> Originally Posted by *S1L3Nt*
> 
> Is it me or am I missing something. If I am, please save me from my ignorance.
> 
> From what I am hearing, this vulnerability is mainly allowing an application to read memory that is outside of its allocated space. Nowhere does it say it can rewrite memory anywhere it wants to. So if the application can read memory, it can potentially steal sensitive information. However, you will probably need to dump all of the memory into something to analyze it. So the vulnerability is big, but the implications are a bit blown out of proportion.
> 
> Thoughts?


That data can still be written to it's own appropriate section of memory, then uploaded.
Quote:


> Originally Posted by *kithylin*
> 
> Quote:
> 
> 
> 
> Originally Posted by *ku4eto*
> 
> You either are a Intel fanboy/troll, or you lack the needed knowledge and refuse to accept, that YOU ARE WRONG. Nobody gives a damn about javascript based attacks. Because, critical systems, the ones that cost bilions of dolars, are servers, which are not used for facebook surfing. The normal Cotton eye Joe can only have his own personal computer exposed.
> 
> 
> 
> Except of course (most likely) no one here reading overclock.net in this thread is a manager for a multi-billion dollar datacenter company coming to overclock.net for their source for where to find security fixes for this thing or the latest news on this thing. Most of us here in this discussion are actual end users, and concerned with how this will effect us.
> 
> Also I guess I'll explain a little how "Sandboxing" in chrome and modern web browser security in general works. *The entire point of it is literally nothing you view or load inside of any website or web page, including any javascript or any other script, physically can not by any means access your computer, your hard drive, or your memory via chrome the web browser.* They also can not install any software on your system and execute it without your permission. Literally there is no way out, there is no path, it does not exist. That's exactly what "Sandboxing" means, it means everything in every website done in modern web browsers has it's own private little walled off area and nothing can escape. That's how modern browser security works these days. The only way for -anything- to infect your computer or even access your computer's memory, security flaw or not, is for you to download it out of your browser and execute or open it with some other program.
Click to expand...

Sandboxing means "this is your area, you need permission to exit"

This _hardware bug_ says "You don't need permission, just go ahead and read whatever you like.

This bug explicitly breaks sandboxing.

Also lol, "Not on your computer at all". Critical thinking time; how does the text and HTMC/CSS formatting show on your screen if it isn't on your computer, and how does it get rendered?








Quote:


> Originally Posted by *$ilent*
> 
> I just read on BBC news that the patch wont be released for pre win 10 OS...is this true? If so wth...im not updating to windows 10.


As far as I am aware from this thread, the patch for Win7/8 will come in about two weeks.

Go get em!
https://support.microsoft.com/en-us/help/4056897/windows-7-update-kb4056897
https://support.microsoft.com/en-us/help/4056898/windows-81-update-kb4056898
Quote:


> Originally Posted by *Assirra*
> 
> So since the full fix most likely will require a firmware update from intel, does that mean that people with a legecy platform like me are utterly screwed over?


There will never be a fix from Intel. It is a hardware problem "fixed" by changing memory management in the OS. You'll need to install the update, but as far as I am aware your Win7 should get the update "eventually". Now! Look above.


----------



## HowHardCanItBe

Haha what a shady guy this dude is. You know when the director sells his shares, that there is something wrong. LOL
Quote:


> Intel's CEO reportedly sold shares after the company already knew about massive security flaws
> Intel CEO Brian Krzanich sold off a large chunk of his stake in the company after the chipmaker was made aware of serious security flaws, according to multiple reports
> An SEC filing last November showed Krzanich sold off about 644,000 shares by exercising his options and another roughly 245,700 shares he already owned


https://www.cnbc.com/2018/01/04/intel-ceo-reportedly-sold-shares-after-the-company-already-knew-about-massive-security-flaws.html


----------



## cx-ray

Quote:


> Originally Posted by *Pheatton*
> 
> Intel has released a tool for detecting if your machines are affected or not. I ran it against my Asus UX31A and it came back as not affected...strange.
> 
> How to protect your PC against the major 'Meltdown' CPU security flaw


On an Win 10 system that I haven't patched yet:

PS C:\WINDOWS\system32> Get-SpeculationControlSettings
Speculation control settings for CVE-2017-5715 [branch target injection]

Hardware support for branch target injection mitigation is present: False
Windows OS support for branch target injection mitigation is present: False
Windows OS support for branch target injection mitigation is enabled: False

Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: False
Windows OS support for kernel VA shadow is enabled: False

BTIHardwarePresent : False
BTIWindowsSupportPresent : False
BTIWindowsSupportEnabled : False
BTIDisabledBySystemPolicy : False
BTIDisabledByNoHardwareSupport : False
KVAShadowRequired : True
KVAShadowWindowsSupportPresent : False
KVAShadowWindowsSupportEnabled : False
KVAShadowPcidEnabled : False


----------



## Curvy Groyper

I have question,if Microsoft will apply the fix to everybody no matter what cpu they have,will it mean future Intel cpu generation will be using the performance degrading Microsoft version? I mean,will Microsoft at some point in future take back the bug fix in order to improve performance on cpus in future when they will be no longer vulnerable?

Is this changed slowed kernel thing now here forever to stay,or will Microsoft only apply it on machines that contain the vulnerable Intel chips? Becose if this cache flushing kernel thing is going to be applied in blanket fashion on everything now,then I dont see reason why its not going to be applied to future Intel cpus aswell even if they will be fixed on hardware level.

Becose if you dont make Windows recognize between vulnerable current gen Intel and immune AMD now,then in future its probably not going to recognize between vulnerable current gen Intel and future immune Intel either,then it will apply the performance destroying code to everything,making it new default normal thing.


----------



## crakej

I'm confused! Are AMD or any other CPUs affected? I thought this was an Intel design flaw not affecting others?


----------



## KyadCK

Quote:


> Originally Posted by *Midnight ***per*
> 
> I have question,if Microsoft will apply the fix to everybody no matter what cpu they have,will it mean future Intel cpu generation will be using the performance degrading Microsoft version? I mean,will Microsoft at some point in future take back the bug fix in order to improve performance on cpus in future when they will be no longer vulnerable?
> 
> Is this changed slowed kernel thing now here forever to stay,or will Microsoft only apply it on machines that contain the vulnerable Intel chips? Becose if this cache flushing kernel thing is going to be applied in blanket fashion on everything now,then I dont see reason why its not going to be applied to future Intel cpus aswell even if they will be fixed on hardware level.
> 
> Becose if you dont make Windows recognize between vulnerable current gen Intel and immune AMD now,then in future its probably not going to recognize between vulnerable current gen Intel and future immune Intel either,then it will apply the performance destroying code to everything,making it new default normal thing.


In theory, they will limit it to affected versions only.

In practice, if you bought the Coffee Lake chip to game, you will probably not see significant performance impact even with this patch. The "30%" figures you keep seeing are for workloads that jump between Kernel and App context a lot, such as SQL servers. Most things you will likely run should not be hit too hard, and if you still have a return window, I'd await benchmarks. Win10 is getting the update today, and I expect several site will run benches to measure the impact. We'll probably see the results over the next couple days.
Quote:


> Originally Posted by *crakej*
> 
> I'm confused! Are AMD or any other CPUs affected? I thought this was an Intel design flaw not affecting others?


Meltdown is Intel only.

Spectre is at minimum Intel and some ARM chips, and has yet to be proven working on AMD chips with default settings but testing is still ongoing.


----------



## Curvy Groyper

I believe there are two types of problem,the Spectre and Meltdown,the Meltdown is the performance degrading one and that is Intel exclusively,there are 3 types of Spectre and only one is confirmed for AMD but that can be patched without performance decrease.

So it seems that ARM and AMD have some of that Spectre,but its Intel who is in deeeeep shiiiiatala


----------



## cx-ray

Quote:


> Originally Posted by *Midnight ***per*
> 
> I have question,if Microsoft will apply the fix to everybody no matter what cpu they have,will it mean future Intel cpu generation will be using the performance degrading Microsoft version? I mean,will Microsoft at some point in future take back the bug fix in order to improve performance on cpus in future when they will be no longer vulnerable?


My understanding is that future patches are in the pipeline and "fixes" will be more granular. It's only logical that operating systems will take unaffected architectures and in the future new designs into account. The current patch looks like a brute force cover their bases patch, just so they can get it out.


----------



## Curvy Groyper

KyadCK But I will use the PC for Ansys with Optane SSD,it will utilize ssd bandwidth to the max,its going to read and write to ssd like crazy.I saw one benchmark with 70% slower ssd and other with 23% slower read speed all on 8700k,I have 8600k and I fear greatly.I would build my pc and use it by now but I am waiting with unopened 8600k,I am thinking I will return it,becose if ssd speeds are decreased,then no point in Optane or even Intel for me.


----------



## Particle

Quote:


> Originally Posted by *Midnight ***per*
> 
> KyadCK But I will use the PC for Ansys with Optane SSD,it will utilize ssd bandwidth to the max,its going to read and write to ssd like crazy.I saw one benchmark with 70% slower ssd and other with 23% slower read speed all on 8700k,I have 8600k and I fear greatly.I would build my pc and use it by now but I am waiting with unopened 8600k,I am thinking I will return it,becose if ssd speeds are decreased,then no point in Optane or even Intel for me.


I can do a test with an AMD 1950X and Samsung 950 Pro if you want. It's not exactly the environment you're after, but it would show what happens before and after with a relatively fast NVMe disk.


----------



## Curvy Groyper

I made post asking members here to post ssd benchmark results pre and post patch if they have intel and optane 900p about two pages back in this thread.

I would be super grateful if you tried that! I will be getting Ryzen + 960 Pro or 8600k + 900P Optane,not sure what is better value for money for Ansys simulation that is too big to fit to ram and uses ssd.


----------



## tashcz

So did we all just go 5 years back?


----------



## KyadCK

Quote:


> Originally Posted by *Midnight ***per*
> 
> KyadCK But I will use the PC for Ansys with Optane SSD,it will utilize ssd bandwidth to the max,its going to read and write to ssd like crazy.I saw one benchmark with 70% slower ssd and other with 23% slower read speed all on 8700k,I have 8600k and I fear greatly.I would build my pc and use it by now but I am waiting with unopened 8600k,I am thinking I will return it,becose if ssd speeds are decreased,then no point in Optane or even Intel for me.


Quote:


> Originally Posted by *Particle*
> 
> I can do a test with an AMD 1950X and Samsung 950 Pro if you want. It's not exactly the environment you're after, but it would show what happens before and after with a relatively fast NVMe disk.


And I can do a test with an Intel 5960X and a 950 Pro, and a Intel 6700k and a 950 Pro, and they're both not patched yet so I can get a before and after.

I'll start a PM later so we can be sure we're using the same apps and same versions, but unfortunately I'm pulling a 13 hour shift today so it'll be a while.


----------



## AlphaC

Quote:


> Originally Posted by *Midnight ***per*
> 
> I made post asking members here to post ssd benchmark results pre and post patch if they have intel and optane 900p about two pages back in this thread.
> 
> I would be super grateful if you tried that! I will be getting Ryzen + 960 Pro or 8600k + 900P Optane,not sure what is better value for money for Ansys simulation that is too big to fit to ram and uses ssd.


https://www.youtube.com/watch?v=_qZksorJAuY

Roughly 10% loss in SSD read for over 4K random



about 20% loss in 4K read


*Meltdown* (rogue data cache load)
Redhat info
https://access.redhat.com/security/cve/CVE-2017-5754

Debian info
https://security-tracker.debian.org/tracker/CVE-2017-5754

CvE info
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754

NIST
https://nvd.nist.gov/vuln/detail/CVE-2017-5754

*Spectre* (bounds check bypass , branch target injection)
Redhat info
https://access.redhat.com/security/cve/CVE-2017-5753 , https://access.redhat.com/security/cve/CVE-2017-5715

Debian info
https://security-tracker.debian.org/tracker/CVE-2017-5753, https://security-tracker.debian.org/tracker/CVE-2017-5715

CVE info
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753 , https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715

Nist CVE info
https://nvd.nist.gov/vuln/detail/CVE-2017-5753 , https://nvd.nist.gov/vuln/detail/CVE-2017-5715


----------



## cx-ray

Quote:


> Originally Posted by *Midnight ***per*
> 
> I made post asking members here to post ssd benchmark results pre and post patch if they have intel and optane 900p about two pages back in this thread.
> 
> I would be super grateful if you tried that! I will be getting Ryzen + 960 Pro or 8600k + 900P Optane,not sure what is better value for money for Ansys simulation that is too big to fit to ram and uses ssd.


I did a quick before and after test with CrystalDiskMark 6.0.0 - Win 10 Pro 64 1709. Used my OS drive 900P 480GB and secondary drive 960 Pro 1GB. Both are connected through the PCIe lanes of a 7900X 4.8GHz CPU.

I'm only seeing a small difference in the single threaded 4KiB tests. The 960 Pro is about 3.5% slower there and the 900P around 7.3% slower. My impression it hits the 900P harder cause it's able to max out the CPU threads to ~80% in the single threaded tests and 100% in the multi threaded disk tests.


----------



## Curvy Groyper

Thank you all









AlphaC What cpu,and ssd you runned it at?


----------



## gigafloppy

Quote:


> Originally Posted by *AlphaC*
> 
> https://www.youtube.com/watch?v=_qZksorJAuY
> 
> Roughly 10% loss in SSD read for over 4K random


The only number I hear him saying is *23%* loss in SSD 4K random read.

Isn't the 10% loss for 16KB sequential?


----------



## Assirra

Quote:


> Originally Posted by *cx-ray*
> 
> On an Win 10 system that I haven't patched yet:
> 
> PS C:\WINDOWS\system32> Get-SpeculationControlSettings
> Speculation control settings for CVE-2017-5715 [branch target injection]
> 
> Hardware support for branch target injection mitigation is present: False
> Windows OS support for branch target injection mitigation is present: False
> Windows OS support for branch target injection mitigation is enabled: False
> 
> Speculation control settings for CVE-2017-5754 [rogue data cache load]
> 
> Hardware requires kernel VA shadowing: True
> Windows OS support for kernel VA shadow is present: False
> Windows OS support for kernel VA shadow is enabled: False
> 
> BTIHardwarePresent : False
> BTIWindowsSupportPresent : False
> BTIWindowsSupportEnabled : False
> BTIDisabledBySystemPolicy : False
> BTIDisabledByNoHardwareSupport : False
> KVAShadowRequired : True
> KVAShadowWindowsSupportPresent : False
> KVAShadowWindowsSupportEnabled : False
> KVAShadowPcidEnabled : False


Exactly what i got.
Is there some documentation of what all that means?


----------



## cx-ray

Quote:


> Originally Posted by *Assirra*
> 
> Exactly what i got.
> Is there some documentation of what all that means?


You can find additional info here:
https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s


----------



## Offler

This is BS:
Quote:


> In a default installation of Windows 7, Windows Server 2008 R2, and Windows Server 2012 customers will not have an anti-virus application installed by default. In these situations, Microsoft recommends installing a supported anti-virus application such as Microsoft Security Essentials or a third-party anti-virus application.


----------



## Particle

Quote:


> Originally Posted by *Offler*
> 
> This is BS:


It seems to be a limitation in the check. Microsoft has stated that they intend to remove the check once they're more confident that AV software is better behaved. Some AV solutions were causing BSODs with the patch enabled in testing. The check they wrote seems to be something along the lines of "if the security software reports as fully up to date, offer the patch" instead of being a blacklist.


----------



## Offler

Quote:


> Originally Posted by *Particle*
> 
> It seems to be a limitation in the check. Microsoft has stated that they intend to remove the check once they're more confident that AV software is better behaved. Some AV solutions were causing BSODs with the patch enabled in testing. The check they wrote seems to be something along the lines of "if the security software reports as fully up to date, offer the patch" instead of being a blacklist.


Lets put it this way. Among all Windows servers i worked on, 4 were 2016. Vast majority is 2008 R2 or 2012. I myself happen to have Win7 x64 Ult,..

So some users might have been subjected to:
a) BSODs
b) Risk until the AV provider approves the patch.
b) Installing 2 (or more) possibly conflicting AV solutions.


----------



## AlphaC

Meltdown patch

Windows 8.1 direct link https://www.catalog.update.microsoft.com/Search.aspx?q=KB4056898

Windows 7 SP1 https://www.catalog.update.microsoft.com/Search.aspx?q=KB4056897


----------



## GroinShooter

First tests on guru3d show rather minimal losses on a 5960x. Interesting to see how this all scales on lesser and older chips.


----------



## tashcz

So for now, last night I've seen AMD has been unflagged so they weren't caught by this. But whats the situation now?


----------



## tpi2007

Firefox already includes some mitigations in the latest version, with more to come:

https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
Quote:


> Several recently-published research articles have demonstrated a new class of timing attacks (Meltdown and Spectre) that work on modern CPUs. Our internal experiments confirm that it is possible to use similar techniques from Web content to read private information between different origins. The full extent of this class of attack is still under investigation and we are working with security researchers and other browser vendors to fully understand the threat and fixes. *Since this new class of attacks involves measuring precise time intervals, as a partial, short-term, mitigation we are disabling or reducing the precision of several time sources in Firefox.* This includes both explicit sources, like performance.now(), and implicit sources that allow building high-resolution timers, viz., SharedArrayBuffer.
> 
> Specifically, in all release channels, starting with 57:
> 
> The resolution of performance.now() will be reduced to 20µs.
> The SharedArrayBuffer feature is being disabled by default.
> 
> Furthermore, other timing sources and time-fuzzing techniques are being worked on.
> 
> In the longer term, we have started experimenting with techniques to remove the information leak closer to the source, instead of just hiding the leak by disabling timers. This project requires time to understand, implement and test, but might allow us to consider reenabling SharedArrayBuffer and the other high-resolution timers as these features provide important capabilities to the Web platform


----------



## RiverOfIce

Quote:


> Originally Posted by *tashcz*
> 
> So for now, last night I've seen AMD has been unflagged so they weren't caught by this. But whats the situation now?


I would be very careful about saying AMD is out of the woods on this.

From the Meltdown paper

"6.4 Limitations on ARM and AMD
We also tried to reproduce the Meltdown bug on several
ARM and AMD CPUs. However, we did not manage
to successfully leak kernel memory with the attack described
in Section 5, neither on ARM nor on AMD. The
reasons for this can be manifold. First of all, our implementation
might simply be too slow and a more optimized
version might succeed. For instance, a more shallow
out-of-order execution pipeline could tip the race
condition towards against the data leakage. Similarly,
if the processor lacks certain features, e.g., no re-order
buffer, our current implementation might not be able to
leak data. However, for both ARM and AMD, the toy
example as described in Section 3 works reliably, indicating
that out-of-order execution generally occurs and
instructions past illegal memory accesses are also performed."

https://meltdownattack.com/meltdown.pdf

They only tested limited number of processors and they could get it to do an out of order execution. I would not write off AMD out of this too soon. I would be very careful if you are using amd and not applying the patch until this can be looked at completely.


----------



## doritos93

Quote:


> Originally Posted by *RiverOfIce*
> 
> I would be very careful about saying AMD is out of the woods on this.
> 
> From the Meltdown paper
> 
> "6.4 Limitations on ARM and AMD
> We also tried to reproduce the Meltdown bug on several
> ARM and AMD CPUs. However, we did not manage
> to successfully leak kernel memory with the attack described
> in Section 5, neither on ARM nor on AMD. The
> reasons for this can be manifold. First of all, our implementation
> might simply be too slow and a more optimized
> version might succeed. For instance, a more shallow
> out-of-order execution pipeline could tip the race
> condition towards against the data leakage. Similarly,
> if the processor lacks certain features, e.g., no re-order
> buffer, our current implementation might not be able to
> leak data. However, for both ARM and AMD, the toy
> example as described in Section 3 works reliably, indicating
> that out-of-order execution generally occurs and
> instructions past illegal memory accesses are also performed."
> 
> https://meltdownattack.com/meltdown.pdf
> 
> They only tested limited number of processors and they could get it to do an out of order execution. I would not write off AMD out of this too soon. I would be very careful if you are using amd and not applying the patch until this can be looked at completely.


It's been stated multiple times that despite being vulnerable, the workaround/fix for these specific variants does not incur a performance penalty, which is precisely what everyone is worried about.


----------



## chispy

Guru3D testing - https://forums.guru3d.com/threads/windows-10-cpu-bug-fix-patch-benchmarks.418790/#post-5507311


----------



## Bing




----------



## tashcz

Well, I guess time will show for both intel and amd. What's bollocks is that we still have no solid info on this:

1. Will Intel make a HW solution to this in the next gen chips
2. What will REALLY be performance affected
3. What is REALLY possible to do on amd, and what's possible to do on intel
4. Don't buy any new CPUs currently.


----------



## nanotm

Quote:


> Originally Posted by *tashcz*
> 
> Well, I guess time will show for both intel and amd. What's bollocks is that we still have no solid info on this:
> 
> 1. Will Intel make a HW solution to this in the next gen chips
> 2. What will REALLY be performance affected
> 3. What is REALLY possible to do on amd, and what's possible to do on intel
> 4. Don't buy any new CPUs currently.


it will take if you are to believe them at least 4 years for a marketable cpu to be created


----------



## RiverOfIce

Quote:


> Originally Posted by *doritos93*
> 
> It's been stated multiple times that despite being vulnerable, the workaround/fix for these specific variants does not incur a performance penalty, which is precisely what everyone is worried about.


Quote:


> Originally Posted by *doritos93*
> 
> It's been stated multiple times that despite being vulnerable, the workaround/fix for these specific variants does not incur a performance penalty, which is precisely what everyone is worried about.


Quote:


> Originally Posted by *Bing*


Ok. Let me try this again. I am not talking about spectre. I am talking about meltdown. And according to the report AMD could be successfully attacked. I understand that AMD has said it is not vulnerable to this attack, but two weeks ago, Intel would have said the same thing. The fact that they got the the chip to do an out of order execution shows the possibility of
a meltdown type attack AMD being successful.

AMD has stated that meltdown can not work. The people testing have stated it maybe possible but so far AMD has not tested nor as researchers.

I really hate repeating myself. But both of you don't seem to understand that the only group saying that AMD is ok, is AMD. AMD has not be thoroughly tested like intel has.

So instead of using the "macs don't get viruses" type mentality, maybe we should all use a little caution here.


----------



## Offler

Quote:


> Originally Posted by *RiverOfIce*
> 
> Ok. Let me try this again. I am not talking about spectre. I am talking about meltdown. And according to the report AMD could be successfully attacked. I understand that AMD has said it is not vulnerable to this attack, but two weeks ago, Intel would have said the same thing. The fact that they got the the chip to do an out of order execution shows the possibility of
> a meltdown type attack AMD being successful.
> 
> AMD has stated that meltdown can not work. The people testing have stated it maybe possible but so far AMD has not tested nor as researchers.
> 
> I really hate repeating myself. But both of you don't seem to understand that the only group saying that AMD is ok, is AMD. AMD has not be thoroughly tested like intel has.
> 
> So instead of using the "macs don't get viruses" type mentality, maybe we should all use a little caution here.


Except you are wrong. After reading Meltdown whitepapers you would clearly found that the method does not work on AMD CPUs. You would also read that Specter method works on AMD CPUs only when certain feature is enabled.

But be not mistaken - its possible that new such method will be discovered which would work on AMD chips. But it has not happened yet.


----------



## RiverOfIce

Quote:


> Originally Posted by *tashcz*
> 
> Well, I guess time will show for both intel and amd. What's bollocks is that we still have no solid info on this:
> 
> 1. Will Intel make a HW solution to this in the next gen chips
> 2. What will REALLY be performance affected
> 3. What is REALLY possible to do on amd, and what's possible to do on intel
> 4. Don't buy any new CPUs currently.


Lol. This is not even in the top 100 computer bugs/hacks out there. In the grand scheme of things this is very low profile. Yes, it is a problem but not to the point of don't buy a computer. If this is going to get you not to buy a computer, then you need to leave the internet and live in a cave. Because this is mild compared to what is really out there.

Quote:


> Originally Posted by *nanotm*
> 
> it will take if you are to believe them at least 4 years for a marketable cpu to be created


No. Not even close. The people I talked to, intel, amd and arm are looking at changes to current production to fix this. It is a hardware fix but a minor one. Understand that we are in early days and everything I stated is 3rd party at best.


----------



## tashcz

Quote:


> Originally Posted by *RiverOfIce*
> 
> Lol. This is not even in the top 100 computer bugs/hacks out there. In the grand scheme of things this is very low profile. Yes, it is a problem but not to the point of don't buy a computer. If this is going to get you not to buy a computer, then you need to leave the internet and live in a cave. Because this is mild compared to what is really out there.
> No. Not even close. The people I talked to, intel, amd and arm are looking at changes to current production to fix this. It is a hardware fix but a minor one. Understand that we are in early days and everything I stated is 3rd party at best.


Tell that to AWS and Azure


----------



## jaredismee

Quote:


> Originally Posted by *ZealotKi11er*
> 
> Thanks for the update. Installed.
> 
> https://www.3dmark.com/compare/fs/13392748/fs/14602580#


you ran the gpu with a pretty large OC on memory after?

though the cpu scores look pretty much unchanged


----------



## RiverOfIce

Quote:


> Originally Posted by *Offler*
> 
> Except you are wrong. After reading Meltdown whitepapers you would clearly found that the method does not work on AMD CPUs. You would also read that Specter method works on AMD CPUs only when certain feature is enabled.
> 
> But be not mistaken - its possible that new such method will be discovered which would work on AMD chips. But it has not happened yet.


I really hate repeating myself.

Read what I posted.
Quote:


> Originally Posted by *Offler*
> 
> Except you are wrong. After reading Meltdown whitepapers you would clearly found that the method does not work on AMD CPUs. You would also read that Specter method works on AMD CPUs only when certain feature is enabled.
> 
> But be not mistaken - its possible that new such method will be discovered which would work on AMD chips. But it has not happened yet.


Quote:


> Originally Posted by *RiverOfIce*
> 
> I would be very careful about saying AMD is out of the woods on this.
> 
> From the Meltdown paper
> 
> "6.4 Limitations on ARM and AMD
> We also tried to reproduce the Meltdown bug on several
> ARM and AMD CPUs. However, we did not manage
> to successfully leak kernel memory with the attack described
> in Section 5, neither on ARM nor on AMD. The
> reasons for this can be manifold. First of all, our implementation
> might simply be too slow and a more optimized
> version might succeed. For instance, a more shallow
> out-of-order execution pipeline could tip the race
> condition towards against the data leakage. Similarly,
> if the processor lacks certain features, e.g., no re-order
> buffer, our current implementation might not be able to
> leak data.
> 
> https://meltdownattack.com/meltdown.pdf
> 
> They only tested limited number of processors and they could get it to do an out of order execution. I would not write off AMD out of this too soon. I would be very careful if you are using amd and not applying the patch until this can be looked at completely.


"However, for both ARM and AMD, the toy
example as described in Section 3 works reliably, indicating
that out-of-order execution generally occurs and
instructions past illegal memory accesses are also performed."

Read it.


----------



## Offler

Quote:


> Originally Posted by *RiverOfIce*
> 
> I really hate repeating myself.
> 
> Read what I posted.
> 
> "However, for both ARM and AMD, the toy
> example as described in Section 3 works reliably, indicating
> that out-of-order execution generally occurs and
> instructions past illegal memory accesses are also performed."
> 
> Read it.


But that would be a different vulnerability and a different exploit, not Meltdown.


----------



## Lipos

List of affected Intel Products:
Quote:


> The following Intel-based platforms are impacted by this issue. Intel may modify this list at a later time. Please check with your system vendor or equipment manufacturer for more information regarding updates for your system.
> 
> Intel® Core™ i3 processor (45nm and 32nm)
> Intel® Core™ i5 processor (45nm and 32nm)
> Intel® Core™ i7 processor (45nm and 32nm)
> Intel® Core™ M processor family (45nm and 32nm)
> 2nd generation Intel® Core™ processors
> 3rd generation Intel® Core™ processors
> 4th generation Intel® Core™ processors
> 5th generation Intel® Core™ processors
> 6th generation Intel® Core™ processors
> 7th generation Intel® Core™ processors
> 8th generation Intel® Core™ processors
> Intel® Core™ X-series Processor Family for Intel® X99 platforms
> Intel® Core™ X-series Processor Family for Intel® X299 platforms
> Intel® Xeon® processor 3400 series
> Intel® Xeon® processor 3600 series
> Intel® Xeon® processor 5500 series
> Intel® Xeon® processor 5600 series
> Intel® Xeon® processor 6500 series
> Intel® Xeon® processor 7500 series
> Intel® Xeon® Processor E3 Family
> Intel® Xeon® Processor E3 v2 Family
> Intel® Xeon® Processor E3 v3 Family
> Intel® Xeon® Processor E3 v4 Family
> Intel® Xeon® Processor E3 v5 Family
> Intel® Xeon® Processor E3 v6 Family
> Intel® Xeon® Processor E5 Family
> Intel® Xeon® Processor E5 v2 Family
> Intel® Xeon® Processor E5 v3 Family
> Intel® Xeon® Processor E5 v4 Family
> Intel® Xeon® Processor E7 Family
> Intel® Xeon® Processor E7 v2 Family
> Intel® Xeon® Processor E7 v3 Family
> Intel® Xeon® Processor E7 v4 Family
> Intel® Xeon® Processor Scalable Family
> Intel® Xeon Phi™ Processor 3200, 5200, 7200 Series
> Intel® Atom™ Processor C Series
> Intel® Atom™ Processor E Series
> Intel® Atom™ Processor A Series
> Intel® Atom™ Processor x3 Series
> Intel® Atom™ Processor Z Series
> Intel® Celeron® Processor J Series
> Intel® Celeron® Processor N Series
> Intel® Pentium® Processor J Series
> Intel® Pentium® Processor N Series


https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr


----------



## jaredismee

Quote:


> Originally Posted by *RiverOfIce*
> 
> I really hate repeating myself.
> 
> Read what I posted.
> 
> "However, for both ARM and AMD, the toy
> example as described in Section 3 works reliably, indicating
> that out-of-order execution generally occurs and
> instructions past illegal memory accesses are also performed."
> 
> Read it.


so basically spectre can be run in certain scenarios but they have yet to reproduce meltdown on any amd cpus.

edit: is that not what section 3 was in the linked pdf?


----------



## figuretti

Apparently AMD is disabling the Branch Prediction on their CPU's, that's the reason they say the impact is minimun (this is for Spectre-1)

https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.html
Quote:


> This update for kernel-firmware fixes the following issues:
> 
> - Add microcode_amd_fam17h.bin (bsc#1068032 CVE-2017-5715)
> 
> This new firmware disables branch prediction on AMD family 17h processor
> to mitigate a attack on the branch predictor that could lead to
> information disclosure from e.g. kernel memory (bsc#1068032 CVE-2017-5715).


----------



## nanotm

Quote:


> Originally Posted by *RiverOfIce*
> 
> No. Not even close. The people I talked to, intel, amd and arm are looking at changes to current production to fix this. It is a hardware fix but a minor one. Understand that we are in early days and everything I stated is 3rd party at best.


funny it was the intel ceo who stated that live on air during an interview this week when asked how soon the problem could be eradicated from the hardware side since it would require a complete redesign of how all the modules work and would also need them to get rid of shared memory completely (he might have been speaking about all 5 of the intel problem related to their cpu's though rather than just the simple hypervisor and fp tweaks to mitigate the spectre problem)


----------



## Offler

Quote:


> Originally Posted by *jaredismee*
> 
> so basically spectre can be run in certain scenarios but they have yet to reproduce meltdown on any amd cpus.
> 
> edit: is that not what section 3 was in the linked pdf?


Spectre on AMD can run only up to certain extent, when eBPF JIT is enabled (which is not a default state). Once this vulnerability is completely fixed by upcoming patches, Specter as a method stop work, and possible development of meltdown-like attack on AMD CPUs is questionable.


----------



## tpi2007

Quote:


> Originally Posted by *figuretti*
> 
> Apparently AMD is disabling the Branch Prediction on their CPU's, that's the reason they say the impact is minimun (this is for Spectre-1)
> 
> https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.html
> Quote:
> 
> 
> 
> This update for kernel-firmware fixes the following issues:
> 
> - Add microcode_amd_fam17h.bin (bsc#1068032 CVE-2017-5715)
> 
> This new firmware disables branch prediction on AMD family 17h processor
> to mitigate a attack on the branch predictor that could lead to
> information disclosure from e.g. kernel memory (bsc#1068032 CVE-2017-5715).
Click to expand...











Wait, what? How can disabling the branch predictor on all Ryzen CPUs not bring a major performance penalty?


----------



## figuretti

Quote:


> Originally Posted by *tpi2007*
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> Wait, what? How can disabling the branch predictor on all Ryzen CPUs not bring a major performance penalty?


Looks like it's not all branch prediction, just a specific case. AMD call it "negligible performance hit" for that reason.


----------



## Offler

Will be this available for legacy AMD products as well? (hm)


----------



## tpi2007

Quote:


> Originally Posted by *figuretti*
> 
> Quote:
> 
> 
> 
> Originally Posted by *tpi2007*
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> Wait, what? How can disabling the branch predictor on all Ryzen CPUs not bring a major performance penalty?
> 
> 
> 
> Looks like it's not all branch prediction, just a specific case. AMD call it "negligible performance hit" for that reason.
Click to expand...

Ah, that description is severely lacking then.


----------



## figuretti

It has begun...
https://twitter.com/ChadLevy/status/948977730950807552
Quote:


> Two of my VMs on Azure have been updated to patched hosts. SQL Server VM is running fine but a Mongo VM is seeing nearly double CPU usage.


----------



## tpi2007

For those that missed it, here are the patches for Windows 7 and 8.1. And also, the patches for IE 11 for these two OSes.

Windows 7:

Patches for all Windows 7 and Windows Server 2008 R2 SP1 versions: https://www.catalog.update.microsoft.com/Search.aspx?q=KB4056897

Associated article: https://support.microsoft.com/en-us/help/4056897/windows-7-update-kb4056897

Windows 8.1:

Patches for all Windows 8.1 and Windows Server 2012 R2 Standard versions: https://www.catalog.update.microsoft.com/Search.aspx?q=KB4056898

Associated article: https://support.microsoft.com/en-us/help/4056898/windows-81-update-kb4056898

IE 11 Cumulative security update for all versions of Windows 7, 8.1, Windows Server 2008 R2 SP1 and 2012 R2: https://www.catalog.update.microsoft.com/search.aspx?q=kb4056568

Associated article: https://support.microsoft.com/en-ie/help/4056568/cumulative-security-update-for-internet-explorer


----------



## jagdtigger

Still cant understand why MS still bundling updates up, im gonna pass this one too as usual...


----------



## tpi2007

Here's an article with useful links: https://www.theverge.com/2018/1/4/16848976/how-to-protect-windows-pc-meltdown-security-flaw

Among them it links to this useful list being compiled by security experts on what Anti-virus solutions are ready for the patches. It's being updated.

For now, Microsoft, Kaspersky, ESET, Symantec Endpoint Protection, Avast and F-Secure are ready to go; the others are working on it.


----------



## Particle

Quote:


> Originally Posted by *tpi2007*
> 
> Here's an article with useful links: https://www.theverge.com/2018/1/4/16848976/how-to-protect-windows-pc-meltdown-security-flaw
> 
> Among them it links to this useful list being compiled by security experts on what Anti-virus solutions are ready for the patches. It's being updated.
> 
> For now, Microsoft, Kaspersky, ESET, Symantec Endpoint Protection, Avast and F-Secure are ready to go; the others are working on it.


I wonder if Microsoft EMET works with it.


----------



## figuretti

Good news everyone (?)

http://www.tomshardware.com/news/meltdown-spectre-exploit-browser-javascript,36221.html
Quote:


> Two CPU architecture flaws called Meltdown and Spectre were recently unveiled to affect primarily Intel, but also ARM and AMD (Spectre-only). Microsoft, Mozilla, and Google have now come out and said that attackers could exploit these flaws through your browser. However, temporary fixes are coming soon.


----------



## Echoa

Quote:


> Originally Posted by *mouacyk*
> 
> Do I sense a wave of incoming cheap Xeons for hobbyists?
> 
> 
> 
> 
> 
> 
> 
> Sorry...


I'm all for this lol


----------



## Dunan

So for those of us that were planning an upgrade to their Intel CPU's, is it worth investing in another one at this point or should we start looking at AMD?

If it's a permanent performance cripple then what's the point of upgrading to another one?


----------



## NBrock

Got the update. Other than whatever updates MS pushed breaking Nvidia drivers so bad I needed to DDU and reinstall I am not having any performance issues in initial testing. Cinebench and CPUz show no performance loss. I'll check some other stuff in a bit. Running Windows 10 and i7 5775c.

My reason for testing those was that I saw people claiming that they had a big loss in performance on both.

Edit:

Ran AIDA64 cache and memory bench as well. No big changes only thing that was down was L4 read but I noticed this bench varies run to run. It's not down enough for me to care at all.


----------



## NBrock

Quote:


> Originally Posted by *Dunan*
> 
> So for those of us that were planning an upgrade to their Intel CPU's, is it worth investing in another one at this point or should we start looking at AMD?
> 
> If it's a permanent performance cripple then what's the point of upgrading to another one?


I am pretty sure the majority of the performance issues people are going to see are on the server/datacenter side of things like VMs and SQL servers.


----------



## Curvy Groyper

Is it possible to switch that fix on when online and switch it off when offline? I am still deciding what version of windows to install,I have both 7 and 10.I would like to be able to turn it off so I get maximum performance for productivity when I am doing work on my workstation and thrn turn it on for safe internet browsing.


----------



## Marios145

Quote:


> Originally Posted by *figuretti*
> 
> Good news everyone (?)
> 
> http://www.tomshardware.com/news/meltdown-spectre-exploit-browser-javascript,36221.html
> Quote:
> 
> 
> 
> Two CPU architecture flaws called Meltdown and Spectre were recently unveiled to affect primarily Intel, but also ARM and AMD (Spectre-only). Microsoft, Mozilla, and Google have now come out and said that attackers could exploit these flaws through your browser. However, temporary fixes are coming soon.
Click to expand...

Where's that kithylin guy claiming something about sandbox and separate processes and not downloading exes?


----------



## Anty

Just ignore him. Not worth it...


----------



## NBrock

Quote:


> Originally Posted by *Midnight ***per*
> 
> Is it possible to switch that fix on when online and switch it off when offline? I am still deciding what version of windows to install,I have both 7 and 10.I would like to be able to turn it off so I get maximum performance for productivity when I am doing work on my workstation and thrn turn it on for safe internet browsing.


Depending on what type of work you are doing I doubt you would see any performance hit. Rendering on my CPU based on a few benchmarks so far doesn't seem to have changed. Same with zipping and unzipping as well as compression.


----------



## nanotm

Quote:


> Originally Posted by *NBrock*
> 
> Depending on what type of work you are doing I doubt you would see any performance hit. Rendering on my CPU based on a few benchmarks so far doesn't seem to have changed. Same with zipping and unzipping as well as compression.


so long as your not trying to push files out of the pc you shouldn't notice too much in terms of speed change, backups to external devices will be a lot slower though file transfers from drive to drive will be slightly slower, and if your compiling video from one location through your pc it will hurt quite a lot

its all about I/O which is why pci-e is getting hit so hard for some folks

and lets be honest here, not one of those people performing those "tests" has disabled HT as per the advisory 6 months ago nor have the installed the beta bios that disables HT because of that other "hardware feature" intel stuck on your pc thats literally an open door to anyone with the default credentials and your ip address....

so as has already been mentioned a fully secured anthill processor (following all the recent advisories and patches implemented) will be up to 50% slower across the board... especially those 6th sand 7th gen cpu's


----------



## Particle

Quote:


> Originally Posted by *Marios145*
> 
> Where's that kithylin guy claiming something about sandbox and separate processes and not downloading exes?


Who knows. He didn't seem interested in being educated and wasn't contributing anything meaningful to the conversation so I block listed him.


----------



## Offler

Quote:


> Originally Posted by *Midnight ***per*
> 
> Is it possible to switch that fix on when online and switch it off when offline? I am still deciding what version of windows to install,I have both 7 and 10.I would like to be able to turn it off so I get maximum performance for productivity when I am doing work on my workstation and thrn turn it on for safe internet browsing.


https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution

If I understandit right, there is a switch in registers. Would require reboot but still fine ...


----------



## superstition222

Quote:


> Originally Posted by *NBrock*
> 
> Cinebench and CPUz show no performance loss. I'll check some other stuff in a bit. Running Windows 10 and i7 5775c.


Cinebench doesn't respond much to memory bandwidth in the first place, does it?
Quote:


> Originally Posted by *nanotm*
> 
> its all about I/O which is why pci-e is getting hit so hard for some folks


Interesting.
Quote:


> Originally Posted by *nanotm*
> 
> and lets be honest here, not one of those people performing those "tests" has disabled HT as per the advisory 6 months ago nor have the installed the beta bios that disables HT because of that other "hardware feature" intel stuck on your pc thats literally an open door to anyone with the default credentials and your ip address....


So the so-called fix for the hyperthreading bug added in a backdoor?


----------



## Ascii Aficionado

From what I've reading we need OS, browser, and motherboard bios patches ?

I have the Windows 10 patch, does this mean the motherboard bios fixes could also introduce slowdowns ?


----------



## kx11

installed the patch now , tested GB 4.2..0 benchmark and i gained almost 1420 points

here's a comparison (before is on the left and after Right )

https://browser.geekbench.com/v4/cpu/compare/5695703?baseline=6123682


----------



## superstition222

Quote:


> Originally Posted by *Bing*


Useful. Thanks.


----------



## Lipos

Quote:


> Originally Posted by *Ascii Aficionado*
> 
> From what I've reading we need OS, browser, and motherboard bios patches ?


Depends on what we are talking about. If I'm not mistaken:

Variant 1 (Spectre) needs Applications to be updated,
Variant 2 (Spectre) needs a microcode update from the CPU Vendor or a software mitigation like Google's Retpoline and
Variant 3 (Meltdown) needs a fix in the OS.

All according to the latest Google Update.

https://security.googleblog.com/2018/01/more-details-about-mitigations-for-cpu_4.html


----------



## superstition222

Quote:


> Originally Posted by *Lipos*
> 
> Depends on what we are talking about. If I'm not mistaken:
> 
> Variant 1 (Spectre) needs Applications to be updated,


Not for AMD users running Zen chips, unless they stupidly change the requisite default BIOS setting, right? Is it actually true, also, that it can only happen under Linux for some reason even if people do custom-change that BIOS setting?

If that graphic I reposted is accurate, AMD Zen users don't need any of these things, unless they need to change the pertaining BIOS feature for some reason (under just Linux?).

So, in terms of it depends upon what we're talking about, we'd be specifically talking about what needs to be done for Intel users.
Quote:


> Originally Posted by *Lipos*
> 
> List of affected Intel Products:
> https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr


I've always wondered why Tails says it requires a 45nm Intel CPU or later.










Also, on another topic. I read a claim from some article today that IBM's Power chips are affected. Is that Spectre, Meltdown, or both? Is there any good info about this somewhere?


----------



## Lipos

Quote:


> Originally Posted by *superstition222*
> 
> Not for AMD users running Zen chips, unless they stupidly change the requisite default BIOS setting, right? Is it actually true, also, that it can only happen under Linux for some reason even if people do custom-change that BIOS setting?
> 
> If that graphic I reposted is accurate, AMD Zen users don't need any of these things, unless they need to change the pertaining BIOS feature for some reason (under just Linux?).
> 
> So, in terms of it depends upon what we're talking about, we'd be specifically talking about what needs to be done for Intel users.


Don't know if it's only Linux for AMD, but according to them Variant 1 is resolved by software (or the OS). And according to Google Project Zero IIRC it only affects AMD CPU's under "non-default configurations".

And since AMD isn't affected by Meltdown und there is a "near zero risk" (their own words) for Spectre Variant 2 I'd say as an AMD User you don't need anything as of right now. At least in terms of the 3 variants we know so far.


----------



## superstition222

Quote:


> Originally Posted by *Lipos*
> 
> Don't know if it's only Linux for AMD, but according to them Variant 1 is resolved by software (or the OS). And according to Google Project Zero IIRC it only affects AMD CPU's under "non-default configurations".
> 
> And since AMD isn't affected by Meltdown und there is a "near zero risk" (their own words) for Spectre Variant 2 I'd say as an AMD User you don't need anything as of right now. At least in terms of the 3 variants we know so far.


Thanks. The reason I'm parsing this specifically is because so much of the media reporting is implying that AMD is just so affected. Even if they don't imply that AMD is affected by meltdown they make Spectre sound really terrible and unavoidable - without saying anything about AMD and non-default BIOS (even under Linux, even).

Maybe it's sloppiness. Maybe it's to make Intel happy. Whatever the reason(s) I'm not impressed.


----------



## OutlawII

All of this sounds kind of blown out of proportion to me, as far as performance hits. And i would bet we will soon find out that AMD has alot of the same issues. Hopefully it all gets worked out


----------



## superstition222

Quote:


> Originally Posted by *OutlawII*
> 
> All of this sounds kind of blown out of proportion to me, as far as performance hits. And i would bet we will soon find out that AMD has alot of the same issues. Hopefully it all gets worked out


This post would be more understandable if it were on page 1 or 2 of this topic.


----------



## OutlawII

Quote:


> Originally Posted by *superstition222*
> 
> This post would be more understandable if it were on page 1 or 2 of this topic.


Believe what you want most of the info out is still guesses and heresay. Nobody knows 100% not yet anyway


----------



## superstition222

Quote:


> Originally Posted by *OutlawII*
> 
> Believe what you want most of the info out is still guesses and heresay. Nobody knows 100% not yet anyway


There is a difference between 100% knowledge and hypotheses without data. Again, you should have used these points on page 1 or 2.


----------



## Forceman

Quote:


> Originally Posted by *superstition222*
> 
> This post would be more understandable if it were on page 1 or 2 of this topic.


He's right that so far all the real-world testing of typical consumer usage shows a negligible performance impact. It may matter a lot for datacenters, but that's not really relevant to most people here.


----------



## OutlawII

Quote:


> Originally Posted by *superstition222*
> 
> There is a difference between 100% knowledge and hypotheses without data. Again, you should have used these points on page 1 or 2.


What is your problem? I will use my point on whatever page i want you dont need to comment on what i post or do you? Go back to your safeplace it will be ok


----------



## guttheslayer

Quote:


> Originally Posted by *gigafloppy*
> 
> Now we know why Coffee Lake was launched months ahead of time. Who's going to buy a new Intel CPU now? It's either Ryzen or wait for a nextgen (fixed) Intel CPU.


Intel openly admit they have been using the same exact architecture for the past 10 years.

Kudo to their anti innovation


----------



## superstition222

Quote:


> Originally Posted by *OutlawII*
> 
> What is your problem? I will use my point on whatever page i want you dont need to comment on what i post or do you? Go back to your safeplace it will be ok


My point is that your posts reflect a lack of reading. Read the pages in the topic as others have and don't post nonsense.

"Oh, gee... No one knows anything and I'm sure we'll find out AMD is just as affected!"


----------



## superstition222

Quote:


> Originally Posted by *guttheslayer*
> 
> Intel openly admit they have been using the same exact architecture for the past 10 years.
> 
> Kudo to their anti innovation


x86 is older than that. Yet, it continues to be the platform of choice for much of the industry for various reasons, like backward compatibility.

The age of an architecture isn't a problem as long as there isn't anything better, better not just being the tech efficiency but also the efficiency of deployment.


----------



## KarathKasun

Quote:


> Originally Posted by *Defoler*
> 
> A system that doesn't get outside javascript, this is also a none issue. Do you think you can send a javascrpty to run on PUBG / blizzard / whatever servers through the client?
> I don't think a closed system has anything to worry about.
> A full open system is vulnerable.
> Thought getting to exploit this through javascript feels like a stretch to pull it off.


It does not require javascript. JS is a well sandboxed and widely used interpreted language, which is likely why it was used as an example. You can, in theory, trigger this bug with any arbitrary code that is executed or processed.

I would not be surprised if you could craft a JPEG/PNG to hit the same vulnerability.


----------



## JackCY

Quote:


> Originally Posted by *Bing*


And ARM as in most phablets, network devices, etc.?

Yeah guttheslayer. No competition, no innovation, they only push forward when ARM or AMD is stepping on their toes. Now they have AMD, ARM and Nvidia, well not AMD anymore much when they got GPU and people from AMD to fight Nvidia...


----------



## KarathKasun

Quote:


> Originally Posted by *superstition222*
> 
> x86 is older than that. Yet, it continues to be the platform of choice for much of the industry for various reasons, like backward compatibility.
> 
> The age of an architecture isn't a problem as long as there isn't anything better, better not just being the tech efficiency but also the efficiency of deployment.


Speculative execution as is present in the Core series has in not part of X86, it is an addition that improves performance.

Also, architecture as used on these forums (Intel Core) is not the same as the ISA (x86).


----------



## superstition222

Quote:


> Originally Posted by *KarathKasun*
> 
> Speculative execution as is present in the Core series has in not part of X86, it is an addition that improves performance.
> 
> Also, architecture as used on these forums (Intel Core) is not the same as the ISA (x86).


So? My point is just that complaining about how old something is is pointless unless there is something better, better not just in terms of the tech's innate efficiency but also in its efficiency of deployment. Cost/benefit ratio often trumps the latest coolest tech.

The wheel is old tech. A lot of the time it's very useful in the present day.


----------



## Vlada011

Quote:


> Originally Posted by *guttheslayer*
> 
> Intel openly admit they have been using the same exact architecture for the past 10 years.
> 
> Kudo to their anti innovation


How many times I told you that Intel is Vacum. Suck your money as vacum.
And how many times I told that they will not be able to compete to AMD and become real leader until they build NEW NEXT GEN CORE.
We live on Nehalem glory.

Dear god, people invest in i9 like crazy.
I thought to upgrade on some Broadwell-E with more cores because for games i7-6900K and i7-6950X on same clock are better than Skylake-X.
But now, nothing until LGA3xxx and DDR5.

Intel is not culprit, WE ARE CULPRITS. People who feel bad and read whole day difference between i7-6700K and i7-7700K.
And conclusion... DAMN HE WORK ON 5.0GHz, I MUST UPGRADE. For 10 months i7-8700K, DAMN HE HAVE 6 CORES, HEY 6 CORES, ALMOST AS I7-5960X, I MUST UPGRADE.
And with them, Maximus 8 Formula 1151 V1, 360$, for 10 months for 5.0GHz I need Maximux IX Extreme 500$ 1151 V2, for 10 months now for 6 cores Hey Where is M10E, 1151 V3, I want Extreme, I don't want Formula worth 450$. Hey 450$ Formula. That was Rampage III Extreme Black Edition. All of them same socket, and for Z390 again 1151 V4. WE ARE CULPRITS, DON'T BLAME INTEL.

When I remember USB 3.1 Gen 2 in 2015. Now is 2018. Who have USB 3.1 Gen 2 device.
Who want to pay 6 times higher price of 1TB External HDD than USB 3.0. We fight for USB 3.1, people couldn't sleep because motherboard not support him.
They will use him 2022 first time.

What will happen with performance of users who want to get rid of this Windows 10 Updates and use Win 10 1509 without any new update, patch, etc...


----------



## nanotm

Quote:


> Originally Posted by *Vlada011*
> 
> How many times I told you that Intel is Vacum. Suck your money as vacum.
> And how many times I told that they will not be able to compete to AMD and become real leader until they build NEW NEXT GEN CORE.
> We live on Nehalem glory.
> 
> Dear god, people invest in i9 like crazy.
> I thought to upgrade on some Broadwell-E with more cores because for games i7-6900K and i7-6950X on same clock are better than Skylake-X.
> But now, nothing until LGA3xxx and DDR5.
> 
> Intel is not culprit, WE ARE CULPRITS. People who feel bad and read whole day difference between i7-6700K and i7-7700K.
> And conclusion... DAMN HE WORK ON 5.0GHz, I MUST UPGRADE. For 10 months i7-8700K, DAMN HE HAVE 6 CORES, HEY 6 CORES, ALMOST AS I7-5960X, I MUST UPGRADE.
> And with them, Maximus 8 Formula 1151 V1, 360$, for 10 months for 5.0GHz I need Maximux IX Extreme 500$ 1151 V2, for 10 months now for 6 cores Hey Where is M10E, 1151 V3, I want Extreme, I don't want Formula worth 450$. Hey 450$ Formula. That was Rampage III Extreme Black Edition. All of them same socket, and for Z390 again 1151 V4. WE ARE CULPRITS, DON'T BLAME INTEL.
> 
> When I remember USB 3.1 Gen 2 in 2015. Now is 2018. Who have USB 3.1 Gen 2 device.
> Who want to pay 6 times higher price of 1TB External HDD than USB 3.0. We fight for USB 3.1, people couldn't sleep because motherboard not support him.
> They will use him 2022 first time.


i was with you right up to the usb c comment, half the phones in my house use that connector so its handy having a pci-e usb3.1 port plugged into my old sabrekitty, since the usb3 port on the mobo means loading the files onto them takes an extra 20 minutes lol


----------



## Curvy Groyper

Anybody with Ansys or somekind of FEA/CFD software? I read that ssd speeds especialy for fast ssd like 960 pro are hit hardest by the patch,when these simulations run out of ram,then they start using ssd,ssd becomes bottleneck.Can you try how long does it take for your pc to finish the simulation pre and post patch with simulation so big it cant fit into ram and it writes and reads many gigabytes to ssd?


----------



## Vlada011

God help me to find some cheap i7-6950X and I will replace him when i3 reach his performance in multi apps.

How they think to distribut Patch.. Performance Loss to Us? Hahaaa haaaaa
Windows Update?
Now enthusiasts are not important and their performance.
Intel think only how to fix that no matter what will happen.

Nice, with 1709 PC Sound is ruined, and many other things, but this is one of most important.
Now new Update for performance loss. What will happen to users who back to Win 7.


----------



## Echoa

Quote:


> Originally Posted by *Vlada011*
> 
> God help me to find some cheap i7-6950X and I will replace him when i3 reach his performance in multi apps.
> 
> How they think to distribut Patch.. Performance Loss to Us? Hahaaa haaaaa
> Windows Update?
> Now enthusiasts are not important and their performance.
> Intel think only how to fix that no matter what will happen.
> 
> Nice, with 1709 PC Sound is ruined, and many other things, but this is one of most important.
> Now new Update for performance loss. What will happen to users who back to Win 7.


The performance loss likely won't be noticable in home/non datacenter situations. You can just download the fix, get on with your day. Synthetics blow the actual hit out of proportion and realistically it's negligible in most scenerios


----------



## cekim

I think we need a 2-pronged solution to this problem:
1. death penalty for intentional/malicious hacking. After due process of course, but drone strikes for the lot the bastages that have us at Defcon 2 all the time gaurding against this sort of thing.

2. allow for - structure the OS assuming 2 distinct types of apps - trusted and untrusted. untrusted run not just in a sand-box, but in an interpreted VM that has no hardware acceleration. Old-school QEMU-style modeling of instructions. My web browser does not need access to the hardware... webGL now engages my laptop's second GPU at full speed and sucks my battery down so that youtube can serve MOAR ads. Cut that junk out...

Of course #2 has some issues right now:
a. QEMU is really buggy - a vector for abuse in its own right at prsent
b. Whatever the VM, it will come with a performance penalty and will require constant and vigorous verification to ensure its "safe".

I am more than willing to have my web browsing run a little slow if it means that the rest of my internal net does not have to wait for the next security shoe to drop.


----------



## cekim

Quote:


> Originally Posted by *Vlada011*
> 
> Now new Update for performance loss. What will happen to users who back to Win 7.


They will join the 10Billion strong IoT botnet created by the deployment of new exploits based on these class of bugs and lack of patching of course...









Off to brush on my stone tablet chiseling skills for the next epoch in secure computing...

On the bright side, looking forward to some dirt cheap server hardware flooding ebay soon.









Dead to the AAA IT crowd once the next rev of chips fixing this comes out, but for me, behind a wall with no users but me...







Doesn't need to be secure if it has no direct connection to the outside world.


----------



## tashcz

... and they told me my pentium 3 was collecting dust! I'ma rent it to let people make payments from it, ha!


----------



## Jpmboy

Quote:


> Originally Posted by *NBrock*
> 
> Depending on what type of work you are doing I doubt you would see any performance hit. Rendering on my CPU based on a few benchmarks so far doesn't seem to have changed. Same with zipping and unzipping as well as compression.


hey bud, specifically which update/patch are you referring to?


----------



## Vlada011

I will not download any fix. I back to Windows 10 first version and disable all Updates and connection with MS.
This is tragedy for some people. We know that biggest profit to Intel arrive from enthusiasts who use computer only to measure performance and download new drivers, new benchmarks softwares and compare performance.
For them this is tragedy.

Performance loss will be bigger than performance gain after upgrade from i7-6700K to i7-7700K.
We need to upgrade instantly to compensate performance loss.
Intel lost touch with reality

i5 Kaby Lake-X for Rampage VI Extreme 650$ worth.
Intel i9-7980XE 2000$ worth with thermal paste.
400-600$ motherboards no compatibility with Xeons.
All Xtreme cheaper than 1000$ 28 PCI-E lanes.
Xeons shame in comparison with EPYC,
Intel mainstream shame in comparison with Ryzen
Intel Xtreme 1000$ worth weaker than AMD 1000$ worth CPU,
1151 V4 ready to accept 9th generation with 8 cores faster than i7-7820X Xtreme few months old.
This list could continue forever.


----------



## cekim

Quote:


> Originally Posted by *Jpmboy*
> 
> hey bud, specifically which update/patch are you referring to?


Windows insider, super-geek, early access, inner ring, circling the bowl already got "the patch" - it rolls out everywhere else next Tuesday from what I've read.

A few reviewers have tested it reasonably well and its a yawn for gamers but benchmarks and HPC that involves DBs and I/O are potentially in for quite a bit more hurt at this point.

Linux kernel also got various patches...


----------



## cekim

Quote:


> Originally Posted by *Vlada011*
> 
> I will not download any fix. I back to Windows 10 first version and disable all Updates and connection with MS.
> This is tragedy for some people. We know that biggest profit to Intel arrive from enthusiasts who use computer only to measure performance and download new drivers, new benchmarks softwares and compare performance.
> For them this is tragedy.
> 
> Performance loss will be bigger than performance gain after upgrade from i7-6700K to i7-7700K.
> We need to upgrade instantly to compensate performance loss.
> Intel lost touch with reality
> 
> i5 Kaby Lake-X for Rampage VI Extreme 650$ worth.
> Intel i9-7980XE 2000$ worth with thermal paste.
> 400-600$ motherboards no compatibility with Xeons.
> All Xtreme cheaper than 1000$ 28 PCI-E lanes.
> Xeons shame in comparison with EPYC,
> Intel mainstream shame in comparison with Ryzen
> Intel Xtreme 1000$ worth weaker than AMD 1000$ worth CPU,
> 1151 V4 ready to accept 9th generation with 8 cores faster than i7-7820X Xtreme few months old.
> This list could continue forever.


I huge, giant, steaming "depends".

So far, even the first, hasty, perhaps not the only way to fix this, patch shows negligible-to-zero degradation in gaming and render performance.

The issue is your interaction with I/O and the OS - the more you do, the more it costs. I've seen multiple benchmarks that showed effectively zero hit in anything but things like 4k random nvme performance in synthetics.

I'm not happy about this - don't get me wrong - and I may very well partition machines into 2 groups to avoid updating as long as possible for machines that are physically isolated sufficiently to not need it, but it may not be nearly as bad as you are painting it (as bad as it is).


----------



## iamjanco

The saga continues:

Subject Re: Bricked x86 CPU with software?
From Hector Martin 'marcan' <>
Date Fri, 5 Jan 2018 10:29:25 +0900

On 2018-01-05 10:21, Tim Mouraveiko wrote:
>> On Thu 2018-01-04 14:13:56, Tim Mouraveiko wrote:
>> Actually... I don't think your code works. That's why I'm curious. But
>> if it works, its rather a big news... and I'm sure Intel and cloud
>> providers are going to be interested.
>>
>
> I first discovered this issue over a year ago, quite by accident. I changed the code I was
> working on so as not to kill the CPU (as that is not what I was trying to). We made Intel aware
> of it. They didn´t care much, one of their personnel suggesting that they already knew about it
> (whether this is true or not I couldn´t say). It popped up again later, so I had to fix the code
> again. It could be a buggy implementation of a certain x86 functionality, but I left it at that
> because I had better things to do with my time.
>
> Now this news came up about meltdown and spectre and I was curious if anyone else had
> experienced a dead CPU by software, too. Meltdown and spectre are undeniably a problem,
> but the magnitude and practicality of it is questionable.
>
> I suspect that what I discovered is either a kill switch, an unintentional flaw that was
> implemented at the time the original feature was built into x86 functionality and kept
> propagating through successive generations of processors, or could well be that I have a
> very destructive and targeted solar flare that is after my CPUs. So, I figured I would put the
> question out there, to see if anyone else had a similar experience. Putting the solar flare idea
> aside, I can´t conclusively say whether it is a flaw or a feature. Both options are supported at
> this time by my observations of the CPU behavior.
>

If you made Intel aware of the issue a year ago, and they weren't
interested, then the responsible thing to do is disclose the problem
publicly. This is a security issue (if trusted code can brick a CPU,
it's an issue for bare metal hosting providers; if untrusted code can
brick a CPU, it's a *huge* issue for every cloud provider and many, many
others who run code in various sandboxes). If the vendor is not
receptive to coordinated disclosure, the only option is public
disclosure to at least make people aware of the problem and allow for
mitigations to be developed, if possible.

Personally, I would be very interested in seeing such code. We've seen
several ways to brick nonvolatile firmware (writable BIOSes, bad CMOS
data, etc.), but bricking a CPU is a first. The only way that can happen
is either blowing a kill fuse, or causing actual hardware damage, since
CPUs have no nonvolatile memory other than fuses. Either way this would
be a very interesting result.

Source: *Re: Bricked x86 CPU with software?*


----------



## figuretti

https://www.reddit.com/r/intel/comments/7o5hbi/psa_windows_update_doesnt_automatically_activate/
Quote:


> Lots of misinformation going on in the net. *Yesterdays update does not automatically fix all issues.*
> 
> https://support.microsoft.com/en-us/help/4073119/windows-client-guidance-for-it-pros-to-protect-against-speculative-exe
> 
> You can check to see what is actually activated using the Powershell commands in the example at the bottom of the page.
> 
> Might explain the differences in performance.
> 
> Edit: Title sucks. Sorry long day of patching and rebooting..
> 
> Running Get-SpeculationControlSettings in Powshell will check for 1 of the 2 types of spectre bugs.
> 
> If you see Windows OS support for branch target injection mitigation is enabled: False you are not protected.
> 
> Running Install-Module SpeculationControl in Powershell will check for meltdown.
> 
> If you see Windows OS support for kernel VA shadow is enabled: False you are not protected though I think this shouldn't really happen.
> 
> Wait for updates to firmware, microcode, software, AV and check occasionally to make sure everything is true.
> 
> Meltdown is the one that affects Intel chips but I wouldn't play down Spectre. This is the one that should make us think long and hard before clicking on something for the foreseeable future.


And
https://twitter.com/never_released/status/948996493280731139

Skylake, Kabylake and Coffee Lake are not patched yet... they require microcode update...


----------



## doritos93

A new poster on LTT forums saying he's convinced of performance hit in CS:GO

https://linustechtips.com/main/topic/881785-games-are-affected-by-pkti-on-win-10/


----------



## Vlada011

Guys, dear enthusiasts, this is mess.
Best position are for some people who didn't invest huge money soon in their RIGs, but not to old that need soon update.
Because one bug is fixable with performance hit, confirmed in every situation and we will be surprised in next week because no one is aware how that affect future hardware but other is not fixable because problem is Intels Famous Old Core with Flaw.
They done everything to race with AMD with old Core and almost burned VRM Mosfet on X299 motherboards to offer better processors.
If you want upgrade you need to wait on both fix and that's new architecture.

This is worse possible scenarion for Intel and maybe they deserve because cripple processors and install cheap paste and something need to hit customers directy in head to experience 30% loss to figure out what happen on IT Market. Because for now, they ignore, before only few hours they blame others and defend Intel. This is NVIDIAs problem with GTX970 3.5GB x100.

For all smart people no upgrade before new next gen core with fix for all of these problems.
One bug drop performance after fix, other fixable only with new processors.

JUSTICE IS SLOW, INTEL SABOTAGE AMDs PERFORMANCE IN BENCHMARKS TEST IN PREVIOUS YEARS.


----------



## Dimaggio1103

Never been happier with my Ryzen purchase. I mean the CEO dumped his shares right before the news broke. Tells you everything you need to know. Can wait to see how Hardware Unboxed tries to spin this one.


----------



## cekim

Quote:


> Originally Posted by *Vlada011*
> 
> Guys, dear enthusiasts, this is mess.
> Best position are for some people who didn't invest huge money soon in their RIGs, but not to old that need soon update.
> ...
> For all smart people no upgrade before new next gen core with fix for all of these problems.
> One bug drop performance after fix, other fixable only with new processors.


1. it is good advice right this minute to "wait" to buy something new until the full scope of this and potential fixes are known.
2. It is similarly good advice to "wait" to panic and set your current rig on fire in your backyard out of spite...

We simply do not know enough right know to write off any given setup as junk, nor do we know any given setup is "immune" from any or all of it (so far the answer is nothing that has branch prediction is completely immune).

I say this as someone who's spent the afternoon patching everything that I can that is exposed to the software STD vector that is the internet at all times. My head is far from in the sand, but the truth is that there are always vulnerabilities out there (RowHammer anyone)? There are undoubtedly more of the NSA's handi-work or lack of disclosure that Snowden didn't leak out.

It's a nasty violent world out there. Choose your websites wisely. Make backups. Choose service providers with excellent theft/loss prevention policies. Understand and expect to be compromised and structure your existence accordingly because it was always and already the case.


----------



## cekim

Quote:


> Originally Posted by *Dimaggio1103*
> 
> Never been happier with my Ryzen purchase. I mean the CEO dumped his shares right before the news broke. Tells you everything you need to know. Can wait to see how Hardware Unboxed tries to spin this one.


Just don't let the smug cloud stop you from patching for those variants that hit Ryzen too...









If it turns out that Ryzen is as immune to the nastier of them, then that will factor into my server/public facing computer purchases. See above though - you are not safe, just maybe safer against portions (not all) of this specific exploit.

Never been more important to NOT fall for click-bait and to punish those middle-men who bring it to you for their ethical bypass by dumping their services...


----------



## superstition222

Quote:


> Originally Posted by *cekim*
> 
> 1. it is good advice right this minute to "wait" to buy something new until the full scope of this and potential fixes are known.


Not sure I agree. Zen prices might rise as a result of this. So, for someone strongly wanting to move to Zen now it may be best to buy sooner than later.


----------



## nanotm

Quote:


> Originally Posted by *superstition222*
> 
> Not sure I agree. Zen prices might rise as a result of this. So, for someone strongly wanting to move to Zen now it may be best to buy sooner than later.


zen prices jumped up 20% yesterday in a lot of stores in the UK anthill prices fell 10% earlier today when i was looking .....

wont make a difference for me though unless those ddr4 prices drop i wont be upgrading out of choice for quite some time (knew i should have bought back when it was only £140 for vengeance 32GB 3200 kit...) same kit now costs more than the new parts i would chuck into the build .....


----------



## cekim

Quote:


> Originally Posted by *superstition222*
> 
> Not sure I agree. Zen prices might rise as a result of this. So, for someone strongly wanting to move to Zen now it may be best to buy sooner than later.


Speculation is speculative...

I have to agree that the caution buying intel should be far greater than buying AMD right now, but keep in mind Zen is a new arch... There may yet be unknown exploits found there too along these lines now that bad people have a new avenue to explore.

It's a strange market that has all supply so tight that rumors cause giant price swings... but I have to concede your point... that is the absurdity in which we find ourselves.

I was about to add that this price bump has already likely happened, looks like the prior poster beat me to it...


----------



## superstition222

Quote:


> Originally Posted by *cekim*
> 
> I think we need a 2-pronged solution to this problem:
> 1. death penalty for intentional/malicious hacking. After due process of course, but drone strikes for the lot the bastages that have us at Defcon 2 all the time gaurding against this sort of thing.


That doesn't, in any way, solve the issue of spy vs. spy. One nation's crime is another's legitimate pursuance of "national interests". That can include many levels of grey, like quasi-governmental employees, quasi-governmental programs, and quasi-governmental contracts/agreements.

Unfortunately, very little is simple when it comes to spycraft and the various permutations of quasi-legal competition.

The best thing to pursue is a totally transparent and totally open platform from the ground up. That means every single chip has to be 100% transparent - absolutely no secrets from anyone. The same goes for the entirety of the OS. We need a mobile platform like this more than anything, instead of one controlled by massive corporations.


----------



## Vlada011

How they talk about KB4056892 Update.
I have installed that Update KB4056892. This Morning I saw that Cumulative Update for 1709.
But that's not fix for this problem. Guy talk about performance loss...

https://linustechtips.com/main/topic/881785-games-are-affected-by-pkti-on-win-10/

I can't compare games because for now I play only Left 4 Dead.
Cinebench, Geekbench, Firestrike, SSD, Memory Benchamarks are same as before KB4056892 Update.
We must know what is affected exactly.


----------



## superstition222

Quote:


> Originally Posted by *cekim*
> 
> Speculation is speculative...
> 
> I have to agree that the caution buying intel should be far greater than buying AMD right now, but keep in mind Zen is a new arch... There may yet be unknown exploits found there too along these lines now that bad people have a new avenue to explore.
> 
> It's a strange market that has all supply so tight that rumors cause giant price swings... but I have to concede your point... that is the absurdity in which we find ourselves.
> 
> I was about to add that this price bump has already likely happened, looks like the prior poster beat me to it...


There is a big difference between a severe known problem and lack of knowledge about some possible severe problem.

It's like saying "I'll drink liquid mercury voluntarily because there may be something really bad discovered in Pepsi some day. Pepsi is a much newer liquid than liquid mercury, when it comes to what science knows about it." That's a humorous example, of course.


----------



## cekim

y no secrets from anyone.[/quote]
Quote:


> Originally Posted by *superstition222*
> 
> That doesn't, in any way, solve the issue of spy vs. spy. One nation's crime is another's legitimate pursuance of "national interests". That can include many levels of grey, like quasi-governmental employees, quasi-governmental programs, and quasi-governmental contracts/agreements.
> 
> Unfortunately, very little is simple when it comes to spycraft.
> 
> The best thing to pursue is a totally transparent and totally open platform from the ground up. That means every single chip has to be 100% transparent - absolutely no secrets from anyone. The same goes for the entirety of the OS. We need a mobile platform like this more than anything, instead of one controlled by massive corporations.


I was being facetious... I agree... Though we don't treat identity theft as harshly as we should. Not even close. I'm far, far, far more concerned about the damage an identify thief can do it me and my loved ones than most crimes.

Transparency and/or Tort are the only real means of making it better. Shrink-Wrap licensing and corresponding legal precedent (broken) are harming Tort's ability to push the cost of defective products back on the producer of such defect.


----------



## cekim

Quote:


> Originally Posted by *superstition222*
> 
> It's like saying "I'll drink liquid mercury voluntarily because there may be something really bad discovered in Pepsi some day. Pepsi is a much newer liquid than liquid mercury, when it comes to what science knows about it." That's a humorous example, of course.


No, its not like that at all... It's like saying we haven't even cleared the embargo of some of this info (1/9), so its wildly premature to declare anything immune when we've had dribs and drabs of data implicating every major brand and type of processor so far... intel, amd, arm, power, etc... All in there to one degree or another.

We still don't even have good data on how the Intel fixes actually perform in the real-world. Some reports show it small for games and render, but there's questions as to whether they had all of the patches (see embargo).


----------



## superstition222

Quote:


> Originally Posted by *cekim*
> 
> No, its not like that at all... It's like saying we haven't even cleared the embargo of some of this info (1/9), so its wildly premature to declare anything immune when we've had dribs and drabs of data implicating every major brand and type of processor so far... intel, amd, arm, power, etc... All in there to one degree or another.
> 
> We still don't even have good data on how the Intel fixes actually perform in the real-world. Some reports show it small for games and render, but there's questions as to whether they had all of the patches (see embargo).


You're talking about a different set of factors than what my post is predicated upon.


----------



## tpi2007

Microsoft is saying here that the Windows security updates are not enough to get the best protection and that CPU microcode / firmware is also needed, although that's of course not up to them, except for the Surface, which they do note.

https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in
Quote:


> Warning
> 
> Customers who only install the Windows January 2018 security updates will not receive the benefit of all known protections against the vulnerabilities. In addition to installing the January security updates, a processor microcode, or firmware, update is required. This should be available through your device manufacturer.
> 
> Note Surface customers will receive a microcode update via Windows update.


Now, the question is, how far back will Intel go? In here they state the following:
Quote:


> Intel has already issued updates for the majority of processor products introduced within the past five years. By the end of next week, Intel expects to have issued updates for more than 90 percent of processor products introduced within the past five years.


https://newsroom.intel.com/news-releases/intel-issues-updates-protect-systems-security-exploits/

5 years only goes back to 2013, meaning Haswell. If Intel is even thinking of leaving Sandy Bridge and Ivy Bridge users out of support, I've got a few harsh words for them.

On a related note, given the incomplete scenario of missing microcode, doing benchmarks right now will probably be inconclusive.

I have already applied the patch to Windows 7 64-bit and all of the benchmarks I've done show less than a 2% variation. On-line gaming should prove interesting as someone linked to.


----------



## jmcosta

The performance impact seems to be minimal in gaming and everyday programs


----------



## superstition222

Quote:


> Originally Posted by *jmcosta*
> 
> The performance impact seems to be minimal in gaming and everyday programs


Enterprise and many prosumers use things like databases every day.
Quote:


> Originally Posted by *tpi2007*
> 
> Now, the question is, how far back will Intel go? In here they state the following:
> https://newsroom.intel.com/news-releases/intel-issues-updates-protect-systems-security-exploits/
> 
> 5 years only goes back to 2013, meaning Haswell. If Intel is even thinking of leaving Sandy Bridge and Ivy Bridge users out of support, I've got a few harsh words for them.


They might reply with "Enjoy the polymer TIM."


----------



## aweir

CNN Money rubbing Intel's belly by stating that "this is not an Intel chip problem" but a serious overal chip maker design problem. Also they state that Intel is working with AMD to fix the problem.

Why does AMD have to be dragged through the mud too? They are not part of this problem, not vulnerable to any of the flaws unless running a non-standard kernel in Linux.

http://money.cnn.com/2018/01/04/technology/spectre-meltdown-cpu-flaws-explainer/index.html


----------



## tpi2007

Quote:


> Originally Posted by *superstition222*
> 
> They might reply with "Enjoy the polymer TIM."


I've got an Ivy Bridge Xeon hexacore upgrade I still haven't installed, so if they say 5 years, it's supposedly covered, as Ivy Bridge-E and the corresponding Xeons were released in the second half of 2013. But that would only exacerbate the ridiculousness of leaving mainstream Ivy Bridge out of support as it's the same architecture, and by extension, Sandy Bridge, that runs on the same platforms. Not to mention that they are perfectly good CPUs and throwing them away would be planned obsolescence and not very environmentally friendly.


----------



## cekim

Quote:


> Originally Posted by *aweir*
> 
> CNN Money rubbing Intel's belly by stating that "this is not an Intel chip problem" but a serious overal chip maker design problem. Also they state that Intel is working with AMD to fix the problem.
> 
> Why does AMD have to be dragged through the mud too? They are not part of this problem, not vulnerable to any of the flaws unless running a non-standard kernel in Linux.
> 
> http://money.cnn.com/2018/01/04/technology/spectre-meltdown-cpu-flaws-explainer/index.html


CNN still exists? The Onion has more reliable reporting.... and it at least isn't TRYING to deceive people lol.

FWIW - AMD is NOT immune to all the issues bubbling out - only - so far - the worst one in terms of mitigation.

There is a tiny nugget of truth to CNN's assertion. The underlying flaw here is deeply rooted in processor architecture of the past decade. ARM, AMD, and Power are all patching...


----------



## Raven.7

Quote:


> Originally Posted by *cekim*
> 
> CNN still exists? The Onion has more reliable reporting.... and it at least isn't TRYING to deceive people lol.
> 
> FWIW - AMD is NOT immune to all the issus bubbling out - only - so far - the worst one in terms of mitigation.
> 
> There is a tiny nugget of truth to CNN's assertion. The underlying flaw here is deeply rooted in processor architecture of the past decade. ARM, AMD, and Power are all patching...


haha woew ur so edgy fake news!!! MAGA hahahah


----------



## tashcz

Could someone please tell me what AMD *isn't* immune to, since all of this is a huge mess. I can't find info on whether I need to do something with my FX system, and worse to worse, I'm on Win8.1.


----------



## cekim

Quote:


> Originally Posted by *tashcz*
> 
> Could someone please tell me what AMD *isn't* immune to, since all of this is a huge mess. I can't find info on whether I need to do something with my FX system, and worse to worse, I'm on Win8.1.


Here is what AMD has to say:
https://www.amd.com/en/corporate/speculative-execution


----------



## tashcz

"Near zero risk" and "Negligible performance impact expected" on second and third vulnerability. Really precise


----------



## cekim

Quote:


> Originally Posted by *tashcz*
> 
> "Near zero risk" and "Negligible performance impact expected" on second and third vulnerability. Really precise


chuckle - hence caution for the moment....


----------



## Kalpa

Quick summary, again, for newcomers.

Meltdown = Intel CPU issue. About to be/already patched with software. Microcode patch not possible.

Spectre = Deep-lying architectural design problem affecting most all CPUS developed within past 20 years. No fix. Hopefully a big change in design philosophy for future chips will take place following this.

Neither flaw is really an issue for your standard home user. A super big industry problem though.


----------



## orlfman

Quote:


> Originally Posted by *tashcz*
> 
> Could someone please tell me what AMD *isn't* immune to, since all of this is a huge mess. I can't find info on whether I need to do something with my FX system, and worse to worse, I'm on Win8.1.


it comes down to architecture differences. intel uses a more aggressive speculative out of order process design in their architecture than amd that opens them up to the meltdown exploit (variant 3). current way to exploit meltdown so far doesn't work on amd processors due to their architecture design with out of order processing. amd design is just not susceptible to it. all processors that utilize speculative out of order are open to an attack based on the spectre variant's though, but amd is more harden against variant 2 of spectre and equally as vulnerable to variant 1 of spectre as intel and the rest. metldown so far has been nearly exclusive to intel with a few arm processors.


----------



## tpi2007

Quote:


> Originally Posted by *tashcz*
> 
> Could someone please tell me what AMD *isn't* immune to, since all of this is a huge mess. I can't find info on whether I need to do something with my FX system, *and worse to worse, I'm on Win8.1*.


Not really. Microsoft has already released the patches for both Windows 7 and 8.1 and also IE 11.

Here are all the links:
Quote:


> Originally Posted by *tpi2007*
> 
> For those that missed it, here are the patches for Windows 7 and 8.1. And also, the patches for IE 11 for these two OSes.
> 
> Windows 7:
> 
> Patches for all Windows 7 and Windows Server 2008 R2 SP1 versions: https://www.catalog.update.microsoft.com/Search.aspx?q=KB4056897
> 
> Associated article: https://support.microsoft.com/en-us/help/4056897/windows-7-update-kb4056897
> 
> Windows 8.1:
> 
> Patches for all Windows 8.1 and Windows Server 2012 R2 Standard versions: https://www.catalog.update.microsoft.com/Search.aspx?q=KB4056898
> 
> Associated article: https://support.microsoft.com/en-us/help/4056898/windows-81-update-kb4056898
> 
> IE 11 Cumulative security update for all versions of Windows 7, 8.1, Windows Server 2008 R2 SP1 and 2012 R2: https://www.catalog.update.microsoft.com/search.aspx?q=kb4056568
> 
> Associated article: https://support.microsoft.com/en-ie/help/4056568/cumulative-security-update-for-internet-explorer


Also, make sure your Anti-virus is ready.

Here:
Quote:


> Originally Posted by *tpi2007*
> 
> Here's an article with useful links: https://www.theverge.com/2018/1/4/16848976/how-to-protect-windows-pc-meltdown-security-flaw
> 
> Among them it links to this useful list being compiled by security experts on what Anti-virus solutions are ready for the patches. It's being updated.
> 
> For now, Microsoft, Kaspersky, ESET, Symantec Endpoint Protection, Avast and F-Secure are ready to go; the others are working on it.


Edit: Avira, EMSI and Malwarebytes are now ready too.


----------



## tpi2007

tashcz and others who might be interested, I don't know if you caught my edit at the end of the previous post related to the Anti-virus programs.

Make sure that your specific Anti-virus is ready and updated before applying the patch or there could be a stop error.


----------



## tashcz

Updated right now, I'm just using win8.1 integrated security. I'll report back if there's an impact on performance. Will this do for now?


----------



## tpi2007

Quote:


> Originally Posted by *tashcz*
> 
> Updated right now, I'm just using win8.1 integrated security. I'll report back if there's an impact on performance. Will this do for now?


Yes, we're all on the same boat.

Microcode updates will come later as they have to go through motherboard and device vendors (let's see what kind of job and what platforms they decide to release patches for).

As to web browsers, IE 11 with the update I linked to above should provide some mitigation, the same with the last Chrome (although I think you have to manually activate the additional protection), and the latest Firefox, which applies mitigations automatically. From what I read the mitigations IE 11 and Firefox have are similar in nature.

Having noscript on your web browser and only allowing the stuff you need is more essential than ever.

As to using cloud services, since there is no way to say if an attack using these exploits has been carried away as it leaves no traces, I would advise caution when using on-line password managers and doing on-line shopping with stores that have yet to install the updates. If they use Amazon AWS or Microsoft Azure servers, they're probably good now (as good as can be anyway), but check first.

In general, I wouldn't be surprised to see recommendations to change all passwords to on-line accounts once the servers are updated since we don't know if they have been accessed by malicious third parties in the meantime.


----------



## cekim

Quote:


> Originally Posted by *tpi2007*
> 
> As to web browsers, IE 11 with the update I linked to above should provide some mitigation, the same with the last Chrome (although I think you have to manually activate the additional protection), and the latest Firefox, which applies mitigations automatically. From what I read the mitigations IE 11 and Firefox have are similar in nature.
> 
> Having noscript on your web browser and only allowing the stuff you need is more essential than ever.
> 
> As to using cloud services, since there is no way to say if an attack using these exploits has been carried away as it leaves no traces, I would advise caution when using on-line password managers and doing on-line shopping with stores that have yet to install the updates. If they use Amazon or Microsoft Azure servers, they're probably good now (as good as can be anyway), but check first.
> 
> In general, I wouldn't be surprised to see recommendations to change all passwords to on-line accounts once the servers are updated since we don't know if they have been accessed in the meantime.


Google says this:
https://support.google.com/faqs/answer/7622138#chrome
Quote:


> Originally Posted by *Google*
> Current stable versions of Chrome include an optional feature called Site Isolation which can be enabled to provide mitigation by isolating websites into separate address spaces. Learn more about Site Isolation and how to take action to enable it.
> 
> Chrome 64, due to be released on January 23, will contain mitigations to protect against exploitation.


----------



## tpi2007

Quote:


> Originally Posted by *cekim*
> 
> Google says this:
> https://support.google.com/faqs/answer/7622138#chrome
> Quote:
> 
> 
> 
> Originally Posted by *Google*
> Current stable versions of Chrome include an optional feature called Site Isolation which can be enabled to provide mitigation by isolating websites into separate address spaces. Learn more about Site Isolation and how to take action to enable it.
> 
> Chrome 64, due to be released on January 23, will contain mitigations to protect against exploitation.
Click to expand...

Yes, it's exactly that one I was talking about.


----------



## cekim

Quote:


> Originally Posted by *tpi2007*
> 
> Yes, it's exactly that one I was talking about.


Flicked that puppy on like I was a hippo stamping out a fire...


----------



## tashcz

Applied the patch.

As far as performance goes, for some reason (don't know if it's the patch) my Passmark's CPU physics test gets a bit lower score, but the overall is the same, around 10900.

Cinebench wise, I'm even getting 1 to 2 points more on multicore benchmark.

Gotta say so far no impact on AMD FX. But regarding AWS, as I'm somewhere between a software engineer/devops/sys-net admin, I gotta use AWS as it's a requirement and I do have active EC2's. I'm gonna update my kernels but the rest is on Amazon's.


----------



## tpi2007

Quote:


> Originally Posted by *cekim*
> 
> Quote:
> 
> 
> 
> Originally Posted by *tpi2007*
> 
> Yes, it's exactly that one I was talking about.
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> Flicked that puppy on like I was a hippo stamping out a fire...
Click to expand...

Haha, it's been hectic these past few hours.

This article does a good summary: https://www.anandtech.com/Show/Index/12214?cPage=2&all=False&sort=0&page=1&slug=understanding-meltdown-and-spectre

Also confirms my impression so far that we still don't know much about Spectre, to the point that it almost seems like FUD.

Quote:


> Originally Posted by *tashcz*
> 
> Applied the patch.
> 
> As far as performance goes, for some reason (don't know if it's the patch) my Passmark's CPU physics test gets a bit lower score, but the overall is the same, around 10900.
> 
> Cinebench wise, I'm even getting 1 to 2 points more on multicore benchmark.
> 
> Gotta say so far no impact on AMD FX. But regarding AWS, as I'm somewhere between a software engineer/devops/sys-net admin, I gotta use AWS as it's a requirement and I do have active EC2's. I'm gonna update my kernels but the rest is on Amazon's.


Funnily enough, the same happened when I ran Cinebench R15. It's by a very, very small margin, 3 points more on the first run and 1 point more on the second, but it's the highest score I have ever managed.


----------



## Echoa

Quote:


> Originally Posted by *tpi2007*
> 
> Haha, it's been hectic these past few hours.
> 
> This article does a good summary: https://www.anandtech.com/Show/Index/12214?cPage=2&all=False&sort=0&page=1&slug=understanding-meltdown-and-spectre
> 
> Also confirms my impression so far that we still don't know much about Spectre, to the point that it almost seems like FUD.
> Funnily enough, the same happened when I ran Cinebench R15. It's by a very, very small margin, 3 points more on the first run and 1 point more on the second, but it's the highest score I have ever managed.


I think alot of the "my benchmarks" stuff should be kept to a minimum if it's within margin of error. Dropping or gaining a few points here and there mostly means nothing. I doubt any of these patches will have a large effect on gamers or all but the most Extreme users and database/context switch heavy situations


----------



## tpi2007

Quote:


> Originally Posted by *Echoa*
> 
> I think alot of the "my benchmarks" stuff should be kept to a minimum if it's within margin of error. Dropping or gaining a few points here and there mostly means nothing. I doubt any of these patches will have a large effect on gamers or all but the most Extreme users and database/context switch heavy situations


Yeah, agreed, I did a bunch of consumer type benchmarks before and after and in a previous post opted to just say it was within a less than 2% variation, not worthwhile going into specifics.

The Cinebench R15 was the oddball of them all because it was the only one that improved in performance, albeit by an insignificant amount in the grand scheme of things, so when tashcz mentioned it, I figured I'd add to it. Take it as a sort of comic relief.









Anyway, as I said previously, we still don't have the CPU microcode / firmware patches, so doing benchmarks now may not show the full picture when it comes to performance loss.


----------



## randomizer

Intel made a press release stating that they have released patches which make recent processors immune to Spectre. That's quite surprising given that according to everyone else it can't be fixed.

https://newsroom.intel.com/news-releases/intel-issues-updates-protect-systems-security-exploits/


----------



## orlfman

Quote:


> Originally Posted by *tashcz*
> 
> Applied the patch.
> 
> As far as performance goes, for some reason (don't know if it's the patch) my Passmark's CPU physics test gets a bit lower score, but the overall is the same, around 10900.
> 
> Cinebench wise, I'm even getting 1 to 2 points more on multicore benchmark.
> 
> Gotta say so far no impact on AMD FX. But regarding AWS, as I'm somewhere between a software engineer/devops/sys-net admin, I gotta use AWS as it's a requirement and I do have active EC2's. I'm gonna update my kernels but the rest is on Amazon's.


well you have a bulldozer processor. bulldozer isn't affected by the patch. bulldozer isn't affected by meltdown. the patch doesn't apply to you. meltdown, and its patch only applies to intel.


----------



## tpi2007

Quote:


> Originally Posted by *randomizer*
> 
> Intel made a press release stating that they have released patches which make recent processors immune to Spectre. That's quite surprising given that according to everyone else it can't be fixed.
> 
> https://newsroom.intel.com/news-releases/intel-issues-updates-protect-systems-security-exploits/


Yeah, considering that we still don't know much about Spectre, I don't even know what to think of that allegation. We need more info.

My guess is that the people who found out about it are probably waiting until patches are deployed, at least in servers, before sharing more information.

On a related note, Mozilla has just released Firefox 57.0.4 with the first set of mitigations:

https://www.mozilla.org/en-US/firefox/57.0.4/releasenotes/
Quote:


> Description
> 
> Jann Horn of Google Project Zero Security reported that speculative execution performed by modern CPUs could leak information through a timing side-channel attack. Microsoft Vulnerability Research extended this attack to browser JavaScript engines and demonstrated that code on a malicious web page could read data from other web sites (violating the same-origin policy) or private data from the browser itself.
> 
> Since this new class of attacks involves measuring precise time intervals, as a partial, short-term, mitigation we are disabling or reducing the precision of several time sources in Firefox. The precision of performance.now() has been reduced from 5μs to 20μs, and the SharedArrayBuffer feature has been disabled because it can be used to construct a high-resolution timer.
> Quote:
> 
> 
> 
> SharedArrayBuffer is already disabled in Firefox 52 ESR.
Click to expand...


----------



## orlfman

Quote:


> Originally Posted by *randomizer*
> 
> Intel made a press release stating that they have released patches which make recent processors immune to Spectre. That's quite surprising given that according to everyone else it can't be fixed.
> 
> https://newsroom.intel.com/news-releases/intel-issues-updates-protect-systems-security-exploits/


variant 1 of spectre can be patched. variant 2 is the one that apparently cannot be patched. only software developers can harden their own software to help reduce the chance of possible variant 2 of spectre being exploited. if intel is claiming they can patch variant 2 of spectre then that is pretty surprising. if they mean variant 1 well that's nothing to be surprised about. varaint 3, which is meltdown is already "patched" with the mitigation patch. only real way to fix that is redesigning out of order processing on the architecture level. the patch just mitigates it. still possible to exploit just now harder to. but intel is intel. maybe their billions can fully patch both variants of spectre.


----------



## cekim

Got curious - so here is what I see today with linux and sqlite3 on Haswell Xeon:

Short version: sqlite usage - read/query is a little slower - write performance has been decimated (well, it takes 2x longer to write the same DB)

Quite a bit worse than I expected/hoped for... I hope an alternate solution is found...

EDIT: BUT - if a make it a single transaction with 5M rows vs 5M row inserts, then the slowdown goes away... So, choose very, very wisely...

Test:
- 1. insert 5M rows x 7 columns into new sqlite3 DB with brute-force C/C++ generated cmd file
186M db results...
- 2. query(ies) that requires multiple full table walks:
select sum(a)+sum(b) from test_table;
... (and so on)
select sum(f)+sum(g) from test_table;

Machines:
CentOS 7, sqlite3 3.7.17, Samsung SSD primary drive - all tests run on local SSD partition

A: E5-2696v3 - 64G DDR4 Taichi x99
Starting kernel: 3.10.0-514.26.2.el7.x86_6
Starting uCode: 0x39

B: E5-2696v3 - 64G DDR4 Taichi x99
Starting kernel: 3.10.0-514.10.2.el7.x86_64
Starting uCode: 0x39

After update to latest 3.x which RedHat pushed out in response to these issues (though I'm still fuzzy on whether they consider them 100% resolved?):
Kernel: 3.10.0-693.11.6.el7.x86_64
uCode: 0x3b

1. Insertion: rm -rf new_db.sql ; time sqlite3 new_db.sql < insert.cmd
(BTW - wrapping those 5M rows in BEGIN/COMMIT speeds things up of course - ~24s vs ~1m50s - but this is an apples:apples test not an sqlite optimization)

2. Query: time sqlite3 new_db.sql < query.cmd

Before kernel update:

Code:



Code:


1. Insertion:
A: (4 runs of the same command - looking for cache variations/effects)
47.372u 61.433s 1:49.60 99.2%   0+0k 0+382400io 0pf+0w
47.753u 62.146s 1:50.69 99.2%   0+0k 0+382592io 0pf+0w
48.455u 61.458s 1:50.71 99.2%   0+0k 0+381632io 0pf+0w
47.361u 61.877s 1:50.04 99.2%   0+0k 0+382400io 0pf+0w
Avg: 1m50.35s

B:
46.551u 60.348s 1:47.68 99.2%   0+0k 0+383168io 0pf+0w
46.543u 58.839s 1:46.17 99.2%   0+0k 0+383552io 0pf+0w
45.935u 59.590s 1:46.31 99.2%   0+0k 0+383552io 0pf+0w
46.912u 59.019s 1:46.72 99.2%   0+0k 0+383552io 0pf+0w
Avg:  1m46.72s

2. Query:
A:
4.513u 0.202s 0:04.71 100.0%    0+0k 0+0io 0pf+0w
4.489u 0.219s 0:04.70 99.7%     0+0k 0+0io 0pf+0w
4.488u 0.230s 0:04.71 100.0%    0+0k 0+0io 0pf+0w
4.476u 0.240s 0:04.71 100.0%    0+0k 0+0io 0pf+0w

B:
4.500u 0.193s 0:04.69 100.0%    0+0k 0+0io 0pf+0w
4.498u 0.205s 0:04.70 99.7%     0+0k 0+0io 0pf+0w
4.510u 0.195s 0:04.70 100.0%    0+0k 0+0io 0pf+0w
4.506u 0.208s 0:04.71 99.7%     0+0k 0+0io 0pf+0w

After (only machine A so far):

Code:



Code:


1. Insertion:
65.029u 154.736s 3:40.65 99.5%  0+0k 0+387776io 0pf+0w
65.711u 155.040s 3:41.62 99.6%  0+0k 0+387584io 0pf+0w
63.165u 155.934s 3:40.00 99.5%  0+0k 0+387584io 0pf+0w
66.011u 153.581s 3:40.48 99.5%  0+0k 0+387584io 0pf+0w
Avg: 3m40.69s

2. Query:
4.674u 0.291s 0:04.96 100.0%    0+0k 8+0io 0pf+0w
4.681u 0.269s 0:04.95 99.7%     0+0k 0+0io 0pf+0w
4.514u 0.292s 0:04.80 100.0%    0+0k 0+0io 0pf+0w
4.534u 0.277s 0:04.81 99.7%     0+0k 0+0io 0pf+0w

Write Performance:
5M individual row writes
110.35s vs 220.68s = 99.998% slow down = write time doubled...

EDIT:
1 transaction with 5M writes:
24s vs 23.68s = same speed...

If the 5M rows are inserted as a single transaction, then the write penalty is gone... So, it seems we are back to olden-days when one has to think very carefully about write I/O...









Read Performance:
4.7s vs 4.88 = 3.66% slowdown

Comparing old/new as a single 5M row transaction (vs 5M single row transactions):

Code:



Code:


old:
23.295u 0.199s 0:23.49 99.9%    0+0k 0+380160io 0pf+0w
23.803u 0.181s 0:23.98 100.0%   0+0k 0+380288io 0pf+0w
24.273u 0.202s 0:24.47 100.0%   0+0k 0+380160io 0pf+0w
23.736u 0.196s 0:23.93 99.9%    0+0k 0+380160io 0pf+0w

new:
23.226u 0.454s 0:23.68 99.9%    0+0k 0+380160io 0pf+0w
23.032u 0.407s 0:23.44 99.9%    0+0k 0+380160io 0pf+0w
23.076u 0.382s 0:23.46 99.9%    0+0k 0+380160io 0pf+0w
23.121u 0.410s 0:23.53 100.0%   0+0k 0+380160io 0pf+0w

Test code if your interested:


Spoiler: Warning: Spoiler!



1. generate output:
compiled with
g++ out.cc -o out
run with:
./out 5000000 > insert.cmd
Then run sqlite3:
time sqlite3 new_db.sql < insert.cmd

Code:



Code:


#include <stdio.h>
#include <stdlib.h>
int main(int argc, char **argv)
{
  int row_count=1000000;
  if(argc > 1) {
    row_count = strtol(argv[1],NULL,10);
  }  
  // some typical optimizations... 
  printf("PRAGMA page_size=32768; PRAGMA temp_store = 2; PRAGMA synchronous = OFF; PRAGMA journal_mode = OFF; PRAGMA count_changes = OFF; PRAGMA cach
e_size=256; PRAGMA read_uncommitted=True;\n");

  // create the table
  printf("create table test_table(a int, b int, c int, d int, e int, f int, g int);\n");

  // optionally make this a single transaction
  //printf("BEGIN TRANSACTION;\n");

  // create the contents
  for(int i=0;i<row_count;i++) {
    printf("insert into test_table(a,b,c,d,e,f,g) values(%d,%d,%d,%d,%d,%d,%d);\n",i,i*2,i*3,i*4,i*5,i*6,i*7);
  }

  // optionally make this a single transaction
  //printf("COMMIT;\n");

  // tell sqlite3 to quit
  printf(".quit\n");

  // all done here
  exit(0);
}

query:
run with
time sqlite3 new_db.sql < query.cmd

Code:



Code:


select sum(a)+sum(b) from test_table;
select sum(b)+sum(c) from test_table;
select sum(c)+sum(d) from test_table;
select sum(d)+sum(e) from test_table;
select sum(e)+sum(f) from test_table;
select sum(f)+sum(g) from test_table;
.quit


----------



## Blameless

Quote:


> Originally Posted by *guttheslayer*
> 
> Intel openly admit they have been using the same exact architecture for the past 10 years.
> 
> Kudo to their anti innovation


Not exactly the same, but it's certainly true that there haven't been many _revolutionary_ changes.

A Coffee Lake core, at it's heart, is recognizably similar to the P6 architecture that made it's debut in the Pentium Pro back in 1995...twenty-two years ago. Things have evolved a lot since then, but Intel hasn't built an x86 CPU micro-architecture from the ground up since NetBurst (15 years ago), which was a dead end.

In all fairness, they haven't had to...the scalability of P6 and it's successors has been amazing, and only with Zen has it faced serious competition.


----------



## cekim

Quote:


> Originally Posted by *Blameless*
> 
> Not exactly the same, but it's certainly true that there haven't been many _revolutionary_ changes.
> 
> A Coffee Lake core, at it's heart, is recognizably similar to the P6 architecture that made it's debut in the Pentium Pro back in 1995...twenty-two years ago. Things have evolved a lot since then, but Intel hasn't built an x86 CPU micro-architecture from the ground up since NetBurst (15 years ago), which was a dead end.
> 
> In all fairness, they haven't had to...the scalability of P6 and it's successors has been amazing, and only with Zen has it faced serious competition.


and its not like alpha/DEC, power/IBM/Moto, arm/ARM, mips, transmeta, et al. didn't try either...

The design constraint of backwards compatibility is a strangle on innovation even if they had needed to.


----------



## Panzerfury

Asus just released a BIOS for their Z370 Gaming F. It says BIOS 0606 (04-01-2018).
ROG STRIX Z370-F GAMING BIOS 0606
"1. Update CPU Microcode

2. Improve system compatibility and stability "

I guess this is the patch for the intel CPU ?


----------



## GeneO

Quote:


> Originally Posted by *Panzerfury*
> 
> Asus just released a BIOS for their Z370 Gaming F. It says BIOS 0606 (04-01-2018).
> ROG STRIX Z370-F GAMING BIOS 0606
> "1. Update CPU Microcode
> 
> 2. Improve system compatibility and stability "
> 
> I guess this is the patch for the intel CPU ?


Or not.


----------



## Panzerfury

Quote:


> Originally Posted by *GeneO*
> 
> Or not.


Well, that was a long and elaborative answer as to why you don't think it is.

"Update CPU Microcode". Wasn't that one of the requirements to close one of the vulnerabilities?


----------



## tpi2007

Here's an article that provides some good info and also a little twist at the end:

https://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/

Quote:


> Finally, if you are of the opinion that us media types are being hysterical about this design blunder, check this out: CERT recommends throwing away your CPU and buying an non-vulnerable one to truly fix the issue. ®
> 
> *Updated to add*
> 
> CERT has downgraded its advice from "replace CPU" to "apply updates."


They probably figured out that the aliens can't manufacture those unobtainium CPUs fast enough to replace all.


----------



## GeneO

Quote:


> Originally Posted by *Panzerfury*
> 
> Well, that was a long and elaborative answer as to why you don't think it is.
> 
> "Update CPU Microcode". Wasn't that one of the requirements to close one of the vulnerabilities?


There is no microcode fix for Meltdown. There won't be any this quickly for Spectre. It has been discussed.


----------



## Panzerfury

Quote:


> Originally Posted by *GeneO*
> 
> There is no microcode fix for Meltdown. There won't be any this quickly for Spectre. It has been discussed.


I see. You could just have said that.


----------



## GeneO

Quote:


> Originally Posted by *Panzerfury*
> 
> I see. You could just have said that.


It has been discussed, you could have read too.

BTW, microcode patches can be delivered through Windows update (if that is your OS), so there would be no need for a BIOS update - Intel/Microsoft would deliver it via Windows update.


----------



## cekim

Eager to see the example exploit to understand why it could not be mitigated in the OS ineligant, but effective page fault handlers that detected an attempt to read kernel memory from user space and cleared resources as required. I have to assume that there must be some nuance we haven't been told or I have not read that would make that not sufficient (i.e. speculative code in question was able to not only read the state, but save it some where non-deterministic).

For now, from mine and other benchmarks, it appears the effect is lumpy (not much on read, nominal to severe on write depending), so I'm going to isolate machines that need to perform and back them out to pre-patch and patch the daylights out of outward facing machines...


----------



## superstition222

Quote:


> Originally Posted by *GeneO*
> 
> BTW, microcode patches can be delivered through Windows update (if that is your OS), so there would be no need for a BIOS update - Intel/Microsoft would deliver it via Windows update.


Not a fan, at all, of this type of deployment.

Low-level vulnerabilities should be fixed with BIOS patches whenever possible, not kludgy OS-level patching.

The only time for an OS-level patch is when it can't be done in BIOS.


----------



## cekim

Quote:


> Originally Posted by *superstition222*
> 
> Not a fan, at all, of this type of deployment.
> 
> Low-level vulnerabilities should be fixed with BIOS patches whenever possible, not kludgy OS-level patching.
> 
> The only time for an OS-level patch is when it can't be done in BIOS.


It only matters if there is a chance of instability or exploit between boot and patch... it's usually part of the earliest boot-strap of the OS after the boot-loader, so... not a serious concern whether it happens in the BIOS or OS.

Linux updates the uCode too...


----------



## cekim

hmmm, nopti and pti=off kernel args, don't seem to take you back to pre-hack, er work-around, er, patch performance...

Looks like you also need to avoid the uCode as well? Will have to test that tomorrow.


----------



## superstition222

Quote:


> Originally Posted by *cekim*
> 
> It only matters if there is a chance of instability or exploit between boot and patch... it's usually part of the earliest boot-strap of the OS after the boot-loader, so... not a serious concern whether it happens in the BIOS or OS.
> 
> Linux updates the uCode too...


No. When BIOS is patched then the problem is patched, regardless of OS. It's fundamentally inefficient to require every OS maker to issue individual patches and for users to worry about whether or not the patch is in the version of the OS they're using. And... having to worry about the quality of the patching.

Patching the problem _once_ makes sense. It also patches it at a lower level which is better for security in the first place.

Patching BIOS also evades the tactic of OS vendors force-feeding people update code they don't want (combined updates) by being held hostage to the code they need. It avoids force-feeding people versions of operating systems they don't want because the patches are withheld from older versions that would otherwise run normally on the CPUs. It places the responsibility where it belongs - on the CPU maker, to issue the microcode, rather than on operating system vendors who may be less interested in supporting the CPUs well.

Having every OS be patched individually is kludge to the extreme in any situation where BIOS can be patched instead.

Fundamental flaws in CPUs that can be fixed with microcode/BIOS need to be fixed there. After that, any additional OS-level mitigation can/should occur if necessary.


----------



## randomizer

Quote:


> Originally Posted by *superstition222*
> 
> It's fundamentally inefficient to require every OS maker to issue individual patches and for users to worry about whether or not the patch is in the version of the OS they're using.


Better than waiting for a BIOS update that may never come. Or, for that matter, assuming that more than a tiny fraction of users will actually update their BIOS.


----------



## GeneO

Quote:


> Originally Posted by *superstition222*
> 
> Not a fan, at all, of this type of deployment.
> 
> Low-level vulnerabilities should be fixed with BIOS patches whenever possible, not kludgy OS-level patching.
> 
> The only time for an OS-level patch is when it can't be done in BIOS.


While I agree and I would personally deploy it through BIOS (if my Motherboard manufacturer would even supply a fix for Z87, which is a big if - so I would probably have to mod the BIOS), most computer owners are not savvy enough to do that, so Wintel would deploy it from automatic OS updates for that reason.


----------



## superstition222

Quote:


> Originally Posted by *randomizer*
> 
> Better than waiting for a BIOS update that may never come.


This strikes me as fallacious reasoning.
Quote:


> Originally Posted by *GeneO*
> 
> While I agree and I would personally deploy it through BIOS (if my Motherboard manufacturer would even supply a fix for Z87, which is a big if - so I would probably have to mod the BIOS), most computer owners are not savvy enough to do that, so Wintel would deploy it from automatic OS updates for that reason.


Quote:


> Originally Posted by *randomizer*
> 
> Or, for that matter, assuming that more than a tiny fraction of users will actually update their BIOS.


It sounds like you prefer the Mac platform, then. You automatically get BIOS updates with security patches.

Stupidity/incompetence/laziness on the part of Joe and Sally Schmoe aren't a good enough reason to kludge important security patches, patches that belong at the lowest level possible.

At most, all you guys are arguing for is redundant patching. BIOS patching and OS-level patching that kicks in for the Joe and Sally incompetence.


----------



## tpi2007

Quote:


> The legal ramifications of these developments could be troublesome. The Law Offices of Howard G. Smith has already announced an investigation on behalf of Intel Corporation investors, and there will likely be more similar developments in the coming weeks. Intel has a history of establishing a reserve to cover pending large-scale hardware replacements, but the company has not disclosed a new fund to deal with the vulnerabilities. The company has also stated that it does not expect any impact to its business.
> 
> Intel's statement on the matter specifically says that the exploits are not caused by a "bug" or a "flaw" that is unique to Intel products. Intel also noted that the exploits can "gather sensitive data from computing devices that are operating as designed." These statements likely indicate Intel will defend any potential claims because "the hardware is working correctly." Depending on when these vulnerabilities became known (*some claim that Meltdown-type attacks have been a known entity since 2010*), these points may be challenged in court. ARM and other vendors may also face similar challenges.


http://www.tomshardware.com/news/meltdown-spectre-exploits-intel-amd-arm-nvidia,36219.html

Interesting.


----------



## randomizer

Quote:


> Originally Posted by *superstition222*
> 
> This strikes me as fallacious reasoning.


I don't see why. I'm not going to get a BIOS update, so I need an OS update. An OS update is certainly better than nothing.
Quote:


> Originally Posted by *superstition222*
> 
> At most, all you guys are arguing for is redundant patching. BIOS patching and OS-level patching that kicks in for the Joe and Sally incompetence.


I am arguing for widespread patching. This is a serious problem that needs a seriously fast mitigation on a seriously large scale. If some board manufacturers want to do a BIOS/UEFI patch that's fine, but it's not a practical deployment option because it requires every device to be manually updated. There are billions of them, and many aren't even supported anymore.


----------



## GeneO

Quote:


> Originally Posted by *superstition222*
> 
> This strikes me as fallacious reasoning.
> 
> It sounds like you prefer the Mac platform, then. You automatically get BIOS updates with security patches.
> 
> Stupidity/incompetence/laziness on the part of Joe and Sally Schmoe aren't a good enough reason to kludge important security patches, patches that belong at the lowest level possible.
> 
> At most, all you guys are arguing for is redundant patching. BIOS patching and OS-level patching that kicks in for the Joe and Sally incompetence.


Why in the world would you say I would prefer the Mac platform? I am just telling it like it is. Joe and Sally wouldn't have a clue how to do this, and saying they are incompetent or stupid because of that is just plain silly.


----------



## tpi2007

More interesting and possibly contradicting stuff:

https://www.techpowerup.com/240283/intel-released-coffee-lake-knowing-it-was-vulnerable-to-spectre-and-meltdown
Quote:


> Intel's engineers would have had sufficient time to understand the severity of the vulnerability, as "Coffee Lake" is essentially the same micro-architecture as "Kaby Lake" and "Skylake." As one security researcher puts it, this could affect Intel's liability when 8th generation Core processor customers decide on a class-action lawsuit. *As if that wasn't worse, "Skylake" and later micro-architectures could require micro-code updates in addition to OS kernel patches to work around the vulnerabilities. The three micro-architectures are expected to face a performance-hit*, despite Intel extracting colorful statements from its main cloud-computing customers that performance isn't affected "in the real-world." The company was also well aware of Spectre and Meltdown before its CEO dumped $22 million in company stock and options (while investors and the SEC were unaware of the vulnerabilities).


That seems to contradict this, where the Skylake patches are pretty good, but older archs are pretty bad:

https://lkml.org/lkml/2018/1/4/432

Or maybe not, because older archs may do just fine without micro-code updates and instead if software adopts Google's Retpoline strategy (see article below). Apparently Retpoline isn't effective with Skylake (read: Skylake arch based CPUs, including Kaby Lake and Coffee Lake) because its branch predictor is too recklessly good for its own good.

https://support.google.com/faqs/answer/7625886


----------



## cekim

Quote:


> Originally Posted by *randomizer*
> 
> Better than waiting for a BIOS update that may never come. Or, for that matter, assuming that more than a tiny fraction of users will actually update their BIOS.


This and in a production environment reboots are bad enough without potential suicide switches thrown to flash a bios. The more you can do with ipmi and minimal to no risk of bricking the more cost effective an enterprise scale IT setup will be. The bios is a means to an end. Bring it up. The rest is best left to the os.


----------



## Blameless

Quote:


> Originally Posted by *superstition222*
> 
> This strikes me as fallacious reasoning.
> 
> It sounds like you prefer the Mac platform, then. You automatically get BIOS updates with security patches.
> 
> Stupidity/incompetence/laziness on the part of Joe and Sally Schmoe aren't a good enough reason to kludge important security patches, patches that belong at the lowest level possible.
> 
> At most, all you guys are arguing for is redundant patching. BIOS patching and OS-level patching that kicks in for the Joe and Sally incompetence.


The last official firmware for most of my boards was released quite some time ago, and most manufacturers are not likely to push out new updates, no matter how extreme the vulnerability.

OS level CPU microcode patches are a good thing. I can and will apply firmware microcode updates manually, myself, but most people cannot, and modifying firmware this way generally has no support from manufacturers.


----------



## cekim

Quote:


> Originally Posted by *superstition222*
> 
> At most, all you guys are arguing for is redundant patching. BIOS patching and OS-level patching that kicks in for the Joe and Sally incompetence.


Utterly false. You are missing numerous use cases outside your own personal one.

There is vast amount of perfectly useable, valuable and frankly deployed regardless hardware out there that will either never have a new bios provided or operate in an environment where the risk of a bios flash bricking is too great to permit regular patching.

Waiting on or being tied to bios flash is not a scalable or secure methodology. This is how we end up with billion node iot botnets.


----------



## khanmein




----------



## Alex132

Quote:


> Originally Posted by *Blameless*
> 
> Quote:
> 
> 
> 
> Originally Posted by *superstition222*
> 
> This strikes me as fallacious reasoning.
> 
> It sounds like you prefer the Mac platform, then. You automatically get BIOS updates with security patches.
> 
> Stupidity/incompetence/laziness on the part of Joe and Sally Schmoe aren't a good enough reason to kludge important security patches, patches that belong at the lowest level possible.
> 
> At most, all you guys are arguing for is redundant patching. BIOS patching and OS-level patching that kicks in for the Joe and Sally incompetence.
> 
> 
> 
> The last official firmware for most of my boards was released quite some time ago, and most manufacturers are not likely to push out new updates, no matter how extreme the vulnerability.
> 
> OS level CPU microcode patches are a good thing. I can and will apply firmware microcode updates manually, myself, but most people cannot, and modifying firmware this way generally has no support from manufacturers.
Click to expand...

Last update for my motherboard was 2012. Feels bad man.


----------



## Offler

Quote:


> Originally Posted by *tpi2007*
> 
> More interesting and possibly contradicting stuff:
> 
> https://www.techpowerup.com/240283/intel-released-coffee-lake-knowing-it-was-vulnerable-to-spectre-and-meltdown
> That seems to contradict this, where the Skylake patches are pretty good, but older archs are pretty bad:
> 
> https://lkml.org/lkml/2018/1/4/432
> 
> Or maybe not, because older archs may do just fine if software adopts Google's Retpoline strategy (see article below). Apparently Retpoline isn't effective with Skylake because its branch predictor is too good for its own good.
> 
> https://support.google.com/faqs/answer/7625886


I would suspect that engineers responsible for development were aware of the issue, but by then it was far too late to do anything.
Quote:


> Originally Posted by *superstition222*
> 
> This strikes me as fallacious reasoning.
> 
> It sounds like you prefer the Mac platform, then. You automatically get BIOS updates with security patches.
> 
> Stupidity/incompetence/laziness on the part of Joe and Sally Schmoe aren't a good enough reason to kludge important security patches, patches that belong at the lowest level possible.
> 
> At most, all you guys are arguing for is redundant patching. BIOS patching and OS-level patching that kicks in for the Joe and Sally incompetence.


There are various methods which are/will be deployed. Page table isolation on OS's for CPUs which are affected by Meltdown. AMD microcode patch for negating one of the Specter vulnerability...

Edit:
What puzzles me personally is that I have old CPU, on rather old MB. I even dont know whether my CPU has the one Specter vulnerability (its highly possible). Ryzens and FX CPUs have been tested and proven to be vulnerable. Yet both Ryzens and FX cores are quite different from old-fashioned Phenoms and Athlons.

I just checked that eBPF JIT is not present on my system, which negates vulnerability variant 1.


----------



## sumitlian

Quote:


> Originally Posted by *iamjanco*
> 
> The saga continues:
> 
> 
> Spoiler: Warning: Spoiler!
> 
> 
> 
> Subject Re: Bricked x86 CPU with software?
> From Hector Martin 'marcan' <>
> Date Fri, 5 Jan 2018 10:29:25 +0900
> 
> On 2018-01-05 10:21, Tim Mouraveiko wrote:
> >> On Thu 2018-01-04 14:13:56, Tim Mouraveiko wrote:
> >> Actually... I don't think your code works. That's why I'm curious. But
> >> if it works, its rather a big news... and I'm sure Intel and cloud
> >> providers are going to be interested.
> >>
> >
> > I first discovered this issue over a year ago, quite by accident. I changed the code I was
> > working on so as not to kill the CPU (as that is not what I was trying to). We made Intel aware
> > of it. They didn´t care much, one of their personnel suggesting that they already knew about it
> > (whether this is true or not I couldn´t say). It popped up again later, so I had to fix the code
> > again. It could be a buggy implementation of a certain x86 functionality, but I left it at that
> > because I had better things to do with my time.
> >
> > Now this news came up about meltdown and spectre and I was curious if anyone else had
> > experienced a dead CPU by software, too. Meltdown and spectre are undeniably a problem,
> > but the magnitude and practicality of it is questionable.
> >
> > I suspect that what I discovered is either a kill switch, an unintentional flaw that was
> > implemented at the time the original feature was built into x86 functionality and kept
> > propagating through successive generations of processors, or could well be that I have a
> > very destructive and targeted solar flare that is after my CPUs. So, I figured I would put the
> > question out there, to see if anyone else had a similar experience. Putting the solar flare idea
> > aside, I can´t conclusively say whether it is a flaw or a feature. Both options are supported at
> > this time by my observations of the CPU behavior.
> >
> 
> If you made Intel aware of the issue a year ago, and they weren't
> interested, then the responsible thing to do is disclose the problem
> publicly. This is a security issue (if trusted code can brick a CPU,
> it's an issue for bare metal hosting providers; if untrusted code can
> brick a CPU, it's a *huge* issue for every cloud provider and many, many
> others who run code in various sandboxes). If the vendor is not
> receptive to coordinated disclosure, the only option is public
> disclosure to at least make people aware of the problem and allow for
> mitigations to be developed, if possible.
> 
> Personally, I would be very interested in seeing such code. We've seen
> several ways to brick nonvolatile firmware (writable BIOSes, bad CMOS
> data, etc.), but bricking a CPU is a first. The only way that can happen
> is either blowing a kill fuse, or causing actual hardware damage, since
> CPUs have no nonvolatile memory other than fuses. Either way this would
> be a very interesting result.
> 
> Source: *Re: Bricked x86 CPU with software?*


It is plain obvious that the "Kill Switch" had been developed in mind to have the power of shutting down the whole other countries in advance in case of next big War. In the digital world where engineers putting their whole life to find out the methods to minimize the number of gates required to do a certain operation so that they can make the circuit as efficient as humanly possible, how can anybody even say that this switch was a result of design shortcoming specially when the traces of that switch stretch to list of CPUs made in last 20+ years ? That doesn't make sense. It literally wasn't a design flaw. Respectfully, anybody who can't get the vibe is plain dumb.

Intel is a messenger of New World Order, period







, may be it is for greater good people don't generally understand but if it was for that then they should have made it so secret that it should have not been detected by anyone except Intel and higher power, in the world. Now they have created a risk of the sensitive data of everyone in the world being stolen(read) by bad evil hackers that exist everywhere. Are Intel willing to admit all this ?


----------



## randomizer

Quote:


> Originally Posted by *Alex132*
> 
> Last update for my motherboard was 2012. Feels bad man.


I feel your pain. Mine was last updated in early 2011, although I stopped updating in 2010.


----------



## cekim

Quote:


> Originally Posted by *sumitlian*
> 
> It is plain obvious that the "Kill Switch" had been developed in mind to have the power of shutting down the whole other countries in advance in case of next big War. In the digital world where engineers putting their whole life to find out the methods to minimize the number of gates required to do a certain operation so that they can make the circuit as efficient as humanly possible, how can anybody even say that this switch was a result of design shortcoming


So, uh, I gather you haven't been part of the design of multi hundred million to multi billion gate ASIC?

Because I hate to break it to you but the days of tuning gate by gate have been gone for a while. They tune the snot out of process and key components that show up in timing/layout or identified early on in architecture but there's plenty of ain't broke don't fix and have you seen all the cruft in the x86 instruction set gong back to the 80s?


----------



## sumitlian

Quote:


> Originally Posted by *cekim*
> 
> So, uh, I gather you haven't been part of the design of multi hundred million to multi billion gate ASIC?
> 
> Because I hate to break it to you but the days of tuning gate by gate have been gone for a while. They tune the snot out of process and key components that show up in timing/layout or identified early on in architecture but there's plenty of ain't broke don't fix and have you seen all the cruft in the x86 instruction set gong back to the 80s?


Intel have already said in your face "everything is working as designed".

No I haven't been all the cruft in the x86 instruction set going back to the 80s, but you are still omitting the piece associated with "ain't broke don't fix", specially when you know "the piece" exists in there. This already gain proves my point that either it was intentional to let the kill switch be in there or they didn't care to reduce it to the point where it should guarantee it will not make contact to higher level software layers. I am certainly not at all even close to having medium level knowledge in all of this design of multi billion gate ASIC, but your speculation on this that it was left out because it would not cause any noticeable in-efficiencies still doesn't have any actual proof in this case to have upper-hand over what I speculated. Time will tell. I didn't write all that to win.

In any of the cases, it was Intel's fault, period and I am not saying that AMD CPUs might not have such design within them, it is about time when it would be found out.


----------



## kx11

Quote:


> Originally Posted by *khanmein*


same thing here






































no solution yet


----------



## randomizer

Quote:


> Originally Posted by *kx11*
> 
> same thing here
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> no solution yet


That tool is for detecting a different vulnerability. It has nothing to do with Meltdown and Spectre


----------



## khanmein

@kx11 This is not so serious, did you remember the Ring 0, the trusted execution platform & the management engine? Those patches still haven't released until now.


----------



## nanotm

Quote:


> Originally Posted by *khanmein*
> 
> @kx11 This is not so serious, did you remember the Ring 0, the trusted execution platform & the management engine? Those patches still haven't released until now.


yeah you just have to disable hyper threading to mitigatge that problem >>>>> 50% + performance loss and then add in the performance loss of the new "flaw" patch and your good to go on your not quite as powerful as my 7 year old fx cpu.....


----------



## kd5151

AMDs finewine works with cpus also?


----------



## nanotm

Quote:


> Originally Posted by *kd5151*
> 
> AMDs finewine works with cpus also?


wouldn't know but Irish coffee is nice


----------



## guttheslayer

Quote:


> Originally Posted by *superstition222*
> 
> So? My point is just that complaining about how old something is is pointless unless there is something better, better not just in terms of the tech's innate efficiency but also in its efficiency of deployment. Cost/benefit ratio often trumps the latest coolest tech.
> 
> The wheel is old tech. A lot of the time it's very useful in the present day.


Ppl like you defending them is why they are continuing to milk us like no tml, at least AMD have a good change in their CPU architecture.

And by your definition that means AMD should stick to their BZ?


----------



## jagdtigger

Quote:


> Originally Posted by *guttheslayer*
> 
> Ppl like you defending them is why they are continuing to milk us like no tml, at least AMD have a good change in their CPU architecture.
> 
> And by your definition that means AMD should stick to their BZ?


Just leave him alone, fanboys wont listen to reason...


----------



## sumitlian

Boy these emails are interesting as hell lol
https://lkml.org/lkml/2018/1/3/837

We don't know for sure if AMD CPUs are literally immune to such attacks.








https://github.com/marcan/speculation-bugs/blob/master/README.md


P.S. Found this on twitter


Spoiler: Warning: Spoiler!



https://twitter.com/marcan42?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor


----------



## nanotm

Quote:


> Originally Posted by *sumitlian*
> 
> Boy these emails are interesting as hell lol
> https://lkml.org/lkml/2018/1/3/837
> 
> We don't know for sure if AMD CPUs are literally immune to such attacks.
> 
> 
> 
> 
> 
> 
> 
> 
> https://github.com/marcan/speculation-bugs/blob/master/README.md
> 
> 
> P.S. Found this on twitter
> 
> 
> Spoiler: Warning: Spoiler!
> 
> 
> 
> https://twitter.com/marcan42?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor


back when pentium4 was released intel bragged they had a hardware kill switch built into the cpu's so they couldn't be misused by a foreign entity most people ignored it and bought their hardware anyway

all this indicates is that an attacker can brick your cpu, but likely only if they have direct access to the pc or tunnel in through the IME backdoor (you know that thing about disabling HT as a mitigation to block access until new mobo's can be released without this "feature" on them)


----------



## JackCY

If there is a flaw with Zen, I'm sure it will be found eventually as Zen based CPUs get popular on online hosting services.

For server use... well they should have an OS that protects against these kinds of hardware attacks even if it runs hell slow.
For consumer use though, IMHO, there is no need to penalize everyone and at least give an option to disable these protections on products that have not been proven yet to be affected by these specific bugs and if there are new bugs found for them later it's likely they will need their own patch anyway.

nanotm: that would be "hilarious" if someone shut the crap down of Intel with ME, problem is getting over the dozens of firewalls and other obstacles... so even if the machines are trash security wise, getting to them is difficult, that's why this new design flaw is a big issue, the machines can be accessed when you run your code in VMs etc.







And then R.I.P. Amazon and many other VM providers.

Maybe next they should look at security on Nvidia GPUs when used in datacenters


----------



## Offler

Quote:


> Originally Posted by *sumitlian*
> 
> Boy these emails are interesting as hell lol
> https://lkml.org/lkml/2018/1/3/837
> 
> We don't know for sure if AMD CPUs are literally immune to such attacks.
> 
> 
> 
> 
> 
> 
> 
> 
> https://github.com/marcan/speculation-bugs/blob/master/README.md


One of the factors why Spectre works is using Branch Prediction features to exectute "speculative execution" which dumps requested cache/memory. It was reproduced on certain AMDs only when eBPF JIT was enabled, but worked unrestriced on Haswell cores.
https://googleprojectzero.blogspot.de

One of the reasons why it was not working on AMD FX or AMD PRO (Ryzen cores) could be different work of the Branch Prediction mechanism compared to Intel. Internal working of these mechanisms are not as availble to public as were in case of Intel CPUs. That itself is a protecting factor in favor of AMD.

Yet there is another important factor and thats time how long data gathered in CPU cache remain after succesfull "speculative execution", Information about how big is the penalty fo branchr misprediction are available. Shorter the time (in CPU cycles), the better. AMD K10 (Athlon, Phenom) have this time on 12-13 cycles. Therefore even if you succesfully executed "speculative execution", output might be flushed from the cache before it could be dumped.

Enabling eBPF JIT probably accelerated the command a bit, and allowed to get dump from cache while the data were still valid. If your CPU does not support specific branch prediction which was used on this attack, or in case of AMD, there is no support for eBFP JIT, the attack will probably not work.

Even if your CPU does support the branch prediction whcih was used to execute "speculative execution" as in Spectreattack, it might be problematic, or nearly impossible to access the cache dump before its flushed from it as a result of branch misprediction. Primary reason why the attack was successful is that data from mispredictions are stored in CPU cache long enough.

In regard of branch prediction features it seems that AMD and Intel differe a lot. So much that the attack might be ineffective.


----------



## nanotm

Quote:


> Originally Posted by *JackCY*
> 
> If there is a flaw with Zen, I'm sure it will be found eventually as Zen based CPUs get popular on online hosting services.
> 
> For server use... well they should have an OS that protects against these kinds of hardware attacks even if it runs hell slow.
> For consumer use though, IMHO, there is no need to penalize everyone and at least give an option to disable these protections on products that have not been proven yet to be affected by these specific bugs and if there are new bugs found for them later it's likely they will need their own patch anyway.
> 
> nanotm: that would be "hilarious" if someone shut the crap down of Intel with ME, problem is getting over the dozens of firewalls and other obstacles... so even if the machines are trash security wise, getting to them is difficult, that's why this new design flaw is a big issue, the machines can be accessed when you run your code in VMs etc.
> 
> 
> 
> 
> 
> 
> 
> And then R.I.P. Amazon and many other VM providers.
> 
> Maybe next they should look at security on Nvidia GPUs when used in datacenters


yeah thats what made me laugh at the intel claim of having a backdoor kill switch, they would need local access to trigger it due to firewalls etc.... otoh in recent years its become apparent that most modems and routers have had similar backdoors in them which indicates that there might be an industry wide problem and that the world is just "lucky" every pc in the world wasn't taken offline already ....


----------



## xXlAinXx

Not quoting, anyway to fix all of this without performance degradation the CPU should just invalidate apriori the cached portion till proven otherwise.
As per AMD, it is affected since the memory can and will be mapped @ certain point as per design.


----------



## Offler

Quote:


> Originally Posted by *xXlAinXx*
> 
> Not quoting, anyway to fix all of this without performance degradation the CPU should just invalidate apriori the cached portion till proven otherwise.
> As per AMD, it is affected since the memory can and will be mapped @ certain point as per design.


For now you might succeed with executing speculative prediction, but in most cases you would not get the data, as they will be not accessible at the time when you attempt to. Patches and firmware are about to fix the first part ,so branch prediction will be somehow limited.


----------



## Jpmboy

Quote:


> Originally Posted by *cekim*
> 
> Windows insider, super-geek, early access, inner ring, circling the bowl already got "the patch" - it rolls out everywhere else next Tuesday from what I've read.
> 
> A few reviewers have tested it reasonably well and its a yawn for gamers but benchmarks and HPC that involves DBs and I/O are potentially in for quite a bit more hurt at this point.
> 
> Linux kernel also got various patches...


uh-oh... geek-insider here. But any updates are manual in my case. I'll do one of the machines here and see if it borks the thing.








Quote:


> Originally Posted by *Dimaggio1103*
> 
> Never been happier with my Ryzen purchase. *I mean the CEO dumped his shares right before the news broke.* Tells you everything you need to know. Can wait to see how Hardware Unboxed tries to spin this one.


First - that would be a violation of SEC and other trading rules. Second - you may experience this some day - stock and or option grants to execs expire if not exercised or "sold" (usually as a "cashless transaction) after a certain period of time. Believe me, no CEO, _especially_ Intel's CEO is going to sell shares/options without a prior sale order, which requires at least 90 day notification to the BOD. And certainly not when there is the appearance of insider information involved. Rewmember Sam Waskel and Martha Stewart?


----------



## sumitlian

Quote:


> Originally Posted by *Offler*
> 
> 
> 
> Spoiler: Warning: Spoiler!
> 
> 
> 
> One of the factors why Spectre works is using Branch Prediction features to exectute "speculative execution" which dumps requested cache/memory. It was reproduced on certain AMDs only when eBPF JIT was enabled, but worked unrestriced on Haswell cores.
> https://googleprojectzero.blogspot.de
> 
> One of the reasons why it was not working on AMD FX or AMD PRO (Ryzen cores) could be different work of the Branch Prediction mechanism compared to Intel. Internal working of these mechanisms are not as availble to public as were in case of Intel CPUs. That itself is a protecting factor in favor of AMD.
> 
> Yet there is another important factor and thats time how long data gathered in CPU cache remain after succesfull "speculative execution", Information about how big is the penalty fo branchr misprediction are available. Shorter the time (in CPU cycles), the better. AMD K10 (Athlon, Phenom) have this time on 12-13 cycles. Therefore even if you succesfully executed "speculative execution", output might be flushed from the cache before it could be dumped.
> 
> Enabling eBPF JIT probably accelerated the command a bit, and allowed to get dump from cache while the data were still valid. If your CPU does not support specific branch prediction which was used on this attack, or in case of AMD, there is no support for eBFP JIT, the attack will probably not work.
> 
> Even if your CPU does support the branch prediction whcih was used to execute "speculative execution" as in Spectreattack, it might be problematic, or nearly impossible to access the cache dump before its flushed from it as a result of branch misprediction. Primary reason why the attack was successful is that data from mispredictions are stored in CPU cache long enough.
> 
> In regard of branch prediction features it seems that AMD and Intel differe a lot. So much that the attack might be ineffective.


Hmm, AMD say they used improved branch-prediction using hashed perceptron. This could be the reason as well why it didn't work for them yet.
I think it is about time they start encrypting even cache memory too in real time, at least it should make it even harder for a decade or so !?
Quote:


> Originally Posted by *nanotm*
> 
> 
> 
> Spoiler: Warning: Spoiler!
> 
> 
> 
> back when pentium4 was released intel bragged they had a hardware kill switch built into the cpu's so they couldn't be misused by a foreign entity most people ignored it and bought their hardware anyway


Seriously I didn't know that.









Now I am getting it, this makes more sense now








Intel: "Everything is working as designed" (we had told you already)









instead of,
Intel: "Everything is working as designed"


----------



## Echoa

I think the worst part of all this is the awful research done by most media on all of this. Most places claiming its Intel only and that the fix decimates performance and essentially that home users should be shaking in their boots.....ugh


----------



## Neokolzia

Quote:


> Originally Posted by *Echoa*
> 
> I think the worst part of all this is the awful research done by most media on all of this. Most places claiming its Intel only and that the fix decimates performance and essentially that home users should be shaking in their boots.....ugh


its the media, do you expect anything else? They go for the hardest hitting half truth they can go for and run with it


----------



## Kalpa

Aight, patched my Win10 with the Cumulative Update for Windows 10 Version 1703 for x64-based Systems (KB4056891), which supposedly is the big Meltdown patch.

Just for the kicks, did a Cinebench benchmark (only a single run, not even trying for any serious science here) before and after patch.

Before patch: 1026
After patch: 1028

So, looks like zero impact on this particular task at least. Which is actually pretty much what I expected.


----------



## sumitlian

Quote:


> Originally Posted by *Neokolzia*
> 
> its the media, do you expect anything else? They go for the hardest hitting half truth they can go for and run with it


Never thought this day would come, but this makes CNN the good boy instead of tens of tech specific media, since CNN were the one taking all vendor into account.


----------



## Offler

Quote:


> Originally Posted by *sumitlian*
> 
> Hmm, AMD say they used improved branch-prediction using hashed perceptron. This could be the reason as well why it didn't work for them yet.
> I think it is about time they start encrypting even cache memory too in real time, at least it should make it even harder for a decade or so !?


Yes, I read something about encryption on cache level. Proper buffer management or proper buffer desing for branch prediction is apparenlty the key how to mitigate the attack.

Branch predictions store data in Buffers. Which means it should be read once and cleared. The bigger the buffer, or data are cleared only before memory space in cache is re-used = higher risk of leak.

Apparently the timing is crucial factor for attack to work. We are speaking about microseconds.

Edit:
Another interesting fact is that CPU is able to check correct output of Branch prediction, and misprediction. Too high misprediction rate resulting in terminating the process would help as well.


----------



## assaulth3ro911

Best part is that Microsoft won't nerf AMD on Intel's behalf because Microsoft recently bought Epyc CPUs. This means AMD is pulling ahead AGAIN.


----------



## figuretti

Here comes the class action lawsuit...

https://www.businesswire.com/news/home/20180104006325/en/Branstetter-Stranch-Jennings-Doyle-APC-Announce-Filing

PS: dat kill switch mailing list... DAMN... x.x


----------



## sumitlian

Quote:


> Originally Posted by *Offler*
> 
> 
> 
> Spoiler: Warning: Spoiler!
> 
> 
> 
> Yes, I read something about encryption on cache level. Proper buffer management or proper buffer desing for branch prediction is apparenlty the key how to mitigate the attack.
> 
> Branch predictions store data in Buffers. Which means it should be read once and cleared. The bigger the buffer, or data are cleared only before memory space in cache is re-used = higher risk of leak.
> 
> Apparently the timing is crucial factor for attack to work. We are speaking about microseconds.
> 
> Edit:
> Another interesting fact is that CPU is able to recognize correct output of Branch prediction, and misprediction. Too high misprediction rate resulting in terminating the process would help as well.


Yeah, to me it seems, lower the internal latencies = higher the chances of getting attacked. Of course you have to be extremely fast in getting any data.
Edit: I meant, yeah higher buffer with prediction success = more risk, indeed.
Quote:


> Originally Posted by *assaulth3ro911*
> 
> Best part is that Microsoft won't nerf AMD on Intel's behalf because Microsoft recently bought Epyc CPUs. This means AMD is pulling ahead AGAIN.


LMAO


----------



## besthijacker

Quote:


> Originally Posted by *figuretti*
> 
> Here comes the class action lawsuit...
> 
> https://www.businesswire.com/news/home/20180104006325/en/Branstetter-Stranch-Jennings-Doyle-APC-Announce-Filing
> 
> PS: dat kill switch mailing list... DAMN... x.x


I will enjoy my $1.


----------



## sumitlian

Intel ought to give away latest Xeons to these companies to compensate for performance impact.


----------



## azanimefan

Quote:


> Originally Posted by *Jpmboy*
> 
> First - that would be a violation of SEC and other trading rules. Second - you may experience this some day - stock and or option grants to execs expire if not exercised or "sold" (usually as a "cashless transaction) after a certain period of time. Believe me, no CEO, _especially_ Intel's CEO is going to sell shares/options without a *prior sale order*, which requires at least 90 day notification to the BOD. And certainly not when there is the appearance of insider information involved. Rewmember Sam Waskel and Martha Stewart?


Yes, he got a prior sale order to sell all but 250,000 shares he owns in Intel (he sold 680,000 shares). Intel requires him to own 250,000 shares in order to remain CEO of the company. So he completely divested his holding in Intel. Selling not just his current shares, but his stock options as well.

However. And this is the main key. He learned about this vulnerability in MAY 2017. The NDA was for JAN 2018. He sold his stocks in October 30th. 90 days prior to 10/30 was 8/2. He knew about the security flaw at the time he filed to sell ALL the Intel stock he could sell and remain Intel CEO. FYI, there already have been calls for an investigation into those sales to the SEC. By the way he netted a cold 36 mil from the sale.
Quote:


> Originally Posted by *Echoa*
> 
> I think the worst part of all this is the awful research done by most media on all of this. Most places claiming its Intel only and that the fix decimates performance and essentially that home users should be shaking in their boots.....ugh


On windows pcs the bug ONLY affects Intel. On Linux one version of Spector affects AMD only if one feature in the bios is turned off (it's on by default).

I'd say the press keeping it simple and saying it affects Intel only is close enough to the truth, considering what needs to happen to make AMD vulnerable. Furthermore both a software fix (in Linux) or a bios patch can fix the AMD issue; and that AMD issue doesn't even work in windows. Nothing can fix Intel's vulnerability to Specter, and the only known fix for Meltdown hit's Intel's performance up to 30% in high I/O call environments (such as running a SQL database).


----------



## Echoa

Quote:


> Originally Posted by *azanimefan*
> 
> is close enough to the truth


this very thought is a cancer on reporting, and you know good and well they arent "keeping it simple". regardless of potential closeness to the truth theyre simply writing for maximum fear mongering effect and to think otherwise is foolish.

Also, its my understanding the Spectre isnt fully understood yet (and is actually the more severe all things considered) or the potential for use in other systems partially because of lack of public documentation regarding AMDs speculative execution (on AMD side that is). Intel has heavy documentation and it is very well understood hence meltdown and our knowing exactly how it effects those systems.

Also, this isnt to say that Intel isnt the poster child of this whole deal, theyre the most heavily effected but no reporting should ever settle at "Eh, close enough"


----------



## khanmein

Quote:


> Originally Posted by *nanotm*
> 
> yeah you just have to disable hyper threading to mitigatge that problem >>>>> 50% + performance loss and then add in the performance loss of the new "flaw" patch and your good to go on your not quite as powerful as my 7 year old fx cpu.....


Why should I disable HT? Actually, I don't have any performance impact, but regarding "This system is vulnerable" really pissed me off & make me feel not secure.









P.S. I'm Intel/Nvidia fanboy.


----------



## Offler

Quote:


> Originally Posted by *khanmein*
> 
> Why should I disable HT? Actually, I don't have any performance impact, but regarding "This system is vulnerable" really pissed me off & make me feel not secure.
> 
> 
> 
> 
> 
> 
> 
> 
> 
> P.S. I'm Intel/Nvidia fanboy.


There is no reason to feel secure. And I am telling that from position when i know that impact of these three methods is either zero on my systems. If developed further there is some small chance it will work on AMD, but current countermeasures are going to make even further development hard..


----------



## sumitlian

Wow Google is so advanced








Quote:


> _In response to the vulnerabilities that were discovered we developed a novel mitigation called "Retpoline" -- a binary modification technique that protects against "branch target injection" attacks. We shared Retpoline with our industry partners and have deployed it on Google's systems, where we have observed negligible impact on performance._


----------



## aweir

The question is: could Intel have strategically waited until this moment in time to disclose the bug and release a patch that cuts performance by 30% in order to sell CPUs with more cores?


----------



## ibb27

NVidia Security Bulletin about Spectre and Meltdown attacks:
http://nvidia.custhelp.com/app/answers/detail/a_id/4611

The vulnerability has three known variants:

Variant 1 (CVE-2017-5753): Mitigations are provided with the security update included in this bulletin. NVIDIA expects to work together with its ecosystem partners on future updates to further strengthen mitigations.
Variant 2 (CVE-2017-5715): NVIDIA's initial analysis indicates that the NVIDIA GPU Display Driver is potentially affected by this variant. NVIDIA expects to work together with its ecosystem partners on future updates for this variant.
Variant 3 (CVE-2017-5754): At this time, NVIDIA has no reason to believe that the NVIDIA GPU Display Driver is vulnerable to this variant.

Next week, new GPU drivers with fixes.









Edit: For Linux, FreeBSD, Solaris they are ready now - 390.12, and 384.111.


----------



## Particle

Quote:


> Originally Posted by *Jpmboy*
> 
> First - that would be a violation of SEC and other trading rules. Second - you may experience this some day - stock and or option grants to execs expire if not exercised or "sold" (usually as a "cashless transaction) after a certain period of time. Believe me, no CEO, _especially_ Intel's CEO is going to sell shares/options without a prior sale order, which requires at least 90 day notification to the BOD. And certainly not when there is the appearance of insider information involved. Rewmember Sam Waskel and Martha Stewart?


He announced a future sale order on October 30 and the shares were sold just shy of a month later.


----------



## Offler

Quote:


> Originally Posted by *ibb27*
> 
> NVidia Security Bulletin about Spectre and Meltdown attacks:
> http://nvidia.custhelp.com/app/answers/detail/a_id/4611
> 
> The vulnerability has three known variants:
> 
> Variant 1 (CVE-2017-5753): Mitigations are provided with the security update included in this bulletin. NVIDIA expects to work together with its ecosystem partners on future updates to further strengthen mitigations.
> Variant 2 (CVE-2017-5715): NVIDIA's initial analysis indicates that the NVIDIA GPU Display Driver is potentially affected by this variant. NVIDIA expects to work together with its ecosystem partners on future updates for this variant.
> Variant 3 (CVE-2017-5754): At this time, NVIDIA has no reason to believe that the NVIDIA GPU Display Driver is vulnerable to this variant.
> 
> Next week, new GPU drivers with fixes.
> 
> 
> 
> 
> 
> 
> 
> 
> 
> Edit: For Linux, FreeBSD, Solaris they are ready now - 390.12, and 384.111.


Yes. All AMD graphics using GCN contain thousands of ARM cores.


----------



## OutlawII

Quote:


> Originally Posted by *Echoa*
> 
> I think the worst part of all this is the awful research done by most media on all of this. Most places claiming its Intel only and that the fix decimates performance and essentially that home users should be shaking in their boots.....ugh


Excellent point also from the sounds of it performance impacts will be neglible after the patch


----------



## GeneO

Quote:


> Originally Posted by *besthijacker*
> 
> I will enjoy my $1.


I got $1 once. Then again I got $30 for a class action against a video card manufacturer.


----------



## besthijacker

Quote:


> Originally Posted by *GeneO*
> 
> I got $1 once. Then again I got $30 for a class action against a video card manufacturer.


Never got it and I bought two of those cards. Money must have run out. Oh well. The only winners here are lawyer company that is suing.


----------



## yamnakshatriya

Quote:


> Originally Posted by *aweir*
> 
> The question is: could Intel have strategically waited until this moment in time to disclose the bug and release a patch that cuts performance by 30% in order to sell CPUs with more cores?


Yah, exactly. They essentially released a fake new generation, charged it at full price, and then the news was released once all the early adopters had purchased the item. Good thing the 8700k I got was heavily discounted - that discount makes perfect sense now too.


----------



## OutlawII

Correct me if I'm wrong but AMD knew of this too and never said anything


----------



## maltamonk

Apple just announced all of it's products are effected.

http://www.bbc.com/news/technology-42575033


----------



## zeall0rd

Ladies and Gents, I need a definitive answer on this, if possible.

Let's assume I download and update the microcode update by intel for skylake and newer, but deactivate "Windows OS support for branch target injection mitigation" in the registry. Does that equal a performance impact ? Say I am running a semi-air-gapped system (hardware firewall, only connections from and to update servers allowed) and do not need those security features. I know I can deactivate the meltdown KPTI feature in Windows and Linux, but I'm wondering whether I can install the BIOS update with the new microcode, when available, without losing performance or not.


----------



## yamnakshatriya

Quote:


> Originally Posted by *OutlawII*
> 
> Correct me if I'm wrong but AMD knew of this too and never said anything


Didn't the researchers have to sign a NDA with Intel? Intel probably pressured AMD too.


----------



## Mysticial

Quote:


> Originally Posted by *zeall0rd*
> 
> Ladies and Gents, I need a definitive answer on this, if possible.
> 
> Let's assume I download and update the microcode update by intel for skylake and newer, but deactivate "Windows OS support for branch target injection mitigation" in the registry. Does that equal a performance impact ? Say I am running a semi-air-gapped system (hardware firewall, only connections from and to update servers allowed) and do not need those security features. I know I can deactivate the meltdown KPTI feature in Windows and Linux, but I'm wondering whether I can install the BIOS update with the new microcode, when available, without losing performance or not.


If the microcode update involves disabling or weakening the branch target predictor on the processor, then it will have a performance impact regardless of what patches you have installed. But I don't believe Intel has disclosed the details of what such an update would do.

For all practical purposes, these fixes (and the subsequent performance regressions) are probably going to be forced down every down everyone one way or another. Avoiding them will become increasingly difficult as they'll come bundled with things like BIOS updates or OS updates.


----------



## maltamonk

Quote:


> Originally Posted by *OutlawII*
> 
> Correct me if I'm wrong but AMD knew of this too and never said anything


They have http://www.amd.com/en/corporate/speculative-execution


----------



## cekim

Quote:


> Originally Posted by *OutlawII*
> 
> Correct me if I'm wrong but AMD knew of this too and never said anything


Some of of this has been known for quite some time but deemed to be less of a threat than it really is for lack of a compelling PoC showing how easy it was (aka JavaScript in a VM breaking out of its guest).

Other parts were held close by all involved to try to develop a mitigation prior to telling the scum of the earth how to compromise every pc on the planet with a wad of JavaScript added to the monero mining exploit running in your browser...

Never ascribe to conspiracy what can be explained by incompetence.

Can't speak to the stock trades that definitely looks fishy AF, but I'm quite sure this was not done on purpose to 'sell more cores' since the additional cores it will be selling are those of its competitor...


----------



## yamnakshatriya

Quote:


> Originally Posted by *cekim*
> 
> Some of of this has been known for quite some time but deemed to be less of a threat than it really is for lack of a compelling PoC showing how easy it was (aka JavaScript in a VM breaking out of its guest).
> 
> Other parts were held close by all involved to try to develop a mitigation prior to telling the scum of the earth how to compromise every pc on the planet with a wad of JavaScript added to the monero mining exploit running in your browser...
> 
> Never ascribe to conspiracy what can be explained by incompetence.
> 
> Can't speak to the stock trades that definitely looks fishy AF, but I'm quite sure this was not done on purpose to 'sell more cores' since the additional cores it will be selling are those of its competitor...


They were told in June of the problem.
Release a magical 30% performance improvement in October.
CEO sells all shares in October, when share prices are at all time high. Probably other execs too.
Scale of problem becomes public in January.
Fix requires a sudden 30% drop in processor performance.

Seems like class action lawsuit material to me! And it will probably go to that, and I bet discovery will show this was the exact strategy.


----------



## cekim

Quote:


> Originally Posted by *yamnakshatriya*
> 
> They were told in June of the problem.
> Release a magical 30% performance improvement in October.
> CEO sells all shares in October, when share prices are at all time high. Probably other execs too.
> Scale of problem becomes public in January.
> Fix requires a sudden 30% drop in processor performance.
> 
> Seems like class action lawsuit material to me! And it will probably go to that, and I bet discovery will show this was the exact strategy.


No doubt the flesh eating lawyers will eat flesh..

There's a problem with your specific theory though....

No 30% drop in games, rendering or frankly most consumer apps...

Even my use case of frequently writing large DBs that is taking a hit doesn't take a 30% application level hit because existing optimitions to limit I/O are without edit already mitigating the impact. DB insertion with optimizations so far appears to be unchanged...

The 50% slowdown is of a specific case that was already something to be avoided. DB insertion and frankly all write I/O is always a problem for enterprise. The read impact is much smaller 1-3% so far is what I'm seeing in Linux. Windows I/O is objectively terrible compared to Linux far more than 3% yet people still use it...

The malfeasance and negligence here isn't where you are looking... they did not plan this to sell more cores, they planned on not fixing it in core they knew had it because it wold have meant a 6-12 month delay on those products.

I'm agnostic on brands.... when athlons blew intel out of the water, I bought them. If TR had been able to beat SKYLX I would have bought it. Truth is TR could not beat my uCode modded haswell Xeons nor my SKLYX so I didn't buy it.

That is still true post patch-pocalypse by the way. My 2696v3 beats a TR in the applications and use cases that matter for my consumption.

Now as time goes on if it appears AMD has a genuine leg up on security and the price is right then I am gong to continue to look hard at using them in place of intel for things where security matters... I need secure VMs as much as I need raw computes but on different machines...


----------



## nanotm

Quote:


> Originally Posted by *cekim*
> 
> No doubt the flesh eating lawyers will eat flesh..
> 
> There's a problem with your specific theory though....
> 
> No 30% drop in games, rendering or frankly most consumer apps...
> 
> Even my use case of frequently writing large DBs that is taking a hit doesn't take a 30% application level hit because existing optimitions to limit I/O are without edit already mitigating the impact. DB insertion with optimizations so far appears to be unchanged...
> 
> The 50% slowdown is of a specific case that was already something to be avoided. DB insertion and frankly all write I/O is always a problem for enterprise. The read impact is much smaller 1-3% so far is what I'm seeing in Linux. Windows I/O is objectively terrible compared to Linux far more than 3% yet people still use it...
> 
> The malfeasance and negligence here isn't where you are looking... they did not plan this to sell more cores, they planned on not fixing it in core they knew had it because it wold have meant a 6-12 month delay on those products.
> 
> I'm agnostic on brands.... when athlons blew intel out of the water, I bought them. If TR had been able to beat SKYLX I would have bought it. Truth is TR could not beat my uCode modded haswell Xeons nor my SKLYX so I didn't buy it.
> 
> That is still true post patch-pocalypse by the way. My 2696v3 beats a TR in the applications and use cases that matter for my consumption.
> 
> Now as time goes on if it appears AMD has a genuine leg up on security and the price is right then I am gong to continue to look hard at using them in place of intel for things where security matters... I need secure VMs as much as I need raw computes but on different machines...


the fixes for the other 4 problems that currently exist within intel cpu's have yet to be released, intel announced in june there was a problem wiht the IME and users needed to get a bios fix that also happened to disable HT, should anyone actually get their cpu fully patched up and then play mmo's or older generation games we will see how hard gamer performance is hit (i suspect that given the beta testers were testing all of this stuff in conjunction wiht each other and leaked out up to 65% performance loss in some cases that the truth is somewhere between 35 to 50% drop for most use cases

as it stands there is a performance drop of between 5 and 30% depending on setup and workload.....


----------



## yamnakshatriya

Quote:


> Originally Posted by *cekim*
> 
> No doubt the flesh eating lawyers will eat flesh..
> 
> There's a problem with your specific theory though....
> 
> No 30% drop in games, rendering or frankly most consumer apps...
> 
> Even my use case of frequently writing large DBs that is taking a hit doesn't take a 30% application level hit because existing optimitions to limit I/O are without edit already mitigating the impact. DB insertion with optimizations so far appears to be unchanged...
> 
> The 50% slowdown is of a specific case that was already something to be avoided. DB insertion and frankly all write I/O is always a problem for enterprise. The read impact is much smaller 1-3% so far is what I'm seeing in Linux. Windows I/O is objectively terrible compared to Linux far more than 3% yet people still use it...
> 
> The malfeasance and negligence here isn't where you are looking... they did not plan this to sell more cores, they planned on not fixing it in core they knew had it because it wold have meant a 6-12 month delay on those products.
> 
> I'm agnostic on brands.... when athlons blew intel out of the water, I bought them. If TR had been able to beat SKYLX I would have bought it. Truth is TR could not beat my uCode modded haswell Xeons nor my SKLYX so I didn't buy it.
> 
> That is still true post patch-pocalypse by the way. My 2696v3 beats a TR in the applications and use cases that matter for my consumption.
> 
> Now as time goes on if it appears AMD has a genuine leg up on security and the price is right then I am gong to continue to look hard at using them in place of intel for things where security matters... I need secure VMs as much as I need raw computes but on different machines...


Maybe you are right. But it's the same difference really. *Gets pitchfork*


----------



## MysteryGuy

Is PCID supported for Windows 7? I've updated two Windows 7 systems on CPUs that claim to have both PCID and INVPCID support, but that support doesn't show as enabled.

I used the Powershell 5.1 Get-SpeculationControlSettings function to check. (See https://support.microsoft.com/en-hk/help/4073119/guide-to-protect-against-speculative-execution-side-channel-vulnerabil ).

"Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID optimization is enabled: False

Suggested actions

* Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injection mitigation.
* Follow the guidance for enabling Windows support for speculation control mitigations are described in https://support.microsoft.com/h
p/4072698

BTIHardwarePresent : False
BTIWindowsSupportPresent : True
BTIWindowsSupportEnabled : False
BTIDisabledBySystemPolicy : False
BTIDisabledByNoHardwareSupport : True
KVAShadowRequired : True
KVAShadowWindowsSupportPresent : True
KVAShadowWindowsSupportEnabled : True
KVAShadowPcidEnabled : False"

I booted Mobile Windows 10 on one of these systems, and under Windows 10 it does show

Windows OS support for PCID optimization is enabled: True.

So, I was wondering if they've omitted PCID optimization under Windows 7.

Anyone seen PCID enabled under Windows 7?

Thanks;


----------



## cekim

Quote:


> Originally Posted by *yamnakshatriya*
> 
> Maybe you are right. But it's the same difference really. *Gets pitchfork*


This is all very frustrating.....

Much like the only reason we don't have distributed power with household nuclear reactors the size of a generator is the jack wagons of the world who would irradiate their neighbors either intentionally or otherwise.

Aka: this is why we can't have nice things.


----------



## aweir

Quote:


> Originally Posted by *OutlawII*
> 
> Correct me if I'm wrong but AMD knew of this too and never said anything


So then they both conspired to wait 23 years before releasing a fix? Something's just not adding up here.


----------



## DrFPS

Quote:


> Originally Posted by *MysteryGuy*
> 
> I;


You have a better chance of having your question answered "here" OCN\ windows sub forum.


----------



## JackCY

Quote:


> Originally Posted by *nanotm*
> 
> yeah thats what made me laugh at the intel claim of having a backdoor kill switch, they would need local access to trigger it due to firewalls etc.... otoh in recent years its become apparent that most modems and routers have had similar backdoors in them which indicates that there might be an industry wide problem and that the world is just "lucky" every pc in the world wasn't taken offline already ....


Governments always have a kill switch, just shutdown electricity, good luck tweeting about what ever the government doesn't like :/
Nothing sends a country back to stone age like an electricity loss, couple that with depleted fuel reserves and oh my







No amount of hoarded bitcoin will save ya.

But yeah, most devices can be crippled at the least especially network. Kill switches, hmm, it's probable there always is something hidden for exclusive "customers".


----------



## Vlada011

I more think about sound problems after Windows 1709 Update.

I saw many station as CNBC, CNN talk about this problem as breaking news.
Comparing how they describe situation with this problem enthusiasts could understand better how they report and other news.
If some of them talk complete non-sense and cover Intel and claim something opposite than we know from many sources, you will understand better their news about serious things worldwide.
And than you can understand how other people feel who are experts on other field same as you in IT industry.


----------



## yamnakshatriya

Quote:


> Originally Posted by *nanotm*
> 
> the fixes for the other 4 problems that currently exist within intel cpu's have yet to be released, intel announced in june there was a problem wiht the IME and users needed to get a bios fix that also happened to disable HT, should anyone actually get their cpu fully patched up and then play mmo's or older generation games we will see how hard gamer performance is hit (i suspect that given the beta testers were testing all of this stuff in conjunction wiht each other and leaked out up to 65% performance loss in some cases that the truth is somewhere between 35 to 50% drop for most use cases
> 
> as it stands there is a performance drop of between 5 and 30% depending on setup and workload.....


I made my first PC and everything is compatible with AMD architecture. I bought from Amazon so they will refund me worst case scenario if seller doesn't accept return. Think I should remake with the Ryzen 7 1800X?


----------



## MysteryGuy

Quote:


> Originally Posted by *DrFPS*
> 
> You have a better chance of having your question answered "here" OCN\ windows sub forum.


Thanks. I'll give it a try there.


----------



## nanotm

Quote:


> Originally Posted by *yamnakshatriya*
> 
> I made my first PC and everything is compatible with AMD architecture. I bought from Amazon so they will refund me worst case scenario if seller doesn't accept return. Think I should remake with the Ryzen 7 1800X?


i have no idea what you should or shouldn't do at this point, chances are theres some other bug that will only afflict AMD cpu's

then again holding onto it could get you some free upgrade in a matter of weeks thats worth over a grand because intel decide its cheaper to foister good will and relase the 10th gen architecture tomorrow and offer free repalcemetns to all in warrenty cpu's (no de-lids, no second user or more than 2 yr old ones though) secure the world and show how fantastic they are (marketing coup of the century) its really too hard to guess the best option(s) what you choose to do is up to you


----------



## Offler

Quote:


> Originally Posted by *MysteryGuy*
> 
> Anyone seen PCID enabled under Windows 7?
> 
> Thanks;


PS C:\Program Files\PowerShell\6.0.0-rc.2> Get-SpeculationControlSettings
Speculation control settings for CVE-2017-5715 [branch target injection]

Hardware support for branch target injection mitigation is present: False
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: False
Windows OS support for branch target injection mitigation is disabled by system
policy: False
Windows OS support for branch target injection mitigation is disabled by absenc
of hardware support: True

Speculation control settings for CVE-2017-5754 [rogue data cache load]

Get-WmiObject : The term 'Get-WmiObject' is not recognized as the name of a cmd
et, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path
is correct and try again.
At C:\Program Files\PowerShell\Modules\SpeculationControl\1.0.1\SpeculationCont
ol.psm1:122 char:16
+ $cpu = Get-WmiObject Win32_Processor
+ ~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Get-WmiObject:String) [], CommandNot
oundException
+ FullyQualifiedErrorId : CommandNotFoundException

Umm. No idea. I might rather use older Powershell ?


----------



## yamnakshatriya

Quote:


> Originally Posted by *nanotm*
> 
> i have no idea what you should or shouldn't do at this point, chances are theres some other bug that will only afflict AMD cpu's
> 
> then again holding onto it could get you some free upgrade in a matter of weeks thats worth over a grand because intel decide its cheaper to foister good will and relase the 10th gen architecture tomorrow and offer free repalcemetns to all in warrenty cpu's (no de-lids, no second user or more than 2 yr old ones though) secure the world and show how fantastic they are (marketing coup of the century) its really too hard to guess the best option(s) what you choose to do is up to you


It's true. But they knowingly shipped bad product at full price, and their CEO did some pretty scummy stuff, then they tried to make it appear as if the problem affects AMDs and it basically doesn't. Either meltdown or spectre.

So I think I will do the return, out of spite. They deserve it.


----------



## MysteryGuy

Quote:


> Originally Posted by *Offler*
> 
> PS C:\Program Files\PowerShell\6.0.0-rc.2> Get-SpeculationControlSettings
> Speculation control settings for CVE-2017-5715 [branch target injection]
> 
> Hardware support for branch target injection mitigation is present: False
> Windows OS support for branch target injection mitigation is present: True
> Windows OS support for branch target injection mitigation is enabled: False
> Windows OS support for branch target injection mitigation is disabled by system
> policy: False
> Windows OS support for branch target injection mitigation is disabled by absenc
> of hardware support: True
> 
> Speculation control settings for CVE-2017-5754 [rogue data cache load]
> 
> Get-WmiObject : The term 'Get-WmiObject' is not recognized as the name of a cmd
> et, function, script file, or operable program.
> Check the spelling of the name, or if a path was included, verify that the path
> is correct and try again.
> At C:\Program Files\PowerShell\Modules\SpeculationControl\1.0.1\SpeculationCont
> ol.psm1:122 char:16
> + $cpu = Get-WmiObject Win32_Processor
> + ~~~~~~~~~~~~~
> + CategoryInfo : ObjectNotFound: (Get-WmiObject:String) [], CommandNot
> oundException
> + FullyQualifiedErrorId : CommandNotFoundException
> 
> Umm. No idea. I might rather use older Powershell ?


Yeah, I had to update Powershell myself. I had the really old 2.0 version which didn't work for this.

You can Download 5.1 from https://www.microsoft.com/en-us/download/details.aspx?id=54616 if desired.

Thanks.


----------



## Offler

Quote:


> Originally Posted by *MysteryGuy*
> 
> Yeah, I had to update Powershell myself. I had the really old 2.0 version which didn't work for this.
> 
> You can Download 5.1 from https://www.microsoft.com/en-us/download/details.aspx?id=54616 if desired.
> 
> Thanks.


I downloaded 6.0.0 RC. But apparently the problem is that i dont have expected CPU (Phenom II here). Try this.
https://github.com/ionescu007/SpecuCheck/releases

This worked, and report if PCID is present.


----------



## Vlada011

Intel will try to profit from these advertising new architecture with bug fix.
But people who lose performance have everything they need to sue Intel if they want to disable HT or some big performance hit.
False advertising and desinofmration become reality.

Let's believe to Intel maybe performance loss is less than 4-5%.
But we will see.


----------



## JackCY

It's more like half the PCs worldwide won't even get patched and remain vulnerable. Intel is not gonna pay or exchange squat, they could if they were a responsible company but they are $ hoarders they will not unless 20 years later many courts finally decide they gotta pay up for their screw ups.
Performance optimizations by Intel... so fast... but insecure and shouldn't be done this way then. It's a design flaw they can only hope to get around by patching OSes, applications and everything that pretty much runs on this insecure "poorly" designed hardware.


----------



## MysteryGuy

Quote:


> Originally Posted by *Offler*
> 
> I downloaded 6.0.0 RC. But apparently the problem is that i dont have expected CPU (Phenom II here). Try this.
> https://github.com/ionescu007/SpecuCheck/releases
> 
> This worked, and report if PCID is present.


I tried version 1.03, and it seems to confirm that the PCID optimization is not enabled (under Windows 7) for my system.

Code:



Code:


SpecuCheck v1.0.3   --   Copyright(c) 2018 Alex Ionescu
https://ionescu007.github.io/SpecuCheck/  --  @aionescu
-------------------------------------------------------

Mitigations for CVE-2017-5754 [rogue data cache load]
-------------------------------------------------------
[-] Kernel VA Shadowing Enabled:                    yes
 ├───> with User Pages Marked Global:               yes
 ├───> with PCID Support:                            no
 └───> with INVPCID Support:                         no

Mitigations for CVE-2017-5715 [branch target injection]
-------------------------------------------------------
[-] Branch Prediction Mitigations Enabled:           no
 ├───> Disabled due to System Policy:                no
 └───> Disabled due to No Hardware Support:         yes
[-] CPU Supports Speculation Control MSR:            no
 └───> IBRS  Speculation Control MSR Enabled:        no
[-] CPU Supports Speculation Command MSR:            no
 └───> STIBP Speculation Command MSR Enabled:        no

So, it would seem that either their Windows 7 patch won't use PCID, or there is some restriction under Windows 7 that's not apparently present under Windows 10. (Since PCID shows enabled on the same hardware booted with Windows 10).


----------



## tpi2007

Quote:


> Originally Posted by *Offler*
> 
> Quote:
> 
> 
> 
> Originally Posted by *MysteryGuy*
> 
> Yeah, I had to update Powershell myself. I had the really old 2.0 version which didn't work for this.
> 
> You can Download 5.1 from https://www.microsoft.com/en-us/download/details.aspx?id=54616 if desired.
> 
> Thanks.
> 
> 
> 
> I downloaded 6.0.0 RC. But apparently the problem is that i dont have expected CPU (Phenom II here). Try this.
> https://github.com/ionescu007/SpecuCheck/releases
> 
> This worked, and report if PCID is present.
Click to expand...

PowerShell 5 comes with all sorts of associated stuff, such as remote management, and you're basically downloading the script from them with the first command. Why all the secret that you don't even get to see what the script is? At least they could make it local and provide a program like Alex did.

Btw, thanks for that. Rep+

Also, for a good, updated summary of the situation: https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-heres-what-intel-apple-microsoft-others-are-doing-about-it/

Apple admits that it's affected by Meltdown too, which is interesting. And Intel might be able to retrofit some Spectre mitigation in some later archs. Not clear which or whether the ones previous to that don't need it or can't have it or won't have it.


----------



## edwardm

Quote:


> Originally Posted by *aweir*
> 
> So then they both conspired to wait 23 years before releasing a fix? Something's just not adding up here.


backdoor


----------



## AlphaC

Quote:


> Originally Posted by *JackCY*
> 
> It's more like half the PCs worldwide won't even get patched and remain vulnerable. Intel is not gonna pay or exchange squat, they could if they were a responsible company but they are $ hoarders they will not unless 20 years later many courts finally decide they gotta pay up for their screw ups.
> Performance optimizations by Intel... so fast... but insecure and shouldn't be done this way then. It's a design flaw they can only hope to get around by patching OSes, applications and everything that pretty much runs on this insecure "poorly" designed hardware.


They'll pay for it in one way or another...

https://gizmodo.com/intel-hit-with-three-class-action-lawsuits-related-to-s-1821785936

WYATT MANN,
an Oregon consumer, individually and on behalf of all others,
v. INTEL
Case No. 6:18-cv-2
Quote:


> PRAYER FOR RELIEF
> Plaintiff seeks relief for himself and the proposed class as follows:
> A. Unless agreed upon by Intel, an order to preserve all sales records and sales data and documents and information (and electronically stored information) pertaining to this case,
> B. An order certifying this matter as a class action,
> C. Judgment against Intel for actual, statutory, and punitive damages, interest, and reimbursement of fees and costs,
> D. And other relief the Court deems necessary.


JASON JONES, on behalf of himself and all others similarly situated, Plaintiff, v.
INTEL CORPORATION
, Defendant. ) ) ) ) ) ) ) ) ) ) Civil No. 1:18-CV-00029
Quote:


> REQUEST FOR RELIEF
> A. Certification of the Class requested above and appointment of the Plaintiff as the Class Representatives and his counsel as Class Counsel;
> B. Awarding Plaintiff and Class members all proper measures of equitable monetary relief and damages, plus interest to which they are entitled;
> C. Awarding equitable, injunctive, and declaratory relief as the Court may deem just and proper, including restitution and restitutionary disgorgement;
> D. Awarding Plaintiff's reasonable costs and attorney's fees; and
> E. All other relief that the Court finds just and proper.


STEVEN P. GARCIA, and ANTHONY STACHOWIAK, individually and on behalf of all others similarly situated v. INTEL
Case 5:18-cv-00046
Quote:


> *PRAYER FOR RELIEF*
> WHEREFORE, Plaintiffs and all Class members pray for judgment against Defendant as follows: A.
> 
> Declaring this action to be a proper class action pursuant to Rule 23 of the Federal Rules of Civil Procedure; B.
> 
> Awarding Plaintiffs and Class members all proper measures of equitable monetary relief and damages (damages excluded at this time for violations of the CLRA), plus interest to which they are entitled; C.
> 
> Awarding equitable, injunctive, and declaratory relief as the Court may deem just and proper, including restitution and restitutionary disgorgement; D.
> 
> Awarding Plaintiffs' reasonable costs and attorney's fees; and E.
> 
> Granting such further and other relief this Court deems appropriate


----------



## Offler

Quote:


> Originally Posted by *tpi2007*
> 
> PowerShell 5 comes with all sorts of associated stuff, such as remote management, and you're basically downloading the script from them with the first command. Why all the secret that you don't even get to see what the script is? At least they could make it local and provide a program like Alex did.


Well, either PS 6RC has some issue, or my CPU is not on their radar (as GetObject Win32 failed.)

Edit: this is how looks specucheck.exe on Phenom II / Win7

Mitigations for CVE-2017-5754 [rogue data cache load]

[-] Kernel VA Shadowing Enabled: no
├───> with User Pages Marked Global: no
├───> with PCID Support: no
└───> with INVPCID Support: no

Mitigations for CVE-2017-5715 [branch target injection]

[-] Branch Prediction Mitigations Enabled: no
├───> Disabled due to System Policy: no
└───> Disabled due to No Hardware Support: yes
[-] CPU Supports Speculation Control MSR: no
└───> IBRS Speculation Control MSR Enabled: no
[-] CPU Supports Speculation Command MSR: no
└───> STIBP Speculation Command MSR Enabled: no

Without last Win security patch, it wont run at all, but as you see its not enabling any of the security for Meltdown.


----------



## RiverOfIce

Quote:


> Originally Posted by *AlphaC*
> 
> They'll pay for it in one way or another...
> 
> https://gizmodo.com/intel-hit-with-three-class-action-lawsuits-related-to-s-1821785936
> 
> WYATT MANN,
> an Oregon consumer, individually and on behalf of all others,
> v. INTEL
> Case No. 6:18-cv-2
> JASON JONES, on behalf of himself and all others similarly situated, Plaintiff, v.
> INTEL CORPORATION
> , Defendant. ) ) ) ) ) ) ) ) ) ) Civil No. 1:18-CV-00029
> STEVEN P. GARCIA, and ANTHONY STACHOWIAK, individually and on behalf of all others similarly situated v. INTEL
> Case 5:18-cv-00046


It will get tossed in the first few hearing. Show me where intel promised performance?


----------



## RiverOfIce

Quote:


> Originally Posted by *JackCY*
> 
> It's more like half the PCs worldwide won't even get patched and remain vulnerable. Intel is not gonna pay or exchange squat, they could if they were a responsible company but they are $ hoarders they will not unless 20 years later many courts finally decide they gotta pay up for their screw ups.
> Performance optimizations by Intel... so fast... but insecure and shouldn't be done this way then. It's a design flaw they can only hope to get around by patching OSes, applications and everything that pretty much runs on this insecure "poorly" designed hardware.


If you really think that, why do you own their products?


----------



## orlfman

https://np.reddit.com/r/pcmasterrace/comments/7obokl/performance_impact_of_windows_patch_and_bios/

some performance benchmarks coming in after the intel microcode patch... performance appears to be worse with the microcode update.


----------



## Kand

Quote:


> Originally Posted by *orlfman*
> 
> 
> https://np.reddit.com/r/pcmasterrace/comments/7obokl/performance_impact_of_windows_patch_and_bios/
> 
> some performance benchmarks coming in after the intel microcode patch... performance appears to be worse with the microcode update.


Looks worse in some cases but better in others. Take note he put up a rotr benchmark and minfps is up.


----------



## orlfman

Quote:


> Originally Posted by *Kand*
> 
> Looks worse in some cases but better in others. Take note he put up a rotr benchmark and minfps is up.


Quote:


> Unpatched:
> 
> Mountain Peak: 131.48 FPS (*min: 81.19* max: 197.02)
> Syria: 101.99 FPS (*min: 62.73*, max: 122.24)
> Geothermal Valley: 98.93 FPS (*min:76.48*, max: 117.00)
> Overall score: 111.31 FPS
> 
> Windows patch only:
> 
> Mountain Peak: 135.34 FPS (*min: 38.21* max: 212.84)
> Syria: 102.54 FPS (*min: 44.22*, max: 144.03)
> Geothermal Valley: 96.36 FPS (*min:41.35*, max: 148.46)
> Overall score: 111.93 FPS
> 
> Windows patch and BIOS update:
> 
> Mountain Peak: 134.01 FPS (*min: 59.91* max: 216.16)
> Syria: 101.68 FPS (*min: 38.95*, max: 143.44)
> Geothermal Valley: 97.55 FPS (*min:46.18*, max: 143.97)
> Overall score: 111.62 FPS


those minimums though. max went up, but mins went down. it helped balanced out to keep the average the same... but those drops... ouch did they take a hit.


----------



## tpi2007

Quote:


> Originally Posted by *orlfman*
> 
> 
> 
> Spoiler: Warning: Spoiler!
> 
> 
> 
> 
> 
> 
> https://np.reddit.com/r/pcmasterrace/comments/7obokl/performance_impact_of_windows_patch_and_bios/
> 
> some performance benchmarks coming in after the intel microcode patch... performance appears to be worse with the microcode update.


That's what I was thinking about yesterday on doing benchmarks before the microcode was out; we weren't getting the full picture (still useful as a middle step though).

It should be interesting to see if this is a BIOS implementation problem or the microcode is that bad overall, independent of vendor.

Quote:


> Originally Posted by *Kand*
> 
> Looks worse in some cases but better in others. Take note he put up a rotr benchmark and minfps is up.


RoTR is an unreliable benchmark. It's all up and down depending on areas. I'm waiting for other games.


----------



## MysteryGuy

Quote:


> Originally Posted by *Offler*
> 
> ...
> Without last Win security patch, it wont run at all, but as you see its not enabling any of the security for Meltdown.


Which is a good thing as I understand it. My understanding is that the AMD processors aren't vulnerable to the 'Meltdown' bug, so no need to slow them down with the 'fix'.

I was under the impression that they may still suffer from the other two (Spectre?) issues though.


----------



## tpi2007

Quote:


> Originally Posted by *Offler*
> 
> Edit: this is how looks specucheck.exe on Phenom II / Win7
> 
> Mitigations for CVE-2017-5754 [rogue data cache load]
> 
> [-] Kernel VA Shadowing Enabled: no
> ├───> with User Pages Marked Global: no
> ├───> with PCID Support: no
> └───> with INVPCID Support: no
> 
> Mitigations for CVE-2017-5715 [branch target injection]
> 
> [-] Branch Prediction Mitigations Enabled: no
> ├───> Disabled due to System Policy: no
> └───> Disabled due to No Hardware Support: yes
> [-] CPU Supports Speculation Control MSR: no
> └───> IBRS Speculation Control MSR Enabled: no
> [-] CPU Supports Speculation Command MSR: no
> └───> STIBP Speculation Command MSR Enabled: no
> 
> Without last Win security patch, it wont run at all, but as you see its not enabling any of the security for Meltdown.


The first one is the Meltdown; we still don't know if Phenom CPUs are affected or not and the program probably isn't checking for that. Having it not enabled may be a bad or a good thing, depending on whether it needs it or not.


----------



## RiverOfIce

Quote:


> Originally Posted by *MysteryGuy*
> 
> Which is a good thing as I understand it. My understanding is that the AMD processors aren't vulnerable to the 'Meltdown' bug, so no need to slow them down with the 'fix'.
> 
> I was under the impression that they may still suffer from the other two (Spectre?) issues though.


According to the white papers on meltdown, AMD could be vulnerable to Meltdown. According to AMD PR, they are not. On meltdown, the first part did work on AMD. The attack, according to the meltdown paper, did not fully succeed on AMD. But the researchers did not saying AMD was not vulnerable, they said that they could not get the full attack to work.

Meltdown works in two parts. The first part is to get the CPU to read out of bounds. Both AMD and INTEL read out of bounds. The second part is reporting back on what it read. The attackers could not get AMD to do it. But they did get intel to do it. They specifically stated in the meltdown paper, they believed that AMD was vulnerable but their attack was not good enough to get it to work.

Now you can just believe PR and say AMD is not vulnerable. But if you that why don't you believe INTEL PR stating that there will be zero performance decrease in 6 months?

According to the meltdown paper, AMD might not be out of the woods on meltdown attacks.


----------



## pokerapar88

I tried the update with my i7 and, at best, there 2% difference in performance. Negligible. I don't know where they invented that 30% performance loss from.


----------



## Offler

Quote:


> Originally Posted by *RiverOfIce*
> 
> According to the white papers on meltdown, AMD could be vulnerable to Meltdown. According to AMD PR, they are not. On meltdown, the first part did work on AMD. The attack, according to the meltdown paper, did not fully succeed on AMD. But the researchers did not saying AMD was not vulnerable, they said that they could not get the full attack to work.
> 
> Meltdown works in two parts. The first part is to get the CPU to read out of bounds. Both AMD and INTEL read out of bounds. The second part is reporting back on what it read. The attackers could not get AMD to do it. But they did get intel to do it. They specifically stated in the meltdown paper, they believed that AMD was vulnerable but their attack was not good enough to get it to work.
> 
> Now you can just believe PR and say AMD is not vulnerable. But if you that why don't you believe INTEL PR stating that there will be zero performance decrease in 6 months?
> 
> According to the meltdown paper, AMD might not be out of the woods on meltdown attacks.


The first part you are referring to, is actually Specter (the toy example). The second part is Meltdown... So no, its not working on AMD, atm .
Quote:


> Originally Posted by *tpi2007*
> 
> The first one is the Meltdown; we still don't know if Phenom CPUs are affected or not and the program probably isn't checking for that. Having it not enabled may be a bad or a good thing, depending on whether it needs it or not.


Its a good thing, atm. No performance impact. If there would be a microcode available for me, some performance loss is expected.
Quote:


> Originally Posted by *pokerapar88*
> 
> I tried the update with my i7 and, at best, there 2% difference in performance. Negligible. I don't know where they invented that 30% performance loss from.


its up to 30% for I/O operations. That affects databases, servers,... Not that much desktops.


----------



## RiverOfIce

Quote:


> Originally Posted by *Offler*
> 
> The first part you are referring to, is actually Specter. The second part is Meltdown... So no, its not working on AMD, atm .
> Its a good thing, atm. No performance impact. If there would be a microcode available for me, some performance loss is expected.


At no point am I talking about spectre. I am only talking about meltdown. Spectre is a different bug. I am only talking about meltdown. At no point am I talking about spectre. I don't know how many times I need to repeat this.
Quote:


> Originally Posted by *pokerapar88*
> 
> I tried the update with my i7 and, at best, there 2% difference in performance. Negligible. I don't know where they invented that 30% performance loss from.


Did you update your bios?


----------



## Offler

Quote:


> Originally Posted by *RiverOfIce*
> 
> At no point am I talking about spectre. I am only talking about meltdown. Spectre is a different bug. I am only talking about meltdown. At no point am I talking about spectre. I don't know how many times I need to repeat this.


You maybe dont, but Meltdown whitepaper actually DO, and thats what is the reference about Toy example. So I will repeat it once again - Meltdown on AMD HAS NOT BEEN DEMOSTRATED.

People who came with the attack told that they dont know why it does not work on AMD, and they refer to possible architectural differences between AMD and Intel CPUs.

I am not saying that AMD is safe, because there is thousand of security issues we are not aware of.. But stop referring to AMD as possibly one day vulnerable to Meltdown because it is NOT.


----------



## RiverOfIce

Quote:


> Originally Posted by *pokerapar88*
> 
> I tried the update with my i7 and, at best, there 2% difference in performance. Negligible. I don't know where they invented that 30% performance loss from.


Quote:


> Originally Posted by *Offler*
> 
> You maybe dont, but Meltdown whitepaper actually DO, and thats what is the reference about Toy example. So I will repeat it once again - Meltdown on AMD HAS NOT BEEN DEMOSTRATED.
> 
> People who came with the attack told that they dont know why it does not work on AMD, and they refer to possible architectural differences between AMD and Intel CPUs.
> 
> I am not saying that AMD is safe, because there is thousand of security issues we are not aware of.. But stop referring to AMD as possibly one day vulnerable to Meltdown because it is NOT.


Quote:


> Originally Posted by *Offler*
> 
> You maybe dont, but Meltdown whitepaper actually DO, and thats what is the reference about Toy example. So I will repeat it once again - Meltdown on AMD HAS NOT BEEN DEMOSTRATED.
> 
> People who came with the attack told that they dont know why it does not work on AMD, and they refer to possible architectural differences between AMD and Intel CPUs.
> 
> I am not saying that AMD is safe, because there is thousand of security issues we are not aware of.. But stop referring to AMD as possibly one day vulnerable to Meltdown because it is NOT.


I am tired of this. It has not be demonstrated. But it may not be immune to it. You only have AMD PR saying it is not. AMD has not released a single whitepaper on this subject. Just a PR statement. I always side on the side of caution. The first part of meltdown worked on AMD. It is not hard to imagine the second would not work with a more refined attacked. You have zero proof it is not.

I am telling people to be careful about their security. You are just being a fanboy that is towing the PR line. And for the record, proving you have not read the white papers, the toy example has NOTHING to do with meltdown.


----------



## Offler

I am not going to leave you any wiggle room. It either has been demonstrated or not.

Anything else is "maybe", "possibly" and trust me everyone is aware about possible vulnerabilities. But to make them real, you either demostrate it, or its not considered as a fact.


----------



## orlfman

Quote:


> Originally Posted by *RiverOfIce*
> 
> I am tired of this. It has not be demonstrated. But it may not be immune to it. You only have AMD PR saying it is not. AMD has not released a single whitepaper on this subject. Just a PR statement. I always side on the side of caution. The first part of meltdown worked on AMD. It is not hard to imagine the second would not work with a more refined attacked. You have zero proof it is not.
> 
> I am telling people to be careful about their security. You are just being a fanboy that is towing the PR line. And for the record, proving you have not read the white papers, the toy example has NOTHING to do with meltdown.


for those curious, this is what they wrote about amd / arm in their white paper on meltdown:
Quote:


> Limitations on ARM and AMD
> We also tried to reproduce the Meltdown bug on several ARM and AMD CPUs. However, we did not manage to successfully leak kernel memory with the attack described in Section 5, neither on ARM nor on AMD. The reasons for this can be manifold. First of all, our implementation might simply be too slow and a more optimized version might succeed. For instance, a more shallow out-of-order execution pipeline could tip the race condition towards against the data leakage. Similarly, if the processor lacks certain features, e.g., no re-order buffer, our current implementation might not be able to leak data. However, for both ARM and AMD, the toy example as described in Section 3 works reliably, indicating that out-of-order execution generally occurs and instructions past illegal memory accesses are also performed.


found here

edit:
this is what an amd engineer stated to linux mailing dev's as to why meltdown doesn't work:
Quote:


> AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against. The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault.


source

so i guess with the way the meltdown exploit works, it fails on amd hardware because amd lacks allowing memory references that access higher privileged data when running in a lower privilege mode. I'm sure people are working hard as we speak to find an exploit that could work similar to meltdown on amd hardware though.


----------



## KyadCK

Quote:


> Originally Posted by *RiverOfIce*
> 
> Quote:
> 
> 
> 
> Originally Posted by *pokerapar88*
> 
> I tried the update with my i7 and, at best, there 2% difference in performance. Negligible. I don't know where they invented that 30% performance loss from.
> 
> 
> 
> Quote:
> 
> 
> 
> Originally Posted by *Offler*
> 
> You maybe dont, but Meltdown whitepaper actually DO, and thats what is the reference about Toy example. So I will repeat it once again - Meltdown on AMD HAS NOT BEEN DEMOSTRATED.
> 
> People who came with the attack told that they dont know why it does not work on AMD, and they refer to possible architectural differences between AMD and Intel CPUs.
> 
> I am not saying that AMD is safe, because there is thousand of security issues we are not aware of.. But stop referring to AMD as possibly one day vulnerable to Meltdown because it is NOT.
> 
> Click to expand...
> 
> Quote:
> 
> 
> 
> Originally Posted by *Offler*
> 
> You maybe dont, but Meltdown whitepaper actually DO, and thats what is the reference about Toy example. So I will repeat it once again - Meltdown on AMD HAS NOT BEEN DEMOSTRATED.
> 
> People who came with the attack told that they dont know why it does not work on AMD, and they refer to possible architectural differences between AMD and Intel CPUs.
> 
> I am not saying that AMD is safe, because there is thousand of security issues we are not aware of.. But stop referring to AMD as possibly one day vulnerable to Meltdown because it is NOT.
> 
> Click to expand...
> 
> I am tired of this. It has not be demonstrated. But it may not be immune to it. You only have AMD PR saying it is not. AMD has not released a single whitepaper on this subject. Just a PR statement. I always side on the side of caution. The first part of meltdown worked on AMD. It is not hard to imagine the second would not work with a more refined attacked. *You have zero proof it is not.*
> 
> I am telling people to be careful about their security. You are just being a fanboy that is towing the PR line. And for the record, proving you have not read the white papers, the toy example has NOTHING to do with meltdown.
Click to expand...

You have zero proof that it does.

In the mean time, Meltdown does not work on AMD. If they find AMD to be vulnerable to a different tactic, they will give it a different name, like they did for Spectre. It will not be bunched in with Meltdown, because Meltdown does not work.


----------



## Offler

Quote:


> Originally Posted by *orlfman*
> 
> for those curious, this is what they wrote about amd / arm in their white paper on meltdown:
> found here


Memory leakage described there is actually variation of Specter. Prime reason why is possible to leak the data or even modify them is that they hang in cache for far too long. If the specifications for the branch buffers (or other buffers within CPUs) is implemented properly, buffer shoujld be erased immediatelly after it was read.

Among the possible reasons why it does not work... Shorter branch misprediction penalty (performance loss) on AMD cores = less time for data to stay in cache, less instructions in queue compared to Intels, probably smaller prediction branch buffers, which are being cleared earlier or more properly. We speak of few microseconds between sending an instruction to leak the data, and instruction to get cache dump. CISC vs RISC...

They had about one year to optimize the code.

Funny thing on AMD FX CPUs is that L1 cache is shared by 2 physical cores, so the data stored here have to be flushed 2x faster compared to other more conservative CPU designs.

So even if the speculative prediction is applied, and instruction will cause to leak the data to cache, you are on timer of few microseconds until the buffer is re-used again, or cleared.

if the branch prediction buffer is implemented as required by specifications, system should read the data clear the buffer, consider them to be correct prediction or misprediction, all in "one operation" before any other instruction from queue will get to be executed. In that case would be CPU almost immune to this type of leakage. Instruction will work, but you will never had a chance to fetch the data.


----------



## orlfman

here is another gaming benchmark done by another user: https://www.reddit.com/r/pcgaming/comments/7o2ctw/benchmarked_intel_security_patch_impact_on/


----------



## Mysticial

Quote:


> Originally Posted by *Offler*
> 
> if the branch prediction buffer is implemented as required by specifications, system should read the data clear the buffer, consider them to be correct prediction or misprediction, all in "one operation" *before any other instruction from queue will get to be executed*. In that case would be CPU almost immune to this type of leakage. Instruction will work, but you will never had a chance to fetch the data.


If I'm reading that correctly, that's the same as no speculation and no out-of-order execution at all. Yes, that will definitely make the CPU immune to these attacks, but it'll also make them 10x slower.


----------



## yamnakshatriya

Yah this is going back for return. Tried Cinebench and with the same settings the score dropped 400 points.


----------



## Dimaggio1103

For all those trying to save face because they own an Intel CPU. Just stop. AMD is not just as vulnerable as Intel for the main immediate concern and that's Meltdown. This exploit has been demonstrated numberous times learn to use google and Youtube. Ryzen is physically protected against meltdown. Period. The lesser known and used specter affects all but has almost no applicability currently. This is not a equally shared problem. This is an Intel problem as far as meltdown is concerned as only 2 Outdated AMD CPUs are vulnerable. Both being bulldozer arch.

Now if you actually pay attention and see how registers and cache work you will see this had to be overlooked intentionally. Now take into account Intel CEO dumped stock prior to this news breaking. Another overlooked area is m.2 nvme drives. Stop trying to state thing like AMD is the one who messed things up. Nobody who understands this truly will ever buy the crap your selling.


----------



## Offler

Quote:


> Originally Posted by *Mysticial*
> 
> If I'm reading that correctly, that's the same as no speculation and no out-of-order execution at all. Yes, that will definitely make the CPU immune to these attacks, but it'll also make them 10x slower.


Not exactly

In theory...

Longest time for data to be kept stored in branch buffer is after they are fetched, until the buffer is re-used again by branch predictor and populated with new data.

Shortest time is after they are fetched, until the instruction which requires them is executed. Its expected that when buffer is read, and automatically erased.

First scenario makes the leak highly possible. Second almost impossible, unless you manage to perform speculative execution and buffer dump instruction one after another


----------



## SkiesOfAzel

Quote:


> Originally Posted by *RiverOfIce*
> 
> I am tired of this. It has not be demonstrated. But it may not be immune to it. You only have AMD PR saying it is not. AMD has not released a single whitepaper on this subject. Just a PR statement. I always side on the side of caution.


I am tired of this. I keep warning people that my i7 is going to become sentient and take over the world and they tell me It has not be demonstrated. But it may not be immune to it. You only have Intel PR saying it is not. Intel has not released a single whitepaper on this subject. Just a PR statement. I always side on the side of caution. Start stacking on canned foods and toilet paper people, the end is nigh!!!

Quote:


> Originally Posted by *RiverOfIce*
> 
> The first part of meltdown worked on AMD.


Do you even understand what this exploit is? If your cpu architecture supports branch prediction, it will predicatively bring data to the cache and sometimes those predictions will miss, what matters is access to that cache.

There of course could be a yet to be discovered vulnerability that works on AMD's branch prediction, but that's not meltdown.


----------



## yamnakshatriya

Quote:


> Originally Posted by *Dimaggio1103*
> 
> For all those trying to save face because they own an Intel CPU. Just stop. AMD is not just as vulnerable as Intel for the main immediate concern and that's Meltdown. This exploit has been demonstrated numberous times learn to use google and Youtube. Ryzen is physically protected against meltdown. Period. The lesser known and used specter affects all but has almost no applicability currently. This is not a equally shared problem. This is an Intel problem as far as meltdown is concerned as only 2 Outdated AMD CPUs are vulnerable. Both being bulldozer arch.
> 
> Now if you actually pay attention and see how registers and cache work you will see this had to be overlooked intentionally. Now take into account Intel CEO dumped stock prior to this news breaking. Another overlooked area is m.2 nvme drives. Stop trying to state thing like AMD is the one who messed things up. Nobody who understands this truly will ever buy the crap your selling.


I looked into it. Man, this is disgusting. It almost seems like a takedown of Intel.


----------



## Mysticial

Quote:


> Originally Posted by *Offler*
> 
> Not exactly
> 
> In theory...
> 
> Longest time for data to be kept stored in branch buffer is after they are fetched, until the buffer is re-used again by branch predictor and populated with new data.
> 
> Shortest time is after they are fetched, until the instruction which requires them is executed. Its expected that when buffer is read, and automatically erased.


Unfortunately, it's not that simple. There isn't a single entry that determines how a branch will be predicted. There's an entire history of the branch's past behavior that goes into the equation. If you were to wipe the state of the branch predictor for a branch every time it is executed, you won't be able to reliably predict it the next time you get to the branch - thus eliminating any performance benefit of branch prediction itself.

The other problem is that branch history information is often used for more than just one branch. So wiping information for one branch after it is used will affect any correlating predictors for other branches.

Quote:


> First scenario makes the leak highly possible. Second almost impossible, unless you manage to perform speculative execution and buffer dump instruction one after another


This scenario that you describe isn't impossible. If branch histories are direct-mapped or have low associativity, you can evict it very quickly by executing a second branch that maps to the same "way". But I don't think Intel releases this level of detail on their branch predictors so we won't know if this approach is viable without testing it.


----------



## pas008

can someone tell me why ryzen pro exists with tsme?

in this article states
provides os and application independant dram encryption without requiring software modification
https://www.anandtech.com/show/11591/amd-launches-ryzen-pro-cpus-enhanced-security-longer-warranty-better-quality
so are they saying ryzen has this vulnerability but not ryzen pro?


----------



## zeall0rd

Microcode affects performance detrimentally with Windows Kernel Patches (equivalent to KPTI and IBRS) disabled :confirmed.

https://www.reddit.com/r/pcmasterrace/comments/7obokl/performance_impact_of_windows_patch_and_bios/?sort=new

Thank you again, Perseiii


----------



## aweir

Quote:


> Originally Posted by *RiverOfIce*
> 
> It will get tossed in the first few hearing. Show me where intel promised performance?


This is not about performance. This is about a critical security flaw that went unpatched for 23 years.


----------



## Jpmboy

Quote:


> Originally Posted by *azanimefan*
> 
> Yes, he got a prior sale order to sell all but 250,000 shares he owns in Intel (he sold 680,000 shares). Intel requires him to own 250,000 shares in order to remain CEO of the company. So he completely divested his holding in Intel. Selling not just his current shares, but his stock options as well.
> 
> However. And this is the main key. He learned about this vulnerability in MAY 2017. The NDA was for JAN 2018. He sold his stocks in October 30th. 90 days prior to 10/30 was 8/2. He knew about the security flaw at the time he filed to sell ALL the Intel stock he could sell and remain Intel CEO. FYI, there already have been calls for an investigation into those sales to the SEC. By the way he netted a cold 36 mil from the sale.
> On windows pcs the bug ONLY affects Intel. On Linux one version of Spector affects AMD only if one feature in the bios is turned off (it's on by default).
> 
> I'd say the press keeping it simple and saying it affects Intel only is close enough to the truth, considering what needs to happen to make AMD vulnerable. Furthermore both a software fix (in Linux) or a bios patch can fix the AMD issue; and that AMD issue doesn't even work in windows. Nothing can fix Intel's vulnerability to Specter, and the only known fix for Meltdown hit's Intel's performance up to 30% in high I/O call environments (such as running a SQL database).


c'mon dude. you can;t be serious. But if you are, file a complaint with the SEC.


----------



## OutlawII

This a bad situation but i think alot of the AMD fanbois are getting a little carried away


----------



## tpi2007

Quote:


> Originally Posted by *orlfman*
> 
> here is another gaming benchmark done by another user: https://www.reddit.com/r/pcgaming/comments/7o2ctw/benchmarked_intel_security_patch_impact_on/
> 
> 
> Spoiler: Warning: Spoiler!


And that's before patched GPU drivers are released. Nvidia already announced one for next week:

http://nvidia.custhelp.com/app/answers/detail/a_id/4611


----------



## zeall0rd

Quote:


> Originally Posted by *tpi2007*
> 
> And that's before patched GPU drivers are released. Nvidia already announced one for next week:
> 
> http://nvidia.custhelp.com/app/answers/detail/a_id/4611


Oh please no. PLEASE no. I can avoid microcode updates. I can disable those kernel patches. But avoiding nvidia drivers ? oh man.


----------



## OutlawII

One other thing i find interesting about all of this is why hasnt this been exploited by a hacker yet?


----------



## tpi2007

Quote:


> Originally Posted by *OutlawII*
> 
> One other thing i find interesting about all of this is why hasnt this been exploited by a hacker yet?


You don't know. All companies are saying that they have no information on this, but what I've read is that it's impossible to know as the exploit leaves no traces.
Quote:


> Can I detect if someone has exploited Meltdown or Spectre against me?
> 
> Probably not. The exploitation does not leave any traces in traditional log files.


https://spectreattack.com/

It's curious why so many people in different institutions were working on this. Word is they thought one of the big hacks could have only been achieved in this way.


----------



## yamnakshatriya

Quote:


> Originally Posted by *OutlawII*
> 
> This a bad situation but i think alot of the AMD fanbois are getting a little carried away


I don't think so tbh. I built my first computer recently and looked at the situation with an open mind. I had chosen the 8700k because it was better in all respects except multicore. Now it's the same in all respects, worse in multicore and! more expensive. Furthermore, security will have to be patched constantly, meaning there will be a backdoor sometimes open.

Furthermore, behaviour by the CEO confirms the worst possible viewpoint. Intel's own CEO lost faith in his company and timed it in a way to maximise his own profits. Even if the performance does improve in 6 months - do I want to deal with such a company?


----------



## Griefs

Intel CEO sold stock 21 times in 2017 and 18 times in 2016


----------



## Pro3ootector

And You know what PPl? This is the time when both chips should be used in one motherboard in a security critical systems. One can detect a potential security thread when other can't.


----------



## KarathKasun

Quote:


> Originally Posted by *Griefs*
> 
> Intel CEO sold stock 21 times in 2017 and 18 times in 2016


Intel has known since 2016 when an independent researcher reported this to them.


----------



## tpi2007

In other news, Windows Update for Windows 7 just delivered the Monthly Rollup for January:

https://support.microsoft.com/en-us/help/4056894/windows-7-update-kb4056894

Patch Tuesday just became Patch-the-Friday-before-instead.

It's logical, after all they made the security only updates available yesterday (here), but just goes to show that the Meltdown fix is something that can't wait.


----------



## Griefs

Quote:


> Originally Posted by *KarathKasun*
> 
> Intel has known since 2016 when an independent researcher reported this to them.


Actually, it was June, 2017:

"Intel's Walker confirmed that security analysts informed the company in June of the security holes in its PC and phone microchips."

http://money.cnn.com/2018/01/04/technology/business/brian-krzanich-intel-shares/


----------



## Ganf

Quote:


> Originally Posted by *tpi2007*
> 
> In other news, Windows Update for Windows 7 just delivered the Monthly Rollup for January:
> 
> https://support.microsoft.com/en-us/help/4056894/windows-7-update-kb4056894
> 
> Patch Tuesday just became Patch-the-Friday-before-instead.
> 
> It's logical, after all they made the security only updates available yesterday (here), but just goes to show that the Meltdown fix is something that can't wait.


Yeah, great. Just came home to find my PC hard crashed and shut down after windows updated itself even though I have automatic updates turned off and locked in the basement.

I'm thrilled.


----------



## OutlawII

Quote:


> Originally Posted by *Griefs*
> 
> Intel CEO sold stock 21 times in 2017 and 18 times in 2016


OMG he knew it all along lol So when did AMD ceo find out...


----------



## JackCY

Quote:


> Originally Posted by *OutlawII*
> 
> One other thing i find interesting about all of this is why hasnt this been exploited by a hacker yet?


A while it has been IMHO, you've never heard of breaking out of VMs and gain control over the host machine? Aren't these published vulnerabilities and patches for that as well?
The best stuff is kept secret for as long as possible so it doesn't get patched. Maybe they found something better and leaked this out XD


----------



## KarathKasun

Quote:


> Originally Posted by *Griefs*
> 
> Actually, it was June, 2017:
> 
> "Intel's Walker confirmed that security analysts informed the company in June of the security holes in its PC and phone microchips."
> 
> http://money.cnn.com/2018/01/04/technology/business/brian-krzanich-intel-shares/


Linux kernel devs knew before that and tried to inform Intel about it. They were rewarded with boilerplate corporate responses.

It took Google, a client, informing them before they acknowledged it.


----------



## pas008

Quote:


> Originally Posted by *KarathKasun*
> 
> Linux kernel devs knew before that and tried to inform Intel about it. They were rewarded with boilerplate corporate responses.
> 
> It took Google, a client, informing them before they acknowledged it.


link?


----------



## Offler

Quote:


> Originally Posted by *KarathKasun*
> 
> Linux kernel devs knew before that and tried to inform Intel about it. They were rewarded with boilerplate corporate responses.
> 
> It took Google, a client, informing them before they acknowledged it.


Quote:


> Originally Posted by *pas008*
> 
> link?


not exactly what was asked for but there must be something important about it, to make Linus Torvalds so angry.
https://lkml.org/lkml/2018/1/3/797


----------



## KarathKasun

Quote:


> Originally Posted by *pas008*
> 
> link?


This is part of it... trying to track down the other thread/email.

https://news.ycombinator.com/item?id=16059635


----------



## KarathKasun

Cant find it now, though there is proof that Intel was aware in June 2017.

http://www.businessinsider.com/intel-ceo-krzanich-sold-shares-after-company-was-informed-of-chip-flaw-2018-1


----------



## Griefs

Quote:


> Originally Posted by *KarathKasun*
> 
> Cant find it now, though there is proof that Intel was aware in June 2017.
> 
> http://www.businessinsider.com/intel-ceo-krzanich-sold-shares-after-company-was-informed-of-chip-flaw-2018-1


That's what I said (and you corrected me on)


----------



## iamjanco

Perhaps relevant to some:

*Why Intel's 2015 CPU bugs should make us expect worse bugs in the future*

An excerpt from that link follows:
Quote:


> *Meltdown / spectre update*
> 
> This is an interesting class of attack that takes advantage of speculative execution plus side channel attacks to leak privileged information into user processes. It seems that at least some of these attacks be done from javascript in the browser.
> 
> Regarding the comments in the first couple updates on Intel's attitude towards validation recently, another person claiming to be ex-Intel backs up the statements above:
> 
> _As a former Intel employee this aligns closely with my experience. I didn't work in validation (actually joined as part of Altera) but velocity is an absolute buzzword and the senior management's approach to complex challenges is sheer panic. Slips in schedules are not tolerated at all - so problems in validation are an existential threat, your project can easily just be canned. Also, because of the size of the company the ways in which quality and completeness are 'acheived' is hugely bureaucratic and rarely reflect true engineering fundamentals_.


----------



## Offler

Quote:


> Originally Posted by *iamjanco*
> 
> Also, because of the size of the company the ways in which quality and completeness are 'acheived' is hugely bureaucratic and rarely reflect true engineering fundamentals.


This is common for many IT companies. Bureoucracy gets priority over technical steps.


----------



## cekim

Quote:


> Originally Posted by *iamjanco*
> 
> Perhaps relevant to some:
> 
> *Why Intel's 2015 CPU bugs should make us expect worse bugs in the future*
> 
> An excerpt from that link follows:


Yeah, as time goes on, I'm more and more convinced we need a paradigm shift to stop this... There will ALWAYS be exploits.


----------



## guttheslayer

Now we see if Intel will give us another garbage like 7740X or charge us $2000 for their high end CPU.


----------



## cekim

Quote:


> Originally Posted by *guttheslayer*
> 
> Now we see if Intel will give us another garbage like 7740X or charge us $2000 for their high end CPU.


One can only hope lol....
Or if AMD stagnates for 7 years after a leap forward?

The CPU industry has been simultaneously amazing and forehead smashing frustrating.... It's not _all_ their fault - MSFT played a huge role as gate-keeper of viable CPUs.


----------



## iamjanco

Quote:


> Originally Posted by *cekim*
> 
> One can only hope lol....
> Or if AMD stagnates for 7 years after a leap forward?
> 
> The CPU industry has been simultaneously amazing and forehead smashing frustrating.... It's not _all_ their fault - MSFT played a huge role as gate-keeper of viable CPUs.


I suspect the real bottom line has been and currently is the almighty dollar (or yen, yuan, euro, pound, choose your poison). The stock market's doing so great one can only wonder when (not if) the bubble is going to burst. Little people like me (and perhaps you as well as others) can choose to play the game as well (or not), while attempting to squeeze whatever out of the fruits of our labor (regardless of what that amounts to, even if little more than overclocked cpus, pretty builds, and top benchmarks).


----------



## KyadCK

Quote:


> Originally Posted by *OutlawII*
> 
> One other thing i find interesting about all of this is why hasnt this been exploited by a hacker yet?


No one says it hasn't. They leave literally no trace.
Quote:


> Originally Posted by *Pro3ootector*
> 
> And You know what PPl? This is the time when both chips should be used in one motherboard in a security critical systems. One can detect a potential security thread when other can't.


This one is completely undetectable to both. It just happens to work easier on one.

Either way QPI and IF are incompatible, so it won't happen.


----------



## cekim

Quote:


> Originally Posted by *iamjanco*
> 
> I suspect the real bottom line has been and currently is the almighty dollar (or yen, yuan, euro, pound, choose your poison). The stock market's doing so great one can only wonder when (not if) the bubble is going to burst. Little people like me (and perhaps you as well as others) can choose to play the game as well (or not), while attempting to squeeze whatever out of the fruits of our labor (regardless of what that amounts to, even if little more than overclocked cpus, pretty builds, and top benchmarks).


as I've mentioned, I have the luxury or partitioning outward facing and inner computers and configuring them with wildly different levels of security. So, I will very much ignore this issue for some of my machines and actively avoid the performance crippling patches (which BTW, may require you to avoid a uCode update from what I've seen so far).

Of course anything that runs a browser (and an email client) is outward facing...

I treat my gaming machine as if its infected. I don't have email on there at all. I avoid logging into banking and other on there as well.

People piss and moan about dollars and greed, but those are what drive innovation. Currency is just a store of value - it is not evil by itself, in fact it has some profound upside. The issue is deception and malice.

Deception of a hardware vendor claimed something was secure that wasn't or knew of exploits and ignored them.

Malice of the people exploiting these things who we are failing to address as a global species. We are going to have to address this in the near future or else the internet will become too dangerous for the layman to use. That includes government actors (ours or theirs). It needs to hurt to hurt other people or those without principles will do it if they can profit.

Good people have to make sure that it hurts for bad people to hurt them. Thicker doors, bigger locks (and their cpu equivalent) are ultimately just delays to malice and I have not seen recognition of that yet. So, we continue deluding ourselves that we can even build secure CPUs and OSes to avoid addressing the problem of those that are exploiting us.


----------



## iamjanco

Quote:


> Originally Posted by *cekim*
> 
> as I've mentioned, I have the luxury or partitioning outward facing and inner computers and configuring them with wildly different levels of security. So, I will very much ignore this issue for some of my machines and actively avoid the performance crippling patches (which BTW, may require you to avoid a uCode update from what I've seen so far).
> 
> Of course anything that runs a browser (and an email client) is outward facing...
> 
> I treat my gaming machine as if its infected. I don't have email on there at all. I avoid logging into banking and other on there as well.
> 
> People piss and moan about dollars and greed, but those are what drive innovation. Currency is just a store of value - it is not evil by itself, in fact it has some profound upside. The issue is deception and malice.
> 
> Deception of a hardware vendor claimed something was secure that wasn't or knew of exploits and ignored them.
> 
> Malice of the people exploiting these things who we are failing to address as a global species. We are going to have to address this in the near future or else the internet will become too dangerous for the layman to use. That includes government actors (ours or theirs). It needs to hurt to hurt other people or those without principles will do it if they can profit.
> 
> Good people have to make sure that it hurts for bad people to hurt them. Thicker doors, bigger locks (and their cpu equivalent) are ultimately just delays to malice and I have not seen recognition of that yet. So, we continue deluding ourselves that we can even build secure CPUs and OSes to avoid addressing the problem of those that are exploiting us.


Excellent response (+1)

...though my take on what amounts to appropriate punishment might differ significantly from the views of others.


----------



## Dimaggio1103

Quote:


> Originally Posted by *cekim*
> 
> as I've mentioned, I have the luxury or partitioning outward facing and inner computers and configuring them with wildly different levels of security. *So, I will very much ignore this issue for some of my machines and actively avoid the performance crippling patches* (which BTW, may require you to avoid a uCode update from what I've seen so far).
> 
> Of course anything that runs a browser (and an email client) is outward facing...
> 
> I treat my gaming machine as if its infected. I don't have email on there at all. I avoid logging into banking and other on there as well.
> 
> People piss and moan about dollars and greed, but those are what drive innovation. Currency is just a store of value - it is not evil by itself, in fact it has some profound upside. The issue is deception and malice.
> 
> Deception of a hardware vendor claimed something was secure that wasn't or knew of exploits and ignored them.
> 
> Malice of the people exploiting these things who we are failing to address as a global species. We are going to have to address this in the near future or else the internet will become too dangerous for the layman to use. That includes government actors (ours or theirs). It needs to hurt to hurt other people or those without principles will do it if they can profit.
> 
> Good people have to make sure that it hurts for bad people to hurt them. Thicker doors, bigger locks (and their cpu equivalent) are ultimately just delays to malice and I have not seen recognition of that yet. So, we continue deluding ourselves that we can even build secure CPUs and OSes to avoid addressing the problem of those that are exploiting us.


Good luck if anyone finds out you did that. That's leaving peoples info highly vulnerable atleast with Meltdown. You gonna leave access to protected info open? okey dokey.....







***Boots up terminal***


----------



## iamjanco

Quote:


> Originally Posted by *Dimaggio1103*
> 
> Good luck if anyone finds out you did that. That's leaving peoples info highly vulnerable atleast with Meltdown. You gonna leave access to protected info open? okey dokey.....
> 
> 
> 
> 
> 
> 
> 
> ***Boots up terminal***


I'm not so sure he's referring to anyone's machines but his own, with only his own data on them. I suspect he might chime in though for the sake of clarification.


----------



## Catscratch

Just had to install win10 on a very old computer with Athlon x2 5600 + Asus M2n. The MS patch does not install. Keeps module installer work all the time without actually doing anything. Update says downloading, no nothing is coming from ethernet connection. When it says installing, it fails always.

Oh newborn 2018, we are gonna have a lot of fun it seems


----------



## tpi2007

If people want to have some fun over at the AMD side: https://www.phoronix.com/scan.php?page=news_item&px=AMD-PSP-2018-Vulnerability

It seems like it has been fixed now though.


----------



## rluker5

Quote:


> Originally Posted by *Catscratch*
> 
> Just had to install win10 on a very old computer with Athlon x2 5600 + Asus M2n. The MS patch does not install. Keeps module installer work all the time without actually doing anything. Update says downloading, no nothing is coming from ethernet connection. When it says installing, it fails always.
> 
> Oh newborn 2018, we are gonna have a lot of fun it seems


Gave my son a very similar HP Pavilion Slimline s3220n and Windows 8.0 was such an improvement over the Vista it came with. Put the 65w 5600 and an hd7750 in it for him, he lost it anyways








It was pretty decent by the living room tv too.

Maybe the slow hard drive is making things seem like they are taking forever, especially if it is near full.


----------



## flippin_waffles

Quote:


> Originally Posted by *Dimaggio1103*
> 
> For all those trying to save face because they own an Intel CPU. Just stop. AMD is not just as vulnerable as Intel for the main immediate concern and that's Meltdown. This exploit has been demonstrated numberous times learn to use google and Youtube. Ryzen is physically protected against meltdown. Period. The lesser known and used specter affects all but has almost no applicability currently. This is not a equally shared problem. This is an Intel problem as far as meltdown is concerned as only 2 Outdated AMD CPUs are vulnerable. Both being bulldozer arch.
> 
> Now if you actually pay attention and see how registers and cache work you will see this had to be overlooked intentionally. Now take into account Intel CEO dumped stock prior to this news breaking. Another overlooked area is m.2 nvme drives. Stop trying to state thing like AMD is the one who messed things up. Nobody who understands this truly will ever buy the crap your selling.


Yes i think it is safe to say that if somebody were to buy a CPU today, the most secure processor has Zen cores.


----------



## alcal

Has anybody published performance differences across a suite of games? If there is even a 5-10% performance loss in more than a few titles, AMD suddenly becomes a competitor for the performance crown (outside of max OC scenarios)


----------



## Curvy Groyper

Correct me if I am wrong,Intel released new Coffee Lake cpus after they already knew that they have this hardware flaw?
Is that even legal?

I dont care about average fps in games as much as minimum fps,stuters are worst.I think benchmarking only average fps can give false sense that everything is ok.If average fps is roughly same,but minimum fps drops by 30%,thats very bad thing IMO.


----------



## ZealotKi11er

Quote:


> Originally Posted by *Midnight ***per*
> 
> Correct me if I am wrong,Intel released new Coffee Lake cpus after they already knew that they have this hardware flaw?
> Is that even legal?


They basically pursuit performance before security.


----------



## Curvy Groyper

Quote:


> Originally Posted by *ZealotKi11er*
> 
> They basically pursuit performance before security.


Ok,but when they released Coffee Lake,they were already informed about the flaw,they already knew how bad it was,they knew it will require performance crippling patches,they knew it was huge security concern yet they gave it green light and sold it like everything is ok.


----------



## ZealotKi11er

Quote:


> Originally Posted by *Midnight ***per*
> 
> Ok,but when they released Coffee Lake,they were already informed about the flaw,they already knew how bad it was,they knew it will require performance crippling patches,they knew it was huge security concern yet they gave it green light and sold it like everything is ok.


Coffee Lake is not a new CPU. Just a refresh. You have to make major changes.


----------



## tpi2007

Quote:


> Originally Posted by *ZealotKi11er*
> 
> Quote:
> 
> 
> 
> Originally Posted by *Midnight ***per*
> 
> Ok,but when they released Coffee Lake,they were already informed about the flaw,they already knew how bad it was,they knew it will require performance crippling patches,they knew it was huge security concern yet they gave it green light and sold it like everything is ok.
> 
> 
> 
> Coffee Lake is not a new CPU. Just a refresh. You have to make major changes.
Click to expand...

True, but the recent lawsuits do have a point. I've seen many people criticize them for basically being money grabs because they are happening too soon to even know the extent of the problem, and that is a valid criticism, but at the core, even if people aren't entitled to much money in the end (with lawyers taking their usual share), the fact is that Intel knew of the problem before releasing Coffee Lake and thus the performance metrics would inevitably go down, (more or less depending on the particular usage model - and the people filing the lawsuit will probably have to demonstrate what kind in order to get their money, unless a common standard can be reached by agreement) - because of something Intel already knew about, so in the end, I'd say that people will be entitled to a few bucks of the purchase price because they were essentially misled as to the performance of the product on release.

It will surely be interesting to follow those lawsuits, that's for sure. The argument that people could have chosen a Ryzen CPU instead is also a perspective to think about. The big problem is that in order to be able to make an informed purchase between two products you'd have to know what we know now, and that of course would be impossible because of the responsible disclosure policies, so this part won't probably go anywhere, but the first part I mentioned above is very likely to proceed.

It's not quite the same, but I'd say that the outcome will be the same as the GTX 970 VRAM problem and the money will probably be in the same ballpark: $30 (maybe $40) back to everyone who purchased an 8700K.


----------



## Dimaggio1103

Quote:


> Originally Posted by *ZealotKi11er*
> 
> Coffee Lake is not a new CPU. Just a refresh. You have to make major changes.


This is correct. The Meltdown Exploit comes from a hardware flaw, cannot even be fixed, merely just patched and a workaround created. They have to change their arch before it can truly be fixed.


----------



## Curvy Groyper

Quote:


> Originally Posted by *ZealotKi11er*
> 
> Coffee Lake is not a new CPU. Just a refresh. You have to make major changes.


It doesnt matter if it is refresh,they knowingly sold faulty product without informing customers about the fault,that is scam.

Thats like selling house that looks good from outside,but internaly its so bad it can collapse at any moment,then tell the people who bought it after they find out about the problem to go live in garage,and that while living in garage is less comfortable,the seller claims he did nothing wrong becose they still have roof over their head.


----------



## Kand

Quote:


> Originally Posted by *tpi2007*
> 
> If people want to have some fun over at the AMD side: https://www.phoronix.com/scan.php?page=news_item&px=AMD-PSP-2018-Vulnerability
> 
> It seems like it has been fixed now though.


Of course this gets overlooked because it's AMD.
Quote:


> Originally Posted by *Midnight ***per*
> 
> It doesnt matter if it is refresh,they knowingly sold faulty product without informing customers about the fault,that is scam.
> 
> Thats like selling house that looks good from outside,but internaly its so bad it can collapse at any moment,then tell the people who bought it after they find out about the problem to go live in garage,and that while living in garage is less comfortable,the seller claims he did nothing wrong becose they still have roof over their head.


Basically try to sell any secondhand car.
Quote:


> Originally Posted by *flippin_waffles*
> 
> Yes i think it is safe to say that if somebody were to buy a CPU today, the most secure processor has Zen cores.


Nothing is secure.


----------



## Vlada011

My Real Bench 2.54 results...
All previous are similar to Image Editing from December 10...
Only last is so low... But maybe is something else. I will restore Windows and check again tomorrow.


----------



## cfu97

Quote:


> Originally Posted by *Midnight ***per*
> 
> Correct me if I am wrong,Intel released new Coffee Lake cpus after they already knew that they have this hardware flaw?
> Is that even legal?
> 
> I dont care about average fps in games as much as minimum fps,stuters are worst.I think benchmarking only average fps can give false sense that everything is ok.If average fps is roughly same,but minimum fps drops by 30%,thats very bad thing IMO.


Look like Intel knew this years ago and it was designed to be a backdoor for US gov agency like CIA. There is no way that so many processors providers all had the same core designs back in 20 years ago and all have this "bug".

This is not a bug, this is a backdoor. Just like the windows one months ago.

So basically CIA can easily hack any computer for 20 years, so nice.


----------



## Vlada011

CIA is main culprit for everyone. I don't think on such way. If Intel know for this they done that to increase performance and own profit.

I THINK ON HUNDREDS THOUSANDS ENTHUSIASTS, THIS COULD CHANGE EVERYTHING.
THEY WILL NOT LOOK COMPUTERS ON SAME WAY ANY MORE.
Big coorporations are probably angry to the maximum. They spend thousands dollars on security and now here such news.
There is no 3rd player Intel would beg on knees for mercy and second chance.
This change everything. Change how people treat their computers, what they choose from components, how fast they upgrade.
Imagine... Our shiny processors delidded and on half thousand dollars worth motherboards with half thousand dollars worth memory will become slower more than we get improvement after OC them. We need to OC CPU to get default performance. How many of you paid for that.

I think we need new topic...
Enthusiasts who are ready to abandon Intel forever.
Why and what you plan to buy. All of us who don't want to be Intel's donkeys.


----------



## Curvy Groyper

I will but Ryzen 3 1200 as short term fix + X370 Taichi motherboard, and then in March when Ryzen+ comes out I will buy 8 core Ryzen+ and sell Ryzen 3 1200.This way I can have decent 4 core cpu today,and beast 8 core 3 months latter.


----------



## cfu97

Quote:


> Originally Posted by *Midnight ***per*
> 
> I will but Ryzen 3 1200 as short term fix + X370 Taichi motherboard, and then in March when Ryzen+ comes out I will buy 8 core Ryzen+ and sell Ryzen 3 1200.This way I can have decent 4 core cpu today,and beast 8 core 3 months latter.


No more Intel for me. Doesn't make any sense when Intel keeps its stuff at such a high price, cannot overclock except top model, socket change every half year so basically no upgrade without buying new motherboard, and the most important part: Give you hardware bug that cannot be fixed and let any hacker hacks your computer.

Intel was mainly selling reputation and confidence, and these are zero now.


----------



## Vlada011

Real Bench 2.54 Image Edition 5820K 4.2GHz

September 17

*197.304*
28.2745

October 14

*199.103*
26.7559

December 7

*197.903*
26.9221

December 10

*198.633*
26.8232

After Windows Update
Januar 6

*138.704*
38.4125

6 times I tries score go from 132-138.xxx.
This is more than 30% loss.
I'M IN SHOCK, I STILL THINK THAT MAYBE IS SOMETHING ELSE.

Where are now people to explain and defend Intel. Are you aware how big loss is that.
That's Ivy Bridge-E. Peformance of Haswell-E become Ivy Bridge-E.


----------



## Curvy Groyper

Thats like close to 30% slower! I was reading other forums and many people say the performance isnt going to be significantly degraded,that it it will be 2% max,that the 30% is overblown fear mongering, but the user benchmarks I saw lately show that there will indeed be significant slowdown.Also the minimum fps in online games will have massive drops,the lowest fps will drop significantly,it will stutter.


----------



## cekim

Quote:


> Originally Posted by *Vlada011*
> 
> Real Bench 2.54 Image Edition 5820K 4.2GHz
> 
> September 17
> 
> *197.304*
> 28.2745
> 
> October 14
> 
> *199.103*
> 26.7559
> 
> December 7
> 
> *197.903*
> 26.9221
> 
> December 10
> 
> *198.633*
> 26.8232
> 
> After Windows Update
> Januar 6
> 
> *138.704*
> 38.4125
> 
> 6 times I tries score go from 132-138.xxx.
> This is more than 30% loss.
> I'M IN SHOCK, I STILL THINK THAT MAYBE IS SOMETHING ELSE.
> 
> Where are now people to explain and defend Intel. Are you aware how big loss is that.
> That's Ivy Bridge-E. Peformance of Haswell-E become Ivy Bridge-E.


Lol... no, I think you are seeing the same thing I and others have seen. Specific functionality has been crippled by these patches. The question is how wide-spread is that functionality in the real world.

a. That functionality does not map to ALL uses. Run something other than RB to understand.
b. That functionalities performance loss may be mitigated with optimizations in the affected application.

I see sqlite3 taking 2X longer to write 5M rows in 5M insertions. However, 1 single insertion with 5M rows takes the same exact amount of time before and after...

So, since 5M single row insertions was bad code to begin with, what this says is the cost of these patches is wildly uneven and the better your software is optimized to minimize write I/O, the less it will be affected.


----------



## cekim

Quote:


> Originally Posted by *Midnight ***per*
> 
> Thats like close to 30% slower! I was reading other forums and many people say the performance isnt going to be significantly degraded,that it it will be 2% max,that the 30% is overblown fear mongering, but the user benchmarks I saw lately show that there will indeed be significant slowdown.Also the fps in online games will have massive drops,the lowest fps will drop significantly,it will stutter.


Again, you have to keep apples:applies and be specific about what will and will not slow down. Otherwise its just more noise...


----------



## cfu97

Quote:


> Originally Posted by *Vlada011*
> 
> Real Bench 2.54 Image Edition 5820K 4.2GHz
> 
> September 17
> 
> *197.304*
> 28.2745
> 
> October 14
> 
> *199.103*
> 26.7559
> 
> December 7
> 
> *197.903*
> 26.9221
> 
> December 10
> 
> *198.633*
> 26.8232
> 
> After Windows Update
> Januar 6
> 
> *138.704*
> 38.4125
> 
> 6 times I tries score go from 132-138.xxx.
> This is more than 30% loss.
> I'M IN SHOCK, I STILL THINK THAT MAYBE IS SOMETHING ELSE.
> 
> Where are now people to explain and defend Intel. Are you aware how big loss is that.
> That's Ivy Bridge-E. Peformance of Haswell-E become Ivy Bridge-E.


If we are talking about basically all Intel server grade cpu would be 30% slower, then Intel would collapse because unlimited lawsuits.


----------



## Curvy Groyper

Quote:


> Originally Posted by *cekim*
> 
> Again, you have to keep apples:applies and be specific about what will and will not slow down. Otherwise its just more noise...


LOL not specific enough for you? Reread my post again,or better I write it again,online games - minimum FPS,not average fps,not singleplayer offline games.... is that specific enough?


----------



## Vlada011

Intel deserve to collapse, they drive us as lunatics last 5 years. \
They deserve to spare us from their bad news and their shocking prices and their thermal paste and their prediction.
They deserve to go out from market 5 years, I don't want to hear any more Intel few years.
I done tests 5 times.

Before 7 days these tests are reason for upgrades and they bomb us with them with hope to people upgrade with such numbers...and I never saw that after OC performance jump so much as I see now.
That's like I installed i7-3930K not Haswell-E 6 cores.

Enthusiasts will not calm down until Intel compensate last percent lost with this.
How they think to do that we don't care. To replace 6 core with 8 cores, 8 cores with 10 cores.
And how much will loss we don't need to care. I will buy next time Intel if numbers convince me that I didn;'t lost more than 4-5%.
And than I will be very angry. Or if replace our i7-5820k, i7-5930K with i7-5960X, etc... They have enough of them. We don;'t ask newest model, fabric sealed CPU, or etc...
We want to give us something for change. For now they only take from us, take money, take soldered processors, now even they take more performance they give us for next generation.
NOW IS TIME TO GIVE SOMETHING TO PEOPLE WHO PROVIDE THEM POSSIBILITY TO MAKE IDIOTS FROM US WITHOUT CONSEQUENCES.
ONLY OPTION IS TO REPLACE i7-4820 with i7-4930k, i7-5820K and i7-5930K with i7-5960X, i7-5960X with i7-6950X and same with Skylake X.
If someone have i9-7980X he could get Intel 750 or 545 SSD 1TB or similar thing.
It's enough of taking from us, now is time to give something to us. Because they give us only small amount of performance, now we lost even that and money for performance are in Intel pockets.


----------



## GeneO

Quote:


> Originally Posted by *Vlada011*
> 
> My Real Bench 2.54 results...
> All previous are similar to Image Editing from December 10...
> Only last is so low... But maybe is something else. I will restore Windows and check again tomorrow.


Yeah, that is about what I see on my 4790k. And the microcode update for my processor drops it down by another 9%.


----------



## cfu97

Quote:


> Originally Posted by *Vlada011*
> 
> Intel deserve to collapse, they drive us as lunatics last 5 years. \
> They deserve to spare us from their bad news and their shocking prices and their thermal paste and their prediction.
> They deserve to go out from market 5 years, I don't want to hear any more Intel few years.
> I done tests 5 times.
> 
> Before 7 days these tests are reason for upgrades and they bomb us with them with hope to people upgrade with such numbers...and I never saw that after OC performance jump so much as I see now.
> That's like I installed i7-3930K not Haswell-E 6 cores.
> 
> Enthusiasts will not calm down until Intel compensate last percent lost with this.
> How they think to do that we don't care. To replace 6 core with 8 cores, 8 cores with 10 cores.
> And how much will loss we don't need to care. I will buy next time Intel if numbers convince me that I didn;'t lost more than 4-5%.
> And than I will be very angry. Or if replace our i7-5820k, i7-5930K with i7-5960X, etc... They have enough of them. We don;'t ask newest model, fabric sealed CPU, or etc...
> We want to give us something for change. For now they only take from us, take money, take soldered processors, now even they take more performance they give us for next generation.
> NOW IS TIME TO GIVE SOMETHING TO PEOPLE WHO PROVIDE THEM POSSIBILITY TO MAKE IDIOTS FROM US WITHOUT CONSEQUENCES.
> ONLY OPTION IS TO REPLACE i7-4820 with i7-4930k, i7-5820K and i7-5930K with i7-5960X, i7-5960X with i7-6950X and same with Skylake X.
> If someone have i9-7980X he could get Intel 750 or 545 SSD 1TB or similar thing.
> It's enough of taking from us, now is time to give something to us. Because they give us only small amount of performance, now we lost even that and money for performance are in Intel pockets.


If they replace all cpu for the last 20 years, why not just collapse.


----------



## cekim

Quote:


> Originally Posted by *Midnight ***per*
> 
> LOL not specific enough for you? Reread my post again,or better I write it again,online games - minimum FPS,not average fps,not singleplayer offline games.... is that specific enough?


Nope... which games? Which ones are what % down? Are they all 30% slower?

"STUFF GETS SLOWER" does not either capture the reality of what's happening or help others understand that reality.


----------



## Vlada011

Intel will never success to compensate money to motherboard vendors, memory vendors, watercooling vendors who lose from people who will stop to OC, compare benchmark tests, change hardware every year, etc. Except if somehow satisfied all customers.
How funny now look every OC comparison, every benchmark test. Now AMD CPU and stock value look best.
This is my first mistake with platform in life, I wait before upgrade because similar news, but we couldn't predict worse scenario in computer industry, losing 30% of performance of processors.
From 26 seconds to 38 seconds. Jesus Christ.

They can't replace processor for last 10-20 years but could estimate some generations still usable for hard core systems.


----------



## Curvy Groyper

Quote:


> Originally Posted by *cekim*
> 
> Nope... which games? Which ones are what % down? Are they all 30% slower?
> 
> "STUFF GETS SLOWER" does not either capture the reality of what's happening or help others understand that reality.


The benchmark I saw was for Counter Strike and it was 40% down.I cant say if they are all down becose nobody yet benchmarked all games,obviously.


----------



## cfu97

Quote:


> Originally Posted by *Vlada011*
> 
> Intel will never success to compensate money to motherboard vendors, memory vendors, watercooling vendors who lose from people who will stop to OC, compare benchmark tests, change hardware every year, etc. Except if somehow satisfied all customers.
> How funny now look every OC comparison, every benchmark test. Now AMD CPU and stock value look best.
> This is my first mistake with platform in life, I wait before upgrade because similar news, but we couldn't predict worse scenario in computer industry, losing 30% of performance of processors.
> From 26 seconds to 38 seconds. Jesus Christ.
> 
> They can't replace processor for last 10-20 years but could estimate some generations still usable for hard core systems.


Look like Intel would not do anything other than giving out some patches through windows update or whatever


----------



## Vlada011

Evil coorporations bankrupt for much less than such impact on people, governments and companies worldwide.
Intel lost touch with reality and I think there is people who could predict future much better than we. Some of such people sold Intel stocks because this will not finish for month or few weeks.
Complete reliability and security of Intel processors are destroyed. I can't go in store now and pay Intel with such happiness and enjoy in him.
No matter on money i7-7700K, i7-8700K, i9 series and many models before them no any more performance advertised before this.

What will happen with people who decide to avoid update of this patch?
MS should give opportunity to people to avoid that patch not to force update automatic.
I mean who will attack my computer?


----------



## Curvy Groyper

Quote:


> Originally Posted by *Vlada011*
> 
> Evil coorporations bankrupt for much less than such impact on people, governments and companies worldwide.
> Intel lost touch with reality and I think there is people who could predict future much better than we. Some of such people sold Intel stocks because this will not finish for month or few weeks.
> Complete reliability and security of Intel processors are destroyed. I can't go in store now and pay Intel with such happiness and enjoy in him.
> No matter on money i7-7700K, i7-8700K, i9 series and many models before them no any more performance advertised before this.
> 
> What will happen with people who decide to avoid update of this patch?
> MS should give opportunity to people to avoid that patch not to force update automatic.
> I mean who will attack my computer?


I think people can hack your pc so it mines cryptocurrency for them,your pc becomes their slave.


----------



## cx-ray

I'm not seeing a slowdown in that test. Out of curiosity I performed a RealBench 2.56 on a Windows 8.1 Pro machine before and after the security patch.

Win 8.1 Pro CPU i7-3960X 4.5GHz

Before Security Patch:

Image Editing
150.748
Time:35.3436

After Patch:

Image Editing
152.377
Time:34.9659

--

Win 10 Pro CPU i9-7900X 4.8GHz

After Patch (never ran RealBench before)

Image Editing
233.225
Time:22.8449

All tests done in full user configuration without any funny "leaning out" tricks. Not seeing any slowdown in games either (MP Mass Effect: Andromeda, Destiny 2). Tested Cinebench OpenGL as well. Before an after around 230FPS.

Quote:


> Originally Posted by *Vlada011*
> 
> My Real Bench 2.54 results...
> All previous are similar to Image Editing from December 10...
> Only last is so low... But maybe is something else. I will restore Windows and check again tomorrow.


----------



## Vlada011

I don't have single antivirus software last 10 years and nothing happen to me.
They could try, to use my PC for mining, but if CPU or GPU become more than 5% usage after I reboot computer I first cut CAT6 with kitchen knife than check what happen.
If they want to sweet for 30 seconds usage of my PC ...

Now I search best way to avoid performance lost until AMD show up with something capable to OC 500MHz.
I advice same to all people who don't afraid from hackers attack.

Are you aware at all how bad thing Intel done. No, we think on performance and they made global mess.
Not only that, this pure confirmation that they use same Core 10 years from X58 period.


----------



## yamnakshatriya

Quote:


> Originally Posted by *Vlada011*
> 
> I don't have single antivirus software last 10 years and nothing happen to me.
> They could try, to use my PC for mining, but if CPU or GPU become more than 5% usage after I reboot computer I first cut CAT6 with kitchen knife than check what happen.
> If they want to sweet for 30 seconds usage of my PC ...
> 
> Now I search best way to avoid performance lost until AMD show up with something capable to OC 500MHz.
> I advice same to all people who don't afraid from hackers attack.
> 
> Are you aware at all how bad thing Intel done. No, we think on performance and they made global mess.
> Not only that, this pure confirmation that they use same Core 10 years from X58 period.


True Serb









Unfortunately most need security. I got a Surface Book 2 laptop and built a top of the line trading computer. I won't return the Surface Book 2 because there are no alternatives, but that trading computer is getting rebuilt and I am getting a refund there.

However I will not buy from Intel for at least 5 years where I can avoid it.


----------



## Vlada011

We should organize topic to explain Intel how we are serious and how many people will abandon them because of this.
i7-8700K, he was not 3 months on market and now everything look difference. They destroyed first mainstream CPU waited long time to Intel decide to give 6 cores.
Lucky for owners after OC on 5.0GHz he will work as default before patch.









Here is results saved by Real Bench...you can check all results, only last is wrong.

results.txt 1k .txt file


And I check some other tests Cinebench 11 and 15 no performance drop.
Intel Xtreme Utility same as before, some other CPU tests same as well. CPU Queen drop from 75.500 to 74.000.
Geekbench CPU multi and single 1-2% maybe nothing.


----------



## cfu97

Intel stock raised again last night. Look like people had forgot this and moved on.....


----------



## Vlada011

Quote:


> Originally Posted by *cfu97*
> 
> Intel stock raised again last night. Look like people had forgot this and moved on.....


I doubt gamers could change something like that, stock value so fast.
But I expect in 2018 to Intel drop on 30 and AMD to increase 60-70%.


----------



## yamnakshatriya

Quote:


> Originally Posted by *cfu97*
> 
> Intel stock raised again last night. Look like people had forgot this and moved on.....


That is people "buying the dip."

Either they are "shallow" investors who don't investigate market information fully and just make quick trades; or cynical pump-and-dump investors exploiting the shallow investors to buy the dip, and then sell the peak before the real dip.

Most people probably fall into the former category.


----------



## Curvy Groyper

Correct me if I am wrong,but you can have either just Microsoft patch,or Microsoft patch + microcode patch and the Microsoft + microcode causes more slowdown and the Microsoft patch note says that having only the Microsoft patch is not enough to protect your pc.

I think people think this will not cause slowdown becose they think the Microsoft patch is everything they need and thats it,when in reality microcode/ bios will be patched too later and only then will full extent of the performance degradation become aparent.


----------



## yamnakshatriya

The microcode fix basically disables the prediction part of the processor from what I know. However that is not enough - Microsoft needs to release regular security patches because the workaround is OS based (from what I know). So currently built Intel processors will never be secure and all current and new Intel processors will be garbage slow for 5-10 years until they create a new architecture.


----------



## guttheslayer

Quote:


> Originally Posted by *cfu97*
> 
> No more Intel for me. Doesn't make any sense when Intel keeps its stuff at such a high price, cannot overclock except top model, socket change every half year so basically no upgrade without buying new motherboard, and the most important part: Give you hardware bug that cannot be fixed and let any hacker hacks your computer.
> 
> Intel was mainly selling reputation and confidence, and these are zero now.


You forget to mentioned pigeon poop that make its processor throttle and shorten lifespan


----------



## Wishmaker

Quote:


> Originally Posted by *Vlada011*
> 
> I doubt gamers could change something like that, stock value so fast.
> But I expect in 2018 to Intel drop on 30 and AMD to increase 60-70%.


...look, pigs Fly!


----------



## guttheslayer

Quote:


> Originally Posted by *Wishmaker*
> 
> ...look, pigs Fly!


Intel is a disgrace and they deserve bankruptcy. Unfortunately that is not going to happen soon but will happen if they continue to be anti consumer and anti innovation.


----------



## Catscratch

Microcode? Where? Just installed the win10 patch on my sig rig and I dont feel safe at all.


----------



## cfu97

Quote:


> Originally Posted by *guttheslayer*
> 
> You forget to mentioned pigeon poop that make its processor throttle and shorten lifespan


what is this?


----------



## yamnakshatriya

Quote:


> Originally Posted by *Catscratch*
> 
> Microcode? Where? Just installed the win10 patch on my sig rig and I dont feel safe at all.


BIOS update


----------



## Offler

Quote:


> Originally Posted by *tpi2007*
> 
> If people want to have some fun over at the AMD side: https://www.phoronix.com/scan.php?page=news_item&px=AMD-PSP-2018-Vulnerability
> 
> It seems like it has been fixed now though.


Quote:


> Originally Posted by *Kand*
> 
> Of course this gets overlooked because it's AMD.


Actually, any security enhancement device is for me a red flag warning to NOT use it, unless absolutely neccessary. it will get first class treatment from real security experts wearing a black hat.

Usually there are following time periods in lifecycle in such devices:

a) There is unpatched vulnerability, but its new and nobody is aware yet.
b) There is unpatched vulnerability and certain groups are aware of that, no patch yet.
c) There is unpatched vulnerabilty, and manufacturer is aware and works on patch.
d) Vulnerability is patched, but cycle above will repeat few times.
e) Device is finally safe, but its protection is no longer effective.


----------



## jagdtigger

Quote:


> Originally Posted by *Offler*
> 
> Actually, any security enhancement device is for me a red flag warning to NOT use it, unless absolutely neccessary. it will get first class treatment from real security experts wearing a black hat.
> 
> Usually there are following time periods in lifecycle in such devices:
> 
> a) There is unpatched vulnerability, but its new and nobody is aware yet.
> b) There is unpatched vulnerability and certain groups are aware of that, no patch yet.
> c) There is unpatched vulnerabilty, and manufacturer is aware and works on patch.
> d) Vulnerability is patched, but cycle above will repeat few times.
> e) Device is finally safe, but its protection is no longer effective.


Then you only have ancient PC's?







Because AFAIK IME has a very long history(i bet that AMD has something similar going on too)...


----------



## khanmein

Quote:


> Originally Posted by *Catscratch*
> 
> Microcode? Where? Just installed the win10 patch on my sig rig and I dont feel safe at all.


There's no BIOS update for my processor yet, but FYI, you might don't want to update it. The performance impact is pretty huge.


----------



## nanotm

Quote:


> Originally Posted by *jagdtigger*
> 
> Then you only have ancient PC's?
> 
> 
> 
> 
> 
> 
> 
> Because AFAIK IME has a very long history(i bet that AMD has something similar going on too)...


yep ime goes back to the p4 days which just so happens to coincide with intel's bragging about having the ability to shut down any computer in the world as part of getting various embargo's lifted allowing them to sell us made hardware in many more places around the globe... oddly it was their inability to actually use said management engine when it was part of the bios /cpu and not hard coded onto every motherboard that reintroduced those computer parts sales bans ....

as far as i'm aware it was ryzen pro that introduced something similar to amd cpu's although i could be wrong about that


----------



## zeall0rd

Quote:


> Originally Posted by *khanmein*
> 
> There's no BIOS update for my processor yet, but FYI, you might don't want to update it. The performance impact is pretty huge.


Agreed. What I'd recommend is downloading the newest BIOS and patching it with the last microcode version before the Spectre 2 patch.


----------



## cfu97

Quote:


> Originally Posted by *zeall0rd*
> 
> Agreed. What I'd recommend is downloading the newest BIOS and patching it with the last microcode version before the Spectre 2 patch.


The bonus function would be slowing down the server by 30%


----------



## Offler

Quote:


> Originally Posted by *jagdtigger*
> 
> Then you only have ancient PC's?
> 
> 
> 
> 
> 
> 
> 
> Because AFAIK IME has a very long history(i bet that AMD has something similar going on too)...


Currently main system - using Phenom II as written signature, while I dont have TPM installed on mainboard. So 2010, still kicking nicely performance wise.


----------



## webhito

Well, the windows update did nothing, at best it made it slightly better, I do however wonder what will happen once I install the microcode/bios update. Thinking seriously of jumping ship.


----------



## e-gate

Quote:


> Originally Posted by *webhito*
> 
> Well, the windows update did nothing, at best it made it slightly better, I do however wonder what will happen once I install the microcode/bios update. Thinking seriously of jumping ship.


We will find out pretty soon. Just wait for more actual testing. Guru3D did some testing with the BIOS+Windows update. Some 4K NVMe scores went down. Gaming is unaffected or at least minimally impacted. Nothing worrisome for the average home user. Ofc we need more time to see more tests. The situation is pretty bad nonetheless. Some things need to change to the whole industry. Those secret "features" that we later rename as "bugs" must be stopped.


----------



## gigafloppy

Is a microcode update the same as a BIOS update? If so, Sandy and Ivy Bridge will never be secure. I doubt 5+ year old motherboards will get a BIOS update.


----------



## OutlawII

Cant wait till people start jumping ship 8700k will be dirt cheap....start jumping please.Everyone acts like this is the end of the world or the end of Intel lol drama Queens. Intel stock at the end of the day closed at 44.95 that is down from a 1 month high of 47.56, AMD stock is at 11.90 from a month high of 12.12 so that is also down...my point is this will effect both companies. If anything my opinion is that this will make Intel stronger by forcing them to come up with better and faster cpu architecture.


----------



## webhito

Quote:


> Originally Posted by *e-gate*
> 
> We will find out pretty soon. Just wait for more actual testing. Guru3D did some testing with the BIOS+Windows update. Some 4K NVMe scores went down. Gaming is unaffected or at least minimally impacted. Nothing worrisome for the average home user. Ofc we need more time to see more tests. The situation is pretty bad nonetheless. Some things need to change to the whole industry. Those secret "features" that we later rename as "bugs" must be stopped.


Yea, no kidding.


----------



## nanotm

Quote:


> Originally Posted by *gigafloppy*
> 
> Is a microcode update the same as a BIOS update? If so, Sandy and Ivy Bridge will never be secure. I doubt 5+ year old motherboards will get a BIOS update.


they can be but dont need to be (well certainly on newer generation systems at least) you can add /modify/delete files to your bios either through a flash drive when in the bios itself or through the operating system without doing a full bios change, you can also get a new bios

fuses on cpu's are kill switches, in normal operation the fuse gets no power when a kill switch is flipped it gets powered and burns out and you have no chip left this is a security feature that back in the 90's the NSA insisted was installed in every cpu so that a rogue nation couldn't use American computers against American intersts .... they didn't work as advertised but continue to be installed in every cpu..... to compensate for their lack of ability to use the original kill switches motherboards were modified to add instruction sets to them that enabled the use of the kill switches (open back door) they also modified the cpu's to make it possible to snoop on what was being done without the operating system being aware, the IME's primary job was to copy data and its secondary job was to act as a kill switch.... again it didn't work as intended thanks to ...network firewalls.....but again they didn't get rid of this "feature" they just added new features on top that tried to do the same things....

i suspect that somewhere down the line they will quite trying to see what everyone does and how they do it and at that point 90% of so claimed "security flaws" will disappear it will never happen though because they wont let it !


----------



## hitman928

Quote:


> Originally Posted by *e-gate*
> 
> We will find out pretty soon. Just wait for more actual testing. Guru3D did some testing with the BIOS+Windows update. Some 4K NVMe scores went down. Gaming is unaffected or at least minimally impacted. Nothing worrisome for the average home user. Ofc we need more time to see more tests. The situation is pretty bad nonetheless. Some things need to change to the whole industry. Those secret "features" that we later rename as "bugs" must be stopped.


Guru3d didn't test games with the windows patch + microcode update from what I can tell, they only did the windows patch. They updated the SSD tests with the microcode update as well, but make no mention of any of the other tests being updated, unless I missed it.


----------



## Offler

Some upddate on main topic:
https://gist.github.com/woachk/2f86755260f2fee1baf71c90cd6533e9

Some discussion to that:
https://twitter.com/never_released/status/949344471027798016


----------



## cx-ray

Quote:


> Originally Posted by *hitman928*
> 
> Guru3d didn't test games with the windows patch + microcode update from what I can tell, they only did the windows patch. They updated the SSD tests with the microcode update as well, but make no mention of any of the other tests being updated, unless I missed it.


Looks like Guru3D might be running into a CPU bound situation with the 960 Pro test...or it's related to DMI. With a 7900X 4.8GHz I get with just the OS patch for 4KiB Q32T1 Read 881.4MB/s (Guru 634.3MB/s) and Write 725MB/s (Guru 551.8MB/s)


----------



## Offler

If you want to measure impact of the patch on CPU via 3d engine, the least effect of GPU-bound scenarios happen on lowest settings, and lowest possible resolution.


----------



## yamnakshatriya

Quote:


> Originally Posted by *webhito*
> 
> Yea, no kidding.


Lmao.

I just built a 8700k computer and I lost 400 points on Cinebench after microcode.

That basically translates to: if I OC to 5 GHZ I will have the same performance as default.

Or: Intel processors are as good as they were 3 years ago post-update.


----------



## Offler

So far I am getting more and more angry on Intel.

a) Their CEO selling shares
b) Their claims that "everyone is affected", while being creative, not mentioning that only Intel CPUs are susceptible to all three attacks.
c) AAnd taking credit for issuing all fixes:
https://twitter.com/aionescu/status/949064007796666368

Because clearly Intel could not issue a fix for Linux and/or Windows.

Also Please I would like to ask for a help. How to explain in simple terms how the attack works?

a) Meltdown
Allows read and writing to cache and memory.
- Only intel is affected
- Fix will cause 30% performance loss on IO operations.

b) Spectre 2
Allows read of cache and memory.
- AMD can fix it with Lfence instruction, no loss of performance
- Intel has to fix it via software update (retpoline) which may have some performance impact.

c) Spectre 1
Allows read of cache only?
Unfixed in general, while browsers are about to implement features to prevent it Java. This variant affects all.


----------



## flippin_waffles

Quote:


> Originally Posted by *Kand*
> 
> ...
> Nothing is secure.


This is what i said verbatim:

"Yes i think it is safe to say that if somebody were to buy a CPU today, the most secure processor has Zen cores."


----------



## ZealotKi11er

Zen+ probably will be the same so in reality not fixed. They will sell it based on the assumption that AMD is not effecd. They all are. What we will get in the end is 5-7 years of CPU performance degradation.


----------



## delboy67

Quote:


> Originally Posted by *OutlawII*
> 
> Cant wait till people start jumping ship 8700k will be dirt cheap....start jumping please.Everyone acts like this is the end of the world or the end of Intel lol drama Queens. Intel stock at the end of the day closed at 44.95 that is down from a 1 month high of 47.56, AMD stock is at 11.90 from a month high of 12.12 so that is also down...my point is this will effect both companies. If anything my opinion is that this will make Intel stronger by forcing them to come up with better and faster cpu architecture.


Just because it doesnt affect 720p gaming or cb doesnt mean this wont hurt. Your underestimating the seriousness of meltdown, put it like this we only get our 'toys'
because theyre hand me downs from the server market. The market this will hurt intel in is thier cash cow and the stocks will take longer to react. This could be massive, we could see intel split from thier foundry like amd and gloflo and remember if amd end up with even anything like 30-50% of intels cash cow market they will dwarf even nvidia in revenue. If amd mess this up they deserve to die. Their marketing should be in overdrive trying to sell epycs now.


----------



## Offler

Quote:


> Originally Posted by *ZealotKi11er*
> 
> Zen+ probably will be the same so in reality not fixed. They will sell it based on the assumption that AMD is not effecd. They all are. What we will get in the end is 5-7 years of CPU performance degradation.


That would be too speculative to say right now. I would go with "its demonstrated" vs "its not demonstrated" and real performance impact of the fixes on the CPUs in general.

Assumption that some "system is safe" is wrong by the definition. What really matters is how big impact the data leak can have - either on me personally of on some company.

Edit: Even when i currently happen to own AMD CPU, i would not sell Intel PC immediatelly and go AMD just because of the recent information.


----------



## ZealotKi11er

Quote:


> Originally Posted by *Offler*
> 
> That would be too speculative to say right now. I would go with "its demonstrated" vs "its not demonstrated" and real performance impact of the fixes on the CPUs in general.
> 
> Assumption that some "system is safe" is wrong by the definition. What really matters is how big impact the data leak can have - either on me personally of on some company.
> 
> Edit: Even when i currently happen to own AMD CPU, i would not sell Intel PC immediatelly and go AMD just because of the recent information.


To fix this problem for now and the future you have to be immune to Spectre in all 3 types. AMD is fine now but there is always the potential risk in the future.


----------



## Offler

Yes, but that risk is present always. It was here before, and it will not go away even when you fix current issue. There are more to come.


----------



## The Robot

Quote:


> Originally Posted by *yamnakshatriya*
> 
> Lmao.
> 
> I just built a 8700k computer and I lost 400 points on Cinebench after microcode.
> 
> That basically translates to: if I OC to 5 GHZ I will have the same performance as default.
> 
> Or: Intel processors are as good as they were 3 years ago post-update.


So basically, you got a Ryzen now. It's the great equalizer to knock down epeeners from their mighty perch.


----------



## GeneO

Quote:


> Originally Posted by *gigafloppy*
> 
> Is a microcode update the same as a BIOS update? If so, Sandy and Ivy Bridge will never be secure. I doubt 5+ year old motherboards will get a BIOS update.


microcode can be loaded into the processor at boot via Windows. You can get microcode updates through Windows update (and similar for Linux).


----------



## gigafloppy

Quote:


> Originally Posted by *GeneO*
> 
> microcode can be loaded into the processor at boot via Windows. You can get microcode updates through Windows update (and similar for Linux).


Interesting. So Intel just needs to release these microcode updates to Microsoft instead of ASUS, Gigabyte etc.? Is Intel ever going to release microcode for anything older than Haswell though?


----------



## GeneO

Quote:


> Originally Posted by *gigafloppy*
> 
> Interesting. So Intel just needs to release these microcode updates to Microsoft instead of ASUS, Gigabyte etc.? Is Intel ever going to release microcode for anything older than Haswell though?


Your guess is as good as mine.


----------



## Offler

Quote:


> Originally Posted by *GeneO*
> 
> microcode can be loaded into the processor at boot via Windows. You can get microcode updates through Windows update (and similar for Linux).


Quote:


> Originally Posted by *gigafloppy*
> 
> Interesting. So Intel just needs to release these microcode updates to Microsoft instead of ASUS, Gigabyte etc.? Is Intel ever going to release microcode for anything older than Haswell though?


Its a thing between company which makes drivers/microcodes if Microsoft will distribute their software via Windows updates. Full Nvidia Drivers at least were distributed this way. In case of microcodes depends if the change might require also change in Bios.

Bios is usually NOT distributed via windows updates, and its left for mainboard manufacturers.


----------



## yamnakshatriya

Quote:


> Originally Posted by *The Robot*
> 
> So basically, you got a Ryzen now. It's the great equalizer to knock down epeeners from their mighty perch.


I'm glad all my other stuff (except motherboard) is compatible with Ryzen, and I got it all on Amazon. I'd be much more angry otherwise.

I can't imagine how furious big corporations are. I just built 1 trading computer.


----------



## Dimaggio1103

Quote:


> Originally Posted by *Kand*
> 
> Of course this gets overlooked because it's AMD.
> Basically try to sell any secondhand car.
> Nothing is secure.


Holy bias Batman! Lol it got overlooked because it's not even close to the seriousness of the Intel flaw which is baked into the hardware and knowingly sold still. Second hand car is not the same a a new PC part that is handling your data. Finally saying nothing is secure has zero logic. I mean are we supposed to not even try? Hey guys no use in wiping as your just gonna dirty yourself up again.

Are y'all that boas you can't hold Intel accountable? Like my 5yo when he gets in trouble and points to his sister like it's somehow her fault he messed up. C'mon

EDIT: no microcode will fix this it's a hardware flaw. You can only patch in a work around for meltdown.


----------



## LostParticle

Quote:


> Originally Posted by *gigafloppy*
> 
> Interesting. So Intel just needs to release these microcode updates to Microsoft instead of ASUS, Gigabyte etc.? *Is Intel ever going to release microcode for anything older than Haswell though?*


What I would like to know is WHEN will Intel release something for Haswell?
Has anyone with Z97 or other chipsets from that era, e-mailed their motherboard manufacturer, asking about a new BIOS? I e-mailed ASRock Tech Support (Taiwan) a few hours ago... They respond, they have helped me in the past, indeed, but it might take them up to 15 business days!...


----------



## doritos93

My guess is that manufacturers will release BIOS updates for newish boards (with other scheduled improvements) and microcode updates via the OS for older boards that they don't care about anymore

It's important to keep in mind that we won't see the full extent of impacts until these updates are pushed out and even then probably not for another month

And tech media needs to also keep in mind that lumping AMD and ARM in with Intel in their headlines is disingenuous. Exploits are discovered all the time but those that require crippling workarounds are few and far between, which is not the case with AMD and ARM chips


----------



## Melan

Quote:


> Originally Posted by *doritos93*
> 
> and microcode updates via the OS for older boards that they don't care about anymore


No love for Z77. Sad. SAD!


----------



## GeneO

Quote:


> Originally Posted by *Offler*
> 
> Its a thing between company which makes drivers/microcodes if Microsoft will distribute their software via Windows updates. Full Nvidia Drivers at least were distributed this way. In case of microcodes depends if the change might require also change in Bios.
> 
> Bios is usually NOT distributed via windows updates, and its left for mainboard manufacturers.


Usually. For something critical they would. I have received ucode updates through Windows.


----------



## G woodlogger

So will a similar situation like VEGA arise where a Treadrepper 2 and other AMD chips will be sold expensively to the professional market and only a trickle for consumers?, and Intel Coffee lake 6 and 8 core chips will become affordable for gamers?


----------



## Melan

Hmm, I've read somewhere that after patch, CPU temperature has increased during testing. However I'm still trying to find that post, I should've bookmarked the damn thing.

Edit: Found it. Apparently test is done in 7-Zip. It's in russian however, but here's the link.


----------



## superstition222

Quote:


> Originally Posted by *cekim*
> 
> Utterly false. You are missing numerous use cases outside your own personal one.
> 
> There is vast amount of perfectly useable, valuable and frankly deployed regardless hardware out there that will either never have a new bios provided or operate in an environment where the risk of a bios flash bricking is too great to permit regular patching.
> 
> Waiting on or being tied to bios flash is not a scalable or secure methodology. This is how we end up with billion node iot botnets.


All the objections to my point are side issues.

All of these "fixes" are merely work-arounds. As such, they vary in quality. A quick and dirty OS-level patch may be needed to address the sluggishness of BIOS updates. However, that doesn't change the fact that a BIOS update should be made to address an issue like meltdown, if it is possible to do it in BIOS.

I'm done arguing about this unless I see a compelling reason why my point isn't correct. People should not have to be force-fed specific operating systems or specific versions of operating systems to get microcode fixes that should be deployed in BIOS, like a fix for the Skylake hyperthreading bug.

Also, as I said, it is perfectly reasonable to add a redundant additional layer of OS-level mitigation to supplement BIOS patches. That way, people whose board makers don't do their jobs can be covered more easily. It deals with the bricking issue for people who are really worried about that. It also deals with the speed of a patch being available issue to a degree (although it doesn't deal with things like MS not bothering to roll out a patch for 13 days in Windows 7 and 8 or Apple only patching, apparently, High Sierra, leaving the other versions waiting). Let's not conveniently ignore all the drawbacks of keeping the workarounds at the OS level only, eh?

BIOS patches are the most optimal workaround because they don't require users to use specific operating systems, specific versions of operating systems, or deal with issues relating to redeploying operating systems and patches. They make the machine invulnerable to the issue, an issue that lies in the hardware not the operating system. Operating systems are a higher layer.

Microsoft and Apple would love people to maintain the mentality that an operating system is somehow part of hardware but it's not. x86 hardware should be OS agnostic. It should function correctly without specific patches to specific operating systems.


----------



## tpi2007

Quote:


> Originally Posted by *Offler*
> 
> Some upddate on main topic:
> https://gist.github.com/woachk/2f86755260f2fee1baf71c90cd6533e9
> 
> Some discussion to that:
> https://twitter.com/never_released/status/949344471027798016


To add to one of the items mentioned in the first link, namely this:
Quote:


> About the microcode update for Zen 1 CPUs being described as "disabling branch prediction", this is a mistake in the description of the update.


A few pages back it seemed to me like a mistake in the description and indeed it appears to be so.

More info here:

https://www.phoronix.com/scan.php?page=news_item&px=AMD-Branch-Prediction-Still
Quote:


> I reached out to AMD and on Friday heard back. They wrote in an email to Phoronix that this Zen/17h microcode update does not disable branch prediction. They'll be working with SUSE to re-clarify this microcode update description... But as far as what this microcode update does in the wake of SPECTRE they have yet to clarify or why this microcode binary has yet to make it to other Linux distributions. If/when I hear anything more, I'll certainly post about it but doesn't appear to be anything as dramatic as disabling branch prediction, which could have slaughtered their CPU performance.


Anyway, back to Intel, with Microsoft saying that the Windows patches don't provide the best level of protection without microcode updates, I hope the researches go into it and tell us exactly how vulnerable older systems will be with only OS + GPU driver + web browser + eventually recompiled programs + other mitigations will be.

If - if - that is proven in the end to not be good enough and if Intel decides to not patch anything below Haswell, it will seriously dent their reputation.


----------



## LostParticle

Quote:


> Originally Posted by *doritos93*
> 
> My guess is that manufacturers will release BIOS updates for newish boards (with other scheduled improvements) *and microcode updates via the OS for older boards* that they don't care about anymore


Is a microcode update via the OS enough to cover both SPECTRE and MELTDOWN? Really?! So, right now that, on the system of my sig and in KDE Neon, I'm running microcode 23, installed under the OS and loaded each time I boot into this Linux installation, I am covered?! On KDE, at least? Well... I honestly do not know, but I do not think so... I have also injected microcode 23 into the latest beta BIOS of my Z97 OC Formula (which was released in Dec 2017). It resulted in WHEA errors at stock! Personally, I think this happened because a user provided it to all of us (who installed it). When the mobo vendor(s) will release it, or a better one, inside a new BIOS, it will behave properly.


----------



## Offler

Quote:


> Originally Posted by *tpi2007*
> 
> Anyway, back to Intel, with Microsoft saying that the Windows patches don't provide the best level of protection without microcode updates, I hope the researches go into it and tell us exactly how vulnerable older systems will be with only OS + GPU driver + web browser + eventually recompiled programs + other mitigations will be.


If i remember correctly, the vulnerabilities require following.

a) User level process to run
b) Either Java, C...
c) Precise timing...
d) eBPF On (in case of AMDs).
e) Certain architectural flaws.

The attack is regarded so powerful, because it gets from user to kernel level, out of sandbox, and even outside virtualizadion.

I believe that its the kind of vulnerabilities, where you started to mention series of pre-requisites, and after 3rd or 4th one the people you reported to stopped you and claimed "its too many things to happen at once". First and kinda most stupid argument would be "how would a malware get into system XY?".

And here comes series of events i encountered.
1. "Offshore anonymous hosting"
Certain company provides virtual machines to anyone anonymously. Those servers tend to spread havoc by DDoS attacks, or spreading malware. Now, if you have such server as a neigbour on your virtual farm, you have a problem.

2. Multiple reselling of virtual machines
Company A sells either physical or virtual servers as a service.
Company B is a customer to company A. They use Hyper-V on virtual server they pay for, and re-sell the virtual machines to other customers.
(In some cases company B claims that "this is our customized solution" even when they dont own single server room).
See scenario 1.

3. Secured access.
Company is used encrypted access to certain server its protected by a series of passwords, VPN firewalls. Suddenly and incident happens and data are either lost or leaked.

You dont need such sophisticated attack as is Meltdown or spectre to make it happen, but those make it much easier either by leaking data of specific user, or leaking data from physical host CPU.

Getting a protection on a desktop machine is much easier task compared to previous. Patched browser, updated AV software... Even when the attack would be possible to perform, still requires user-level process to make it happen.


----------



## LostParticle

@Offler, excuse me but what you've quoted right above, I never said it! Why are you quoting something I have never said?
Okay, thank you for fixing it


----------



## Offler

Fixed. I quoted TPI, but somehow there ended up different nick.


----------



## The L33t

This is very early stage as they're pushing the fixes sooner than what they wanted due to the leaks.

I'd bet that with time most of the performance lost will be gained back on the newer generation CPUs. Older platforms it would be dependent of the kind of support you have.

Since the "solution" to this problems are(have to be) software based this will evolve. Even now google as demonstrated alternative ways of dealing with this issues that are not as impactful as earlier solutions.

If Google (the biggest) managed to mitigate this problem with minimal impact I'm sure most will also.

I do realize this is based on your specific workload but what you should realize is google has pretty much every single type of workload within their structure and with varying degrees of older to newer hardware. Even very specific ASIC.

This is of course not to excuse Intel (AMD user here) but it is too soon to make conclusions.

All this chatter reminds me of the Y2k bug that would end us all!...


----------



## TonyLee

Quote:


> Originally Posted by *Midnight ***per*
> 
> Correct me if I am wrong,but you can have either just Microsoft patch,or Microsoft patch + microcode patch and the Microsoft + microcode causes more slowdown and the Microsoft patch note says that having only the Microsoft patch is not enough to protect your pc.
> 
> I think people think this will not cause slowdown becose they think the Microsoft patch is everything they need and thats it,when in reality microcode/ bios will be patched too later and only then will full extent of the performance degradation become aparent.


Well since I am using an i7 2600k and motherboard that I bought in 2011, I know that there will be no firmware update for me. So will I have to finally trash this thing and get something else?


----------



## webhito

Quote:


> Originally Posted by *TonyLee*
> 
> Well since I am using an i7 2600k and motherboard that I bought in 2011, I know that there will be no firmware update for me. So will I have to finally trash this thing and get something else?


I have an x58 board that I have always kept as a backup, it would really suck if they left them out. I know a bios update is out of the question, but hopefully they can push a software update that will help to some degree at least.


----------



## cekim

Quote:


> Originally Posted by *The L33t*
> 
> This is very early stage as they're pushing the
> All this chatter reminds me of the Y2k bug that would end us all!...


A whole lot of this...

There is definitely some "there there" in terms of the significance of what needs to be worked around here though. I think we've permanently lost performance of specific operations, but the question is how easy it is to work around that loss from a holistic perspective?

The difference between windows (hurt more incrementally) and linux is interesting and what I am watching carefully. It's clear the two kernels are taking slightly different approaches and/or (and here is the close watching), perhaps one or the other has more adequately guarded against the various threats.

It's conceivable either linux will have to take on more onerous modification or windows may be pared down to linux's level...


----------



## tpi2007

It seems that AMD is ok with having Spectre Variant 2 (the "near zero" risk one) being patched with Retpoline v5. The Retpoline performance penalty basically makes it worth it, as it is said to be up to only ~ 1.5%:

https://www.phoronix.com/scan.php?page=news_item&px=Retpoline-v5-Published


----------



## Defoler

Quote:


> Originally Posted by *jagdtigger*
> 
> Still cant understand why MS still bundling updates up, im gonna pass this one too as usual...


In order to force people to update and add those nasty malware they call "features".
while you used to be able to in the past to remove a certain update you didn't like, you no longer can.
Though this makes sure no weird issues happen with wrongful compatibility when a missing patch doesn't get installed, causing system crash.


----------



## aweir

Quote:


> Originally Posted by *tpi2007*
> 
> If people want to have some fun over at the AMD side: https://www.phoronix.com/scan.php?page=news_item&px=AMD-PSP-2018-Vulnerability
> 
> It seems like it has been fixed now though.


Oh look, another NSA backdoor vulnerability.


----------



## The L33t

Quote:


> Originally Posted by *tpi2007*
> 
> It seems that AMD is ok with having Spectre Variant 2 (the "near zero" risk one) being patched with Retpoline v5. The Retpoline performance penalty basically makes it worth it, as it is said to be up to only ~ 1.5%:
> 
> https://www.phoronix.com/scan.php?page=news_item&px=Retpoline-v5-Published


Best be prudent, early stages, specially since the penalty is minimal... They are rebuilding their server market now and the one thing AMD does not need is to be wrong and allow this to go on and damage their clients knowingly and in the public eyes... No one can blame them for being careful I would do the same.

Once more is known in the future it can always be reversed if need be and take that performance back.


----------



## superstition222

Quote:


> Originally Posted by *Defoler*
> 
> In order to force people to update and add those nasty malware they call "features".


Force force force. That's what commercial OS vendors are all about. It's not about serving you; it's about serving them.





(To Serve Man is also apropos, just put "the" in the middle)


----------



## ozlay

You can manually install the fix/patch. Depending on which version of windows you have.


 
Windows 10 version 1703 and server 2016 (Creators Update): KB4056891
Windows 10 version 1607 and server 2016 (Anniversary Update): KB4056890
Windows 10 version 1511 (November Update): KB4056888
Windows 10 version 1507 (Initial Release): KB4056893

Windows 7: and server 2008 R2 KB4056897

Windows 8: and server 2012 R2 KB4056898


----------



## The L33t

For ASUS motherboard users;
https://www.asus.com/News/V5urzYAT6myCC1o2


----------



## superstition222

Quote:


> Originally Posted by *ozlay*
> 
> You can manually install the fix/patch. Depending on which version of windows you have.
> 
> Windows 10 version 1703 (Creators Update): KB4056891
> Windows 10 version 1607 (Anniversary Update): KB4056890
> Windows 10 version 1511 (November Update): KB4056888
> Windows 10 version 1507 (Initial Release): KB4056893


It depends on which version of Windows *10* you have, you mean, eh?


----------



## aweir

Quote:


> Originally Posted by *The L33t*
> 
> For ASUS motherboard users;
> https://www.asus.com/News/V5urzYAT6myCC1o2


Is this fix supposed to be a BIOS update or a Windows update?


----------



## Griefs

Quote:


> Originally Posted by *aweir*
> 
> Is this fix supposed to be a BIOS update or a Windows update?


Did you click the link and read any of it?

Resolution:
Step 1:Check below to see if your motherboard has been impacted.
Step 2ownload and install the latest BIOS to update affected platforms.


----------



## Echoa

Well, performance wise dont notice a difference but i dont bench alot. Games running the same with windows + microcode on haswell but i also only game 60fps so take it as you will, largely hasnt changed things but im sure i could find something that lost performance if i wanted.

Also if you want to reduce chances of a spectre javascript attack you can always disable javascript and only whitelist places you need it.


----------



## superstition222

Quote:


> Originally Posted by *Echoa*
> 
> you can always disable javascript and only whitelist places you need it.


The Internet is becoming increasingly a place where disabling Javascript means being locked out of most everything. There are also various exploits that can be used without javascript being enabled in the target's browser.


----------



## Echoa

Quote:


> Originally Posted by *superstition222*
> 
> The Internet is becoming increasingly a place where disabling Javascript means being locked out of most everything. There are also various exploits that can be used without javascript being enabled in the target's browser.


im not saying it prevents everything, just saying it can help with security if youre scared of a javascript based spectre attack. I personally have JS disabled and only white listed for my most frequently used sites and i like it that way.


----------



## Lipos

Edited the title and first post with some more information about Spectre & Meltdown. Sorry for not including everything but I hope it's good enough to know the most important things about both for now.


----------



## mc conor

I run a 2500k.

I presume there will be no possibility of motherboard manufacturers releasing a bios update with microcode.

I have seen options of using UBU or virtual machine to manually update microcode but I doubt intel will release that for processors of that age.

Do these older cpus need to be put out of service now because of this fiasco?


----------



## Lipos

Quote:


> Originally Posted by *mc conor*
> 
> I run a 2500k.
> 
> I presume there will be no possibility of motherboard manufacturers releasing a bios update with microcode.
> 
> I have seen options of using UBU or virtual machine to manually update microcode but I doubt intel will release that for processors of that age.
> 
> Do these older cpus need to be put out of service now because of this fiasco?


Quote:


> Intel has already issued updates for the majority of processor products introduced within the past five years. By the end of next week, *Intel expects to have issued updates for more than 90 percent of processor products introduced within the past five years*. In addition, many operating system vendors, public cloud service providers, device manufacturers and others have indicated that they have already updated their products and services.


https://newsroom.intel.com/news-releases/intel-issues-updates-protect-systems-security-exploits/

I'd say ask your motherboard vendor about a bios update. Besides that I doubt there's anything else you can do with an almost 7 yrs old CPU.


----------



## Vlada011

5 years your computers were vulnerable and now when you hear for that you hurry to cripple performance.
I mean on Home Users. I can't update BIOS and patch, I will revert Windows 10 to 1703 or 1607.
If I keep older version not 1709. Windows will automatic to download new securityu patch or not.
How to avoid update of that patch.
Situation is nothing difference from previuos years only we know that CPU have bug, but big is not show up last year.
Because of that I advice for Home Users who can't tolate performance loss as me to avoid patch.
For Intel I have message: **** you idiots, I hope NSA and other coorporation will kill your monopolistic company after this.
Market will not die, only will be spared from bad news and soon someone will arrive on your place. I hope that Intel stock will drop on AMD level.
But they deserve less.
Now we have all evidence that Ryzen and Threadripper Core is Boss for Skylake, Coffee Lake, Skylake-X core. But Intel couldn't do nothing except to almost burn VRM on motherboards and cause i9-7980XE to use over 500W after serious OC. What 500W, on 6.0GHz he need 1000W. That's was Intel answer with 10 years old product optmized for competition with AMD product.
They had luck because AMD didn't done nothing spectacular. Real smart and advanced producer of processor for these period would make processor so powerfull that Intel would look as CPU from 2 years old mobile phone with his 10 years old architecture.

International governments should push pressure on White House to shut down Intel once for all or completely change politic of that company and take them power to decide to do what they want. Because if other government only suspect that USA Company and USA Government done that intentionaly that could cause serious problems in relationship between them.
All of them are victims, much more than we.
599$ SATA III SSD 1TB Intel, Samsung 300$, you have RAID 0 1TB SSD for one Intel.

This will only cause to Putin invest more money in Elbrus, and get rid of American processors from all government institutions in Russia max for 5 years.
That's one of primary plan of their government and now we see that they had reason for something like that, and France and Germany and China have reason but they allow to Intel do what they want.


----------



## guttheslayer

Quote:


> Originally Posted by *Vlada011*
> 
> 5 years your computers were vulnerable and now when you hear for that you hurry to cripple performance.
> I mean on Home Users. I can't update BIOS and patch, I will revert Windows 10 to 1703 or 1607.
> If I keep older version not 1709. Windows will automatic to download new securityu patch or not.
> How to avoid update of that patch.
> Situation is nothing difference from previuos years only we know that CPU have bug, but big is not show up last year.
> Because of that I advice for Home Users who can't tolate performance loss as me to avoid patch.
> For Intel I have message: **** you idiots, I hope NSA and other coorporation will kill your monopolistic company after this.
> Market will not die, only will be spared from bad news and soon someone will arrive on your place. I hope that Intel stock will drop on AMD level.
> But they deserve less.
> Now we have all evidence that Ryzen and Threadripper Core is Boss for Skylake, Coffee Lake, Skylake-X core. But Intel couldn't do nothing except to almost burn VRM on motherboards and cause i9-7980XE to use over 500W after serious OC. What 500W, on 6.0GHz he need 1000W. That's was Intel answer with 10 years old product optmized for competition with AMD product.
> They had luck because AMD didn't done nothing spectacular. Real smart and advanced producer of processor for these period would make processor so powerfull that Intel would look as CPU from 2 years old mobile phone with his 10 years old architecture.


Intel are basically parasite to the PC industry


----------



## azanimefan

Quote:


> Originally Posted by *mc conor*
> 
> I run a 2500k.
> 
> I presume there will be no possibility of motherboard manufacturers releasing a bios update with microcode.
> 
> I have seen options of using UBU or virtual machine to manually update microcode but I doubt intel will release that for processors of that age.
> 
> Do these older cpus need to be put out of service now because of this fiasco?


Asus is the only MB manufacturer who I know of who will support this type of issue with old products. It's one of the perks of going with Asus motherboards. Just don't expect the update immediately, might take a month for them to get around to it.


----------



## Vlada011

Yes, they are parasite, but we are idiots, we are bunch of idiots who are not capable to sue them for every single problem they make to us.
And than after they give free 100.000 SSDs, 50.000 processors, 70.000 M.2 every time when they make mess they will think what they do.
Intel not deserve our money, we lived in deep fallacy until Ryzen is show up. People with i7 old 6-7 years felt like gods.
Last 5 years Intel didn't bring 80% improvement because that's not possible like that. And all stories, Silicon limit. Yes maybe limit of Nehalem, we understand. But far from limits to smart company who want to present nice new product.

Biggest problem is because for Intel mistake we pay price, with every mistake their profit grow because people hurry to fix mistake with more money. And now they will show up with some fixed processor and agressive marketing. Again reviews will behave like nothing bad happen, etc...

I see ASUS launch some update for my motherboard as well, but why they left people with Rampage V Extreme on old 3801 BIOS.
To be honest ASUS sold more Intel processors than Intel with their premium motherboards.
People asked for update on ASUS site, I told them if someone is capable to do that as soon as possible that's ASUS.

They really have great motherboars for any chipset.
My favorites are Zenith for X399, Apex for X299 and Core for Z370.
Code look great, similar to Formula, Pre Mounted I/O shield, only no EKWB block, but VRM on Z370 could work and without heatsink.

Maybe is time to invest in Crosshair VI Extreme. Angled 24 pin, Pre Mounted I/O shield, E-ATX, AMD say AMD4 support up to 2020. That mean 2 successor of Ryzen Minimum, Minimum two more.
350$ premium board. Or Zenith, Zenith is best AMD motherboard ever launched. AMD never had such motherboards.

It's not only Ryzen 1800X, Crosshair VI Extreme will support better models, maybe better overclockers.
I had Crosshair 4 Formula, from Athlon and Phenom, than Thuban, than Bulldozer, and at the end Vishera FX9370. And FX9350 and 9370 arrived much later than Vishera 8350. All of them worked on Crosshair 4. Same will be with Crosshair 6 Extreme. Only now AMD far far better products than in time of Crosshair 4 and Crosshair 5.


----------



## webhito

Quote:


> Originally Posted by *azanimefan*
> 
> Asus is the only MB manufacturer who I know of who will support this type of issue with old products. It's one of the perks of going with Asus motherboards. Just don't expect the update immediately, might take a month for them to get around to it.


According to a link posted earlier by The L33t, only x1xx, x2xx, x3xx, x299 and x99 have bios updates. Not sure if anything older will get any love though.

https://www.asus.com/News/V5urzYAT6myCC1o2


----------



## Vlada011

Even in worse moments, when they need to ask mercy Intel show habbit to lie and blame AMD trying to avoid anger from people who believe to them and who are in deep problem now.
First news are AMD is not Affected, than Intel start to Eat craps and vomit his excuses Everyone are affected. No more working Computer processors on planet, etc...
You can bet now that I would rather spend money on Crosshair VI Extreme and 1800X than i7-8700K and Maximus X Code.

Now I only want to know how to update OS to 1607 and avoid Windows Update for that patch.
I need other OS Updates. How to stop specific patch from automatic download and update.


----------



## revro

i am still to this day runnin q9550 cause i am lazy to switch my mb+cpu+ram to newer one and my win7 64bit has been running for 7.5 years without any hitch, aside 2 years in move onto ssd.

so is also q9550 compromised by these meltdown and spectre issues? thank you

plan to eventually move to 4790k (since win7 install should be without any problem) if my mb breaks one day. windows 7 64bit forever


----------



## tpi2007

Quote:


> Originally Posted by *revro*
> 
> i am still to this day runnin q9550 cause i am lazy to switch my mb+cpu+ram to newer one and my win7 64bit has been running for 7.5 years without any hitch, aside 2 years in move onto ssd.
> 
> so is also q9550 compromised by these meltdown and spectre issues? thank you
> 
> plan to eventually move to 4790k (since win7 install should be without any problem) if my mb breaks one day. windows 7 64bit forever


We don't know with 100% certainty yet. Intel hasn't disclosed that far back.

Probably yes, but even if yes, we don't know if they're vulnerable to all three or just one or two. In any case, you can apply the OS patches and browser mitigations that are out now. Patched Nvidia GPU drivers will be out next week.

Related, on-line gaming may have some hiccups because of all this:

https://www.hardocp.com/news/2018/01/06/cpu_usage_differences_after_applying_meltdown_patch_at_epic_games


----------



## Quantum Reality

Can anyone clarify if AMD Phenom II era CPUs might be affected at all? I have a spare Phenom II 945 system that might end up being a last-resort Internet-capable system.


----------



## Nizzen

Quote:


> Originally Posted by *Vlada011*
> 
> 5 years your computers were vulnerable and now when you hear for that you hurry to cripple performance.
> I mean on Home Users. I can't update BIOS and patch, I will revert Windows 10 to 1703 or 1607.
> If I keep older version not 1709. Windows will automatic to download new securityu patch or not.
> How to avoid update of that patch.
> Situation is nothing difference from previuos years only we know that CPU have bug, but big is not show up last year.
> Because of that I advice for Home Users who can't tolate performance loss as me to avoid patch.
> For Intel I have message: **** you idiots, I hope NSA and other coorporation will kill your monopolistic company after this.
> Market will not die, only will be spared from bad news and soon someone will arrive on your place. I hope that Intel stock will drop on AMD level.
> But they deserve less.
> Now we have all evidence that Ryzen and Threadripper Core is Boss for Skylake, Coffee Lake, Skylake-X core. But Intel couldn't do nothing except to almost burn VRM on motherboards and cause i9-7980XE to use over 500W after serious OC. What 500W, on 6.0GHz he need 1000W. That's was Intel answer with 10 years old product optmized for competition with AMD product.
> They had luck because AMD didn't done nothing spectacular. Real smart and advanced producer of processor for these period would make processor so powerfull that Intel would look as CPU from 2 years old mobile phone with his 10 years old architecture.
> 
> International governments should push pressure on White House to shut down Intel once for all or completely change politic of that company and take them power to decide to do what they want. Because if other government only suspect that USA Company and USA Government done that intentionaly that could cause serious problems in relationship between them.
> All of them are victims, much more than we.
> 599$ SATA III SSD 1TB Intel, Samsung 300$, you have RAID 0 1TB SSD for one Intel.
> 
> This will only cause to Putin invest more money in Elbrus, and get rid of American processors from all government institutions in Russia max for 5 years.
> That's one of primary plan of their government and now we see that they had reason for something like that, and France and Germany and China have reason but they allow to Intel do what they want.


Saved









/chill

Peace


----------



## cekim

Quote:


> Originally Posted by *Vlada011*
> 
> You can bet now that I would rather spend money on Crosshair VI Extreme and 1800X than i7-8700K and Maximus X Code.


Hilarious data to salt your haterade...

It's not that there aren't specific slow-downs that you can find (easily if you go looking for them), but you seem to be freaking out a bit...

Now maybe when the dust settles, it will be as horrible as you say - but so far, the details don't bear out the "ZOMG! 50% SLOWDOWNS EVERYWHERE!" horror story the media is selling. I'll freak out when its time to freak out - that time has not yet come.

7980XE 4.5GHz 24/7 setup 1.175v - custom water with a quiet fan profile:

CBR15 (windows):
pre: ~4500 (best 4520 - typical 4450-4510)
post: 4468

E5-2696v3
sqltie3 in linux:
5M row insertion as one transaction:
pre: ~24s
post: ~24s

sqlite3 queries (table walk - 5m rows x 7 cols)
pre: ~4.70s
post: ~4.70s

Decent sized RTL simulation - (8G memory image - 18cores engaged in multi-core mode)
pre: ~22minutes
post: ~22minutes

36 thread parallel compile of decent size project:
pre: 0:25.22 703.4%
post: 0:25.40 799.3%

So, now do I feel terrible about my purchase vs a TR (for which I have no hate and frankly if memory were reasonably priced, I would have bought to test and develop and may still)?

Ahhhh NOPE.



FWIW: as above, I can definitely find slowdowns if I look for them, but thus far, they are largely synthetic. Normal application optimizations should (and appear to) limit impact. I've posted about some of these in this thread (I/O write took a hit)


----------



## MoRLoK

Are you teling us two times more expensive 18 core processor is faster than 16 core 2 times cheaper? O M G serious ?







Create new topic about this and take there your fanboyism









I have i5-2300 with some strange medion motherboard. Its msi. I think there is no chance for bios update. Time to change i think.


----------



## cekim

Quote:


> Originally Posted by *MoRLoK*
> 
> Are you teling us two times more expensive 18 core processor is faster than 16 core 2 times cheaper? O M G serious ?
> 
> 
> 
> 
> 
> 
> 
> Create new topic about this and take there your fanboyism


No, I'm telling you:
1. the impact is not the sky is falling that we've seen reported - little/nothing has changed with the "value proposition" of SKYLX vs TR.
2. the value of the machine itself is of much less consequence if the value of your time is higher.
3. A lot of the hate is the same nonsense we've seen since the launch of these chips with blind tribalism. I have shelves full of Athlons from "back in the day" and if/when Zen is faster, I'll buy them in a heart-beat... No tribe here.
4. I have 24/7 performance meeting or exceeding LN2 OC for TR...

If you are buying these chips for self-esteem, then I'd agree, there was and is no justification for Intel's price in relative terms. Nothing has changed about that.

If instead, you are using these chips to create value in any number of ways that increases with throughput, then the value proposition is very, very different. The price difference disappears in a few days or less.

So, back to my original point - remain calm!


----------



## MoRLoK

Quote:


> Originally Posted by *cekim*
> 
> So, back to my original point - remain calm!


Sure i agree with that 100 % .


----------



## cekim

Quote:


> Originally Posted by *MoRLoK*
> 
> Sure i agree with that 100 % .


and I agree with a lot of the criticism of Intel's behavior over the past decade.

I've said many times that various chips that have snuk through their sand-bagging scheme have demonstrated amply that they were dolling out performance a slowly as they thought they could and charge every last penny they think they can get away with.

Ultimately though - this is how markets work, so I don't get mad, I just apply as rigorous math on them as they do on me.


----------



## cekim

To add to specific places I AM seeing slowdowns - I'm investigating this one - I'm using a before and after machines identically configured - mounting the same mount point, not the same machine pre/post patch, so its conceivable its something else:

Write ~11G to a 10GbE NFS mount (8xRaid0 spinning disk):

sudo dd if=/dev/zero of=testfile bs=1G count=10 oflag=direct

pre: 10737418240 bytes (11 GB) copied, 11.0197 s, 974 MB/s
post: 10737418240 bytes (11 GB) copied, 15.0013 s, 716 MB/s

Again, while this does map to known issues (write I/O) with this patch, if you've ever tried to tweak 10G NFS performance, you'll know how sensitive it can be...

Looks like the slower one has a 540T2 (dual 10GbE) card vs a T1 (single) in the faster. Might need to swap them to eliminate that variable...


----------



## ZoomThruPoom

Just seen this.


----------



## cx-ray

Not sure what's going on with Hardware Unboxed 512K write (at 10 min mark in the video).



On a 7900X 4.8GHz I get the following after the Win 10 1709 security patch (Left Optane 900p 480GB, right Samsung 960 Pro 1TB):



Doesn't look like they're running into a CPU bound situation. Checking the Task Manager shows almost no CPU and Kernel activity during the 512K test. Maybe finally an argument for X299 and CPU PCIe lanes for storage, instead of DMI PCH?


----------



## tpi2007

Too many variables not counting the different platform. He's testing with the BIOS patch installed in addition to the Windows one. Then his SSD model is different from yours.


----------



## LostParticle

Excuse me, *what is this?*


----------



## cx-ray

Quote:


> Originally Posted by *tpi2007*
> 
> Too many variables not counting the different platform. He's testing with the BIOS patch installed in addition to the Windows one. Then his SSD model is different from yours.


He also has numbers with just the OS update in the same graph. What surprised me was that the difference is so large. The 960 Pro isn't that much faster compared to the 950 Pro he's using. Too lazy to take the 960 out and put it in a Z270 system to see whether there's a large difference. I'll wait until a BIOS update is available for my board instead.


----------



## tpi2007

Quote:


> Originally Posted by *LostParticle*
> 
> Excuse me, *what is this?*


It's been discussed already and now there is even a news thread about it: http://www.overclock.net/t/1645310/the-register-flaw-in-amds-platform-security-processor-psp-specifically-in-the-ftmp-disclosed-by-google


----------



## LostParticle

Quote:


> Originally Posted by *tpi2007*
> 
> It's been discussed already and now there is even a news thread about it: http://www.overclock.net/t/1645310/the-register-flaw-in-amds-platform-security-processor-psp-specifically-in-the-ftmp-disclosed-by-google


Thank you, and pardon me, I did not see it. One question, please, IF you happen to know: - Those new AMD chips, expected around March 2018, will they suffer from all this mess, or they will be protected?

Thank you!


----------



## tpi2007

Quote:


> Originally Posted by *LostParticle*
> 
> Quote:
> 
> 
> 
> Originally Posted by *tpi2007*
> 
> It's been discussed already and now there is even a news thread about it: http://www.overclock.net/t/1645310/the-register-flaw-in-amds-platform-security-processor-psp-specifically-in-the-ftmp-disclosed-by-google
> 
> 
> 
> Thank you, and pardon me, I did not see it. One question, please, IF you happen to know: - Those new AMD chips, expected around March 2018, will they suffer from all this mess, or they will be protected?
> 
> Thank you!
Click to expand...

It's patchable through a firmware update, so it will probably already come pre-patched. Or maybe they come with an improved version that doesn't even need the patch. We don't know about that yet. Worst case scenario it comes pre-patched and you don't need to worry about that issue.


----------



## aweir

Quote:


> Originally Posted by *azanimefan*
> 
> Asus is the only MB manufacturer who I know of who will support this type of issue with old products. It's one of the perks of going with Asus motherboards. Just don't expect the update immediately, might take a month for them to get around to it.


On whom does the onus of responsibility fall? I would think that it would be via CPU microcode update as it's a one-time done deal, but should motherboard makers bear the brunt of the costs of it? In a way, they are responsible for BIOS updates that only ensure compatibility with newer CPUs. But what about security related issues?


----------



## jaredismee

https://www.epicgames.com/fortnite/forums/news/announcements/132642-epic-services-stability-update

that is a crazy performance hit to the servers


----------



## Alex132

Quote:


> Originally Posted by *azanimefan*
> 
> Asus is the only MB manufacturer who I know of who will support this type of issue with old products. It's one of the perks of going with Asus motherboards. Just don't expect the update immediately, might take a month for them to get around to it.


Uh, Asus are probably the worst when it comes to support/drivers for hardware. There is a reason Unified drivers exist for Xonar products, and I am expecting absolutely 0 updates for my motherboard. Haven't got any since 2012 (Only 1 year after it was released).

https://www.asus.com/Motherboards/P8P67_PRO_REV_31/HelpDesk_BIOS/


----------



## Vlada011

Quote:


> Originally Posted by *cekim*
> 
> Hilarious data to salt your haterade...
> 
> It's not that there aren't specific slow-downs that you can find (easily if you go looking for them), but you seem to be freaking out a bit...
> 
> Now maybe when the dust settles, it will be as horrible as you say - but so far, the details don't bear out the "ZOMG! 50% SLOWDOWNS EVERYWHERE!" horror story the media is selling. I'll freak out when its time to freak out - that time has not yet come.
> 
> 7980XE 4.5GHz 24/7 setup 1.175v - custom water with a quiet fan profile:
> 
> CBR15 (windows):
> pre: ~4500 (best 4520 - typical 4450-4510)
> post: 4468
> 
> E5-2696v3
> sqltie3 in linux:
> 5M row insertion as one transaction:
> pre: ~24s
> post: ~24s
> 
> sqlite3 queries (table walk - 5m rows x 7 cols)
> pre: ~4.70s
> post: ~4.70s
> 
> Decent sized RTL simulation - (8G memory image - 18cores engaged in multi-core mode)
> pre: ~22minutes
> post: ~22minutes
> 
> 36 thread parallel compile of decent size project:
> pre: 0:25.22 703.4%
> post: 0:25.40 799.3%
> 
> So, now do I feel terrible about my purchase vs a TR (for which I have no hate and frankly if memory were reasonably priced, I would have bought to test and develop and may still)?
> 
> Ahhhh NOPE.
> 
> 
> 
> FWIW: as above, I can definitely find slowdowns if I look for them, but thus far, they are largely synthetic. Normal application optimizations should (and appear to) limit impact. I've posted about some of these in this thread (I/O write took a hit)


I know exactly how you feel. Lucky you are not in country with terrible economic situation as me.
Before 7 days I almost made crucial mistake, after I replace RVE for RVE10 and prepare Monoblock I saw i9-7900X for 700euro and i7-7820X for 400 euro.
I almost spend money I save for Volta on that i9-7900X. Only reason why I didn't bouthg that is fact that I would need week before sell two X99 boards and buy Rampage VI Extreme, or I would go on Apex.
Now It's only bad taste because I really wished to pull 100% from X99 and find i7-6900K or i7-6950X. Now I gave up from that.

I can't deal with performance loss. Simply I can't get over it. Thiss influence on my hobby completely in total.
It's much easier to tolerate that my PC is not secure than this kind of performance loss. Intel revert us 3 years back.
NOTHING IS INTERESTING ANY MORE, EVERYTHING LOST VALUE, BENCHMARKS MEAN LOSS NOT IMPROVEMENT.
OVERCLOCKING IS NOT SAME, WHOLE ENTHUSIASM IS COLLAPSED THANKS TO INTEL.

But we were stupid, we fall on their advertising. Intel change one number and force people to wish to have i9.
With number 9 instead 7 he success to easier pull out 1000-1200-1400-1600 and 2000$ from people.
All of these people invest in 4930K or max 4960X. He easy take them double.
We lost touch with reality, it's so hard to earn 1000$ today, buyers who buys such things should be respected and get max support not to lost performance.

I looked in Intel X chipset as something reliable, fast, now situation is completely different.
If Intel can't find way to revert performance I will not buy their processors any more. Every single generation has some flaw, USB, Bug, Chipset Bug, Freezing in stress tests, problem with some softwares, they didn;'t launch single architecture without some bug.

Now we should helped to companies choose AMD EPYC 32 Core as future processors.
On that way Intel will feel as we. They not afraid of gamers. But when companies start to replace their shiny E5 and E7 Intel will wish to compensate problem to people.
But I can bet Intel expected much worse scenario and much worse reaction.
To be honest, now with 1500$ in pocket. Instantly Zenith and 1950X. This bug will completely anulate Intel advantage in situation and reason why users who need 4-6-8 cores decide to go with Intel instead Ryzen and Threadripper.

Only bad OC separate people with Intel processors from massive exodus to Ryzen and Threadripper
One moderator on EVGA Forum before few weeks replace first Intel X99 i7-5820K with Ryzen 1800X and later 1800X for 1950X or 1920X I'm not sure.
He upgrade as me i7-5820K in similar time, but he was smart and when AMD beat Intel xtreme generation he was wice and switch.
And he is full satisfied. I think constantly how he made right decision. This is first mistake in my life with platform.
Instead RVE10 + RGB Monoblock for 400 euro I should bought Crosshair VI Extreme and sell ex RVE and i7-5820K and invest in Ryzen, and keep my memory 2666 just for first months...1800X is availabvle for 390 euro to me. Brand new 1800X.
But now is end, If I do that I will not be able to save enough for GPU on time, and I have 3 years old GPU.

No one would be happier than me to send pictures of AMD Threadripper directly to Intel CEO of my new AMD platform together with my previous X99 platform uninstalled and ready for Ebay, with middle finger and explain him that my life mission will be to companies replace their servers in next months with EPYC.


----------



## Pro3ootector

https://uploads.disquscdn.com/images/cab9430cb6a5aebe5b41a66d3cdb1c52b82d39b24a662baca26cc6e60d8812d1.jpg?w=800&h=661

Not sure how legit but here it is.


----------



## Vlada011

Problem is because fix is not complete fix.
INTEL FIX WHO CRIPPLE PERFORMANCE FIX ONLY HALF OF PROBLEM.
That's whole trick and PEOPLE HURRY TO BARRICADE HOUSE FROM ONE SIDE, IN MEAN TIME ZOMBIES HAVE OPEN BACK GATE AND COUILD ENTER.
PEOPLE IT'S NOT TIME TO BARRICADE, IT'S TIME TO ABANDON HOUSE AND SINKING SHIP.

Ignore patches, ignore BIOS updates, lets' what could be done to Intel feel as we. We need to explain companies what Intel just done to them because coorposation collapsed for much less and need years to recover. Some of them never recovered, bankrupt or become something else.
Intel is not possible to satisfied CPU Enthusiasts any more because his Core is Old, Buggy and market if flood by their i7 with bugs.

At the end enthusiasts and home users will stay with half fixed crippled PC and companies will switch to AMD.
AMD EPYC 7601 IS NOT AVAILABLE ANY MORE ON NEWEGG.
He was there before 3 days with price 3000-3500$. Now probably will be out of stock and price will go up to 5000$.
He beat everything and no bugs. Real new core and processor worthy of 2020 generation.


----------



## hhuey5

Quote:


> ADD another source https://www.theguardian.com/technology/2018/jan/05/intel-class-action-lawsuits-meltdown-spectre-bugs-computer
> 
> Intel facing class-action lawsuits over Meltdown and Spectre bugs
> Plaintiffs claim compensation for security flaws and alleged slowdown that fixing computers will cause, while corporations count cost of corrections
> 
> Fri 5 Jan '18 08.52 EST Last modified on Fri 5 Jan '18 17.00 EST
> 
> Intel has been hit with at least three class-action lawsuits over the major processor vulnerabilities revealed this week.
> 
> The flaws, called Meltdown and Spectre, exist within virtually all modern processors and could allow hackers to steal sensitive data although no data breaches have been reported yet. While Spectre affects processors made by a variety of firms, Meltdown appears to primarily affect Intel processors made since 1995.


----------



## Pro3ootector

_As Epic Games showcased, the CPU utilization of one of its gaming servers sky-rocketed from 25% to almost 60%. That's a really big performance hit and it is something that may affect gamers worldwide. Weaker gaming servers may reach their peak due to this security fix, resulting in possible latency issues. So yeah, while the performance impact of this fix on a PC system may be relatively small for individual users, it can potentially lead to major gaming performance issues - especially for online games like Fortnite or PlayerUnknown's Battlegrounds - caused by the gaming servers._

http://en.brinkwire.com/74175/intel-lists-all-cpus-affected-by-spectre-meltdown-epic-shows-performance-impact-on-gaming-servers/


----------



## Vlada011

Intel should be sued until satisfied any customers.
People I'm first ready to forgive almost everything. But this completely change my perspective to IT hobby.
I swear in god. We suffer so much for 5 fps, for 5% improvements. Processors work on default voltage overclocked and hit limit, with push 150mV to pull 10% more, spend more power, pay more for cooling, invest in better thermal paste, EVEN DESTROY WARRANTY BECAUSE PERFORMANCE.
INTEL PROFIT BILLIONS OF DOLLARS FROM OUR HUNGER TO PULL 10% MORE THAN NORMAL OVERCLOCKED CPU.
BILLIONS, IF THEY NOT SATISFIED US, MANY DIFFERENT COMPANIES WILL SUFFER, PRODUCER OF HIGH END MOTHERBOARDS, MEMORIES, THERMAL PASTE, FANS, CPU BLOCKS, AIO SYSTEMS.
Simple explanation, I invest 400 in RVE10 because I got and RGB Monoblock and because I will be able to cooldown i7-5820K on 4.5GHz or i7-6900K/i7-6950X if I find him for reasonable price.
Why I bought board for Intel CPU and Monoblock, I explained, I could invest in CVIE and AMD and keep on default frequency and wait revision or second revision.
Only because OC and because more performance, and Intel must understand that and compensate to people no matter hoiw much cost them, because could cost them much more next 2-3 years if people stay not satisfied.
I say before every CPU replaced with 2 cores more.
Ivy Bridge,-Ivu Bridge-E, Haswell-Haswell-E, Haswell-E 6 core - 8 cores, Skylake-Skylake-E, people where that''s not possible some SSD, M.2, PCI-E SSD, etc...
And with coorporations, god help them they deserve to gone from market for this they played with such sensitive things and behave like kids, not responsible at all except for money.
I was among Intels biggest fans and I defent them whole time, and with thermal paste and 28 PCI-E lanes less and try to explain that they need time to back in race and 28 PCI-E lanes on better chipset are not 28 PCI-E lanes with Haswell-E.
But this shocked me, I have phobya from folder with benchmark tests.

ONE THING IS SURE, INTEL AS COMPANY IS DANGER FOR SECURITY.
Maybe this scenario is best. To Intel survive restructuring, because now government have right to involve, and next years to increase security of their processors and enthusiasts and gamers to turn to AMD because his gamer performancer could be better.

As director of some compnay with sensitive data for other sides I would not wait, I would hire specialists to estimate cost of transfer on AMD EPYC processors company withing 7-10 days. As chief of security on meeting I would propose that to directors of any company who have reason to hide information and who need to find money to hide informations on any costs. First security, later to see what can be done for compensation from Intel because put us in danger and hide information who knows how long. They say more than 6 months.
But they show up before 3 days to give false data and blame AMD like they figure out before 2 hours what happens.


----------



## tashcz

Okay really now, settle down. It's not just individuals that invested in hardware, put yourself in AWS' or Azure's place. There's 100s of exploits out there. This is something that's gonna affect everyone and everyone's in the same boat. You are not the only one that's gonna lose performance. And Intel for sure (I'm def not on their side, look at my sig) would fix this earlier if something serious happened. Thing is there are hundreds of low-level attacks that could happen but this is on spot now. Right now everyone is taking measures just to show they're doing something. Yeah attacks are possible but I don't think any happened yet.


----------



## jaredismee

Quote:


> Originally Posted by *tashcz*
> 
> Okay really now, settle down. It's not just individuals that invested in hardware, put yourself in AWS' or Azure's place. There's 100s of exploits out there. This is something that's gonna affect everyone and everyone's in the same boat. You are not the only one that's gonna lose performance. And Intel for sure (I'm def not on their side, look at my sig) would fix this earlier if something serious happened. Thing is there are hundreds of low-level attacks that could happen but this is on spot now. Right now everyone is taking measures just to show they're doing something. Yeah attacks are possible but I don't think any happened yet.


have you not seen the massive leaks in news in past year which were possibly caused by these security flaws? saying they haven't been used is ridiculous as they leave can leave no trace of ever being done.


----------



## tashcz

Not the same attacks. Especially not reading any portion of the memory Meltdown can. I mean, people download stuff from TPB, install a bunch of software from who knows where, watch some shady xxx, and now this is the biggest security issue for them


----------



## cekim

Quote:


> Originally Posted by *jaredismee*
> 
> have you not seen the massive leaks in news in past year which were possibly caused by these security flaws? saying they haven't been used is ridiculous as they leave can leave no trace of ever being done.


Sad thing is, and part of why we need to keep the panic in perspective, many, most, perhaps all of those leaks come from much more mundane exploits - many of which are still and will still be with us for the foreseeable future.

Moreover, if you think that once patched, your system is 100% secure, you are mistaken.

If our nation's (or yours if not the US) security apparatus was really working for its respective citizens, it would put its resources and wizardry to securing its citizens computers not exploiting them.

That is not where we find ourselves today (or perhaps ever, which is why limited government is a thing - it doesn't know how not to be a hammer, so we should only use it on nails).


----------



## Alex132

Quote:


> Originally Posted by *Pro3ootector*
> 
> 
> 
> https://uploads.disquscdn.com/images/cab9430cb6a5aebe5b41a66d3cdb1c52b82d39b24a662baca26cc6e60d8812d1.jpg?w=800&h=661
> 
> Not sure how legit but here it is.


It's wrong. Don't believe it.


----------



## GeneO

Quote:


> Originally Posted by *azanimefan*
> 
> Asus is the only MB manufacturer who I know of who will support this type of issue with old products. It's one of the perks of going with Asus motherboards. Just don't expect the update immediately, might take a month for them to get around to it.


Looks like they are only going back to the 6th generation processors:

https://www.asus.com/News/V5urzYAT6myCC1o2


----------



## Offler

Quote:


> Originally Posted by *Pro3ootector*
> 
> 
> 
> https://uploads.disquscdn.com/images/cab9430cb6a5aebe5b41a66d3cdb1c52b82d39b24a662baca26cc6e60d8812d1.jpg?w=800&h=661
> 
> Not sure how legit but here it is.


According to whitepapers it is correct. Some people just have to learn to get real with understanding. Executing an instruction might work in more cases, but when no data are returned, it simply does not work.


----------



## ozlay

Quote:


> Originally Posted by *superstition222*
> 
> It depends on which version of Windows *10* you have, you mean, eh?


Indeed fixed... Added 7 and 8 and server.

I forgot people like to use old OS's


----------



## chispy

Quote:


> Originally Posted by *Offler*
> 
> According to whitepapers it is correct. Some people just have to learn to get real with understanding. Executing an instruction might work in more cases, but when no data are returned, it simply does not work.


+1 This exactly ^^ .


----------



## Dimaggio1103

Y'all see the hardware Unboxed video last night. Nvme drives getting hit as much as 30 percent in write speeds. Microcode hit for z370 and it looks bad. Even he admitted it and he's a Intel shill all day. Fortnight saw server slow downs.....bad day to be on Intel. All the smugness from some fanboys seams to have drained right outta ocn. Lol


----------



## Paladin Goo

I wonder if one can opt out of this update. I'll take the risk and keep my performance.


----------



## tashcz

Quote:


> Originally Posted by *Paladin Goo*
> 
> I wonder if one can opt out of this update. I'll take the risk and keep my performance.


Ofcourse you can use it that way. But I'd refrian from using my credit card or access some really personal accounts from that PC.


----------



## xXlAinXx

Quote:


> Originally Posted by *Offler*
> 
> According to whitepapers it is correct. Some people just have to learn to get real with understanding. Executing an instruction might work in more cases, but when no data are returned, it simply does not work.


WEll, ranting IDK..
exponential flaw like the one introduced with ****WIT/REPTOLINE mess should never made on operand iteration in software nor in pseudo hardware interface.
Said so, older platform may already allow to disable the L3 and in some cases L1/L2 for security reason ( not if that really matter ).
BIG DATA like GOOGLE, AWS ETC should NOT rely on software boundary to keep the END-USER in place.
WE ( the USER ) are NOT asking for any blackbox to be put in place.. it is a simple thermodynamic issue at the end, /dev/null will try to write out of it's bound really: all it take is something unaccounted to escape.
Don't get me wrong. In this very specific case: ask the manufacturer for a better implementation of your needs.
The CPU will always output and accept input upon request, else, I won't be able to type this, seriously.


----------



## Melan

https://twitter.com/CCP_SnowedIn/status/948980181577875456

CCP updated their API server. I wonder how bad will it be on game servers.


----------



## tashcz

From what we've seen so far very very bad.


----------



## chispy

Quote:


> Originally Posted by *Dimaggio1103*
> 
> Y'all see the hardware Unboxed video last night. Nvme drives getting hit as much as 30 percent in write speeds. Microcode hit for z370 and it looks bad. Even he admitted it and he's a Intel shill all day. Fortnight saw server slow downs.....bad day to be on Intel. All the smugness from some fanboys seams to have drained right outta ocn. Lol


Yeah , saw that







, the microsoft patch and the Bios updates seems to affect everyone on Intel cpus , some more than others but everyone is affected and the degradation in performance is real and measurable.


----------



## Paladin Goo

Quote:


> Originally Posted by *tashcz*
> 
> Ofcourse you can use it that way. But I'd refrian from using my credit card or access some really personal accounts from that PC.


Eh, it's a private home PC behind a sonic wall. I wouldn't worry *too* much.


----------



## jagdtigger

Quote:


> Originally Posted by *Paladin Goo*
> 
> Eh, it's a private home PC behind a sonic wall. I wouldn't worry *too* much.


Unless you use paranoid firewall settings it wont stop an outgoing connection after the exploit got onto your PC somehow....


----------



## superstition222

Quote:


> Originally Posted by *AppleInsider*
> Updates released in early December should already have dealt with "Meltdown" and "Spectre" vulnerabilities on older Intel Macs, according to Apple's release notes -but a late Friday retraction of the claim has shed some doubt on the situation.
> 
> Fixes for several Intel-related flaws were included in Security Update 2017-002 for Sierra, and Security Update 2017-005 for El Capitan. Apple yesterday confirmed that "mitigations" against Meltdown were implemented in macOS 10.13.2, iOS 11.2, and tvOS 11.2. watchOS is immune to the flaw.
> 
> Spectre remains a concern in Apple's Mac and iOS Web browser, Safari. That should be patched within the next few days, possibly even later on Friday. The company is also developing broader fixes for iOS, macOS, tvOS, and watchOS, but it's unclear when those will be released to the public.


Quote:


> Originally Posted by *AppleInsider*
> Update: On Friday afternoon, Apple removed the section of the support document detailing the "Meltdown" patch for Sierra and El Capitan. AppleInsider has conflicting information on this from inside Apple, with some claiming that the security patch didn't have the Meltdown fix, and others claiming that the documentation withdrawal was performed in error.


link

Hmm...


----------



## Melan

Apple also has IOHIDeous zero day to deal with.


----------



## superstition222

Quote:


> Originally Posted by *Melan*
> 
> Apple also has IOHIDeous zero day to deal with.


Really lame of Apple not to include macOS in its bug bounty program.
Quote:


> while exploiting the IOHIDeous macOS zero-day could allow an attacker to escalate privilege, run arbitrary code and gain root access, Siguza said on Twitter that the risks are somewhat lessened because the flaw is not remotely exploitable and because "triggering [the] bug is pretty noticeable, with the entire UI being torn down and whatnot."


----------



## Vlada011

Can someone explain me single thing. Why you try to hurry to patch system and fix one bug when other is not fixable.
No sense at all. Special if many home users don't use antivirus software except Windows.
We are not more vulnerable today than before 2 years only now you are aware of that.

Except fact that AMD users have right to joke with us and look as as fools who didn't only overprice product, we digged own security grave and extra we will safe with performance loss.
That mean.

1. Overprice
2. Losing Performance
3. Unfixable Security Bag

And you can fix only one of these three things, not 2, and you can't choose and you can't back in past to spend money on AMD.
You could chose 50% better security and performance decrease or you can stay without patch and use system as before.

This have only one good side, Intel will never be in position to sent processors on market every week with flaws and new chipsets, useless without single new usable feature in real life.
I mean what you get with Z370 and you didn't had with Z270. Except 6 core and that model could work and on Z270 with BIOS update.
I hope I will resist to upgrade GPU finally because I have almost unstopable desire to get rid of this buggy crap who slow down without fixing situation with security.


----------



## cekim

Quote:


> Originally Posted by *Vlada011*
> 
> Can someone explain me single thing. Why you try to hurry to patch system and fix one bug when other is not fixable.
> No sense at all. Special if many home users don't use antivirus software except Windows.


Exploits do not have equal ease-of-use in terms of hackers implementing them. That's generally what drives urgency is either the proof-of-concept showing that its trivial or actual observation of exploit in the wild.

Perhaps more correctly, one of their large clients has to publicly state that such a vulnerability is easily exploitable.







but the point that not all exploits are created equally remains and justifies hurried patches.


----------



## Vlada011

Quote:


> Originally Posted by *cekim*
> 
> Exploits do not have equal ease-of-use in terms of hackers implementing them. That's generally what drives urgency is either the proof-of-concept showing that its trivial or actual observation of exploit in the wild.
> 
> Perhaps more correctly, one of their large clients has to publicly state that such a vulnerability is easily exploitable.
> 
> 
> 
> 
> 
> 
> 
> but the point that not all exploits are created equally remains and justifies hurried patches.


OK I understand patch for servers and companies and corporations.
They want to save what could be saved now while house burn.
But I don't understand for Home Users. Special because there is two problems and one could be fixed after new CPU show up on market.

We lived in baloon fool of illusion about powerfull Intel dominative on market and they didn't have enough power to found new core and show up with new products. Time for that was After X79.
They didn;'t done even after X99.

What they say BIGGEST CHANGE AFTER NEHALEM, SKYLAKE-X.

And we get biggest change from Nehalem.
Change of Name i9 instead i7,
Change of price, premium product not 1000, not 1700 now 2000$]
No Intel Xeons compatibility first time after Nehalem.
First time thermal crap instead soldered processor with Xtreme chipset.
Lower L3 Cache than ever and Skylake-X become benchmarking platform.
Now when benchmarks have bitter taste for Intel users... what now?
I forgot, More Power Than Ever.
After they say Biggest change after Nehalem and people wait 2-3 and more years that chipset I didn't expect i7-6950X on 4.3GHz to beat i9-7900X on 4.5 GHz in games.

This bug is like god coudn't watch any more what they do and just before they start to advertise 1151 V4 god hand involve and turn upside down whole IT industry that Intel have reason to think about moves of governments and demands for their politic in future.


----------



## AlphaC

GPU drivers may need to be benchmarked as well

https://nvidia.custhelp.com/app/answers/detail/a_id/4611
Quote:


> The vulnerability has three known variants:
> 
> Variant 1 (CVE-2017-5753): Mitigations are provided with the security update included in this bulletin. NVIDIA expects to work together with its ecosystem partners on future updates to further strengthen mitigations.
> Variant 2 (CVE-2017-5715): NVIDIA's initial analysis indicates that the NVIDIA GPU Display Driver is potentially affected by this variant. NVIDIA expects to work together with its ecosystem partners on future updates for this variant.
> Variant 3 (CVE-2017-5754): At this time, NVIDIA has no reason to believe that the NVIDIA GPU Display Driver is vulnerable to this variant.


386.07 Quadro driver is already out.


----------



## Offler

Quote:


> Originally Posted by *xXlAinXx*
> 
> WEll, ranting IDK..
> exponential flaw like the one introduced with ****WIT/REPTOLINE mess should never made on operand iteration in software nor in pseudo hardware interface.
> Said so, older platform may already allow to disable the L3 and in some cases L1/L2 for security reason ( not if that really matter ).
> BIG DATA like GOOGLE, AWS ETC should NOT rely on software boundary to keep the END-USER in place.
> WE ( the USER ) are NOT asking for any blackbox to be put in place.. it is a simple thermodynamic issue at the end, /dev/null will try to write out of it's bound really: all it take is something unaccounted to escape.
> Don't get me wrong. In this very specific case: ask the manufacturer for a better implementation of your needs.
> The CPU will always output and accept input upon request, else, I won't be able to type this, seriously.


Ofc, but it does not mean youi will get always response from the hardware, or opportunity to fetch "mispredicted" data in branch buffer.

Its in the state "not demonstrated" with notion "could be optimized in the future". I get that, i may understand what to optimize, but question "how" is beyond me.


----------



## webhito

Sadly, while I do agree with most issues you post , all Intel has to do is make a new shiny cpu with higher clocks and say: "this one is safe" and we will all drool over it, overpay for it and be happy sheep as usual.

I have never really considered myself a fan of any specific company except maybe Evga, but I have always tried to have the fastest, or at least close to the fastest and it almost always was intel. This new issue should kick them back to ground level and off their high horse ( one can hope ), and possibly give Amd more funds for making an even better processor.

I already jumped ship, sold both my board and cpu for almost no hit at all since they still do go for a hefty price tag, with it I will probably grab a ryzen and a hero and just call it a day.

No point really mourning over it, we just got swindled once again.


----------



## cekim

Quote:


> Originally Posted by *Vlada011*
> 
> OK I understand patch for servers and companies and corporations.
> They want to save what could be saved now while house burn.
> But I don't understand for Home Users. Special because there is two problems and one could be fixed after new CPU show up on market.


When it comes to internet security "we are all in this together". Home computers are a vector for attack of those corporate systems (and everything else). It's the civilized world against hackers. The more exploited computers exist on the net, the more power bad people have to attack your computer whether it be personal or corporate.

Similarly, the more likely a given mobile machine is exploited and moves to a public wifi and unknowingly becomes a vector for everyone around it.

Then there are VPNs - those home computers often connect to company nets via VPN....

and your cable modem may or may not be able to exploit others in your neighborhood depending on network topology and provider...

MSFT is, correctly in this instance, looking at this understanding that their OS could become the pandemic that takes down the planet and that's not a branding blemish you want to try to fight.

A decent chunk of people with a clue already look to IoT as a segment with such suspicion and it will cost them marketing dollars to overcome - more as time goes on and the attacks presented by this class of device become more common. I honestly think we are still in the early days of what these exploits will end up doing to the internet and perception of it.


----------



## TonyLee

Quote:


> Originally Posted by *webhito*
> 
> I already jumped ship, sold both my board and cpu for almost no hit at all since they still do go for a hefty price tag, with it I will probably grab a ryzen and a hero and just call it a day.
> 
> No point really mourning over it, we just got swindled once again.


I was planning on keeping this 2600k at least until 2019, but I think that I will retire it early and get one of those zen+ chips when they get released in a few months.


----------



## webhito

Quote:


> Originally Posted by *TonyLee*
> 
> I was planning on keeping this 2600k at least until 2019, but I think that I will retire it early and get one of those zen+ chips when they get released in a few months.


Yea, I read as well that they should start shipping around this coming March? Sadly I hate waiting, and if I keep this around for much longer it might hurt my wallet more.


----------



## cfu97

I saw some testing showing Intel CPU would be around 30% slower after patch.


----------



## jaredismee

Quote:


> Originally Posted by *cfu97*
> 
> I saw some testing showing Intel CPU would be around 30% slower after patch.


for a typical consumer it is <5%, for some server use it is >30%


----------



## Dimaggio1103

Quote:


> Originally Posted by *jaredismee*
> 
> for a typical consumer it is <5%, for some server use it is >30%


Waaaaayyyyy oversimplifying it though. Some application on desktops saw a 30% reduction in perf. A 35% and higher reduction in NVME speeds for write. Servers saw issues and threw wait times into the 30-45min. This aint no small potatoes.


----------



## jaredismee

Quote:


> Originally Posted by *Dimaggio1103*
> 
> Waaaaayyyyy oversimplifying it though. Some application on desktops saw a 30% reduction in perf. A 35% and higher reduction in NVME speeds for write. Servers saw issues and threw wait times into the 30-45min. This aint no small potatoes.


give me a non synthetic desktop application that a user not doing data center/server stuff would see more than a 5% drop in, and if u find any i doubt it is over 10...

edit: i don't even like intel, and felt that statement was pretty fair as a super simplified outcome of this issue.


----------



## GeneO

Quote:


> Originally Posted by *jaredismee*
> 
> give me a non synthetic desktop application that a user not doing data center/server stuff would see more than a 5% drop in, and if u find any i doubt it is over 10...


Realbench. A 9% drop in performance after the Haswell ucode update. Mostly in Image editing and multitasking.


----------



## cekim

Quote:


> Originally Posted by *jaredismee*
> 
> for a typical consumer it is <5%, for some server use it is >30%


It's amazing how the telephone game spreads bad info....

30-50% in some, very, very specific server use. Specifically I/O writes in isolation - most actually applications are not seeing this. Some are seeing higher utilization that requires additional investigation.

After a little more testing, even that "depends"...

I previously posted a 2X time for sqlite3 unoptimized insertion of 5M individual rows with the updated 3.x kernel. Then added that NFS write performance also took a big hit (742MB/s vs 947MB/s).

I also noted that this was a corner case as inserting the same 5M rows as a single transaction (a typical and obvious optimization) showed < 1% slowdown if any (within test error).

To add to this observation, I re-tested the 4.x kernel with the patch:
sqlite3 insertion of 5M 7-column rows individually - then queries that walk every row of the table multiple times.

E5-2696v3 (Haswell)

Code:



Code:


5m individual rows of insertion:
3.x kernel before: 1m48s
3.x kernel after:    3m39s
4.x kernel after:    2m12s
22%

5m row insertion as a single transaction (to demonstrate how irregular the impact is/isn't):
3.x kernel before: 23.5s
3.x kernel after:    24.0s
4.x kernel after:    23.1s

query:
3.x kernel before: 4.70s
3.x kernel after:    4.73s
4.x kernel after:    4.72s
0.4% (basically noise)

NFS (dd copy of 11G over 10GbE NFS):
3.x kernel before: 947MB/s
3.x kernel after:    742MB/s
4.x kernel after:    997MB/s

So, the "30-50%" story is garbage at this point... Again, not that there aren't issues, they are just much more specific than "the sky is falling" and still very fluid. Add to that Windows may be a different story right now as well. The common theme is that small write I/O specifically is at risk of potentially large performance hits, but how or if that manifests itself in real-world performance is still a big TBD.


----------



## jaredismee

f
Quote:


> Originally Posted by *GeneO*
> 
> Realbench. A 9% drop in performance after the Haswell ucode update. Mostly in Image editing and multitasking.


well the worse they do the better for me, i invested a ton in AMD on the 2nd. was not expecting this, and honestly am not very concerned either way i was buying in to hold out til the refresh anyway.


----------



## Dimaggio1103

Quote:


> Originally Posted by *cekim*
> 
> It's amazing how the telephone game spreads bad info....
> 
> 30-50% in some, very, very specific server use. Specifically I/O writes in isolation - most actually applications are not seeing this. Some are seeing higher utilization that requires additional investigation.
> 
> After a little more testing, even that "depends"...
> 
> I previously posted a 2X time for sqlite3 unoptimized insertion of 5M individual rows with the updated 3.x kernel. Then added that NFS write performance also took a big hit (742MB/s vs 947MB/s).
> 
> I also noted that this was a corner case as inserting the same 5M rows as a single transaction (a typical and obvious optimization) showed < 1% slowdown if any (within test error).
> 
> To add to this observation, I re-tested the 4.x kernel with the patch:
> sqlite3 insertion of 5M 7-column rows individually - then queries that walk every row of the table multiple times.
> 
> E5-2696v3 (Haswell)
> 
> Code:
> 
> 
> 
> Code:
> 
> 
> 5m individual rows of insertion:
> 3.x kernel before: 1m48s
> 3.x kernel after:    3m39s
> 4.x kernel after:    2m12s
> 22%
> 
> 5m row insertion as a single transaction (to demonstrate how irregular the impact is/isn't):
> 3.x kernel before: 23.5s
> 3.x kernel after:    24.0s
> 4.x kernel after:    23.1s
> 
> query:
> 3.x kernel before: 4.70s
> 3.x kernel after:    4.73s
> 4.x kernel after:    4.72s
> 0.4% (basically noise)
> 
> NFS (dd copy of 11G over 10GbE NFS):
> 3.x kernel before: 947MB/s
> 3.x kernel after:    742MB/s
> 4.x kernel after:    997MB/s
> 
> So, the "30-50%" story is garbage at this point... Again, not that there aren't issues, they are just much more specific than "the sky is falling" and still very fluid. Add to that Windows may be a different story right now as well. The common theme is that small write I/O specifically is at risk of potentially large performance hits, but how or if that manifests itself in real-world performance is still a big TBD.


Care to explain servers with multiplayer seeing huge increase in utilization? How about the 20-30% NVME drop in write speeds? Sorry to break it to ya but the story is not garbage. Dont hate the messenger hate the company that willing fully sold you a flawed chip.

http://www.pcgamer.com/fortnite-servers-will-be-unstable-for-the-next-week-because-of-meltdown-patch/

https://www.youtube.com/watch?v=JbhKUjPRk5Q


----------



## Falkentyne

Quote:


> Originally Posted by *cfu97*
> 
> Look like Intel knew this years ago and it was designed to be a backdoor for US gov agency like CIA. There is no way that so many processors providers all had the same core designs back in 20 years ago and all have this "bug".
> 
> This is not a bug, this is a backdoor. Just like the windows one months ago.
> 
> So basically CIA can easily hack any computer for 20 years, so nice.


This is 100% completely true.
Please look up the Linux article about the Intel ME (management engine).
Someone actually completely DISASSEMBLED It and found REFERENCES to the "National Security Agency" (NSA) in it.

Please go google it. It's....mind blowing. EVERY computer that has Intel ME installed has this backdoor. Someone actually tried to call Intel out on this and they said that it was some "thing to help them with managing their systems" or some epic BS. (I don't remember the full details).

https://www.csoonline.com/article/3220476/security/researchers-say-now-you-too-can-disable-intel-me-backdoor-thanks-to-the-nsa.html

http://searchsecurity.techtarget.com/news/450425659/Intel-kill-switch-code-indicates-connection-to-NSA

http://www.zdnet.com/article/researchers-say-intels-management-engine-feature-can-be-switched-off/

https://www.bleepingcomputer.com/news/hardware/researchers-find-a-way-to-disable-much-hated-intel-me-component-courtesy-of-the-nsa/

https://hackaday.com/2017/12/11/what-you-need-to-know-about-the-intel-management-engine/

Be VERY afraid.


----------



## yamnakshatriya

Quote:


> Originally Posted by *Falkentyne*
> 
> This is 100% completely true.
> Please look up the Linux article about the Intel ME (management engine).
> Someone actually completely DISASSEMBLED It and found REFERENCES to the "National Security Agency" (NSA) in it.
> 
> Please go google it. It's....mind blowing. EVERY computer that has Intel ME installed has this backdoor. Someone actually tried to call Intel out on this and they said that it was some "thing to help them with managing their systems" or some epic BS. (I don't remember the full details).
> 
> https://www.csoonline.com/article/3220476/security/researchers-say-now-you-too-can-disable-intel-me-backdoor-thanks-to-the-nsa.html
> 
> http://searchsecurity.techtarget.com/news/450425659/Intel-kill-switch-code-indicates-connection-to-NSA
> 
> http://www.zdnet.com/article/researchers-say-intels-management-engine-feature-can-be-switched-off/
> 
> https://www.bleepingcomputer.com/news/hardware/researchers-find-a-way-to-disable-much-hated-intel-me-component-courtesy-of-the-nsa/
> 
> https://hackaday.com/2017/12/11/what-you-need-to-know-about-the-intel-management-engine/
> 
> Be VERY afraid.


Well, considering how easy it is to become a criminal these days, mass surveillance is necessary. Look at the huge number of sealed indictments put up by the first-time-in-half-a-century honest US government.

However, it's equally important that the surveillance is honest, not misused, and doesn't result in catastrophic outcomes like what's happened here.


----------



## HMBR

I wouldn't mind a 30% performance loss tbh (which is kind of crazy, but shows how lightly I use the PC these days), but, my problem is that my hardware is so old that the newest bios is from 2012; so I guess I have no chance of getting an updated one for Spectre, which is kind of bad knowing I'll be using the PC with this clear vulnerability


----------



## superstition222

Quote:


> Originally Posted by *Falkentyne*
> 
> This is 100% completely true.
> Please look up the Linux article about the Intel ME (management engine).
> Someone actually completely DISASSEMBLED It and found REFERENCES to the "National Security Agency" (NSA) in it.
> 
> Please go google it. It's....mind blowing. EVERY computer that has Intel ME installed has this backdoor. Someone actually tried to call Intel out on this and they said that it was some "thing to help them with managing their systems" or some epic BS. (I don't remember the full details).
> 
> https://www.csoonline.com/article/3220476/security/researchers-say-now-you-too-can-disable-intel-me-backdoor-thanks-to-the-nsa.html
> 
> http://searchsecurity.techtarget.com/news/450425659/Intel-kill-switch-code-indicates-connection-to-NSA
> 
> http://www.zdnet.com/article/researchers-say-intels-management-engine-feature-can-be-switched-off/
> 
> https://www.bleepingcomputer.com/news/hardware/researchers-find-a-way-to-disable-much-hated-intel-me-component-courtesy-of-the-nsa/
> 
> https://hackaday.com/2017/12/11/what-you-need-to-know-about-the-intel-management-engine/
> 
> Be VERY afraid.


I was going to say something but I'll just note that the first response to your post was a justification for the situation.


----------



## Wishmaker

Quote:


> Originally Posted by *HMBR*
> 
> I wouldn't mind a 30% performance loss tbh (which is kind of crazy, but shows how lightly I use the PC these days), but, my problem is that my hardware is so old that the newest bios is from 2012; so I guess I have no chance of getting an updated one for Spectre, which is kind of bad knowing I'll be using the PC with this clear vulnerability


My R3F hasn't had a Bios update since 2011







.
Maybe we can form a club, get some jackets?


----------



## coelacanth

Got a Windows 10 update and ran Valley 1080p. Overall score down 2.1%, minimum FPS down 2.7%.


----------



## Wishmaker

Communication in my work place about the matter .
Quote:


> As you may have heard in the press, there are two new vulnerabilities which affect the IT world at the moment, Spectre and Meltdown. Both exploit vulnerabilities found in nearly all chips which are on the market today, like Intel, AMD, ARM and Power chips are affected as well.
> 
> So what is the vulnerability about: An attacker could have access to the memory of your computer by exploiting the vulnerability. These are known concept from the past but the interesting thing with this vulnerability is that even if the attack is executed with a low privileged user, the whole memory can be read including high privilege user memory. So basically you could potentially read out all the passwords which are stored in the memory of a computer while it is running.
> 
> So we have a vulnerability on one side but at the moment there is no exploit known in the wild. So for the moment no attackers have used these vulnerabilities to attack people. However, this may just be a question of days.
> 
> How can you be affected:
> 1) By installing software from a malicious website or from unknown sources.
> 2) By navigating to malicious website which execute malicious JavaScript via your browser
> 
> Impact:
> The attack is read-only, meaning that it will read out information but there is no harm done like, deleting or spreading to other systems automatically. The biggest harm is basically the information stored in memory, like passwords of sensitive systems, a confidential document which is still in memory.
> 
> Mitigating actions:
> 1) Users should only install software from known sources
> 2) Users should not give their phones/Laptops to anyone without their supervision
> 3) Users should not surf on websites which look malicious. At the moment there is no known exploit in the wild but it will come.
> 4) Users should not try to surf on the darknet
> 5) Users should only access xxx Data with systems which have been handed out by IT.
> 6) Patches will be installed as soon as they are proven to be stable.
> 7) Users having not updated their iPhone/iPad with the latest iOS version will be contacted and followed up.
> 
> Conclusion:
> 
> The vulnerability is very important especially since it impacts nearly all chips. The good side is that there are mitigations which will be put in place by the different vendors. The bad news, there are many many systems on the planet and it will take quite some time until all systems are updated if this will ever happen.
> At the moment there is no direct threat for xxxLuxembourg as long as users follow the directives mentioned above.
> A wider staff communication will be sent out during the afternoon.


----------



## Offler

Quote:


> Originally Posted by *Wishmaker*
> 
> Communication in my work place about the matter .
> .


Your security expert is incompetent. As for AMD the issue allows read in worst case, for Intel it allows write.


----------



## jagdtigger

Quote:


> Originally Posted by *yamnakshatriya*
> 
> However, it's equally important that the surveillance is honest, not misused, and doesn't result in catastrophic outcomes like what's happened here.


Anything like that could be misused, and in fact it will be misused to further someones private agenda... Mass surveillance should not exist nor allowed.


----------



## Wishmaker

Quote:


> Originally Posted by *Offler*
> 
> Your security expert is incompetent. As for AMD the issue allows read in worst case, for Intel it allows write.


Quote:


> Originally Posted by *Offler*
> 
> Your security expert is incompetent. As for AMD the issue allows read in worst case, for Intel it allows write.


Can you please link me that part?
This thread is quite big


----------



## randomizer

Quote:


> Originally Posted by *Wishmaker*
> 
> Communication in my work place about the matter .
> Quote:
> 
> 
> 
> 3) Users should not surf on websites which look malicious. At the moment there is no known exploit in the wild but it will come.
Click to expand...

It's a bit hard to check if a website looks malicious (what does that even look like?) without first visiting the site, at which point you're already hosed.

Quote:


> Originally Posted by *Offler*
> 
> Your security expert is incompetent. As for AMD the issue allows read in worst case, for Intel it allows write.


Read _is_ the worst case.


----------



## Catscratch

Quote:


> Originally Posted by *Falkentyne*
> 
> This is 100% completely true.
> Please look up the Linux article about the Intel ME (management engine).
> Someone actually completely DISASSEMBLED It and found REFERENCES to the "National Security Agency" (NSA) in it.
> 
> Please go google it. It's....mind blowing. EVERY computer that has Intel ME installed has this backdoor. Someone actually tried to call Intel out on this and they said that it was some "thing to help them with managing their systems" or some epic BS. (I don't remember the full details).
> 
> https://www.csoonline.com/article/3220476/security/researchers-say-now-you-too-can-disable-intel-me-backdoor-thanks-to-the-nsa.html
> 
> http://searchsecurity.techtarget.com/news/450425659/Intel-kill-switch-code-indicates-connection-to-NSA
> 
> http://www.zdnet.com/article/researchers-say-intels-management-engine-feature-can-be-switched-off/
> 
> https://www.bleepingcomputer.com/news/hardware/researchers-find-a-way-to-disable-much-hated-intel-me-component-courtesy-of-the-nsa/
> 
> https://hackaday.com/2017/12/11/what-you-need-to-know-about-the-intel-management-engine/
> 
> Be VERY afraid.


Hmm. If that is true, then AMD blatantly refused to have a hardware backdoor for government(or unaware in case of older cpus) or have a completely different one that isn't discovered yet ? The story goes beyond....


----------



## Offler

Quote:


> Originally Posted by *randomizer*
> 
> It's a bit hard to check if a website looks malicious (what does that even look like?) without first visiting the site, at which point you're already hosed.
> Read _is_ the worst case.


Its leak vs data corruption or hardware misuse by unknown attacker. But yeah, once you can read you eventually get access. Works the other way around.
Quote:


> Originally Posted by *Wishmaker*
> 
> Can you please link me that part?
> This thread is quite big


https://googleprojectzero.blogspot.de

Specter has 2 variants. On AMD works only one, under specific circumstances.

Meltdown works only on Intel and allow writing. For Intel also work both Specter variants, without any specific circumstances.

For Intel only Meltdown is currently being fixed by patching. Spectre cannot be fixed atm, maybe slightly mitigated by updates to browsers.

For AMD ... I heard about patches - either microcode updates or sofware updates for Spectre, but havent seent it yet.


----------



## delboy67

Quote:


> Originally Posted by *yamnakshatriya*
> 
> Well, considering how easy it is to become a criminal these days, mass surveillance is necessary. Look at the huge number of sealed indictments put up by the first-time-in-half-a-century honest US government.
> 
> However, it's equally important that the surveillance is honest, not misused, and doesn't result in catastrophic outcomes like what's happened here.


The dumbest thing Ive read on here. Maybe you dhouldnt lock your house up at night so we check if youre kicking your dog to hard.


----------



## e-gate

It will be first time that I will believe the "it's not a bug it's a feature" because for this case it is a feature. Not a flaw. It was designed specifically this way and we had this hidden for years. It's clearly not a flaw. Makes you wonder what is is buried deep inside in hardware and we don't know about yet.


----------



## _Chimera

Some benchmarks done here (i7-8700): https://np.reddit.com/r/pcmasterrace/comments/7obokl/performance_impact_of_windows_patch_and_bios/

Also reports that minimum FPS went down a lot, even when overall average FPS is about the same.

Glad I went Ryzen, and really hoping the performance impact can be mitigated somehow for you Intel guys


----------



## cx-ray

Quote:


> Originally Posted by *_Chimera*
> 
> Some benchmarks done here (i7-8700): https://np.reddit.com/r/pcmasterrace/comments/7obokl/performance_impact_of_windows_patch_and_bios/[


Isn't the 8700 some old chip from last year?


----------



## ToTheSun!

Quote:


> Originally Posted by *cx-ray*
> 
> Quote:
> 
> 
> 
> Originally Posted by *_Chimera*
> 
> Some benchmarks done here (i7-8700): https://np.reddit.com/r/pcmasterrace/comments/7obokl/performance_impact_of_windows_patch_and_bios/[
> 
> 
> 
> Isn't the 8700 some old chip from last year?
Click to expand...

Technically, everything on the market right now is from last year!


----------



## tpi2007

The comments in this one are interesting: https://twitter.com/never_released/status/949231568509267968

Could it be that Sandy Bridge and Ivy Bridge actually don't need an IBRS Bios patch and thus the performance hit will never be as high as on Haswell, Broadwell and Skylake+ (Kaby and Coffee included)?


----------



## _Chimera

Quote:


> Originally Posted by *cx-ray*
> 
> Isn't the 8700 some old chip from last year?


Intel Ark (released Q4 2017).

Also an interesting read: https://gist.github.com/woachk/2f86755260f2fee1baf71c90cd6533e9


----------



## sumitlian

Quote:


> Originally Posted by *yamnakshatriya*
> 
> Well, considering how easy it is to become a criminal these days, mass surveillance is necessary. Look at the huge number of sealed indictments put up by the first-time-in-half-a-century honest US government.
> 
> However, it's equally important that the surveillance is honest, not misused, and doesn't result in catastrophic outcomes like what's happened here.


Couldn't agree more.


----------



## DanBr

With my win 8.1 machine, When I "check for updates" I do not get the KB4056898 or any related to this issue. I do have the correct registry entry. Should download it from http://www.catalog.update.microsoft.com/Search.aspx?q=KB4056898, or should I wait until Windows offers it thru the normal update process

Is it safe to use, I thought i had read elseware, the windows pulled from the catalog, but I still see it.
thanks in advance
dan


----------



## tpi2007

Quote:


> Originally Posted by *DanBr*
> 
> With my win 8.1 machine, When I "check for updates" I do not get the KB4056898 or any related to this issue. I do have the correct registry entry. Should download it from http://www.catalog.update.microsoft.com/Search.aspx?q=KB4056898, or should I wait until Windows offers it thru the normal update process
> 
> Is it safe to use, I thought i had read elseware, the windows pulled from the catalog, but I still see it.
> thanks in advance
> dan


KB4056898 is the security only update, so it will never show up on Windows Update.

The Rollup (KB4056895), does indeed seem to be down, not even available on the Catalog site, maybe it's to fix a bug that they acknowledge in the article page. For comparison, the Windows 7 version doesn't have that bug and its rollup is available on the Catalog site and also on Windows Update, so I'm guessing that it's because of that bug. It's just Microsoft being Microsoft and not saying what's up.

Anyway, install the security only update. If it's available still, it shouldn't have the same problems as the Rollup, which includes more stuff not related to this problem.

If you do that, make sure to also install the IE 11 cumulative patch that includes mitigations for the problem (it's otherwise included in the Rollup); you can find it here:

IE 11 Cumulative security update for all versions of Windows 7, 8.1, Windows Server 2008 R2 SP1 and 2012 R2: https://www.catalog.update.microsoft.com/search.aspx?q=kb4056568

Associated article: https://support.microsoft.com/en-ie/help/4056568/cumulative-security-update-for-internet-explorer


----------



## DanBr

Quote:


> Originally Posted by *tpi2007*
> 
> KB4056898 is the security only update, so it will never show up on Windows Update.
> 
> The Rollup (KB4056895), does indeed seem to be down, not even available on the Catalog site, maybe it's to fix a bug that they acknowledge in the article page. For comparison, the Windows 7 version doesn't have that bug and its rollup is available on the Catalog site and also on Windows Update, so I'm guessing that it's because of that bug. It's just Microsoft being Microsoft and not saying what's up.
> 
> Anyway, install the security only update. If it's available still, it shouldn't have the same problems as the Rollup, which includes more stuff not related to this problem.
> 
> If you do that, make sure to also install the IE 11 cumulative patch that includes mitigations for the problem (it's otherwise included in the Rollup); you can find it here:
> 
> IE 11 Cumulative security update for all versions of Windows 7, 8.1, Windows Server 2008 R2 SP1 and 2012 R2: https://www.catalog.update.microsoft.com/search.aspx?q=kb4056568
> 
> Associated article: https://support.microsoft.com/en-ie/help/4056568/cumulative-security-update-for-internet-explorer


thanks, I will say a prayer, lite a candle, hold my breath and give it a go
dan


----------



## tpi2007

Quote:


> Originally Posted by *DanBr*
> 
> thanks, I will say a prayer, lite a candle, hold my breath and give it a go
> dan


Good Luck!

If you can, do some benchmarks before and after so we have some Windows 8.1 numbers.









It'll probably be under 2% for consumer workloads, but it's always worth checking.


----------



## tpi2007

Quote:


> Originally Posted by *tpi2007*
> 
> The comments in this one are interesting: https://twitter.com/never_released/status/949231568509267968
> 
> Could it be that Sandy Bridge and Ivy Bridge actually don't need an IBRS Bios patch and thus the performance hit will never be as high as on Haswell, Broadwell and Skylake+ (Kaby and Coffee included)?


Following up on this question of mine, it does seem that Skylake, Kaby Lake and Coffee Lake owners are in for a worse ride than Broadwell SB and IB (according to the link above IBRS is for Haswell and above) and previous CPUs:

https://twitter.com/never_released/status/949006165962305538


----------



## thegreatsquare

Quote:


> Originally Posted by *DanBr*
> 
> With my win 8.1 machine, When I "check for updates" I do not get the KB4056898 or any related to this issue. I do have the correct registry entry. Should download it from http://www.catalog.update.microsoft.com/Search.aspx?q=KB4056898, or should I wait until Windows offers it thru the normal update process
> 
> Is it safe to use, I thought i had read elseware, the windows pulled from the catalog, but I still see it.
> thanks in advance
> dan


That's what I did.

I didn't test before/after, but firestrike had no real change incl physx test. TR:ROTR ran fine, haven't tested in 6months and FPS was actually 6-8 fps higher. I don't game online, so it seems I'm relatively unscathed from the patch.

Has any game had a significant hit in offline/SP ?


----------



## Catscratch

Quote:


> Originally Posted by *tpi2007*
> 
> Following up on this question of mine, it does seem that Skylake, Kaby Lake and Coffee Lake owners are in for a worse ride than Broadwell SB and IB (according to the link above IBRS is for Haswell and above) and previous CPUs:
> 
> https://twitter.com/never_released/status/949006165962305538


Funny newer tech is more vulnerable.

I've got

1090t
fx 4300
x2 5600
2500k
2620M
7100U
LG G3

All of them except 7100u are hopeless lol.


----------



## Offler

Quote:


> Originally Posted by *Catscratch*
> 
> Funny newer tech is more vulnerable.
> 
> I've got
> 
> 1090t
> fx 4300
> x2 5600
> 2500k
> 2620M
> 7100U
> LG G3
> 
> All of them except 7100u are hopeless lol.


In what way are hopeless?

Btw FX series... The L1 caches in them ... 2 FPU/computing units and 1 shared L1 cache. It did "miracles' performance wise. I would wonder if ti had an impact on these vulnerabilities. That architecture is far from standards.


----------



## tpi2007

I was just reading the Intel paper, trying to piece all of this together, here is some more info:

https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/Intel-Analysis-of-Speculative-Execution-Side-Channels.pdf
Quote:


> For Intel® Core™ processors of the Broadwell generation and later, this retpoline mitigation strategy also requires a microcode update to be applied for the mitigation to be fully effective.


So Retpoline can be effective in Skylake+ after all, but it needs a microcode update and it affects Broadwell too.

They do suggest that Retpoline is a second method that can be used either together or as an alternative to Indirect Branch Restricted Speculation (IBRS), Single Thread Indirect Branch Predictors (STIBP) and Indirect Branch Predictor Barrier (IBPB).

They even state:
Quote:


> For the branch target injection method, two mitigation techniques have been developed. This allows a software ecosystem to select the approach that works for their security, performance and compatibility goals.


So, some people might opt to simply use Retpoline (less performance impact) and not the microcode updates. The problem is that the microcode updates for Broadwell and newer will probably bundle everything together (read: the IBRS, STIBP, IBPB patches _and_ the code to make the Retpoline protection fully effective) and you won't be able to pick and choose.


----------



## yamnakshatriya

Quote:


> Originally Posted by *jagdtigger*
> 
> Anything like that could be misused, and in fact it will be misused to further someones private agenda... Mass surveillance should not exist nor allowed.


Then, whether it's implemented by your government or not, some not-so-nice foreign government will implement it and use opposite technologies to cause havoc in your country to their advantage. You will not have the surveillance in place to know who their agents are and you won't be able to counter them, while any response you could have caused in their country is impossible due to their own surveillance systems. Really bad, and sick people will be able to do things, using modern technologies to their advantage, that you cannot imagine, and they are not able to be caught because of how advanced encryption technology is becoming.

The answer is not no surveillance, but honest people, both in government and outside. I am sure if we were to wake up in a clean society tomorrow, most "good" NSA employees would be happy to be surveilled by some special citizens' investigatory board, like the Censors of Ancient Rome, as long as they could continue to do their jobs. Alternatively, something like an AI doing the surveillance without human interference except in special occasions would be relatively un-corruptable too.


----------



## DanBr

Quote:


> Originally Posted by *tpi2007*
> 
> Following up on this question of mine, it does seem that Skylake, Kaby Lake and Coffee Lake owners are in for a worse ride than Broadwell SB and IB (according to the link above IBRS is for Haswell and above) and previous CPUs:
> 
> https://twitter.com/never_released/status/949006165962305538


Not sure I follow what you mean about Haswell, I have the Intel Core i7-5820K Haswell-E 6-Core, am I affected or not?
As for benchmarking, I would be happy with successful boot after patch as opposed to blue screen
dan


----------



## tpi2007

Quote:


> Originally Posted by *DanBr*
> 
> Quote:
> 
> 
> 
> Originally Posted by *tpi2007*
> 
> Following up on this question of mine, it does seem that Skylake, Kaby Lake and Coffee Lake owners are in for a worse ride than Broadwell SB and IB (according to the link above IBRS is for Haswell and above) and previous CPUs:
> 
> https://twitter.com/never_released/status/949006165962305538
> 
> 
> 
> Not sure I follow what you mean about Haswell, I have the Intel Core i7-5820K Haswell-E 6-Core, am I affected or not?
> As for benchmarking, I would be happy with successful boot after patch as opposed to blue screen
> dan
Click to expand...

From what I'm reading Haswell is probably at the intersection - it has or will have BIOS updates to the CPU microcode to patch Indirect Branch Restricted Speculation (IBRS), Single Thread Indirect Branch Predictors (STIBP) and Indirect Branch Predictor Barrier (IBPB) - first approach, but it doesn't need a microcode update to work properly with Retpoline - second (software) approach, unlike Broadwell and above, so, you can actually choose if you want to only benefit from Retpoline - as far as I'm aware it's built into the latest Windows patch too, or if you want to cover all angles and also suffer an additional performance penalty and implement the microcode updates.

We'll have to see in the coming days what the experts say on what are the scenarios where applying both methods is recommended and where it's optional. I'd say that in cloud environments they are probably playing it safe to not jeopardize their customers' data - and ours too, because if an on-line store uses shared servers, then people's passwords and banking info and other personal details could eventually be leaked and they probably don't want to leave any angle open for litigation. Home users may have some more freedom. But again, it's best to hear what experts have to say. Most microcode updates aren't out yet anyway, software patches will have to do for now.

Speaking of which, Nvidia has released theirs: http://www.overclock.net/t/1645399/tpu-nvidia-releases-geforce-390-65-whql-drivers-spectre-variant-1-fix-included


----------



## cekim

Quote:


> Originally Posted by *Dimaggio1103*
> 
> Care to explain servers with multiplayer seeing huge increase in utilization? How about the 20-30% NVME drop in write speeds? Sorry to break it to ya but the story is not garbage. Dont hate the messenger hate the company that willing fully sold you a flawed chip.


Didn't say they didn't. They clearly did. At no point have I claimed Intel didn't screw the pooch.

They question is how flawed, how to fix them (because there are millions of them out there) and what it really means to functionality. Getting to those answers has been tough because most of what makes it out on the net/media is sensationalist blather.

I have repeatedly and specifically identified write I/O issues that I have seen which match up to what others who are dealing in actual measurements and data are seeing. The question is what does 4k random write performance actually mean to applications (desktop and server)? So far, not 30%.

As for utilization - utilization and performance are different issues - both important and related in "capacity", but they require different tests.

We have some early data on throughput, but very, very little on utilization.

So far any and every assertion that performance "drops 30%" is crap and provides not only no information, but incorrect information. Performance of specific operations do indeed drop anywhere from 1-50%, but whether you see that drop in actual performance depends wildly on what you are doing. On haswell and skylake everything I am going do this year other than benchmarks so far shows an impact within the noise of measurement (some negative, some positive) once I update to the latest kernel.

That may change, more kernel edits may occur which further harm performance, or they may regain some lost performance in those specific operations that show obvious regression.


----------



## OutlawII

I will not update or patch anything for awhile until they get this all figured out


----------



## cekim

Quote:


> Originally Posted by *OutlawII*
> 
> I will not update or patch anything for awhile until they get this all figured out


Depending on what you are doing, that's likely a bad idea. Now that exploits are known and evidently trivial to implement, you can bet there will be people out there using them.


----------



## DanBr

Quote:


> Originally Posted by *tpi2007*
> 
> From what I'm reading Haswell is probably at the intersection - it has or will have BIOS updates to the CPU microcode to patch Indirect Branch Restricted Speculation (IBRS), Single Thread Indirect Branch Predictors (STIBP) and Indirect Branch Predictor Barrier (IBPB) - first approach, but it doesn't need a microcode update to work properly with Retpoline - second (software) approach, unlike Broadwell and above, so, you can actually choose if you want to only benefit from Retpoline - as far as I'm aware it's built into the latest Windows patch too, or if you want to cover all angles and also suffer an additional performance penalty and implement the microcode updates.
> 
> We'll have to see in the coming days what the experts say on what are the scenarios where applying both methods is recommended and where it's optional. I'd say that in cloud environments they are probably playing it safe to not jeopardize their customer's data - and ours too, because if a on-line store uses shared servers, then people's passwords and banking info and other personal details could eventually be leaked and they probably don't want to leave any angle open for litigation. Home users may have some more freedom. But again, it's best to hear what experts have to say. Most microcode updates aren't out yet anyway, software patches will have to do for now.
> 
> Speaking of which, Nvidia has released theirs: http://www.overclock.net/t/1645399/tpu-nvidia-releases-geforce-390-65-whql-drivers-spectre-variant-1-fix-included


Thanks again, and please keep informing us. With the help of persons on this forum (IT Diva in particular) I built a wonderful water cooled box about 2 1/2 yrs ago, that pushed the edge of my abilities.
I don't understand much of what you are writing, (but don't stop, others do) and look for the conclusions of should I do or not do what you speak of. That being said I have a EVGA Hydro Copper 980 TI vid card and
would not have thought that it would need an update for this issue, but will see if it suggests it for me
dan


----------



## Offler

I asked ASUS about 990x and 990fx mainboards/CPUs. So far no official info about microcode updates - most probably in general.


----------



## cfu97

So all of us can be hacked now? If overclock.net got hacked then we are done?


----------



## jagdtigger

Quote:


> Originally Posted by *yamnakshatriya*
> 
> Then, whether it's implemented by your government or not, some not-so-nice foreign government will implement it and use opposite technologies to cause havoc in your country to their advantage. You will not have the surveillance in place to know who their agents are and you won't be able to counter them, while any response you could have caused in their country is impossible due to their own surveillance systems. Really bad, and sick people will be able to do things, using modern technologies to their advantage, that you cannot imagine, and they are not able to be caught because of how advanced encryption technology is becoming.
> 
> The answer is not no surveillance, but honest people, both in government and outside. I am sure if we were to wake up in a clean society tomorrow, most "good" NSA employees would be happy to be surveilled by some special citizens' investigatory board, like the Censors of Ancient Rome, as long as they could continue to do their jobs. Alternatively, something like an AI doing the surveillance without human interference except in special occasions would be relatively un-corruptable too.


Do you belive in dragons too? Even with surveillance many terrorist acts wasnt stopped but they gonna ctach pros with it... Yeah keep on dreaming. And BTW there is no such thing as honest people, everyone views its own goals and they will trample others if need be. Sad as it is this is the real world we live in, you can think otherwise but what you wrote is nothing but a foolish dream.


----------



## Gdourado

I upgraded from a 3770k to a 6700k for the IPC improvements.
Now with all this, the fixes are said to push back IPC on intel CPU's up to 3 generations back...
So I basically wasted money since my 6700k will now be slower than my 3770k was?
This really sucks!


----------



## mouacyk

Quote:


> Originally Posted by *cfu97*
> 
> So all of us can be hacked now? If overclock.net got hacked then we are done?


Overclock.net, like AMD, is unaffected by these vulnerabilities.


----------



## cekim

Quote:


> Originally Posted by *Gdourado*
> 
> I upgraded from a 3770k to a 6700k for the IPC improvements.
> Now with all this, the fixes are said to push back IPC on intel CPU's up to 3 generations back...
> So I basically wasted money since my 6700k will now be slower than my 3770k was?
> This really sucks!


Correction - both your 6700k and 3770k will be slower









see above, and in truth run some apps and you'll find that this description is not accurate even if you run the 3770k un-patched. Not even close.


----------



## bmaxa

Quote:


> Originally Posted by *Gdourado*
> 
> I upgraded from a 3770k to a 6700k for the IPC improvements.
> Now with all this, the fixes are said to push back IPC on intel CPU's up to 3 generations back...
> So I basically wasted money since my 6700k will now be slower than my 3770k was?
> This really sucks!


It won't be slower. But proper fix on next generation CPU's will require that all of them run slower, yes. Haswell+ has pcid which accelerates context switch.


----------



## cekim

Quote:


> Originally Posted by *bmaxa*
> 
> It won't be slower. But proper fix on next generation CPU's will require that all of them run slower, yes. Haswell+ has pcid which accelerates context switch.


The 4.x linux kernel (which already included much more PCID code prior to this debacle and thus more optimized/integrated use of it) seems to mitigate the impact compared to the 3.x kernel.

I'm not 100% sure that the latest RH released 4.x kernel includes the same level of patching as the latest RH 3.x kernel though. I believe it does, but would not stake my life on it yet.

If it does, then the mitigation of impact is significant (i.e. the 4.x kernel slow-down is much smaller than the 3.x kernel) even with the specific functions that took a big hit (write I/O).

I haven't been trying to keep up with Windows patching performance as much. The assumption is that whatever delta between linux before/after will eventually be roughly equivalent in the Windows world. That is, once the dust has settled, it _should_ be safe to assume that Windows will be able to achieve rough parity with the slowdown or lack thereof that linux achieves and vice-versa.

Though it should be noted that Windows has always had I/O throughput issues with their file-system layer, so it is conceivable that it could permanently suffer more than linux here, but MSFT/Intel will be keen to prevent that I'm sure.


----------



## Gdourado

So after the fixes, ryzen is now a better bet?
Previously, ryzen was around Haswell in IPC.
That meant that skylake was better and it also clocked higher.
But if skylake IPC will be pushed back 3 generations, ryzen will be better, right?


----------



## Dimaggio1103

Quote:


> Originally Posted by *Offler*
> 
> Your security expert is incompetent. As for AMD the issue allows read in worst case, for Intel it allows write.


Wrong again. Are these Intel employee's or just OCNers that dont read? Intel is the only one affected by meltdown which is the more seriousness of the vulnerabilities. That being because on Intels flaw they can READ information from info supposed to be secured via a register. People can tap right into it and stream the info. For real just look at youtube tons of videos showing it being done. AMD is only vulnerable to the thing that can be easily patched. Stop trying to pretend like this is equal or something its not. There are tons of meltdown scripts just google, not many speculative attacks though. Also for the last time Intels flaw is baked into the chip, so cannot be fixed. Only worked around. AMDs can be fixed and it has zero to die with meltdown stop lying.
Quote:


> Originally Posted by *cekim*
> 
> The 4.x linux kernel (which already included much more PCID code prior to this debacle and thus more optimized/integrated use of it) seems to mitigate the impact compared to the 3.x kernel.
> 
> I'm not 100% sure that the latest RH released 4.x kernel includes the same level of patching as the latest RH 3.x kernel though. I believe it does, but would not stake my life on it yet.
> 
> If it does, then the mitigation of impact is significant (i.e. the 4.x kernel slow-down is much smaller than the 3.x kernel) even with the specific functions that took a big hit (write I/O).
> 
> I haven't been trying to keep up with Windows patching performance as much. The assumption is that whatever delta between linux before/after will eventually be roughly equivalent in the Windows world. That is, once the dust has settled, it _should_ be safe to assume that Windows will be able to achieve rough parity with the slowdown or lack thereof that linux achieves and vice-versa.
> 
> Though it should be noted that Windows has always had I/O throughput issues with their file-system layer, so it is conceivable that it could permanently suffer more than linux here, but MSFT/Intel will be keen to prevent that I'm sure.


You need to stop. you playing with some sql benching on diff kernals means nothing unless you also have the full work around via bios. With ALL the final version patches. There has been plenty of youtubers and companies that have confirmed huge hits to performance. NVME is hit the hardest next to programs that require large amounts of sys calls.


----------



## cekim

Quote:


> Originally Posted by *Gdourado*
> 
> So after the fixes, ryzen is now a better bet?
> Previously, ryzen was around Haswell in IPC.
> That meant that skylake was better and it also clocked higher.
> But if skylake IPC will be pushed back 3 generations, ryzen will be better, right?


So far (and emphasis on that), WRT performance this is not a valid assertion.

Skylake IPC has not been pushed back 3 generations at the application level. Impact ranges from negative, to none to ~5% in most applications. Impact to specific functionality and synthetic benchmarks can be higher, but across the board, the application performance hit is much smaller.

The server utilization impact is still a bit of an unknown. The application level slow-down is measurable and comports to the above assertion at this point, but there were early reports of "high cpu utilization" by AWS users. Not enough follow-up yet to fully understand what was behind this and whether it is a permanent feature.

As far as "safe bet". Right now, Ryzen/TR appear to be more robust against these exploits. So, in that regard, it would appear they present the "better bet". In terms of performance, Broadwell and Skylake real-world performance both exceed that clock-for-clock, core-for-core of Ryzen/TR...

So, gauge your needs accordingly.


----------



## JedixJarf

Quote:


> Originally Posted by *Dimaggio1103*
> 
> Waaaaayyyyy oversimplifying it though. Some application on desktops saw a 30% reduction in perf. A 35% and higher reduction in NVME speeds for write. Servers saw issues and threw wait times into the 30-45min. This aint no small potatoes.


That means people using Msofts converged storage solutions on server 2016 utilizing nvme planes are in for a world of hurt post patch.


----------



## cekim

Quote:


> Originally Posted by *Dimaggio1103*
> 
> You need to stop. you playing with some sql benching on diff kernals means nothing unless you also have the full work around via bios. With ALL the final version patches. There has been plenty of youtubers and companies that have confirmed huge hits to performance. NVME is hit the hardest next to programs that require large amounts of sys calls.


lol... you need to understand that I've applied the uCode patch outside the BIOS. I don't need to wait for the BIOS to do so.

"huge hits in performance". Again, to specific features of performance. 4K random low-queue-depth writes to NVME took a dive.... However, 4K random performance, while important, does not determine application level impact.


----------



## rluker5

Quote:


> Originally Posted by *Dimaggio1103*
> 
> Care to explain servers with multiplayer seeing huge increase in utilization? How about the 20-30% NVME drop in write speeds? Sorry to break it to ya but the story is not garbage. Dont hate the messenger hate the company that willing fully sold you a flawed chip.
> 
> http://www.pcgamer.com/fortnite-servers-will-be-unstable-for-the-next-week-because-of-meltdown-patch/
> 
> https://www.youtube.com/watch?v=JbhKUjPRk5Q


I don't have the microcode update to my bios yet, just windows KB4056892, and while my optane random performance has decreased, it is more like 10% per crystaldiskmark. It's still pretty good, shame I won't be able to hit those scores anymore though.
before update: 
after update:


----------



## cekim

To confirm what I'm seeing in linux (with the uCode and kernel patches available so far) - these guys are seeing similar things:
http://www.scylladb.com/2018/01/07/cost-of-avoiding-a-meltdown/
Quote:


> Originally Posted by *Scyla*
> Running the same workload, Scylla now processes 1,361,158,213 requests over the same 20 minutes-an average rate of 1.13M/s writes. Fixing Meltdown has the side effect of making Scylla 6% slower-a far cry from the 30% upper bound usually seen for complex server software, and much closer to the 5% lower bound usually published.


----------



## Dimaggio1103

Quote:


> Originally Posted by *cekim*
> 
> lol... you need to understand that I've applied the uCode patch outside the BIOS. I don't need to wait for the BIOS to do so.
> 
> "huge hits in performnce". Again, to specific features of performance. 4K random low-queue-depth writes to NVME took a dive.... However, 4K random performance, while important, does not determine application level impact.


Your trying to obfascate the truth with talking above the average persons knowledge here. Im a low level software engineer (or atleast use to be







) So mind clarifying where your getting all this info as I think I stand a better chance of understanding you. You say you have applied the ucode, (microcode) is what im assuming you mean. How exactly did you do this without flashing the bios? Microcode as far as I know is only flashed via a test board manf. have with live tools, or you flash the bios. Since the bios patches are out in tandum with the windows patches why not try testing that? Its the easiest for us to peer test to confirm. SQL is a terible way to benchmark a system. SQL does not hit nearly as hard as other database calls (in linux) as it is optimized nicely. I mean i use to be a sys admin as well, and Linux systems never used sql but in some isolated instances.

4K random low is not the only hit almost all 4K writes took a hit. NVME drives are a big thing to mess up. That's no small potatoes. You know how many azure, aws, or any other hosting platform will be hit? To quote a man I dislike intently...BIGLY!

So to sum up clarify how you applied the microcode outside of the bios for me if ya would.

@Rluker the windows patch is almost no hit to perf unlike the bios workaround via microcode that hits perf the hardest.


----------



## Vlada011

Guys did you secure your computers?
It's unknown how many patches will MS and Intel sent to owners of their chipsets in 2018.
But one thing is sure, Broadwell-E will work as Ivy Bridge-E.
You think Intel will share properly about performance loss. You think they will tell you if now estimate that platform will work 50% slower for 1-2 years.
Do you know what happen, you wait winter in room without door, and instead to remove in other secure, you pain windows and debate with wife did you seal up window properly.


----------



## cekim

Quote:


> Originally Posted by *Dimaggio1103*
> 
> Your trying to obfascate the truth with talking above the average persons knowledge here.


Horse Hockey... I'm trying to provide facts and details as hardware, software and expertise I have allows. I am not trying to obfuscate anything nor do I have a reason/motive/interest in doing so.
Quote:


> Originally Posted by *Dimaggio*
> Im a low level software engineer (or atleast use to be
> 
> 
> 
> 
> 
> 
> 
> ) So mind clarifying where your getting all this info as I think I stand a better chance of understanding you. You say you have applied the ucode, (microcode) is what im assuming you mean. How exactly did you do this without flashing the bios?


Linux (and windows BTW) have a built-in facility to update the uCode on the processor after hand-off from the boot-loader.

You can write your own .EFI driver to do this if you really want to, or you can use the facility build into linux and windows (which is what I am doing - since RH has already patched it for my processor(s)).

So, the BIOS loads its uCode image and register state, then calls the boot-loader. The boot-loader does its setup and then calls the OS. The OS can (and always does in most modern linux distros and Windows as well) then re-load the micro-code. Obviously this is done very early in the process.

In the logs this looks something like:

[ 0.000000] microcode: microcode updated early to revision 0x3b, date = 2017-11-17
[ 1.214678] microcode: sig=0x306f2, pf=0x1, revision=0x3b

This confirms that 0x3b version is the one I want:
https://wiki.gentoo.org/wiki/Project:Security/Vulnerabilities/Meltdown_and_Spectre#sys-firmware.2Fintel-microcode

You can manually control this (though I've not needed to in this instance) by editing the files in:
/usr/lib/firmware/intel-ucode

In there you will find a file with the family/stepping of your processor that you can swap out. Additional steps may be required by your distro, but the basic idea is to take the firmware file(s) in that dir and produce an image available to the kernel/boot loader. More detailed instruction examples for gentoo (I use CentOS/RH, but the basic process is very similar)

https://wiki.gentoo.org/wiki/Intel_microcode

Windows has a similar process (there may be a better example, but this gives you an idea):
http://forum.notebookreview.com/threads/how-to-update-microcode-from-windows.787152/
Quote:


> Originally Posted by *Dimaggio*
> Microcode as far as I know is only flashed via a test board manf. have with live tools, or you flash the bios. Since the bios patches are out in tandum with the windows patches why not try testing that?


Haven't been testing with windows for the most part because I don't have two identically configured machines on which I can run enterprise software and that I can monkey around with without causing myself problems (still have to get work done). I have easy access to these two E5-2696v3 machines and right now I can wreck them without causing problems.

I have run some tests on windows with my 7980XE and posted those results. 4520 vs 4462 CBR15 for example.

I also have less control and data to work with on windows since I can't go back and regress. With my linux boxes above, I am maintaining them in before and after states and can move around versions to re-check things. I only have one 7980XE and windows updates are difficult to isolate, verify, control.
Quote:


> Originally Posted by *Dimaggio*
> Its the easiest for us to peer test to confirm. SQL is a terible way to benchmark a system. SQL does not hit nearly as hard as other database calls. I mean i use to be a sys admin as well, and Linux systems never used sql but in some isolated instances.


SQL is a very good indicator of something a server does a lot. It has a lot of file-system synchronization emblematic of what servers do day in and day out. It's used by mail servers for a great deal of their internal functionality for example. It's used by CMS for their content and so on and so forth. If it doesn't perform, you are going to have a bad time.

I have to disagree that its not a decent candidate.

So far I've used that as well as large memory image RTL design simulations in proprietary EDA software and NFS throughput of large files over 10GbE.


----------



## Offler

Quote:


> Originally Posted by *Dimaggio1103*
> 
> Wrong again. Are these Intel employee's or just OCNers that dont read? Intel is the only one affected by meltdown which is the more seriousness of the vulnerabilities. That being because on Intels flaw they can READ information from info supposed to be secured via a register. People can tap right into it and stream the info. For real just look at youtube tons of videos showing it being done. AMD is only vulnerable to the thing that can be easily patched. Stop trying to pretend like this is equal or something its not. There are tons of meltdown scripts just google, not many speculative attacks though. Also for the last time Intels flaw is baked into the chip, so cannot be fixed. Only worked around. AMDs can be fixed and it has zero to die with meltdown stop lying.
> .


1. if you would read my previous posts you will find that I reminded few times to Intel fanboys to stay out. At least be so kind and read what i reacted to. Because i wasnt talking about meltdown, but reacting to one specific post.

2. Out of three vulnerabilities, Intel is vulnerable to Meltdown. Thats the one which allows you to write data to L1 cache, and 2 others which allow to read L1 cache.

3., AMD is vulnerable only to one of those - the one least painful to fix via microcode.


----------



## Dimaggio1103

Quote:


> Originally Posted by *Offler*
> 
> 1. if you would read my previous posts you will find that I reminded few times to Intel fanboys to stay out. At least be so kind and read what i reacted to. Because i wasnt talking about meltdown, but reacting to one specific post.
> 
> 2. Out of three vulnerabilities, Intel is vulnerable to Meltdown. Thats the one which allows you to write data to L1 cache, and 2 others which allow to read L1 cache.
> 
> 3., AMD is vulnerable only to one of those - the one least painful to fix via microcode.


Sorry but your wrong again. Stop repeating this mistake and i wont quote you anymore.

Regarding Meltdown: "It allows a rogue process to read any kernel memory, regardless of whether or not it should be able to do so." This is done via a non secured part of the CPU hardware that is typically secured. has nothing to do with write only.

@Cekim I did not mean to say its not a decent candidate and yes linux does allow you to do that if you have the right software ill give you that. However, that should underline my point. Both of us having experience in linux servers. Linux is far less resource intensive. The Scylla uses specialized software to reduce databasing load. It even says so on the front page. If this is what your using as a program or OS I must protest as thats a highly streamlined software. Not saying it is I assume its just a sec blog you like but they put up tests done with their software so im confused on that point your trying to make by linking them. Some sites like Fortnight and some others have already seen huge hits up to 35% and beyond, so not sure what point your trying to make. Your posting sqlbenches and kernal loging for response times in a linux suite. Thats not the avergage user or even average server for a big corp.


----------



## sefwe

Don't install. Keep your PC fast.


----------



## Echoa

Quote:


> Originally Posted by *coelacanth*
> 
> Got a Windows 10 update and ran Valley 1080p. Overall score down 2.1%, minimum FPS down 2.7%.


Tbh 3% difference isn't really worth note, there's other factors that could cause a 3% variation besides that.


----------



## cekim

Quote:


> Originally Posted by *sefwe*
> 
> Don't install. Keep your PC fast.


Until your PC is hijacked and you no longer control it. It will be a very fast participant in a bot-net and/or send your banking password to someone else very quickly.


----------



## Dimaggio1103

Quote:


> Originally Posted by *cekim*
> 
> Until your PC is hijacked and you no longer control it. It will be a very fast participant in a bot-net and/or send your banking password to someone else very quickly.


Hey we agree on something. It amazes me people would opt out of an attack that litterally leaves no trace and interacts at such a low level. What amazes me more is they would say this online full of random people. Thats like me parking my m4 (I dont really own one I wish) in Compton or downtown Riverside and yelling "Theres a pound of weed and 5k dollars in unmarked bills and im leaving my keys in and doors unlocked".


----------



## Echoa

Quote:


> Originally Posted by *Dimaggio1103*
> 
> Hey we agree on something. It amazes me people would opt out of an attack that litterally leaves no trace and interacts at such a low level. What amazes me more is they would say this online full of random people. Thats like me parking my m4 (I dont really own one I wish) in Compton or downtown Riverside and yelling "Theres a pound of weed and 5k dollars in unmarked bills and im leaving my keys in and doors unlocked".


You don't do that?... Scrub detected


----------



## sefwe

Quote:


> Originally Posted by *cekim*
> 
> Until your PC is hijacked and you no longer control it. It will be a very fast participant in a bot-net and/or send your banking password to someone else very quickly.


This "vulnerability" is over 10 years old. Halving PC performance not worth it.


----------



## cekim

Quote:


> Originally Posted by *Dimaggio1103*
> 
> @Cekim I did not mean to say its not a decent candidate and yes linux does allow you to do that if you have the right software ill give you that. However, that should underline my point. Both of us having experience in linux servers. Linux is far less resource intensive. The Scylla uses specialized software to reduce databasing load. .


Indeed - I too see that the more software was already optimized to limit/balance I/O, the less it is impacted. I provided them only a reference confirming what I am seeing in that regard.

Here's some GeekBench 4.0 That will hopefully provide broader reference others can reproduce more readily (of course people have qualms with various tests used here, so better to look at specific applications with in as a rough guide):

before: 3.x
https://browser.geekbench.com/v4/cpu/6236283
overall: 4460 (single) 46717 (multi)

after: 3.x
https://browser.geekbench.com/v4/cpu/6235989
overall: 4469 (single) 46176 (multi)

after: 4.x
https://browser.geekbench.com/v4/cpu/6235620
overaall: 4456 (single) 46361 (multi)

Here's an OC'd (the highest ranked GB entry) 1950x for reference (GB 4.2 vs my 4.0... I'll have to upgrade and see if it matters):
https://browser.geekbench.com/v4/cpu/6002093
overall: 4496 (single) 50043 (multi)

So, given the above:
Would I take a hammer to my compute cluster and buy Thread Rippers in rage-quit? Nope. A big yawn so far...

Am I rather seriously considering replacing older outward facing machines with non-Intel for security concerns? You-betcha.

Am I watching these performance number very, very closely in case a new development changes the landscape? See above - You-Betcha.

p.s. Those GB numbers actually surprisingly close from other measurements I've done... They must not stress disk I/O enough...

Example NFS (over 10GbE to raid array):
sudo dd if=/dev/zero of=/testfile bs=1G count=10 oflag=direct
3.x before:
10737418240 bytes (11 GB) copied, 10.9502 s, 981 MB/s

3.x after:
10737418240 bytes (11 GB) copied, 14.9527 s, 718 MB/s

4.x after:
10737418240 bytes (11 GB) copied, 11.1555 s, 963 MB/s


----------



## cekim

Quote:


> Originally Posted by *sefwe*
> 
> This "vulnerability" is over 10 years old. Halving PC performance not worth it.


1. A proof of concept that makes it trivial to copy changes the game. This moves an exploit from "theoretical" to "script-kiddie". Most exploits on the net are not master hackers, but opportunistic users of other people's exploits.

2. See all the above, you are not halving anything...


----------



## Paladin Goo

Eh, I'd still prefer an option to opt out.


----------



## Echoa

Quote:


> Originally Posted by *sefwe*
> 
> This "vulnerability" is over 10 years old. Halving PC performance not worth it.


Why did you put quotations on it like it's not a vulnerability? Also it doesn't 1/2 PC performance ya dingus, for most uses it had little effect except in data center/cloud service workloads, heavy I/O, and things with heavy context switching. Most home cases you'll see maybe 5% outside synthetics that are known to take an exaggerated hit.


----------



## sefwe

Quote:


> Originally Posted by *cekim*
> 
> 1. A proof of concept that makes it trivial to copy changes the game. This moves an exploit from "theoretical" to "script-kiddie". Most exploits on the net are not master hackers, but opportunistic users of other people's exploits.
> 
> 2. See all the above, you are not halving anything...


I tested the "security" "patch" of course. The performance loss in real applications, not benchmarks, is noticeable and not worth over someone "stealing my banking passwords" which i don't even have stored on the pc, or similar fearmongering bednight stories

How many affected cases are there?

It can read memory? How is this dangerous?


----------



## cekim

Quote:


> Originally Posted by *sefwe*
> 
> I tested the "security" "patch" of course. The performance loss in real applications, not benchmarks, is noticeable and not worth over someone "stealing my banking passwords" which i don't even have stored on the pc, or similar fearmongering bednight stories
> 
> How many affected cases are there?
> 
> It can read memory? How is this dangerous?


It can read KERNEL memory where passwords and keys are stored in un-encrypted form in various places at various times.

That is only one of 3 exploits at issue here - the others can cause branches to malicious code without your being able to detect or stop it. That malicious code can log and report your passwords to a third party.

You don't have to "store" your bank password on your PC. If you type it into a browser, its at risk.


----------



## Echoa

Quote:


> Originally Posted by *sefwe*
> 
> The performance loss in real applications, not benchmarks, is noticeable


show us the real performance loss you see

what applications? show us your data/proof, because conjecture is more than meaningless if you have absoluely nothing but placebo "Mah purformans".

All 3 of my machines have no noticeable performance impact, even my server doesnt but Im also not a datacenter serving thousand+ people and its mostly just me + maybe 30 people on my warframe and minecrafts servers.

You can find slow downs in synthetics obviously, but what are your actual slow downs? Im genuinely interested to see, because there is a performance loss but if you have no proof of anything then why should we just take your word?

This is a real issue, with real performance and security problems for data centers, cloud platforms, etc. but for most users its irrelevant performance loss (a single digit % here and there) and you should install security updates/microcode


----------



## Quantum Reality

Quote:


> Originally Posted by *sefwe*
> 
> Quote:
> 
> 
> 
> Originally Posted by *cekim*
> 
> 1. A proof of concept that makes it trivial to copy changes the game. This moves an exploit from "theoretical" to "script-kiddie". Most exploits on the net are not master hackers, but opportunistic users of other people's exploits.
> 
> 2. See all the above, you are not halving anything...
> 
> 
> 
> I tested the "security" "patch" of course. The performance loss in real applications, not benchmarks, is noticeable and not worth over someone "stealing my banking passwords" which i don't even have stored on the pc, or similar fearmongering bednight stories
> 
> How many affected cases are there?
> 
> It can read memory? How is this dangerous?
Click to expand...

The whole point is that these vulnerabilities allow a sort of "cross-reading" of memory. Basically program A can see the memory accessed by program B even if it shouldn't be able to. That's of little concern if you're just working with ordinary data (e.g. if you're crunching numbers for, say, a waterfall simulation), but becomes a big one for any transient personal data that you want to keep private, such as the aforementioned banking passwords.

Incidentally two-factor authentication could maybe mitigate this, since even if a snoop-program can see a key you enter, it doesn't know the generator of the key issued to you on the other device.


----------



## cekim

Quote:


> Originally Posted by *Quantum Reality*
> 
> The whole point is that these vulnerabilities allow a sort of "cross-reading" of memory. Basically program A can see the memory accessed by program B even if it shouldn't be able to. That's of little concern if you're just working with ordinary data (e.g. if you're crunching numbers for, say, a waterfall simulation), but becomes a big one for any transient personal data that you want to keep private, such as the aforementioned banking passwords.
> 
> Incidentally two-factor authentication could maybe mitigate this, since even if a snoop-program can see a key you enter, it doesn't know the generator of the key issued to you on the other device.


To some degree - once your cloud is compromised, 2FA just stops the kiddies, not the determined. Get into the cloud, compromise your secondary device(s) and we're off to the races.

Certainly ups the bar to a level that requires a more determined attacker for now, but how long until aggregation bridges the gap?


----------



## sefwe

Quote:


> Originally Posted by *Echoa*
> 
> show us the real performance loss you see
> 
> what applications? show us your data/proof, because conjecture is more than meaningless if you have absoluely nothing but placebo "Mah purformans".
> 
> All 3 of my machines have no noticeable performance impact, even my server doesnt but Im also not a datacenter serving thousand+ people and its mostly just me + maybe 30 people on my warframe and minecrafts servers.
> 
> You can find slow downs in synthetics obviously, but what are your actual slow downs? Im genuinely interested to see, because there is a performance loss but if you have no proof of anything then why should we just take your word?


I don't have to prove anything, I see a perf loss, i remove the problem causing it. Others however did some numbers. Example. https://www.reddit.com/r/pcmasterrace/comments/7obokl/performance_impact_of_windows_patch_and_bios/

Check the minimum frames and how the averages "barely moved"

Unpatched:
Mountain Peak: 131.48 FPS (min: 81.19 max: 197.02)

Windows patch only:
Mountain Peak: 135.34 FPS (min: 38.21 max: 212.84)

Windows patch and BIOS update:
Mountain Peak: 134.01 FPS (min: 59.91 max: 216.16)

Server performance.

Epic games reports x2 perf loss https://www.epicgames.com/fortnite/forums/news/announcements/132642-epic-services-stability-update
Eve Online reports x2 perf loss https://mobile.twitter.com/CCP_SnowedIn/status/948980181577875456

The losses clearly outweighs the gains. This vulnerability has been there for over 10 years, among with a ton of other exploits and nothing happened. Not to say there are people still using WinXP out there and there are fine too.

it feels more like Intel simply wants people to buy new hardware.


----------



## jaredismee

Quote:


> Originally Posted by *cekim*
> 
> To some degree - once your cloud is compromised, 2FA just stops the kiddies, not the determined. Get into the cloud, compromise your secondary device(s) and we're off to the races.
> 
> Certainly ups the bar to a level that requires a more determined attacker for now, but how long until aggregation bridges the gap?


anyone i have known that has gotten into doing this sort of thing has always targeted the easiest most vulnerable people. so this is exactly the issue, once it is available to everyone and not the select few who knew about it before it will be used for a lot more than targeting large businesses.

i know i wouldn't be too happy if i had to actually walk into a bank anytime i wanted to transfer or look at something.


----------



## Quantum Reality

Quote:


> Originally Posted by *jaredismee*
> 
> Quote:
> 
> 
> 
> Originally Posted by *cekim*
> 
> To some degree - once your cloud is compromised, 2FA just stops the kiddies, not the determined. Get into the cloud, compromise your secondary device(s) and we're off to the races.
> 
> Certainly ups the bar to a level that requires a more determined attacker for now, but how long until aggregation bridges the gap?
> 
> 
> 
> anyone i have known that has gotten into doing this sort of thing has always targeted the easiest most vulnerable people. so this is exactly the issue, once it is available to everyone and not the select few who knew about it before it will be used for a lot more than targeting large businesses.
> 
> i know i wouldn't be too happy if i had to actually walk into a bank anytime i wanted to transfer or look at something.
Click to expand...

I wonder what banks will be doing with their backend systems


----------



## Echoa

Quote:


> Originally Posted by *sefwe*
> 
> I don't have to prove anything, I see a perf loss, i remove the problem causing it. Others however did some numbers.


except none of this as stated seems to actually pertain to you, if youre going to make a claim you need to prove it and you have provided nothing besides benchmarks that showcase the specific types of workload this is known to effect (and some in that very reddit post show less than 5% in the same testing) and 0 regarding your own shown losses.

ROTTR is also known to be very inconsistent but you cherry picked to try and show a narrative you wanted when in the very link you posted it showed higher maximums by 20fps and largely the same avg with many pointing out that those lows are likely at the beginning of the benchmark and didnt get filtered out, we've seen this already.

Simply put, you have nothing, while we already know data centers and cloud providers to take large performance hits and dont pertain to home users

Again, im not making any claims there are no losses (there are, as much as 50% or more in certain cases), but if you are going to make a claim that you see significant loss, skip patching a major vulnerability because of it, and then also seem to not actually understand what the vulnerability is/does how to you expect anyone to take you seriously?


----------



## cekim

Quote:


> Originally Posted by *sefwe*
> 
> Unpatched:
> Mountain Peak: 131.48 FPS (min: 81.19 max: 197.02)
> 
> Windows patch and BIOS update:
> Mountain Peak: 134.01 FPS (min: 59.91 max: 216.16)
> 
> The losses clearly outweighs the gains.


A computer vulnerable to undectable attack vs higher average and max and a likely flawed min (betting your anti-virus, cloud, or other background app kicked in)???

Doesn't math dude...
Quote:


> Originally Posted by *sefwe*
> This vulnerability has been there for over 10 years, among with a ton of other exploits and nothing happened. Not to say there are people still using WinXP out there and there are fine too.


Again, for your sake, please understand the reality that the age an exploit has NOTHING to do with whether it is used. The issue is how widely deployed a pre-packaged exploit is on the "dark web" and whether there are sufficient counter-measures that make it likely it will work. A proof of concept and widespread lack of patching right now makes this a very, very likely exploit now or in the very near future.
Quote:


> Originally Posted by *sefwe*
> it feels more like Intel simply wants people to buy new hardware.


More things that don't "math"...

This is going to cost Intel $BILLIONS - lost sales, lawsuits, global investigations, pricing power, etc...

They do all manner of things to squeeze their customers, blowing off their own feet saying that decades of hardware is worthless insecure garbage so buy this new one doesn't fly when there is a competitor waiting who can smugly and rightly (at least for now) point out they don't have that same flaw...


----------



## Vlada011

https://www.wired.com/story/meltdown-spectre-bug-collision-intel-chip-flaw-discovery/

All Hackers worldwide would be happy... Hmmm one more Intel, excellent.
They are Sitting Ducks-Enthusiasts with 2000$ worth Skylake-X.









My logo have task to force 6.8 persons daily to switch to AMD.
He will remind people what Intel done until they compensate this mess to people.
Because in 2018 we will look worse decrease in performance in history, easy to be less painfull.
Intel should prepare for Skiing, discipline Downhill, World Cup 2018 with thousands and thousands followers...


----------



## Echoa

Quote:


> Originally Posted by *Vlada011*
> 
> https://www.wired.com/story/meltdown-spectre-bug-collision-intel-chip-flaw-discovery/
> 
> All Hackers worldwide would be happy... Hmmm one more Intel, excellent.
> They are Sitting Ducks-Enthusiasts with 2000$ worth Skylake-X.


id like it more if they didnt make it such a fanciful tale (i hate when they fluff it for length)


----------



## Gdourado

Quote:


> Originally Posted by *cekim*
> 
> So far (and emphasis on that), WRT performance this is not a valid assertion.
> 
> Skylake IPC has not been pushed back 3 generations at the application level. Impact ranges from negative, to none to ~5% in most applications. Impact to specific functionality and synthetic benchmarks can be higher, but across the board, the application performance hit is much smaller.
> 
> The server utilization impact is still a bit of an unknown. The application level slow-down is measurable and comports to the above assertion at this point, but there were early reports of "high cpu utilization" by AWS users. Not enough follow-up yet to fully understand what was behind this and whether it is a permanent feature.
> 
> As far as "safe bet". Right now, Ryzen/TR appear to be more robust against these exploits. So, in that regard, it would appear they present the "better bet". In terms of performance, Broadwell and Skylake real-world performance both exceed that clock-for-clock, core-for-core of Ryzen/TR...
> 
> So, gauge your needs accordingly.


I opted for skylake over ryzen because I only use my pc for gaming and at gaming, intel ipc and clock speed were kings against ryzen higher core and thread count.

But now, if my skylake ipc advantage is pushed back, then ryzen becomes the better option because of those extra threads.
Now it isn't not a matter of doing content creation or other tasks that take advantage of the extra cores, it is actually having a cpu that has those extra cores and with equal or even better ipc performance.

I can't help but feel robbed and conned!
I went intel because they always sold they're cpus as the best cpus for gaming due to superior ipc and clock speed.
I buy a system to have that. Now all of the sudden they launch updates that kill that ipc advantage and performance?
Don't tell me this isn't a con!


----------



## sefwe

Quote:


> Originally Posted by *Echoa*
> 
> specific types of workload


Battlefield 1 and ROTTR minimum frames getting hit by the update is not a specific types of workload and neither are my games and apps.


----------



## Echoa

Quote:


> Originally Posted by *Gdourado*
> 
> I can't help but feel robbed and conned!
> I went intel because they always sold they're cpus as the best cpus for gaming due to superior ipc and clock speed.
> I buy a system to have that. Now all of the sudden they launch updates that kill that ipc advantage and performance?
> Don't tell me this isn't a con!


you kinda did in a way, intel knew about this before release but theyre more concerned with keeping market share and couldnt risk giving the months of competition to AMD.

Personally the only reason i own Intel CPU at the moment are when i built my rig during haswell era there simply wasnt another option for the performance i wanted. I like AMD, and if they continue with this trend of pushing competition ill be gladly buying them next year (just a bonus they are in a sense more secure)


----------



## cekim

Quote:


> Originally Posted by *Gdourado*
> 
> I opted for skylake over ryzen because I only use my pc for gaming and at gaming, intel ipc and clock speed were kings against ryzen higher core and thread count.
> 
> But now, if my skylake ipc advantage is pushed back, then ryzen becomes the better option because of those extra threads.
> Now it isn't not a matter of doing content creation or other tasks that take advantage of the extra cores, it is actually having a cpu that has those extra cores and with equal or even better ipc performance.


Did you miss all of the above? Particularly in gaming, you should see virtually no slowdown. Ryzen still, after the patches, has roughly haswell IPC.

Go patch up and measure your favorite games - then check back with the ryzen benchmark.

and yes Intel deserves a black eye and lost sales for pushing our 2 generations knowing this nonsense was in there...


----------



## Echoa

Quote:


> Originally Posted by *sefwe*
> 
> Battlefield 1 and ROTTR minimum frames getting hit by the update is not a specific types of workload and neither are my games and apps.


you need to actually read the quoted reddit topic or even know anything about the benchmarks you are making claims to. Both have inconsistent performance and the benchmarker didnt filter out the lows at the beginning of the benchmark but in the very thread highs increasedf 20fps and avgs stays the same. Youre looking for something that fits the narrative you have chosen vs actually reading.

Beyond this its good practice to look at the .1% and 1% not the absolute mins as these are known to very wildly in some cases.


----------



## sefwe

Quote:


> Originally Posted by *cekim*
> 
> This is going to cost Intel $BILLIONS - lost sales, lawsuits, global investigations, pricing power, etc...


Of course, what i'm saying however is at the current time, the solutions offered are inadequate, even for a generic user.

If Intel wants to buy me a new PC, i'll gladly install their fixes.


----------



## sefwe

Quote:


> Originally Posted by *Echoa*
> 
> Both have inconsistent performance and the benchmarker didnt filter


You asked for data, and now you don't believe said data. (despite observing a consistent drop) Why even have the discussion.


----------



## Echoa

Quote:


> Originally Posted by *sefwe*
> 
> You asked for data, and now you don't believe said data. (despite observing a consistent drop) Why even have the discussion.


you didnt even read the damn data you posted and dont even know how/what the vulnerability works/is

your opinion at this point is entirely worthless as is anything youve said

all of your responses have been empty and cherry picked to fit what you want to hear


----------



## sefwe

Quote:


> Originally Posted by *Echoa*
> 
> you didnt even read the damn data you posted and dont even know how/what the vulnerability works/is
> 
> your opinion at this point is entirely worthless as is anything youve said
> 
> all of your responses have been empty and cherry picked to fit what you want to hear


there is no need to act butthurt just because you refuse to believe in shown performance loss, which is a ridiculous thought by itself.


----------



## Echoa

Quote:


> Originally Posted by *sefwe*
> 
> there is no need to act butthurt just because you refuse to believe in shown performance loss, which is a ridiculous thought by itself.


*Sigh* responding to someone who doesn't even get the threat this sort of vulnerability posses (actually asking "how is this dangerous"), doesn't read their own posted data, and doesn't even know that the very 2 games they tried to use as "proof" (which you didn't even benchmark yourself) very significantly in absolute highs/lows between runs on a normal day is no longer worth my time.


----------



## Gdourado

One of my planned upgrades for this month was a new SSD.
With the patches hitting nvme drives hard, is it still worth the premium of a nvme PCIe SSD vs a sata one?
I am talking just about a gaming use, especially loading times.

Cheers


----------



## ZoomThruPoom

Wow, could these bios patches also affect OC stability?

http://www.overclock.net/t/1645289/haswell-microcode-22h-vs-23h-security-spectre-performance-and-stability-differences

https://www.reddit.com/r/intel/comments/7ong6x/restest_your_overclocks_after_meltdown_patch/

Only time and testing will answer the "overall" effect on performance I guess.


----------



## Echoa

Quote:


> Originally Posted by *Gdourado*
> 
> One of my planned upgrades for this month was a new SSD.
> With the patches hitting nvme drives hard, is it still worth the premium of a nvme PCIe SSD vs a sata one?
> I am talking just about a gaming use, especially loading times.
> 
> Cheers


Would depend on the workload, but still in most cases an nvme will still be better


----------



## Echoa

Quote:


> Originally Posted by *ZoomThruPoom*
> 
> Wow, could these bios patches also affect OC stability?
> 
> http://www.overclock.net/t/1645289/haswell-microcode-22h-vs-23h-security-spectre-performance-and-stability-differences
> 
> https://www.reddit.com/r/intel/comments/7ong6x/restest_your_overclocks_after_meltdown_patch/
> 
> Only time and testing will answer the "overall" effect on performance I guess.


uCode 23 actually let's my 4770k run lower voltage than 19, but that's just me


----------



## sefwe

Quote:


> Originally Posted by *Echoa*
> 
> *Sigh* responding to someone who doesn't even get the threat this sort of vulnerability posses (actually asking "how is this dangerous"), doesn't read their own posted data, and doesn't even know that the very 2 games they tried to use as "proof" (which you didn't even benchmark yourself) very significantly in absolute highs/lows between runs on a normal day is no longer worth my time.


Good because you weren't bringing anything productive to the discussion anymore.

And no i'm not seeing anything particularly dangerous about this yet another exploit to justify losing performance over it. Browser updates will suffice.

Other than that don't execute untrustworthy code on your system. Basic stuff.


----------



## chispy

There is a new nvidia driver with security features added:

Release notes:

Table 2.1 Security Updates for NVIDIA Software Vulnerabilities
CVE ID NVIDIA Issue
Number
Description
CVE-2017-5753 1975134 Computer systems with microprocessors utilizing
speculative execution and branch prediction may allow
unauthorized disclosure of information to an attacker with
local user access via a side-channel analysis.
For more information on this issue, see the NVIDIA GPU
security updates for speculative side channel Security
Bulletin posted on the NVIDIA Product Security page

Driver Download: http://www.nvidia.com/download/driverResults.aspx/129081/en-us = whql 390.65

Does anyone knows if this driver will decrease performance even further on our PCs







, i mean Windows Patch + Bios Update + More Software Security Patches = slower PC ?


----------



## Quantum Reality

So basically anything built in the last 20 years with a speculative execution model implemented like Intel's is going to need a patch.

There are some decided disadvantages to our current technological system. :|


----------



## Echoa

Quote:


> Originally Posted by *Quantum Reality*
> 
> So basically anything built in the last 20 years with a speculative execution model implemented like Intel's is going to need a patch.
> 
> There are some decided disadvantages to our current technological system. :|


well they all do it slightly differently, its not that have spec exe like intels its an issue with the current state of how spec exe works and how the processor can be tricked to execute code even if it fails a bounds check, really this shouldnt happen once the check fails but the hardware doesnt ensure that and in intels case i think the big issue regarding meltdown is that it fetches data first before it fails the check (i could be off on this part) while everyone else checks first then fetches

in short currently CPUs dont ensure that memory that should be out of bounds for a give application is in fact out of bounds/unable to be accessed when spec exe is used

if you want to have details from people fall more knowledgeable than i am refer to google and others with in depth write ups


----------



## Quantum Reality

Quote:


> Originally Posted by *Echoa*
> 
> Quote:
> 
> 
> 
> Originally Posted by *Quantum Reality*
> 
> So basically anything built in the last 20 years with a speculative execution model implemented like Intel's is going to need a patch.
> 
> There are some decided disadvantages to our current technological system. :|
> 
> 
> 
> well they all do it slightly differently, its not that have spec exe like intels its an issue with the current state of how spec exe works and how the processor can be tricked to execute code even if it fails a bounds check, really this shouldnt happen once the check fails but the hardware doesnt ensure that and in intels case i think the big issue regarding meltdown is that it fetches data first before it fails the check (i could be off on this part) while everyone else checks first then fetches
> 
> in short currently CPUs dont ensure that memory that should be out of bounds for a give application is in fact out of bounds when spec exe is used
Click to expand...

nVidia's issuance of a patch tells me that at least nVidia GPUs have a speculative execution model like that of Intel's. It remains to be seen if Radeon has the same problem.

I can see the vulnerability being an issue for GPUs as people can use them for Bitcoin mining, whose value in turn depends on the integrity of the data being processed. Being able to snoop on that is a problem.


----------



## e-gate

Quote:


> Originally Posted by *chispy*
> 
> There is a new nvidia driver with security features added:
> 
> Release notes:
> 
> Table 2.1 Security Updates for NVIDIA Software Vulnerabilities
> CVE ID NVIDIA Issue
> Number
> Description
> CVE-2017-5753 1975134 Computer systems with microprocessors utilizing
> speculative execution and branch prediction may allow
> unauthorized disclosure of information to an attacker with
> local user access via a side-channel analysis.
> For more information on this issue, see the NVIDIA GPU
> security updates for speculative side channel Security
> Bulletin posted on the NVIDIA Product Security page
> 
> Driver Download: http://www.nvidia.com/download/driverResults.aspx/129081/en-us = whql 390.65
> 
> Does anyone knows if this driver will decrease performance even further on our PCs
> 
> 
> 
> 
> 
> 
> 
> , i mean Windows Patch + Bios Update + More Software Security Patches = slower PC ?


This driver actually tries to do the opposite of decrease performance.

http://nvidia.custhelp.com/app/answers/detail/a_id/4609

"January 3, 2018

This notice is in response to Google Project Zero's publication of novel information disclosure attacks that combine CPU speculative execution with known side channels. The issue was disclosed January 3, 2018.

NVIDIA's core business is GPU computing. We believe our GPU hardware is immune to the reported security issue and are updating our GPU drivers to help mitigate the CPU security issue. As for our SoCs with ARM CPUs, we have analyzed them to determine which are affected and are preparing appropriate mitigations."


----------



## Offler

Quote:


> Originally Posted by *Quantum Reality*
> 
> nVidia's issuance of a patch tells me that at least nVidia GPUs have a speculative execution model like that of Intel's. It remains to be seen if Radeon has the same problem.
> 
> I can see the vulnerability being an issue for GPUs as people can use them for Bitcoin mining, whose value in turn depends on the integrity of the data being processed. Being able to snoop on that is a problem.


AMD Graphic cards with GCN technology use ARM cores as shaders. OpenCL could be used as a means to access them, but how directly... Dont know if those even use any sort of branch prediction, or data distribution (and overall management of the core matrix) is done.

But because this has get through driver layer on Windows, it should not be that problematic to fix.


----------



## Echoa

Quote:


> Originally Posted by *Quantum Reality*
> 
> nVidia's issuance of a patch tells me that at least nVidia GPUs have a speculative execution model like that of Intel's. It remains to be seen if Radeon has the same problem.
> 
> I can see the vulnerability being an issue for GPUs as people can use them for Bitcoin mining, whose value in turn depends on the integrity of the data being processed. Being able to snoop on that is a problem.


no i dont think that has to do with nvidia gpus but to patch their binaries against it being used on a system. The attack can used unpatched binaries as a means to attack the system so its not spec exe on the gpu but on the cpu theyre patching the binaries against

edit: variant 1 requires binaries to be fixed
https://security.googleblog.com/2018/01/more-details-about-mitigations-for-cpu_4.html


----------



## Echoa

Quote:


> Originally Posted by *Offler*
> 
> AMD Graphic cards with GCN technology use ARM cores as shaders.


ummm....im pretty sure this is 100% false

RISC cores arent automatically ARM cores, ARM didnt invent RISC


----------



## chispy

A good read here







: https://www.techpowerup.com/240414/nvidia-geforce-390-65-driver-with-spectre-fix-benchmarked-in-21-games


----------



## Blameless

Quote:


> Originally Posted by *Quantum Reality*
> 
> nVidia's issuance of a patch tells me that at least nVidia GPUs have a speculative execution model like that of Intel's.


Or that their drivers, which are executed on the CPU, simply access kernel space.
Quote:


> Originally Posted by *Offler*
> 
> AMD Graphic cards with GCN technology use ARM cores as shaders.


No they don't.
Quote:


> Originally Posted by *Echoa*
> 
> no i dont think that has to do with nvidia gpus but to patch their binaries against it being used on a system. The attack can used unpatched binaries as a means to attack the system so its not spec exe on the gpu but on the cpu theyre patching the binaries against
> 
> edit: variant 1 requires binaries to be fixed
> https://security.googleblog.com/2018/01/more-details-about-mitigations-for-cpu_4.html


Yep.


----------



## chispy

https://www.youtube.com/watch?v=s7W5zsLp7xY&t=608s


----------



## cekim

[/quote]
Quote:


> Originally Posted by *Echoa*
> 
> ummm....im pretty sure this is 100% false
> 
> RISC cores arent automatically ARM cores, ARM didnt invent RISC


Nor is the ARM ISA RISC at this point... VEGA/GCN ISA here if you are interested: http://developer.amd.com/wordpress/media/2017/08/Vega_Shader_ISA_28July2017.pdf?webSyncID=abc0b8d9-53cb-8959-bd25-bd7653aeaacb&sessionGUID=c7a33031-0369-aa16-3180-dab6317b6c33


----------



## cekim

Quote:


> Originally Posted by *Gdourado*
> 
> One of my planned upgrades for this month was a new SSD.
> With the patches hitting nvme drives hard, is it still worth the premium of a nvme PCIe SSD vs a sata one?
> I am talking just about a gaming use, especially loading times.
> 
> Cheers


Read performance impact of both is minimal. The 4K write impact doesn't factor in game load times specifically.


----------



## Echoa

Quote:


> Originally Posted by *cekim*


Nor is the ARM ISA RISC at this point... VEGA/GCN ISA here if you are interested: http://developer.amd.com/wordpress/media/2017/08/Vega_Shader_ISA_28July2017.pdf?webSyncID=abc0b8d9-53cb-8959-bd25-bd7653aeaacb&sessionGUID=c7a33031-0369-aa16-3180-dab6317b6c33[/quote]

the line between risc and cisc is kinda blurry these days, arm is technically a risc arch but its gotten more cisc over time


----------



## chispy

Quote:


> Originally Posted by *cekim*
> 
> Read performance impact of both is minimal. The 4K write impact doesn't factor in game load times specifically.


+1 This ^^


----------



## Disharmonic

Quote:


> Originally Posted by *sefwe*
> 
> Good because you weren't bringing anything productive to the discussion anymore.
> 
> And no i'm not seeing anything particularly dangerous about this yet another exploit to justify losing performance over it. Browser updates will suffice.
> 
> Other than that don't execute untrustworthy code on your system. Basic stuff.


Sure, nothing dangerous at all...


----------



## khanmein

Quote:


> Originally Posted by *chispy*
> 
> https://www.youtube.com/watch?v=s7W5zsLp7xY&t=608s


Useless video. This fellow doesn't understand anything at all. Please kindly stop promoting the video. Thanks.


----------



## Echoa

Quote:


> Originally Posted by *Disharmonic*
> 
> Sure, nothing dangerous at all...




PS....dont even bother with him man


----------



## Quantum Reality

https://www.theregister.co.uk/2018/01/08/microsofts_spectre_fixer_bricks_some_amd_powered_pcs/

Not sure if this has already been mentioned somewhere else, but it looks like Microsoft's patch could be a problem for Ryzen and/or other AMD-CPU owners.


----------



## ibb27

Quote:


> Originally Posted by *Quantum Reality*
> 
> https://www.theregister.co.uk/2018/01/08/microsofts_spectre_fixer_bricks_some_amd_powered_pcs/
> 
> Not sure if this has already been mentioned somewhere else, but it looks like Microsoft's patch could be a problem for Ryzen and/or other AMD-CPU owners.


Yeah, last night friend called me with the same issue, he have Athlon X2. After the update, Windows 7 can't boot even in Safe mode. Proposed workaround (from ghacks.net, for Win 7):
1.Use the F8-key during the boot sequence and select Repair Your Computer in the menu that pops up. If you have difficulties opening the menu hammer on the F8-key repeatedly until the menu appears.
2. Open a command prompt window.
3. Run *dir d:* to check that the Windows drive is mapped.
4. Run *dism /image:d:\ /remove-package /packagenameackage_for_RollupFix~31bf3856ad364e35~amd64~~7601.24002.1.4 /norestart*

Source

I'll try this later, and report if it works or not...

Edit: It works, and I hid bugged update. More info:
https://answers.microsoft.com/en-us/windows/forum/windows_7-update/stop-0x000000c4-after-installing-kb4056894-2018-01/f09a8be3-5313-40bb-9cef-727fcdd4cd56


----------



## Offler

Quote:


> Originally Posted by *Echoa*
> 
> ummm....im pretty sure this is 100% false
> 
> RISC cores arent automatically ARM cores, ARM didnt invent RISC


Well the best block diagram of GCN i found is this:
https://en.wikipedia.org/wiki/Graphics_Core_Next#/media/File:GCN_command_processing.svg

I know they are RISC, and that AMD purchased license to manufacture ARM chips some time before GCN was introduced. So I am not sure then.


----------



## Echoa

Quote:


> Originally Posted by *Offler*
> 
> Well the best block diagram of GCN i found is this:
> https://en.wikipedia.org/wiki/Graphics_Core_Next#/media/File:GCN_command_processing.svg
> 
> I know they are RISC, and that AMD purchased license to manufacture ARM chips some time before GCN was introduced. So I am not sure then.


that was for a server chip theyd been working on not GCN lol


----------



## Offler

Quote:


> Originally Posted by *Quantum Reality*
> 
> https://www.theregister.co.uk/2018/01/08/microsofts_spectre_fixer_bricks_some_amd_powered_pcs/
> 
> Not sure if this has already been mentioned somewhere else, but it looks like Microsoft's patch could be a problem for Ryzen and/or other AMD-CPU owners.


Not for my Phenom II atm. Patch is installed, but i seems the KPTI isnt activated in registers.

But i had issue when using commands to verify it via powershell, the PS script wasnt even able to recognize my CPU. I posted that few pages back.

I guess Microsoft hurried and botched the patch for AMD users.


----------



## jagdtigger

Quote:


> Originally Posted by *Offler*
> 
> I guess Microsoft hurried got a donation from intel and botched the patch for AMD users.


Sorry, couldn't resist...


----------



## cekim

Quote:


> Originally Posted by *jagdtigger*
> 
> Sorry, couldn't resist...


MSFT doesn't "kode gud" without intense time pressure, much less with this rolling disaster. This is what happens when you lay off your QA team after the win 10 launch... ;-)


----------



## Wishmaker

To be or not to be botched, that is the question?
We all know botching is common practice in this industry.

NVIDIA botched their own users and killed cards.
AMD Botched their own users and now they have to fix plenty of DX 9 games with their latest driver.
Creative Botched their old X-FI Titanium non HD users and W10 gives a BSOD due to their recommended driver.
Microsoft has botched us so many times but we like it and we keep going back to Microsoft.
BitDefender botched thousands of users when the AV had a bad update and deleted pretty much everything from pictures and windows files.

Money can make people get botched more or less depending on which side you hail from.
I am sure that INTEL has nothing better to do than pay Microsoft to botch Athlon chips when the whole world is jumping on them


----------



## Gdourado

My question in all this is should I put my Z170 and 6700k for sale at a loss and then fork up the cash for a Ryzen system? This is just for gaming. Nothing else.


----------



## jagdtigger

Quote:


> Originally Posted by *Gdourado*
> 
> My question in all this is should I put my Z170 and 6700k for sale at a loss and then fork up the cash for a Ryzen system? This is just for gaming. Nothing else.


Better wait for the newer ryzen's... In single core your CPU is faster even without OC and that is more important for games ATM.


----------



## ThrashZone

Quote:


> Originally Posted by *Gdourado*
> 
> My question in all this is should I put my Z170 and 6700k for sale at a loss and then fork up the cash for a Ryzen system? This is just for gaming. Nothing else.


Hi,
Reselling is always at a loss just depends on how much of a loss









Looked yesterday thread ripper is running at 1000.us was 800.us but is mostly out of stock


----------



## cfu97

So If we don't patch or do nothing, we would get hacked through web browsing or playing online games?


----------



## randomizer

Quote:


> Originally Posted by *ThrashZone*
> 
> Reselling is always at a loss just depends on how much of a loss


Not always, just most of the time. I know someone who sold a third hand X800 Pro on ebay for more than retail back in the late 2000s (it was a temporary card).


----------



## OutlawII

Quote:


> Originally Posted by *Gdourado*
> 
> My question in all this is should I put my Z170 and 6700k for sale at a loss and then fork up the cash for a Ryzen system? This is just for gaming. Nothing else.


Why? If you want to up grade sure,if your worried about these hacks no. Alot of what you read is hyperbole this is a AMD fanbois site if you havent figured it out yet. At the end of the day it is up to you


----------



## Offler

Quote:


> Originally Posted by *Gdourado*
> 
> My question in all this is should I put my Z170 and 6700k for sale at a loss and then fork up the cash for a Ryzen system? This is just for gaming. Nothing else.


Dont buy anything new unless the patches are up, everything is fixed, and AMD/Intel state that their next line CPUs are now safer against side-channel attacks.


----------



## Gdourado

Quote:


> Originally Posted by *OutlawII*
> 
> Why? If you want to up grade sure,if your worried about these hacks no. Alot of what you read is hyperbole this is a AMD fanbois site if you havent figured it out yet. At the end of the day it is up to you


I am not really worried about the hacks.
I am worried about losing performance.
About having my system go back 2 or 3 years in upgrades.
I have been building and upgrading my system for a few generations and I was always seeking gains, benchmarking, trying to get the best bang for the buck upgrades and such.
My last upgrade was from a Z68 and 3770k to a Z170 and 6700k.
Not revolution performance upgrade, but after having sold my 3770k parts, the difference was small in cost and I got better performance.

Now, my 6700k will be handicaped in performance by some security fixes and patches and all my research, deal hunting, upgrades, are basically thrown out the windows!
I am having a really hard time accepting that!


----------



## Offler

Quote:


> Originally Posted by *Gdourado*
> 
> I am not really worried about the hacks.
> I am worried about losing performance.
> About having my system go back 2 or 3 years in upgrades.
> I have been building and upgrading my system for a few generations and I was always seeking gains, benchmarking, trying to get the best bang for the buck upgrades and such.
> My last upgrade was from a Z68 and 3770k to a Z170 and 6700k.
> Not revolution performance upgrade, but after having sold my 3770k parts, the difference was small in cost and I got better performance.
> 
> Now, my 6700k will be handicaped in performance by some security fixes and patches and all my research, deal hunting, upgrades, are basically thrown out the windows!
> I am having a really hard time accepting that!


It can be expected that in next CPU generations the vulnerability mitigation will be on hardware, or accelerated, and thus for the next gen hardware there will be no performance penalty. In any case, wait with it.


----------



## SavantStrike

Quote:


> Originally Posted by *OutlawII*
> 
> Why? If you want to up grade sure,if your worried about these hacks no. Alot of what you read is hyperbole this is a AMD fanbois site if you havent figured it out yet. At the end of the day it is up to you


I respectfully disagree. If you look at the number of users with red vs blue rigs, there's a lot more blue team gear.
Quote:


> Originally Posted by *Gdourado*
> 
> My question in all this is should I put my Z170 and 6700k for sale at a loss and then fork up the cash for a Ryzen system? This is just for gaming. Nothing else.


Not worth it. Unless your 6700K is bone stock the ryzen could even be slower if it isn't a high clock speed variant and you're not playing a multi threaded game.

Just wait for the patch and you'll be fine.


----------



## cekim

Quote:


> Originally Posted by *Gdourado*
> 
> My question in all this is should I put my Z170 and 6700k for sale at a loss and then fork up the cash for a Ryzen system? This is just for gaming. Nothing else.


Particularly for gaming since there has been so little impact thus far, whatever you do, don't do it because a talking head said your computer is 30% slower. Do it because it actually is and you've measured it being 30% slower. Hint: it isn't. Not even close. You are not 3 generations back in performance.
Quote:


> Originally Posted by *cfu97*
> 
> So If we don't patch or do nothing, we would get hacked through web browsing or playing online games?


Yes, that is correct - the Meltdown exploit in particularly presents a relatively easy exploit to passwords and unencrypted sensitive data that would otherwise be impossible to see by malware. This memory is intended to be inaccessible by the user via any means, but this exploit has made it possible to ask for memory the requester is explicitly not allowed to see and despite the CPU ultimately denying the request, the data can still be extracted by the malware.

So, you can type your password into a box that is using SSL to communicate with the server, but malware can read the unencrypted version as you type and pass it to someone else.
Quote:


> Originally Posted by *Offler*
> 
> Dont buy anything new unless the patches are up, everything is fixed, and AMD/Intel state that their next line CPUs are now safer against side-channel attacks.


This is good advice. If you can wait, wait. Between shoddy patching of AMD and the unknowns of Specter, it will be a while before there is hardware on the market that is "known good" and software that knows how to not cripple it...


----------



## cekim

Quote:


> Originally Posted by *Offler*
> 
> It can be expected that in next CPU generations the vulnerability mitigation will be on hardware, or accelerated, and thus for the next gen hardware there will be no performance penalty. In any case, wait with it.


Unfortunately, I fear this may be optimistic. Given the CPU design pipe-line and the inherent nature of this bug its possible that its already too late to fix the next generation of chips at this point prior to coming to market.

It's not impossible that an easy gate change could be found to those designs, but it's asking a lot. The fundamental issue is the structure of the decision making pipe-line in the chip. The time and re-ordering between request, check of permission, response and ultimate retiring of an instruction is where this bug happens. So, either the order of operations has to change (without crippling the performance gained by the order we have now) or the response has to be much smarter about not leaving bread-crumbs and partial data of the request if the request is ultimately denied.

Then there is Specter which is a whole new pipe-line issue.

These are difficult architectural issues to fix without losing the same performance the patches lose. So, fixing them _can_ be very complex in every way: how to fix it? how to verify the fix works? how to ensure the fixed hardware still performs?

That's many man-years of work that now has to be done at a point in the design and manufacturing process where big changes become exponentially more expensive and impossible at you approach launch date.


----------



## Blameless

Quote:


> Originally Posted by *cekim*
> 
> Unfortunately, I fear this may be optimistic. Given the CPU design pipe-line and the inherent nature of this bug its possible that its already too late to fix the next generation of chips at this point prior to coming to market.


I'm not expecting a real fix (that doesn't involve performance degrading hacks/patches) until until the 10th or 11th generation of Core processors, or whatever they happen to be calling them then.


----------



## the_real_7

Good Reading above guys all very valid points. I just upgraded on Christmas to my 8700k rig so this news hit home hard being i was on a 7700k @ 50. Whatever gain I had i lost







.
But its still a fast system regardless and faster than ryzen in gaming with a patch , and soon enough the browser will be outfitted better with patches and so will the Antivirus so we may be able with a slight risk to remove the patches from the os. There is going to be a fix Im sure , if not intel will just sink because no one is going to go out and got buy a flawed cpu and we will be all riding our rigs for a few years if so. Lets wait and see I'm sure there's plenty of option to work around what happened if not Cannolake is definitely taking a hit and if software is the only fix to get performance back believe that intel is going to make it happen or they're going to have to bribe a lot of review sites to give em good reviews at that point


----------



## e-gate

Quote:


> Originally Posted by *the_real_7*
> 
> Good Reading above guys all very valid points. I just upgraded on Christmas to my 8700k rig so this news hit home hard being i was on a 7700k @ 50. Whatever gain I had i lost
> 
> 
> 
> 
> 
> 
> 
> .
> But its still a fast system regardless and faster than ryzen in gaming with a patch , and soon enough the browser will be outfitted better with patches and so will the Antivirus so we may be able with a slight risk to remove the patches from the os. There is going to be a fix Im sure , if not intel will just sink because no one is going to go out and got buy a flawed cpu and we will be all riding our rigs for a few years if so. Lets wait and see I'm sure there's plenty of option to work around what happened if not Cannolake is definitely taking a hit and if software is the only fix to get performance back believe that intel is going to make it happen or they're going to have to bribe a lot of review sites to give em good reviews at that point


Your Coffee didn't suddenly downgraded to Sandy Bridge. The whole situation is bad but your gaming performance shall remain almost the same. CFL is still faster than Ryzen in gaming this didn't change. Trust to Intel broken yes but reading some people over dramatise it saying they will sell their rig etc is ridiculous. This is what happen with hidden flaws/backdroors/security issues. Today was Intel tomorrow will be AMD or someone else. You just never know what every company hides.
Patch your system remain calm and enjoy your rig which will perform more or less the same and on your next upgrade reconsider what you gonna buy.


----------



## SavantStrike

Quote:


> Originally Posted by *e-gate*
> 
> Your Coffee didn't suddenly downgraded to Sandy Bridge. The whole situation is bad but your gaming performance shall remain almost the same. CFL is still faster than Ryzen in gaming this didn't change. Trust to Intel broken yes but reading some people over dramatise it saying they will sell their rig etc is ridiculous. This is what happen with hidden flaws/backdroors/security issues. Today was Intel tomorrow will be AMD or someone else. You just never know what every company hides.
> Patch your system remain calm and enjoy your rig which will perform more or less the same and on your next upgrade reconsider what you gonna buy.


I think the issue here us that launched coffee lake knowing this vulnerability existed. They might have even known about it when they released skylake-x.

They paper launched coffee lake to try and deflate AMD Q4 sales, and now it comes out that they did so with a known (major) security flaw. I hope that news outlets point this out.


----------



## e-gate

Quote:


> Originally Posted by *SavantStrike*
> 
> I think the issue here us that launched coffee lake knowing this vulnerability existed. They might have even known about it when they released skylake-x.
> 
> They paper launched coffee lake to try and deflate AMD Q4 sales, and now it comes out that they did so with a known (major) security flaw. I hope that news outlets point this out.


It's something that can't be fixed with a new hardware revision. It needs a redesign of the whole architecture, something that needs 3-4 years at least.
Security holes are being discovered all the time in Windows does that mean that MS stops selling licenses because of this? No. Same goes for smartphones.
Intel knew but there was nothing to do except from patches and a dealing with a public outcry. It's not like they could pop a new architecture out of nowhere and cancelling new CPU lines is suicide for a company like Intel.


----------



## GroinShooter

Quote:


> Originally Posted by *Gdourado*
> 
> My question in all this is should I put my Z170 and 6700k for sale at a loss and then fork up the cash for a Ryzen system? This is just for gaming. Nothing else.


Quote:


> Originally Posted by *Gdourado*
> 
> I am not really worried about the hacks.
> I am worried about losing performance.
> About having my system go back 2 or 3 years in upgrades.
> I have been building and upgrading my system for a few generations and I was always seeking gains, benchmarking, trying to get the best bang for the buck upgrades and such.
> My last upgrade was from a Z68 and 3770k to a Z170 and 6700k.
> Not revolution performance upgrade, but after having sold my 3770k parts, the difference was small in cost and I got better performance.
> 
> Now, my 6700k will be handicaped in performance by some security fixes and patches and all my research, deal hunting, upgrades, are basically thrown out the windows!
> I am having a really hard time accepting that!


Well you said "*This is just for gaming. Nothing else.*" and that statement alone answers your question, no, please don't do it. If you'd switch you'd lose both money and gaming performance in moving over to current Ryzen. Just stick with your current Z170/6700K setup and you'll be fine, even when the patches start to roll. Patched 6700K is still faster than any current Ryzen in raw gaming performance. Wait for Ryzen+ if you absolutely need to switch.


----------



## Gdourado

Quote:


> Originally Posted by *the_real_7*
> 
> Good Reading above guys all very valid points. I just upgraded on Christmas to my 8700k rig so this news hit home hard being i was on a 7700k @ 50. Whatever gain I had i lost
> 
> 
> 
> 
> 
> 
> 
> .
> But its still a fast system regardless and faster than ryzen in gaming with a patch , and soon enough the browser will be outfitted better with patches and so will the Antivirus so we may be able with a slight risk to remove the patches from the os. There is going to be a fix Im sure , if not intel will just sink because no one is going to go out and got buy a flawed cpu and we will be all riding our rigs for a few years if so. Lets wait and see I'm sure there's plenty of option to work around what happened if not Cannolake is definitely taking a hit and if software is the only fix to get performance back believe that intel is going to make it happen or they're going to have to bribe a lot of review sites to give em good reviews at that point


Same here.
Had 3770k.
Switched to 6700k.
Gained 200mhz in overclock and supposed gained between 15 to 25% in ipc...
Now performance is thrown back 30%...
Whatever I gained I will lose with a simple patch!
This is so frustrating.
My pc gaming and rig building, planing and upgrading is my hobby.
Now I just feel it is all broken!


----------



## GroinShooter

Quote:


> Originally Posted by *Gdourado*
> 
> Same here.
> Had 3770k.
> Switched to 6700k.
> Gained 200mhz in overclock and supposed gained between 15 to 25% in ipc...
> Now performance is thrown back 30%...
> Whatever I gained I will lose with a simple patch!
> This is so frustrating.
> My pc gaming and rig building, planing and upgrading is my hobby.
> Now I just feel it is all broken!


Where do you pull this magical number of 30% from, it's already been shown that the performance degradation in gaming is more or less negligible. Just play your games and you'll see.


----------



## cekim

Quote:


> Originally Posted by *Gdourado*
> 
> Same here.
> Had 3770k.
> Switched to 6700k.
> Gained 200mhz in overclock and supposed gained between 15 to 25% in ipc...
> Now performance is thrown back 30%...
> Whatever I gained I will lose with a simple patch!
> This is so frustrating.
> My pc gaming and rig building, planing and upgrading is my hobby.
> Now I just feel it is all broken!


Quote:


> Originally Posted by *GroinShooter*
> 
> Where do you pull this magical number of 30% from, it's already been shown that the performance degradation in gaming is more or less negligible. Just play your games and you'll see.


I've been trying to get that through to him...

He's mourning a 30% loss that doesn't exist.

It was a BS guess taken from a very early observation of a specific functionality that has indeed slowed down, but does not reflect application performance. Unfortunately, in this era of fake news, its been repeated often enough that its now true for some people...


----------



## SavantStrike

Quote:


> Originally Posted by *e-gate*
> 
> It's something that can't be fixed with a new hardware revision. It needs a redesign of the whole architecture, something that needs 3-4 years at least.
> Security holes are being discovered all the time in Windows does that mean that MS stops selling licenses because of this? No. Same goes for smartphones.
> Intel knew but there was nothing to do except from patches and a dealing with a public outcry. It's not like they could pop a new architecture out of nowhere and cancelling new CPU lines is suicide for a company like Intel.


If your product has a major flaw and you know about it, have the patches ready at launch. AIBs are scrambling right now.

Intel didn't want this souring CPU sales so they intentionally ignored it and launched without any microcode update, no communication to AIBs - nothing was said.

This wouldn't have been nearly as big a deal of they handled it right, and I'm not suggesting something as drastic as cancelling a product line.


----------



## cekim

Quote:


> Originally Posted by *SavantStrike*
> 
> IThis wouldn't have been nearly as big a deal of they handled it right, and I'm not suggesting something as drastic as cancelling a product line.


The patches aren't even complete NOW.

Since about May 2017 from all information I've seen, a proof of concept showing a viable exploit has been known. So, think about what that covers this year in terms of product releases?

That would have meant they would not have launched SKY, KBY or COFFE until February to meet your bar.

Again, I would have to agree that would have been the right thing to do, but it is indeed, for all intents and purposes canceling at lest KabyLake entirely...

20/20 hindsight has to be kept in perspective but, I and many others suspect this made a costly loss of market monopoly to Epyc and Ryzen much, much more costly than it already was, so they rolled the dice.... we'll see how it comes out.


----------



## e-gate

https://www.theverge.com/2018/1/9/16868290/microsoft-meltdown-spectre-firmware-updates-pc-slowdown

Oh this is gonna be fun. 2018 started very good.


----------



## cekim

Quote:


> Originally Posted by *e-gate*
> 
> https://www.theverge.com/2018/1/9/16868290/microsoft-meltdown-spectre-firmware-updates-pc-slowdown
> 
> Oh this is gonna be fun. 2018 started very good.


Ah, just what we needed, more vaguery!!!









(disclaimer: we did not need more vaguery)


----------



## Quantum Reality

Quote:


> Originally Posted by *e-gate*
> 
> https://www.theverge.com/2018/1/9/16868290/microsoft-meltdown-spectre-firmware-updates-pc-slowdown
> 
> Oh this is gonna be fun. 2018 started very good.


_"Windows 7 or Windows 8 running on Haswell or older CPUs means "most users will notice a decrease in system performance"_

And this would have zero to do with the way MS has been pushing users to Windows 10 by means fair and foul, now would it?


----------



## Disharmonic

Quote:


> Originally Posted by *cekim*
> 
> This is good advice. If you can wait, wait. Between shoddy patching of AMD and the unknowns of Specter, it will be a while before there is hardware on the market that is "known good" and software that knows how to not cripple it...


Care to elaborate what shoddy patching you are referring to? AMD is not affected at all by Meltdown and is the least affected by Spectre so far(This could change if/when more related attacks are discovered in the future).
Anyway, I'm personally going to be switching to Zen soon, as gaming is only a secondary concern for me.


----------



## cekim

Quote:


> Originally Posted by *Disharmonic*
> 
> Care to elaborate what shoddy patching you are referring to? AMD is not affected at all by Meltdown and is the least affected by Spectre so far(This could change if/when more related attacks are discovered in the future).
> Anyway, I'm personally going to be switching to Zen soon, as gaming is only a secondary concern for me.


Their patch broke various AMD setups requiring you to revert it.


----------



## Disharmonic

If you're referring to this https://support.microsoft.com/en-us/help/4073707/windows-os-security-update-block-for-some-amd-based-devices then the patch was made by MS, but they blame the documentation AMD provided them(for those fairly old systems even though that's not an excuse). Afaik there's no official response from AMD on this.


----------



## Offler

Quote:


> Originally Posted by *Disharmonic*
> 
> If you're referring to this https://support.microsoft.com/en-us/help/4073707/windows-os-security-update-block-for-some-amd-based-devices then the patch was made by MS, but they blame the documentation AMD provided them(for those fairly old systems even though that's not an excuse). Afaik there's no official response from AMD on this.


Actually it does not need to:
https://blogs.technet.microsoft.com/ralphkyttle/2018/01/05/verifying-spectre-meltdown-protections-remotely/

Comments are quite interesting. Also my own experience with the Meltdown patch:
Quote:


> Speculation control settings for CVE-2017-5754 [rogue data cache load]
> 
> Get-WmiObject : The term 'Get-WmiObject' is not recognized as the name of a cm
> et, function, script file, or operable program.
> Check the spelling of the name, or if a path was included, verify that the pat
> is correct and try again.
> At C:\Program Files\PowerShell\Modules\SpeculationControl\1.0.1\SpeculationCon
> ol.psm1:122 char:16
> + $cpu = Get-WmiObject Win32_Processor
> + ~~~~~~~~~~~~~
> + CategoryInfo : ObjectNotFound: (Get-WmiObject:String) [], CommandNo
> oundException
> + FullyQualifiedErrorId : CommandNotFoundException


Its simply full of bugs.


----------



## tpi2007

Tom's Hardware giving Intel and Microsoft a hand by distorting Microsoft's already vague words on the generally favourable to Intel article:

http://www.tomshardware.com/news/microsoft-intel-slowdown-old-chips,36293.html
Quote:


> According to the company, machines running Windows 7 and 8, as well as computers based on Haswell chips or older, will see *"significant slowdowns"* from the update.


Quote:


> Microsoft said that it expects most users of Windows 7 and 8 to see a *significant drop in performance* on their computers after the Meltdown and Spectre patches are applied.


(Bold for emphasis)

That is NOT what Microsoft said. This is:
Quote:


> With Windows 8 and Windows 7 on older silicon (2015-era PCs with Haswell or older CPU), we expect most users to notice *a decrease in system performance*.


Where's the "significant"?

Another distortion:
Quote:


> No matter which version of Windows, machines that use 2015-era Haswell CPUs or older will experience "significant slowdowns," according to Microsoft.


This is not true and is putting everything in the same bag. They mention this:
Quote:


> With Windows 10 on older silicon (2015-era PCs with Haswell or older CPU), some benchmarks show more significant slowdowns, and we expect that some users will notice a decrease in system performance.


https://cloudblogs.microsoft.com/microsoftsecure/2018/01/09/understanding-the-performance-impact-of-spectre-and-meltdown-mitigations-on-windows-systems/

So, _some_ and _benchmarks_. Some, meaning not all, and benchmarks, which in many cases artificially over inflate the real world performance impact. And then it says, logically, that only _some_ users will notice a decrease in system performance. But according to TH, it's significant handed out on a plate to everybody on Haswell and earlier.

Edit: Oh, and of course, if you had any doubts as to the intent of the article, this is the last paragraph:
Quote:


> Microsoft and Intel's message today seems clear: it's time to upgrade.


Seriously? Upgrade now, when we don't know the full scope of the problem and when patches are still being delivered and when we don't have actual benchmarks for everything yet? Some critical thinking journalism at the end instead of that last paragraph would have been better appreciated.


----------



## The L33t

I'd say anything that is noticeable is significant.


----------



## guttheslayer

Quote:


> Originally Posted by *tpi2007*
> 
> Tom's Hardware giving Intel and Microsoft a hand by distorting Microsoft's already vague words on the generally favourable to Intel article:
> 
> http://www.tomshardware.com/news/microsoft-intel-slowdown-old-chips,36293.html
> That is NOT what Microsoft said. This is:
> Where's the "significant"?
> 
> Another distortion:
> This is not true and is putting everything in the same bag. They mention this:
> https://cloudblogs.microsoft.com/microsoftsecure/2018/01/09/understanding-the-performance-impact-of-spectre-and-meltdown-mitigations-on-windows-systems/
> 
> So, _some_ and _benchmarks_. Some, meaning not all, and benchmarks, which in many cases artificially over inflate the real world performance impact. And then it says, logically, that only _some_ users will notice a decrease in system performance. But according to TH, it's significant handed out in a plate to everybody on Haswell and earlier.
> 
> Edit: Oh, and of course, if you had any doubts as to the intent of the article, this is the last paragraph:
> Seriously? Upgrade now, when we don't know the full scope of the problem and when patches are still being delivered and when we don't have actual benchmarks for everything yet?


Screw their upgrade. It is time intel face lawsuit.

Who is sueing them? In fact all companies with database server should!


----------



## cfu97

Quote:


> Originally Posted by *cekim*
> 
> Particularly for gaming since there has been so little impact thus far, whatever you do, don't do it because a talking head said your computer is 30% slower. Do it because it actually is and you've measured it being 30% slower. Hint: it isn't. Not even close. You are not 3 generations back in performance.
> Yes, that is correct - the Meltdown exploit in particularly presents a relatively easy exploit to passwords and unencrypted sensitive data that would otherwise be impossible to see by malware. This memory is intended to be inaccessible by the user via any means, but this exploit has made it possible to ask for memory the requester is explicitly not allowed to see and despite the CPU ultimately denying the request, the data can still be extracted by the malware.
> 
> So, you can type your password into a box that is using SSL to communicate with the server, but malware can read the unencrypted version as you type and pass it to someone else.
> This is good advice. If you can wait, wait. Between shoddy patching of AMD and the unknowns of Specter, it will be a while before there is hardware on the market that is "known good" and software that knows how to not cripple it...


Browser and windows update enough to protect?


----------



## cekim

Quote:


> Originally Posted by *cfu97*
> 
> Browser and windows update enough to protect?


Depends on your processor and windows setup, but that's where you should be headed and the best you can do right now.

Most of my machines and concerns are linux, so while I've been paying attention to windows, others may have broader/better experience there.

MSFT is pushing out patches (and you can do OS-level micro-code updates) on a rolling basis as usual - they don't update every PC on the planet at the same time. There may be BIOS level updates as well, though most if not all of that _should_ eventually get pushed out in a windows update as well. To check to see where your machine stands - take a look at things like this:
https://www.windowscentral.com/how-check-if-your-pc-still-vulnerable-meltdown-and-spectre-exploits

Depending on the age of your CPU and your windows configuration, this may have happened automatically, or it may not. That page walks through the "how to check".

You may have to either manually update your micro-code or update your BIOS if/when your MB manufacturer provides an update. You can update your micro-code from within windows provided Intel has released a micro-code file for your processor... I'll add a link in a minute...

Check your MB manufacturer for a bios update first. That might be easier. If not (this is a better source):
http://forum.notebookreview.com/threads/how-to-update-microcode-from-windows.787152/


----------



## GeneO

Quote:


> Originally Posted by *cekim*
> 
> 20/20 hindsight has to be kept in perspective but, I and many others suspect this made a costly loss of market monopoly to Epyc and Ryzen much, much more costly than it already was, so they rolled the dice.... we'll see how it comes out.


rolled the dice and cashed in their chips.


----------



## cekim

Quote:


> Originally Posted by *GeneO*
> 
> rolled the dice and cashed in their chips.


To quote Kenny Rogers, "You never count your money., when your sittin' at the table. There'll be time enough for countin' when the dealin's done."

The cost of this decision could not be more TBD than it is at this moment.

Layers will lawyer, regulators will peddle influence, er, I mean regulate, and AMD has to keep bringin' it. Any one or all of those could present Intel with a steep final tally.


----------



## cfu97

Quote:


> Originally Posted by *cekim*
> 
> Depends on your processor and windows setup, but that's where you should be headed and the best you can do right now.
> 
> Most of my machines and concerns are linux, so while I've been paying attention to windows, others may have broader/better experience there.
> 
> MSFT is pushing out patches (and you can do OS-level micro-code updates) on a rolling basis as usual - they don't update every PC on the planet at the same time. There may be BIOS level updates as well, though most if not all of that _should_ eventually get pushed out in a windows update as well. To check to see where your machine stands - take a look at things like this:
> https://www.windowscentral.com/how-check-if-your-pc-still-vulnerable-meltdown-and-spectre-exploits
> 
> Depending on the age of your CPU and your windows configuration, this may have happened automatically, or it may not. That page walks through the "how to check".
> 
> You may have to either manually update your micro-code or update your BIOS if/when your MB manufacturer provides an update. You can update your micro-code from within windows provided Intel has released a micro-code file for your processor... I'll add a link in a minute...
> 
> Check your MB manufacturer for a bios update first. That might be easier. If not (this is a better source):
> http://forum.notebookreview.com/threads/how-to-update-microcode-from-windows.787152/


And expect 30% performance drop while Intel doesn't really do anything like recall?


----------



## Forceman

Quote:


> Originally Posted by *cfu97*
> 
> And expect 30% performance drop while Intel doesn't really do anything like recall?


As has been pointed out many times, it isn't 30% for typical consumer workloads. And what would you like to see from a recall? This is Intel's architecture, they can't just whistle up a couple of million compeletely redesigned replacement chips in couple of weeks. Even if they wanted to replace every affected chip it wouldn't be physically possible to fab that many - you are talking about years worth of production here.


----------



## Mysticial

Quote:


> Originally Posted by *cfu97*
> 
> And expect 30% performance drop while Intel doesn't really do anything like recall?


A recall of this scale isn't possible from a practical standpoint:

Older chips aren't even in production anymore. The 45nm, 65nm fabs probably don't even exist anymore (upgraded to newer process).
For newer chips, there's no way they can possibly meet such a large demand.
IOW, it's not possible for Intel to provide the entire world with drop-in replacements of fixed chips. And if you were to force it on them along with the secondary costs of labor and replacement of motherboards, etc... they would simply go bankrupt.

As much as everybody hates Intel for various reasons ranging from pigeon poop to market stagnation, I think most of us can agree that it's better Intel exist than not.


----------



## cfu97

Quote:


> Originally Posted by *Forceman*
> 
> As has been pointed out many times, it isn't 30% for typical consumer workloads. And what would you like to see from a recall? This is Intel's architecture, they can't just whistle up a couple of million compeletely redesigned replacement chips in couple of weeks. Even if they wanted to replace every affected chip it wouldn't be physically possible to fab that many - you are talking about years worth of production here.


There are many lawsuits against Intel now, so expects Intel to close down?


----------



## tpi2007

Quote:


> Originally Posted by *cfu97*
> 
> Quote:
> 
> 
> 
> Originally Posted by *Forceman*
> 
> As has been pointed out many times, it isn't 30% for typical consumer workloads. And what would you like to see from a recall? This is Intel's architecture, they can't just whistle up a couple of million compeletely redesigned replacement chips in couple of weeks. Even if they wanted to replace every affected chip it wouldn't be physically possible to fab that many - you are talking about years worth of production here.
> 
> 
> 
> There are many lawsuits against Intel now, so expects Intel to close down?
Click to expand...

They are

Too big to fail™.

I'd say that they will most probably have to give back some money to all buyers who purchased affected Intel CPUs after June 2017, when Intel was informed of the problems.

That will surely include Broadwell-E and Kaby Lake and probably also Skylake and Haswell-E as they were still on sale in some stores (some still are to this day), and, of course, Skylake-X, Kaby Lake-X and Coffee Lake. It will probably be around 10%-15% of the purchase price of the CPU and motherboard as Intel already knew that those CPUs would have lowered performance in some instances once the problems were to be disclosed and thus people bought CPUs and motherboards with published performance metrics that were not accurate. It will probably end up like the GTX 970 case.

They will lose some money, I think that much is inevitable. Right now, if I were them, I'd be focusing on paying motherboard and OS makers the required money for them to provide the mitigating patches that can technically be made for all architectures from the last ten years (I'd prefer if they patched everything that can possibly be patched down to the Core 2 Duo as those systems are still relevant and used) and stay absolutely away of any implied intention of hardware obsolescence. Even if it costs them a billion dollars. As big as that figure sounds, it's not that much for them and certainly not much when their brand image as a whole is at stake.


----------



## Maelthras

I am very curious what would have happened to the market between AMD and Intel if Intel never had the performance gain that they got for not covering this attack vector. I have heard tons of rumors that it would have a significant hit on the IPC, somewhere in the range of 30%. Intel could have done this purposely knowing the performance hit they would take by securing this. And thus dominated the market in performance because they purposely left this out all the way back since 1995. This is mind blowing, and servers are going to be taking the hugest hit they've ever encountered.

Here is a cpu review from 2012, after amd released bulldozer. It shows that intel had roughly 20-30 better performance.


----------



## cekim

Quote:


> Originally Posted by *cfu97*
> 
> And expect 30% performance drop while Intel doesn't really do anything like recall?


See above, this claim is invalid...

It is amazing to me how much faster misinformation spreads than information, but then I see article after article written by people who have no idea what they are talking about pretending that they do, so I guess I should not be surprised.
Quote:


> Originally Posted by *cfu97*
> 
> There are many lawsuits against Intel now, so expects Intel to close down?


To be honest, I expect a class action settlement that will make a small group of lawyers very wealthy... What exactly consumers will get out of it remains to be seen, but see above, 30% is a flatly invalid claim, so the question will be valuation of the actual performance drop, misleading statements where demonstrated, etc...

At the end of the day, at a minimum, I expect this to cost Intel a boatload of money in marketing, lost contracts, claw-backs, cost of lawyers, sales shifting to AMD and ARM based solutions, etc...

I don't expect them to go out of business, they have the cash reserves to settle any class action and share-holder lawsuits come and see above, the media will spread their PR as mindlessly as they are spreading misinformation now, so patches, a few bucks a head in a class action suit, a pile of money to lawyers and 18 months from now the only question is what Intel has to do to win back trust and are they willing to?

They drove their brand to the very edge of abuse of their consumers leveraging their market dominance and now they've got a monstrous vat of egg on their face. You see what AMD has to do in terms of undercutting price to compete - I expect that to change to some degree or the other. How much remains to be seen. Intel is looking at least one generation, perhaps more of chips about to come out that haven't addressed these issues in hardware. Given that, they can't charge the premiums they have in the past.


----------



## cekim

Quote:


> Originally Posted by *Maelthras*
> 
> I am very curious what would have happened to the market between AMD and Intel if Intel never had the performance gain that they got for not covering this attack vector. I have heard tons of rumors that it would have a significant hit on the IPC, somewhere in the range of 30%.


Lol... and it goes on... You should be more curious about the actual impact first.


----------



## guttheslayer

Quote:


> Originally Posted by *Mysticial*
> 
> A recall of this scale isn't possible from a practical standpoint:
> 
> Older chips aren't even in production anymore. The 45nm, 65nm fabs probably don't even exist anymore (upgraded to newer process).
> For newer chips, there's no way they can possibly meet such a large demand.
> 
> As much as everybody hates Intel for various reasons ranging from pigeon poop to market stagnation, I think most of us can agree that it's better Intel exist than not.


I rather intel goes bankrupt and get acquired by others like samsung etc, so that their so called 10nm leading fab process can be manufactured on other silicon like GPU etc and finally the world can enjoy a fruitful progression.

No in fact i very much hope intel bankrupt now. They screw the world with 10 years of stagnation. They Deserved every single bit of it


----------



## cekim

Quote:


> Originally Posted by *guttheslayer*
> 
> I rather intel goes bankrupt and get acquired by others like samsung etc, so that their so called 10nm leading fab process can be manufactured on other silicon like GPU etc and finally the world can enjoy a fruitful progression.
> 
> No i very much hope intel bankrupt now. They screw the world with 10 years of stagnation. Deserving every single bit of it


The enemy of my enemy is not my friend. Samsung is already a beast in the market, be very, very careful what you ask for... Scratch that, just don't even say that out-loud. You don't want it.







Did you miss all the South Korean scandals? http://www.bbc.com/news/business-39191196

I'd rather see a healthy market with more competitors for computes and much more evenly distributed capability and market share.

With cloud doing what it is doing (intentionally become hardware agnostic) and process node technology approaching asymptotes already, I think we were already going to see that, but this will likely accelerate it.


----------



## tpi2007

Quote:


> Originally Posted by *guttheslayer*
> 
> I rather intel goes bankrupt and get acquired by others like samsung etc, so that their so called 10nm leading fab process can be manufactured on other silicon like GPU etc and finally the world can enjoy a fruitful progression.
> 
> No in fact i very much hope intel bankrupt now. They screw the world with 10 years of stagnation. They Deserved every single bit of it


Samsung? Unless you live in South Korea, where the law gives people more rights, Samsung's Android smartphones ship with first party bloatware and crapware that you can't even disable, let alone uninstall. Interestingly enough, you can disable almost all of Google's services. Quite ironic.

Also, their Magician SSD Software, which is required for some functions in some models, has telemetry that you can't turn off, Microsoft style.

In a nutshell, as cekim said, be careful what you wish for and no thanks.


----------



## Vlada011

*Guys who agree that customers with Z87, Z97, Z170, Z270, Z370, X99, X299 give signature and Sue Intel and demand new generation of processors completely fixed within 12 months period and they should be happy if we cover cost of new motherboards. Because we have 400-500-600 or 750 euro worth motherboards + different waterblocks, monoblocks, etc and we need to change everything.
*

Please Intel fanboys, sons of Rockfeller and owner of Shell Industry, owners of sites who are payed for damage control on forums to stay out of comments.
We could easy collect several thousands sign and sue Intel. Our Intel could buy us Threadripper, we will pay motherboard. And they should be happy with that because we don't ask motherboards. Because CPU FAIL mean MOTHERBOARD-MEMORY FAIL.. MEMORY COULD BE USED MAYBE MOBO NOT.
THAT MEAN INVESTMENT. They want to people who bought new CPU in 2015-2016-2017 pay everything new in 2018 or deal with performance loss.
They can do this than every 10 years and profit 3 times more than usually.

They turn IT WORLD UPSIDE DOWN. LITTERARY.
If only MS Update patch automatic after I revert system to Basic form of Win 10 I will personaly sue Intel, alone for performance loss.
Only if I recognize among updates specific number of patch who cripple my Image Editing performance for 40%.

Half of people who bought these new shiny 10 cores i9 bought because Image Editing.
Many owners of X99 and X299, gamers mostly used Z170 and Z270. That mean if someone work Image Editing for other people who don't have computers or they have weak computers they could profite much less daily because need more time. 30-40% less profit daily.

People lose data from computers, pictures, music, movies because Windows 10 not work normal after 100 versions and informations of patches throug BIOS, throught OS, through scripts. Some of people don't even know what they do, after every update system work slower.
Best example and compare of this is to someone install steel plates on car and engine to stay same without improvemens for tone of metal more than planned.
Off course he will be far slower. How much? slower and slower, because they will continue to change codes and add new secutiry improvements. They can't finish with one patch whole security update. That's fact. That must be change every month or two.
Cripple performance of GPU with driver is joke compare to this.


----------



## guttheslayer

Quote:


> Originally Posted by *Vlada011*
> 
> *Guys who agree that customers with Z87, Z97, Z170, Z270, Z370, X99, X299 give signature and Sue Intel and demand new generation of processors completely fixed within 12 months period and they should be happy if we cover cost of new motherboards. Because we have 400-500-600 or 750 euro worth motherboards + different waterblocks, monoblocks, etc and we need to change everything.
> *
> 
> Please Intel fanboys, sons of Rockfeller and owner of Shell Industry, owners of sites who are payed for damage control on forums to stay out of comments.
> We could easy collect several thousands sign and sue Intel. Our Intel could buy us Threadripper, we will pay motherboard. And they should be happy with that because we don't ask motherboards. Because CPU FAIL mean MOTHERBOARD-MEMORY FAIL.. MEMORY COULD BE USED MAYBE MOBO NOT.
> THAT MEAN INVESTMENT. They want to people who bought new CPU in 2015-2016-2017 pay everything new in 2018 or deal with performance loss.
> They can do this than every 10 years and profit 3 times more than usually.
> 
> They turn IT WORLD UPSIDE DOWN. LITTERARY.
> If only MS Update patch automatic after I revert system to Basic form of Win 10 I will personaly sue Intel, alone for performance loss.
> Only if I recognize among updates specific number of patch who cripple my Image Editing performance for 40%.
> 
> Half of people who bought these new shiny 10 cores i9 bought because Image Editing.
> Many owners of X99 and X299, gamers mostly used Z170 and Z270. That mean if someone work Image Editing for other people who don't have computers or they have weak computers they could profite much less daily because need more time. 30-40% less profit daily.
> 
> People lose data from computers, pictures, music, movies because Windows 10 not work normal after 100 versions and informations of patches throug BIOS, throught OS, through scripts. Some of people don't even know what they do, after every update system work slower.
> Best example and compare of this is to someone install steel plates on car and engine to stay same without improvemens for tone of metal more than planned.
> Off course he will be far slower. How much? slower and slower, because they will continue to change codes and add new secutiry improvements. They can't finish with one patch whole security update. That's fact. That must be change every month or two.
> Cripple performance of GPU with driver is joke compare to this.


Just downgrade to window 7 and dont do any new patch update.


----------



## Vlada011

I don't want Windows 7. There is no new drivers for Windows 7.
Windows 7 not support DX12 and other things.
I want Windows 10 WITHOUT PERFORMANCE LOST.
I don't want Automatic update of patch.

Only abnormal person is capable to read every day news about news stuff, to compare, measure, read information about External HDDs, USB Flash Drivers, SATA III SSD's, NVMe M.2 to invest in 5% better model to pay much more for small performance difference and than calm down with fact that will lose unknown huge % of performance without instant switch to AMD and never again invest in Intel or decision to sue them.

Can someone to write number of patches, I mean on fix for only part of Intel security problem who will take half performance of your PC during 2018.
I want to know if my system update that patch without permission to uninstall him and forbiden him for further update.
I don't care if my PC infect others, could sue me because I didn't want to agree with performance loss.

To back on Windows 7. Nice proposition, what will be with Kaby Lake owners who work only on Windows 10.
Maybe is better to search for Windows XP and keep him until 2020 and next plan for upgrade.

Instantly, I would not wait 2 days, I would bought Threadripper now on place of people who could afford.
Without any thinking this would be my last Intel platform no matter on 180% higher performance than AMD in future.
Because they do such things after precise estimate of market and reaction of people. On planet earth no one could swallow such stupid things, excuses or invest thousands dollars without explanatio as IT Enthusisats. You will not such behavior on any other places and companies are responsible what they do.
From other side Intel learn to people cover with own money their mistakes and NVIDIA.


----------



## Curvy Groyper

I just want to say one thing,I will never buy any Intel product ever again.Intel sold me Coffee Lake after they were fully aware of Meltdown.Intel is bunch of greedy lying scammers.They tried to funk me over,and I am not the type of person who forgives or forgets easily.


----------



## Advil000

And there is still one of the three vulnerabilities that affect Intel, AMD and Qualcomm. Intel is just the most affected of the bunch, and apparently knew about this for a while. They should have halted production when they found out about this. Yes. No argument there.

But lets get down to brass tacks. Ok, maybe on desktop systems we will see anywhere from 2-10% from this thing depending on what you are doing.

But there's still the fact that these vulnerabilities exist.

Many of us just bought new Coffee lake or Kaby Lake systems in the last 6 months.

It's not just that the performance drop is minor. What about resale value of our hardware? I sell off and upgrade every 6 months to a year as an enthusiast user.

The very moment a "fixed" chip hits the market from Intel or AMD, what is the value of our current hardware going to be on the market? To be frank, no one is going to want to pay what would be a normal price for last gen systems. We are taking a massive depreciation on this, we just don't know exactly HOW bad yet.

I'm having a hard time believing that Intel doesn't owe us at least 50% of the value of our CPU's and Motherboards. Vouchers to get the next gen hardware at about half off street price is going to be about the only way I can imagine not taking a bath on the hardware I just purchased.

And mind you, I'd even have a different perspective on this if they hadn't openly launched Coffee Lake AFTER finding out about this. Yes, they CAN get away with it, but it's just ethically bankrupt. (It's also insane that AMD and ARM based CPU makers didn't say a work either. The whole thing makes you look at the CPU industry and feel like you just swam in crud.)


----------



## Vlada011

Quote:


> Originally Posted by *Midnight ***per*
> 
> I just want to say one thing,I will never buy any Intel product ever again.Intel sold me Coffee Lake after they were fully aware of Meltdown.Intel is bunch of greedy lying scammers.They tried to funk me over,and I am not the type of person who forgives or forgets easily.


Me to, I'm very revengable person and when something like that happen I try to make us much possible damage to someone who screw me up.
Coffee Lake was first Intel new mainstream CPU after long time. It was time after Ivy Bridge to implement 6 cores.
Now no one think on GPUs, On other hardware only what to do with crippled system.

My Image editing score drop from 196.000 to 138.000 but now is 122.000.
But all of us together should turn against Intel now united.
Are you aware that benchmark table mean nothing any more. Slower CPU is faster if no security patch.
AMD advertised as slower now is faster and people are lead in fallacy, that's crime in norma world.
Leading people in fallacy with information that Coffee Lake is super upper new CPU and in mean time debate how to tell world about losing performance is crime.


----------



## guttheslayer

Quote:


> Originally Posted by *Advil000*
> 
> And there is still one of the three vulnerabilities that affect Intel, AMD and Qualcomm. Intel is just the most affected of the bunch, and apparently knew about this for a while. They should have halted production when they found out about this. Yes. No argument there.
> 
> But lets get down to brass tacks. Ok, maybe on desktop systems we will see anywhere from 2-10% from this thing depending on what you are doing.
> 
> But there's still the fact that these vulnerabilities exist.
> 
> Many of us just bought new Coffee lake or Kaby Lake systems in the last 6 months.
> 
> It's not just that the performance drop is minor. What about resale value of our hardware? I sell off and upgrade every 6 months to a year as an enthusiast user.
> 
> The very moment a "fixed" chip hits the market from Intel or AMD, what is the value of our current hardware going to be on the market? To be frank, no one is going to want to pay what would be a normal price for last gen systems. We are taking a massive depreciation on this, we just don't know exactly HOW bad yet.
> 
> I'm having a hard time believing that Intel doesn't owe us at least 50% of the value of our CPU's and Motherboards. Vouchers to get the next gen hardware at about half off street price is going to be about the only way I can imagine not taking a bath on the hardware I just purchased.
> 
> And mind you, I'd even have a different perspective on this if they hadn't openly launched Coffee Lake AFTER finding out about this. Yes, they CAN get away with it, but it's just ethically bankrupt. (It's also insane that AMD and ARM based CPU makers didn't say a work either. The whole thing makes you look at the CPU industry and feel like you just swam in crud.)


I cant even forget how intel force end user to delid their cpu so to increase performance and void their warranty. Much less all these security bug fiasco

They deserve bankrupt. I can see other giant not so friendly, but they are definitely better than all the old but FAT fox hiding at the blue camp offices


----------



## Blameless

Quote:


> Originally Posted by *guttheslayer*
> 
> I cant even forget how intel force end user to delid their cpu so to increase performance and void their warranty.


Overclocking in general voids manufacturer warranties. The only difference between a part that hasn't been delidded and one that has when one tries to claim warranty service on something that has been OCed is that the fraud is much easier to detect in the latter case.


----------



## guttheslayer

Quote:


> Originally Posted by *Blameless*
> 
> Overclocking in general voids manufacturer warranties. The only difference between a part that hasn't been delidded and one that has when one tries to claim warranty service on something that has been OCed is that the fraud is much easier to detect in the latter case.


But Amd ryzen didnt do that.

Toothpaste tim also shorten cpu lifespan and consume more power due to leakage, all these can be prevented with a soldered IHS. They didn't because they control the world market. Now i want to see them crumple for their greedy.


----------



## jagdtigger

Quote:


> Originally Posted by *Blameless*
> 
> Overclocking in general voids manufacturer warranties. The only difference between a part that hasn't been delidded and one that has when one tries to claim warranty service on something that has been OCed is that the fraud is much easier to detect in the latter case.


Then why they selling unlocked "k" models? BTW FYI intels toothpaste also affecting r=1 users too. Since its a crappy one it degrades faster thus increases idle and loaded temps whish in turn affecting normal usage as well...


----------



## Gdourado

Quote:


> Originally Posted by *Advil000*
> 
> And there is still one of the three vulnerabilities that affect Intel, AMD and Qualcomm. Intel is just the most affected of the bunch, and apparently knew about this for a while. They should have halted production when they found out about this. Yes. No argument there.
> 
> But lets get down to brass tacks. Ok, maybe on desktop systems we will see anywhere from 2-10% from this thing depending on what you are doing.
> 
> But there's still the fact that these vulnerabilities exist.
> 
> Many of us just bought new Coffee lake or Kaby Lake systems in the last 6 months.
> 
> It's not just that the performance drop is minor. What about resale value of our hardware? I sell off and upgrade every 6 months to a year as an enthusiast user.
> 
> The very moment a "fixed" chip hits the market from Intel or AMD, what is the value of our current hardware going to be on the market? To be frank, no one is going to want to pay what would be a normal price for last gen systems. We are taking a massive depreciation on this, we just don't know exactly HOW bad yet.
> 
> I'm having a hard time believing that Intel doesn't owe us at least 50% of the value of our CPU's and Motherboards. Vouchers to get the next gen hardware at about half off street price is going to be about the only way I can imagine not taking a bath on the hardware I just purchased.
> 
> And mind you, I'd even have a different perspective on this if they hadn't openly launched Coffee Lake AFTER finding out about this. Yes, they CAN get away with it, but it's just ethically bankrupt. (It's also insane that AMD and ARM based CPU makers didn't say a work either. The whole thing makes you look at the CPU industry and feel like you just swam in crud.)


This!
About two weeks ago I finally managed to sell my z68 board and 3770k.
Got 250 euros for that after spending 280 on my z170 plus 6700k.
So I upgraded for 30 euros.
But now that is ruined!
How will I sell my 6700k plus z170 when I want to upgrade!?
And if I hadn't sold my 3770k, how much would it be worth today?
It's Ivy bridge, so it will b impacted hard by the performance drop!
Intel ruined my hobby!


----------



## The L33t

Quote:


> Originally Posted by *Gdourado*
> 
> This!
> About two weeks ago I finally managed to sell my z68 board and 3770k.
> Got 250 euros for that after spending 280 on my z170 plus 6700k.
> So I upgraded for 30 euros.
> But now that is ruined!
> How will I sell my 6700k plus z170 when I want to upgrade!?
> And if I hadn't sold my 3770k, how much would it be worth today?
> It's Ivy bridge, so it will b impacted hard by the performance drop!
> Intel ruined my hobby!


If you are that worried I'd say sell it now for about the same price and go buy a Ryzen 5 1600 + a B350 motherboard for that very same amount.... And do not give it another moments thought, you will be better for it.


----------



## e-gate

I wonder how those of us living in Europe can defend ourselves against Intel. Here there are no mass lawsuits. The option to run to the nearest lawyer firm and file a lawsuit is non existent.
Some of you are angry but you have the money to flip your system and buy another. I just upgraded from 2500K after 7 years.


----------



## cfu97

Quote:


> Originally Posted by *Midnight ***per*
> 
> I just want to say one thing,I will never buy any Intel product ever again.Intel sold me Coffee Lake after they were fully aware of Meltdown.Intel is bunch of greedy lying scammers.They tried to funk me over,and I am not the type of person who forgives or forgets easily.


There is no way Intel didn't know for 20 years. This is a back door hole for US gov for sure. So everyone who uses Intel CPU should be angry. This is just like the windows back door hole few months ago.


----------



## cfu97

Quote:


> Originally Posted by *Gdourado*
> 
> This!
> About two weeks ago I finally managed to sell my z68 board and 3770k.
> Got 250 euros for that after spending 280 on my z170 plus 6700k.
> So I upgraded for 30 euros.
> But now that is ruined!
> How will I sell my 6700k plus z170 when I want to upgrade!?
> And if I hadn't sold my 3770k, how much would it be worth today?
> It's Ivy bridge, so it will b impacted hard by the performance drop!
> Intel ruined my hobby!


A big bug easy to hack hardware should worth almost nothing.


----------



## mrawesome421

lol

This backdoor, that backdoor... cry about it all you wish.

They will continue to exist. Wanna make noise outta something none of us have control over... please.

Even the news of such acts means exactly frack all. Just obey. As if you have a choice in the matter lol.

You ready to stop owning a computer? Didn't think so. And because of that, you WILL agree to no security. Ever.

That's how it goes. And you all know this. Friggin amazing. As if situations like this is 'news'..

#dealwithit


----------



## e-gate

Quote:


> Originally Posted by *mrawesome421*
> 
> lol
> 
> This backdoor, that backdoor... cry about it all you wish.
> 
> They will continue to exist. Wanna make noise outta something none of us have control over... please.
> 
> Even the news of such acts means exactly frack all. Just obey. As if you have a choice in the matter lol.
> 
> You ready to stop owning a computer? Didn't think so. And because of that, you WILL agree to no security. Ever.
> 
> That's how it goes. And you all know this. Friggin amazing.
> 
> #dealwithit


Backdoors and vulnerabilities will continue to exist and already exist in all electronics. Most of them are well hidden or not discovered yet. It's something that AMD users shouldn't jump out of happiness as it may be their turn next time. Smartphones are way worse since they are more widespread than desktops and store way more critical information than a desktop PC.
The outcry this time is mostly due to the performance loss required for the fix. Vulnerabilities are being discovered every day and big one every few months or less but none of them require such performance drop for the fix (which is really fixing part of the of issue).


----------



## cfu97

Quote:


> Originally Posted by *mrawesome421*
> 
> lol
> 
> This backdoor, that backdoor... cry about it all you wish.
> 
> They will continue to exist. Wanna make noise outta something none of us have control over... please.
> 
> Even the news of such acts means exactly frack all. Just obey. As if you have a choice in the matter lol.
> 
> You ready to stop owning a computer? Didn't think so. And because of that, you WILL agree to no security. Ever.
> 
> That's how it goes. And you all know this. Friggin amazing. As if situations like this is 'news'..
> 
> #dealwithit


At least we can buy amd CPU instead of intel


----------



## mrawesome421

Quote:


> Originally Posted by *cfu97*
> 
> At least we can buy amd CPU instead of intel


Buddy, if you honestly think security breaches have a gd thing to do with what brand CPU one uses in this day and age..

Again, you all know this. As well as I do. We all accept it when we choose to run their hardware. Do not cry about it now just because this knowledge has become a top topic in the tech industry. This is pathetically embarrassing. OH, WE WHERE SAFE UP UNTIL NOW??? lol.. listen to yourselves. There is NO SCENARIO where you run a computer with WHATEVER hardware and you're somehow magically immune to attack, weather it be government or outside. You have no right, nor privilege to any sort of freedom or privacy. BUT YOU ALREADY KNOW THIS, don't you?. The Constitution? lololo

Those days are long and gone. Adapt. Figure out a NEW way to fight against what you don't agree with. Crying about "MY RIGHTS" simply isn't going to cut it anymore.

This isn't another episode of Oprah. Or is it? I hear she's running for 2020... lolol


----------



## cfu97

Quote:


> Originally Posted by *mrawesome421*
> 
> Buddy, if you honestly think security breaches have a gd thing to do with what brand CPU one uses in this day and age..
> 
> Again, you all know this. As well as I do. We all accept it when we choose to run their hardware. Do not cry about it now just because this knowledge has become a top topic in the tech industry. This is pathetically embarrassing. OH, WE WHERE SAFE UP UNTIL NOW??? lol.. listen to yourselves.


All Intel CPU is hackable now
It is a fact


----------



## nanotm

i would be surprised if amd hasn't already incorporated such things into their cpu's, a manufacturer would be remiss not to build in any sort of safety valve should their hardware be misused by some maniac intent on causing mass destruction.....

that said if they do amd has not so far as i'm aware ever made a public claim in having done so (unlike intel) and so folks either havent tried to co-opt said backdoor or havent been able to discover it, of course its always possible they just didn't build one in because they didn't think it was necessary... rather doubtfull since they also put fuses into their cpu's (and fuses on cpu's are notthing more than kill switches)

intel started putting thermal fuses into their cpu's to prevent them continuing to catch fire (because of the problems with the p3 cpu's) but the put in electrical fuses as well that can be caused to activate wiht a code switch or computation command or just triggered via the IME..... and since amd has recently started putting its own version of the IME on newer hardware it likely has the exact same "features"

now the real question is are amd just that good or is obscurity and dearth of information and lack of market share the only reason for not getting caught wiht their pants down ?
i suspect its a case that they are just faster at fixing things than intel (who always seem to try and push for extensions to the 90 day period or refuse to acknowledge stuff unless its reported by another tech giant and then still fail to fix things within the 90 day period, spectre/meltdown are just the latest in a series of such blunders)

but regardless the fact that amd is cheaper under TCO is a good enough reason to go for them rather than intel, and even if they have the exact same problems in 6 months time it wont matter because there not charging half as much for their hardware


----------



## Glottis

Quote:


> Originally Posted by *cfu97*
> 
> All Intel CPU is hackable now
> It is a fact


Yes we get it, you are AMD fanboy. How many more worthless single sentence posts are you going to make here?


----------



## The L33t

New Round of benchmarks: The Combined Impact Of Retpoline + KPTI On Ubuntu Linux
*This round of tests were on a Core i9 7980XE, E3-1280 v5, and Core i7 6800K systems.
*

Very very very significant impact even on the top of the line cpu... Apache webserver for instance is hit big time... Not good news, so many websites are served by apache this is going to rape so many companies its not even funny. The alternative NGNIX also very significant impact...

More benches https://www.phoronix.com/scan.php?page=article&item=clear-kpti-retpoline&num=1


----------



## nanotm

Quote:


> Originally Posted by *The L33t*
> 
> New Round of benchmarks: The Combined Impact Of Retpoline + KPTI On Ubuntu Linux
> *This round of tests were on a Core i9 7980XE, E3-1280 v5, and Core i7 6800K systems.
> *
> 
> Very very very significant impact even on the top of the line cpu...
> 
> More benches https://www.phoronix.com/scan.php?page=article&item=clear-kpti-retpoline&num=1


what i dont get is that they claim throughout the article that its no where near the much touted 30% performance drop and then provide the apache server benchmark which miraculously gives an average of 30% degradation across all cpu's and ignores the results from it and continues claiming theres no major change in performance.... anyone would think intel owned that benchmarking site given its problem with reading the data from the tables and reporting them accurately....

they also are doing something funny with the test results and being blatant about it hoping nobody notices, no data to suggest what se values represent but the fact they are different for each system (before/after) indicates the results as displayed are fake, indeed if that figure literally means accuracy of results then deflection of up to 10% on the +/- is way outside of normal tolerance for performance benchmarks and is indicative of someone fudging figures, if the deflection value is less than 0.01 then its not worth noting, which begs the question of why bother unless its a scale change

if its a scale change then a value of 0.05 versus a scale change of 0.1 is massive and indicates them "fixing results" (first chart) but of course the deflection/scale change values are not listed as to what they represent your left with a bar chart with lots of random numbers that has clearly been sized to indicate "no discernible change" which tells me theres a lot of discernible change and they just dont want to admit it...i would give them more props if they just told the truth and said we found a problem but were not sure how realistic it is for server workloads


----------



## The L33t

Could be a compounding effect. Losts of HDD request where we have a very significant impact reported across the board and some loss in the processing capabilities.

This is very dependent on what type of content you are serving and the configuration you are running both on hardware and software setup. Memory capacity, caching settings etc.

Serving loads of static pages is very different from serving media.

One thing is clear, under some circumstances the impact can be very serious.


----------



## The L33t

From redhat
Quote:


> In order to provide more detail, Red Hat's performance team has categorized the performance results for Red Hat Enterprise Linux 7, (with similar behavior on Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 5), on a wide variety of benchmarks based on performance impact:
> 
> Measureable: 8-19% - Highly cached random memory, with buffered I/O, OLTP database workloads, and benchmarks with high kernel-to-user space transitions are impacted between 8-19%. Examples include OLTP Workloads (tpc), sysbench, pgbench, netperf (< 256 byte), and fio (random I/O to NvME).


----------



## Avant Garde

So what would be the ultimate TLR? I was just going to get 8700K for my new system....


----------



## The L33t

Quote:


> Originally Posted by *Avant Garde*
> 
> So what would be the ultimate TLR? I was just going to get 8700K for my new system....


If you are not in a hurry I'd say sit still until the Ryzen+ come out in April.

This will give you new options and if you still want Intel at least you will at that time have a better understanding of the losses regarding these issues or lack thereof in your case maybe.

Very early stage on the patches and also the exploits quite frankly.. The fun has just begun...


----------



## cx-ray

Quote:


> Originally Posted by *The L33t*
> 
> Could be a compounding effect. Losts of HDD request where we have a very significant impact reported across the board and some loss in the processing capabilities.


Optane SSDs and DIMMs are becoming more compelling by the day. This security leak is perfect timing for Intel's marketing department


----------



## The L33t

Quote:


> Originally Posted by *cx-ray*
> 
> Optane SSDs and DIMMs are becoming more compelling by the day. This security leak is perfect timing for Intel's marketing department


I get what you mean but quite frankly I do not think the marketing department is having any fun right now lol.

But if the conclusions some get from this is they must add more Intel to their life... I'd say they are deserving of some spanking.


----------



## cfu97

Quote:


> Originally Posted by *Glottis*
> 
> Yes we get it, you are AMD fanboy. How many more worthless single sentence posts are you going to make here?


I am not and fanboy and all my computers have Intel CPU.


----------



## cekim

Quote:


> Originally Posted by *nanotm*
> 
> what i dont get is that they claim throughout the article that its no where near the much touted 30% performance drop and then provide the apache server benchmark which miraculously gives an average of 30% degradation across all cpu's and ignores the results from it and continues claiming theres no major change in performance....


It's very simple... Apache has been a standout application for its loss of performance from the beginning... given what it does and the behavior of virtually everything else, it is safe to assume that this is exposing something that could, can and will be optimized in Apache that didn't need to before.

apache is not a write intensive application which is where the bulk of the measurable impact is.
EDIT: Apache does do lots of small writes to sockets, which may explain it... however see everything I've said, given every other application I've seen and understanding specifically what must slow down and what doesn't have to, I expect optimizations to drastically reduce this impact in the not too distant future.

So, when you look at the whole of performance across most things a server does, 30% is an invalid claim. It gets even more incorrect when adjustments re made to offset the known, real impacts of these patches. The 4.x kernel already had PCID optimizations in flight when these patches came around so they were far less detrimental than they were to the 3.x kernel.
Quote:


> Originally Posted by *"nanotubes"*
> anyone would think intel owned that benchmarking site given its problem with reading the data from the tables and reporting them accurately....
> ...
> f..i would give them more props if they just told the truth and said we found a problem but were not sure how realistic it is for server workloads


You are contradicting yourself here... they did say that, but then you acted as if they were papering over apache's 30% hit. The truth is outside benchmarks and directed tests and Apache the impact is small to nil.

I've spent a good deal of time since this nonsense hit tying to understand how it will affect my compute usage and it's become clear that once I upgrade to the latest kernel and make small optimizations to software I control, the answer is not really, but there is a cost to upgrading software and making those optimizations...

At the end of the day, they are saying the same thing. Intel CPUs have not suddenly and permanently lost 30% of their performance on everything or even most things. They've significantly changed their write I/O performance and to make that go away in your application you are going to need to optimize this more than you have in the past, but as a practical matter you can...

Without change, my 3 day RTL sim, still took 3 days, not 4. My 25m sim still took 25m not 32m. My large database manipulation has taken a 1%ish hit. My peak NFS performance has taken about a 0.3-0.5% hit...

It is very important to note that if I did not go to the 4.x kernel, then the NFS and DB hit higher. So Intel is going to force software upgrades to work around their botched security protections....

However, it can be worked around without the 30% hit.

I'd be fine if people were pissed at the churn and human cost of working around these bugs, but instead they are pissed about a 30% hit that doesn't exist...


----------



## Blameless

Quote:


> Originally Posted by *jagdtigger*
> 
> Then why they selling unlocked "k" models?


Because people buy them, even if using the unlocked feature voids the warranty. Indeed, Intel sells tuning plans to those who want a warranty while overclocking.
Quote:


> Originally Posted by *jagdtigger*
> 
> BTW FYI intels toothpaste also affecting r=1 users too. Since its a crappy one it degrades faster thus increases idle and loaded temps whish in turn affecting normal usage as well...


Yes, stock processors with non-metal TIM between the die and IHS run warmer than soldered dies, but the specs take that into account and the odds of a processor run within spec failing before the end of it's useful life (or it's warranty period) is extremely small, even if you run it at 90C 24/7.
Quote:


> Originally Posted by *Avant Garde*
> 
> So what would be the ultimate TLR? I was just going to get 8700K for my new system....


Do you host large databases, virtualize many systems simultaneously, run a web server with many simultaneous clients, or spend a significant period of time in other I/O dependent tasks?

If yes, buy a Ryzen/TR/Epyc.

If no, there isn't much reason for you to change your plans.
Quote:


> Originally Posted by *cx-ray*
> 
> Optane SSDs and DIMMs are becoming more compelling by the day. This security leak is perfect timing for Intel's marketing department


I'd expect fast storage like Optane to accentuate the relative performance impact of these fixes, not mitigate them.


----------



## SavantStrike

Quote:


> Originally Posted by *tpi2007*
> 
> Tom's Hardware giving Intel and Microsoft a hand by distorting Microsoft's already vague words on the generally favourable to Intel article:
> 
> http://www.tomshardware.com/news/microsoft-intel-slowdown-old-chips,36293.html
> 
> (Bold for emphasis)
> 
> That is NOT what Microsoft said. This is:
> Where's the "significant"?
> 
> Another distortion:
> This is not true and is putting everything in the same bag. They mention this:
> https://cloudblogs.microsoft.com/microsoftsecure/2018/01/09/understanding-the-performance-impact-of-spectre-and-meltdown-mitigations-on-windows-systems/
> 
> So, _some_ and _benchmarks_. Some, meaning not all, and benchmarks, which in many cases artificially over inflate the real world performance impact. And then it says, logically, that only _some_ users will notice a decrease in system performance. But according to TH, it's significant handed out on a plate to everybody on Haswell and earlier.
> 
> Edit: Oh, and of course, if you had any doubts as to the intent of the article, this is the last paragraph:
> Seriously? Upgrade now, when we don't know the full scope of the problem and when patches are still being delivered and when we don't have actual benchmarks for everything yet? Some critical thinking journalism at the end instead of that last paragraph would have been better appreciated.


Pretty bold to start talking about an upgrade to fix an issue that was deliberately ignored. Why not pull an apple and start creating issues on purpose every few years to force users to buy new hardware.


----------



## jonny27

A bit offtopic, but I did chuckle when I heard the Spectre name at these days. Made me wonder if whoever named it follows robot combat.
(Also I don't know if anyone else saw the King of Bots' pilot episode, but holy hell this has the potential to be Razer in its prime all over again)


----------



## Gdourado

Digital Foundry analysis is up:
https://youtu.be/LC1WuKdPVCQ


----------



## Blameless

Quote:


> Originally Posted by *SavantStrike*
> 
> Why not pull an apple and start creating issues on purpose every few years to force users to buy new hardware.


Apple has a lot of fans. Fans, almost by definition, are too fanatical to care to really be pragmatic and look for alternatives.

The x86 ecosystem isn't a pure monopoly, though it came close for a while. CPUs also don't generate the same sort of uncritical loyalty as broader platforms/experiences and social fads.


----------



## Gdourado

Quote:


> Originally Posted by *Gdourado*
> 
> Digital Foundry analysis is up:
> https://youtu.be/LC1WuKdPVCQ


I am even more pissed now!
20 FPS drop in The Withcher 3!
This is unacceptable!
I upgraded to gain those 20 FPS!
I spent money to gain those 20 FPS!
Now they just take it all away with patches???

This is all so wrong!
I am sick!


----------



## guttheslayer

Quote:


> Originally Posted by *Gdourado*
> 
> I am even more pissed now!
> 20 FPS drop in The Withcher 3!
> This is unacceptable!
> I upgraded to gain those 20 FPS!
> I spent money to gain those 20 FPS!
> Now they just take it all away with patches???
> 
> This is all so wrong!
> I am sick!


Welcome to intel Monopoly.

I hope on future we will see something similar to alien covenant, where amd cpu exist to create android, and intel nowhere to be seen.


----------



## Ding Chavez

Quote:


> Originally Posted by *Gdourado*
> 
> Quote:
> 
> 
> 
> Originally Posted by *Gdourado*
> 
> Digital Foundry analysis is up:
> https://youtu.be/LC1WuKdPVCQ
> 
> 
> 
> I am even more pissed now!
> 20 FPS drop in The Withcher 3!
> This is unacceptable!
> I upgraded to gain those 20 FPS!
> I spent money to gain those 20 FPS!
> Now they just take it all away with patches???
> 
> This is all so wrong!
> I am sick!
Click to expand...

You do have the option of not doing the patch fix. Some others on OCN have said they won't bother. A hit in gaming performance is no good is it!

Ryzen 2 with a small performance increase and Intel with a decrease, with this fix. AMD Ryzen 2 might be no.1 for gaming shortly... which would be pretty amazing.

This is the worst thing for Intel ever possibly...


----------



## e-gate

Quote:


> Originally Posted by *Gdourado*
> 
> I am even more pissed now!
> 20 FPS drop in The Withcher 3!
> This is unacceptable!
> I upgraded to gain those 20 FPS!
> I spent money to gain those 20 FPS!
> Now they just take it all away with patches???
> 
> This is all so wrong!
> I am sick!


We had this vulnerability for 10 whole years. You can avoid installing the new BIOS and the Windows patch.


----------



## Silent Scone

You'd really need to see the results where you're not CPU limited, but the real answer for gamers is to not update the microcode. Also it's good to keep in mind this isn't a drop and run situation. There will be multiple revisions to the patch and microcode from here on in, as it's in Intel's best interests.


----------



## Gdourado

Quote:


> Originally Posted by *e-gate*
> 
> We had this vulnerability for 10 whole years. You can avoid installing the new BIOS and the Windows patch.


The bios patch is easy to avoid.
But the windows? The only options is to disable updates entirely.
The moment they are enabled, the update is forced I guess.
So only way is to be using a stale windows 1709 build with no future updates...


----------



## Glottis

Quote:


> Originally Posted by *Gdourado*
> 
> I am even more pissed now!
> 20 FPS drop in The Withcher 3!
> This is unacceptable!
> I upgraded to gain those 20 FPS!
> I spent money to gain those 20 FPS!
> Now they just take it all away with patches???
> 
> This is all so wrong!
> I am sick!


Calm down there drama queen, that is worst case 15% drop on one CPU in one game running only 1080p to stress CPU. He later showed older 4790K CPU and there was no significant drop in Witcher 3. He tested many other games and there was no significant difference as well.

There are many more benchmarks and videos on various websites and youtube and they all show there is no significant performance drop in gaming with win update + BIOS update.


----------



## cfu97

Quote:


> Originally Posted by *Gdourado*
> 
> I am even more pissed now!
> 20 FPS drop in The Withcher 3!
> This is unacceptable!
> I upgraded to gain those 20 FPS!
> I spent money to gain those 20 FPS!
> Now they just take it all away with patches???
> 
> This is all so wrong!
> I am sick!


You need to consider your old desktop is 30% slower now because of the same bug so you gain as long as you don't compare to amd


----------



## cfu97

Quote:


> Originally Posted by *Ding Chavez*
> 
> You do have the option of not doing the patch fix. Some others on OCN have said they won't bother. A hit in gaming performance is no good is it!
> 
> Ryzen 2 with a small performance increase and Intel with a decrease, with this fix. AMD Ryzen 2 might be no.1 for gaming shortly... which would be pretty amazing.
> 
> This is the worst thing for Intel ever possibly...


Expecting all benchmarks showing Intel is 30% slower for the same price.


----------



## Alex132

Love all the speculation without proof.


----------



## e-gate

Quote:


> Originally Posted by *Alex132*
> 
> Love all the speculation without proof.


You clearly missed all the videos and benchmarks.


----------



## crpcookie

Quote:


> Originally Posted by *Ding Chavez*
> 
> You do have the option of not doing the patch fix. Some others on OCN have said they won't bother. A hit in gaming performance is no good is it!
> 
> Ryzen 2 with a small performance increase and Intel with a decrease, with this fix. AMD Ryzen 2 might be no.1 for gaming shortly... which would be pretty amazing.
> 
> This is the worst thing for Intel ever possibly...


Ryzen 2? As much as I like underdogs doing well... that's not happening with only merely increase in clockspeed. Maybe with Ryzen 3 with Zen 2 upgrade.


----------



## Curvy Groyper

Quote:


> Originally Posted by *crpcookie*
> 
> Ryzen 2? As much as I like underdogs doing well... that's not happening with only merely increase in clockspeed. Maybe with Ryzen 3 with Zen 2 upgrade.


Wont Ryzen 2 also improve IPC? I was thinking they will increase the number of transistors also since they will be slightly smaller.If they increse the clockspeed by 9% and IPC by 9% then they will be close to Coffee Lake,especialy after the patch and bios update.


----------



## Gdourado

How are the patches avoidable?
I have my usb stick drive with windows 1709 build for install and also all the drivers for my hardware from November are there.
I can do a clean install with that stick with the Ethernet cable disconnected, install all the drives, block windows updates through group policy and then connect the Ethernet cable back.
I guess that would leave me with a performance gaming machine.
But then, all future windows updates that are not the crippling patches are also locked out...

Cheers!


----------



## Blameless

Quote:


> Originally Posted by *Gdourado*
> 
> I am even more pissed now!
> 20 FPS drop in The Withcher 3!
> This is unacceptable!
> I upgraded to gain those 20 FPS!
> I spent money to gain those 20 FPS!
> Now they just take it all away with patches???
> 
> This is all so wrong!
> I am sick!


Witcher 3 is an outlier among games and running Witcher 3 on an OCed Titan Xp at 1080p to remove GPU limitations is a really niche scenario.
Quote:


> Originally Posted by *e-gate*
> 
> We had this vulnerability for 10 whole years. You can avoid installing the new BIOS and the Windows patch.


It hasn't been known or exploited until much more recently and the implication that it's wise to not update because it's always been there isn't sound reasoning.
Quote:


> Originally Posted by *Gdourado*
> 
> The bios patch is easy to avoid.
> But the windows? The only options is to disable updates entirely.
> The moment they are enabled, the update is forced I guess.
> So only way is to be using a stale windows 1709 build with no future updates...


The Windows patch, when used without the microcode patch, has a much more modest performance impact.


----------



## SavantStrike

Quote:


> Originally Posted by *Midnight ***per*
> 
> Wont Ryzen 2 also improve IPC? I was thinking they will increase the number of transistors also since they will be slightly smaller.If they increse the clockspeed by 9% and IPC by 9% then they will be close to Coffee Lake,especialy after the patch and bios update.


I would expect 2-3 percent IPC improvement at most. It's a refresh not an architecture change. Clock speed 5-10 percent. It depends on how good the new node is.


----------



## PostalTwinkie

Quote:


> Originally Posted by *SavantStrike*
> 
> I would expect 2-3 percent IPC improvement at most. It's a refresh not an architecture change. Clock speed 5-10 percent. It depends on how good the new node is.


Wait, for the last ~7 years people have been calling 10% IPC per Intel refresh/generation normal. Ignoring Meltdown, that seems to have panned out to be the case. All being derivatives of the same uArch...

Now all of a sudden 2-3%? Just stop...

The extra year of time, on top of the wealth of information gathered from end users, will allow for basic architecture tweaks to touch on 10%. Overall refinement of the design, of the IMC itself, literally everything. There is a Hell of a lot more than 2-3% sitting there.

They are also moving from 14nm Low Power Plus fabrication to 12nm Leading Power fabrication. The former being focused on not so much higher clocks but better efficiency in mobile, etc. By comparison the 12nm LP is designed for, well, performance, and will allow for higher clock speeds.


----------



## zoinho

Quote:


> Originally Posted by *Glottis*
> 
> Calm down there drama queen, that is worst case 15% drop on one CPU in one game running only 1080p to stress CPU. He later showed older 4790K CPU and there was no significant drop in Witcher 3. He tested many other games and there was no significant difference as well.
> 
> There are many more benchmarks and videos on various websites and youtube and they all show there is no significant performance drop in gaming with win update + BIOS update.


Here? "interestingly, re-running the test on a (slower) Core i7 4790K only saw a performance hit of three per cent" http://www.eurogamer.net/articles/digitalfoundry-2018-does-patching-cpu-security-flaws-impact-gaming-performance


----------



## Jpmboy

What I can't understand is why anyone with a rig that is use mainly for games is even concerned about this. Maybe someone can give a rational explanation, rather than tin-foil hat arguments. The main vulnerability is in large data/client servers and secure data/server centers. Geeze, if anyone was looking to steal your Steam password, they'd target the exploit to Steam, not your PC (tho no proof of it being used to do so has surfaced.. anywhere). If loosing 20 FPS in Witcher is a deal breaker, then there is no reason to patch that gaming rig (risk-benefit... or no benefit).
Now, if you are managing big data and services (or possibly valuable, proprietary information), yeah - this is a big deal.
{let the hate posts begin}


----------



## Mysticial

Quote:


> Originally Posted by *Jpmboy*
> 
> What I can't understand is why anyone with a rig that is use mainly for games is even concerned about this. Maybe someone can give a rational explanation, rather than tin-foil hat arguments. The main vulnerability is in large data/client servers and secure data/server centers. Geeze, if anyone was looking to steal your Steam password, they'd target the exploit to Steam, not your PC (tho no proof of it being used to do so has surfaced.. anywhere). If loosing 20 FPS in Witcher is a deal breaker, then there is no reason to patch that gaming rig (risk-benefit... or no benefit).
> Now, if you are managing big data and services (or possibly valuable, proprietary information), yeah - this is a big deal.
> {let the hate posts begin}


A semi-realistic case I can come up with is exploiting Spectre via Javascript from a website.

You visit the website in tab A.
On tab B, you log into something.
The malicious javascript on tab A snoops your browser and captures your password. Then it sends it home to the attacker.
This attack is possible since both tabs are in the same address space in user mode. Furthermore, the website in A doesn't need to be a sketchy site. It can be a harmless site that has been compromised.

If you're wondering how the malicious JS in tab A can even find your password in memory, if you leave it open long enough, it has all the time in the world to scan the memory and look for fingerprints that would indicate a password field or something. Then all it needs to do is watch those addresses.

The current countermeasure is that browsers are pushing out updates to make this more difficult by lowering the resolution of the timers, or separating tabs into different processes.


----------



## cekim

Quote:


> Originally Posted by *Jpmboy*
> 
> What I can't understand is why anyone with a rig that is use mainly for games is even concerned about this. Maybe someone can give a rational explanation, rather than tin-foil hat arguments. The main vulnerability is in large data/client servers and secure data/server centers. Geeze, if anyone was looking to steal your Steam password, they'd target the exploit to Steam, not your PC (tho no proof of it being used to do so has surfaced.. anywhere). If loosing 20 FPS in Witcher is a deal breaker, then there is no reason to patch that gaming rig (risk-benefit... or no benefit).
> Now, if you are managing big data and services (or possibly valuable, proprietary information), yeah - this is a big deal.
> {let the hate posts begin}


It goes like this...

Benchmark 1 - 0% change
Benchmark 2 - -1%
Benchmark 3 - +2%
Benchmark 4 - -5%
.... and so on... with a lot of small gains and losses.
Benchmark 50 - -22%. Yep, Apache is busted... patch squirrels are already hard at work I am sure...

"ZOMG! A 30% across the board drop, my coffee lake is a nahelem!!!" -freakout mcfreakerston

I encourage anyone who is "done, just done" with intel hardware to ship their worthless hardware to me and buy a Ryzen..... AMD gets money to continue competing and forces intel to keep beating them. We all win....

And I run your worthless hardware in my basement behind a threadripper pfsense firewall just to make you angry (and hey it's more secure for now) ;-)

P.S. AWS after initially noting issues is now saying no significant impact for the overwhelming majority of customers. Yes we all know Apache needs some work, but it always does...


----------



## Gunderman456

Quote:


> Originally Posted by *Forceman*
> 
> As has been pointed out many times, it isn't 30% for typical consumer workloads. And what would you like to see from a recall? This is Intel's architecture, they can't just whistle up a couple of million compeletely redesigned replacement chips in couple of weeks. Even if they wanted to replace every affected chip it wouldn't be physically possible to fab that many - you are talking about years worth of production here.


They should recall, by providing everyone with a reengineered 8700 and a mobo (gaming mobo for the gamers).

If that was made to happen, then you could say Intel may have learn their lesson. Lawsuits, will prove a slap on the wrist and mostly lawyers and governments would profit, leaving everyone else with a $20 slap in the face.


----------



## cekim

Quote:


> Originally Posted by *Gunderman456*
> 
> They should recall, by providing everyone with a reengineered 8700 and a mobo (gaming mobo for the gamers).


Replace it with what? They haven't fixed the hardware yet... even with the patch, there is no cpu faster for games... period... still.... even now. Lol


----------



## cekim

Quote:


> Originally Posted by *Mysticial*
> 
> A semi-realistic case I can come up with is exploiting Spectre via Javascript from a website.
> 
> You visit the website in tab A.
> On tab B, you log into something.
> The malicious javascript on tab A snoops your browser and captures your password. Then it sends it home to the attacker.
> This attack is possible since both tabs are in the same address space in user mode. Furthermore, the website in A doesn't need to be a sketchy site. It can be a harmless site that has been compromised.
> 
> If you're wondering how the malicious JS in tab A can even find your password in memory, if you leave it open long enough, it has all the time in the world to scan the memory and look for fingerprints that would indicate a password field or something. Then all it needs to do is watch those addresses.
> 
> The current countermeasure is that browsers are pushing out updates to make this more difficult by lowering the resolution of the timers, or separating tabs into different processes.


Yeah @jpmboy, the threat is real... and stolen CCs, and ID are bought and sold on the black market in bulk, so no one is too small...

Not patching on a machine browsing, opening email, talking to anything that has you typing credentials or otherwise sending authentication is a terrible idea. You can expect prepackaged exploits making their way to bad people already....


----------



## jaredismee

that is a pretty significant hit to witcher 3
Quote:


> Originally Posted by *Jpmboy*
> 
> 
> 
> Spoiler: Warning: Spoiler!
> 
> 
> 
> What I can't understand is why anyone with a rig that is use mainly for games is even concerned about this. Maybe someone can give a rational explanation, rather than tin-foil hat arguments. The main vulnerability is in large data/client servers and secure data/server centers. Geeze, if anyone was looking to steal your Steam password, they'd target the exploit to Steam, not your PC (tho no proof of it being used to do so has surfaced.. anywhere). If loosing 20 FPS in Witcher is a deal breaker, then there is no reason to patch that gaming rig (risk-benefit... or no benefit).
> Now, if you are managing big data and services (or possibly valuable, proprietary information), yeah - this is a big deal.
> {let the hate posts begin}


you saying not to update and patch consumer pcs?

some steam libraries have quite a bit of value, and some people use credit cards and access banks on their home computer.


----------



## Gdourado

Quote:


> Originally Posted by *Gdourado*
> 
> How are the patches avoidable?
> I have my usb stick drive with windows 1709 build for install and also all the drivers for my hardware from November are there.
> I can do a clean install with that stick with the Ethernet cable disconnected, install all the drives, block windows updates through group policy and then connect the Ethernet cable back.
> I guess that would leave me with a performance gaming machine.
> But then, all future windows updates that are not the crippling patches are also locked out...
> 
> Cheers!


Quote:


> Originally Posted by *Jpmboy*
> 
> What I can't understand is why anyone with a rig that is use mainly for games is even concerned about this. Maybe someone can give a rational explanation, rather than tin-foil hat arguments. The main vulnerability is in large data/client servers and secure data/server centers. Geeze, if anyone was looking to steal your Steam password, they'd target the exploit to Steam, not your PC (tho no proof of it being used to do so has surfaced.. anywhere). If loosing 20 FPS in Witcher is a deal breaker, then there is no reason to patch that gaming rig (risk-benefit... or no benefit).
> Now, if you are managing big data and services (or possibly valuable, proprietary information), yeah - this is a big deal.
> {let the hate posts begin}


I already asked in a previous post how to avoid the patches, but in the long run.
Only option is to run a stale version of windows 10 without future updates since December 2017?


----------



## Jpmboy

Quote:


> Originally Posted by *Mysticial*
> 
> A semi-realistic case I can come up with is exploiting Spectre via Javascript from a website.
> 
> You visit the website in tab A.
> On tab B, you log into something.
> The malicious javascript on tab A snoops your browser and captures your password. Then it sends it home to the attacker.
> This attack is possible since both tabs are in the same address space in user mode. Furthermore, the website in A doesn't need to be a sketchy site. It can be a harmless site that has been compromised.
> 
> If you're wondering how the malicious JS in tab A can even find your password in memory, if you leave it open long enough, it has all the time in the world to scan the memory and look for fingerprints that would indicate a password field or something. Then all it needs to do is watch those addresses.
> 
> The current countermeasure is that browsers are pushing out updates to make this more difficult by lowering the resolution of the timers, or separating tabs into different processes.


I always thought this (existing) cross tab snoop did not "require" the current hardware "hole". And that the current hardware vulnerability, if exploited successfully, allows a cross-process snoop (even of private bytes). Right?
Quote:


> Originally Posted by *jaredismee*
> 
> that is a pretty significant hit to witcher 3
> you saying not to update and patch consumer pcs?
> 
> *some steam libraries have quite a bit of value*, and some people use credit cards and access banks on their home computer.


Yes they do. Again, the hack payload is more likely to target Steam or any other service provider where it can harvest many 1000's of hits. Besides, Steam has a contractual obligation with you regarding your personal information. They definitely need to worry.
IMO - allowing direct banking account access to any service is just asking for trouble. These institutions are more likely to let your info loose than any consumer PC assuming the user does not do a "_Podesta_". There is some measure of personal PC hygiene that needs to be exercised with any platform.

@cekim oh for sure, the dark side has bulk info... mostly collected in bulk.
Luckily my wife's tax machines here are all encrypted, wouldn't want any tax returns loose on the web.


----------



## Echoa

Quote:


> Originally Posted by *cekim*
> 
> I encourage anyone who is "done, just done" with intel hardware to ship their worthless hardware to me and buy a Ryzen..... AMD gets money to continue competing and forces intel to keep beating them. We all win....


Agreed, I'll take the hardware trash for next to nothing, people can go AMD right this second in a snap decision and toss their Intel hardware at a loss while I scoop it up for various uses.


----------



## NexusRed

Quote:


> Originally Posted by *Echoa*
> 
> Agreed, I'll take the hardware trash for next to nothing, people can go AMD right this second in a snap decision and toss their Intel hardware at a loss while I scoop it up for various uses.


+1

I'm on AMD now and will take all the trash Intel CPUs for bottom dollar prices.


----------



## Mysticial

Quote:


> Originally Posted by *Jpmboy*
> 
> I always thought this (existing) cross tab snoop did not "require" the current hardware "hole". And that the current hardware vulnerability, if exploited successfully, allows a cross-process snoop (even of private bytes). Right?


Barring an unrelated vulnerability (such as in the browser itself), no you can't do cross tab snooping without Spectre. The browser will keep the tabs separate. But Spectre allows everything to read everything in the same address space with user-mode perms. Meltdown eliminates the perms restrictions as well.

I haven't read enough about the vulnerabilities to know (theoretically) how to exploit it to do cross-process snooping. (Mostly because I'm not a kernel expert.) So I can't really comment on that part.


----------



## Jpmboy

Quote:


> Originally Posted by *Gdourado*
> 
> I already asked in a previous post how to avoid the patches, but in the long run.
> Only option is to run a stale version of windows 10 without future updates since December 2017?


you need to edit group policy as follows:

run> gpedit
nav to computer config>admin templates> windows components>windows update
then on the right side double click Config Automatic Updates and set it as you need.

to reverse, just return it to the defaults.
Quote:


> Originally Posted by *Mysticial*
> 
> Barring an unrelated vulnerability (such as in the browser itself), *no you can't do cross tab snooping without Spectre. The browser will keep the tabs separate.* But Spectre allows everything to read everything in the same address space with user-mode perms. Meltdown eliminates the perms restrictions as well.
> 
> I haven't read enough about the vulnerabilities to know (theoretically) how to exploit it to do cross-process snooping. (Mostly because I'm not a kernel expert.) So I can't really comment on that part.


thanks! +1


----------



## Quantum Reality

Quote:


> Originally Posted by *Jpmboy*
> 
> What I can't understand is why anyone with a rig that is use mainly for games is even concerned about this. Maybe someone can give a rational explanation, rather than tin-foil hat arguments. The main vulnerability is in large data/client servers and secure data/server centers. Geeze, if anyone was looking to steal your Steam password, they'd target the exploit to Steam, not your PC (tho no proof of it being used to do so has surfaced.. anywhere). If loosing 20 FPS in Witcher is a deal breaker, then there is no reason to patch that gaming rig (risk-benefit... or no benefit).
> Now, if you are managing big data and services (or possibly valuable, proprietary information), yeah - this is a big deal.
> {let the hate posts begin}


Even your Steam account, which is technically pretty low-value to anyone but you, could be maliciously used.

Suppose that a program could snoop on you typing your Steam password. At that point a person could maliciously use credit card information stored on file in your account for any purpose.


----------



## Jpmboy

Quote:


> Originally Posted by *Mysticial*
> 
> Barring an unrelated vulnerability (such as in the browser itself), no you can't do cross tab snooping without Spectre. The browser will keep the tabs separate. But Spectre allows everything to read everything in the same address space with user-mode perms. Meltdown eliminates the perms restrictions as well.
> 
> I haven't read enough about the vulnerabilities to know (theoretically) how to exploit it to do cross-process snooping. (Mostly because I'm not a kernel expert.) So I can't really comment on that part.


Quote:


> Originally Posted by *Quantum Reality*
> 
> Even your Steam account, which is technically pretty low-value to anyone but you, could be maliciously used.
> 
> *Suppose that a program could snoop on you typing your Steam password*. At that point a person could maliciously use credit card information stored on file in your account for any purpose.


don't need either of these two "new" holes for a keylogger.


----------



## Blameless

Unless you have a specific and compelling reason not to apply these patches, you probably should.

Sure, maybe a consumer is less likely to be a target of many of the attacks these vulnerabilities enable, but they are also far less likely to see a performance hit severe enough to be noticeable.


----------



## Disharmonic

For those of you looking to avoid the patches, you can disable the Meltdown patch in the registry. Just know that you are leaving your system wide open to attack. Meltdown in particular seems extremely easy to exploit.
Quote:


> Originally Posted by *Midnight ***per*
> 
> Wont Ryzen 2 also improve IPC? I was thinking they will increase the number of transistors also since they will be slightly smaller.If they increse the clockspeed by 9% and IPC by 9% then they will be close to Coffee Lake,especialy after the patch and bios update.


Ryzen 2 is just a shrink. Increased clockspeed and better memory compatibility are the 2 goals for this shrink according to AMD. If they manage to increase the base clockspeed to say 4 - 4.2GHzwhile also increasing memory speed that should result in a sizable bump in performance, since Zen seems to improve a lot with faster memory.


----------



## Jpmboy

Quote:


> Originally Posted by *Blameless*
> 
> Unless you have a specific and compelling reason not to apply these patches, you probably should.
> 
> Sure, maybe a consumer is less likely to be a target of many of the attacks these vulnerabilities enable, but they are also far less likely to see a performance hit severe enough to be noticeable.


I don't disagree. It's the running-around-with-hair-on-fire thing... just hoping to dowse the fire a bit.








patched a z370 rig here - running fine, no loss in performance (but only the windows patch so far, the uCode is not yet available). Same for x299, x99 and x79


----------



## Forceman

Quote:


> Originally Posted by *Gunderman456*
> 
> They should recall, by providing everyone with a reengineered 8700 and a mobo (gaming mobo for the gamers).
> 
> If that was made to happen, then you could say Intel may have learn their lesson. Lawsuits, will prove a slap on the wrist and mostly lawyers and governments would profit, leaving everyone else with a $20 slap in the face.


Even assuming they wanted to do that, it's not like they have a "reengineered 8700" just sitting on the shelf waiting to go, and even if they did it would still take months to fabricate them. There's a reason it takes literally years for new architectures to make their way through the pipeline.


----------



## Serios

Quote:


> Originally Posted by *cekim*
> 
> Their patch broke various AMD setups requiring you to revert it.


Various AMD setups?
What setups exactly?


----------



## Vlada011

Guys I will made topic tomorrow for people who just upgrade their systems and who don't have money as enthusiasts who change computer every year and without bug to demand full compensation from Intel.
People who decide to stay silent and update their patch, bios, microcode, scripts, will be faced with constant performance loss from drivers, softwares etc... And true reality will force you to replace computer if you have money without need.
Intel and their damage control service try convincing customers in patches to avoid to talk about bad side, performance loss.
For them if you loss performance that's not big deal. They give you 30% for 5 years and now take you suddenly 30%.

I give you warranty double slower PC over time than same CPU without any patches.
After NVIDIA, and other companies start to update their drivers and change them you will suffer badly from different kind of problems.
I'm not expert but people I talk say that Intel can't completely secury bug as processor without bug and that performance loss is much bigger than they want to present.

My score after uninstall batch and hidding with software was back but not on results before patch and I don't expect before revert Windows on 1607 version from July 2016 and hidding all patches with softwares.I will disable defender, disable antivirus and install best anti-spyware and antivirus software I find.
If patch update automatic I will send letter to Intel to demand compensation because performance loss against my will.

People who live in countries where Intel is present as company could instantly get compensations on local courts.
After reading news any judge will demand full compensation and that mean revert money of cost of Intel platform.
Intel Processor and Intel Chipset. Every judge will done that. Don;t even to talk about Kaby Lake and Coffee Lake owners they are lead in fallacy with intention, that's pure crime in every country.
They advertised processors and send them to customers full aware security bugs and performance loss after patch update. And Europe is tired from such things from American companies.
If Intel is faced with charge of more people worldwide they will lose huge ammong of money, I talk about single ot two digits with 9 zeros.


----------



## Mysticial

Quote:


> Originally Posted by *Jpmboy*
> 
> don't need either of these two "new" holes for a keylogger.


Tabs are sandboxed by design. So barring another* vulnerability (such as in the browser), it is not possible for a tab to keylog outside of that tab.

*In reality, there will always be vulnerabilities due to the sheer complexity of everything. But the point is that the *intent* is not to allow tabs to exit their sandbox.


----------



## Jpmboy

Quote:


> Originally Posted by *Mysticial*
> 
> Tabs are sandboxed by design. So barring another vulnerability* (such as in the browser), it is not possible *for a tab to keylog outside of that tab.*
> 
> *In reality, there will always be vulnerabilities due to the sheer complexity of everything. But the point is that the *intent* is not to allow tabs to exit their sandbox.


Yes. The assumption being that the keylogger is running from within the browser. We certainly know that KLs can run system or group-wide.
Anyhow, bottom line is it's really hard to secure any system from "cooperative/permissive" end user input.


----------



## Vlada011

Only god saved me to spend money I saved for GPU on Skylake-X.
Now I would not lose time on debate at all, I would try for any cost to sell parts even with 30% lower price only to switch to Threadripper because Terminator 4 socket will stay who knows how long on market.
As Opteron and one more update will be compatible.

This is biggest manipulation of customers in IT world and company who done that once is capable again and should
not be forgive if they launch 20% better CPU than AMD without bug for some normal price as AMD.

I read on some back pages some guy update 2500K after 7 years.
Are they aware how many such people exist. I bought i7-5820K I didn't plan to replace CPU platform before 2020.
I have no money, simply i7-5820K is more than monthly payement in my country. If I want to replace GPU I need to save money and now wait Volta because if I buy 1080TI launched before 12 months I will stay on that 3 years. I need new monitor, I have 1920x1080. I would be able to pay him in December 2018 I will be able to buy new LG worth 700 euro. In mean time I should buy M.2, watercooling and now I;m faced with fact that my platform is crippled. That change everything, every plan.

I will done this... revert Windows to 1607 July 2016.
Install drivers without connection to Internet. Connect to NET and immediately search Updates with softwares to Hide possible update launched 4 january updaye 1703 and 1709 will be hidden, off course and Security Update for Intel processors. I will try to hide him with that software. I will disable all windows security measures, Windows Defender, Firewall and Antivirus and install some reliable Antispyware and Antivirus software or few of them.
My computer could be attacked only to serve as mining RIG or something like that. Because I have monitoring always on scren and browser is not on full screen I always see usage of CPU and GPU. If they increase first measure is restart computer, if that repeat after restar without delay CAT cable go out computer. I don't wait nothing, I don't surf for solution, I don;t search for culprits, nothing. Next time when I connect that's differen environment and hacker need to work from start.


----------



## djriful

No change on performance.

Bright orange is the current after patch and the dark orange is post-patch. I'm on Windows 10 Pro 17xx. Not sure why Cinebench detects as Win 8.

3930k lol I miss my old 3930k 4.9Ghz was hitting 1250 score.


----------



## revro

so i have put on my q9550 8gb ddr2 gtx970 ou wait my system is bugged in its entirety lol

anyway i used the win os 7 and ie11 patch, gtx new driver and the firefox, but my ancient mb wont get any patch nor will the cpu.

ou well its the time i guess, will go with ryzen+ in summer, by then if there are any golive issues it would be sorted out. if only 16gb of ddr4 did not cost 200eur ...

so i guess i am still open to spectre 2 bug. what does it do? thank you


----------



## Mysticial

Quote:


> Originally Posted by *Jpmboy*
> 
> Yes. The assumption being that the keylogger is running from within the browser. We certainly know that KLs can run system or group-wide.
> Anyhow, bottom line is it's really hard to secure any system from "cooperative/permissive" end user input.


If someone manages to get a system-wide keylogger on the system, they've got bigger problems to deal with.


----------



## Gunderman456

Quote:


> Originally Posted by *Forceman*
> 
> Even assuming they wanted to do that, it's not like they have a "reengineered 8700" just sitting on the shelf waiting to go, and even if they did it would still take months to fabricate them. There's a reason it takes literally years for new architectures to make their way through the pipeline.


Whatever, next chip that does not have those backdoors (yeah righhht....) either the 9700 or whatever comes next after that.

I feel NSA/CIA backdoors will always be there in hardware/software, so why out this now? I think Intel wants everyone to upgrade their 15 year old computers by excusing these backdoors as mistakes/bugs. OOOoooops, we're sorry, NOW UPGRADE YOUR FREEKING AGING HARDWARE!









I'll play your game by demanding a recall!!!


----------



## Vlada011

Quote:


> Originally Posted by *djriful*
> 
> No change on performance.
> 
> Bright orange is the current after patch and the dark orange is post-patch. I'm on Windows 10 Pro 17xx. Not sure why Cinebench detects as Win 8.
> 
> 3930k lol I miss my old 3930k 4.9Ghz was hitting 1250 score.


Cinebench, CPU-Z, Intel Xtreme Utility no change on performance, for now. But they will arrive letter with constant patches from different sites.
We will lost self in patches and microcodes and different fixes.
Real Bench as accurate tool more than all of these together report drop in every score special Image Editiing.

First drop was 196.000 to 138.000, after one more patch performance drop to 122.000.
After uninstall patch performance back but not completely on 155.000. I expect after Windows restart to back, if Intel didn;t change something in CPU permanently.

It's nice to see how Intel Damage Control Service success to distract attention from performance loss with talking about security.
We will pay half security more than you think, only that will be visible for 12 months when someone compare full patched PC with same without patch.
I swear in god, when I uninstall patch I felt like I increase frequency on CPU and memory. Do you know when you OC little and restart and first impression until you used on better performance.
That was experience after removing patch.


----------



## The L33t

Quote:


> Originally Posted by *Vlada011*
> 
> Cinebench, CPU-Z, Intel Xtreme Utility no change on performance, for now. But they will arrive letter with constant patches from different sites.
> We will lost self in patches and microcodes and different fixes.
> Real Bench as accurate tool more than all of these together report drop in every score special Image Editiing.
> 
> First drop was 196.000 to 138.000, after one more patch performance drop to 122.000.
> After uninstall patch performance back but not completely on 155.000. I expect after Windows restart to back, *if Intel didn;t change something in CPU permanently.*
> 
> It's nice to see how Intel Damage Control Service success to distract attention from performance loss with talking about security.
> We will pay half security more than you think, only that will be visible for 12 months when someone compare full patched PC with same without patch.
> I swear in god, when I uninstall patch I felt like I increase frequency on CPU and memory. Do you know when you OC little and restart and first impression until you used on better performance.
> That was experience after removing patch.


You cannot change something in the CPU permanently. Nor can Intel.


----------



## cekim

Quote:


> Originally Posted by *The L33t*
> 
> You cannot change something in the CPU permanently. Nor can Intel.


Well, to be fair with enough current, you can "change" it, but it won't function very well after you let the blue smoke out...


----------



## The L33t

Quote:


> Originally Posted by *cekim*
> 
> Well, to be fair with enough current, you can "change" it, but it won't function very well after you let the blue smoke out...


Certainly, in the physical sense we can all take a hammer to it.

Back in the day we did unlock our own CPUs. Did that to hundreds in a store I worked at... Back when Crucial memory was the stuff and Socket A. My good old EPOX and ABIT mobos...

NVIDIA chipsets for AMD CPU's.... good memories.


----------



## cekim

Quote:


> Originally Posted by *Jpmboy*
> 
> Yes. The assumption being that the keylogger is running from within the browser. We certainly know that KLs can run system or group-wide.
> Anyhow, bottom line is it's really hard to secure any system from "cooperative/permissive" end user input.


@Jpmboy et al. there is no requirement to be in the same browser, user group, etc... There is a proof of concept that allows javascript to read from within the same process, but that's one mechanism.

I'm still digesting the specifics myselt, but from what I understand, it can brute-force anything from anywhere in an unpatched system. The issue is the low through-put of its ability to to do so that results from the iteration inherent in its function.

Meltdown is a side-channel attack that bashes away at a few addresses and uses the timing of response and some other shenanigans to extract data (slower responses mean there was no warm line for a given address in the CPU, faster mean the data it isn't supposed to see is in the cache).

That's what makes it so dangerous - it bypasses the concept of page faulting/segfault when you try to read some other processes memory. It's also what differentiates it from Specter which only has acess to a given process' privileges. Meltdown can potentially access everything.

PCID allows process isolation of the TLB, so pages from one process can't be read by another, which is why newer processors and newer Linux kernels that make use of it are showing less impact, but it requires movement of the OS to these new features as well as other mitigation.

For some light reading: (Graz University of Technology web page - boy they should make that more clear at the top! You shouldn't be clicking on things like that (especially now) without knowing what you are reading)

https://meltdownattack.com/
and
https://meltdownattack.com/meltdown.pdf


----------



## Vlada011

For me proper compensation would be i7-5960X/i7-6900K.
I don't ask nothing new gen, new models. Or 6 core models with 20-25% more than i7-5820K.
But that not exist. Because of that i7-5960X is proper. On default frequency after all patches he compensate performance decrease compare to OC i7-5820K.
And I don't need to change motherboard and platform. If we need to tolerate insecure computers than at least to compensate us performance loss with better models.
Or same power with fixed generation. But that will not happen long time. Because Intel would stay silent and launch new CPU and for 2 years told about everything.
Anyway my CPU overclocked give same results in CPU-Z as i7-5960X default. After I update all patches my CPU i7-5820K will become i7-3930K or i7-4820.

Enough we tolerate them to drive us arround like idiots.
I was completely calm when AMD beat our X99 with Ryzen 5 and 400$ model beat i7-5960X.
But this is enough, end. Now is really end because this chance everything after we update everything what they throw in front of us next 3-6 months.

But when new generation show up with fixed bug, than we will stay abandoned and real performance decrease will start from that moment.
Our processors will not be able to deal with new codes for new generations and will work far slower. We need to live with that fact.


----------



## cekim

Quote:


> Originally Posted by *Vlada011*
> 
> For me proper compensation would be i7-5960X/i7-6900K.
> ...
> Anyway my CPU overclocked give same results in CPU-Z as i7-5960X default. After I update all patches my CPU i7-5820K will become i7-3930K or i7-4820.


Seriously, for your sake - you are clearly spending a lot of time worrying about it , I suggest you take that time and look at what you do with your processor and compare it yourself.

... don't just keep spouting percentages from some web site that don't reflect actual usage or frankly any factual information at all and make yourself angry.

By all means sign petitions, keep up with class action lawsuits, pursue whatever you feel you need to within the limits of your jurisdiction/country, etc...

BUT - Get some real data from your machine that reflects your actual usage.

Can you install windows from a older install media on another hard drive? Maybe work with some friends to repeat the process on their machines as well?

Run some before and after setups with your games and applications and see for yourself what the impact is...


----------



## The L33t

Quote:


> Originally Posted by *cekim*
> 
> Seriously, for your sake - you are clearly spending a lot of time worrying about it , I suggest you take that time and look at what you do with your processor and compare it yourself.
> 
> ... don't just keep spouting percentages from some web site that don't reflect actual usage or frankly any factual information at all and make yourself angry.
> 
> By all means sign petitions, keep up with class action lawsuits, pursue whatever you feel you need to within the limits of your jurisdiction/country, etc...
> 
> BUT - Get some real data from your machine that reflects your actual usage.
> 
> Can you install windows from a older install media on another hard drive? Maybe work with some friends to repeat the process on their machines as well?
> 
> Run some before and after setups with your games and applications and see for yourself what the impact is...


That quote got messed up, I did not say anything of the kind, that should read...: Vlada011


----------



## GeneO

Quote:


> Originally Posted by *Jpmboy*
> 
> @cekim oh for sure, the dark side has bulk info... mostly collected in bulk.
> Luckily my wife's tax machines here are all encrypted, wouldn't want any tax returns loose on the web.


Huh? If somebody exploits that machine they will have access to the drive, unencrypted.


----------



## cekim

Quote:


> Originally Posted by *The L33t*
> 
> That quote got messed up, I did not say anything of the kind, that should read...: Vlada011


Yes, yes it did and yes it should sorry about that - no idea what it did there...


----------



## The L33t

Quote:


> Originally Posted by *cekim*
> 
> Yes, yes it did and yes it should sorry about that - no idea what it did there...


No "problemo"


----------



## Vlada011

What mean Actual Usage. Did you see performance difference between 3200 MHz memory kit worth 300$ or memory kit worth 800$.
Do you see
ACTUAL PERFORMANCE DIFFERENCE BETWEEN 600$ WORTH Intel 545s SSD SATA III and 300$ worth Samsung 850 EVO SSD SATA III. Can you see, and you can build RAID 0 same size for one Intel SSD.

No. No one can't see but they charge us and robbed us on that way. Now when we lose performance No big deal.
What you are gamer, don't ask because image editing is 50% slower, What you work Image Editing, why then you think about gaming performance, etc, etc...

That's not right. We lost more performance than they give us long time ago.
You will see what will happen with NVMe M.2 and SATA III next 12 months.

One thing is obvious, when they advertise small performance increase with new gen than everything is important. When customers lost 3x more and survive performance decrease without they fault than they turn story 360 degree and we read completely something else.

That's fact, and one more thing is fact, AMD owners are Customers, Intel owners are VICTIMS.
Do you know why, because they just made crime leading customers in fallacy after they knew about bug at least from summer 2017.
We should make badges... I'm Intel's Victim!









I'm AMDs customer-I'm Intels Victim.
They stole my security, my performance and lead me in fallacy to buy CPU with Security Bug after they knew about that. FACTS, PURE FACTS. No single percent of lie. Pure Facts. Advocate of John Gotty is not capable to defend that.


----------



## cekim

Quote:


> Originally Posted by *GeneO*
> 
> Huh? If somebody exploits that machine they will have access to the drive, unencrypted.


What he said...

From people I've known who have gone through it having bogus tax returns file in your name is double-plus un-fun...

Your tax returns contain everything you'd need to do that...


----------



## cekim

Quote:


> Originally Posted by *Vlada011*
> 
> What mean Actual Usage. Did you see performance difference between 3200 MHz memory kit worth 300$ or memory kit worth 800$.


I mean build a before and after windows installation and measure what YOU do with the machine to see how you are affected. Check your own FPS, application throughput etc... not benchmarks or contrived examples.
Quote:


> Originally Posted by *Vlad011*
> No. No one can't see but they charge us and robbed us on that way. Now when we lose performance No big deal.


With your ram example above - yes, I can and do measure such things. I setup a system with the new one and run MY APPLICATIONS that I care about and I time how long they take trying to control for as many variables as I can. I use this objective data to decide what upgrades are worth-while to me and to confirm or deny that something I bought delivered on its promise.
Quote:


> Originally Posted by *Vlad011*
> What you are gamer, don't ask because image editing is 50% slower, What you work Image Editing, why then you think about gaming performance, etc, etc...


RealBench is not so "Real"... It is a contrived example. Not completely without use and value, but it does not reflect what YOU would do with a PC.

I don't do much image editing, I deal with large DBs and proprietary software related to digital design most of the time, but dabble in machine learning and play games as well... I've done what I'm suggesting to you - compare what I do with my system - and what I'm finding is that the real impact is not 50%, not 30%, where it is anything at all, it is 0-3%. Mostly 0%. In fact, patching and upgrading my kernel has gained me some performance in various places.
Quote:


> Originally Posted by *Vlad011*
> That's not right. We lost more performance than they give us long time ago.
> You will see what will happen with NVMe M.2 and SATA III next 12 months.


We can see it now. I can also see it with benchmark NFS performance. I've dropped from 990-1GB/s over 10GbE to 960-970. After drying my tears when I run applications that are moving GBs over this link they show virtually no drop in performance.... They do this because they are optimized to avoid dependence on small changes in disk throughput as any application should be if it can.

So, bottom line, where I am and where I expect to me in 12 months is that I could go buy a threadripper today and in 12 months, the comparisons with today's thread-ripper and today's 7960x (I have a 7980XE, but for argument's sake) or my 2696v3 systems would remain as it is today. Even with all the patches I am:
a. still getting more performance from newer generation's than unpatched prior
b. still getting more performance from my intel chips than threadripper can provide (both overclocked to the degree stability will allow on water cooling).
c. see all the above, after patching and upgrading kernels, still getting basically the same performance I was in August of 2017.


----------



## Vlada011

Yes, nothing happen. I understand.
Intel didn't become alone like this, customers give him this shape as we see today.
Tolerating non sences.
I can't tolerate. Do you know why.
Because I looked same softwares after new gen show up and they give us smaller performance increase than now decrease.
But this is only start.
You will see report of people when everything finish for 5-6 months what we lost.

Intel is bunch of criminals who know for security bug and lead their customers in fallacy with at least 2 generation of processors.
That's fact. We are customers of criminals. That's fact. False advertising, manipulation, lies become part of IT World last 3 years after very good estimates from educated employers how much simple customer could tolerate. I think you surprised even best prediction of Inetl and NVIDIA.
For 10 years accdientaly you will find sand instead processor and someone will say bad quality control, it's still in form of sand, no big deal, RMA him.


----------



## tpi2007

Quote:


> Originally Posted by *Disharmonic*
> 
> For those of you looking to avoid the patches, you can disable the Meltdown patch in the registry. Just know that you are leaving your system wide open to attack. Meltdown in particular seems extremely easy to exploit.


Speaking of which, since people are misusing The Witcher 3 as a global example of a performance drop, when it's not, the silver lining in that game's case is that it's DRM-free and you can play it entirely off-line.

People could go off-line, run a script to disable the Kernel Page Table Isolation - KPTI (Meltdown protection) in the registry - _if_ that is actually what's affecting it most and not the Spectre microcodes or a combination of both, reboot, play the game, re-enable Kernel Page Table Isolation and reboot again and then go on-line. Since it's a story based game that you usually play for some hours straight, it could be worth it to regain the lost performance. Assuming of course that the Witcher 3's drop has to do with Meltdown only and not Spectre or a combination of both.

(Also, since it's a relatively new game, maybe the devs can do something about it. They will probably try to take that into account for the game that they are currently making, so they can eventually backport it. That's a lot of ifs though, admittedly. Alternatively, you can play it in an entirely off-line system and not apply the microcode and software patches at all.)

This routine could be applied to Steam games that can be played in off-line mode too.

Still, be mindful of what the Kernel Page Table Isolation status is before you go on-line. I can see people forgetting to re-enable it once they're done playing.


----------



## Vlada011

This is end of my with Intel, not only that I will look different on their customers after this. Intel RIG for me would be sad to look and funny.
I never saw such behavior among normal customers to buy products from criminals who lie them intentionaly with plan.
They made pure crime after they sold i7-7700K, i7-8700K and Skylake-X.


----------



## OutlawII

Quote:


> Originally Posted by *Vlada011*
> 
> This is end of my with Intel, not only that I will look different on their customers after this. Intel RIG for me would be sad to look and funny.
> I never saw such behavior among normal customers to buy products from criminals who lie them intentionaly with plan.
> They made pure crime after they sold i7-7700K, i7-8700K and Skylake-X.


Ok sounds good


----------



## Wenty

*This whole thing smells fishy.*


----------



## OutlawII

Quote:


> Originally Posted by *Wenty*
> 
> *This whole thing smells fishy.*


I caught 6 crappies ice fishing tonight does that count?


----------



## Vlada011

When American government warn in Early November no one pay attention, people were hypnotised with Volta.
Intel Bug, big Deal, spammers, speculations... nothing wrong with our Processors...hahahahaa

If you buy from Intel or Sinaloa Cartel it's same, only different type of crime.


----------



## Wenty

What Lake ???


----------



## cekim

Quote:


> Originally Posted by *Wenty*
> 
> What Lake ???


The next processor series will be named after notable north-west cess-pools...


----------



## OutlawII

Quote:


> Originally Posted by *Wenty*
> 
> What Lake ???


Right by my house takes longer to get the truck started than to drive there lol


----------



## Vlada011

This will be Long-Long Suffering, patching, updating, fixing, checking, benchmarking, comparing before Silicon Change.
I'm sick of listening about Spectre, Meltdown is important for us and we should think about him .
Like I sad Long Suffering For all users of Intel platforms until new Silicon and worse for people who estimate how long they could use their i7-8700K and i9-7900X and i7-7820X and is it worth investment because long life time.


----------



## tashcz

Yeah? How come me and the rest of the guys in the FX Vishera club run everything with 0 problems till today for 5+ years now?

Even that is not a problem, don't get me wrong. But don't swear in a company and next day swear the company. And it's not like anyone except people using databases lost much. I really wonder what this guy that has those posts:

http://www.overclock.net/forums/posts/by_user/id/287692 - list them all

is doing with his PC. He's acting like his PC turned into a brick after all of this. We lived 20 years with this problem and all of a sudden its a MASSIVE problem. 90% of people don't even know what's going on, and even more, meltdown hasn't yet had a single case of r00tkitting anything or doing damage.

The patches are more for companies and not regular users. The biggest problem is virtualisation isolation. Everything else is basicly the same as any other malware out there.


----------



## Jpmboy

Quote:


> Originally Posted by *GeneO*
> 
> Huh? If somebody exploits that machine they will have access to the drive, unencrypted.


not if the drive and data is encrypted... on top of the prep software which encrypts the data file.








Quote:


> Originally Posted by *OutlawII*
> 
> I caught 6 crappies ice fishing tonight does that count?


tasty little crappies! yum!
Quote:


> Originally Posted by *tashcz*
> 
> Yeah? How come me and the rest of the guys in the FX Vishera club run everything with 0 problems till today for 5+ years now?
> 
> Even that is not a problem, don't get me wrong. But don't swear in a company and next day swear the company. And it's not like anyone except people using databases lost much. I really wonder what this guy that has those posts:
> 
> http://www.overclock.net/forums/posts/by_user/id/287692 - list them all
> 
> is doing with his PC. *He's acting like his PC turned into a brick after all of this. We lived 20 years with this problem and all of a sudden its a MASSIVE problem. 90% of people don't even know what's going on, and even more, meltdown hasn't yet had a single case of r00tkitting anything or doing damage.*
> 
> The patches are more for companies and not regular users. The biggest problem is virtualisation isolation. Everything else is basicly the same as any other malware out there.


^^ This


----------



## cekim

Quote:


> Originally Posted by *tashcz*
> 
> even know what's going on, and even more, meltdown hasn't yet had a single case of r00tkitting anything or doing damage.
> 
> The patches are more for companies and not regular users. The biggest problem is virtualisation isolation. Everything else is basicly the same as any other malware out there.


Don't make the mistake of assuming this.... machines that have direct user logins and/or VMs running on them that others control are defintely more vulnerable than machines that have no active users that aren't you, but particularly the combination of exploits that exist can work together to harm anyone with any user logged in including you that's accessing content on the net or compromised applications.

Ordinarily an attack can only get to what your logged in privilege can see. So, if you don't login with admin/root privileges the worse that can happen is that user account and anything it can read can be read, anything it can write can be corrupted, deleted encrypted etc...

With this, any exploit that gets in as you potentially has the ability to jump that wall and see not only what you can see and write but what the admin/root/kernel can write.

The lack of reported exploits means little... only that the exploits have not been detected or reported. Keep in mind this is an exploit whose theoretical existence was noted in 1995 IIRC in an NSA paper published at the time.

Origin, steam, chrome, Firefox, mail clients, folding... all these apps are running code as "you". If they manage to kick off the exploit your virus scanner is likely not to see it and there is nothing stopping it from doing anything admin/root can do... and more. Root can't readily peak into arbitrary kernel state to get unencrypted copies of passwords etc... this can.

Combine ad served .js exploit with this and the world is your (bad guy's) oyster even if you never allow anyone else on your box.


----------



## tashcz

You're right. But that's almost the same as any other virus out there - if they weren't sneaky nobody would be voulnerable.. Sure, it will run as you, probably without admin priviliges but most better ones gain access over your PC a bit. Install one piece of software you're not 100% sure about and you're in the boat. Keyloggers, trojans, whatever... thing is they are isolated to that particular OS. That's why people used VMs on their PCs to be "a bit safer" while entering their CC or accessing higher level clearance apps.

The real problem is one user on a VM on a 40 core xeon with a bunch of VM's executing meltdown code. Not individual users PCs. They'd pay the price of someone elses misuse.

That's why new patches allow only apps that need to see/edit pieces of memory to do so, and not the other parts of it. So the biggest problem is talking to the kernel right now. Games don't talk to kernel that much so they aren't affected. Database apps talk a lot and therefore in one case I tested, I had a 300% performance loss. I could do 4500 queries per second, now I can do about 1500. But at the end of the day, it's not the home users that will suffer, it's the prosumers and cloud services as the resources are more expensive/you need more resources.

For regular users, really, there will be no difference. Even speaking about SSD performance, in real world you never see 550MB/s from a SATA connection as that data needs to be processed. And you only get 550MB/s while working with single files, which almost never happens in real world usage. It's the benchmarks that suffer the most for home users. But I don't live out of benchmarks so I really don't care actually.

At the end of the day, for those people that bought home PCs this doesn't mean much. 8700K's will stay strong, X299 will stay strong. If you bought the X299 for a home server, yeah, you might get a performance loss, but those patches were made the second day the exploit got to the public, surely there will be more optimizations. Isolation as is was the first line of defense, expect more to come.


----------



## cekim

Quote:


> Originally Posted by *tashcz*
> 
> You're right. But that's almost the same as any other virus out there


Right, which you'd patch and scan to avoid...
Quote:


> Originally Posted by *tashcz*
> The real problem is one user on a VM on a 40 core xeon with a bunch of VM's executing meltdown code. Not individual users PCs. They'd pay the price of someone elses misuse.


This is what makes it important to qualify your prior statement...

It is as bad as any virus out there, but worse because even VMs don't isolate either you from other VMs on a common host or your host from whatever your VM container runs in the hopes that it functions as an effective condom.

That _was_ the trump card of things like cubes and the concept of using virtualbox and others. To make it such that the worst it could do is destroy your container. It can do that, but it can also reach the host as you point out. AWS is not the only place such containers are used.

So, its all of the above - wear a rubber!


----------



## Vlada011

Quote:


> Originally Posted by *tashcz*
> 
> At the end of the day, for those people that bought home PCs this doesn't mean much. 8700K's will stay strong, X299 will stay strong. If you bought the X299 for a home server, yeah, you might get a performance loss, but those patches were made the second day the exploit got to the public, surely there will be more optimizations. Isolation as is was the first line of defense, expect more to come.


Exactly as I sad, people will lost in updates, good part of time will search for news and patches and what they need to be done to secure self.
While AMD users will be spared of that. I will update all patches when show up save benchmarks and that revert to Windows without connection to internet with only drivers and check again. But for that need to wait all fixes to show up.
Together with new drivers Intel customers will have one new occupation, searcing for newest security updates for bugged processor.
And what happen with Meltdown on Intel processor. When they plan to fix CPU 100%, did they talk something about that.
At the moment no such antivirus or antispyware who could protect Intel platform on same level as AMD.
Or BIOS Fix or Windows Update.


----------



## cekim

Quote:


> Originally Posted by *Vlada011*
> 
> Exactly as I sad, people will lost in updates, good part of time will search for news and patches and what they need to be done to secure self.
> While AMD users will be spared of that. I will update all patches when show up save benchmarks and that revert to Windows without connection to internet with only drivers and check again. But for that need to wait all fixes to show up.
> Together with new drivers Intel customers will have one new occupation, searcing for newest security updates for bugged processor.
> And what happen with Meltdown on Intel processor. When they plan to fix CPU 100%, did they talk something about that.


I know you hate details that conflict with your rant, but if you are an AMD user, you should be following just as closely...

The "immunity" to meltdown on AMD could be due to the shallower pipe-line depth, not a fundamental lack of the race.

This is taken from their document:
Quote:


> Originally Posted by *meltdown.com*
> We also tried to reproduce the Meltdown bug on several
> ARM and AMD CPUs. However, we did not manage
> to successfully leak kernel memory with the attack described
> in Section 5, neither on ARM nor on AMD. The
> reasons for this can be manifold. First of all, our implementation
> might simply be too slow and a more optimized
> version might succeed. For instance, a more shallow
> out-of-order execution pipeline could tip the race
> condition towards against the data leakage. Similarly,
> if the processor lacks certain features, e.g., no re-order
> buffer, our current implementation might not be able to
> leak data. *However, for both ARM and AMD, the toy
> example as described in Section 3 works reliably, indicating
> that out-of-order execution generally occurs and
> instructions past illegal memory accesses are also performed.*


The team that identified the bug, pointed out that they could perform parts of the exploit, but it appeared the race was not long enough to finish it and warned that further optimizations might change this. So, don't ignore this because AMD. You just have less patching to do (well, more like you have to revert MSFT's patches lol)


----------



## Vlada011

On my computer I will wait to all fixes show up and update, check benchmarks test.
Cinebench, Real Bench, PC Mark, 3D Mark, Geekbench and then revert system on original Windows form July 2015 and try again all of them without Net Connection.
No other choices.
I don't believe to anyone, not people who say 100% performance loss not Intel who sold Kaby Lake, Skylake-X and Coffee Lake and made crimes not informing people to insane problem. Worse of that can't be done. Only to enter in your house and smash your PC.
That's crime, If I made crime they would say Criminal should go in jail.
If they make crimes, their prices of processor is still same as before bug.


----------



## Blameless

Quote:


> Originally Posted by *Jpmboy*
> 
> not if the drive and data is encrypted... on top of the prep software which encrypts the data file.


Sure, if it's hardware encryption. However, if the encryption keys are held in memory these vulnerabilities could potentially expose it to malicious use.
Quote:


> Originally Posted by *tashcz*
> 
> meltdown hasn't yet had a single case of r00tkitting anything or doing damage.


Meltdown has only been described in specific, practical, terms very recently, so this should not be a surprise.
Quote:


> Originally Posted by *Vlada011*
> 
> I only ask simple question.
> When Intel plan and how to fix their buggy CPU completely. Because fixing part and losing time on that without solution is useless.
> If after their patches, Windows Updates and BIOS Updates still have some security bug, not capable to be resolved before new Silicon than all things are pointless.
> That's my opinion and more people think on that way.


Not a simple question or a well founded assertion.

Intel and other processor makers likely don't know precisely how, when, or even if it's practical to completely close these vulnerabilities in hardware. It's a complex issue, and short of going back to deterministic in-order architectures, isn't likely to be easy to fix.

Also, there will always be bugs, but less vulnerability is better than more.


----------



## Vlada011

One thing is sure, before new Silicon show up and before Intel made new Core after 10 years users should be ready on news about bugs,
issues, all kind of problems from users and corporations popping up like pop corns in future.
Every day you will read diffent kind of problems and negative sides of this.
Like you patch old house instead to crash down and build new one.
Intel decide to sell their processors for same price, my opinion would be recall of processors with bugs.
But I and Intel have completely different standards about humanity and human beings.
God help us if we met with some race who are really good as we try to present self to each others and in media.


----------



## GeneO

Quote:


> Originally Posted by *Blameless*
> 
> Sure, if it's hardware encryption. However, if the encryption keys are held in memory these vulnerabilities could potentially expose it to malicious use.
> Meltdown has only been described in specific, practical, terms very recently, so this should not be a surprise.
> Not a simple question or a well founded assertion.
> 
> Intel and other processor makers likely don't know precisely how, when, or even if it's practical to completely close these vulnerabilities in hardware. It's a complex issue, and short of going back to deterministic in-order architectures, isn't likely to be easy to fix.
> 
> Also, there will always be bugs, but less vulnerability is better than more.


Hardware encryption only protects you if someone steals your laptop and can't log in or if they steal your hard drive. If they can get on as you, they have access. The only way I know of of protecting your data is an external drive that gets powered off.


----------



## randomizer

I wonder what impact these patches will have on my projects' build times. Resolving dependencies between hundreds to thousands of files and then bundling the contents is already fairly slow.

Quote:


> Originally Posted by *Mysticial*
> 
> If someone manages to get a system-wide keylogger on the system, they've got bigger problems to deal with.


But at least your AV can detect it and neutralise the threat.


----------



## tashcz

Quote:


> Originally Posted by *cekim*
> 
> Right, which you'd patch and scan to avoid...
> This is what makes it important to qualify your prior statement...
> 
> It is as bad as any virus out there, but worse because even VMs don't isolate either you from other VMs on a common host or your host from whatever your VM container runs in the hopes that it functions as an effective condom.
> 
> That _was_ the trump card of things like cubes and the concept of using virtualbox and others. To make it such that the worst it could do is destroy your container. It can do that, but it can also reach the host as you point out. AWS is not the only place such containers are used.
> 
> So, its all of the above - wear a rubber!


Exactly. And since you need AV software for all viruses... consider this patch to be an extension to your AV software. It also uses your CPU's resources to scan files and memory. If you think of it that way... makes your life easier.

Also, really, just because attacks on AMD still haven't been sucsessful doesn't mean it's immune to Meltdown. Wait a bit... it took 20 years to make it work on intel, 10 days don't make a difference.
Quote:


> Originally Posted by *Vlada011*
> 
> On my computer I will wait to all fixes show up and update, check benchmarks test.
> Cinebench, Real Bench, PC Mark, 3D Mark, Geekbench and then revert system on original Windows form July 2015 and try again all of them without Net Connection.
> No other choices.
> I don't believe to anyone, not people who say 100% performance loss not Intel who sold Kaby Lake, Skylake-X and Coffee Lake and made crimes not informing people to insane problem. Worse of that can't be done. Only to enter in your house and smash your PC.
> That's crime, If I made crime they would say Criminal should go in jail.
> If they make crimes, their prices of processor is still same as before bug.


Thing is, benchmarks are the ones that show most degradation. Don't look at benchmarks, do what you do on your PC and see if it makes a difference. You don't buy a 2k$ PC to look at numbers.


----------



## cekim

Quote:


> Originally Posted by *randomizer*
> 
> I wonder what impact these patches will have on my projects' build times. Resolving dependencies between hundreds to thousands of files and then bundling the contents is already fairly slow.
> But at least your AV can detect it and neutralise the threat.


So far small read I/O hasn't been affected nearly as much as write...

I run make -j with as many threads as I have cores (18-36 depending on the machine) and I haven't seen much more than ~1% on my big projects so far.

I think Phoronix did some linux kernel build per hour as well:
https://www.phoronix.com/scan.php?page=article&item=linux-kpti-pcid&num=2

Very little difference - about the only think to note is that the newer the 4.x kernel the better. Moving from 3.x to 4.x post patch can net you gains vs pre-patch in some cases and limit the penalty of KTPI to very small numbers in most others.


----------



## GeneO

Quote:


> Originally Posted by *tashcz*
> 
> Exactly. And since you need AV software for all viruses... consider this patch to be an extension to your AV software. It also uses your CPU's resources to scan files and memory. If you think of it that way... makes your life easier.
> 
> Also, really, just because attacks on AMD still haven't been sucsessful doesn't mean it's immune to Meltdown. Wait a bit... it took 20 years to make it work on intel, 10 days don't make a difference.
> Thing is, benchmarks are the ones that show most degradation. Don't look at benchmarks, do what you do on your PC and see if it makes a difference. You don't buy a 2k$ PC to look at numbers.


What do you buy a $2k PC for?


----------



## tashcz

Is that seriously a question you're gonna ask me?

First off I don't own a 2k$ PC. If it's possible to say my PC is worth ~1000EUR, I use it for 1080p gaming, web & mobile programming, debugging, and a bunch of other stuff. I don't use it to break last weeks cinebench score.


----------



## randomizer

Quote:


> Originally Posted by *cekim*
> 
> So far small read I/O hasn't been affected nearly as much as write...
> 
> I run make -j with as many threads as I have cores (18-36 depending on the machine) and I haven't seen much more than ~1% on my big projects so far.


The builds I'm most concerned about are pretty much single threaded and heavily I/O bound (all front end JS). Not much write is involved in the actual build but there are huge amounts of stat and read. However, prior to running the build I need to clear the checkout directory and build artefacts and then fetch and process all the dependencies again. That could be tens of thousands of files (or more) and needs to be done once per build in CI. Fortunately it's quite infrequent on a dev box, where the typical use case is changing dependencies and might require writing a few hundred to a few thousand files only. The joys of npm.


----------



## Quantum Reality

Question. Would a single core processor by definition be immune to these attacks? Assuming their speculative execution can't be probed by another program since they can only run one thread at a time.


----------



## cekim

Quote:


> Originally Posted by *Quantum Reality*
> 
> Question. Would a single core processor by definition be immune to these attacks? Assuming their speculative execution can't be probed by another program since they can only run one thread at a time.


Certainly not by definition, but its possible that the exploit would never "win the race"...


----------



## ku4eto

Just so you know guys, my work rig, which has a AMD Athlon x2 64 4400+, after the Windows Update for Meltdown/Spectre last friday, it doesn't load into Windows - BSODs straight away with:

STOP: 0x000004c, and according to google, its exactly because of the update.

Same with SafeMode and LastKnown, i will have to repair the installation out from a USB or CD/DVD.


----------



## tpi2007

Quote:


> Originally Posted by *ku4eto*
> 
> Just so you know guys, my work rig, which has a AMD Athlon x2 64 4400+, after the Windows Update for Meltdown/Spectre last friday, it doesn't load into Windows - BSODs straight away with:
> 
> STOP: 0x000004c, and according to google, its exactly because of the update.
> 
> Same with SafeMode and LastKnown, i will have to repair the installation out from a USB or CD/DVD.


They have withdrawn the update for those systems and put a notice on the official pages:
Quote:


> Microsoft has reports of some customers with AMD devices getting into an unbootable state after installing this KB. To prevent this issue, Microsoft will temporarily pause Windows OS updates to devices with impacted AMD processors at this time.


Quote:


> Microsoft is working with AMD to resolve this issue and resume Windows OS security updates to the affected AMD devices via Windows Update and WSUS as soon as possible. If you have experienced an unbootable state or for more information see KB4073707. For AMD specific information please contact AMD.


https://support.microsoft.com/en-us/help/4056894/windows-7-update-kb4056894

https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892

Also, see the news here: https://www.hardocp.com/news/2018/01/09/microsoft_spectre_v1_patches_borking_older_amd_systems
Quote:


> You may have seen that Microsoft has halted distributing security patches related to GPZ Variant 1 (one of the variants of Spectre) due to the update causing some older AMD systems to get into an unbootable state. Wanted to make it clear this patch is to address GPZ Variant 1 (one of the variants of Spectre) and not GPZ Variant 3 (Meltdown).


Spectre Variant 1 is the one AMD says their CPUs need a software patch for, so lookout for when they make the patch available again in a working state.


----------



## ibb27

Quote:


> Originally Posted by *ku4eto*
> 
> Just so you know guys, my work rig, which has a AMD Athlon x2 64 4400+, after the Windows Update for Meltdown/Spectre last friday, it doesn't load into Windows - BSODs straight away with:
> 
> STOP: 0x000004c, and according to google, its exactly because of the update.
> 
> Same with SafeMode and LastKnown, i will have to repair the installation out from a USB or CD/DVD.


How to uninstall the update if you don't have System Restore point and can't restore previous state on Windows 7 64bit:
https://answers.microsoft.com/en-us/windows/forum/windows_7-update/stop-0x000000c4-after-installing-kb4056894-2018-01/f09a8be3-5313-40bb-9cef-727fcdd4cd56


----------



## guttheslayer

Will the next generation 9000 fixed this? Or will i expect ice lake to get delayed and they work on a new architecture for it


----------



## ku4eto

Linux Kernel update changelog:

Code:



Code:


inux (4.4.0-109.132) xenial; urgency=low

  * linux: 4.4.0-109.132 -proposed tracker (LP: #1742252)

  * Kernel trace with xenial 4.4  (4.4.0-108.131, Candidate kernels for PTI fix)
    (LP: #1741934)
    - SAUCE: kaiser: fix perf crashes - fix to original commit

 -- Marcelo Henrique Cerri <[email protected]>  Tue, 09 Jan 2018 15:56:26 -0200

linux (4.4.0-108.131) xenial; urgency=low

  * linux: 4.4.0-108.131 -proposed tracker (LP: #1741727)

  * CVE-2017-5754
    - x86/mm: Disable PCID on 32-bit kernels

 -- Marcelo Henrique Cerri <[email protected]>  Sun, 07 Jan 2018 11:46:05 -0200

 * linux: 4.4.0-107.130 -proposed tracker (LP: #1741643)

  * CVE-2017-5754
    - Revert "UBUNTU: SAUCE: arch/x86/entry/vdso: temporarily disable vdso"
    - KPTI: Report when enabled
    - x86, vdso, pvclock: Simplify and speed up the vdso pvclock reader
    - x86/vdso: Get pvclock data from the vvar VMA instead of the fixmap
    - x86/kasan: Clear kasan_zero_page after TLB flush
    - kaiser: Set _PAGE_NX only if supported

 -- Kleber Sacilotto de Souza <[email protected]>  Sat, 06 Jan 2018 17:13:03 +0100

linux (4.4.0-106.129) xenial; urgency=low

  * linux: 4.4.0-106.129 -proposed tracker (LP: #1741528)

  * CVE-2017-5754
    - KAISER: Kernel Address Isolation
    - kaiser: merged update
    - kaiser: do not set _PAGE_NX on pgd_none
    - kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE
    - kaiser: fix build and FIXME in alloc_ldt_struct()
    - kaiser: KAISER depends on SMP
    - kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER
    - kaiser: fix perf crashes
    - kaiser: ENOMEM if kaiser_pagetable_walk() NULL
    - kaiser: tidied up asm/kaiser.h somewhat
    - kaiser: tidied up kaiser_add/remove_mapping slightly
    - kaiser: kaiser_remove_mapping() move along the pgd
    - kaiser: cleanups while trying for gold link
    - kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET
    - kaiser: delete KAISER_REAL_SWITCH option
    - kaiser: vmstat show NR_KAISERTABLE as nr_overhead
    - x86/mm: Enable CR4.PCIDE on supported systems
    - x86/mm: Build arch/x86/mm/tlb.c even on !SMP
    - x86/mm, sched/core: Uninline switch_mm()
    - x86/mm: Add INVPCID helpers
    - x86/mm: If INVPCID is available, use it to flush global mappings
    - kaiser: enhanced by kernel and user PCIDs
    - kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user
    - kaiser: PCID 0 for kernel and 128 for user
    - kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user
    - kaiser: paranoid_entry pass cr3 need to paranoid_exit
    - kaiser: _pgd_alloc() without __GFP_REPEAT to avoid stalls
    - kaiser: fix unlikely error in alloc_ldt_struct()
    - kaiser: add "nokaiser" boot option, using ALTERNATIVE
    - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling
    - x86/boot: Add early cmdline parsing for options with arguments
    - x86/kaiser: Check boottime cmdline params
    - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush
    - kaiser: drop is_atomic arg to kaiser_pagetable_walk()
    - kaiser: asm/tlbflush.h handle noPGE at lower level
    - kaiser: kaiser_flush_tlb_on_return_to_user() check PCID
    - x86/paravirt: Dont patch flush_tlb_single
    - x86/kaiser: Reenable PARAVIRT
    - kaiser: disabled on Xen PV
    - x86/kaiser: Move feature detection up
    - kvm: x86: fix RSM when PCID is non-zero
    - SAUCE: arch/x86/entry/vdso: temporarily disable vdso
    - [Config]: CONFIG_KAISER=y

 -- Kleber Sacilotto de Souza <[email protected]>  Fri, 05 Jan 2018 19:53:41 +0100

There are several interesting things, for example from the last Kernel - "Disable PCID for 32 bit kernels".


----------



## tashcz

Quote:


> Originally Posted by *Quantum Reality*
> 
> Question. Would a single core processor by definition be immune to these attacks? Assuming their speculative execution can't be probed by another program since they can only run one thread at a time.


Doesn't work that way. The attacks can be done on cache memory and therefore edit it, read from it or write to it, so even on a single core CPU it can do the same damage. It's not about how many threads a process can make, its how this thing reads processess' memory when it shouldn't have access to it.


----------



## TUFinside

Myerson explained that Microsoft's newest OS, Windows 10 has less user-kernel transitions so performs better when patched, and CPUs such as Skylake and beyond have refined instructions to disable branch speculation'

They still want us to buy Skylake and kabylake cpus ? Even in the heart in this torment, marketing rules still goes strong.


----------



## cfu97

I guess people who still buy intel cpu or built in laptop dont read tech news at all.


----------



## nanotm

no its all about making intel "too big to fail" like literally they have some ingrained idea that if they are big enough then they wont be allowed to fail completely, the thing is when it comes out just how hard they pushed their defective product even the most politically motivated judge is going to find it hard to rule in their favour and not see them cleaned out when the various class action suits get heard.....

they already know they are going to get cleaned out financially and unless they can stall those cases for a year or 3 there is little to no chance they will avoid bankruptcy but if they happen to be able to stall the hearing of the various cases for long enough then they might survive, well that is if they have finished paying all their European fines by then because otherwise its going to be like the perfect storm for them, especially with that 3 years European turnover fine they were issued recently and dont have the capital to pay up front .... this could push them over the edge especially if it grows legs and starts being a global consumer issue,

but if a well motivated judge looks at a docket and decides his calendar is full for the next 5 years then intel might just manage to escape from complete eradication, but only if they can mange to market their way out of this problem, something their co-dependant press is only to happy to aid them in (of course it should be needless to say that we actually need intel in the market just to keep amd's prices realistic, and that compliant press would disappear if intel did), i actually hope their strategy works and they dont disappear, i mean i dislike them as a company, i dislike their practices and i hope they suffer but i can admit they are a necessary evil that helps to push others to greatness even as they stagnate themselves


----------



## TinyRichard

They patched it, it introduced some new issues. They'll patch the patch and move on. The Pentium FDIV bug didn't break the world, neither will this. I have machines from 2004 running W10 and they all updated fine on Tuesday.

This is just reddit / blog-noise for tech sites.

Y2K end of the world bull snot stuff.


----------



## jagdtigger

Quote:


> Originally Posted by *TinyRichard*
> 
> They patched it, it introduced some new issues. They'll patch the patch and move on. The Pentium FDIV bug didn't break the world, neither will this. I have machines from 2004 running W10 and they all updated fine on Tuesday.
> 
> This is just reddit / blog-noise for tech sites.
> 
> Y2K end of the world bull snot stuff.


Sou you were not hit by it means there is no problem and it was just a big ballon? Tell that to Amazon, Google, MS..... and all the hosting providers how is this not big of an issue. Meanwhile in the cruel real world these companies were hit hard by this...
https://www.phoronix.com/scan.php?page=news_item&px=KPTI-Retpoline-Combined-Ubuntu


----------



## Offler

Quote:


> Originally Posted by *ibb27*
> 
> How to uninstall the update if you don't have System Restore point and can't restore previous state on Windows 7 64bit:
> https://answers.microsoft.com/en-us/windows/forum/windows_7-update/stop-0x000000c4-after-installing-kb4056894-2018-01/f09a8be3-5313-40bb-9cef-727fcdd4cd56


Could explain why I am not affected while using Phenom II, but could not explain why are affected users with Intel CPU.


----------



## Pro3ootector

Runing both laptops up to date. A8-4500m, and Phenom X3 system work just fine on windows 10.


----------



## OutlawII

Quote:


> Originally Posted by *TUFinside*
> 
> Myerson explained that Microsoft's newest OS, Windows 10 has less user-kernel transitions so performs better when patched, and CPUs such as Skylake and beyond have refined instructions to disable branch speculation'
> 
> They still want us to buy Skylake and kabylake cpus ? Even in the heart in this torment, marketing rules still goes strong.


What would you want them to do,just quit making cpu's and quit adverising?


----------



## GeneO

Quote:


> Originally Posted by *tashcz*
> 
> Is that seriously a question you're gonna ask me?
> 
> First off I don't own a 2k$ PC. If it's possible to say my PC is worth ~1000EUR, I use it for 1080p gaming, web & mobile programming, debugging, and a bunch of other stuff. I don't use it to break last weeks cinebench score.


It was a rhetorical question.

You said "Don't look at benchmarks, do what you do on your PC and see if it makes a difference. You don't buy a 2k$ PC to look at numbers."

Of course one probably spends that much because some numbers are better..


----------



## mouacyk

Quote:


> Originally Posted by *tashcz*
> 
> Doesn't work that way. The attacks can be done on cache memory and therefore edit it, read from it or write to it, so even on a single core CPU it can do the same damage. It's not about how many threads a process can make, its how this thing reads processess' memory when it shouldn't have access to it.


In addition to your answer, I would like to clarify that the spectre vulnerability is at the pipeline-level, so lower than threads. Even a single core processor can still execute the following code entirely and speculatively:

Code:



Code:


if (CONDITION) {
   DO_TRUE;
} else {
   DO_FALSE;
}

To maximize the pipeline of a core for IPC throughput, instructions from both DO_TRUE and DO_FALSE are executed without bounds checking. Once CONDITION is known, the correct branch will be validated and is too late. If CONDITION is true, DO_FALSE could have already executed enough instructions to read from anywhere in cache and stored it elsewhere for discrete retrieval later. A real exploit will likely be hand-crafted in x86 assembly using one of the jump-if directives with optimized rogue code to fit within instruction caches for a certain number of cycles.


----------



## cekim

Quote:


> Originally Posted by *mouacyk*
> 
> In addition to your answer, I would like to clarify that the spectre vulnerability is at the pipeline-level, so lower than threads. Even a single core processor can still execute the following code entirely and speculatively:
> 
> Code:
> 
> 
> 
> Code:
> 
> 
> if (CONDITION) {
> DO_TRUE;
> } else {
> DO_FALSE;
> }
> 
> To maximize the pipeline of a core for IPC throughput, instructions from both DO_TRUE and DO_FALSE are executed without bounds checking. Once CONDITION is known, the correct branch will be validated and is too late. If CONDITION is true, DO_FALSE could have already executed enough instructions to read from anywhere in cache and stored it elsewhere for discrete retrieval later. A real exploit will likely be hand-crafted in x86 assembly using one of the jump-if directives with optimized rogue code to fit within instruction caches for a certain number of cycles.


Somewhat horrifyingly, it can even be written in C and work with some minor care...

It's a really "cool" little trick if it weren't for the devastating security impact...

As I've said previously, it points out the inevitability of exploits that beg for
1. Much harsher response to bad actors who do these things... befitting the damage they are doing.
2. more robust containers that operate at the expense of performance when communicating with "the big bad internet".

Your browser should always be a container/jail that is vigorously clamping down on overflows, requests, etc... That's been "the idea" for quite a while, but I think this is hammering home the reality that such afterthoughts need to be a primary design criteria. Having your browser and email transparently run in an emulated container/vm/interpreter needs to be something everyone does and can do easily, not just the paranoid types.

None of this is defending or excusing Intel, I'm just acutely aware from the hardware design perspective that even with the best intentions in the world, things like this get by for years at a time (or worse).


----------



## jagdtigger

Quote:


> Originally Posted by *cekim*
> 
> Somewhat horrifyingly, it can even be written in C and work with some minor care...
> 
> It's a really "cool" little trick if it weren't for the devastating security impact...
> 
> As I've said previously, it points out the inevitability of exploits that beg for
> 1. Much harsher response to bad actors who do these things... befitting the damage they are doing.
> 2. more robust containers that operate at the expense of performance when communicating with "the big bad internet".
> 
> Your browser should always be a container/jail that is vigorously clamping down on overflows, requests, etc... That's been "the idea" for quite a while, but I think this is hammering home the reality that such afterthoughts need to be a primary design criteria. Having your browser and email transparently run in an emulated container/vm/interpreter needs to be something everyone does and can do easily, not just the paranoid types.
> 
> None of this is defending or excusing Intel, I'm just acutely aware from the hardware design perspective that even with the best intentions in the world, things like this get by for years at a time (or worse).


Virtualization wont work here, the exploit circumvents the bounds check which means a process running in a VM can access data outside the VM...


----------



## cekim

Quote:


> Originally Posted by *jagdtigger*
> 
> Virtualization wont work here, the exploit circumvents the bounds check which means a process running in a VM can access data outside the VM...


I'll try to clarify what I mean here - and I understand confusion as there are a lot of overloaded terms in this space...

I am not talking about the pass-through/paravirtualization that is occurring in modern VMs... I am talking about complete emulation and/or byte-code interpretation.

The root-cause of this issue is that the pipe-line vulnerability of the host is exposed even to the guest because "virtualization" is accomplished through creative use of the IOMMU (address mapping and device multiplexing). The guest is actually executing instructions on "bare metal", but its address space is translated. That's how near native performance is achieved.

What I am suggesting is that tasks which connect directly to the internet are ideally isolated in containers that never allow such direct execution of instructions. They sufficiently isolated that the actual processor such that every instruction, branch, address decode, etc... is subject to 100% software bounds and permissions checking. Javascript, simply isn't allowed the ability to escape the jail in your browser, because that jail is defined by the byte-code interpreter (and bugs are fixed there in software) not the hardware.

On modern processors, this is entirely possible, feasible, reasonable, particularly given the profound risk the internet represents. It WILL have a cost. It WILL have weaknesses which are found and patched, but patched in software, not hardware.

The internet was designed with far, far too much trust in mind. Most of those involved in its creation have acknowledged this. Everything from TCP to HTTP to SMTP were created with an eye toward functionality first and security second.

Perhaps the lines can be blurred such that micro-containers communicate with local containers so you have trusted and un-trusted code executing on the same page.

Think about served ads - they are far from trust worthy. If you allow them to execute at all, they should certainly not be given the same trust as the URL to which you intentionally navigated.

Bottom line is we are effectively defining one and only one ring of trust on our computers (user vs root), when the real-world demands a much more nuanced and flexible approach.


----------



## Pro3ootector

Thats few % IPC it seams.


----------



## somethingname

Witcher 3 takes a big hit in performance


----------



## cekim

Quote:


> Originally Posted by *Pro3ootector*
> 
> 
> 
> Thats few % IPC it seams.


Which roughly maps to what I've seen.

The interesting variable relative to windows is that Linux is in the middle of the long-slow transition from 3.x to 4.x kernels in terms of enterprise. Ubuntu and desktop distros are able to move faster, but Suse and RH tend to move much slower (for good reason).

So, what this means is that those "few % IPC" are taken from 3.x pre-patch to 3.x post-patch. If instead you go from 3.x pre-patch to 4.x post-patch, then the impact drops because 4.x has made improvements in effective IPC.

Of course, that means all those man-hours optimizing are lost, but users (enterprise or otherwise) won't see all of even the smaller drop if they are able to move to the 4.x kernel.

Windows doesn't have a corresponding kernel technology shift. So, it may be more analgous to the 3.x pre-patch to 3.x post-patch until or unless MSFT makes a bigger shift in their kernel. It does show MSFT that such improvements are possible.


----------



## cekim

Quote:


> Originally Posted by *somethingname*
> 
> Witcher 3 takes a big hit in performance


Uh huh, as does Apache - not news. They'll need some work.


----------



## Offler

Quote:


> Originally Posted by *jagdtigger*
> 
> Virtualization wont work here, the exploit circumvents the bounds check which means a process running in a VM can access data outside the VM...


Which is why is this attack so powerful and terrible.

to Cekim:
The attack allows to created dump of memory with fetching random speculative memory page to a L1 Data Cache.

No current methods (ASLR, Sandboxing or Virtualization) can solve that problem. Emulation would just add another layer, but it will end up in a way how Jagdtiger described it. In the end you cannot effectively isolate program from the CPU which is the core problem here.

If its a program, and has at least user privilegies, and its allowed to execute (not blocked by AV or something else) then it has access to the CPU at some point.

To Somethingname: 10% cumulative loss for Witcher 3.
Then there is question if the FPS loss will cross some important threshold value - refresh rate of the display.


----------



## Gdourado

https://betanews.com/2018/01/11/intel-meltdown-patch-benchmarks/

Intel themselves seem to say that skylake will lose more than 20% performance!
I knew it!
Now my 6700k is useless!
I upgraded to gain 10 to 15%!
Now they come and take away 20%!
My hobby is dead!
I must think what to do now going forward...
It sucks!


----------



## cekim

Quote:


> Originally Posted by *Offler*
> 
> Which is why is this attack so powerful and terrible.
> 
> to Cekim:
> The attack allows to created dump of memory with fetching random memory page to a L1 Data Cache.
> 
> No current methods (ASLR, Sandboxing or Virtualization) can solve that problem. Emulation would just add another layer, but it will end up in a way how Jagdtiger described it. In the end you cannot effectively isolate program from the CPU which is the core problem here.
> 
> If its a program, and has at least user privileges, and its allowed to execute (not blocked by AV or something else) then it has access to the CPU at some point.


Believe me, I've been reading all the white-papers and experimenting with it, I understand the severity and nature of it.

If you go back in time to how virtualization was first accomplished it involved literally reading in the instruction from the binary and "modeling" its functionality in software. This is how QEMU came to be.

As time went on, CPUs added design features that gradually made it possible to replace emulation with address translation.

If you go back to pure emulation and/or byte-code interpretation (such as with the java engine), this this exploit can be trapped. It comes at the expense of performance, but if is only applied in situations where security is more important that performance, then you can take the hit when you need it and not when not.

The mechanisms you are speaking of relate to the address translation mechanisms of virtualization. That is, they execute the guest instructions without interpretation, directly on the CPU using the IOMMU, TLB and other processor features to provide the illusion of virtualization.

I am suggesting (and this is NOT novel) that its worth it to use a much thicker emulation model for certain functionality because of the inherent and profound risk. This method would not allow guest instructions to execute on the host, but rather would "model" them and check them to whatever degree was required to ensure they remained in their jail.


----------



## cekim

Quote:


> Originally Posted by *Gdourado*
> 
> https://betanews.com/2018/01/11/intel-meltdown-patch-benchmarks/
> 
> Intel themselves seem to say that skylake will lose more than 20% performance!
> I knew it!
> Now my 6700k is useless!
> I upgraded to gain 10 to 15%!
> Now they come and take away 20%!
> My hobby is dead!
> I must think what to do now going forward...
> It sucks!


lol... calm dowm... some benchmarks and a couple of apps that you may or may not even use. That 20% is actually 14% in one box (sysmark "responsiveness")...

Their sum is "10%" at the bottom which is remarkably pessimistic from everything I've seen in linux (and I'm not alone in that assessment).

Also too keep this all in perspective after OC'ing my 7980XE I managed to gain 18% more performance on my key applications (on that processor) tuning memory... So, you have to take all of these benchmarks understanding how wide the variance can be on the same system (with different memory, disk, application loads, etc...)

My observations generally have been based on what I'm seeing on a Haswell xeon, so less I can tune.


----------



## Offler

Quote:


> Originally Posted by *cekim*
> 
> Believe me, I've been reading all the white-papers and experimenting with it, I understand the severity and nature of it.
> 
> If you go back in time to how virtualization was first accomplished it involved literally reading in the instruction from the binary and "modeling" its functionality in software. This is how QEMU came to be.
> 
> As time went on, CPUs added design features that gradually made it possible to replace emulation with address translation.
> 
> If you go back to pure emulation and/or byte-code interpretation (such as with the java engine), this this exploit can be trapped. It comes at the expense of performance, but if is only applied in situations where security is more important that performance, then you can take the hit when you need it and not when not.
> 
> The mechanisms you are speaking of relate to the address translation mechanisms of virtualization. That is, they execute the guest instructions without interpretation, directly on the CPU using the IUMMU, TLB and other processor features to provide the illusion of virtualization.
> 
> I am suggesting (and this is novel) that its worth it to use a much thicker emulation model for certain functionality because of the inherent and profound risk. This method would not allow guest instructions to execute on the host, but rather would "model" them and check them to whatever degree was required to ensure they remained in their jail.


That would not be a solution for people who own virtual servers, and people who are using those. IOMMU is at the core of that technology.
(Been reading something about IOMMU to find out if it has any positive function for my desktop system, it might help to soundcard to address memory above 4gb easier, but its not worth it - all other devices would get performance hit so i turned it off).

Few years ago I contacted ESET company, and asked them about my NIC card - Killer Xeno Pro. I found that card interesting in terms of internet security for two reasons.

1. It allows to disable network connection for applications, but not with closing the ports, rather by internal QOS logic the device has.
2. Once I found login and password to the card, and i logged it via Putty (it was in old version of the driver, and it was an access for voice chat client to the card CPU for voice chat acceleration). I realized I can load it with data and eventually run an antivirus there.
This card can acts as QOS scheduler, Firewall, but it was never designed to analyze incoming packets and block them upon heuristic analysis.

However ESET was not interested in that solution, mentioning they use VMs and Sandboxes and it would he Hardware specific thing. Two of these reasons vaporized over last week







.


----------



## cekim

Quote:


> Originally Posted by *Offler*
> 
> That would not be a solution for people who own virtual servers, and people who are using those. IOMMU is at the core of that technology.
> (Been reading something about IOMMU to find out if it has any positive function for my desktop system, it might help to soundcard to address memory above 4gb easier, but its not worth it - all other devices would get performance hit so i turned it off).


Understood - this is a much more general assertion of means by which end-users could/should be more secure.

At cloud level, there will be an endless arms race trying to accelerate work-loads in the face of security. There is no solution but new hardware that isn't borked. On the bright side, supply and demand can dictate appropriate security for any given thing... those needing the most security/performance burn through hardware quickly (see ebay vCurrent-1 floods the market pretty quickly when vCurrent comes out).

On the dark side, we have government entities and government protected cartels aggregating our data and leaving it on AWS containers without passwords, so.... market forces aren't perfect.... their just less awful than the alternative. It's our duty to demand better government.
Quote:


> Originally Posted by *Offler*
> Few years ago I contacted ESET company, and asked them about my NIC card - Killer Xeno Pro. I found that card interesting in terms of internet security for two reasons.
> 
> 1. It allows to disable network connection for applications, but not with closing the ports, rather by internal QOS logic the device has.
> 2. Once I found login and password to the card, and i logged it via Putty. I realized I can load it with data and eventually run an antivirus there.
> This card can acts as QOS scheduler, Firewall, but it was never designed to analyze incoming packets and block them upon heuristic analysis.
> 
> However ESET was not interested in that solution, mentioning they use VMs and Sandboxes and it would he Hardware specific thing. Two of these reasons vaporized over last week
> 
> 
> 
> 
> 
> 
> 
> .


Indeed.... See my comment about how much of the internet's architecture (and computer architecture) is based on excessive trust.

Which is exactly why I think end-users should be moving toward more draconian measures (hopefully made turn-key to encourage it) to protect themselves.

Lots of typos in my prior responses... sorry - late night fixing raid arrays... My "thick emulation layer" is NOT a novel idea. It's pretty obvious and employed in various places. I think it needs to be more widely deployed.


----------



## ToTheSun!

Quote:


> Originally Posted by *Gdourado*
> 
> https://betanews.com/2018/01/11/intel-meltdown-patch-benchmarks/
> 
> Intel themselves seem to say that skylake will lose more than 20% performance!
> I knew it!
> Now my 6700k is useless!
> I upgraded to gain 10 to 15%!
> Now they come and take away 20%!
> My hobby is dead!
> I must think what to do now going forward...
> It sucks!


Yes, this is definitely reason to quit this hobby.

I suggest knitting or gardening as a replacement.


----------



## 113802

Useless Core i7 6700k









Well I got a new toy


----------



## ACleverName

Quote:


> Originally Posted by *somethingname*
> 
> Witcher 3 takes a big hit in performance


Hello something name.


----------



## Lodbroke

I don't care of any Meltdown or Spectre.
Won't install any patches.
Just be aware of the PC-industry quality checks and concern of customer.

Luckily the PCs are soon among other once everyday objects like the steam locomotives, chamber pots and horse carriages.
Missed by a few.


----------



## PostalTwinkie

Quote:


> Originally Posted by *Lodbroke*
> 
> I don't care of any Meltdown or Spectre.
> Won't install any patches.
> Just be aware of the PC-industry quality checks and concern of customer.
> 
> Luckily the PCs are soon among other once everyday objects like the steam locomotives, chamber pots and horse carriages.
> Missed by a few.


Are you OK?


----------



## Abaidor

Quote:


> Originally Posted by *Lodbroke*
> 
> I don't care of any Meltdown or Spectre.
> Won't install any patches.
> Just be aware of the PC-industry quality checks and concern of customer.
> 
> Luckily the PCs are soon among other once everyday objects like the steam locomotives, chamber pots and horse carriages.
> Missed by a few.


eeeeeeeerm, no!


----------



## jaredismee

Quote:


> Originally Posted by *Lodbroke*
> 
> I don't care of any Meltdown or Spectre.
> Won't install any patches.
> Just be aware of the PC-industry quality checks and concern of customer.
> 
> Luckily the PCs are soon among other once everyday objects like the steam locomotives, chamber pots and horse carriages.
> Missed by a few.


yea, and smart phones have been becoming less common every day too.


----------



## tpi2007

Quote:


> Originally Posted by *TUFinside*
> 
> Myerson explained that Microsoft's newest OS, Windows 10 has less user-kernel transitions so performs better when patched, and CPUs such as Skylake and beyond have refined instructions to disable branch speculation'
> 
> They still want us to buy Skylake and kabylake cpus ? Even in the heart in this torment, marketing rules still goes strong.


Windows 10 "performs better [than 7] when patched"?

Actually, not really:
Quote:


> Originally Posted by *tpi2007*
> 
> Intel released a table with benchmarks after the patches, quite interesting:
> 
> https://www.techspot.com/news/72709-intel-publishes-findings-alleged-spectre-meltdown-patch-performance.html
> 
> Most interestingly, they included results for a Sylake system in three configurations: two running with an SSD and one with an HDD. The one on the HDD was running Windows 7, with the SSD ones each running Windows 10 and Windows 7.
> 
> Conclusion, perhaps to Microsoft's dismay, Windows 7 is tied with the Windows 10 system.
> 
> 
> 
> The responsiveness metric for Windows 10 seems alarming at first (79% performance retained vs 89% for Windows 7 on the SSD), but going into the source of the article, in the chart notes, Intel says that the Windows 10 system is using an NVMe drive (Intel 600p M.2), whereas the Windows 7 one is using a SATA SSD (Intel 540s Series 240GB). That probably explains the big disparity, as we already saw from other benchmarks on NVMe drives. They're still fast, but lose more than slower drives. The results of the Windows 7 machine running with an HDD (101% responsiveness) also go in that direction.


----------



## Jackalito

AMD has updated the information posted at their website:
Quote:


> *An Update on AMD Processor Security
> 1/11/2018*
> 
> The public disclosure on January 3rd that multiple research teams had discovered security issues related to how modern microprocessors handle speculative execution has brought to the forefront the constant vigilance needed to protect and secure data. These threats seek to circumvent the microprocessor architecture controls that preserve secure data.
> 
> At AMD, security is our top priority and we are continually working to ensure the safety of our users as new risks arise. As a part of that vigilance, I wanted to update the community on our actions to address the situation.
> 
> 
> Google Project Zero (GPZ) Variant 1 (Bounds Check Bypass or Spectre) is applicable to AMD processors.
> 
> We believe this threat can be contained with an operating system (OS) patch and we have been working with OS providers to address this issue.
> Microsoft is distributing patches for the majority of AMD systems now. We are working closely with them to correct an issue that paused the distribution of patches for some older AMD processors (AMD Opteron, Athlon and AMD Turion X2 Ultra families) earlier this week. We expect this issue to be corrected shortly and Microsoft should resume updates for these older processors by next week. For the latest details, please see Microsoft's website.
> Linux vendors are also rolling out patches across AMD products now.
> 
> GPZ Variant 2 (Branch Target Injection or Spectre) is applicable to AMD processors.
> 
> While we believe that AMD's processor architectures make it difficult to exploit Variant 2, we continue to work closely with the industry on this threat. We have defined additional steps through a combination of processor microcode updates and OS patches that we will make available to AMD customers and partners to further mitigate the threat.
> AMD will make optional microcode updates available to our customers and partners for Ryzen and EPYC processors starting this week. We expect to make updates available for our previous generation products over the coming weeks. These software updates will be provided by system providers and OS vendors; please check with your supplier for the latest information on the available option for your configuration and requirements.
> Linux vendors have begun to roll out OS patches for AMD systems, and we are working closely with Microsoft on the timing for distributing their patches. We are also engaging closely with the Linux community on development of "return trampoline" (Retpoline) software mitigations.
> 
> 
> GPZ Variant 3 (Rogue Data Cache Load or Meltdown) is not applicable to AMD processors.
> 
> We believe AMD processors are not susceptible due to our use of privilege level protections within paging architecture and no mitigation is required.
> 
> There have also been questions about GPU architectures. AMD Radeon GPU architectures do not use speculative execution and thus are not susceptible to these threats.
> 
> We will provide further updates as appropriate on this site as AMD and the industry continue our collaborative work to develop mitigation solutions to protect users from these latest security threats.
> 
> *Mark Papermaster,*
> _Senior Vice President and Chief Technology Officer_


Source: https://www.amd.com/en/corporate/speculative-execution


----------



## cekim

Quote:


> Originally Posted by *PostalTwinkie*
> 
> Are you OK?


Neural impact had a specter exploitable processor that wasn't patched.... They hacked his mind! (Johnny Mnemonic reference for you kids...







).

I do hope people ponder this event when it comes to injectibles and implantables... Just say no.


----------



## Lodbroke

Quote:


> Originally Posted by *PostalTwinkie*
> 
> Are you OK?


Are you in need of help?


----------



## Quantum Reality

Quote:


> There have also been questions about GPU architectures. AMD Radeon GPU architectures do not use speculative execution and thus are not susceptible to these threats.


That's a relief, anyway. I'm going to assume nVidia has either patched this out on geforce already or like Radeon, it doesn't use speculative execution.


----------



## tpi2007

Quote:


> Originally Posted by *Quantum Reality*
> 
> Quote:
> 
> 
> 
> There have also been questions about GPU architectures. AMD Radeon GPU architectures do not use speculative execution and thus are not susceptible to these threats.
> 
> 
> 
> That's a relief, anyway. I'm going to assume nVidia has either patched this out on geforce already or like Radeon, it doesn't use speculative execution.
Click to expand...

They didn't say that in those precise terms, but it's implied in Jen's latest statement on the matter:
Quote:


> "Our GPUs are immune, they're not affected by these security issues," Nvidia CEO Jensen Huang said during a general press Q&A this morning. "What we did is we released driver updates to patch the CPU security vulnerability. We are patching the CPU vulnerability the same way that Amazon , the same way that SAP, the same way that Microsoft, etc are patching, because we have software as well."
> 
> Huang explained that anyone running any kind of software has to patch that software for the CPU vulnerabilities discovered by researchers. He stressed that in no way is Nvidia patching for any issues in its own hardware.


https://techcrunch.com/2018/01/10/nvidia-ceo-clarifies-its-gpus-are-absolutely-immune-to-meltdown-and-spectre/


----------



## Blameless

Quote:


> Originally Posted by *cekim*
> 
> all-in-one-in-one-one? The 90's were a crazy time...


LPoC...laser printer on a chip. Once we have kitchen sinks on a chip, the universe will be complete.
Quote:


> Originally Posted by *Quantum Reality*
> 
> That's a relief, anyway. I'm going to assume nVidia has either patched this out on geforce already or like Radeon, it doesn't use speculative execution.


GPUs don't have branch predictors or much in the way of speculative components other than caches.

I'd expect everyone to be patching their drivers though, as they are run on CPUs, and may otherwise interfere with other security mitigations, or possibly be attack vectors themselves.


----------



## tashcz

Have fun patching. Won't help much in spectre's case.


----------



## Mysticial

Quote:


> Originally Posted by *tashcz*
> 
> 
> 
> Have fun patching. Won't help much in spectre's case.


Yep. For the case of same process user-space to user-space, I don't see how it can be fixed without completely disabling speculative execution.


----------



## superstition222

Quote:


> Originally Posted by *tpi2007*
> 
> Windows 10 "performs better [than 7] when patched"?
> 
> Actually, not really:


Good data again.


----------



## spinFX

Quote:


> Originally Posted by *Mysticial*
> 
> Yep. For the case of same process user-space to user-space, I don't see how it can be fixed without completely disabling speculative execution.


Parroted from articles online and a good point. They say too much performance loss to disable it....


----------



## Offler

Quote:


> Originally Posted by *Mysticial*
> 
> Yep. For the case of same process user-space to user-space, I don't see how it can be fixed without completely disabling speculative execution.


You actually dont need speculative execution to do that, but people thought that ASLR or sandboxing is safe.
Quote:


> Originally Posted by *tashcz*
> 
> 
> 
> Have fun patching. Won't help much in spectre's case.


Can you demonstrate that using Sandboxie?
https://www.sandboxie.com
Quote:


> Originally Posted by *tpi2007*
> 
> Windows 10 "performs better than 7"


I had quite hard time to explain that booting from hiberfill isnt really booting, while i understood the trick with Win10 fluidity just about 2 days ago (HPET properly enabled in OS). Such unbased claims surface on regular base. Becaue HPET works properly on Win10 by default, the measured results might be more accurate compared to Win7, but its hard to tell, because tickless kernel can have opposite effect on precision.


----------



## Disharmonic

Quote:


> Originally Posted by *tashcz*
> 
> 
> 
> Have fun patching. Won't help much in spectre's case.


Which Spectre variant are you using and on what CPU?


----------



## Timmaigh!

Quote:


> Originally Posted by *cekim*
> 
> lol... calm dowm... some benchmarks and a couple of apps that you may or may not even use. That 20% is actually 14% in one box (sysmark "responsiveness")...
> 
> Their sum is "10%" at the bottom which is remarkably pessimistic from everything I've seen in linux (and I'm not alone in that assessment).
> 
> Also too keep this all in perspective after OC'ing my 7980XE I managed to gain 18% more performance on my key applications (on that processor) tuning memory... So, you have to take all of these benchmarks understanding how wide the variance can be on the same system (with different memory, disk, application loads, etc...)
> 
> My observations generally have been based on what I'm seeing on a Haswell xeon, so less I can tune.


Since Skylake is hit harder (21 percent vs 14 percent maximum performance decrease) based on that article in comparison to Kaby Lake and Coffee Lake, i have to wonder, what about Skylake-X? It has Skylake in name, but it came after Kaby-Lake...so which one is it more like?


----------



## cekim

Quote:


> Originally Posted by *Timmaigh!*
> 
> Since Skylake is hit harder (21 percent vs 14 percent maximum performance decrease) based on that article in comparison to Kaby Lake and Coffee Lake, i have to wonder, what about Skylake-X? It has Skylake in name, but it came after Kaby-Lake?


SKLX is a SKL core, the very good SKL IMC and a frankly gimped v1.0 mesh interconnect.

The slow mesh was costly to SKLX's performance even without this security problem. As I've pointed out in other threads and gaming reviews pointed out, the mesh result is that BW outperforms it clock-for-clock and even overall unless you get something on the upper-end of the silicon lottery and/or you can make use of many more cores than 10... Even HCC haswell xeons can outperform it in some instances due to a ucode exploit dealing with turbo bins.

With heavy memory tuning, custom water, etc... (and for my typical work-loads) my 7980XE was finally able to eclipse the performance of 18 cores of a 2x2696v3 with a ucode exploit that allows higher clocks (both limited to 18 cores on a given job). This struggle, while fun from an OC perspective, was what made me unwilling to invest in this generation's xeons. I can't scale that OC to a dual xeon system that runs in a rack because I have no control over its clocks and memory.

Without that memory tuning (i..e stock out of the box even with a heavy OC @4.5GHz) it regressed against even haswell in some cases. With the memory tuning AND the OC, it is the fastest machine I have in all but synthetics (2x2696v3 ucode exploit can produce a 5,000 CBR15 vs 4500 from the 7980XE). If CB and such rendering is all I wanted, I could get a dual 28 core system or an Epyc setup and beat those numbers, but that's not my use-case. I need very good single thread performance as well as heavy IPC/threaded performance.

So, we are roughly the same spot we were in December before all this blew up (well before most were aware of it)... Performance is getting lumpy as we get more and more gains from deep optimization, not significant improvements in process. Even 14nm to 7nm (the typical halving of supposed feature size) just isn't bringing what that used to bring. So, the optimizations must make up for it, but when you optimize, you make choices. You favor one thing over others...

Measure twice, cut once....

While I can confidently tell someone not to panic about the impacts - they are small and smaller for most desktop users, I could never suggest that this gen's chips presented a slam-dunk compelling story. It was/is very, very lumpy in its value proposition. You need to have a use for lots of cores and a willingness to tinker to extract the full value of very high priced chips. 7980XE without a delid is literally a "hot mess".


----------



## Blameless

Quote:


> Originally Posted by *tashcz*
> 
> Have fun patching. Won't help much in spectre's case.


Not if you directly run compromised executables, but with a fully patched ecosystem, that's pretty much the only way the underlying hardware vulnerabilities can be exploited.
Quote:


> Originally Posted by *Timmaigh!*
> 
> Since Skylake is hit harder (21 percent vs 14 percent maximum performance decrease) based on that article in comparison to Kaby Lake and Coffee Lake, i have to wonder, what about Skylake-X? It has Skylake in name, but it came after Kaby-Lake...so which one is it more like?


It's more like Skylake. Normally, it would be identical to Skylake, but they changed the cache hierarchy a fair bit in Skylake-X. How the new mesh and non-inclusive L3 affect things, we'll have to see benchmarks.


----------



## BigTree

If you want to check your browsers is vulnerable to Spectre js :

http://xlab.tencent.com/special/spectre/spectre_check.html


----------



## Blameless

Quote:


> Originally Posted by *BigTree*
> 
> If you want to check your browsers is vulnerable to Spectre js :
> 
> http://xlab.tencent.com/special/spectre/spectre_check.html


I get 'not vulnerable' on fully patched, stable releases of Firefox, Chrome, and IE 11.


----------



## ryan92084

Quote:


> Originally Posted by *Blameless*
> 
> I get 'not vulnerable' on fully patched, stable releases of Firefox, Chrome, and IE 11.


Ditto for the latest Edge.


----------



## DanBr

Quote:


> Originally Posted by *BigTree*
> 
> If you want to check your browsers is vulnerable to Spectre js :
> 
> http://xlab.tencent.com/special/spectre/spectre_check.html


it is not in English,
Fixed: I am running NoScript in Firefox and am new to it.
It was blocking xlab, once I changed settings it showed English and after running test said not vulneralbe


----------



## Causality1978

vlad bratu you have true..
when mob(intel-usa) GET mobed from own fails.. all in america like it as cats "like" shower

dont waste time here . or you will "foregin agent" soon







ouch
(SR5)


----------



## Vlada011

Intel is criminogen company full of employers criminals.
They should be faced with collective charge of at least 50.000 enthusiasts who will demand full compensation of secure platform without performance loss as Intel advertise even after they know for security problems.
Charge should be and because customers don't have same experience from their investment because she work much worse than promised.
No one of customers would payed single dollar for this and they deserve refund.
Remember my words 50% slower in some situations for 12 months than platform without patch and more and more. That mean Z270 will have even more than 50% decrease for 18-24 months than Z270 without patches.
Very soon some of games will show 120 instead 150fps and etc...
They screw us like idiots, like we are ******ed persons not capable to defend our investments and own money.


----------



## Blameless

You guys are probably in the demographic segment least affected by all this. Apply your patches and go on with your lives.


----------



## khanmein

Quote:


> Originally Posted by *Blameless*
> 
> You guys are probably in the demographic segment least affected by all this. Apply your patches and go on with your lives.


The problem is you're using X99 provided new bios. They don't apply bios to my motherboard. Do you expect we all buy new one?


----------



## Blameless

Quote:


> Originally Posted by *khanmein*
> 
> The problem is you're using X99 provided new bios. They don't apply bios to my motherboard. Do you expect we all buy new one?


The most recent firmware for my Gigabyte and ASRock X99 motherboards are old and not patched. I want them patched I'm going to have to integrate the microcode myself (which is easy on the ASRock, but a major pain on the Gigabyte because of how they build their firmware images). I'm still deciding if patching the microcode is worthwhile or not.

My LGA-2011, 1366, and 1155 systems aren't getting microcode updates at all.

My AM3+ platform is likely in a similar position. Still vulnerable to Spectre, but too old for AMD to bother issuing microcode.

All that said, the software patches are mostly in place (Windows, all my browsers, my video drivers, my virtual machines, etc are all patched), and if I avoid running suspicious executables, the odds of anything being in a position to exploit these vulnerabilities is slim.


----------



## bmaxa

I can confirm that spectre does not work with latest microcode on my Haswell. Question is if I need pti kernel patch anymore, seems not, as reading kernel memory takes ages now


----------



## randomizer

Quote:


> Originally Posted by *Blameless*
> 
> I get 'not vulnerable' on fully patched, stable releases of Firefox, Chrome, and IE 11.


As expected. Every major browser has had SharedArrayBuffer removed. That makes Spectre difficult to exploit.


----------



## ThrashZone

Hi,
Item like RDP remote desktop protocol I have always disabled and is one of the primary vulnerabilities for the execute
As most have probably noticed their antivirus program is also one of the front line defenses = nothing new there that has always been the case for security









Bios firmware well uefi and utilities that allow bios editing inside the os has always been a vulnerability I tend to avoid ai suite 3......

Intel management and security well that is said to be McAfee in a bread basket should we really be surprised it sucks


----------



## cplifj

Lot's of bad things going on, Some get faster after patching,.., this can only mean those systems were and are still compromised. The number of pc's that is compromised without anyone having a clue is mindboglin. Like "all of our base belong to THEM".


----------



## Abaidor

What about socket 775 PCs? I have 4 of them on Widows 10 that are still functional with Core 2 Duos or Quads and 4-8GB RAM. They work fine for Office Applications but now they look like they are left in the dust since I doubt any BIOS update will come out for them. Yet, they serve my kids (6 & 9 Years old) just fine and it looks like I need to buy new machines now.


----------



## ThrashZone

Hi,
MS and the usual shrills will never let a good security hole go to waste as another opportunity to push win-10 lol sorry not going to happen


----------



## ThrashZone

Quote:


> Originally Posted by *Abaidor*
> 
> What about socket 775 PCs? I have 4 of them on Widows 10 that are still functional with Core 2 Duos or Quads and 4-8GB RAM. They work fine for Office Applications but now they look like they are left in the dust since I doubt any BIOS update will come out for them. Yet, they serve my kids (6 & 9 Years old) just fine and it looks like I need to buy new machines now.


Hi,
You never know MS has in the past has classified some hardware as incompatible after upgrading gpu's/....
In the mobile first world hardware is obsolete after 2-3 years


----------



## Blameless

Quote:


> Originally Posted by *Abaidor*
> 
> What about socket 775 PCs? I have 4 of them on Widows 10 that are still functional with Core 2 Duos or Quads and 4-8GB RAM. They work fine for Office Applications but now they look like they are left in the dust since I doubt any BIOS update will come out for them. Yet, they serve my kids (6 & 9 Years old) just fine and it looks like I need to buy new machines now.


Just patch your OS and software and use a decent AV.

The advice would be the same irrespective of the age of your platform, and most of the microcode fixes are centered on Meltdown, which Core 2 doesn't seem to be vulnerable to anyway.


----------



## cekim

Quote:


> Originally Posted by *Abaidor*
> 
> What about socket 775 PCs? I have 4 of them on Widows 10 that are still functional with Core 2 Duos or Quads and 4-8GB RAM. They work fine for Office Applications but now they look like they are left in the dust since I doubt any BIOS update will come out for them. Yet, they serve my kids (6 & 9 Years old) just fine and it looks like I need to buy new machines now.


They outside intel's 10 year window? If microcode is released you can patch in windows and not need a bios update but it is a little more work. Once per machine...


----------



## Glottis

Quote:


> Originally Posted by *Blameless*
> 
> You guys are probably in the demographic segment least affected by all this. Apply your patches and go on with your lives.


Least affected but most worried. Woes of nerd life


----------



## TinyRichard

Will this affect my Cyrix III (Cayenne) 486? I'm getting 24 FPS on Commander Keen atm.


----------



## cekim

Quote:


> Originally Posted by *TinyRichard*
> 
> Will this affect my Cyrix III (Cayenne) 486? I'm getting 24 FPS on Commander Keen atm.


You could likely get the attacker to pay you a few micro-bitcoins to Ctrl-C that exploit for them to free up the phone-home socket given how long it would take to run.


----------



## Blameless

Quote:


> Originally Posted by *TinyRichard*
> 
> Will this affect my Cyrix III (Cayenne) 486? I'm getting 24 FPS on Commander Keen atm.


486 is in-order and should be completely immune to Specter I & II, as well as Meltdown.

Looks like you'll be good for another twenty five years.


----------



## Offler

Quote:


> Originally Posted by *Blameless*
> 
> 486 is in-order and should be completely immune to Specter I & II, as well as Meltdown.
> 
> Looks like you'll be good for another twenty five years.


Got one right here. Now to clean the aluminium contact on ISA graphic card Trident and when it will stop making artifacts on boot, lets go safe browsing... with Windows 98SE...


----------



## AlphaC

https://access.redhat.com/articles/3307751
Quote:


> In order to provide more detail, Red Hat's performance team has categorized the performance results for Red Hat Enterprise Linux 7, (with similar behavior on Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 5), on a wide variety of benchmarks based on performance impact:
> 
> Measureable: 8-19% - Highly cached random memory, with buffered I/O, OLTP database workloads, and benchmarks with high kernel-to-user space transitions are impacted between 8-19%. Examples include OLTP Workloads (tpc), sysbench, pgbench, netperf (< 256 byte), and fio (random I/O to NvME).
> 
> Modest: 3-7% - Database analytics, Decision Support System (DSS), and Java VMs are impacted less than the "Measurable" category. These applications may have significant sequential disk or network traffic, but kernel/device drivers are able to aggregate requests to moderate level of kernel-to-user transitions. Examples include SPECjbb2005, Queries/Hour and overall analytic timing (sec).
> 
> Small: 2-5% - HPC (High Performance Computing) CPU-intensive workloads are affected the least with only 2-5% performance impact because jobs run mostly in user space and are scheduled using cpu-pinning or numa-control. Examples include Linpack NxN on x86 and SPECcpu2006.
> 
> Minimal: Linux accelerator technologies that generally bypass the kernel in favor of user direct access are the least affected, with less than 2% overhead measured. Examples tested include DPDK (VsPERF at 64 byte) and OpenOnload (STAC-N). Userspace accesses to VDSO like get-time-of-day are not impacted. We expect similar minimal impact for other offloads.
> 
> NOTE: Because microbenchmarks like netperf/uperf, iozone, and fio are designed to stress a specific hardware component or operation, their results are not generally representative of customer workload. Some microbenchmarks have shown a larger performance impact, related to the specific area they stress.


----------



## cekim

Quote:


> Originally Posted by *Offler*
> 
> Got one right here. Now to clean the aluminium contact on ISA graphic card Trident and when it will stop making artifacts on boot, lets go safe browsing... with Windows 98SE...


We joke, but "take performance off the table" is exactly the rational behind having 100% interpreted containers when engaging in congress with the internet as a user.

Fact is, it can be done with pleasing performance even on a mobile device (though it does hurt battery life) - hence x86 emulation on android/arm devices.

For a desktop computer is a cake-walk. Your porn, I mean internet content, will run smooth as butter.

This is the view of the world that "Cubes" and others like it are trying to convey, but thus far, they are narrowly engaged with the paranoid (or just those who are actually being watched rightly or wrongly).

It _should_ be the norm.


----------



## Quantum Reality

Quote:


> Originally Posted by *Abaidor*
> 
> What about socket 775 PCs? I have 4 of them on Widows 10 that are still functional with Core 2 Duos or Quads and 4-8GB RAM. They work fine for Office Applications but now they look like they are left in the dust since I doubt any BIOS update will come out for them. Yet, they serve my kids (6 & 9 Years old) just fine and it looks like I need to buy new machines now.


I'm also wondering about LGA1366/1156 era as well.


----------



## cekim

Quote:


> Originally Posted by *AlphaC*
> 
> https://access.redhat.com/articles/3307751


People keep missing that "NOTE" at the end and see only the "Measured: 8-19%"
Quote:


> Originally Posted by *RedHat*
> NOTE: Because microbenchmarks like netperf/uperf, iozone, and fio are designed to stress a specific hardware component or operation, their results are not generally representative of customer workload. Some microbenchmarks have shown a larger performance impact, related to the specific area they stress.


This was already posted earlier. The other interesting and encouraging thing for linux types is that they measured this (and I measured the same) going from 3.x to 3.x patched. The 4.x kernel mitigates this significantly relative to the 3.x kernel on the same machine.

The 4.x kernel is not widely deployed yet at the enterprise (Suse Enterprise 11, RHEL7 are both 3.x), but those releases are showing their age and I expect roll-outs of the next versions "soon".


----------



## chispy

Well i guess the rig i built my father long time ago with a Core 2 Duo socket 775 it's safe from all this Masacre of performance hit's on Intel hardware and safe from Spectre and Meltdown.


----------



## ZoomThruPoom

https://translate.google.de/translate?sl=auto&tl=en&js=y&prev=_t&hl=de&ie=UTF-8&u=https%3A%2F%2Fwww.computerbase.de%2F2018-01%2Fmeltdown-spectre-amd-intel-benchmarks%2F&edit-text=

It's a translated version, but it's got lotsa pretty graphs!


----------



## EniGma1987

Seems Intel was trying to keep a somewhat major issue under wraps but it got leaked to the press:

http://www.zdnet.com/article/meltdown-spectre-firmware-glitch-intel-warns-of-risk-of-sudden-reboots/

The patches to fix this issue are causing random reboots in servers, so now Intel is recommending the servers dont get patched yet. They didnt want anyonme to know that they caused a bunch of stability problems and the only fix is to keep a major security hole for now. lol


----------



## Quantum Reality

So Intel has had 20 years to test whether or not using out of order execution posed a security risk, didn't even bother to check, and now has to rush out patches that break things.

What is it with Intel and doing the barest minimum possible as regards both CPU technical improvements and security?

Microsoft is no better:
Quote:


> Microsoft said it had been provided incorrect documentation for some AMD chips for which it was developing patches.


And the patches are for processors that are years old. How can Microsoft suddenly have "incorrect documentation"? They've had ample opportunity to issue microcode patches and the like for such AMD CPUs, so should know the architecture almost as well as AMD does.


----------



## chispy

Quote:


> Originally Posted by *EniGma1987*
> 
> Seems Intel was trying to keep a somewhat major issue under wraps but it got leaked to the press:
> 
> http://www.zdnet.com/article/meltdown-spectre-firmware-glitch-intel-warns-of-risk-of-sudden-reboots/
> 
> The patches to fix this issue are causing random reboots in servers, so now Intel is recommending the servers dont get patched yet. They didnt want anyonme to know that they caused a bunch of stability problems and the only fix is to keep a major security hole for now. lol


Ohh , this is going to be a big issue for the big data centers and online mega stores like Amazon , newegg , cloud services etc..


----------



## tpi2007

Quote:


> Originally Posted by *Blameless*
> 
> The most recent firmware for my Gigabyte and ASRock X99 motherboards are old and not patched. I want them patched I'm going to have to integrate the microcode myself (which is easy on the ASRock, but a major pain on the Gigabyte because of how they build their firmware images). I'm still deciding if patching the microcode is worthwhile or not.
> 
> My LGA-2011, 1366, and 1155 systems aren't getting microcode updates at all.
> 
> My AM3+ platform is likely in a similar position. Still vulnerable to Spectre, but too old for AMD to bother issuing microcode.
> 
> All that said, the software patches are mostly in place (Windows, all my browsers, my video drivers, my virtual machines, etc are all patched), and if I avoid running suspicious executables, the odds of anything being in a position to exploit these vulnerabilities is slim.


You might be in luck:
Quote:


> AMD will make optional microcode updates available to our customers and partners for Ryzen and EPYC processors starting this week. We expect to make updates available for our previous generation products over the coming weeks.


https://www.amd.com/en/corporate/speculative-execution

Quote:


> Originally Posted by *Blameless*
> 
> Just patch your OS and software and use a decent AV.
> 
> The advice would be the same irrespective of the age of your platform, and most of the microcode fixes are centered on Meltdown, which Core 2 doesn't seem to be vulnerable to anyway.


Where did you get that impression from?

I know that Intel's official list of affected CPUs doesn't show anything below first gen Core i series, but I thought that the understanding was that potentially everything dating back to the Pentium Pro might be, they could just be delaying the acknowledgement to mitigate bad PR, since they probably don't want to spend the money to fix those. Intel might add them later (they do mention that possibility). They should know by now if they are affected though, they've had six months to find out.


----------



## CynicalUnicorn

First Intel stole our nanometers. Now they're stealing our securities. What can they steal next?!


----------



## SkiesOfAzel

Quote:


> Originally Posted by *CynicalUnicorn*
> 
> First Intel stole our nanometers. Now they're stealing our securities. What can they steal next?!


While trashing Intel can be funny, this is not what we should be doing right now. I mean sure, i get it. Intel has been the giant bully in the playground, treating both competition and consumers in the worst possible ways.

But in this case, they are only guilty of being more reckless than the rest in their implementation. Predictive fetching has been a cornerstone in CPU design, used by almost anyone that matters. It's a trick that comes with some inherent risks, but those delicious ipc gains and the new product cycles they brought were too hard to resist. **** like that would not happen if those corporate behemoths weren't in effect part of a monopoly protected by the most draconian ip laws.


----------



## cekim

Quote:


> Originally Posted by *SkiesOfAzel*
> 
> While trashing Intel can be funny, this is not what we should be doing right now. I mean sure, i get it. Intel has been the giant bully in the playground, treating both competition and consumers in the worst possible ways.
> 
> But in this case, they are only guilty of being more reckless than the rest in their implementation. Predictive fetching has been a cornerstone in CPU design, used by almost anyone that matters. It's a trick that comes with some inherent risks, but those delicious ipc gains and the new product cycles they brought were too hard to resist. **** like that would not happen if those corporate behemoths weren't in effect part of a monopoly protected by the most draconian ip laws.


Here-here on IP laws. I'm an EE and I will say flat out that our Patent Office after Clinton era changes to basic policy (aka: "patent them all and let god/courts sort it out) and union policy that amplified its effect through worker incentives is function entirely contrary to its original purpose as envisaged by our founders. It does not protect small innovators. It crushes them. It does not diversify and make transparent the process of discovery, it stifles it and drives into silos that erect barriers to entry.

If the patent system is to be/can be fixed, periods of exclusivity need to come down (drastically in some cases). The barrier of "novelty" needs to go way back up. Not sure it can be fixed at this point given the volume of trash that's been patented. It's "junk shot" fired from a gilded cannon that is effective enough to kill off any start up who hasn't funded sufficiently to survive the volley of lawsuits assuming they were crazy enough to take on the entrenched players. Anyone with a clue should be scared to enter any number of markets so thoroughly mined that they are no-go zones.


----------



## cekim

The more I read and understand about meltdown, the more impressed I am with its authors. It's obvious once you see it, but its rather devious. It's also scary in that it opens pandora's box of all manner of architectural state that could leave bread-crumbs or "voids that belie what didn't fill them" (rather than trying to find your prey by looking for them, you chase what fears them and look for signs of where they've been to deduce their location).

Criminals don't design the most effective weapons - scientists with no ill intentions do and their creations are then used by bad people. That's what we have here.

It's also interesting in that when the security of speculative prediction was being explored intensely early on, the throughput of this exploit was so low as to not be useful.

So, I think the truth to Vlad's mad ranting is that we will see more bugs of this variety now that the bar has been raised. I do think there are legal/liability questions to be answered about the most recent period when Intel was privy to viable proof's of concept. I also think there are legal/liability questions to be answered about our security apparatus' illegal/unconstitutional behavior since 9/11 and whether it was involved in making or leaving us open to attack. Given what we've seen with routers, I think that's an entirely reasonable concern.

However, I don't see Intel sitting around for 20 years tenting their fingers being intentionally evil. I think the questions of liability cover a much shorter time frame when they reasonably knew they were about to ship SKYLX, KABY and COFFEE with these bugs yet said/did nothing. That's where I diverge from Vlad's tirade. The level of deviousness of this exploit has me as an engineer saying, "wow, that's cool - given that I don't think like a criminal, I'm not sure I would have devised a test for that".


----------



## Vlada011

Quote:


> Originally Posted by *CynicalUnicorn*
> 
> First Intel stole our nanometers. Now they're stealing our securities. What can they steal next?!


Not only security, performance, investments...

If someone think when cripple his object of love where invest money, blood and sweet that will be safer than me.
I will be safe as you were in previous 20 years without crippling performance because thanks to lucid people
I know that Silicon flaw can't be fixed with codes without chance to be cripled with similar codes and easy removed all protection.
If your computers infect that will be over some servers, steams and such things no matter on patches.

I only think how much will influence on gaming over servers in future multiplayer games.
Until one day when new generation show up prohibit all people with flaws in processors.
All advertising of IT companies after new platform show up will be to people fastly get rid of everything they had before, specail X99, X299, Z170, Z270 an Z370.

You will read news of this type... Thanks to new security protocol new platform show much better performance here, here, here...
Previous platform show up significant slow down because security patches... etc...


----------



## SkiesOfAzel

Quote:


> Originally Posted by *cekim*
> 
> Here-here on IP laws. I'm an EE and I will say flat out that our Patent Office after Clinton era changes to basic policy (aka: "patent them all and let god/courts sort it out) and union policy that amplified its effect through worker incentives is function entirely contrary to its original purpose as envisaged by our founders. It does not protect small innovators. It crushes them. It does not diversify and make transparent the process of discovery, it stifles it and drives into silos that erect barriers to entry.
> 
> If the patent system is to be/can be fixed, periods of exclusivity need to come down (drastically in some cases). The barrier of "novelty" needs to go way back up. Not sure it can be fixed at this point given the volume of trash that's been patented. It's "junk shot" fired from a gilded cannon that is effective enough to kill off any start up who hasn't funded sufficiently to survive the volley of lawsuits assuming they were crazy enough to take on the entrenched players. Anyone with a clue should be scared to enter any number of markets so thoroughly mined that they are no-go zones.


Clinton deregulated everything he could, but i don't want this to be viewed as a political or a national issue. I am European and i can't say i am pleased with the way the issue has been treated here either.

And i want to reiterated that this is not a matter of political views, this is a completely practical matter that affects all of us whether we realize it or not. The whole point of building a society is to trade some freedom for some justice, else we would be still living perfectly free, in the jungle of our choosing. Some things need to be regulated for the common good, when they become essential for human survival and advancement. Today, all human transactions pass through a computer, making ensuring the continuation and security of those transactions a number one priority.

Besides, this is by no means an isolated blunder, these companies are constantly showing their disregard for the interests of their own consumers. Even the oh so nice and OSS friendly AMD has a black box inside their cpus that can't be turned off in most cases. But since there is no competition without this "feature", they can force it down our throat and we can't do anything about it.


----------



## Blameless

Quote:


> Originally Posted by *tpi2007*
> 
> Where did you get that impression from?
> 
> I know that Intel's official list of affected CPUs doesn't show anything below first gen Core i series, but I thought that the understanding was that potentially everything dating back to the Pentium Pro might be, they could just be delaying the acknowledgement to mitigate bad PR, since they probably don't want to spend the money to fix those. Intel might add them later (them do mention that possibility). They should know by now if they are affected though, they've had six months to find out.


It's almost certainly vulnerable to Spectre, but no pre-Core i chips are on the Meltdown list and Nehalem introduced significant branch predictor changes that likely precipitated the vulnerability.

Since pretty much everything is vulnerable to Spectre and there doesn't seem to be any firmware/microcode level fix short of disabling branch prediction all together, Core 2 wouldn't be any more vulnerable than anything else.


----------



## kingofblog

..


----------



## Quantum Reality

Quote:


> Originally Posted by *Blameless*
> 
> Quote:
> 
> 
> 
> Originally Posted by *tpi2007*
> 
> Where did you get that impression from?
> 
> I know that Intel's official list of affected CPUs doesn't show anything below first gen Core i series, but I thought that the understanding was that potentially everything dating back to the Pentium Pro might be, they could just be delaying the acknowledgement to mitigate bad PR, since they probably don't want to spend the money to fix those. Intel might add them later (them do mention that possibility). They should know by now if they are affected though, they've had six months to find out.
> 
> 
> 
> It's almost certainly vulnerable to Spectre, but no pre-Core i chips are on the Meltdown list and Nehalem introduced significant branch predictor changes that likely precipitated the vulnerability.
> 
> Since pretty much everything is vulnerable to Spectre and there doesn't seem to be any firmware/microcode level fix short of disabling branch prediction all together, Core 2 wouldn't be any more vulnerable than anything else.
Click to expand...

It's still unclear if LGA775 is in the affected list, but as I have a Pentium Dual Core E6700, if it's relatively less vulnerable I could revert for the time being.


----------



## Vlada011

Problems after installing patches start to show up... hahahaa haaaa
I don't know what people thought... I don't talk about ameteurs, there is educated people, full of knowledge about IT and hardware, advertise other people, work with computers years...
What you thought... Silicon have flaw and now few patches and BIOS updates will resolve that.
I thought you know little more what happen with bug in Silicon and how that finish usually. IN GARBAGE!
Only that would be too big impact on Intel profit and they decide to lead you arround like ******ed people and distract attention you with security patches...
From first day of new 2018 you chase for patches for silicon flaw. And now is middle of January.

How time pass more and more people will after several OS reinstallation to follow my path and leave computer without single patch.
There is more and more sides who reports that performance impact is so big that simply not worth.

*Guys it's time to collect signature and finish once and for all this. Full refund of Intel on advertised performance in all applications, all hardware, in any situation + normal security.*

I can bet now even if someone want to update he will need at least 1-2h to figure out what to do first.
And tomorrow maybe order of patches updates will be different.


----------



## Asisvenia

That situation started to becoming exaggerated one, I don't think local users won't even encounter by a hacker attack this is almost unlikely thing to happen. Blaming Intel, Amd and ARM just doesn't make logically sense to me because we can't know this is whether intentional or unobserved event.

I wonder, are W10 users allowed to not patching their OS ? I'm using W7 and for a long time I don't update my OS so that means as an Intel user I won't get any CPU performance regression.


----------



## Vlada011

You should be 100% sure, if this happen to new architecture as Coffee Lake, Intel would INSTANTLY pull from market and refund.
For far less bug than this. They would not even think to continue to sell such processors.
But because huge number if fooled they continue to sell even something what deserve recall and refund.

Imagine all processors are OK, only Coffee Lake launched before few months have bug.
Instant recall and refund as P67 motheborards. They would ask from people to back processors


----------



## e-gate

Quote:


> Originally Posted by *kingofblog*
> 
> With the performance impact getting worse and worse with each additional patch, I am at the point where I would recommend anyone with a single-user computer (i.e. clients) to leave the "exploits" in place. The scope of the vulnerability for client machines has gotten way overblown, since it (a) can not be used to install malware, and (b) requires local code execution. Since the main exploit surface, the browser, has already had mitigations put in place, the additional risk of Spectre/Meltdown is low for clients. On a single-user computer, being able to reach kernel memory is useless, since everything valuable (user data) is already accessible to user-mode applications. Likewise, Spectre is meaningless for clients, since any process on a single-user computer can already read the memory of any other process.


You can avoid flashing the new BIOS for Spectre. I will not flash it either. Older CPUs won't even get that BIOS. The performance drop is not the only problem. Those BIOS updates have bugs and cause issues as well. Will not flash anything for months until everything is settled down.


----------



## Gdourado

Quote:


> Originally Posted by *Asisvenia*
> 
> That situation started to becoming exaggerated one, I don't think local users won't even encounter by a hacker attack this is almost unlikely thing to happen. Blaming Intel, Amd and ARM just doesn't make logically sense to me because we can't know this is whether intentional or unobserved event.
> 
> I wonder, are W10 users allowed to not patching their OS ? I'm using W7 and for a long time I don't update my OS so that means as an Intel user I won't get any CPU performance regression.


I would like to know this to, as in windows 10pro, I can disable updates, but then that leaves me with a stale version of Windows.
Is it possible to see what updates are available and then just check list the ones you want to download and install.
Like in the windows vista days.

Cheers


----------



## Timmaigh!

Quote:


> Originally Posted by *e-gate*
> 
> You can avoid flashing the new BIOS for Spectre. I will not flash it either. Older CPUs won't even get that BIOS. The performance drop is not the only problem. Those BIOS updates have bugs and cause issues as well. Will not flash anything for months until everything is settled down.


I am about to have my current rig upgraded to X299 next week at last - i have bunch of components laying around since October, but for various reasons only now they are going to be installed.
Part of it its gonna be BIOS update for mobo - its Gigabyte X299 Gaming 7. Last 2 BIOS versions available for it are called F7 and F9a - this latest one is 2018 one and contains the microcode update. So do you suggest to skip it and go for just the F7, then just stick to the Windows update and browser update? I dont really wish to slow my computer down more than needed if i dont have to.


----------



## Blameless

Quote:


> Originally Posted by *Quantum Reality*
> 
> It's still unclear if LGA775 is in the affected list, but as I have a Pentium Dual Core E6700, if it's relatively less vulnerable I could revert for the time being.


The Core 2 is probably less vulnerable (perhaps immune) to Meltdown, but just as vulnerable to Spectre 1 & 2. The 4790K is vulnerable to all three, but should have microcode mitigations for at least Meltdown, and possibly Spectre 2.

I think your best course of action is to patch the microcode on your board's firmware and install all of the software security updates.
Quote:


> Originally Posted by *Vlada011*
> 
> You should be 100% sure, if this happen to new architecture as Coffee Lake, Intel would INSTANTLY pull from market and refund.


Coffee Lake is vulnerable.


----------



## chispy

I have 2 Intel systems and 2 AMD systems. The Intel systems did took a hit on performance and i can feel it as i do a lot of moving huge Bluray and UHD 4K movies on my library from SSDs to HDDs or from SSDs to SSDs or from HDDs to HDDS. Anything related to Intensive IO and Storage it is affected , this has been my own experience yours might be different , but the degradation in performance it is real as can be and can be felt on the day to day normal operations on your PC.


----------



## Vlada011

Quote:


> Originally Posted by *Blameless*
> 
> The Core 2 is probably less vulnerable (perhaps immune) to Meltdown, but just as vulnerable to Spectre 1 & 2. The 4790K is vulnerable to all three, but should have microcode mitigations for at least Meltdown, and possibly Spectre 2.
> 
> I think your best course of action is to patch the microcode on your board's firmware and install all of the software security updates.
> Coffee Lake is vulnerable.


I know it's vulnerable, I thought if bug is only in their silicon.
INSTANT recall from market as P67 and possibility to customers replace CPU in any store who sell them.
I give you warranty. Only size of problem stop them to do what everyone should do in this situation with any product.

I didn't want to talk that after only updating patch I felt slower computer in surfing.
I stay silent to avoid laughing and emos from Intel's robots until other sources on sites don't recognize that and yesterday before 2 days I say talking about surfing, browsers, Java scripts. etc...

I made such mistake. I mean don't need to be 1950X.
I paid RVE10 + EKWB Monoblock RGB - 400 euro, OK only 150 euro Is loss after I sold RVE but still have upgraded mobo, and CPU/VRM waterblock. CPU waterblock for RVE would cost me 1/2 of 150 euro, I didn't lost much, but that was plan to upgrade later on i7-6900K or i7-6950X on summer.
I could bought AMD Threadripper 1900 for 475 euro in my town and I see Zenith Extreme for same price is available. I would sold RVE+i7-5820K and my loss would be arround 300 euro for 2 more cores and Processor without security bug. And easy to wait second generation of Threadripper.
Or to add 150 euro more for 12 cores in that case I would add if need.. But why, AMD 1900 8C/16T work on 4.0GHz, OC to 4.2GHz I'm on same speed as now.

I made mistake, and I'm not guilty, it's not my fault, and want to Intel compensate me for their fault and playing with my security.
I could imagine how people feel who hide their ideas from other sources who could abuse them.

HOW American citizens to feel because Military is Vulnerable. Potential attack from ISIS or terrorists worldwide.

And don't look Intel stocks they are overblown and they manipulate with values to decrease impact.
If they stock survive real hit contracts will be broken very fast and then Intel is in real problem.
No doubt Intel have money to recall processors last years and replace them. Only is problem because they don't want to response for their fault.
They want to customers pay Maybe even Intentional, Systematic and Door Opened with Plan Until someone not recognize, and year by year, year by year no one say nothing from experts worldwide. Good part of people who could notice such things are hired to stay silent and they wait someone to say what happen. I don't say it's 100% true, but it's possible that you pay Intentionaly made mistake. If Intel and their partners know for bug they are in Huge advantage until someone other not recognize.

WE WILL KNOW VERY FAST DID INTEL WORKED WITH SOME SECURITY AGENCY AND INTENTIONALY MADE DOOR OPENED AND LEFT PEOPLE WORLDWIDE VULNERABLE AND NOT SECURE. IF REACTION OF GOVERNMENT AND SECURITY SERVICE STAY LIKE WE SEE THESE DAYS, 90% INTEL GET INSTRUCTION AND PROMISES THAT EVERYTHING WILL BE FINE AND THAT THEY WILL NOT NEED TO PAY FOR FAULT. THAN WE HAVE EXTENDED STORY OF SNOWDEN AND THEIR WARNINGS AND OUR REACTION NEED TO BE EVEN STRONGER, UNITED PEOPLE WORLDWIDE AGAINST CORPORATION. BECAUSE ONLY USA GOVERNMENT WILL PROTECT INTEL THEN.
Europe is angry after America spy their citizens and citizens off closest allies and they are not ready to forgive everything, even oppose I think that companies as Intel and Apple would payed higher price on court in Europe than on any other place worldwide..


----------



## Vlada011

I can bet that Intel stock suffer impact as Russian economy, but Intel start measures to cover reality, same as Putin.
They try to keep economy on legs selling 3x more quantity of oil than usually. And their resources planned for 100 years will be dry for 30.
Now it's possible to enthusiasts start to read some veird news about graphic cards market, memory, SSD with task to distract attention while pressure is worse.
Intel only need to surive first period and resist to customers, and later they will replace Silicon and advertising+performance decrease+news that patches not work properly will force people to throw new computers in garbage.


----------



## Abaidor

Quote:


> Originally Posted by *ThrashZone*
> 
> Hi,
> You never know MS has in the past has classified some hardware as incompatible after upgrading gpu's/....
> In the mobile first world hardware is obsolete after 2-3 years


Quote:


> Originally Posted by *Blameless*
> 
> Just patch your OS and software and use a decent AV.
> 
> The advice would be the same irrespective of the age of your platform, and most of the microcode fixes are centered on Meltdown, which Core 2 doesn't seem to be vulnerable to anyway.


I have patched the systems already but I am not really worried since they contain no sensitive information at all and they are imaged on external HD too.

Quote:


> Originally Posted by *cekim*
> 
> They outside intel's 10 year window? If microcode is released you can patch in windows and not need a bios update but it is a little more work. Once per machine...


Will have to look into that. Thanks

My i9-7940X + Asus Rampage VI Extreme are next to me waiting on their boxes to be installed and this happens....Suddenly I am not that exited about the new build since besides this problem I also read about:

1) Samsung 960 Pro botched through firmaware (mine still in its box - thanks god its production date is in the safe zone)
2) Intel management Platform vulnerability (waiting for new BIOS)
3) Asus AI Suite software issues
4) Asus Aura Syn issues
5) Trident Z RGB issues with Gskill's software bricking modules (not working so great with Aura Sync either)
6) I buy an Asus Strix OC Edition 1080Ti intending to watercool and I read that Asus has made PCB changes that make it incompatible with EK waterblocks (and others consequently).







I was lucky again! I checked the Serial number and it is not within the range EK designated as incompatible.

Damn this is a minefield and I have not even completed the build yet...

With that said my current PC is a Q9550 / Samsung 840 Pro on windows 10 pro. I have patched the system for Meltdown and have not noticed any slowdown but can't be bothered to run benchmarks since the system is EOL.

I am certain I won't fee any slowdown with the new system since A) it is vastly faster than my current anyway and B) I have not had the chance to try it till now.

But to say that the PC market has turned into a mess is an understatement.


----------



## sumitlian

Quote:


> Originally Posted by *EniGma1987*
> 
> Seems Intel was trying to keep a somewhat major issue under wraps but it got leaked to the press:
> 
> http://www.zdnet.com/article/meltdown-spectre-firmware-glitch-intel-warns-of-risk-of-sudden-reboots/
> 
> The patches to fix this issue are causing random reboots in servers, so now Intel is recommending the servers dont get patched yet. They didnt want anyonme to know that they caused a bunch of stability problems and the only fix is to keep a major security hole for now. lol


When will we learn "the best fix from being surveilled is to ignore the idea of being surveilled".


----------



## apraetor

Quote:


> Originally Posted by *KyadCK*
> 
> They wouldn't need it anyway because a major selling point on Epyc is per-VM hardware memory encryption. I can steal a book from someone all I want, but if I can't read the language then it doesn't do me much good, does it?
> 
> Boy I bet that marketing line is being taken a lot more seriously now.


Actually -- that's incorrect. Per-VM memory encryption encrypts RAM, not L1/L2/L3 cache. Encrypted cache data would need to be decrypted and written back to the cache before it could have any operations performed on it, anyway.. so it would profit you nothing. As long as the VM you wish to attack is running, it's key is going to be in memory, and thus exposed to theft. Any exploit which permits you to read the cache will bypass all hardware-based encryption schemes, for the simple reason that homomorphic encryption isn't really a "thing" yet... if data could be kept encrypted even when performing computation on it, then we wouldn't need to have protection domains. Well we would, but not for all the same reasons.

Here's a diagram showing how EPYC memory encryption is a RAM-on-out scheme; any attack originating deeper (i.e. in the CPU architecture) is going to bypass that by having access to the keys at least, and decrypted cache at worst.


----------



## e-gate

Quote:


> Originally Posted by *Timmaigh!*
> 
> I am about to have my current rig upgraded to X299 next week at last - i have bunch of components laying around since October, but for various reasons only now they are going to be installed.
> Part of it its gonna be BIOS update for mobo - its Gigabyte X299 Gaming 7. Last 2 BIOS versions available for it are called F7 and F9a - this latest one is 2018 one and contains the microcode update. So do you suggest to skip it and go for just the F7, then just stick to the Windows update and browser update? I dont really wish to slow my computer down more than needed if i dont have to.


I suggest you flash the latest BIOS that's not containing the microcode for Spectre. Do the Windows update as the performance drop of the Windows patch is minor. Major browsers are protected already so I'm not worrying. That BIOS update is giving major issues to a lot of people . Intel will further improve and release more updates. Also vendors might improve any bugs present as well. Most CPUs won't ever get that BIOS update. I personally will not flash it. I'm going to wait and see how thing will develop and flash it when I feel the situation is far too dangerous. For time being I feel it's not.


----------



## Timmaigh!

Quote:


> Originally Posted by *e-gate*
> 
> I suggest you flash the latest BIOS that's not containing the microcode for Spectre. Do the Windows update as the performance drop of the Windows patch is minor. Major browsers are protected already so I'm not worrying. That BIOS update is giving major issues to a lot of people . Intel will further improve and release more updates. Also vendors might improve any bugs present as well. Most CPUs won't ever get that BIOS update. I personally will not flash it. I'm going to wait and see how thing will develop and flash it when I feel the situation is far too dangerous. For time being I feel it's not.


Thank you for advice, it sounds reasonable to me and i will probably do as you say. Based on what i read about this stuff i am not under impression that the likelihood of my computer being hacked via this particular security hole is somehow bigger than getting screwed by any other malware etc.., despite the outcry.... actually this seems to be more difficult to exploit, even pre-patch.


----------



## tajoh111

If there was anytime AMD could get more capital by issuing more stock. This is it.

One of Intels chief advantages over AMD was trust from the public and brand perception.

With mainstream news covering this along with financial outlets, Public trust for Intel has been damaged severely, particularly if AMD isn't as effected by this.

With a new ryzen coming out in march and with Intel's larger performance penalty from this update, AMD could very well get ahead of Intel. 5% decrease in Intel's performance, plus 8% clock jump in ryzen + + 4% IPC could lead to potentially close to 10% deficit for Intel which along with the blow to trust, could lead to a 3-8% gain in marketshare for AMD over the course of a year. That would be huge.

But AMD needs to follow through on 7nm and to do that it needs capital. 7nm is ridiculously expensive meaning AMD profits will be insufficient to fund it if we look at their last income statements. They need to be issuing more stock even if it means a dilution because they need a billion dollars in funding to continue development.


----------



## e-gate

Quote:


> Originally Posted by *tajoh111*
> 
> If there was anytime AMD could get more capital by issuing more stock. This is it.
> 
> One of Intels chief advantages over AMD was trust from the public and brand perception.
> 
> With mainstream news covering this along with financial outlets, Public trust for Intel has been damaged severely, particularly if AMD isn't as effected by this.
> 
> With a new ryzen coming out in march and with Intel's larger performance penalty from this update, AMD could very well get ahead of Intel. 5% decrease in Intel's performance, plus 8% clock jump in ryzen + + 4% IPC could lead to potentially close to 10% deficit for Intel which along with the blow to trust, could lead to a 3-8% gain in marketshare for AMD over the course of a year. That would be huge.
> 
> But AMD needs to follow through on 7nm and to do that it needs capital. 7nm is ridiculously expensive meaning AMD profits will be insufficient to fund it if we look at their last income statements. They need to be issuing more stock even if it means a dilution because they need a billion dollars in funding to continue development.


This happens when you are in a monopoly for decades. You become arrogant and lose touch with reality.
Despite all that Intel is not going anywhere. That's not enough to bring Intel down not even close.
Corporations recover from far worse. Samsung made a ticking bomb in our pockets, literally, and it's like it never happened.
This is just a silly bug/backdoor/design flaw call it as you will. It's not even close to make serious damage to Intel. We exaggerate a lot with this.
AMD is not completely invulnerable either. Apple is vulnerable to all variant yet nothing. Silence. iPhone keep selling like hot cakes.
The worse it can happen to Intel now is shaken them a little bit and perhaps wake them up from their slumber and start making better products.


----------



## rluker5

Quote:


> Originally Posted by *rluker5*
> 
> I don't have the microcode update to my bios yet, just windows KB4056892, and while my optane random performance has decreased, it is more like 10% per crystaldiskmark. It's still pretty good, shame I won't be able to hit those scores anymore though.
> before update:
> after update:


Just updated to the spectre safe microcode for Broadwell-c: 1B. https://valid.x86.fr/zax1v9 Handles same ram speeds and timings as microcodes 10 and 17. Handles same OCs at the same voltages as 17 and gets the same bench score in xtu within the margin of error.

Ran crystal diskmark again and yuk:

Same everything settings clocks, ram, power, everything I could think of as the first two runs and everything nonessential closed and bam! my optane is bottlenecked







. Even restarted and was same. Can repeat those disheartening results all day.

At least it isn't that noticeable and I have a bios switch on my mobo if it bothers me too much.

I didn't check, wonder if others with optane & Intel are getting the same dropoff?
Maybe there will be another microcode that will fix this. Ran it at 4.2 core, 3.8 cache, 2400cs10, high performance power setting, W10 FCU, and have 4 gen 3 lanes clear to the cpu for this for anyone interested.


----------



## azanimefan

wow, those numbers.

yikes.

that's terrifying.


----------



## chispy

Quote:


> Originally Posted by *rluker5*
> 
> Just updated to the spectre safe microcode for Broadwell-c: 1B. https://valid.x86.fr/zax1v9 Handles same ram speeds and timings as microcodes 10 and 17. Handles same OCs at the same voltages as 17 and gets the same bench score in xtu within the margin of error.
> 
> Ran crystal diskmark again and yuk:
> 
> Same everything settings clocks, ram, power, everything I could think of as the first two runs and everything nonessential closed and bam! my optane is bottlenecked
> 
> 
> 
> 
> 
> 
> 
> . Even restarted and was same. Can repeat those disheartening results all day.
> 
> At least it isn't that noticeable and I have a bios switch on my mobo if it bothers me too much.
> 
> I didn't check, wonder if others with optane & Intel are getting the same dropoff?
> Maybe there will be another microcode that will fix this. Ran it at 4.2 core, 3.8 cache, 2400cs10, high performance power setting, W10 FCU, and have 4 gen 3 lanes clear to the cpu for this for anyone interested.


Ouchh ... i feel your pain







, i'm having the same bottleneck as you in the storage department.


----------



## Vlada011

Quote:


> Originally Posted by *azanimefan*
> 
> wow, those numbers.
> 
> yikes.
> 
> that's terrifying.


It's not.
No performance impact, No performance impact.
Something little.

We need to burn down our PCs and force Intel to suffer....


----------



## rluker5

Quote:


> Originally Posted by *azanimefan*
> 
> wow, those numbers.
> 
> yikes.
> 
> that's terrifying.


I noticed before that running a slower oc gives me worse results with that drive, so my cpu must be just fast enough and more susceptible to showing off it's limitations.
A newer cpu would probably take less of a hit.
Kind of torn as to leave the bios switch on an older microcode and not really notice the lack of a slowdown and ignore the unlikely threat or not.
Optane seems more expensive to me now


----------



## rluker5

Quote:


> Originally Posted by *chispy*
> 
> Ouchh ... i feel your pain
> 
> 
> 
> 
> 
> 
> 
> , i'm having the same bottleneck as you in the storage department.


Yeah, I was skeptical until I bios updated. But my storage is still pretty fast, seems about the same, just not as fast per the bench. But $600 for 480GB was pricey. Maybe the costs will get closer to nand now for everyone else.


----------



## yamnakshatriya

I was active in this thread earlier, so I will update people on my experience.

I had an 8700k with an ASUS prime motherboard and Dark Rock Pro 3 cooler.

After Meltdown, I swapped that out for an AMD 1800x.

The AMD performs as well at stock on Cinebench (and my kind of workload in general), with a bunch of power saving enhancements, using 95w of power, that Intel would have if I had OCd it to 5 GHz BEFORE Meltdown, and in that case it would probably have used at least 150 watts. AMD also peaks out at 60 degrees at equal performance to what Intel would have peaked out at, at 80 degrees.

The people still buying Intel processors are not making a wise decision, in my opinion. 5GHz for gaming is probably overkill, and for work and productivity multicore matters much more, I would think.

Also, AMD is cheaper! Both on the card and the motherboard! And long term usage cost as well. You can save that £100 instant saving to buy yourself a much better graphics card, which will probably make a much greater difference to your games. From a simple pareto standpoint, the £100 on Intel seems like a waste of money, in the sense that you can spend that £100 elsewhere for a much bigger gain.

Good luck to all the people with Intel cards! I hope Intel does something, but I doubt it. I was lucky to have bought Intel less than 30 days before Meltdown hit, so I was able to get a return. The cards are still selling at decent prices on eBay - you could probably realise only a small loss if you wanted to go for AMD.


----------



## cekim

Quote:


> Originally Posted by *rluker5*
> 
> Yeah, I was skeptical until I bios updated. But my storage is still pretty fast, seems about the same, just not as fast per the bench. But $600 for 480GB was pricey. Maybe the costs will get closer to nand now for everyone else.


I spend a fair amount of time and effort exploring what can be done with storage/processor/network tech and large-scale applications at any given time. The inability to capitalize on the headline benchmark numbers of the very latest has been fairly stark.

That is, once past the bump from hdd to ssd, the precise nature of the ssd was far less important as now other bottlenecks were exposed. The move from one bottleneck to the next in tech is normal. What was new is that storage has almost always not only been a bottleneck, but a profound one. The difference between SSD and NVME in practical terms has been a bit of a yawn. Even optane, for consumer purposes offers some corner-case and benchmark gains, but overall is a yawn over NAND.

Short version, yes benchmarks took a hit, but what does it mean for your application/use? Yawn.

I am really excited to see if AMD can capitalize on this. Intel has been sand-bagging for a long time and clearly they screwed up here. AMD had some success (under)pricing their way into these markets, but they needed something more to move beyond a flash in the pan. This might give them exactly that.


----------



## Vlada011

Quote:


> Originally Posted by *yamnakshatriya*
> 
> I was active in this thread earlier, so I will update people on my experience.
> 
> I had an 8700k with an ASUS prime motherboard and Dark Rock Pro 3 cooler.
> 
> After Meltdown, I swapped that out for an AMD 1800x.
> 
> The AMD performs as well at stock on Cinebench (and my kind of workload in general), with a bunch of power saving enhancements, using 95w of power, that Intel would have if I had OCd it to 5 GHz BEFORE Meltdown, and in that case it would probably have used at least 150 watts. AMD also peaks out at 60 degrees at equal performance to what Intel would have peaked out at, at 80 degrees.
> 
> The people still buying Intel processors are not making a wise decision, in my opinion. 5GHz for gaming is probably overkill, and for work and productivity multicore matters much more, I would think.
> 
> Also, AMD is cheaper! Both on the card and the motherboard! And long term usage cost as well. You can save that £100 instant saving to buy yourself a much better graphics card, which will probably make a much greater difference to your games. From a simple pareto standpoint, the £100 on Intel seems like a waste of money, in the sense that you can spend that £100 elsewhere for a much bigger gain.
> 
> Good luck to all the people with Intel cards! I hope Intel does something, but I doubt it. I was lucky to have bought Intel less than 30 days before Meltdown hit, so I was able to get a return. The cards are still selling at decent prices on eBay - you could probably realise only a small loss if you wanted to go for AMD.


1800X is nice processors, but maybe people should think about combination ASUS X399 Strix + AMD 1900X.
I would advice gamers to search 1900X capable to work on 4.2GHz on normal voltage. Because no matter on compatibility of AM4 with at least 2 generations TR4 have models with more cores.
AMD promise much better OC with 2800X It would be nice to improve little OC and of Threadripper.
I would say real hit of AMD would be Threadripper with 10 Cores with 4.2GHz Turbo for 500-550$.
That would be game changer.

But I cannot use cheaper motherboards. I don't like RGB, but I used on this changing color on RVE10 and capability to chage light on PCH, PCI-E, IO Cover, Center, Backplate 1-2-3-4-5. That satisfied me because I don't buy RGB fans and use normal. But only RVE10, RVIE, Zenith and Crosshair VI Extreme have these type of options.

People are really cue... My Intel CPU worth 1000$ lost 20% performance...
BUT IT'S STILL FAST, IF I OC HIM I WILL COMPENSATE PERFORMANCE DECREASE.








Good thinking, guys, good thinking, keep it up. And Intel support you.
While such people live there is still hope for criminogenic companies as Intel.

What someone sad, my Samsung 960 PRO work as weaker than Samsung 950 EVO BUT IT'S STILL FAST.
There is still hope for Intel, for you, I'm not sure.
Better say I paid 960 PRO 512GB and Intel made him to work as 960 EVO, for same money I could buy 960 1TB... Heeheeee... Now you have 512GB and performance of EVO.








This is comedy. This topic will break all records... it will beat topic I have mechanical keyboard.


----------



## cx-ray

Quote:


> Originally Posted by *rluker5*
> 
> Yeah, I was skeptical until I bios updated. But my storage is still pretty fast, seems about the same, just not as fast per the bench. But $600 for 480GB was pricey. Maybe the costs will get closer to nand now for everyone else.


The 4K low queue depth performance is still around 3x faster compared to the fastest desktop NAND SSDs. As aforementioned there's not much to gain from that in regular application use. However, if a normal SSD drops that dramatically in 4KQ1 as well due to a BIOS patch, it will be slightly noticeable.

Not trying to talk this right. Your drive has only been available for barely 2 months. It was sold based on very high low queue depth IOPS and now that's dropped by half using a modern CPU.


----------



## TinyRichard

Some of you folks need to lay off the peyote, patch your PCs and move on already.

This is 1% problem, 99% boogeyman and there's probably more than a few marketing and sales folks making a toast in anticipation of the upcoming sales this fear mongering will generate.

1999 Y2K bull snot all over again, but with way more blogging.


----------



## Timmaigh!

Quick question regarding Windows (10) update:

is it the one (dealing with both Meltdown and Spectre) the one called Cumulative Update for Win 10 v. 1709 *KB4056892* ? If i have it, am i set (disregarding possible BIOS and browser/specific app updates) or is there anything else i am supposed to download and install, perhaps manually?

Thanks


----------



## cekim

Quote:


> Originally Posted by *TinyRichard*
> 
> Some of you folks need to lay of the peyote, patch your PCs and move on already.
> 
> This is 1% problem, 99% boogeyman and there's probably more than a few marketing and sales folks making a toast in anticipation of the upcoming sales this fear mongering will generate.
> 
> 1999 Y2K bull snot all over again, but with way more blogging.


Mostly yep, but it is more real than y2k

Y2K was 99.99% BS and I work in this industry... the bogus buildout to support the replacement of a lot of hardware that would have been fine thinking its 1917, led to the .com bubble in many ways at the hardware level... (recursive buildout to support the buildout leaving capacity no one needed for 15 more years)

As much as I'm one of many saying take the news with a grain of salt since they get things wrong like it's their job to get things wrong, there are still potentials for big problems....

Apple's patch appears to be a real stinker for phone performance across the board. Not just synthetics. We'll see...


----------



## Blameless

Probably time to start looking into kernel-bypassing storage/network stacks, if your work/play is extremely I/O dependent.


----------



## cekim

Quote:


> Originally Posted by *Blameless*
> 
> Probably time to start looking into kernel-bypassing storage/network stacks, if your work/play is extremely I/O dependent.


The micro-kernel guys initially pointed this out but I think at the end of the day the reality of this exploit and I/O is that you can't bypass entirely....

You can tune buffers/caching at the app and library level though. Back to the old school of glacial disks and networks with "baud" still part of the throughput designation. (Exaggeration for effect, typical optimizations are already sufficient in most cases... if it ran acceptably against a modern spinning platter, it will be fine still)


----------



## ThrashZone

Hi,
Pretty easy to test
Just restore a system image if one gets a big hit in performance or clone to another ssd and see which is worse.
First release patches are always total crap anyway especially from MS
MS has no interest in 7 or 8.1 anyway other than upgrading to 10.


----------



## SkiesOfAzel

Quote:


> Originally Posted by *TinyRichard*
> 
> Some of you folks need to lay off the peyote, patch your PCs and move on already.
> 
> This is 1% problem, 99% boogeyman and there's probably more than a few marketing and sales folks making a toast in anticipation of the upcoming sales this fear mongering will generate.
> 
> 1999 Y2K bull snot all over again, but with way more blogging.


You are seriously comparing a vulnerability that could (and may) have compromised important data centers, which also points to an inherent weakness in modern CPU design to Y2K? 99% boogeyman? More like 99% damage control.


----------



## jagdtigger

Quote:


> Originally Posted by *SkiesOfAzel*
> 
> You are seriously comparing a vulnerability that could (and may) have compromised important data centers, which also points to an inherent weakness in modern CPU design to Y2K? 99% boogeyman? More like 99% damage control.


More like 100% damage control, especially for intel...


----------



## cekim

Quote:


> Originally Posted by *jagdtigger*
> 
> More like 100% damage control, especially for intel...


They both had some truth and mostly BS to them. They both caused an industry wide panic, garbage journalism, premature declaration of death of products, etc... lots of parallels...

They both also will ultimately fundamentally change the landscape regardless.


----------



## JackCY

Meanwhile Nvidia is laughing while their drivers corrupt web browser's hardware acceleration and no one knows or bothers to report it again so it gets fixed.







Seems to follow same philosophy as Intel, while it's not on fire don't fix it. And AMD shifts their focus solely on computing/datacenters/mining for both CPU and GPU, breaks their "RX" drivers support for DirectX etc. because they don't care anymore one bit about regular people market.

Big corps. doing every one of them what ever they want and think will give them the highest profits. All most of the time thinking, it's proprietary, it's in hardware, no one will figure it out to be able to hack it, well "no one" did figure it out. It's the same story with ME, PSP and all that "management" crap that serves more as a backdoor than anything else.

It will take forever before UEFIs for mobos are updated. They knew about the issues for a year if not more yet now they are scrambling to get patches out with vague descriptions at first so that no one knows what they are for because stuff started to leak out finally. Might have also been why Intel rushed so many platforms lately out with this hardware issue so they get them out before it leaks as now no one sensible will want buy a hardware that has these hardware flaws and they could just scrap x299 and 8xxx series if they were to release them in 2018 as planned etc. Good luck Intel and everyone else trying to sell CPUs with these flaws again, here is to hope you fail miserably at it.

Y2K was a popularity FAD. A non issue. Just some poor coders messed up their code, big deal, so they patch their poor software for a date. OMG my calendar is reading 1918 not 2018 kind of stuff, big whoop di doo.


----------



## jagdtigger

Quote:


> Originally Posted by *cekim*
> 
> They both had some truth and mostly BS to them. They both caused an industry wide panic, garbage journalism, premature declaration of death of products, etc... lots of parallels...
> 
> They both also will ultimately fundamentally change the landscape regardless.


Sorry but there cant be parallel things between a baseless phenomenon vs one that has a solid base and real threat....


----------



## cekim

Quote:


> Originally Posted by *JackCY*
> 
> Y2K was a popularity FAD. A non issue. Just some poor coders messed up their code, big deal, so they patch their poor software for a date. OMG my calendar is reading 1918 not 2018 kind of stuff, big whoop di doo.


No as with this is was more complicated than that... it was everything from simple patches to hardware that only digits worth of storage for year to programs with no source code or code written in languages and compiled with tools no one used or had any more...

The overwhelming majority of them would have ticked over to 1/1/1900 without a second thought. A large portion of the remainder would have needed an error cleared but after that been fine..... a small number would not function.

At no point did the media ever understand this or really much of anything they are talking about and unfortunately, the public trusted them not to sensationalize and mislead them... sadly no lesson was learned in any regard....


----------



## cekim

Quote:


> Originally Posted by *jagdtigger*
> 
> Sorry but there cant be parallel things between a baseless phenomenon vs one that has a solid base and real threat....


See above, you could not be more wrong... the computation of year with only 2 digits was a very real issue. The adjustment of function based on date in machine controls and networks is a very real issue.

Electrical grids, telecoms infrastructure, machine automation, etc... did in fact need to be analyzed, patched and in some cases replaced, but it, like this was sensationalized to the point that you have to work hard to get to the reality any given moment given the river of BS flowing through the talking heads and mindless regurgitation of the blogosphere.

The threshold for trusting people to report on and analyze detailed technical content is sadly low. There are tubers ad bloggers I like to read, but who will frequently talk out of the wrong sphincter on such things without even realizing they have no idea what they are saying... the good ones acknowledge it now and then, but their consumers don't fully understand the gravity of the handwave over subtle but very important points...

This is what has LTT baking video cards in the oven lol... or others refuting der8aurs correct VRM observations because micro-throttling saved them from overheating at the expense of performance they didn't notice going missing... it goes on and on and on and into every technical domain from computers to climate science...


----------



## Dave_O

Quote:


> Originally Posted by *rluker5*
> 
> Just updated to the spectre safe microcode for Broadwell-c: 1B. https://valid.x86.fr/zax1v9 Handles same ram speeds and timings as microcodes 10 and 17. Handles same OCs at the same voltages as 17 and gets the same bench score in xtu within the margin of error.
> 
> Ran crystal diskmark again and yuk:
> 
> Same everything settings clocks, ram, power, everything I could think of as the first two runs and everything nonessential closed and bam! my optane is bottlenecked
> 
> 
> 
> 
> 
> 
> 
> . Even restarted and was same. Can repeat those disheartening results all day.
> 
> At least it isn't that noticeable and I have a bios switch on my mobo if it bothers me too much.
> 
> I didn't check, wonder if others with optane & Intel are getting the same dropoff?
> Maybe there will be another microcode that will fix this. Ran it at 4.2 core, 3.8 cache, 2400cs10, high performance power setting, W10 FCU, and have 4 gen 3 lanes clear to the cpu for this for anyone interested.


Saw the same issue. Actually, it makes sense. As PC storage subsystems have gotten faster, ACHI -> NVME, SATA -> PCIE, other parts of the IO chain become more important. In this case, OS Kernel context switches introduced in the CPU microcode fix.

The faster your SSD, the more the % impact, especially in the 4K benchmark which has the greatest OS Kernel context switches / second.


----------



## jagdtigger

Quote:


> Originally Posted by *cekim*
> 
> This is what has LTT baking video cards in the oven lol...


You can laugh at it but the manufacturer does the same thing... (although their gear is more sophisticated but the underlying principal is the same):
https://www.youtube.com/watch?v=FNNRoXZom30


----------



## rluker5

Quote:


> Originally Posted by *Dave_O*
> 
> Saw the same issue. Actually, it makes sense. As PC storage subsystems have gotten faster, ACHI -> NVME, SATA -> PCIE, other parts of the IO chain become more important. In this case, OS Kernel context switches introduced in the CPU microcode fix.
> 
> The faster your SSD, the more the % impact, especially in the 4K benchmark which has the greatest OS Kernel context switches / second.


Put the first 5775-c microcode from the UBU list in spot 1 in my mobo:

I don't even know what has been patched since then but it is working great this morning








I will probably switch back to the secure one as soon as it is too late.


----------



## acheleg

Quote:


> Originally Posted by *Dave_O*
> 
> Saw the same issue. Actually, it makes sense. As PC storage subsystems have gotten faster, ACHI -> NVME, SATA -> PCIE, other parts of the IO chain become more important. In this case, OS Kernel context switches introduced in the CPU microcode fix.
> 
> The faster your SSD, the more the % impact, especially in the 4K benchmark which has the greatest OS Kernel context switches / second.


----------



## chispy

Quote:


> Originally Posted by *Dave_O*
> 
> Saw the same issue. Actually, it makes sense. As PC storage subsystems have gotten faster, ACHI -> NVME, SATA -> PCIE, other parts of the IO chain become more important. In this case, OS Kernel context switches introduced in the CPU microcode fix.
> 
> The faster your SSD, the more the % impact, especially in the 4K benchmark which has the greatest OS Kernel context switches / second.


+1 completely agree with your comment since i also suffer from the PC storage speed degradation afer microsoft patch and bios update


----------



## stargate125645

Is the microcode update going to require BIOS updates as well?


----------



## cekim

Quote:


> Originally Posted by *jagdtigger*
> 
> You can laugh at it but the manufacturer does the same thing... (although their gear is more sophisticated but the underlying principal is the same):
> https://www.youtube.com/watch?v=FNNRoXZom30


Given that LTT didn't know and could not control the temp required for their given solder application.... what I said previously....

Not only that, they hadn't done any probing to isolate the problem.

I recall they did a follow up talking to someone who knew what they were doing and he pointed out how ridiculous their stunt was if they expected anything but a nicely toasted card.


----------



## cekim

Quote:


> Originally Posted by *stargate125645*
> 
> Is the microcode update going to require BIOS updates as well?


If you want it to happen automatically, then yes. You can apply uCode updates on your own using windows and VMware tools out there. It is usually easier for most people to get a new bios image from their board maker, but if they don't provide it or you don't want to wait, you can do it.


----------



## jagdtigger

Quote:


> Originally Posted by *cekim*
> 
> Given that LTT didn't know and could not control the temp required for their given solder application.... what I said previously....
> 
> Not only that, they hadn't done any probing to isolate the problem.
> 
> I recall they did a follow up talking to someone who knew what they were doing and he pointed out how ridiculous their stunt was if they expected anything but a nicely toasted card.


You seem to forget about the disclaimer in the video before Linus starts the process that if you have any kind of warranty dont do it. Otherwise you dont have anything to loose IMO. I do not know any company that does this kind of thing anyway... (/EDIT at least in my region)


----------



## HMBR

Quote:


> Originally Posted by *stargate125645*
> 
> Is the microcode update going to require BIOS updates as well?


it doesn't have to, normally microcode updates are just delivered via bios updates, but, Microsoft can also load updated microcodes if they want, as they did in 2015 https://support.microsoft.com/en-us/help/3064209/june-2015-intel-cpu-microcode-update-for-windows

basically windows will load the microcode from a file during boot, and not just use the one from the bios, should give you the same result.

so far only Haswell and newer got a updated microcode, not sure if they are going to make it for ivybridge and older?


----------



## cekim

Quote:


> Originally Posted by *jagdtigger*
> 
> You seem to forget about the disclaimer in the video before Linus starts the process that if you have any kind of warranty dont do it. Otherwise you dont have anything to loose IMO. I do not know any company that does this kind of thing anyway... (/EDIT at least in my region)


There are relatively small shops that do board repair. There's one angry but entertaining one who streams it. I think he was the one that showed LTT what was actually involved in that type of repair.

Basically the same sort of repair done in labs for prototyping complex systems... you jumper, solder probe leads, replace parts whether surface mount, through hole or BGA, by the time it's debugged, it's been ravaged...


----------



## MysteryGuy

Quote:


> Originally Posted by *cekim*
> 
> No as with this is was more complicated than that... it was everything from simple patches to hardware that only digits worth of storage for year to programs with no source code or code written in languages and compiled with tools no one used or had any more...
> 
> The overwhelming majority of them would have ticked over to 1/1/1900 without a second thought. A large portion of the remainder would have needed an error cleared but after that been fine..... a small number would not function.
> 
> At no point did the media ever understand this or really much of anything they are talking about and unfortunately, the public trusted them not to sensationalize and mislead them... sadly no lesson was learned in any regard....


Y2K may have been over hyped. But, at least from what I saw, part of the reason that it wasn't a bigger issue was that a small army of people put out patches ahead of time to make it a smoother transition.

For example, if you (anyone) didn't get your paycheck on Jan 14, 2000 because of a problem, you probably wouldn't have been too happy.


----------



## JackCY

Anyone following Intel CPU prices? 7.1. a slight drop, 14.1 a sizable price drop, guess retailers or distributors or even Intel themselves are dropping prices to sell more since people now have even more incentive to choose a competing product.


----------



## Mad Pistol

Anyone with a Ryzen build done tests yet to see if this affects their systems in any meaningful way?

EDIT: Just noticed this video.




It was a quick test, but according to this, it looks like the i7 4790k is largely unaffected for gaming. That's a sigh of relief.


----------



## Offler

Quote:


> Originally Posted by *Mad Pistol*
> 
> Anyone with a Ryzen build done tests yet to see if this affects their systems in any meaningful way?
> 
> EDIT: Just noticed this video.
> 
> 
> 
> 
> It was a quick test, but according to this, it looks like the i7 4790k is largely unaffected for gaming. That's a sigh of relief.


Openworld games and games which use SQL databases for object storing, might have some small impact. But thats it for the desktop segment. Fun begins at selling of virtual servers. You cannot know who is your neigbor


----------



## Mad Pistol

Quote:


> Originally Posted by *Offler*
> 
> Openworld games and games which use SQL databases for object storing, might have some small impact. But thats it for the desktop segment. Fun begins at selling of virtual servers. You cannot know who is your neigbor


Considering that I'm a DBA by trade, I may have to go dig around in Witcher files now. This is indeed very interesting.


----------



## Offler

I should say "small". 140 to 120 is not small, yet still above "unplayable" FPS thresholds. If you have 144Hz+ display, you might be affected.


----------



## Vlada011

Quote:


> Originally Posted by *jagdtigger*
> 
> More like 100% damage control, especially for intel...


People lets systematic attack not only Intel, together with them all of people who arrive here to defend them.
For me is funny how Intel damage control work and people don't recognize, really funny.
Guys did you finished school...not worth I must find someone to explain you what Intel do and chances to patches work.
I mean guys, it's error in Silicon, deep inside processor during production. You try to fix Titanik with super glue.

It's disgusting how some people like Brian no shame after everything what they done and now lie people that patches who will cripple them performance will completely compensate error in Silicon.
But he is not guilty, there is more powerfull people who dictate their orders and they are paid and even if they shame they will not shame from damaged customers.

Give up. Error exist 20 years.
Security patches are not here to protect you...they can't protect you from error during production, no one. We seen similar things in past, products finished in garbage.
THEY ARE HERE TO DISTRACT YOU TO GIVE UP FROM COMPENSATION AND MASSIVE RMA OF THEIR PROCESSORS!!!!!!!!!!!!!!!!!!!!!!!!!!
AND PREVENT TO BIGGER COMPANIES COMPLAIN BECAUSE THEY ARE NOT SECURE.!!!!!!!!!!!!!!!!!!!

Do you have at least brain in self. 12 days pass and one by one day they are more secure and further from charges and compensation while you chase patch FOR SILICON ERROR. Say that to self. I SEARCH PATCHES TO SILICON ERROR! I WAS 20 YEARS VUNLERABLE. SUDDENLY I WANT TO BE PROTECTED AND I WILL PATCHED SILICON ERROR AND CRIPPLE MY PC. I7-8700K ON 5.0GHz Will Work as on Turbo. 960 PRO will work as 960 EVO, 850 PRO will work for 850 EVO and task of patches is to people forgot what Intel done.

While People argue is it slow down, or no slow down, performance decrease no performance degcrease Intel will get necessary time to pull self from this mess.
Nice distraction. Better to ask self How patch really work and Is it possible to compensate Error in Silicon, because that's main question and for now no one didn't pay attention on that because Intel want to avoid any debate about that.

Under different circumstances gamers communitirs are very vurnelable to lies and manipulations. Company who made such mistake could throw in air story with performance decrease intentionaly. Why? I say under different circumstances. People with IQ 28 will be shocked and when everything finish they will be satisfied with No performance Decrease and completely forgot on main problem that they just get confirmation that they products have error and instead to attack company who done that they are happy because they didn't lost performance. I with high school would easy trick someone, not people paid for that.
Throw them story with performance decrease and for 15 days they will be happy with Silicon Error instead to attack you and ask replacement.
MS could slow them down PC 1-2% and they will be distract from main thing and company will not recall products. Intel Winner.

Comparing with processors if brain of normal people is epoxy, others who will follow instructions of Intel have thermal paste.
Better to say Inferior.


----------



## clonxy

Quote:


> Originally Posted by *JackCY*
> 
> Anyone following Intel CPU prices? 7.1. a slight drop, 14.1 a sizable price drop, guess retailers or distributors or even Intel themselves are dropping prices to sell more since people now have even more incentive to choose a competing product.


or it could be that people got news of Ryzen v2 so they're selling their old gen CPU's now before they can't sell it later.


----------



## Vlada011

These kind of things are good, we know how much advantage have company to normal people.
You will be eaten by new world order, litterary. If you fall down on such things..... Horror.
I mean how one big company who completely depend of customers and their will and decisions and organisation success to fool them down with systematic and smart politic of distraction, manipulation and damage control.
We are vitness of start, beginning... that's moment when crimes made by huge coorporation over normal people mean nothing any more.
That's first step from many and moment when ordinary people will be lead like ships from big coorporations and people who work for them.
Just first step where lie, crime and manipulation pass without punishement and give more power to biggest coorporations and organisations who want to profit and control life and will of ordinary people.


----------



## TinyRichard

Give it about 15 years and all of this white noise will probably start showing up in every Marketing 101 textbook published.

MKT 101: 9:00AM - 10:00AM MWF

Chapter 10: How to generate sales in a stagnant market without really lifting a finger.
Chapter 11: How to create technical sounding papers that sound scary and grease the wheels of micro-bloggers.
Chapter 12: How to convince a person standing on concrete he's susceptible to termites.
Chapter 13: The power of suggestion: Taking down everyone from PhDs to Dougie the Pizza Guy since the dawn of time.


----------



## jagdtigger

Quote:


> Originally Posted by *TinyRichard*
> 
> Give it about 15 years and all of this white noise will probably start showing up in every Marketing 101 textbook published.
> 
> MKT 101: 9:00AM - 10:00AM MWF
> 
> Chapter 10: How to generate sales in a stagnant market without really lifting a finger.
> Chapter 11: How to create technical sounding papers that sound scary and grease the wheels of micro-bloggers.
> Chapter 12: How to convince a person standing on concrete he's susceptible to termites.
> Chapter 13: The power of suggestion: Taking down everyone from PhDs to Dougie the Pizza Guy since the dawn of time.


And this is how to make a total fool out of yourself...







If you think meltdown and spectre is nothing then you are worse than a fool, an idiot.


----------



## ThrashZone

Hi,
MicroCenter which to me has always been the best cheapest cpu headquarters known is about the same price wise as it was last year
So Intel prices are pretty much the same and in stock x and xe series.
Highest amd was 1800x at 330.us no x1950's though.


----------



## Asterox




----------



## chispy

Quote:


> Originally Posted by *Asterox*


----------



## tajoh111

Is there any performance tests with AMD after their updates?

Does AMD have updates available yet? There was one windows related ones that was pulled because it was causing crashing with AMD systems but has their been any others?

Considering AMD attempt to stay out of the spotlight while being very mysterious on this issue, e.g hinting they are vulnerable to one variant of spectre, then saying they are susceptible to both variants and not saying anything about performance impact, AMD seems to hope that all of this attention is focusing on Intel because they are the dominant processor with most people having an Intel system in their system. And this is generally the case, with the media focusing on Intel because it generates more hits.

I suspect AMD performance is impacted but less so. Nonetheless, AMD is intentionally releasing these patches/bio updates slow so that Intel's name is the only one in the headlines. I.e Intel's is getting before and after patch updates performance tests, but since there is no AMD update available yet, it avoids the test.

https://www.engadget.com/2018/01/12/amd-spectre-patch/


----------



## e-gate

https://www.pcper.com/news/General-Tech/Googles-free-Spectre-patch

Maybe there is some hope for the performance hit after all.


----------



## randomizer

Quote:


> Originally Posted by *e-gate*
> 
> https://www.pcper.com/news/General-Tech/Googles-free-Spectre-patch
> 
> Maybe there is some hope for the performance hit after all.


I believe retpoline needs to be done for each application by recompiling it with a patched compiler (eg. *very* recent versions of GCC). It will take some time to disseminate.


----------



## stargate125645

Quote:


> Originally Posted by *HMBR*
> 
> Quote:
> 
> 
> 
> Originally Posted by *stargate125645*
> 
> Is the microcode update going to require BIOS updates as well?
> 
> 
> 
> it doesn't have to, normally microcode updates are just delivered via bios updates, but, Microsoft can also load updated microcodes if they want, as they did in 2015 https://support.microsoft.com/en-us/help/3064209/june-2015-intel-cpu-microcode-update-for-windows
> 
> basically windows will load the microcode from a file during boot, and not just use the one from the bios, should give you the same result.
> 
> so far only Haswell and newer got a updated microcode, not sure if they are going to make it for ivybridge and older?
Click to expand...

Quote:


> Originally Posted by *cekim*
> 
> Quote:
> 
> 
> 
> Originally Posted by *stargate125645*
> 
> Is the microcode update going to require BIOS updates as well?
> 
> 
> 
> If you want it to happen automatically, then yes. You can apply uCode updates on your own using windows and VMware tools out there. It is usually easier for most people to get a new bios image from their board maker, but if they don't provide it or you don't want to wait, you can do it.
Click to expand...

Looks like I'll have to wait for Microsoft to release the microcode "patch" then, unless ASUS is on the ball with their X99 updates.


----------



## Quantum Reality

What happens if two microcodes conflict with each other? How does that get resolved?


----------



## GeneO

Quote:


> Originally Posted by *Quantum Reality*
> 
> What happens if two microcodes conflict with each other? How does that get resolved?


The OS uses the latest version.

You can load the microcode in the OS yourself (i,.e. basically do what Windows update would do).

http://forum.notebookreview.com/threads/how-to-update-microcode-from-windows.787152/

You just need to make sure you select the correct microcode for your processor (by your CPUID type)


----------



## superstition222

Quote:


> Originally Posted by *stargate125645*
> 
> Looks like I'll have to wait for Microsoft to release the microcode "patch" then, unless ASUS is on the ball with their X99 updates.


It should be an industry requirement that issues like this be resolved with BIOS patches when it's possible to do so for all CPUs that are supported by currently-supported major commercial operating systems.

This is basic regulatory logic. Unfortunately, we live in a sort of Wild West where companies don't even bother to issue finalized BIOS to fix things like the Skylake hyperthreading crash/corruption bug - while Skylake processors are still being sold (the platform not even having been discontinued). For instance, the beta BIOS for the AsRock 170 board a colleague has for his VR system was so hidden I didn't even know it existed until someone told me where to look for it.


















"You always have the option of buying the latest thing."


----------



## MysteryGuy

Quote:


> Originally Posted by *GeneO*
> 
> The OS uses the latest version.
> 
> You can load the microcode in the OS yourself (i,.e. basically do what Windows update would do).
> 
> http://forum.notebookreview.com/threads/how-to-update-microcode-from-windows.787152/
> 
> You just need to make sure you select the correct microcode for your processor (by your CPUID type)


From looking at some of the comments from the VMware driver page listed in the article, it seems like this may not update the microcode early enough to be able to use this for the Spectre updates:

"Thanks for providing such an elegant solution to apply Microcode Updates to systems where the BIOS manufacturer has abandoned their users.

One thing, in the context of Meltdown/Spectre, it appears that running this driver does not update the microcode early enough for the OS to recognize the "Hardware Support for Branch Target Injection mitigation" as per ..."

See https://labs.vmware.com/flings/vmware-cpu-microcode-update-driver?ClickID=ayn0nntayovyva5rrntpr5nl50own0sskstn#comments .


----------



## djriful

Quote:


> Originally Posted by *somethingname*
> 
> Witcher 3 takes a big hit in performance


CPU intensive games will be affected. Most MMO yes.


----------



## tpi2007

Quote:


> Originally Posted by *e-gate*
> 
> https://www.pcper.com/news/General-Tech/Googles-free-Spectre-patch
> 
> Maybe there is some hope for the performance hit after all.


Yes, according to them the penalty will be only up to ~1.5%. However, it's not clear if that stands for Broadwell and above. PCPer forgot to mention one little but very important detail in this paragraph:
Quote:


> Google have released their own patch for the second Spectre vulnerability and claim that there is no noticeable performance hit after installation. The patch isolates indirect branches from speculative execution, similar in effect to what the Microsoft patch does but without the extra trampoline overhead. Intel responded to The Inquirer's contact and confirmed Google's patch is both effective and more efficient than the patch currently being distributed *but do mention there is a microcode update which must also be installed for the patch to be fully effective.* This is good news for those who use Google and hint at updated patches for Spectre which might mitigate any performance hits it causes.


What they forgot to mention is that Nehalem, Sandy Bridge, Ivy Bridge and Haswell do not need such a microcode update because their branch predictors aren't as recklessly good in speculation as Broadwell and above. No word yet on whether the micocode patch nerfs the branch predictor in Broadwell and above to Haswell levels and thus the performance impact on those could be bigger.

See here from the horse's mouth:
Quote:


> Intel has worked with the various open source compilers to ensure support for the return trampoline, and with the OS vendors to ensure support for these techniques. For Intel® Core™ processors of *the Broadwell generation and later*, this retpoline mitigation strategy also requires a microcode update to be applied for the mitigation to be fully effective


https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/Intel-Analysis-of-Speculative-Execution-Side-Channels.pdf

It is interesting to note though, how Microsoft is adopting an approach with more overhead. Once again, I sincerely hope that there is no planned obsolescence mindset going on behind the scenes.


----------



## TinyRichard

Scary sounding words:


Spectre
Meltdown
see also:

Venomous
Poison Pill
Homicide
Dagger Blade
Heart Attack
Tarantula
Cenobite
Destroyer
Hades
Chainsaw


----------



## cekim

Quote:


> Originally Posted by *tpi2007*
> 
> It is interesting to note though, how Microsoft is adopting an approach with more overhead. Once again, I sincerely hope that there is no planned obsolescence mindset going on behind the scenes.


You'd like to think MSFT was keenly aware that they've already given linux a huge edge/wedge in the server world (to the point that MSFT ported their SQL server to linux) with their terrible I/O, instability, etc... and as such would not be willing to cede yet more performance so easily.

Then again, they are MSFT... so....









You'd also think that Intel would be breathing down their neck. Anyone who suggests that it would be a viable strategy right this minute for Intel to suggest "you need to replace everything of ours made before 2019 because it has the bugz" hasn't been paying attention to the efforts of AMD, MSFT, Qualcomm and others to push the cloud toward other platforms.

Up to now, they've had limited success not so much because of compatibility and cost, but the fact that INTC's processors spanned the range of performance and power consumption better than others (they idled well and they kicked out more absolute IPS when you demanded it).

So, with AMD, China, Amazon, Qualcomm, MSFT, et al. looking for any way to unseat Intel's runaway dominance in server CPUs, forcing replacement of 4-5 generations of production hardware in racks right now just isn't a strategic win because when you slide those 2Us of buggy goodness out of the rack, INTC now has to fight to be what goes back in.


----------



## Vlada011

Quote:


> Originally Posted by *chispy*


That's nice explanation of Intel's tries.
Some people start RMA of their processors and ask compensation because performance decrease.
Example i7-5820K-i7-6850K at least.
But Intel think that this is normal procedure, updating patches with performance decrease. Hahahahaa Hahahaa.
They really think something like this is normal in IT World ahahahahahaaa.
Industry standards-Performance Decrease.
Remember that guy when you next time Intel show up with next series.

Final conclusion-Intel Ruined Performance and Security.
I would like to have money to show you what is right move now. Because replacing these Intel processors with Silicon bug and performance decrease is far more important than update because performance. I can bet TR4 socket and successor of Threadripper could serve you long time without these kind of problems.
Do you remember how agressive Intel advertise small difference in games between his processors and AMD thanks to better single threaded score.
Now same decrease is not important.

Gamers - X399+1900.
Intel X99 and Skylake-X users - X399 + 1950X.
Watercooling, overclocking and ignoring news about Intel new generations and security patches.

https://www.theverge.com/2018/1/16/16898094/meltdown-spectre-vulnerability-letter-congress-intel-amd-arm


----------



## tpi2007

Here's a handy utility made by Steve Gibson to make a diagnostic of the situation, complete with built-in explanation (scroll down on the status window):

http://www.guru3d.com/news-story/download-inspectre-meltdown-and-spectre-check-tool.html

Site: https://www.grc.com/inspectre.htm


----------



## Seronx

So, has anyone pointed out that Itanium (true-IA64) is immune to both issues?

Itanium 9700 (Kittson): 2017
9720
9740
9750
9760

Immune.


----------



## Offler

Quote:


> Originally Posted by *Seronx*
> 
> So, has anyone pointed out that Itanium (true-IA64) is immune to both issues?
> 
> Itanium 9700 (Kittson): 2017
> 9720
> 9740
> 9750
> 9760
> 
> Immune.


I have heard about that, however IA-64 platform is in minority, and practically abandoned.


----------



## EniGma1987

Quote:


> Originally Posted by *Seronx*
> 
> So, has anyone pointed out that Itanium (true-IA64) is immune to both issues?
> 
> Itanium 9700 (Kittson): 2017
> 9720
> 9740
> 9750
> 9760
> 
> Immune.


And?
Itantium is a completely different architecture that relies extremely heavily on parallel execution. Intel probably has to do significantly more proper tagging of data to ensure it goes to the right place and thus would be immune to the issue that causes Meltdown, which is their x86 processors dont tag the data right so it can get from kernel space to user space.


----------



## cekim

Quote:


> Originally Posted by *Offler*
> 
> I have heard about that, however IA-64 platform is in minority, and practically abandoned.


Actually abandonded. Intel EOL'd it last year - this last update will be the last and is likely being done to satisfy military/gov/hp long-term shenanigans.

Explicit, source/instruction-level parallelism (VLIW) just doesn't scale well in general use cases. It requires too many assumptions about the coder knowing what will be done at the same time as what.

Can be (very) useful for SuperComputers where this sort of tuning is exactly what is needed, but typical desktop server workloads are basically (iRandom * jRandom)*threads.

What I find hilarious about this is that the ia64 instruction set approach was acronymed "EPIC" (Explicitly Parallel Instruction Computing). So, AMD is responsible for extending the life of x64 with x86_64 and made EPYC that killed EPIC and has now left us with an epic bug that spans all the decades Intel was trying to kill x86.


----------



## Seronx

Quote:


> Originally Posted by *cekim*
> 
> Actually abandonded. Intel EOL'd it last year - this last update will be the last and is likely being done to satisfy military/gov/hp long-term shenanigans.
> 
> Explicit, source/instruction-level parallelism (VLIW) just doesn't scale well in general use cases. It requires too many assumptions about the coder knowing what will be done at the same time as what.
> 
> Can be (very) useful for SuperComputers where this sort of tuning is exactly what is needed, but typical desktop server workloads are basically (iRandom * jRandom)*threads.
> 
> What I find hilarious about this is that the ia64 instruction set approach was acronymed "EPIC" (Extremely Parallel Instruction Computing). So, AMD is responsible for extending the life of x64 with x86_64 and made EPYC that killed EPIC and has now left us with an epic bug that spans all the decades Intel was trying to kill x86.


*Explicitly* parallel instruction computing...
Quote:


> The advantage of explicit parallel programming is the absolute programmer control over the parallel execution. A skilled parallel programmer takes advantage of explicit parallelism to produce very efficient code. However, programming with explicit parallelism is often difficult, especially for non computing specialists, because of the extra work involved in planning the task division and synchronization of concurrent processes.


What if Intel had a way of getting rid of the coder bottleneck? By going for a hybrid model Implicit until Explicit?
Quote:


> arco.e.ac.upc.edu/wiki/images/8/8d/Ino_icalu_vld_main.pdf
> arco.e.ac.upc.edu/wiki/images/0/02/Ooo_fifo_main.pdf
> citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.1001.9949&rep=rep1&type=pdf
> http://www.tdx.cat/bitstream/handle/10803/81561/TAD1de1.pdf?sequence=1&isAllowed=y
> homepages.inf.ed.ac.uk/rkumar2/pubs/HPCC13.pdf
> homepages.inf.ed.ac.uk/rkumar2/pubs/TOCS16.pdf
> 
> https://i.imgur.com/9o1M8GD.png
> https://i.imgur.com/9VmKow9.png
> https://i.imgur.com/6sTqJL1.png
> https://i.imgur.com/kzeROG0.png
> 
> https://www.anandtech.com/show/10025/examining-soft-machines-architecture-visc-ipc
> https://www.fool.com/investing/2017/02/21/intel-corporation-officially-announces-acquisition.aspx


Cluster of small In-order EPIC cores (IA64 being target/host ISA) that virtually operates as a ultra-wide OoO x86-64 core (AMD64 being source/guest ISA). Programming wise, one can go for a direct optimization(Explicit) or one can go for a generic optimization(Implicit).

Low and behold Kittson is not on 22nm FinFETs, but rather on 32nm Planar. It is very interesting that 22FFL is here for a very specific market.
Quote:


> Overall, we show that such a co-designed processor based on an in-order core provides a compelling alternative to out-of-order processors for the low-end domain where high-performance at a low-complexity is a key feature.































Quote:


> VLIW architectures are widely employed in several embedded signal applications since they offer the opportunity to obtain high computational performances while maintaining reduced clock rate and power consumption. Recently, VLIW processors are being considered for employment in various embedded processing systems, including safety-critical ones (e.g., in the aerospace, automotive and rail transport domains).


Replace VLIW with VISC-EPIC or whatever it will be called. Then, safety-critical with mission critical. While, also implying embedded being IoT/mobile/automotive/mission-critical.


----------



## Offler

Regarding my post in different topic
http://www.overclock.net/t/1645875/tt-amd-hit-with-class-action-lawsuit-over-spectre-and-meltdown/10#post_26552820
Quote:


> Originally Posted by *Shiftstealth*
> 
> Found this and thought it was a good read:
> Quote:
> 
> 
> 
> In AMD processor, the BTB addresses are fully tagged so it's not possible to train a branch in your own process and get the results to apply to another branch in the kernel (or another process). That's why AMD stated there was "near zero risk". In theory the weakness is there (speculative instruction done by the kernel leaking some traces into user space) but there is no obvious way to exploit it to reach kernel space. From within a process on the other hand it's possible (hence the browser exploit).
Click to expand...

Thats even better that I expected - my expectation was that Branch target buffer (BTB) is properly cleared after is being read, while Intel allow data in cache to stay until overwritten.
Quote:


> https://arstechnica.com/civis/viewtopic.php?f=8&t=1416399
> 
> It's a users post, but it seems like he knows what hes talking about.


Been looking for any BTB fetches and tags, and something interesting popped out.

Quote:


> When the instruction comes through as a recently used one, it acquires a micro-tag and is set via the op-cache, otherwise it is placed into the instruction cache for decode.


Source:
https://www.anandtech.com/show/10591/amd-zen-microarchiture-part-2-extracting-instructionlevel-parallelism/3

Assuming slightly unclear statements in Spectre/Meltdown attack whitepapers, they managed to preform only one exploit - to send an instruction, which is executed, but they failed to get any data from L1 cache. In explaining why it does not work there was claim "reasons can be manifold" while the whitepaper did not clearly stated why exploit did not worked on AMD.

Even when the statement taken from Anandtech about micro-tag is much better source than from Arstechnica forum, i would appreciate any better source, or some more explanation what it actually means.

So far it seems that even when its possible to execute "Speculative Execution" on AMDs, the worst possible scenario is that it will send to L1 caches "mispredicted data" and effetivelly crippling CPU performance. Without mechanism to effectively guess correct micro-tag it would be impossible to get to memory data.

However the information about Zen microarchitecture, do not apply to FX or K10 or K8 CPUs, so for me... still no info.


----------



## webhito

Anyone here used the tool that guru3d has on their website called "inSpectre? On my supposedly updated and patched system, I get a message saying I am vulnerable to both Spectre and Meltdown.

Direct Link to download.
http://www.guru3d.com/files-get/download-inspectre,1.html


----------



## Mysticial

Quote:


> Originally Posted by *webhito*
> 
> Anyone here used the tool that guru3d has on their website called "inSpectre? On my supposedly updated and patched system, I get a message saying I am vulnerable to both Spectre and Meltdown.
> 
> Direct Link to download.
> http://www.guru3d.com/files-get/download-inspectre,1.html


I want to mention that Spectre likely cannot be _fully_ patched with OS updates or microcode. So you can't just apply all the updates and think you're safe. So that tool might as well always return "vulnerable" for Spectre at least.

The flaw is so fundamental to speculative execution that only way to fix it (via only hardware + OS) would be to disable almost all speculation. Even if you were to design the CPU from scratch, the performance loss of not having speculation would likely be upwards of 5x instead of the "10 - 50%" that everybody is complaining about right now.

5x performance loss is likely going to be too large for the world to swallow. So realistically speaking, software that needs such security will need to be rewritten as well. This is already happening with stuff like web browsers. IOW, it will take a team effort from everybody to completely close Spectre.


----------



## Wuest3nFuchs

Hey guys !

I reinstalled my whole system with windows 7 completely on my holidays after xmas...the meltdown pacth destroyed my complete gaming performance...

Playing games now with installed ms meltdown patch gave me fps drops ,ive never seen on my system before ... and atm i cant buy a new machine

Any chance to get a microcodefix for non sandy bridge e users like i7 2700k or i5 2500k

I also wont recommend intel to my friends anymore, the sheet has shifted in favor of AMD for me now !

The article on computerbase in my eyes was a epic destroying moment to me !

I dont love intel , i liked their performance...my first machine was a amd barton...so back to my roots

20 years a security flaw ,thank you intel or should i say fail by design [you can judge me on that]

Just my own opininon ,so don't judge me please


----------



## cekim

Quote:


> Originally Posted by *Seronx*
> 
> *Explicitly* parallel instruction computing...


iPad AC changed that one after I had typed... I really hate it when it alters words to the left of where I am typing.... my eyes have already moved right...

Oh well....


----------



## Vlada011

Intel have enough resources to replace last 5 generations and compensate to performance loss only with profit made during fraud and crime against customers when intentionaly sell Kaby Lake, Skylake-X, Kaby Lake-X and Coffee Lake full aware of Silicon Error inside of them.

Compensation for performance lost and security error is not possible to be done with patches. That's lie and manipulation.
But Intel don't need to use all new processors to replace to customers. During RMA processors they could replace weaker with little slower model.
Nothing would go in garbage. i7-6700K and i7-7700K should get i7-8700K, i7-7820X should get i9-7900X.
That would be proper compensation for fraud and crime against customers.

Huge number of people would bought AMD Ryzen and AMD Threadripper but Intel didn't tell them true because of that.
Intel lie them to sell them products with errors and stop them to buy processors who work normal.


----------



## webhito

Nvm, the security update had not been installed, now it is and the program says I am no longer vulnerable... For how long though?


----------



## cekim

Quote:


> Originally Posted by *Vlada011*
> 
> .
> 
> Huge number of people would bought AMD Ryzen and AMD Threadripper but Intel didn't tell them true because of that.
> Intel lie them to sell them products with errors and stop them to buy processors who work normal.


TR is getting closer now 6 months into its release that I can use it, but it still has some show stoppers:
- Doesn't recognize 128G of ram
- core vs thread scheme confuses some Unix software (proprietary) so it won't function. Not AMDs fault but a show stopper nonetheless
- even post patch-pocalypse underperforms my alternative setups, even haswell xeons.
- early Ryzen have an RMA required issue of segfaulting under load.

So, it's not all roses... I'm optimistic this event will result in a better, more balanced market.

I guess we'll see if crypto settles down and/or GPU makers stop worrying about getting caught with huge inventories and just make more cards...

Concerned with sideware CES numbers not showing significant Ryzen/TR clock bumps until 7mm (2019).

TR needs 4.5-5.0 GHz to stay in the game.


----------



## Quantum Reality

Quote:


> Originally Posted by *cekim*
> 
> Quote:
> 
> 
> 
> Originally Posted by *Vlada011*
> 
> .
> 
> Huge number of people would bought AMD Ryzen and AMD Threadripper but Intel didn't tell them true because of that.
> Intel lie them to sell them products with errors and stop them to buy processors who work normal.
> 
> 
> 
> TR is getting closer now 6 months into its release that I can use it, but it still has some show stoppers:
> - Doesn't recognize 128G of ram
> - core vs thread scheme confuses some Unix software (proprietary) so it won't function. Not AMDs fault but a show stopper nonetheless
> - even post patch-pocalypse underperforms my alternative setups, even haswell xeons.
> - early Ryzen have an RMA required issue of segfaulting under load.
Click to expand...

1. Who on earth could possibly need 128 gigabytes of RAM? [ Also would not be surprised if this is a motherboard memory compatibility issue unrelated to the CPU ]**
2. Limit the number of cores/threads as a workaround?
3. By how much?
4. Early Ryzen RMA has nothing to do with current production Threadripper so why bring it up?

--
** EDIT: "Ryzen Threadripper CPUs can technically support up to 2TB of RAM, but good luck getting modules that large to hit 2TB." from https://www.pcworld.com/article/3197184/components-processors/amd-ryzen-threadripper-prices-specs-release-date-and-more.html


----------



## cekim

Quote:


> Originally Posted by *Quantum Reality*
> 
> 1. Who on earth could possibly need 128 gigabytes of RAM? [ Also would not be surprised if this is a motherboard memory compatibility issue unrelated to the CPU ]
> 2. Limit the number of cores/threads as a workaround?
> 3. By how much?
> 4. Early Ryzen RMA has nothing to do with current production Threadripper so why bring it up?


1. Me and other users of such processors who run or produce applications that need very large memory images or many smaller ones. 128/16 cores is not a lot per core for example...
2. It's more fundamental in these cases it looks in /proc and barfs saying it doesn't know how to partition itself up on this system.... insufficient resources. Again, a software problem, but a deadly one.
3. Varies wildly but as much as 20-30%
4. Just an indication that some are still waiting for sufficient product maturity to have Ryzen/TR as a viable option.

So, even with all of those known, it's not a binary issue (unfortunately).


----------



## 7850K

Quote:


> Originally Posted by *Quantum Reality*
> 
> 1. Who on earth could possibly need 128 gigabytes of RAM? [ Also would not be surprised if this is a motherboard memory compatibility issue unrelated to the CPU ]**


I've seen a guy on a few tech reddits running a quad bulldozer opteron(64 cores total) system with 256GB of RAM.

no idea what he uses it for.


----------



## randomizer

Quote:


> Originally Posted by *Quantum Reality*
> 
> 1. Who on earth could possibly need 128 gigabytes of RAM?


We once had a server at work (we might still have it) with over 700GB of RAM. It was basically a big cache.


----------



## Blameless

Quote:


> Originally Posted by *Quantum Reality*
> 
> 1. Who on earth could possibly need 128 gigabytes of RAM?


Heavy virtualization, big databases, complex factoring, etc can easily use 128GiB of memory, or more.


----------



## Quantum Reality

*shakes head* That much memory is a pretty hefty RAM disk/cache, all right









*sits, impressed*


----------



## cekim

BTW, this 128G TR thing is a bug that is supposed to be fixed with bios updates soon if not already. It supports 16G and higher dimms, it for whatever reason multiple MB manufacturers have had issues with 8 dimm setups like this.


----------



## Abaidor

Ermm by todays standards 12GB is not that much RAM. I got 64GB for my new 7940x build strictly because of prices, otherwise I would get 128GB.

Here is a use case:

2-3 Virtual Desktops

Outlook open with 10 emails detached
Excel Open (2-3 instances)
Word Open (2-3 instances)
ACDsee Pro Open (3-40 instances)
Several File Explorers Open

Firefox Developer Edition open (10 Windows - 40+ Tabs Each_+ Developer Tools on several pages)
Chrome Open For testing browsing online libraries of media
Opera Developer Edition Open for News / Forums
Edge open/close for linking

Adobe Illustrator Open (3-4 files)
Adobe Photoshop Open (4-5 files 1GB each)
Adobe Bridge Open
Adobe Acrobat Pro open (several big files)
Extensis Suitcase Fusion Open with 15,000 Fonts

THE Above could be for a single client

Web Server (localhost running)
1-2 Virtual Machines Running

And then I need to open Adobe After Effects that can consume huge amounts of RAM anyday for breakfast. Yet I need to be able to open Autocad on request.

Since I am working on several projects at once I want room left to open yet another project on a secondary desktop.

Generally speaking there is no such thing as too much RAM.


----------



## GoLDii3

What am i exposing myself to if i don't install the patch for my i5 4400? Im a home user.


----------



## Defoler

Quote:


> Originally Posted by *Quantum Reality*
> 
> 1. Who on earth could possibly need 128 gigabytes of RAM? [ Also would not be surprised if this is a motherboard memory compatibility issue unrelated to the CPU ]**
> 2. Limit the number of cores/threads as a workaround?
> 3. By how much?
> 4. Early Ryzen RMA has nothing to do with current production Threadripper so why bring it up?
> 
> --
> ** EDIT: "Ryzen Threadripper CPUs can technically support up to 2TB of RAM, but good luck getting modules that large to hit 2TB." from https://www.pcworld.com/article/3197184/components-processors/amd-ryzen-threadripper-prices-specs-release-date-and-more.html


For the link you posted, this is just an assumption. AMD chose to not disclose how much memory the TR support.
The epyc chips support up to 2TB through 8 channels, using 16 memory slots of 128GB each. TR only support 4 channels, so cut in half, maybe, just 1TB.

Intel top xeon chips support 1.5TB through 6 channels. So basically the same scalability.
The i9s for comparison, only support up to 128GB.

Also 128GB to those who run more than 3-4 virtual servers, it is nothing.
Some programs use memory as a temp storage instead of drives, so again, 128GB can end in a snap of a finger.


----------



## flippin_waffles

Quote:


> Originally Posted by *7850K*
> 
> I've seen a guy on a few tech reddits running a quad bulldozer opteron(64 cores total) system with 256GB of RAM.
> 
> no idea what he uses it for.


Analytics, utilizing the HBCC on Vega.


----------



## zoinho

http://www.zdnet.com/article/meltdown-spectre-intel-says-newer-chips-also-hit-by-unwanted-reboots-after-patch/


----------



## zoinho

Why Silicon error if the silicon has no error but who was wrong was who programmed and designed the architecture.

For example: Haswell had TSX instructions bad programmed in chip that result in disabled by Intel !!


----------



## nanotm

Quote:


> Originally Posted by *zoinho*
> 
> Why Silicon error if the silicon has no error but who was wrong was who programmed and designed the architecture.
> 
> For example: Haswell had TSX instructions bad programmed in chip that result in disabled by Intel !!


the only bad part about it was it blocked their ability to backdoor the chips.... and so they blocked it off.....

cache shareing can be eliminated by intel through a simple code execution on the cpu(s) the problem wiht implimenting this (which will 100% fix the vulnerabilities) are two fold, first their chips would be left with a single core per cluster, second none of the backed in backdoors would operate after doing so.

most of the older genration cpu's are even worse becasue they would revert to a single pysical core, all the rest would be perma disabled (thats why they have all those hardware fuses on the cpu afterall) amd cpu's would also be damaged in a similar way, but since amd put their older cpu's like fx in clustered pairs with only l3 cahce (whcih they dont need) as being shared, they could disalbe half their cores leaving l1 and l2 cache on single core access and either totally isolate l3 cache or leave only one core wht taccess to it, so for instace the fc8350 cpu would change from 8 core to 4 core, or if they did it right 5 core (one core wiht no l1 or l2 but wiht all l3 cache, other 4 wiht just l1/l2 cache)

intel however saw fit to share access to l2 and l3 wiht all cores, so they would literally ahveto disable all but one ..... and that would mean even those i7 8700k's would be stuck at single core.... as soon as you perform that level of hardware fix there only fit for 32 bit operating systems, whcih means no more 64bit computing, whilst amd would still have 10 +year old dual core cpu's (they didnt start sharing cache untill after the moved from twin cores)

intel could probably manage to cut access to l1/l2/l3 on a core by core basis and possibly leave you with a gimped dual or tripple core 8700k but realistically it would stil loose in perforance to fx 4300 cpu's from 6 years ago....


----------



## chispy

First reported attacks from Meltdown and Spectre named Skyfall and Solace:

Skyfall and Solace
More vulnerabilities in modern computers.
Following the recent release of the Meltdown and Spectre vulnerabilities, CVE-2017-5175, CVE-2017-5753 and CVE-2017-5754, there has been considerable speculation as to whether all the issues described can be fully mitigated.
Skyfall and Solace are two speculative attacks based on the work highlighted by Meltdown and Spectre.

Full details are still under embargo and will be published soon when chip manufacturers and Operating System vendors have prepared patches.

Watch this space...

Source: https://skyfallattack.com/


----------



## cekim

Quote:


> Originally Posted by *chispy*
> 
> First reported attacks from Meltdown and Spectre named Skyfall and Solace:
> 
> Skyfall and Solace
> More vulnerabilities in modern computers.
> Following the recent release of the Meltdown and Spectre vulnerabilities, CVE-2017-5175, CVE-2017-5753 and CVE-2017-5754, there has been considerable speculation as to whether all the issues described can be fully mitigated.
> Skyfall and Solace are two speculative attacks based on the work highlighted by Meltdown and Spectre.
> 
> Full details are still under embargo and will be published soon when chip manufacturers and Operating System vendors have prepared patches.
> 
> Watch this space...
> 
> Source: https://skyfallattack.com/


That doesn't look fishy at all...

Who is publishing that page?

On the bright side, there is no script member to the source of that page, its plain html... CSS, pngs and json though, so...


----------



## Artikbot

Different registrar, incomplete whois info, no abuse email address, yet identical aesthetics to the Spectre/Meltdown...

I'm going to label that one as a hoax.


----------



## zoinho

Quote:


> Originally Posted by *nanotm*
> 
> the only bad part about it was it blocked their ability to backdoor the chips.... and so they blocked it off.....
> 
> cache shareing can be eliminated by intel through a simple code execution on the cpu(s) the problem wiht implimenting this (which will 100% fix the vulnerabilities) are two fold, first their chips would be left with a single core per cluster, second none of the backed in backdoors would operate after doing so.
> 
> most of the older genration cpu's are even worse becasue they would revert to a single pysical core, all the rest would be perma disabled (thats why they have all those hardware fuses on the cpu afterall) amd cpu's would also be damaged in a similar way, but since amd put their older cpu's like fx in clustered pairs with only l3 cahce (whcih they dont need) as being shared, they could disalbe half their cores leaving l1 and l2 cache on single core access and either totally isolate l3 cache or leave only one core wht taccess to it, so for instace the fc8350 cpu would change from 8 core to 4 core, or if they did it right 5 core (one core wiht no l1 or l2 but wiht all l3 cache, other 4 wiht just l1/l2 cache)
> 
> intel however saw fit to share access to l2 and l3 wiht all cores, so they would literally ahveto disable all but one ..... and that would mean even those i7 8700k's would be stuck at single core.... as soon as you perform that level of hardware fix there only fit for 32 bit operating systems, whcih means no more 64bit computing, whilst amd would still have 10 +year old dual core cpu's (they didnt start sharing cache untill after the moved from twin cores)
> 
> intel could probably manage to cut access to l1/l2/l3 on a core by core basis and possibly leave you with a gimped dual or tripple core 8700k but realistically it would stil loose in perforance to fx 4300 cpu's from 6 years ago....


you say that the Problem is the HT (2 logical cores for every real core) of Intel ?


----------



## cekim

Quote:


> Originally Posted by *Artikbot*
> 
> Different registrar, incomplete whois info, no abuse email address, yet identical aesthetics to the Spectre/Meltdown...
> 
> I'm going to label that one as a hoax.


If it is malicious, I can't see anything in the code. Maybe it is just to get hits as you suggest.

If anyone isn't 110% sure about a site, I suggest you not click on it or post it - particularly in these early days.

Bad people will be looking to exploit the hype.


----------



## Blameless

Neither cache nor SMT are fundamental issues here, nor would disabling cores, cache, or SMT resolve them. The fact that it's possible to use a second logical core or CPU to direct attacks doesn't begin to imply that it's necessary. _You could run a single core with no HT and no L2 or L3 and still be completely vulnerable._

Enhancements to speculative execution that benefit from inclusive caches or that make SMT worthwhile have likely contributed to Meltdown, but again, those features aren't the source of the problem.

All that Spectre needs to work is speculative execution (and thus branch predictors)...which is almost universal among modern CPUs. There aren't any non-speculative x86 processors other than older versions of Atom that have been released in the last twenty years, and even architectures as varied as IBM's POWER, more recent IA-64 (Itanium), and a great many ARM parts, rely on speculative execution.
Quote:


> Originally Posted by *GoLDii3*
> 
> What am i exposing myself to if i don't install the patch for my i5 4400? Im a home user.


If you execute code that takes advantage of these exploits you could grant it unrestricted access to otherwise privileged memory areas, which could be used to do a wide variety of interesting things. I don't know of any malware/virus that takes advantage of these yet, but a nearly undetectable rootkit that can pull cryptographic keys out of memory (or dictate them in the first place) and use them to read data that should be encrypted or isolated, then send it to whoever, would certainly be possible.

There really isn't much reason not to patch everything. Yes, the mitigations have a performance impact, but only in the most I/O heavy of tasks does this become noticeable.

A home user may have fewer vectors for these attacks, but they also suffer far less from the mitigations, so I almost always recommend applying the mitigations.
Quote:


> Originally Posted by *chispy*
> 
> First reported attacks from Meltdown and Spectre named Skyfall and Solace


Most likely a hoax.


----------



## randomizer

Quote:


> Originally Posted by *chispy*
> 
> First reported attacks from Meltdown and Spectre named Skyfall and Solace:
> 
> Skyfall and Solace
> More vulnerabilities in modern computers.
> Following the recent release of the Meltdown and Spectre vulnerabilities, CVE-2017-5175, CVE-2017-5753 and CVE-2017-5754, there has been considerable speculation as to whether all the issues described can be fully mitigated.
> Skyfall and Solace are two speculative attacks based on the work highlighted by Meltdown and Spectre.
> 
> Full details are still under embargo and will be published soon when chip manufacturers and Operating System vendors have prepared patches.
> 
> Watch this space...
> 
> Source: https://skyfallattack.com/


I'm waiting for Octo***** and Moonraker.

Edit: it's coming: http://moonrakerattack.com


----------



## nanotm

Quote:


> Originally Posted by *Blameless*
> 
> Neither cache nor SMT are fundamental issues here, nor would disabling cores, cache, or SMT resolve them. The fact that it's possible to use a second logical core or CPU to direct attacks doesn't begin to imply that it's necessary. _You could run a single core with no HT and no L2 or L3 and still be completely vulnerable._
> 
> Enhancements to speculative execution that benefit from inclusive caches or that make SMT worthwhile have likely contributed to Meltdown, but again, those features aren't the source of the problem.
> 
> All that Spectre needs to work is speculative execution (and thus branch predictors)...which is almost universal among modern CPUs. There aren't any non-speculative x86 processors other than older versions of Atom that have been released in the last twenty years, and even architectures as varied as IBM's POWER, more recent IA-64 (Itanium), and a great many ARM parts, rely on speculative execution.
> If you execute code that takes advantage of these exploits you could grant it unrestricted access to otherwise privileged memory areas, which could be used to do a wide variety of interesting things. I don't know of any malware/virus that takes advantage of these yet, but a nearly undetectable rootkit that can pull cryptographic keys out of memory (or dictate them in the first place) and use them to read data that should be encrypted or isolated, then send it to whoever, would certainly be possible.
> 
> There really isn't much reason not to patch everything. Yes, the mitigations have a performance impact, but only in the most I/O heavy of tasks does this become noticeable.
> 
> A home user may have fewer vectors for these attacks, but they also suffer far less from the mitigations, so I almost always recommend applying the mitigations.
> Most likely a hoax.


se and side channel is only a problem when you have more than one instruction execute thread or core sharing the same cache, if you remove all the sharing of resources you remove the possibility to effect this attack, this is why intel is saying it wont be able to fix the problem via hardware for at least 3 years, and more likely 4 or 5 years, and the reason why they have been the fastest ipc on the market for the last 20 years is based around the fact all their cores share the same cache, amd cpu's dont share l1 cache share l2 cache within a cluster l3 cache across all clusters, they can disable those shares and with only minor performance drops (disable l2 and l3 cache) intel might be able to fudge a fix by locking say core one to l1 core 2 to l2 and core 3 to l3 with the remainder disabled and no HT meaning 3core = 3thread total.... sure those 3 cores wont function as fast as they do now but it will remove the problem that permits side channel attacks, although anything below i7 8700k will be reduced to a single operating core if they do this, (yes x cpu's would have more cores)

thats not to say they should do this but they have the ability to do it via bios codes....


----------



## Blameless

Quote:


> Originally Posted by *nanotm*
> 
> se and side channel is only a problem when you have more than one instruction execute thread or core sharing the same cache


Those threads can easily run on the same logical core. SMT is not required. CPUs have been executing multiple instructions simultaneously since long before there was SMT or multiple cores.

_When multiple programs execute on the same hardware, either concurrently or via time sharing, changes in the microarchitectural state caused by the behavior of one program may affect other programs. This, in turn, may result in unintended information leaks from one program to another. Past works have demonstrated attacks that leak information through the BTB [26, 11], branch history, and caches._ -- https://spectreattack.com/spectre.pdf

Exactly _none_ of that requires more than one logical CPU.

Meltdown takes advantage of more specific features, but again, all of those features are present on a single logical CPU.

Your 'fix' doesn't target the source of the problem, wouldn't be as good as current mitigations, and would completely destroy performance. Unless you restrict kernel operations to one physical core with no shared resources _and_ prevent that core from having anything else scheduled to it (something which likely isn't possible on most OSes), you'd likely be just as vulnerable.


----------



## nanotm

Quote:


> Originally Posted by *Blameless*
> 
> Those threads can easily run on the same logical core. SMT is not required. CPUs have been executing multiple instructions simultaneously since long before there was SMT or multiple cores.
> 
> _When multiple programs execute on the same hardware, either concurrently or via time sharing, changes in the microarchitectural state caused by the behavior of one program may affect other programs. This, in turn, may result in unintended information leaks from one program to another. Past works have demonstrated attacks that leak information through the BTB [26, 11], branch history, and caches._ -- https://spectreattack.com/spectre.pdf
> 
> Exactly _none_ of that requires more than one logical CPU.
> 
> Meltdown takes advantage of more specific features, but again, all of those features are present on a single logical CPU.
> 
> Your 'fix' doesn't target the source of the problem, wouldn't be as good as current mitigations, and would completely destroy performance. Unless you restrict kernel operations to one physical core with no shared resources _and_ prevent that core from having anything else scheduled to it (something which likely isn't possible on most OSes), you'd likely be just as vulnerable.


when they say "same hardware" they mean same cpu chip (or in amd's case same cluster), and directly reference cache sharing between execute modules because thats whats causing the problem,
if this were nto the case then every single cpu since the advent of 32 bit compute would have been at risk.....

most older soc and iot units are not affected becasue they cheaped out on the dies and didnt utilise multi execute units with shared cache..... its like a logic problem..... and whoever wrote the piece used bad grammar and typical non engineering speak of code geeks who dont understand hardware:thumb:


----------



## Blameless

Quote:


> Originally Posted by *nanotm*
> 
> when they say "same hardware" they mean same cpu chip


They mean a collection of execution units that make up a CPU core.

Any pipelined or superscalar CPU can have multiple instructions in the process of executing at any given time and any CPU with provisions for out-of-order execution is vulnerable to Spectre to some degree.
Quote:


> Originally Posted by *nanotm*
> 
> and directly reference cache sharing between execute modules because thats whats causing the problem


Wrong. Separate 'execute modules' are not required.
Quote:


> Originally Posted by *nanotm*
> 
> if this were nto the case then every single cpu since the advent of 32 bit compute would have been at risk.....


Most every CPU that uses speculative execution _is_ at risk; this includes a huge number of single core parts that lack SMT and don't have shared cache because there is nothing to share it with.
Quote:


> Originally Posted by *nanotm*
> 
> most older soc and iot units are not affected becasue they cheaped out on the dies and didnt utilise multi execute units with shared cache.....


Again, it's not extra cores or shared cache that is the source of these vulnerabilities, it's the basic features that enable speculative execution itself.

Examples:

AMD Athlon 700MHz, Slot A. Single core, single thread. No on die L2. No L3 at all. _Vulnerable to Spectre_.

Intel Atom D2700. Dual-core, quad-thread (two-way SMT/HT), shared and inclusive L2 cache. _Immune to Spectre_.

The Athlon is an out of order part (first gen K7), the D2700 is an in-order part. No speculative execution, no sidechannel for these attacks.

Speculative execution requires a lot of complexity (thus die space and power), and hasn't been a big feature of SoCs until recently. That's why some of the devices you mention aren't vulnerable, not because they lack multiple cores or shared caches.


----------



## GeneO

That
Quote:


> Originally Posted by *Blameless*
> 
> They mean a collection of execution units that make up a CPU core.


"When multiple programs execute on the same hardware, _*either concurrently or via time sharing*_, changes in the microarchitectural state caused by the behavior of one program may affect other programs. "

No, they mean on the same CPU. They explicitly include concurrent here (which means threads running concurrently on different cores as opposed to time sharing which means threads time sliced on a single core). For instance a thread running on one core could leak to a thread running on a different core through shared cache or other shared processor resources.


----------



## Blameless

Quote:


> Originally Posted by *GeneO*
> 
> That
> "When multiple programs execute on the same hardware, _*either concurrently or via time sharing*_, changes in the microarchitectural state caused by the behavior of one program may affect other programs. "
> 
> No, they mean on the same CPU. They explicitly include concurrent here (which means threads running concurrently on different cores as opposed to time sharing which means threads time sliced on a single core). For instance a thread running on one core could leak to a thread running on a different core through shared cache or other shared processor resources.


A second core is not implied by concurrent execution as SMT, by definition, allows for concurrent execution of separate threads on the _same_ core.

Multiple cores and shared resources can be exploited by these vulnerabilities, but are not required for them, which was the point of my exchange above.


----------



## GeneO

Quote:


> Originally Posted by *Blameless*
> 
> A second core is not implied by concurrent execution as SMT, by definition, allows for concurrent execution of separate threads on the _same_ core.
> 
> Multiple cores and shared resources can be exploited by these vulnerabilities, but are not required for them, which was the point of my exchange above.


Really, I don't think that is what they meant.


----------



## Blameless

Quote:


> Originally Posted by *GeneO*
> 
> Really, I don't think that is what they meant.


I think they meant what they said, which was a general statement that could apply equally to many configurations, which is why such a broad spectrum of parts are affected by Meltdown and especially Spectre.


----------



## cfu97

Is windows auto patch safe enough?


----------



## chispy

Quote:


> Originally Posted by *cfu97*
> 
> Is windows auto patch safe enough?


I don't think we can be 100% sure, we will have to wait and see.


----------



## Gdourado

A gamer friend of mine got a new hdd for his gaming pc and did a clean install from windows 10.
He had a usb stick created with the media creation tool that was on build 1709.
Because he doesn't want to loose performance in games he blocked windows updates.
Is there a way in windows to only install selected updates?
What is the name of the performance crippling update?

Cheers!


----------



## webhito

Quote:


> Originally Posted by *Gdourado*
> 
> A gamer friend of mine got a new hdd for his gaming pc and did a clean install from windows 10.
> He had a usb stick created with the media creation tool that was on build 1709.
> Because he doesn't want to loose performance in games he blocked windows updates.
> Is there a way in windows to only install selected updates?
> What is the name of the performance crippling update?
> 
> Cheers!


In all honesty, I updated my bios and applied the patch, performance wise as an "average Joe" has felt no different whatsoever, games play fine, movies play fine, even my benchmark scores are the same. Mind you I do have an 8700k so I am not quite sure if I should be more or less affected by the current situation.

I believe the update is kb4056892, you can use the show or hide windows updates tool to block it I believe.
https://www.groovypost.com/howto/block-windows-10-feature-update-why/

You can also check the Inspectre program to see if you are vulnerable or not, mind you I have no idea if its legit but before and after the patch/update it did change the results, plus its from guru3d.

You can get that here:
http://www.guru3d.com/files-details/download-inspectre.html


----------



## PiOfPie

Quote:


> Originally Posted by *webhito*
> 
> In all honesty, I updated my bios and applied the patch, performance wise as an "average Joe" has felt no different whatsoever, games play fine, movies play fine, even my benchmark scores are the same. Mind you I do have an 8700k so I am not quite sure if I should be more or less affected by the current situation.


Less; you have pretty much the ideal scenario as far as hardware/OS configuration goes.

Skylake or Kaby + Win10 = minimal performance impact
Pre-Skylake + Win10 = more impact
Pre-Skylake + Win7/8 = even more impact


----------



## webhito

Quote:


> Originally Posted by *PiOfPie*
> 
> Less; you have pretty much the ideal scenario as far as hardware/OS configuration goes.
> 
> Skylake or Kaby + Win10 = minimal performance impact
> Pre-Skylake + Win10 = more impact
> Pre-Skylake + Win7/8 = even more impact


Ahh, well that really really sucks for everyone on older platforms. Almost sounds too fishy to me.


----------



## PiOfPie

Quote:


> Originally Posted by *webhito*
> 
> Ahh, well that really really sucks for everyone on older platforms. Almost sounds too fishy to me.


MS's rationale as to why there's more of an effect on pre-10 systems (that a lot of scheduler and other performance optimization improvements were made between 7 and 10) at least sounds reasonable.

But I wouldn't put it past either company to try sneaking in some planned obsolescence if they can, especially with the very minimal amount of architectural changes that Intel has made since Nehalem and Sandy.


----------



## writer21

Kind of sounds like a good excuse to force upgrades. Waiting for Ryzen in March to see performance and might go for my first AMD processor 8 core of course. Running 5820k @ 4.6 and don't see a need to upgraded unless it's 8 cores.


----------



## Blameless

Quote:


> Originally Posted by *PiOfPie*
> 
> Less; you have pretty much the ideal scenario as far as hardware/OS configuration goes.
> 
> Skylake or Kaby + Win10 = minimal performance impact
> Pre-Skylake + Win10 = more impact
> Pre-Skylake + Win7/8 = even more impact


I've got a pair of pre-skylake fully mitigated systems, one Windows 7, one Server 2016...performance impact on both is pretty minimal.

Ironically enough, the only system I have that has suffered appreciably from the mitigations is my Ivy bridge laptop running Linux...the open source microcode patch it uses crashes when resuming from hybernation about half the time.
Quote:


> Originally Posted by *PiOfPie*
> 
> MS's rationale as to why there's more of an effect on pre-10 systems (that a lot of scheduler and other performance optimization improvements were made between 7 and 10) at least sounds reasonable.


They don't want to patch Windows 7 to support the PCID performance optimization feature that should be available in any Haswell CPU or newer.

I'm not sure wether it would be difficult to or if they simply want to incentivise moving to Windows 10. Regardless, the practical performance difference is minimal enough to be a non-issue unless you are doing the few kernel or I/O heavy tasks that are really affected.


----------



## randomizer

Quote:


> Originally Posted by *webhito*
> 
> You can also check the Inspectre program to see if you are vulnerable or not, mind you I have no idea if its legit but before and after the patch/update it did change the results, plus its from guru3d.
> 
> You can get that here:
> http://www.guru3d.com/files-details/download-inspectre.html


Original is here: https://www.grc.com/inspectre.htm. It also has a convenient way to disable the meltdown patch via the registry to avoid needing to block updates.


----------



## GeneO

Quote:


> Originally Posted by *randomizer*
> 
> Original is here: https://www.grc.com/inspectre.htm. It also has a convenient way to disable the meltdown patch via the registry to avoid needing to block updates.


You can also selectively block Spectre patches.


----------



## inedenimadam

so, has anybody bench-marked the performance hit in gaming? I wouldn't imagine that gaming requires calling kernel all that often...does it? I am on Broadwell-E with SLI 980s and I sure dont feel anything...desktop, gaming, or otherwise with patches in place.


----------



## cekim

Quote:


> Originally Posted by *PiOfPie*
> 
> MS's rationale as to why there's more of an effect on pre-10 systems (that a lot of scheduler and other performance optimization improvements were made between 7 and 10) at least sounds reasonable.
> 
> But I wouldn't put it past either company to try sneaking in some planned obsolescence if they can, especially with the very minimal amount of architectural changes that Intel has made since Nehalem and Sandy.


This is definitely the case if you compare linux 3.x kernel to 4.x

3.x -> 4.x patched is very little difference if any in most scenarios
3.x-> 3.x patched shows more things slowing down by a greater degree.

The explanation is the 4.x kernel had already begun to optimize various security virtualization oriented features that relate to this vulnerability and as such the additional ktpi/retpoline impact is washed out. Of course, without this this slowdown the 4.x kernel _would_ have been faster, but... In terms of losing something the loss is small if anything if you move to the newer kernel.

MSFT has likely been doing similar optimizations so, cynicism aside, this is a very plausible explanation.


----------



## webhito

Quote:


> Originally Posted by *inedenimadam*
> 
> so, has anybody bench-marked the performance hit in gaming? I wouldn't imagine that gaming requires calling kernel all that often...does it? I am on Broadwell-E with SLI 980s and I sure dont feel anything...desktop, gaming, or otherwise with patches in place.


The only benchmark I did a few hours after installing a fresh windows with all patches and bios update was firestrike.

https://www.3dmark.com/compare/fs/14720902/fs/14721414#


----------



## inedenimadam

Quote:


> Originally Posted by *webhito*
> 
> Quote:
> 
> 
> 
> Originally Posted by *inedenimadam*
> 
> so, has anybody bench-marked the performance hit in gaming? I wouldn't imagine that gaming requires calling kernel all that often...does it? I am on Broadwell-E with SLI 980s and I sure dont feel anything...desktop, gaming, or otherwise with patches in place.
> 
> 
> 
> The only benchmark I did a few hours after installing a fresh windows with all patches and bios update was firestrike.
> 
> https://www.3dmark.com/compare/fs/14720902/fs/14721414#
Click to expand...

Am I reading this correctly? individual graphic scores went down ≤ 1%, physics went down ≤ 5%, but combined went up ≥ 2% ?

That makes no sense. Negligible total score difference.


----------



## webhito

Quote:


> Originally Posted by *inedenimadam*
> 
> Am I reading this correctly? individual graphic scores went down ≤ 1%, physics went down ≤ 5%, but combined went up ≥ 2% ?
> 
> That makes no sense. Negligible total score difference.


Yup, doesn't bother me one bit, nothing a 100mhz overclock can't fix.


----------



## cfu97

There is no reported any hack really happened. Is this a intel, amd, microsoft plan to force people to upgrade hardware and windows?


----------



## rluker5

So I settled on an older microcode. like it better, thought I'd look at the obvious benefit of relatively increased Optane speed again before I post some evidence of smoother gameplay with it vs a modern microcode vs the worst microcode for stuttering that has the Spectre fix.

Found my scores had dropped. After some hunting around and overlooking this the first time I saw it the second:


All I did is update when I got one of those $200 Windows mixed reality headsets and it double jacked my rig!

I don't want to clutter this site with screenshots, but this is with the new microcode for Broadwell-c and double windows protection:

Same OC settings as the pics I posted earlier in this thread. Luckily the old microcode is much better, but it has dropped off too.

Maybe I will have a separate os drive for Windows Mixed Reality :/

Edit: Fixing will have to wait. 2/3 through Mass E A with 2 dozen mods, and installed on that os drive.


----------



## figuretti

https://lkml.org/lkml/2018/1/21/192
Quote:


> The whole IBRS_ALL feature to me very clearly says "Intel is not
> serious about this, we'll have a ugly hack that will be so expensive
> that we don't want to enable it by default, because that would look
> bad in benchmarks".


Quote:


> So somebody isn't telling the truth here. Somebody is pushing complete
> garbage for unclear reasons. Sorry for having to point that out.


Quote:


> WHAT THE F*CK IS GOING ON?


Linus Torvalds...


----------



## Quantum Reality

So does this mean an updated Linux installation with no BIOS-implemented microcode patches will probably see the least performance effects?


----------



## STEvil

Performance impact will ultimately come down to coding capability of the person writing the program.

Bios applied patches will be best but will not fix all of the problems. Software patches will help but also are not a full fix, both bios and software level combined do not mitigate the issue!

A hardware level fix is required.


----------



## e-gate

Quote:


> Originally Posted by *cfu97*
> 
> There is no reported any hack really happened. Is this a intel, amd, microsoft plan to force people to upgrade hardware and windows?


It's Google who found this security vulnerability. After this became public they were forced to deal with it. You don't wait for a hack to happen to act. If a hack happens then it will be too late. You can also disable all the patches and opt out of upgrading the bios microcode. But if you get hacked don't even dare to complain about.


----------



## revro

Quote:


> Originally Posted by *cfu97*
> 
> There is no reported any hack really happened. Is this a intel, amd, microsoft plan to force people to upgrade hardware and windows?


actually, they found it when people were looking how a hack from 2 years ago could have happened without any traces. so who knows how it was really.


----------



## cfu97

Quote:


> Originally Posted by *e-gate*
> 
> It's Google who found this security vulnerability. After this became public they were forced to deal with it. You don't wait for a hack to happen to act. If a hack happens then it will be too late. You can also disable all the patches and opt out of upgrading the bios microcode. But if you get hacked don't even dare to complain about.


So windows update and potential bios update are the best for now?


----------



## zoinho

Quote:


> Originally Posted by *webhito*
> 
> Yup, doesn't bother me one bit, nothing a 100mhz overclock can't fix.


Maybe a bit more... https://youtu.be/ovCqcUwpVGc?t=2m53s

24% - 27% then 4.7Ghz (stock) need 5.8Ghz - 5.9Ghz


----------



## cekim

Quote:


> Originally Posted by *zoinho*
> 
> Maybe a bit more... https://youtu.be/ovCqcUwpVGc?t=2m53s


and here again we see the painful reality that we will face until or unless either:
a. Intel fixes these bugs
OR
b. AMD increases performance by 20-30%.and manages to keep that increase against Intel's contemporary offerings.

The reality is that where it matters (note that it does not in those examples in 1440p and beyond where you are GPU bound) if performance is critical, you have to decide between max security and max performance - you can't have both right now.

I suspect AMD will be able to offer a small bump with Ryzen+ (vs Ryzen2), but hints so far are in the ~5% clock bump range, not 10% or more. I hope I'm wrong. I'd love to see AMD bump clocks by 10% for Ryzen+ and TR2. (slide peaks showed a 200MHz increase in turbos on those few parts that had details).

I also am nearly certain that Intel's next release for both HEDT and mainstream will still have these bugs...


----------



## svenge

Quote:


> Originally Posted by *cekim*
> 
> I also am nearly certain that Intel's next release for both HEDT and mainstream will still have these bugs...


Of course it will. The gears for the 9th Generation "Core" processors (and maybe even the 10th) have been motion for far too long to make such a drastic alteration at this point in the process.


----------



## Tennobanzai

So today I realized all 3 of my motherboards I updated for these vulnerabilities have been removed from the driver/BIOS download page. Something going on?


----------



## ryan92084

Tennobanzai said:


> So today I realized all 3 of my motherboards I updated for these vulnerabilities have been removed from the driver/BIOS download page. Something going on?


maybe because of http://www.overclock.net/forum/hard...t-kaby-lake-skylake-ivy-sandy-bridge-too.html


----------



## encrypted11

svenge said:


> Quote: Originally Posted by *cekim*
> 
> I also am nearly certain that Intel's next release for both HEDT and mainstream will still have these bugs...
> 
> 
> Of course it will. The gears for the 9th Generation "Core" processors (and maybe even the 10th) have been motion for far too long to make such a drastic alteration at this point in the process.


Ice lake was taped out last year around June-July according to Intel's PR so that's unlikely to change.


----------



## Tennobanzai

ryan92084 said:


> maybe because of http://www.overclock.net/forum/hard...t-kaby-lake-skylake-ivy-sandy-bridge-too.html


That could be related to it, but my PCs are Coffee Lake


----------



## Malinkadink

First off not digging the new UI and layout of the site 

On to the point then, today for whatever reason i decided to fix what wasn't broken and update my z270 rog maximus ix hero's BIOS. I've been sitting on 1009 for awhile and wanted the dust to settle with the vulnerability patching, but i guess one month wasn't enough time to wait. I went ahead and grabbed the latest BIOS 1203 off the support page, released on Dec 25 2017, i figured if it was having issues it'd be pulled already but since its still up it was probably "safe". Long story short after rebooting into windows many things were broken, some apps wouldn't open at all, steam would get stuck at updating, start menu would hard lock and trying to access settings would also freeze until a reboot. 

I thought maybe going back to 1009 would fix it for me but it wasn't the case, same problem. At this point i was lucky enough to be able to back up my important files to a flash drive so at least that worked and so i ended up reformatting while on the NEW 1203 BIOS. So far so good on the clean install, fingers crossed i don't run into any problems. 

Just out of curiosity i ran the benchmark in Samsung Magician for my 850 EVO and had also taken a snap shot of what my results were before the patch. Sequential Reads and Writes were unaffected, but random reads and writes took a FAT nose dive. So before the patch random IOPS read at 98,090 and write at 88,301, after booting in on the new BIOS and updated windows Read was now 74,707 and writes 69,091, a 31% and 28% decline respectively. After installing Intel RST drivers and ME drivers i did another benchmark and was reading even lower values 68,603 read, and 62,011 writes. This now was a 42% slower result for both reads and writes compared to the initial unpatched results. This is all on a still healthy drive with just 15TB written. 

42% slower storage performance is huge, and very much noticeable in normal use when you're dealing with small bursts of reads and writes. This also doesn't take into account what other areas my 7700k is suffering in to varying degrees. I used to be angry with Intel for their lack of progress and price gouging being the top of the heap with AMD providing no competition, now this just gives me another things to be livid about. I wonder if AMD systems are affected nearly as much when it comes to storage, if anyone has insight on that i'd like to know. Regardless i think i will be building a Zen+ system later this year even if it provides only a minimal gain on first gen ryzen, and will be throwing this 7700k in the trash, figuratively speaking of course.


----------



## cx-ray

Malinkadink said:


> 42% slower storage performance is huge,


I don't have the technical knowledge to verify the info in the below article, but there might be better "fixes" in future updates.

http://www.zdnet.com/article/google...ges-performance-hit-so-you-should-all-use-it/


----------



## webhito

Well it seems that every single bios update with the "fix" has been pulled. 
My system has had no issues whatsoever besides the very small performance hit in benchmarks, if reboots was the only issue I will keep it as is, hopefully there isn't something else hidden in the code because as of late, it seems I am getting hack attempts into almost every type of account I have. 
Hopefully its just coincidence.


----------



## GeneO

Intel pulled the 1/8/2018 microcode updates from their download page, there is a bug in the microcode that they have found the root cause to. It follows that is why the BIOS with these updated microcode have been pulled. Expect new microcode and BIOS releases soon.


----------



## Malinkadink

GeneO said:


> Intel pulled the 1/8/2018 microcode updates from their download page, there is a bug in the microcode that they have found the root cause to. It follows that is why the BIOS with these updated microcode have been pulled. Expect new microcode and BIOS releases soon.




Doesn't seem Asus has, or cares to as its still up for my z270 hero. That being said i'm doing fine on the latest BIOS with a new windows install. I actually used the InSpectre utility to disable the patches for the time being as i really can't swallow the 40+% hit to 4k read and write. Will see in a month or so if Google's fix has any weight in actually resolving the issues without impacting performance at this level.


----------



## GeneO

Malinkadink said:


> Doesn't seem Asus has, or cares to as its still up for my z270 hero. That being said i'm doing fine on the latest BIOS with a new windows install. I actually used the InSpectre utility to disable the patches for the time being as i really can't swallow the 40+% hit to 4k read and write. Will see in a month or so if Google's fix has any weight in actually resolving the issues without impacting performance at this level.


Well that about Asus - you can alays flash the previous version of their firmware if it bothers you. 

Or you can disable that patch through windows like you have, that is what I have done as well. (I leave the meltdown patch on though, It has little impact).

I saw nothing like 40% in simple benchmarks (cdmark for instance).

I hope retpoline or something similar will take the place or reduce the impact of the microcode patch too.


----------



## Vlada011

https://overclock3d.net/news/cpu_ma...ers_recall_intel_s_spectre_firmware_updates/1

Ahhaaa aaahaaaaaaaaaaaaaaaa....
What I told you on January 5th. They drive you arround like goats. 
Whole month only to time pass until ambient cool down and people swallow what they couldn't few weeks before.
Pity, more people like me and all of you would have full refund and new architecture. But enthusiats world is famous as market ready to swallow everything what companies throw them.

When I say that I will not update NOTHING you blame me. Smartest enthusiasts with biggest experience were people who hurry most and search for updates.
Intel owe you security, manipulation, distraction, fallacy, and now owe you precious time, because you waste time to find fix for Silicon Error.
That's like you enter in store to ask glue for broken car axle. No fix dear enthusiast for production error and open hole. You could fix few percent with insane performance impact.
Thats like you increase voltage from 1.150 to 1.450V for 60MHz. So much worth your fix.

Intel didn't only make crimes against you, didn't only lead you to buy and advertise Silicon with error and insecure silicon, they lie you and profit from their lies. They sell you buggy Processor, they continue to manipulate with you to decrease impact and stop demands and request for compensation or recall chips, to get time before tell you bad reality. Because of that they continue to bomb you with false information and claim that security patches without meantion silicon error normal procedure in computer world. They take part of your life and cause you to feel bad for your investment. At the end they will tell you everything what people predicted. That's not end, they force you to believe that you could fix silicon error with writing codes, update BIOS, update OS, Firmware, maybe if they could remelt him down and rebuild him again. If Intel inject some form of substance with possibility to think optimize to redesign silicon maybe than. We are arround 500-1000 years from that point. Because of that trash can smiley to insecure processors. 
Intel knew that this whole thing deserve to processors go in garbage but they didn't done that and left world vulnerable.

Don't talk about conspiracy teorries and future where coorporation do what they want if people allow them. YOU LIVE IN THAT REALITY NOW. You are not capable to protect own investment of hundreds and thousand dollars to work as advertised, you lost as humans and from that point they could do what they want people will read and swallow like goats.

Very bad, you could have money for processor and chipset and chance to pay secure silicon.
But you like more this version.

Normal people and normal companies will advertise customers to stop with updating anything what could cause sudden instant restart without reason and maybe even increase few percent chance for damage some hardware. That would be EPIC, like AMD EPYC... Intel Security Patch Killed 5% of Processors, Intel Claim that Flashing Motherboard BIOS is Alaways Risky... Haaa...


----------



## Vlada011

The worse thing is how some people now measure 2-5% performance difference and better gaming fps on some Intel 4-6 cores than AMD 8-16 cores. 
Like that's everything what PC need to do. Let's buy i5 than everyone and OC him without HT. 
Generally AMD Threadripper is Great and Stronger Processor than Intel i9-7900X and Intel i9-7920X.
Like processor he is stronger. There is a some situation where i9 is better, but probably even i3 or i5 but generally Threadripper is better processor, Quad Channel and only Secure Hardware Available At The Moment. And that will not change on Summer on Autumn. 
Biggest chance is to AMD Threadripper price jump for 30%.


----------



## ku4eto

Oh, just installed the kb4057142 on both of my AMD systems. 1.2GB update, uhhh... But security first.


----------



## Pro3ootector

_Yesterday, reader skelletor has uncovered a new AMD white paper in the forum that will provide programmers and compiler developers with some techniques for complicating the Specter 1 and 2 attack scenarios on AMD processors. From Meltdown AMD is not affected because of the architecture differences to Intel. In the case of Specter, however, at least the possibility exists for AMD processors to exploit the gap, even if AMD specifies it as "near zero" in the case of variant 2.

If you take a look at the guide , you will find a whole range of suggestions. For example, registers are to be emptied when they are no longer needed, the LFENCE command is to be used to perform load operations serially, and an example shows how Retpoline , Google's proposal to mitigate Specter 2, can be implemented in programming practice; called in the whitepaper V2-1.

The advantage of Retpoline would be that the AMD processors - unlike Intel - without further microcode updates get out. So it would have to be neither BIOS updates against Specter 2 laced and distributed, nor microcode updates in Linux repositories are rolled out. It turns out that Retpoline will become the preferred way in the Linux world, while Microsoft focuses in its previous Windows updates on another variant, called in the whitepaper V2-4. This requires new CPU commands - Indirect Branch Restricted Speculation (IBRS), Single Thread Indirect Branch Predictors (STIBP) and Indirect Branch Predictor Barrier (IBPB) - is feasible only with the help of microcode update and / or new CPUs and costs depending on CPU generation sometimes times less power.

For this reason, AMD pronounced in the conclusion clearly for Retpoline as a solution against Specter 2, finally, one would then without further microcode updates from:

AMD is aligned with the x86 community that V1-1 (lfence) is the preferred variant 1 software solution and that the V2-1 (retpoline) is the preferred variant 2 software solution. AMD continues to evaluate opportunities for both the x86 ISA and micro-architecture for future AMD processors.

However, whether Microsoft will turn around again, may at least be doubted. However, if Intel could not get its microcode updates up-to-date - the first attempt had to be withdrawn after instabilities - Microsoft might be forced to do so. In particular, Linux chief strategist Linus Torvalds has recently (" The patches are COMPLETE AND UTTER GARBAGE ") commented on the previously delivered patches.

Kernel developer Ingo Molnár has come up with yet another suggestion that is currently under investigation, an addition to make Retpoline usable on apparently vulnerable *) Intel Skylake CPUs. This would be without microcode updates and would be based on a CONFIG_FUNCTION_TRACER already contained in most kernels:

Note the huge number of advantages:

- All distro kernels already enable mcount based patching options, so there's literally zero overhead to anything except SkyLake.

- It is fully kernel patching based and can be activated on Skylake only

- It does not require any microcode updates, so it will work on all existing CPUs with no firmware or microcode modificatons

It does not require any compiler updates

- SkyLake performance is most likely to be less fragile than relying on a hastily deployed microcode hack

- The "SkyLake stack depth tracer" can be tested on other CPUs as well in debug builds, broadening the testing base

- The tracer is very simple and reviewable, and we can forget about it in the future.

- It's Much More Backportable to Older Kernels: It Might Have Been Updated to Over-The-Future - While Upgrading to Newer Kernels

The solution is currently being evaluated and has not yet been implemented._

http://www.planet3dnow.de/cms/36246-amd-gibt-programmierleitfaden-gegen-spectre-heraus/

translated

https://translate.google.de/transla...aden-gegen-spectre-heraus/&edit-text=&act=url


----------



## Pro3ootector

Yesterday, reader skelletor has uncovered a new AMD white paper in the forum that will provide programmers and compiler developers with some techniques for complicating the Specter 1 and 2 attack scenarios on AMD processors. From Meltdown AMD is not affected because of the architecture differences to Intel. In the case of Specter, however, at least the possibility exists for AMD processors to exploit the gap, even if AMD specifies it as "near zero" in the case of variant 2.

If you take a look at the guide , you will find a whole range of suggestions. For example, registers are to be emptied when they are no longer needed, the LFENCE command is to be used to perform load operations serially, and an example shows how Retpoline , Google's proposal to mitigate Specter 2, can be implemented in programming practice; called in the whitepaper V2-1.

The advantage of Retpoline would be that the AMD processors - unlike Intel - without further microcode updates get out. So it would have to be neither BIOS updates against Specter 2 laced and distributed, nor microcode updates in Linux repositories are rolled out. It turns out that Retpoline will become the preferred way in the Linux world, while Microsoft focuses in its previous Windows updates on another variant, called in the whitepaper V2-4. This requires new CPU commands - Indirect Branch Restricted Speculation (IBRS), Single Thread Indirect Branch Predictors (STIBP) and Indirect Branch Predictor Barrier (IBPB) - is feasible only with the help of microcode update and / or new CPUs and costs depending on CPU generation sometimes times less power.

For this reason, AMD pronounced in the conclusion clearly for Retpoline as a solution against Specter 2, finally, one would then without further microcode updates from:

AMD is aligned with the x86 community that V1-1 (lfence) is the preferred variant 1 software solution and that the V2-1 (retpoline) is the preferred variant 2 software solution. AMD continues to evaluate opportunities for both the x86 ISA and micro-architecture for future AMD processors.

However, whether Microsoft will turn around again, may at least be doubted. However, if Intel could not get its microcode updates up-to-date - the first attempt had to be withdrawn after instabilities - Microsoft might be forced to do so. In particular, Linux chief strategist Linus Torvalds has recently (" The patches are COMPLETE AND UTTER GARBAGE ") commented on the previously delivered patches.

Kernel developer Ingo Molnár has come up with yet another suggestion that is currently under investigation, an addition to make Retpoline usable on apparently vulnerable *) Intel Skylake CPUs. This would be without microcode updates and would be based on a CONFIG_FUNCTION_TRACER already contained in most kernels:

Note the huge number of advantages:

- All distro kernels already enable mcount based patching options, so there's literally zero overhead to anything except SkyLake.

- It is fully kernel patching based and can be activated on Skylake only

- It does not require any microcode updates, so it will work on all existing CPUs with no firmware or microcode modificatons

It does not require any compiler updates

- SkyLake performance is most likely to be less fragile than relying on a hastily deployed microcode hack

- The "SkyLake stack depth tracer" can be tested on other CPUs as well in debug builds, broadening the testing base

- The tracer is very simple and reviewable, and we can forget about it in the future.

- It's Much More Backportable to Older Kernels: It Might Have Been Updated to Over-The-Future - While Upgrading to Newer Kernels

The solution is currently being evaluated and has not yet been implemented.

http://www.planet3dnow.de/cms/36246-amd-gibt-programmierleitfaden-gegen-spectre-heraus/

translated

https://translate.google.de/transla...aden-gegen-spectre-heraus/&edit-text=&act=url


----------



## Hueristic

You might wan to add this to the op.

https://www.grc.com/inspectre.htm


----------



## HowHardCanItBe

Meanwhile at Intel, it's Business as Usual 



> Intel surges to a 17 year high after earnings beat and dividend increase


https://www.cnbc.com/2018/01/26/intc-intel-stock-jumps-to-highest-levels-in-17-years.html


----------



## Vlada011

Intel will made thermal paste with synthetical intelligence, she will enter inside and heal silicon on right spots. Something like transdermal patch against nicotine for smokers. That will cause high temperatures and customers will need to cool down CPU 4-5h with compressed air. After that synthethical inteligence design will desintegrate. 
Problem is because synthethical intelligence is designed only to react through die, and people with cheap paste now become in advantage compare to people with fluxless solder.
Our processors will stay vulnerable... 

Now I suspect that such news would cause instant increase for delliding tools before even people figure out what that mean. 
But if they swallow software patch for silicon flaw everything is possible.

Intel Business is as usuall....??? They could blow up their stock and probably done that even before people heared for Silicon bug to prevent.
If they stock fall they will lost some contracts and they can't allow that. Because of that they play dirty.
Steady numbers send messages that everything is fine and no worry while house burn and hackers attack... 
"Easy everything is under control, this is normal procedure when we find vulnerable spots in software (delete word software)"
But ambient inside is completely different.

To bad Pavaroti is not live any more, only his voice could heal Intel's processors and save us all.


----------



## Catscratch

Intel and AMD stocks are booming, so this was forgotten rather fast. Noone cares about it anymore.


----------



## EniGma1987

Microsoft just released a patch to remove the Intel Spectre fix for Windows too cause of all the problems it was causing.

https://www.bleepingcomputer.com/ne...and-update-that-disables-spectre-mitigations/


----------



## Offler

Catscratch said:


> Intel and AMD stocks are booming, so this was forgotten rather fast. Noone cares about it anymore.


Some people switched to AMD, others sticked to latest Intel CPUs as they expect less impact from the mitigation mechanisms.

And I am really not going to buy any CPU until all of these three vulnerabilities is fixed. And i mean fixed, not mitigated.


----------



## TinyRichard

This entire thing was 1% potential issue, 99% uninformed blog hype / viewcount boosting.

I'm glad Intel and AMD stocks are booming, one of them makes a good product that powers almost the entire known world and deserves credit for that, while the other is a master of marketing hype and SKU re-badging. Props to both.


----------



## ryan92084

EniGma1987 said:


> Microsoft just released a patch to remove the Intel Spectre fix for Windows too cause of all the problems it was causing.
> 
> https://www.bleepingcomputer.com/ne...and-update-that-disables-spectre-mitigations/


Before anyone jumps on MS (bolding mine)



> The company said it decided to disable mitigations for the Spectre Variant 2 bug after *Intel publicly admitted that the microcode updates it developed for this bug caused "higher than expected reboots and other unpredictable system behavior" that led to "data loss or corruption."
> *As a response, Microsoft decided to disable Spectre Variant 2 mitigations until *Intel develops a more stable fix.
> *In cases where these updates can't be rolled out to affected computers right away, Microsoft is also providing instructions on how to manually disable the Spectre Variant 2 mitigations via registry keys. Separate instructions are available for Windows desktop and server users.


----------



## cekim

TinyRichard said:


> This entire thing was 1% potential issue, 99% uninformed blog hype / viewcount boosting.
> 
> I'm glad Intel and AMD stocks are booming, one of them makes a good product that powers almost the entire known world and deserves credit for that, while the other is a master of marketing hype and SKU re-badging. Props to both.


It's still very much a big issue for a lot of people, the issue is you can only wring your hands so hard when the reality is that we are stuck waiting for patches and silicon fix that no amount of anger will speed up.

In fact, the prior rush cost a lot of people a lot of man-hours patching, testing, and now un-patching and waiting for new patches... 

Make no mistake, despite my suggestion that everyone just calm the [email protected]#$ down for now, this is an epic (no pun intended) CF. Those booming stocks are supposed to represent forward looking expectations, but unfortunately, they are driven by a small number of poorly informed mutual-fund managers who don't yet understand the full scope of this problem (and their perennial arrogance and false-claim to understand these things). So, last quarter's sales were great and margins were through the roof. Time will tell on what's to come whether through lawsuits of markets moving away from Intel.

It will definitely factor in to my purchase decisions in the future as I'm sure it will for many. 

There is a very real possibility that it will accelerate the replacement cycle at the end of this year which could benefit Intel, but that might also prove more costly in the legal arena as the lawyers will undoubtedly offer that is proof of the cost of Intel's mistake... 

Short version: this hasn't gone away and the ending is still unwritten. I still suspect the post-patch impact will be relatively nominal for any given machine, but multiplied by the costs and scale over the entire economy (or large compute cluster) above and "the damage is done" and very real (as in $B's).


----------



## SkiesOfAzel

Tiny is right, it's just a 1% potential issue. Sure, every unpatched data center is completely vulnerable to a simple javascript attack, and the patches themselves cause instabilities and a lot of performance degradation, especially on IO. But it's not like our society depends on data centers in order to function, right?

The current stock market reaction is just another indication of how much divorced from reality the 'market' can nowadays afford to be.


----------



## SkiesOfAzel

[double post]


----------



## ryan92084

GN has done a one month later article with a timeline and interviews with Anders Fogh (Gdata), Werner Haas & Thomas Prescher (Cyberus Technology), and Michael Schwarz (Graz University Team). https://www.gamersnexus.net/guides/...tdown-and-spectre-discoverers-one-month-later

There is also an accompanying video where Steve attempts to break the information down.


----------



## chispy

ryan92084 said:


> GN has done a one month later article with a timeline and interviews with Anders Fogh (Gdata), Werner Haas & Thomas Prescher (Cyberus Technology), and Michael Schwarz (Graz University Team). https://www.gamersnexus.net/guides/...tdown-and-spectre-discoverers-one-month-later
> 
> There is also an accompanying video where Steve attempts to break the information down.
> https://www.youtube.com/watch?v=Y3j0C-KKG9E


Thanks for sharing , interesting article.


----------



## EniGma1987

So much for "1% potential issue" huh? 

http://www.tomshardware.com/news/meltdown-spectre-malware-found-fortinet,36439.html


----------



## SkiesOfAzel

EniGma1987 said:


> So much for "1% potential issue" huh?
> 
> http://www.tomshardware.com/news/meltdown-spectre-malware-found-fortinet,36439.html


You don't see the big picture, 1% was generous. Compared to the infinity of the Cosmos, a few hundred malware are as nothing.


----------



## Offler

SkiesOfAzel said:


> You don't see the big picture, 1% was generous. Compared to the infinity of the Cosmos, a few hundred malware are as nothing.


Think of if more like end of original animated Ghost in the Shell...


----------



## cekim

Offler said:


> Think of if more like end of original animated Ghost in the Shell...


So, what you are saying is we need a largely unchecked, effectively rogue branch of government with vast technology budgets to, hopefully, fight the inherent corruption of the bought and paid for, by the giant corporations who build that vast technology? 

;-)

I've always been rather confused by the dissonant position of asking for unchecked and opaque power granted to check power perceived to be opaque and unchecked. 

I guess its the "Mission Impossible", "New Deal" mythology of "government as a force of good" (rather than a violent implement of lesser evil, if you can keep it chained up properly). Or maybe just the emotional fear of fighting for yourself so you make believe there is someone fighting for you?

Anywho... back broken chips, angry customers and the bad actors exploiting inevitable security holes who we need to focus on more than the holes. You can't plug all the holes, but you can make it hurt when you hurt other people and that's the one thing government is good for (or, less worse anyway).


----------



## kd5151

https://www.reddit.com/r/intel/comments/7upcjx/report_in_french_says_this_leaked_document_shows/


----------



## Offler

cekim said:


> So, what you are saying is we need a largely unchecked, effectively rogue branch of government with vast technology budgets to, hopefully, fight the inherent corruption of the bought and paid for, by the giant corporations who build that vast technology?
> 
> ;-)
> 
> I've always been rather confused by the dissonant position of asking for unchecked and opaque power granted to check power perceived to be opaque and unchecked.
> 
> I guess its the "Mission Impossible", "New Deal" mythology of "government as a force of good" (rather than a violent implement of lesser evil, if you can keep it chained up properly). Or maybe just the emotional fear of fighting for yourself so you make believe there is someone fighting for you?
> 
> Anywho... back broken chips, angry customers and the bad actors exploiting inevitable security holes who we need to focus on more than the holes. You can't plug all the holes, but you can make it hurt when you hurt other people and that's the one thing government is good for (or, less worse anyway).


Not exactly... I meant it in a way that known computer defences are vulnerable, and possibilities to overcome them are vast, almost infinite.

The metaphor for "people hacking" in the original movie is a topic to place somewhere else.


----------



## cekim

Offler said:


> Not exactly... I meant it in a way that known computer defences are vulnerable, and possibilities to overcome them are vast, almost infinite.
> 
> The metaphor for "people hacking" in the original movie is a topic to place somewhere else.


heh... I was mostly kidding... I like those stories even though it confuses me that people identify (there or anywhere) with the absurd idea of "the enemy of enemy is my friend". Choose your friends more wisely is the lesson I read from the last ~2,500 years of recorded history.


----------



## SwitchFX

I'm going to hold out until the next generation of chips before upgrading. Not like I need to now. I barely do much except niche chart work and light gaming. If it comes to it, I guess my next system may end up being a Ryzen, or if parts are priced alright, might pickup whatever their server stuff is called and stuff it into a box. 

Someone raised a point on another forum, albeit it was slightly conspiracy theory, that Intel may not do any physical adjustment on the chips and just leave it up to vendors, OEM or otherwise, to implement a boot level patch that gets slipped in on each reboot/boot.


----------



## EniGma1987

Intel has a newly made team for a Product Assurance and Security group, hopefully it will identify problems and be allowed to actually help implement fixes.
https://www.anandtech.com/show/12390/intel-appoints-new-cto-confirms-product-assurance-group


----------



## cekim

SwitchFX said:


> I'm going to hold out until the next generation of chips before upgrading. Not like I need to now. I barely do much except niche chart work and light gaming. If it comes to it, I guess my next system may end up being a Ryzen, or if parts are priced alright, might pickup whatever their server stuff is called and stuff it into a box.
> 
> Someone raised a point on another forum, albeit it was slightly conspiracy theory, that Intel may not do any physical adjustment on the chips and just leave it up to vendors, OEM or otherwise, to implement a boot level patch that gets slipped in on each reboot/boot.


There will be so much scrutiny on this issue specifically that's not going to happen, nor is it a technically sound hypothesis given the issue.


----------



## SwitchFX

cekim said:


> There will be so much scrutiny on this issue specifically that's not going to happen, nor is it a technically sound hypothesis given the issue.


That is what I figured, but hey, I've seen a lot of BS from companies in my life. On the other hand, the AMD chips while at risk don't seem to have a real way to execute the attack (unless I've misread). Either way, they have the upper hand at the moment with the dark cloud looming over Intel's head and growing with each leak. 

Anyway, by then, unless Intel has something serious to offer and AMD's Ryzen 2 does something incredible, I will likely go back to AMD after having not touched them since the Thunderbird days.


----------



## EniGma1987

SwitchFX said:


> That is what I figured, but hey, I've seen a lot of BS from companies in my life. On the other hand, the AMD chips while at risk don't seem to have a real way to execute the attack (unless I've misread). Either way, they have the upper hand at the moment with the dark cloud looming over Intel's head and growing with each leak.
> 
> Anyway, by then, unless Intel has something serious to offer and AMD's Ryzen 2 does something incredible, I will likely go back to AMD after having not touched them since the Thunderbird days.



Not only do the AMD chips not have a real way to execute the attack, but they also have a nice feature in the Zen arch that even protects against server admins looking into your data on a VM which is nice. This is because the system memory is encrypted on the Zen server processors, and the encryption key is randomly generated at every reboot so a stolen key (if the AMD processors ever become vulnerable to Meltdown) would be useless past the next reboot anyway.


----------



## TinyRichard

So now that CES is over has this Spectre/Meltdown scary name whitepaper nonsense hype finally died down?


Timeline of events: flaw discovered. flaw patched. bloggers blogged. world survived.


----------



## Melan

Naw. Gotta milk it some more.


----------



## ryan92084

TinyRichard said:


> So now that CES is over has this Spectre/Meltdown scary name whitepaper nonsense hype finally died down?
> 
> 
> Timeline of events: flaw discovered. flaw patched. bloggers blogged. world survived.


more like flaws discovered>flaws publicized>some flaws get patches>servers and certain other use cases with intel take performance hit>intel spectre patches get pulled>malware proliferates


----------



## Offler

Well... It depends on environment, but patches were not used everywhere yet. Remember that Microsoft and some drivermakers pulled some.


----------



## azanimefan

TinyRichard said:


> So now that CES is over has this Spectre/Meltdown scary name whitepaper nonsense hype finally died down?
> 
> 
> Timeline of events: flaw discovered. flaw patched. bloggers blogged. world survived.


if by patched you mean it was patched in a way that broke **** so bad they pulled the patch figuring the net damage caused by the patch would be potentially more damaging to Intel financially then any viruses written with the meltdown exploit. 

We're currently waiting for an actual Intel patch now. since the first was pulled. 


the only reason the hysteria has died down is these are "exploits" not viruses. Until the first virus using the exploit shows up we won't have any more to talk about


----------



## bmaxa

meltdown and spectre are more of a threat for servers, as viruses can already do much more on desktop.


----------



## Vlada011

Looking all of these problems for me who advice people to avoid any patches and updates is funny.
This is one more way how they want to increase profit from next generations. Both AMD and Intel.
I only don't know what will be excuse for people who paid 1000-2000$ for Skylake-X about silicon bug.
I know people... and all of you know people here probably who sold their very powerfull Intel configurations to switch to AMD.


----------



## Nizzen

Vlada011 said:


> Looking all of these problems for me who advice people to avoid any patches and updates is funny.
> This is one more way how they want to increase profit from next generations. Both AMD and Intel.
> I only don't know what will be excuse for people who paid 1000-2000$ for Skylake-X about silicon bug.
> I know people... and all of you know people here probably who sold their very powerfull Intel configurations to switch to AMD.


Noone sold skylake x to go over to AMD. 
Don't make up things


----------



## ku4eto

Nizzen said:


> Noone sold skylake x to go over to AMD.
> Don't make up things


Yea, people simply did not buy Skylake-X.


----------



## EniGma1987

azanimefan said:


> the only reason the hysteria has died down is these are "exploits" not viruses. Until the first virus using the exploit shows up we won't have any more to talk about



It is coming pretty quick :/


> AV-Test told SecurityWeek that it has found the first JavaScript proof-of-concept (PoC) attacks for web browsers. Most of the malware samples are versions of PoCs that have been published online.
> 
> The number of samples AV-Test has collected has steadily climbed since the first one was spotted on January 7. By January 21 it had over 100 samples, and as of the end of January the count was 139.
> 
> Bugs in Intel's microcode updates for the Spectre Variant 2 attack have caused the most problems on patched systems, prompting HP and Dell to pause and roll back their respective BIOS updates, while Microsoft this week issued a Windows update that disabled Intel's fix for Variant 2. Intel is working on microcode updates that don't cause higher reboots and potential data loss.






TinyRichard said:


> Timeline of events: flaw discovered. flaw patched. bloggers blogged. world survived.


Actually, the correct timeline is:

flaws discovered -> existence of flaws denied by Intel due to theoretical only -> almost a year later -> flaws discovered by others and disclosed to Intel -> proof of concept attack made and shown -> pacthing slowly starts -> flaw discovered by end users -> media gets ahold of story -> panic ensues -> Intel releases broken patches causing server reboot issues -> malware starts being released to take advantage of flaw -> patches from Intel are pulled -> malware increases 100 fold -> current day, nothing has been fixed by Intel.


----------



## LicSqualo

*Intel fan boys... so funny*



TinyRichard said:


> So now that CES is over has this Spectre/Meltdown scary name whitepaper nonsense hype finally died down?
> 
> 
> Timeline of events: flaw discovered. flaw patched. bloggers blogged. world survived.


How much Intel pay you? (I hope, for you, more than I can think) What kind of Intel CPU have you, Troll? Just to understand what CPU trolls use.

Your write on this threads here only to??? reason???

Ops, I forgot, you are an Intel fan boys... so please go home and this time write your preferred phrase: I'm "sure" with my Intel, I'm "sure" with my Intel, I'm "sure" with my Intel, I'm "sure" with my Intel, I'm "sure" with my Intel... 'till the end of the year, PLEASE and thank you.


----------



## 7850K

TinyRichard said:


> So now that CES is over has this Spectre/Meltdown scary name whitepaper nonsense hype finally died down?
> 
> 
> Timeline of events: flaw discovered. flaw patched. bloggers blogged. world survived.


did you just recently drop a bunch of money on a new intel system?
getting bent out of shape trying to downplay this issue doesn't do anything to convince people. Just makes it sound like you're in denial.


----------



## chispy

EniGma1987 said:


> It is coming pretty quick :/
> 
> 
> 
> 
> 
> Actually, the correct timeline is:
> 
> flaws discovered -> existence of flaws denied by Intel due to theoretical only -> almost a year later -> flaws discovered by others and disclosed to Intel -> proof of concept attack made and shown -> pacthing slowly starts -> flaw discovered by end users -> media gets ahold of story -> panic ensues -> Intel releases broken patches causing server reboot issues -> malware starts being released to take advantage of flaw -> patches from Intel are pulled -> malware increases 100 fold -> current day, nothing has been fixed by Intel.


+1 This exactly ^^


----------



## mushroomboy

If this doesn't bother people, here is how BAD the situation is without a proper patch in place. And I'm assuming many places didn't patch due to stability issues. So all I gotta do is rent a server somewhere, this doesn't even matter if they force me to use a patched version of Linux. Don't care, I'm going to upload my own custom kernel and do a kexec to my system. Then I'm going to intentionally run the code in the VM, as this is a hardware flaw...... Now I just wait and profit. This could seriously take down sites easily, years worth of data/backups gone because now I've got all the information I need. Don't need root when you can just peek until you get other VM users and passwords. 

Seriously, if I were a web hosting site I'd suspend any registrations and suspend any site overhauls which would change the opsys the VM is running. I'd lock everything down, because it's creepily easy to wreck havic when you have control of a server's opsys. Or just the ability to exploit one's own server in a VM to peek data outside of that VM. This is why the exploit is extremely dangerous, as we live in a world of the cloud. This is seriously probably the worst security flaw we will see for a while.


----------



## ZoomThruPoom

I guess with patches being rolled back might as well red out most of Intel??


P.S. :thumb: Finally image upload working for me!! :thumb:


----------



## Majin SSJ Eric

SkiesOfAzel said:


> Tiny is right, it's just a 1% potential issue. Sure, every unpatched data center is completely vulnerable to a simple javascript attack, and the patches themselves cause instabilities and a lot of performance degradation, especially on IO. But it's not like our society depends on data centers in order to function, right?
> 
> The current stock market reaction is just another indication of how much divorced from reality the 'market' can nowadays afford to be.


That wasn't the point he was making. Obviously high-reward targets like major corporation data centers or government services servers needed to take Meltdown and Spectre VERY seriously, but for no-name end-users like you and me, there was never any real reason for alarm at all. Its not like any these "hackers" are going to be using Meltdown to break into "BOB's L33T R1G" to steal his pr0n folders.


----------



## 7850K

ZoomThruPoom said:


>


this was posted on reddit yesterday and several people pointed out it's full of misinformation

https://www.reddit.com/r/Amd/comments/7vs24h/spectre_2_fix_status_for_amdintel_cpu/


----------



## Offler

It sourced on reddit? Then its bogus.


----------



## TinyRichard

Majin SSJ Eric said:


> That wasn't the point he was making. Obviously high-reward targets like major corporation data centers or government services servers needed to take Meltdown and Spectre VERY seriously, but for no-name end-users like you and me, there was never any real reason for alarm at all. Its not like any these "hackers" are going to be using Meltdown to break into "BOB's L33T R1G" to steal his pr0n folders.


This man gets it.


----------



## ZoomThruPoom

7850K said:


> this was posted on reddit yesterday and several people pointed out it's full of misinformation
> 
> https://www.reddit.com/r/Amd/comments/7vs24h/spectre_2_fix_status_for_amdintel_cpu/


Why not post it on OCN and debunk it here too?

More stuff from reddit for ya....

https://thehackernews.com/2018/02/intel-processor-update.html


----------



## EniGma1987

TinyRichard said:


> This man gets it.



Thats not really true though. People pay good money for archives of peoples usernames and passwords and with this vulnerability your password manager is no longer safe, so someone could datamine hundreds of thousands of people and sell off the information with all the randomized passwords your pass manager is supposed to keep safe and secret for you. In addition to that vulnerability, there are other issues like stealing SSL private keys, encrypted payment information, etc. Thinking only big companies will be the target of this is extremely narrow minded. You have to think of the real possibilities here. Companies usually have good anti virus and mitigation techniques, but the average home user is really easy to infect. Just look at all these many hundred of thousand PC botnets and such. Now think about someone putting a little virus out on the web that infects all the random people computers, they can siphon credit card details from hundred of thousands of people to make illegal purchases, sell that card data on the black market, and all sorts of fun stuff. It is also tax season, and in the next 1-2 months there will be millions of people submitting encrypted data to the IRS mthrough the web for their tax info. If someone gets a working malware out there soon, they could siphon off a whole lot of tax info which is extremely valuable stuff to sell on the black market. Just thinking this will be a large corp. thing is just having no concept of the possibilities this allows.


----------



## LicSqualo

*The hacker golden age*

Frankly, if I were a hacker this would be my golden age. With users unprotected and unaware and unconscious because this type of attack is not traceable. 
I would rather prefer a small user. So much can't be noticed and, above all, can't do anything. 
On the contrary, perhaps it has happened a great many times already and they have not even said so. 
Clearly not for money, but for information that today is worth more than money.


----------



## LostParticle

I completely agree with the last two posts and I am looking forward for a BIOS update for my two Z97 motherboards, the ASRock Z97 OC Formula and the ASUS Maximus Hero VII. I've already e-mailed ASRock Technical Support, twice. One time, in the first days of January, directly using their e-mail and a second time, on Sunday February 4th, by opening a ticket via their on-line web form (for which I've received a confirmation e-mail). I was asking when a new BIOS will become available. Still, I have not gotten any reply from them.


----------



## SkiesOfAzel

Majin SSJ Eric said:


> That wasn't the point he was making. Obviously high-reward targets like major corporation data centers or government services servers needed to take Meltdown and Spectre VERY seriously, but for no-name end-users like you and me, there was never any real reason for alarm at all. Its not like any these "hackers" are going to be using Meltdown to break into "BOB's L33T R1G" to steal his pr0n folders.


"Hackers" don't need to do anything other than release their script on the net through a common point of contact, like for example an ad. They don't need to have a specific target, they simply target everyone that comes in contact with their scripts. You see, while some do reserve the use of their PC for gaming or w4nking sessions, plenty of other people use them for work, financial transactions and other stuff that produce data of value. To give you some perspective, hackers have released plenty of ransomware that target simple users in the past. Believing that they won't do the same with something infinitely more potent is just wishful thinking.

Not to mention that most of your data is on the cloud too, inside those high-reward data centers you mentioned. So you are affected both directly and indirectly.
[EDIT]
If you go a couple of pages back you will find links like these
http://www.zdnet.com/article/meltdown-spectre-malware-is-already-being-tested-by-attackers
http://www.tomshardware.com/news/meltdown-spectre-malware-found-fortinet,36439.html
This time read them.

Even in the fairytale scenario where there weren't any security breaches during the previous year and there aren't going to be any in the future, for either single users or data centers, there are still consequences that affect almost anyone. Unless you think that all those added maintenance costs will be soaked exclusively by the data center owners, or that those 50% IO penalties will not affect the quality or the cost of the services you use.
[/EDIT]

But the main point Tiny was trying to make is that the matter has been successfully dealt with by Intel which is a joke.


----------



## EniGma1987

Good news is that Intel is now releasing "gen 2" fix for Skylake systems that is supposed to fix the reboot problems and protect from Meltdown and Spectre. This is only available for Skylake at this time, probably to test if it is stable or not. Other processor families will get the new fix in the near future unless Intel has messed this one up too.


----------



## Pepillo

EniGma1987 said:


> Good news is that Intel is now releasing "gen 2" fix for Skylake systems that is supposed to fix the reboot problems and protect from Meltdown and Spectre. This is only available for Skylake at this time, probably to test if it is stable or not. Other processor families will get the new fix in the near future unless Intel has messed this one up too.


And the performance of this fix equals or improves the above?


----------



## SkiesOfAzel

EniGma1987 said:


> Good news is that Intel is now releasing "gen 2" fix for Skylake systems that is supposed to fix the reboot problems and protect from Meltdown and Spectre. This is only available for Skylake at this time, probably to test if it is stable or not. Other processor families will get the new fix in the near future unless Intel has messed this one up too.


Another probable reason this is released for Skylake first is that Skylake is more vulnerable to Spectre than the rest of Intel's cpus. As for performance, the Linux guys work on a kernel only (doesn't use the IBRS instruction) solution for Skylake that should be a lot more performant, though it's not certain yet it will be as secure.


----------



## bmaxa

You have to be aware that all patches protect kernel and only kernel, while protecting user programs should be done from program to program (eg recompiling source with gcc's retpoline option). But, since, thanks to debugging facilities on OS every process from same user can read and modify other processes, which makes protecting user programs pretty pointless


----------



## tpi2007

ZoomThruPoom said:


> Spoiler
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> I guess with patches being rolled back might as well red out most of Intel??
> 
> 
> P.S. :thumb: Finally image upload working for me!! :thumb:



As has been said, that chart cannot be relied upon. Intel has publicly acknowledged that systems dating back to Sandy Bridge were having problems with the new firmware, which logically implies that they have made it available to _someone, _be it an OEM, partner, you name it. Also, if they are to honour their initial word, everything released in the past 5 years will be patched, meaning that Ivy Bridge-E (including HEDT and Xeons) will have the patch because it was released in the second half of 2013, _after_ mainstream Haswell. A German site has also written about how Asus is developing firmware patches for their X79 motherboards, but that it will take time, as the newer CPUs take priority.


Also, putting Coffe Lake (2018) into another category vs Coffee Lake (2017) makes no sense up to now, since it's the same chip with no hardware differences, just the new firmware pre-loaded - _when_ it gets pre-loaded, which still hasn't happened, and we're already in 2018.

When it comes to AMD, they have two statements out, one where they said that they will patch their previous (to Ryzen) architecture, so that could mean only Excavator or more globally speaking, all the way down to Bulldozer, since it's all based on the same design, and Piledriver was sold on the desktop just up until last year.

They are also on the record saying that Zen 2 will have hardware fixes for Spectre.





SkiesOfAzel said:


> Another probable reason this is released for Skylake first is that Skylake is more vulnerable to Spectre than the rest of Intel's cpus. As for performance, the Linux guys work on a kernel only (doesn't use the IBRS instruction) solution for Skylake that should be a lot more performant, though it's not certain yet it will be as secure.



True, and the lesser talked about Broadwell too. Haswell and below can be made resilient through retpoline's implementation only, but Broadwell and above need additional CPU firmware because the branch predictor is too good for its own good and needs to be tamed, so to speak.


----------



## LostParticle

tpi2007 said:


> ...
> 
> They are also on the record saying that Zen 2 will have hardware fixes for Spectre.
> 
> ...


Are you referring to the Ryzen+ that is expected around April, this year? Do you have a link, please? I'm seriously considering purchasing one and I'd very much like to know.

Thank you.


----------



## Majin SSJ Eric

EniGma1987 said:


> Thats not really true though. People pay good money for archives of peoples usernames and passwords and with this vulnerability your password manager is no longer safe, so someone could datamine hundreds of thousands of people and sell off the information with all the randomized passwords your pass manager is supposed to keep safe and secret for you. In addition to that vulnerability, there are other issues like stealing SSL private keys, encrypted payment information, etc. Thinking only big companies will be the target of this is extremely narrow minded. You have to think of the real possibilities here. Companies usually have good anti virus and mitigation techniques, but the average home user is really easy to infect. Just look at all these many hundred of thousand PC botnets and such. Now think about someone putting a little virus out on the web that infects all the random people computers, they can siphon credit card details from hundred of thousands of people to make illegal purchases, sell that card data on the black market, and all sorts of fun stuff. It is also tax season, and in the next 1-2 months there will be millions of people submitting encrypted data to the IRS mthrough the web for their tax info. If someone gets a working malware out there soon, they could siphon off a whole lot of tax info which is extremely valuable stuff to sell on the black market. Just thinking this will be a large corp. thing is just having no concept of the possibilities this allows.


No, that's not the point either. I'm not saying that NO end-users could be affected by Spectre or Meltdown, I'm just saying that the odds of a no-name individual being targeted is exceedingly remote. There are hundreds and hundreds of millions of people with personal computers and even if somebody data-mined 10k rigs, your PC still has just a small fraction of 1% of a chance of being one of those selected at random. And even then, you still have decent odds of not being one of the U/N and passwords selected to steal anything from (if they can even work out which accounts to steal from in the first place).

But please, feel free to freak out as much as you want about getting "hacked". Even when you do get money taken from your account your bank will just reverse the charges, so its still not a super massive issue (well, it would certainly be a pain in the ass but likely not ruinous to your bank account). Hell, corporate hacking is still about a million times more likely to cause you to get ripped off than this (the only time I've ever even had an issue is that time Target had all that debit card info stolen, and even with that I never actually had anybody access my bank account; my bank just cancelled my debit card). 

And I already mentioned that corporations already know how serious this issue is for their protected data. Even if the patches are not being implemented yet, they certainly will be soon so I'm not about to lose any sleep over it.


----------



## Blameless

Majin SSJ Eric said:


> I'm just saying that the odds of a no-name individual being targeted is exceedingly remote.


You don't need to be specifically targeted to be affected.


----------



## TinyRichard

Blameless said:


> You don't need to be specifically targeted to be affected.


True. But in this case of blog-noise baloney, almost no one was affected, and about the only thing "affected" was a few reboot issues. I myself am "vulnerable" to a lot of things. For example a common cold. Doesn't mean catching one will end the world.

Not really the NASTY SCARY MELTINGSPECTREDOWNz the noise booster sites wanted you to believe.


The entire thing was primarily an academic exercise and read "real scary" but in real life, minimal impact. I'd wager more actual damage has been caused by almost any OTHER virus/malware/hardware malfunction than anything SPEEKTERMELTS related.


Noise and numbers.
Youtube clicks for amateurs.
Sky is Falling!
Blah Blah Blah.


----------



## nanotm

TinyRichard said:


> True. But in this case of blog-noise baloney, almost no one was affected, and about the only thing "affected" was a few reboot issues. I myself am "vulnerable" to a lot of things. For example a common cold. Doesn't mean catching one will end the world.
> 
> Not really the NASTY SCARY MELTINGSPECTREDOWNz the noise booster sites wanted you to believe.
> 
> 
> The entire thing was primarily an academic exercise and read "real scary" but in real life, minimal impact. I'd wager more actual damage has been caused by almost any OTHER virus/malware/hardware malfunction than anything SPEEKTERMELTS related.
> 
> 
> Noise and numbers.
> Youtube clicks for amateurs.
> Sky is Falling!
> Blah Blah Blah.


but then so far as I'm aware nobody has a crystal ball, and the clamouring has only mentioned the possibility of this hardware encoded NSA backdoor being co-opted by anyone wiht a mind to do so.... the problem isn't that the backdoor exists but that the people who built it were stupid enough to think nobody would notice or nobody else would be capable of using it....

is it likely that this "vulnerability" will cause a lot of disruption and incidental losses to people, the answer is it has the potential to do so, worse that since said potential is at the end user's discretion the fact it exists is grounds to refuse to insure against said losses..... you are free to do whatever you want think whatever you want, the problem, here isn't in that its in the legal side stepping that should you suffer mean you will also be bearing the cost of that suffering not some faceless corporation who you mistakenly believed had your back !


----------



## baakstaff

LostParticle said:


> Are you referring to the Ryzen+ that is expected around April, this year? Do you have a link, please? I'm seriously considering purchasing one and I'd very much like to know.
> 
> Thank you.


Nope, it's Zen 2 that will have the changes, the generation after this upcoming one. From the AMD Earnings call https://seekingalpha.com/article/41...-results-earnings-call-transcript?part=single: 



> For Spectre Variant 1, we continue actively working with our ecosystem partners on mitigations, including operating system patches that have begun to roll out. We continue to believe that Variant 2 of Spectre is difficult to exploit on AMD processors. However, we are deploying CPU microcode patches that in combination with OS updates provide additional mitigation steps. Longer term, we have included changes in our future processor cores, starting with our Zen 2 design, to further address potential Spectre like exploits. We continue to collaborate closely with the industry on these vulnerabilities and are committed to protecting AMD users from these and other security threats as they arise.


----------



## tpi2007

LostParticle said:


> Are you referring to the Ryzen+ that is expected around April, this year? Do you have a link, please? I'm seriously considering purchasing one and I'd very much like to know.
> 
> Thank you.


As baakstaff said in the quote below, I'm referring to Zen 2, the architecture, due in 2019. 

Ryzen+ or Ryzen 2 (personally, I prefer calling them Ryzen 2000 Series to avoid confusion) will only ship with firmware fixes, if that, since currently they are optional as AMD doesn't believe it's very feasible to exploit Spectre variant 2 on Ryzen (and variant 1 has an OS patch).




baakstaff said:


> Nope, it's Zen 2 that will have the changes, the generation after this upcoming one. From the AMD Earnings call https://seekingalpha.com/article/41...-results-earnings-call-transcript?part=single:


Exactly.


----------



## LostParticle

Thank you, guys, it is clear to me now. :thumb:


----------



## Avant Garde

So we who're in a lookout for new CPU are pretty much screwed?


----------



## Offler

Wait for new generation (regardless company) and wait until they announce that the issue is fixed "in silicon".

If you have AMD you might not fear for your data, but the vulnerability may cause your CPU to slow down.


----------



## Avant Garde

Right now I'm on 3570K and I really want to upgrade this year but wait! I'm screwed because I will pay for newest and "most powerful" CPU's that will run crippled! OR/AND I'm going to get my data stolen! 
What a time to be alive!


----------



## JedixJarf

TinyRichard said:


> True. But in this case of blog-noise baloney, almost no one was affected, and about the only thing "affected" was a few reboot issues. I myself am "vulnerable" to a lot of things. For example a common cold. Doesn't mean catching one will end the world.
> 
> Not really the NASTY SCARY MELTINGSPECTREDOWNz the noise booster sites wanted you to believe.
> 
> 
> The entire thing was primarily an academic exercise and read "real scary" but in real life, minimal impact. I'd wager more actual damage has been caused by almost any OTHER virus/malware/hardware malfunction than anything SPEEKTERMELTS related.
> 
> 
> Noise and numbers.
> Youtube clicks for amateurs.
> Sky is Falling!
> Blah Blah Blah.


I'm not concerned with my home rig having a reboot now and again. But with the microcode fixes affecting my Hypervisors in my datacenters, that's a huge freaking deal.


----------



## ZealotKi11er

Avant Garde said:


> Right now I'm on 3570K and I really want to upgrade this year but wait! I'm screwed because I will pay for newest and "most powerful" CPU's that will run crippled! OR/AND I'm going to get my data stolen!
> What a time to be alive!


Pretty much in same situation but with 3770K. I am waiting for CPU that have silicon fixes before I upgrade.


----------



## ku4eto

JedixJarf said:


> I'm not concerned with my home rig having a reboot now and again. But with the microcode fixes affecting my Hypervisors in my datacenters, that's a huge freaking deal.


Jokes on you. Our current Hyper-V hosts havent been updated for 2 years. Thats on a production Server 2012 R2.

Oh, and the new 2016 servers, are still not updated as well, they are still being brought up.


----------



## chispy

ZealotKi11er said:


> Pretty much in same situation but with 3770K. I am waiting for CPU that have silicon fixes before I upgrade.


+3 , same here i need to upgrade one of my aging Intel rigs but i will not do so until this has been fixed on silicon ...


----------



## ThrashZone

Hi,
Overblown I doubt I will ever install anything known to kill performance 
One has a better chance of hitting the lottery or getting stuck by lightening than being exploited by either of these issues.


----------



## JackCY

Avant Garde said:


> So we who're in a lookout for new CPU are pretty much screwed?


Pretty much, Ryzen is the best bet right now but for that wait for a refresh in upcoming months on 12nm I believe.


----------



## chispy

Intel sued 32 times over flaws. " Spectre and Meltdown attracts lawyers like flies "

https://www.fudzilla.com/news/processors/45631-intel-sued-32-times-over-flaws


----------



## Hueristic

chispy said:


> Intel sued 32 times over flaws. " Spectre and Meltdown attracts lawyers like flies "
> 
> https://www.fudzilla.com/news/processors/45631-intel-sued-32-times-over-flaws


Where can I short Intel stock?


----------



## Vlada011

For now Intel is faced with 32 charges from Individuals, smaller groups or companies for Fraud and because people think they are damaged with politic of IT Company Intel.
Fact that people look completely different on their investment because new negative information about their products is enough to Intel lost charge one by one.
Intel will be faced probably with demands to refund full cost of CPU model and Intel Chipset or replace with something worthy enough to people live with fact that their 
"Object of Love" and thing where they invest most of their money have serious Bug and AMD not.

Demands will be different, from guys who will Request Newer and Better Intel CPU and Intel Chipset to people who will say 
"Go to Hell with Your Politic and Distraction, Damage Control, etc...Give My Money I Want to Buy Threadripper and Zenith Extreme + 64GB or RAM and forgot on hackers and security problems".


----------



## tpi2007

There are some good news regarding microcode updates: Intel is officially planning to go all the way back to and including 45nm Core 2 Duos and Quads:

https://newsroom.intel.com/wp-content/uploads/sites/11/2018/02/microcode-update-guidance.pdf


----------



## Avant Garde

I hope they will get sued to death! Lowering their stock prices and their CPU prices as a result and maybe actually using their non-greedy part of the brain in the future...


----------



## LostParticle

tpi2007 said:


> There are some good news regarding microcode updates: Intel is officially planning to go all the way back to and including 45nm Core 2 Duos and Quads:
> 
> https://newsroom.intel.com/wp-content/uploads/sites/11/2018/02/microcode-update-guidance.pdf


Hi!

Perhaps I am dumb, perhaps I am blind! Would you be so kind to tell me, though, in which Product or Public Names my Intel i7-4790K belongs?!

Thank you!!


----------



## tpi2007

LostParticle said:


> Hi!
> 
> Perhaps I am dumb, perhaps I am blind! Would you be so kind to tell me, though, in which Product or Public Names my Intel i7-4790K belongs?!
> 
> Thank you!!


You're right, that list has some oddities about it, namely that not all Haswell and Ivy Bridge based CPUs are listed. I'm assuming that that is just an oversight as the cores in the mobile parts, which are listed, should be practically identical. Besides, considering that they list desktop Sandy Bridge, Nehalem and Penryn CPUs, it's logical to assume that for example a 4790K and a 3770K will also get the updates. If a 45nm Celeron E3200 from 2008 is going to get a microcode update, everything up should get it.


----------



## GeneO

LostParticle said:


> Hi!
> 
> Perhaps I am dumb, perhaps I am blind! Would you be so kind to tell me, though, in which Product or Public Names my Intel i7-4790K belongs?!
> 
> Thank you!!


Haswell (including H, S)


----------



## Vlada011

Guys what is Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4074588).

He have something with Intel Bug Fix or not.
Is it someone capable to write here or updates connected with Intel Bug Fix to hide them next time when reinstall OS?
I know for Evil Update (KB4056892). He is on My Blacklist. I want to know maybe I should extend Blacklist.


Gamers, overclockers I mean all PC Enthusiasts had good chance against Intel in front EU Courts.
They had chance to get refund at least for CPU or upgrade model and on that way little influence on emotions about Silicon Error in their processors.
Because it's fact even if Intel give them newer and better models with more cores they still need to live with Error and they deserve at least that.
We know very good that for some people GPU type GTX1080 were enough but they invest 1000$ and more for fastest brain for their computer, and now fact that brain is damaged on some way give them great chance.
It's not good when investor should decide what is better to lose performance or stay vulnerable and with open doors.

Attention on Performance Loss should be looked with same emotions as little improvement.
People pay a lot to push i7-5820K from 4.2GHz to 4.5GHz. That cost sometimes as new processor (custom watercooling loop) and performance loss should not be looked 
That's nothing, We will compensate, You will not fill in real life, etc...

Can someone tell me why is 850 PRO SSD so much expensive than 850 EVO when their difference is much smaller than lost after Security Update, but people find reason to invest more.
IT Companies, Their Defenders, Damage Control Groups should instantly stop to make difference between performance loss (No Big Deal) and performance increase after OC (Worth of Investment Everything) no matter how much you get or how much you loss. If marketing push people to invest a lot for small invisible improvement than should swallow fact that people don't deserve to lost performance just like that even if we talk about invisible performance decrease.

We wait to start massive aggressive marketing to all people replace their RIGs with excellent performance because silicon error.
Only when new fixed models show up you will read all kind of explanation why it's better to replace you X299 or Z370 with Next Gen.
Off course performance will be small part of reason, security bigger.
Remember my words, they will use very smart experts who will present you on best way Why you should get rid off your computer. 
They know very well to find reasons and push you in mood that your platform need update because security Error even if performance difference not exist.

For now I notice almost 10, something less people who replace X99 mostly, but and X299 for Threadripper. If I notice that than number is not so small, maybe few percent who done that.
Intel should know that all of them didn't used AMD Processors years or more than decade.


----------



## nonametoclaim

Catscratch said:


> Intel and AMD stocks are booming, so this was forgotten rather fast. Noone cares about it anymore.


you know ive been kind of sick of seeing these negative threads on the hp of ocn, but for me this is one of those dead horses that needs to be beat until theirs no trace and just a depression on the ground where it first dropped. hate seeing them make money while loyalists and general consumers suffer alike.


----------



## chispy

Updated Firmware Available for 6th, 7th and 8th Generation Intel Core Processors ...

Intel today shared in a blog post that they are deploying microcode solutions that have been developed and validated over the last several weeks. These updates aim to patch security vulnerabilities recently found in Intel processors, and will be distributed, mostly, via OEM firmware updates - users who want to have their system hardened against Spectre and Meltdown exploits will have to ensure that their system manufacturer of choice makes these microcode updates available. If they don't do it in a timely fashion, users have no choice but to be vocal about that issue - Intel has now done its part in this matter.

This is the second wave of Intel's patches to mitigate the Spectre and Meltdown vulnerabilities, after the first, hasty patch sent users on towards unstable, crashing systems and the inevitable update rollback. Security had already been reinstated, of sorts, for Intel's Skylake processors, but left users of any other affected Intel CPU family out in the cold. Here's hoping this is the one update that actually sticks after thorough testing and validation.


source: https://www.techpowerup.com/241738/...-7th-and-8th-generation-intel-core-processors


----------



## GeneO

chispy said:


> Updated Firmware Available for 6th, 7th and 8th Generation Intel Core Processors ...
> 
> Intel today shared in a blog post that they are deploying microcode solutions that have been developed and validated over the last several weeks. These updates aim to patch security vulnerabilities recently found in Intel processors, and will be distributed, mostly, via OEM firmware updates - users who want to have their system hardened against Spectre and Meltdown exploits will have to ensure that their system manufacturer of choice makes these microcode updates available. If they don't do it in a timely fashion, users have no choice but to be vocal about that issue - Intel has now done its part in this matter.
> 
> This is the second wave of Intel's patches to mitigate the Spectre and Meltdown vulnerabilities, after the first, hasty patch sent users on towards unstable, crashing systems and the inevitable update rollback. Security had already been reinstated, of sorts, for Intel's Skylake processors, but left users of any other affected Intel CPU family out in the cold. Here's hoping this is the one update that actually sticks after thorough testing and validation.
> 
> 
> source: https://www.techpowerup.com/241738/...-7th-and-8th-generation-intel-core-processors



Today being the 20th February. I'll bite. Where is it available?


----------



## TonyLee

So are board makers actually going to go all the way back to boards from 10 years ago and release a new bios after Intel releases fixes? I have a Gigabyte P67 board from 2011, so it will be a surprise to me to see any new bios updates for it even after an Intel fix. It does not really matter to me anyway since I am planning on getting the Zen + 2600(x) variant when it releases.


----------



## tpi2007

TonyLee said:


> So are board makers actually going to go all the way back to boards from 10 years ago and release a new bios after Intel releases fixes? I have a Gigabyte P67 board from 2011, so it will be a surprise to me to see any new bios updates for it even after an Intel fix. It does not really matter to me anyway since I am planning on getting the Zen + 2600(x) variant when it releases.



Possibly not, but the new microcode updates can be loaded from the OS, so it will most probably happen that way at least.


----------



## GeneO

tpi2007 said:


> Possibly not, but the new microcode updates can be loaded from the OS, so it will most probably happen that way at least.


There is a question of whether loading it from the OS is too late for the OS to detect the firmware support so it can enable its part of the patch.

I doubt board manufacturers will go back 10 years.


----------



## Majin SSJ Eric

Avant Garde said:


> Right now I'm on 3570K and I really want to upgrade this year but wait! I'm screwed because I will pay for newest and "most powerful" CPU's that will run crippled! OR/AND I'm going to get my data stolen!
> What a time to be alive!





ZealotKi11er said:


> Pretty much in same situation but with 3770K. I am waiting for CPU that have silicon fixes before I upgrade.





chispy said:


> +3 , same here i need to upgrade one of my aging Intel rigs but i will not do so until this has been fixed on silicon ...


Honestly guys, 2018 is probably NOT the year to update older rigs with the way hardware prices across the board currently stand. I'm still on my old 4930K and I have no intention whatsoever of upgrading anything in my rig until memory and GPU pricing comes down substantially from where its at right now.

Besides, my "old" system is still much more than capable of doing everything I need it to do as of right now, even though its now over 5 years old.


----------



## ibb27

GeneO said:


> Today being the 20th February. I'll bite. Where is it available?


Here:
https://newsroom.intel.com/wp-content/uploads/sites/11/2018/02/microcode-update-guidance.pdf

Another good technical paper for Spectre v2 mitigations on Intel CPUs:
https://software.intel.com/sites/de...line-A-Branch-Target-Injection-Mitigation.pdf

It seems Intel is choosing Google's approach as the most appropriate and lowest impact on performance of its processors.


----------



## Avant Garde

Majin SSJ Eric said:


> Honestly guys, 2018 is probably NOT the year to update older rigs with the way hardware prices across the board currently stand. I'm still on my old 4930K and I have no intention whatsoever of upgrading anything in my rig until memory and GPU pricing comes down substantially from where its at right now.
> 
> Besides, my "old" system is still much more than capable of doing everything I need it to do as of right now, even though its now over 5 years old.


I already have GTX1080 almost two years and PG348Q. I've already bought Phanteks Evolv TG, 850 EVO 1TB SSD, 860 EVO 250GB M.2, 2x8GB DDR4 G.Skill TridentZ 3200MHz CL14 and now I'm looking for MoBo, CPU cooler and of course CPU.... And now I'm stuck.


----------



## GeneO

ibb27 said:


> Here:
> https://newsroom.intel.com/wp-content/uploads/sites/11/2018/02/microcode-update-guidance.pdf
> 
> Another good technical paper for Spectre v2 mitigations on Intel CPUs:
> https://software.intel.com/sites/de...line-A-Branch-Target-Injection-Mitigation.pdf
> 
> It seems Intel is choosing Google's approach as the most appropriate and lowest impact on performance of its processors.


I meant where is the microcode available.


----------



## EniGma1987

GeneO said:


> I meant where is the microcode available.


It comes through bios updates to your motherboard, or supposedly can come from a Windows update


----------



## SavantStrike

EniGma1987 said:


> It comes through bios updates to your motherboard, or supposedly can come from a Windows update


Windows update cannot provude a microcode update, and it's tricky for windows to apply patched microcode at boot. Updates will mitigate security flaws but the only real fix is a BIOS update.


----------



## ryan92084

SavantStrike said:


> *Windows update cannot provude a microcode update*, and it's tricky for windows to apply patched microcode at boot. Updates will mitigate security flaws but the only real fix is a BIOS update.


Recent history seems to disagree with this since we've already seen MS distribute and revert one for Intel.


----------



## Blameless

Fixed microcode patches, for Skylake and later architectures are being pushed out to OEMs now: https://newsroom.intel.com/news/latest-intel-security-news-updated-firmware-available/



GeneO said:


> I meant where is the microcode available.


Firmware updates, if you want the microcode to be functional in Windows.

If your board maker doesn't lease updated firmware, it's possible to patch it yourself with microcode from the Linux microcode update file, or with microcode dumped from another BIOS rom from the same platform...once those become available that is.



ryan92084 said:


> Recent history seems to disagree with this since we've already seen MS distribute and revert one for Intel.


There are Windows mitigation patches (which isn't the same as microcode), and a patch that disables the Specter variant 2 microcode patch, but Windows itself cannot load CPU microcode. There are third party tools one can use to load microcode patches into Windows, but the driver that does the loading is started too late for the mitigations to function.

The only way to get a fully mitigated Windows system is to apply the microcode update to firmware.


----------



## GeneO

EniGma1987 said:


> It comes through bios updates to your motherboard, or supposedly can come from a Windows update


I know. It was rhetorical. It was commentary in the original post that said it was available. It is not.


----------



## cekim

Avant Garde said:


> I already have GTX1080 almost two years and PG348Q. I've already bought Phanteks Evolv TG, 850 EVO 1TB SSD, 860 EVO 250GB M.2, 2x8GB DDR4 G.Skill TridentZ 3200MHz CL14 and now I'm looking for MoBo, CPU cooler and of course CPU.... And now I'm stuck.


Yeah, we're just gonna have to suffer through with SLI 1080TI and 128G of ram here too lol... 

Prices are ridiculous, but they do at least seem to have peaked. So, we'll see.


----------



## TonyLee

Is it safe to assume that the upcoming AMD B450 and X470 boards will already be patched for the spectre issue?


----------



## ryan92084

TonyLee said:


> Is it safe to assume that the upcoming AMD B450 and X470 boards will already be patched for the spectre issue?


For AMD you already don't really need anything on the board level. Spectre v1 is handled on the OS level. For Spectre v2 ryzen is already virtually immune but they are supposed to be offering optional microcode in an abundance of caution also there are OS level mitigations. AMD has no meltdown vulnerability. Zen+ will ship with the microcode fixes so nothing to do there either. There won't be true silicon fixes until zen2.


----------



## Hueristic

ryan92084 said:


> For AMD you already don't really need anything on the board level. Spectre v1 is handled on the OS level. For Spectre v2 ryzen is already virtually immune but they are supposed to be offering optional microcode in an abundance of caution also there are OS level mitigations. AMD has no meltdown vulnerability. Zen+ will ship with the microcode fixes so nothing to do there either. There won't be true silicon fixes until zen2.


Stupid new board, I can't figure out how to rep (like now i guess) you for this post so have +1 virtual Rep.


----------



## ryan92084

Hueristic said:


> Stupid new board, I can't figure out how to rep (like now i guess) you for this post so have +1 virtual Rep.


Hah, thanks. Rep is still a work in progress and the button is gone until they finish.


----------



## cfu97

Is it even safe to use my current computer/android/ipad now?


----------



## cekim

cfu97 said:


> Is it even safe to use my current computer/android/ipad now?


It's really about as safe as it was before, but that was never 100% safe. Stay away from sketchy sites, block ads, don't click things that appear even remotely designed to get you to click on them despite your better judgement. 

For the most part, Specter and Meltdown require an application or code executing from out-side. That means you have to bring the badness into your house. You can do that via the above things you should avoid (ads, sketchy sites and clicking on click-bait). 

In truth, ad services have and will continue to be vulnerable to bad people with resources buying ads through legitimate channels for the sole purpose of distributing malware. That was true before specter/meltdown, that will be true after. 

If you don't run any externally accessible services that permit login or remote execution of code (mail-servers, virtualization servers, web-servers, terminals, etc... ) then the only way something gets in via these exploits is YOU clicking on sketchy things or an ad running sketchy javascript. Avoid that and on balance you are roughly as safe as you were in December 2017 and all the Decembers before that. Blocking ads is a never-ending arms-race though...

Don't get me wrong, this is bad. Javascript is everywhere and sufficient to inject, but the truth is we should all have been avoiding the vectors for this attack already. This just made it easier to use those same channels to do infinitely worse things and made it much harder to detect.

Also, make and keep up-to-date backups, preferably including a doomsday copy of your most precious things on a device not powered on or connected when not in use. 2 is 1, 1 is none... In backups that's more like 8 and 7 lol...


----------



## cfu97

cekim said:


> It's really about as safe as it was before, but that was never 100% safe. Stay away from sketchy sites, block ads, don't click things that appear even remotely designed to get you to click on them despite your better judgement.
> 
> For the most part, Specter and Meltdown require an application or code executing from out-side. That means you have to bring the badness into your house. You can do that via the above things you should avoid (ads, sketchy sites and clicking on click-bait).
> 
> In truth, ad services have and will continue to be vulnerable to bad people with resources buying ads through legitimate channels for the sole purpose of distributing malware. That was true before specter/meltdown, that will be true after.
> 
> If you don't run any externally accessible services that permit login or remote execution of code (mail-servers, virtualization servers, web-servers, terminals, etc... ) then the only way something gets in via these exploits is YOU clicking on sketchy things or an ad running sketchy javascript. Avoid that and on balance you are roughly as safe as you were in December 2017 and all the Decembers before that. Blocking ads is a never-ending arms-race though...
> 
> Don't get me wrong, this is bad. Javascript is everywhere and sufficient to inject, but the truth is we should all have been avoiding the vectors for this attack already. This just made it easier to use those same channels to do infinitely worse things and made it much harder to detect.
> 
> Also, make and keep up-to-date backups, preferably including a doomsday copy of your most precious things on a device not powered on or connected when not in use. 2 is 1, 1 is none... In backups that's more like 8 and 7 lol...


How about you visit a "normally" proved safe site like overclock.net but actually it just got hacked and the hacker would run some codes on your computer through hacked overclock.net?


----------



## e-gate

cfu97 said:


> Is it even safe to use my current computer/android/ipad now?


Nothing in the computing world is safe, ever.
If it's coded it can be hacked.
Hardware and software vulnerabilities always existed and will always do.
Yesterday it was Intel's ME and Flash Player, today is Spectre and Meltdown, tomorrow something else will be found. 
Use your electronics the way you always did, be careful what you click and install, always patch your devices, enable two-factor authentication everywhere and avoid using computers to store password and sensitive data as much as you can. 
And always remember computers were never safe and will never ever be.


----------



## cfu97

e-gate said:


> Nothing in the computing world is safe, ever.
> If it's coded it can be hacked.
> Hardware and software vulnerabilities always existed and will always do.
> Yesterday it was Intel's ME and Flash Player, today is Spectre and Meltdown, tomorrow something else will be found.
> Use your electronics the way you always did, be careful what you click and install, always patch your devices, enable two-factor authentication everywhere and avoid using computers to store password and sensitive data as much as you can.
> And always remember computers were never safe and will never ever be.


This time is a hardware bug which cannot be totally solved by software. Software/OS bugs can be solved.


----------



## cekim

cfu97 said:


> How about you visit a "normally" proved safe site like overclock.net but actually it just got hacked and the hacker would run some codes on your computer through hacked overclock.net?


1. Yes ocn is running JavaScript and undoubtedly bbs modules from other sources.
It could be compromised
2. Google ad-sense is EVERYWHERE. 
It could and has been compromised.

This was true before though... links and characters can be disguised to get you to click on them and particularly windows is overly helpful to hackers in automatically executing various thing when certain files or actions appear. 

I think the best way to describe our current state of affairs is that the likelihood of encountering an exploit if you keep your software up-to-date are no higher or lower than they were, but the ease with which an exploit can do the worst possible things has increased.

Browsers have been patched in several ways to make it harder to run such exploits. High precision timers have been de-tuned to make cookie cutter exploits no longer function and tabs have been isolated from each other to make it harder to reach from one into the other and or escalate your code’s level of access. So, patch your browsers and patch your os and surf like your mom is watching lol...


----------



## The Robot

cfu97 said:


> How about you visit a "normally" proved safe site like overclock.net but actually it just got hacked and the hacker would run some codes on your computer through hacked overclock.net?


OCN is now owned by VerticalScope which had been hacked in the past and had trouble with malware-ridden ads. The same ad network now runs on OCN so an ad blocker is essential.


----------



## cfu97

The Robot said:


> OCN is now owned by VerticalScope which had been hacked in the past and had trouble with malware-ridden ads. The same ad network now runs on OCN so an ad blocker is essential.


Blocking javascript or ad block would make a lot of websites look broken and block wrong things


----------



## EniGma1987

Still need them. I have gotten a virus from OCN ads before in the past, and I expect the problem to get worse now with the new owners.


----------



## GeneO

cfu97 said:


> Blocking javascript or ad block would make a lot of websites look broken and block wrong things


Never had any such issue and I would rather block them than get malware.


----------



## cfu97

GeneO said:


> Never had any such issue and I would rather block them than get malware.


Which ad block do you use


----------



## Offler

GeneO said:


> Never had any such issue and I would rather block them than get malware.





cfu97 said:


> Which ad block do you use


I noticed that Opera might block ads with Java (since Meltdown was out) regadless if Adblocker is present.


----------



## GeneO

cfu97 said:


> Which ad block do you use


ublock origin


----------



## GeneO

Now Intel has protected their Microcode guidance document so it is not publicly available. So much for transparency.


----------



## termathor

GeneO said:


> Now Intel has protected their Microcode guidance document so it is not publicly available. So much for transparency.


True this.

Refs in https://www.theregister.co.uk/2018/...spectre_microcode_releases_haswell_broadwell/ no longer work.

Creepy.


----------



## Abaidor

GeneO said:


> Never had any such issue and I would rather block them than get malware.


Then you are not fully blocking javascript / jquery. Modern web sites need javascript this is not an option. 

What site do you not have a problem with by disabling javascript? Try Youtube or Netflix or even this site for exmple and tell me what you get.


----------



## GeneO

Abaidor said:


> Then you are not fully blocking javascript / jquery. Modern web sites need javascript this is not an option.
> 
> What site do you not have a problem with by disabling javascript? Try Youtube or Netflix or even this site for exmple and tell me what you get.


Of course I am not, I never said I blocked all javascript. But many have addware and other scripts that are not necessary to function. I now use noscript to selectively disable javacript at sites. For instance, I have 13 scripts blocked here - I just allow google and overclock.net scripts to run here and everything runs fine. Examples of scripts I have blocked here are amazon add system, cloudflare, scorecard research and crwdcntrl. And I also use ublock. I get better response here with them disabled too.


----------



## cekim

GeneO said:


> Of course I am not, I never said I blocked all javascript. But many have addware and other scripts that are not necessary to function. I now use noscript to selectively disable javacript at sites. For instance, I have 13 scripts blocked here - I just allow google and overclock.net scripts to run here and everything runs fine. Examples of scripts I have blocked here are amazon add system, cloudflare, scorecard research and crwdcntrl. And I also use ublock. I get better response here with them disabled too.


ditto - 18 things blocked here.

more and more, I'm just no longer using sites that demand I open myself up to attack - sorry, just not worth it. Either the site works "well enough" with my security needs addressed first before your desire to sell me stuff that won't work anyway or I won't use your site. (FWIW, discussion and reviews are far, far, far more effective - i.e. at all - than flash, blinky BS. Glitter, glam and flash make me suspicious, but that's just me I guess).

Don't be a vector for malware - its just that simple. If you can accomplish this without my needed to block your revenue stream, then we can be friends.


----------



## Abaidor

GeneO said:


> Of course I am not, I never said I blocked all javascript. But many have addware and other scripts that are not necessary to function. I now use noscript to selectively disable javacript at sites. For instance, I have 13 scripts blocked here - I just allow google and overclock.net scripts to run here and everything runs fine. Examples of scripts I have blocked here are amazon add system, cloudflare, scorecard research and crwdcntrl. And I also use ublock. I get better response here with them disabled too.


That makes complete sense. I am also using ublock for example everywhere. The truth is that there is so much stuff running behind the scenes that is making sites hogs. I feel bad for the average people that browse the net without realizing what is going on thinking they are safe on their old unoptimized and unpatched systems. Like sitting ducks.


----------



## cfu97

There is still not practical virus or hack from this bug anyway, so why worry?


----------



## ku4eto

cfu97 said:


> There is still not practical virus or hack from this bug anyway, so why worry?


Really?

There are. Just because you dont know, doesnt mean it hasn't been exploited before or there are no viruses. 

Also, just because you said so: 

http://www.tomshardware.com/news/meltdown-spectre-malware-found-fortinet,36439.html

Oh look, who knew! This was posted in this thread also.


----------



## Vlada011

Everyone who have problem with PC because patches should sue Intel and demand refund of Processor and Chipset.
Thousands of people who had stable platform cause chaos because they update BIOS, Security Updates, etc...
No proper words to describe how much Intel screwed customers and their platforms.
I didn't update nothing because I knew that is more chance to destroy something than fix error.


----------



## LostParticle

*What's this??*


----------



## cfu97

ku4eto said:


> cfu97 said:
> 
> 
> 
> There is still not practical virus or hack from this bug anyway, so why worry?
> 
> 
> 
> Really?
> 
> There are. Just because you dont know, doesnt mean it hasn't been exploited before or there are no viruses.
> 
> Also, just because you said so:
> 
> http://www.tomshardware.com/news/meltdown-spectre-malware-found-fortinet,36439.html
> 
> Oh look, who knew! This was posted in this thread also.
Click to expand...

Those are not practical virus


----------



## LostParticle

LostParticle said:


> *What's this??*



*Oopps!*


----------



## ku4eto

cfu97 said:


> Those are not practical virus


Im not going to keep replying to you, if you want to defend so badly Intel, go and do it. Just dont do it here, okay?


----------



## cfu97

ku4eto said:


> cfu97 said:
> 
> 
> 
> Those are not practical virus
> 
> 
> 
> Im not going to keep replying to you, if you want to defend so badly Intel, go and do it. Just dont do it here, okay?
Click to expand...

I am not fan of intel at all and if I buy new computer I go for amd. I just mean there isnt real virus existing yet so no need to worry too much. Very likely Intel finds out too hard to hack with this bug ( I would say nsa backdoor) so intel doesnt try very hard to create working patch.


----------



## Offler

cfu97 said:


> Those are not practical virus


Yes, those ARE practical viruses.


----------



## Hawk777th

Do these microcode updates come as bios updates or what? 

I am on a 5960X is there a fix?


----------



## OutlawII

This thread is still going? lol


----------



## Nightingale

OutlawII said:


> This thread is still going? lol


Yes, LOL. Keep it coming.


----------



## Nightingale

Hawk777th said:


> Do these microcode updates come as bios updates or what?
> 
> I am on a 5960X is there a fix?


Yes they come in as Bios Updates from your manufacturer as Intel supply's them the Microcode to be embedded into the Bios.


----------



## ryan92084

OutlawII said:


> This thread is still going? lol


I wasn't aware that all possible software mitigations were 100% rolled out, reliable, and bug free or that the newest products from all effected vendors had verified fully functional hardware fixes. In that case feel free to get the thread closed.
/s


----------



## tpi2007

In six months this thread will still be going, or another one with the same subject, simply because Intel has committed to delivering microcode updates dating back to ten years, up to and including 45nm Core 2 Duo from 2008, and those are still in the planning stages. Ivy Bridge and Sandy Bridge are in Beta, being tested by partners, and then we have to see how motherboard vendors will behave themselves regarding actually putting the code in BIOS updates for older boards. And then we have to test it out, reviewers will review, test for performance and stability. And then there's the eventual news about this or that exploit that has been found in the wild, etc.


----------



## EniGma1987

My ASRock Z370 Professional has spectre bios fixes available now.


----------



## cfu97

EniGma1987 said:


> My ASRock Z370 Professional has spectre bios fixes available now.


No evidence showing any current fix is stable and you may kill your motherboard with it.


----------



## cekim

cfu97 said:


> No evidence showing any current fix is stable and you may kill your motherboard with it.


Got a link for actual damage? Instability is well known, but actual damage? That's a bold claim.


----------



## EniGma1987

This is the 2nd spectre fix release, not the 1st one that was unstable. Havent seen any reports yet of problems in the "2nd gen" fix.


----------



## ibb27

LostParticle said:


> *Oopps!*


In addition to this:
https://github.com/osusecLab/SgxPectre


----------



## termathor

cfu97 said:


> No evidence showing any current fix is stable and you may kill your motherboard with it.


Hi,

I was wondering why, since Intel released the fixes for all recent CPUs up to Broadwell/Haswell, there is no report about them, being stable, having performance impact or anything else.
I understand the OEMs have yet to include the fixes into their FW, but I find it curious no-one seems to say anything on this.

Anyone has any link to information on the Intel fixes impact ?


----------



## ryan92084

termathor said:


> Hi,
> 
> I was wondering why, since Intel released the fixes for all recent CPUs up to Broadwell/Haswell, there is no report about them, being stable, having performance impact or anything else.
> I understand the OEMs have yet to include the fixes into their FW, but I find it curious no-one seems to say anything on this.
> 
> Anyone has any link to information on the Intel fixes impact ?


All I've seen is https://techreport.com/review/33299...-to-fear-from-intel-spectre-microcode-updates


> Conclusions
> The best thing I can say about Intel's Spectre patch is that it doesn't seem to harm the day-to-day performance of recent PCs much—at least going by Dell's version for my Alienware 13 R3. As I've already lamented, though, per-core CPU performance gains of any kind are worth their weight in gold these days, and even the single-digit losses I saw across most of my light-usage benchmarks sting like a tarantula hawk when single-digit performance increases are all we've gotten from the blue team over the past few years.


As well as this handy chart 








from https://www.extremetech.com/computi...take-performance-hit-spectre-meltdown-patches


----------



## GeneO

That's outdated. Here is the latest:

https://newsroom.intel.com/wp-content/uploads/sites/11/2018/03/microcode-update-guidance.pdf


----------



## GeneO

termathor said:


> Hi,
> 
> I was wondering why, since Intel released the fixes for all recent CPUs up to Broadwell/Haswell, there is no report about them, being stable, having performance impact or anything else.
> I understand the OEMs have yet to include the fixes into their FW, but I find it curious no-one seems to say anything on this.
> 
> Anyone has any link to information on the Intel fixes impact ?


I have patched in 0x84 8700k microcode on my Asus BIOS and performed some measurements. I am sensitive and can feel the desktop performance decrease some. Realbench 2.43 score is 3% less (most all due to the image editing portion which takes a 9-10% hit), x264 encoding is actually a percent better, 4k disk i/o is pretty horrible - 18-33% performance drop on my 960 Pro, depending on what benchmark is run . With CDM 2004R7 benchmark, the GDI graphics scores are down 33%, everything else in that suite nearly the same. So CPU intensive, encoding no impact, i/o intensive - impact.


----------



## ryan92084

GeneO said:


> That's outdated. Here is the latest:
> 
> https://newsroom.intel.com/wp-content/uploads/sites/11/2018/03/microcode-update-guidance.pdf


Glad to see progress. Lots of updates since the 21st


----------



## termathor

GeneO said:


> I have patched in 0x84 8700k microcode on my Asus BIOS and performed some measurements. I am sensitive and can feel the desktop performance decrease some. Realbench 2.43 score is 3% less (most all due to the image editing portion which takes a 9-10% hit), x264 encoding is actually a percent better, 4k disk i/o is pretty horrible - 18-33% performance drop on my 960 Pro, depending on what benchmark is run . With CDM 2004R7 benchmark, the GDI graphics scores are down 33%, everything else in that suite nearly the same. So CPU intensive, encoding no impact, i/o intensive - impact.


Thanks for this. 

Wow, and this is on a 8th gen CPU ! So this means I can expect anything on my Haswell, then ...

EDIT: BTW, I don't see any new UEFI for your Maximus X code from ASUS ... You've flashed the Intel FW ?


----------



## ThrashZone

GeneO said:


> I have patched in 0x84 8700k microcode on my Asus BIOS and performed some measurements. I am sensitive and can feel the desktop performance decrease some. Realbench 2.43 score is 3% less (most all due to the image editing portion which takes a 9-10% hit), x264 encoding is actually a percent better, 4k disk i/o is pretty horrible - 18-33% performance drop on my 960 Pro, depending on what benchmark is run . With CDM 2004R7 benchmark, the GDI graphics scores are down 33%, everything else in that suite nearly the same. So CPU intensive, encoding no impact, i/o intensive - impact.


Hi,
You can disable or enable either vulnerability with this easily when you want your performance back

https://www.grc.com/inspectre.htm


----------



## GeneO

ThrashZone said:


> GeneO said:
> 
> 
> 
> I have patched in 0x84 8700k microcode on my Asus BIOS and performed some measurements. I am sensitive and can feel the desktop performance decrease some. Realbench 2.43 score is 3% less (most all due to the image editing portion which takes a 9-10% hit), x264 encoding is actually a percent better, 4k disk i/o is pretty horrible - 18-33% performance drop on my 960 Pro, depending on what benchmark is run . With CDM 2004R7 benchmark, the GDI graphics scores are down 33%, everything else in that suite nearly the same. So CPU intensive, encoding no impact, i/o intensive - impact.
> 
> 
> 
> Hi,
> You can disable or enable either vulnerability with this easily when you want your performance back
> 
> https://www.grc.com/inspectre.htm
Click to expand...

I just edit the registry to enable/disable.


----------



## LostParticle

deleted (because I'm trying to upload two screenshots (png files) and I'm getting internal server error


----------



## Blameless

2nd round of patches have been tested and released for everything down to Haswell and UBU has been capable of applying them to most firmware since late last week.

Not really much reason to avoid the new microcode at this point, unless you are a bencher or do very I/O heavy work and are willing to sacrifice security for performance.


----------



## ThrashZone

Blameless said:


> 2nd round of patches have been tested and released for everything down to Haswell and UBU has been capable of applying them to most firmware since late last week.
> 
> Not really much reason to avoid the new microcode at this point, unless you are a bencher or do very I/O heavy work and are willing to sacrifice security for performance.


Hi,
Or just not scared of the buggerman


----------



## The Robot

ThrashZone said:


> Hi,
> Or just not scared of the buggerman


Boogerman, our new hero who will save us from evil Spectre


----------



## GeneO

ThrashZone said:


> Hi,
> Or just not scared of the buggerman


:thumb:


----------



## Blameless

ThrashZone said:


> Hi,
> Or just not scared of the buggerman


Clear vulnerabilities aren't a 'buggerman' and mitigations to those vulnerabilities that have next to no practical downsides for most users shouldn't be avoided by most users.


----------



## ryan92084

Hrm, buggerman and boogeyman. Very different meanings there. I would be quite afraid of the buggerman.


----------



## GeneO

Blameless said:


> Clear vulnerabilities aren't a 'buggerman' and mitigations to those vulnerabilities that have next to no practical downsides for most users shouldn't be avoided by most users.


The interactive performance hit is palpable.


----------



## ThrashZone

Hi,
Yeah I'll yet y'all know also if I get hit by a bus in my living room too


----------



## Blameless

GeneO said:


> The interactive performance hit is palpable.


Not for most people in most situations.

All of my Haswell and newer setups have been patched since the first round of mitigations and I haven't noticed any perceptible change in performance.

I can benchmark clear reductions in I/O performance, but even fairly massive hits in this area do almost nothing to practical performance as most systems are already _way_ past the point of diminishing returns here.

I doubt more than one in twenty end users could tell the difference in a side by side comparison of otherwise identical systems, one with none of the patches, and one fully mitigated, without resorting to benchmarks.


----------



## GeneO

Blameless said:


> Not for most people in most situations.
> 
> All of my Haswell and newer setups have been patched since the first round of mitigations and I haven't noticed any perceptible change in performance.
> 
> I can benchmark clear reductions in I/O performance, but even fairly massive hits in this area do almost nothing to practical performance as most systems are already _way_ past the point of diminishing returns here.
> 
> I doubt more than one in twenty end users could tell the difference in a side by side comparison of otherwise identical systems, one with none of the patches, and one fully mitigated, without resorting to benchmarks.



Well I sure as hell can. And I'm not the only one.


----------



## Blameless

GeneO said:


> Well I sure as hell can. And I'm not the only one.


Never implied that you couldn't, or that you were, just that the overwhelming majority won't and thus have nothing to lose from utilizing the available mitigations.


----------



## GeneO

Blameless said:


> Never implied that you couldn't, or that you were, just that the overwhelming majority won't and thus have nothing to lose from utilizing the available mitigations.


I don''t see how you can speak for the overwhelming majority, that is all. You are a sigle data point.


----------



## Blameless

GeneO said:


> I don''t see how you can speak for the overwhelming majority, that is all.


Objectively, benchmarks generally show little difference in areas that would result in 'palpable' performance changes in day to day use. There are some outliers, but they are the exception rather than the rule. Only very I/O heavy tasks tend to be significantly affected and very few end-user tasks are that I/O heavy.

It's also quite clear that performance complaints are rare. Major OEMs (Dell, Lenovo, etc) pushed out firmware and patches fairly quickly and there was no outcry of complaints about them. The complaints about stability issues, which were themselves not representative of the overwhelming majority.

More subjectively, I've got quite a few comparison systems myself (most of which are old enough to suffer more from these mitigations than the 6th, 7th, and 8th gen processors used in most professional reviews), am much more sensitive to issues of responsiveness than most, and I cannot tell the difference between mitigated and unmitigated setups, unless I go out of my way to.



GeneO said:


> You are a sigle data point.


I may be a single datapoint, but that hardly means I lack access to others. I don't exist in a vacuum.


----------



## GeneO

Blameless said:


> Objectively, benchmarks generally show little difference in areas that would result in 'palpable' performance changes in day to day use. There are some outliers, but they are the exception rather than the rule. Only very I/O heavy tasks tend to be significantly affected and very few end-user tasks are that I/O heavy.
> 
> It's also quite clear that performance complaints are rare. Major OEMs (Dell, Lenovo, etc) pushed out firmware and patches fairly quickly and there was no outcry of complaints about them. The complaints about stability issues, which were themselves not representative of the overwhelming majority.
> 
> More subjectively, I've got quite a few comparison systems myself (most of which are old enough to suffer more from these mitigations than the 6th, 7th, and 8th gen processors used in most professional reviews), am much more sensitive to issues of responsiveness than most, and I cannot tell the difference between mitigated and unmitigated setups, unless I go out of my way to.
> 
> 
> 
> I may be a single datapoint, but that hardly means I lack access to others. I don't exist in a vacuum.


Seriously? You have access to customer feedback to Dell and other vendors? You've know and have discussed this with or polled the vast majority? /forum/images/smilies/rolleyes.gif Your older systems probably have performance issues that mask the effect of these patches unlike a high performance new system. 

It is just your opinion. Just like it is my opinion that this would bother people with fast systems. This is oc.net after all


----------



## LostParticle

On my system:


----------



## termathor

LostParticle said:


> On my system:


Very nice comparison, LostParticle ! Thx a lot !

I have a 4690K, so would assume same effect on mine, which is almost 0 difference.

Now, I only have to wait until ASUS creates a new UEFI for the Maximus VII Impact.


----------



## GeneO

LostParticle said:


> On my system:


And you rebooted between after enabling Spectre in the registry? That hasn't been my experience with any of these patches (though I only tried 23h on Haswell prior to my decommissioning it). I see big hits in 4k performance and experience lag in the OS when Spectre patch is enabled, as many have reported


----------



## LostParticle

GeneO said:


> And you rebooted between after enabling Spectre in the registry? That hasn't been my experience with any of these patches (though I only tried 23h on Haswell prior to my decommissioning it). I see big hits in 4k performance and experience lag in the OS when Spectre patch is enabled, as many have reported


I did it like this:

With both protections Enabled, the default state of my system, I run AS SSD benchmark. Then I Disabled both, rebooted, checked InSpectre utility to confirm both were disabled, and run AS SSD again. Each time I took the respective screenshot.

Then I set up my system on its initial state (both enabled).

I acknowledge that one pass of the AS SSD, alone, is not indicative of much and that other I/O benchmarks exist. I run AS SSD a couple of more times, though, with similar results. And, most importantly, I do not observe any "degradation" in my system. Personal & subjective opinion, of course.


----------



## cekim

GeneO said:


> Well I sure as hell can. And I'm not the only one.


Curious as to what application you are seeing/feeling this slowdown?

I can "measure" it in benchmarks, but frankly in almost all cases only in synthetic ones... Real performance of either games or large simulations actually show zero objective slowdown (same throughput, frames per second, calculations per second, etc... )

The drop in NFS throughput, while measurable is well in the noise of actual usage when you consider caching, network contention, etc...


----------



## Blameless

GeneO said:


> Your older systems probably have performance issues that mask the effect of these patches unlike a high performance new system.


The older and slower the CPU relative to the drives it uses the _larger[_ the impact of the mitigations.

The slowest system I have that can be fully mitigated is a 4GHz 4930K. Even running apps or VMs off a RAM drive that is much faster than any M.2 NVMe drive in existence, which loses half it's random I/O performance from mitigations, there is no perceptible impact in most uses. It's not at all surprising to me than my 5820K, 6800k, or 6700-HQ systems, using a wide variety of SSDs, also show no perceptible change in general responsiveness...double instantaneous is still instantaneous.



GeneO said:


> It is just your opinion.


The performance impact is not an opinion.



GeneO said:


> Just like it is my opinion that this would bother people with fast systems. This is oc.net after all


Plenty of people are bothered by things for no good reason...such as a hit to benchmark scores that aren't apparent anywhere other than benchmarks.



GeneO said:


> I see big hits in 4k performance and experience lag in the OS when Spectre patch is enabled, as many have reported


You should see significant losses in 4k performance with any modern SSD with all the mitigations enabled, along with increased CPU utilization during such accesses.

However, if you can feel this, something else is almost certainly wrong. Normal use isn't that I/O dependent.


----------



## GeneO

LostParticle said:


> I did it like this:
> 
> With both protections Enabled, the default state of my system, I run AS SSD benchmark. Then I Disabled both, rebooted, checked InSpectre utility to confirm both were disabled, and run AS SSD again. Each time I took the respective screenshot.
> 
> Then I set up my system on its initial state (both enabled).
> 
> I acknowledge that one pass of the AS SSD, alone, is not indicative of much and that other I/O benchmarks exist. I run AS SSD a couple of more times, though, with similar results. And, most importantly, I do not observe any "degradation" in my system. Personal & subjective opinion, of course.


Reason I asked is that InSpectre doesn't tell you if the patched are enabled or not. It just tells you the registry settings. If you change the registry values, they don't take effect until you reboot, even though inSpectre will tell you what the new registry settings are.


----------



## GeneO

Blameless said:


> The older and slower the CPU relative to the drives it uses the _larger[_ the impact of the mitigations.
> 
> The slowest system I have that can be fully mitigated is a 4GHz 4930K. Even running apps or VMs off a RAM drive that is much faster than any M.2 NVMe drive in existence, which loses half it's random I/O performance from mitigations, there is no perceptible impact in most uses. It's not at all surprising to me than my 5820K, 6800k, or 6700-HQ systems, using a wide variety of SSDs, also show no perceptible change in general responsiveness...double instantaneous is still instantaneous.
> 
> 
> 
> The performance impact is not an opinion.
> 
> 
> 
> Plenty of people are bothered by things for no good reason...such as a hit to benchmark scores that aren't apparent anywhere other than benchmarks.


I see, performance impact is not opinion for you but is me. A clue: it is subjective 
I really don't know what to say to someone who makes unjustified assumptions about my motivation and is being such a royal jerk. Only reason I am bringing benchmarks into this at all is because of the noticeable performance lag/sluggishness I experience on the desktop with the Spectre patch. I don't give a fig if computational benchmarks showed up worse. I only care about my experience on the desktop and in games.



> You should see significant losses in 4k performance with any modern SSD with all the mitigations enabled, along with increased CPU utilization during such accesses.
> 
> However, if you can feel this, something else is almost certainly wrong. Normal use isn't that I/O dependent.


Where do you get that you should see increased CPU utilization with the Spectre patch. You really shouldn't see much if any, just increased i/o latency. 

No, nothing else is wrong. I experienced this with both my Haswell rig and my Coffee Lake. You have not considered that not only is SSD performance affected, but any other i/o. The 2D graphics performance measured by Crystaldiskmark 2004R7 GDI benchmark is 33% lower with the Spectre patch. It all combines to a significantly noticeable lag/sluggishness on my system. 

I guess your just another of those "it doesn't happen to me or bother me so you are wrong" dismissive kind of guys. So later.


----------



## LostParticle

GeneO said:


> Reason I asked is that InSpectre doesn't tell you if the patched are enabled or not. It just tells you the registry settings. If you change the registry values, they don't take effect until you reboot, even though inSpectre will tell you what the new registry settings are.


I see.

Can you guide me on how to disable the patches from inside the Registry, directly? I will then repeat my tests and post the screenshots. Personally, I do not mind because I will keep them Enabled anyway but I am willing to do this.

Thank you.


----------



## Blameless

GeneO said:


> I see, performance impact is not opinion for you but is me. A clue: it is subjective


Actual performance measurements most absolutely are not subjective, and the performance perceptions that exist in absence of sufficient measurable change are dubious.



GeneO said:


> I really don't know what to say to someone who makes unjustified assumptions about my motivation and is being such a royal jerk.


I haven't made any statements with regard to your motivations, let alone any assumptions.

I haven't even questioned your perceptions, just the source, because the objective performance changes typical of these mitigations don't match up with your experiences.



GeneO said:


> Where do you get that you should see increased CPU utilization with the Spectre patch. You really shouldn't see much if any, just increased i/o latency.


Much of the I/O impact comes from additional accesses that have to be made due buffer flushes that don't happen without the mitigations.

Increased kernel times (meaning more CPU cycles spent) is the prime result of these changes, with most other side-effects stemming from that.

https://arstechnica.com/gadgets/201...e-and-meltdown-patches-will-hurt-performance/

https://www.epicgames.com/fortnite/forums/news/announcements/132642-epic-services-stability-update

https://www.lakesidesoftware.com/bl...atches-may-increase-cpu-load-initial-findings



GeneO said:


> You have not considered that not only is SSD performance affected, but any other i/o.


The mitigations affect essentially every kernel access, which includes most, but is not limited to, I/O. I/O is simply the most frequent reason for kernel accesses (and thus TLB flushes) and a fast SSD or large array of disks is typically the only way for there to be enough I/O performance to matter.



GeneO said:


> The 2D graphics performance measured by Crystaldiskmark 2004R7 GDI benchmark is 33% lower with the Spectre patch.


GDI has been increasingly depreciated since Windows Vista/7 and even if it weren't, modern CPUs are fast enough that you'd have to loose a hell of a lot more than 33% of your performance for it to be noticeable in general use (otherwise there wouldn't be any systems from the GDI era that were responsive, as even a fully mitigated modern system has many times the GDI performance of these).

https://msdn.microsoft.com/en-us/library/windows/desktop/ff684176(v=vs.85).aspx
http://www.tomshardware.com/reviews/2d-windows-gdi,2547.html

Those articles are eight years old, when GDI was already on it's way out. Very little is going to be using GDI new systems unless it's explicitly told to or is very old software.



GeneO said:


> It all combines to a significantly noticeable lag/sluggishness on my system.


I'm extremely sceptical of your conclusion as you haven't mentioned any use case where the performance hit from these mitigations would be significant. The sluggishness you observe, if it's real, sounds more coincidental than causal.

The largest change I've been able to find in any benchmark or test that is actually measuring general use responsiveness (as opposed to tangentially related factors) to is in PCMark 10's app startup bench: https://techreport.com/review/33299...o-fear-from-intel-spectre-microcode-updates/2.

Edit: Intel and PCWorld have SYSMark 2014 SE tests with differentials exceeding this on Skylake and Broadwell parts running Windows 10.

Out of the dozen or so professional reviews of the various mitigations I've read, I only found one where relevant tests were getting into what could reasonably be called 'significantly noticeable lag/sluggishness: https://www.pcworld.com/article/325...spectre-patches-drag-down-older-hardware.html -- and that's on a laptop with a low power Broadwell i5 that probably isn't using large memory pages in File Explorer.



GeneO said:


> I guess your just another of those "it doesn't happen to me or bother me so you are wrong" dismissive kind of guys. So later.


No, I'm one of those 'if it can't be measured, it's probably not there' kinda guys.

You say your system is made sluggish in normal desktop use by these patches, but that's not something that has been demonstrated in much actual testing. Not saying noticeable hits to responsiveness aren't possible, but again, they are clearly the minority, especially on faster setups.


----------



## miklkit

This has probably been answered already but: Do these patches affect AMD CPUs like this also? As in, do AMD based rigs also have this big I/O hit? 



I ask because I am playing a game that stores a huge amount of data on the HD and there is heavy I/O use while playing. And yes there are lots of complaints about stuttering and lag, but my AMD rig seems to be doing ok.


----------



## EniGma1987

miklkit said:


> This has probably been answered already but: Do these patches affect AMD CPUs like this also? As in, do AMD based rigs also have this big I/O hit?
> 
> 
> 
> I ask because I am playing a game that stores a huge amount of data on the HD and there is heavy I/O use while playing. And yes there are lots of complaints about stuttering and lag, but my AMD rig seems to be doing ok.


The performance hit patches are only for Intel.


----------



## GeneO

LostParticle said:


> I see.
> 
> Can you guide me on how to disable the patches from inside the Registry, directly? I will then repeat my tests and post the screenshots. Personally, I do not mind because I will keep them Enabled anyway but I am willing to do this.
> 
> Thank you.


https://support.microsoft.com/en-us...-to-protect-against-the-speculative-execution


----------



## cfu97

My one year old asrock motherboard does have patch for this bug at all


----------



## The Robot

cfu97 said:


> My one year old asrock motherboard does have patch for this bug at all


Yeah, millions of systems will be left vulnerable because their support ended years ago. Why can't Microsoft just include an updated kernel with patched microcode in the next build of Windows? Surely can't be too hard, because Linux can do it.


----------



## ryan92084

The Robot said:


> Yeah, millions of systems will be left vulnerable because their support ended years ago. Why can't Microsoft just include an updated kernel with patched microcode in the next build of Windows? Surely can't be too hard, because Linux can do it.


So after people saying it is impossible for Windows to patch microcode I did some digging. While it is technically true that microcode isn't "patched" via windows update it can supply and run a newer version than is provided by your bios. However, it is pretty rare for them to do so and the information was a little old so I don't know if it applies to win10. For spectre I suspect they will do exactly this but are likely giving the new microcodes a bit more time for testing after being bitten by Intel's buggy code last month.

Alternatively you could also update it via the VMware tool.


----------



## JackCY

So... when are patches actually rolling out? So far no UEFI updates for Haswell, OS updates didn't get distributed beside some markets and then half of them got pulled back due to issues, and so on.
Seems like the topic is dying overall in an attempt to be swept under the floor as Intel fails to come up with a solution for an issue they know about for over 25 years.


----------



## e-gate

JackCY said:


> So... when are patches actually rolling out? So far no UEFI updates for Haswell, OS updates didn't get distributed beside some markets and then half of them got pulled back due to issues, and so on.
> Seems like the topic is dying overall in an attempt to be swept under the floor as Intel fails to come up with a solution for an issue they know about for over 25 years.


There is nothing more to discuss. Patches are slowing coming. 
After all the Meltdown/Spectre is old.
Nvidia's Partner Program is so hot right now.


----------



## khanmein

JackCY said:


> So... when are patches actually rolling out? So far no UEFI updates for Haswell, OS updates didn't get distributed beside some markets and then half of them got pulled back due to issues, and so on.
> Seems like the topic is dying overall in an attempt to be swept under the floor as Intel fails to come up with a solution for an issue they know about for over 25 years.


My ASRock H97 Pro4 offered the latest CPU microcode, but without ME update.


----------



## LostParticle

At last, a new BIOS came out today for my ASRock Z97 OC Formula! I'm gonna flash and test, soon...


----------



## cfu97

Only patch for most expensive or latest models, my one year old model asrock cheap model has no patch at all.


----------



## LostParticle

LostParticle said:


> At last, a new BIOS came out today for my ASRock Z97 OC Formula! I'm gonna flash and test, soon...



So far, so good. My own Optimized Defaults.


----------



## khanmein

cfu97 said:


> Only patch for most expensive or latest models, my one year old model asrock cheap model has no patch at all.


H97 Pro4 is considered a cheap model also included the latest bios, but doesn't include the latest ME update only.


----------



## termathor

LostParticle said:


> So far, so good. My own Optimized Defaults.


Good on you. I wish my then very expensive ASUS Maximus VII Impact was given the same treatment !

By the way, I couldn't figure out, from the screenshots, if you had performance impact ... Can you launch a disk based benchmark ?


----------



## LostParticle

termathor said:


> Good on you. I wish my then very expensive ASUS Maximus VII Impact was given the same treatment !
> 
> By the way, I couldn't figure out, from the screenshots, if you had performance impact ... Can you launch a disk based benchmark ?


Sure! 

As you observe I have not disabled the patches this time. The reason is that I will keep them enabled anyway, there's no way I will ever disable them, so since I do not feel any degradation in my system there's no reason to test "before-after"

Finally, I believe I ought to mention the following:



Spoiler



AHCIdrivers v13.2.8.1002 WHQL
Best matching Intel RAID ROM resp. EFI "RaidDriver" BIOS modules: v13.2.2.2224 (RAID OROM) resp. 13.2.0.2134 (EFI RaidDriver)
(UBU: option 5)




PS: Not yet any BIOS update for my ASUS Maximus VII Hero, either...


----------



## AlphaC

http://www.overclock.net/forum/167-...-spectre-microcode-update-84-0x84-status.html

Anyone have info on MSI boards ? I don't see any BIOs updates let alone microcode from them since January


----------



## LostParticle

Hello again!

- What's going on with ASRock?!

Today I have revisited my *Z97 OC Formula's* page. Look at what it says in the description of the latest (2.00) BIOS!
Yesterday they were saying something different, as can be seen in the screenshot of my post #1583, above!

Why do they say "Update Haswell CPU Microcode to *revision 17*"? The BIOS I flashed came with MC 24, I've checked it now again. 
What's going on? Is this a typo (!) or have they replaced it with some other (BIOS) file?

?


----------



## Blameless

JackCY said:


> So... when are patches actually rolling out?


Stable microcode patches down to Sandy Bridge have been out for a week.

Most OEMs will never update all their firmware though, so it's up to many users to patch the microcode themselves, if they want the mitigations.


----------



## rluker5

Blameless said:


> Stable microcode patches down to Sandy Bridge have been out for a week.
> 
> Most OEMs will never update all their firmware though, so it's up to many users to patch the microcode themselves, if they want the mitigations.


Is there a better place to find them than uefi bios updater if I'm doing it myself? The ubu 1.69.15 still has the November microcode for broadwell c as the most recent even though 1150 haswell has gotten a newer one.
Just checking. 
I know it may be a while since there aren't a lot of broadwell c's out there.


----------



## JackCY

khanmein said:


> My ASRock H97 Pro4 offered the latest CPU microcode, but without ME update.


Yeah only yesterday it finally poped up available.



Blameless said:


> Stable microcode patches down to Sandy Bridge have been out for a week.
> 
> Most OEMs will never update all their firmware though, so it's up to many users to patch the microcode themselves, if they want the mitigations.


So they said before and it was rolled back twice or more when it was causing issues. Haven't seen a single trustworthy official tool for modifying UEFI, so good luck security wise using some 3rd party tool downloaded from who knows where doing who knows what. Intel releases linux microcode files and then people go hack that into their UEFI images with 3rd party tools, you trust these tools? I don't as well as don't trust Intel getting these patches done right soon, the amount of garbage attempts there have been so far with the patches is crazy.

At least my board has dual UEFI and switching back to old version is a matter of flipping a switch in case they mess something up in a new UEFI version.



> Update Haswell CPU Microcode to revision 17 and Broadwell CPU Microcode to revision 1D.


17 means in HEX, so it should have been written as 0x17 = 23 in DEC. For Broadwell they write it as 1D instead of 0x1D but at least it's more clear there. HEX vs DEC version number confusion.


----------



## rluker5

JackCY said:


> So they said before and it was rolled back twice or more when it was causing issues. Haven't seen a single trustworthy official tool for modifying UEFI, so good luck security wise using some 3rd party tool downloaded from who knows where doing who knows what. Intel releases linux microcode files and then people go hack that into their UEFI images with 3rd party tools, you trust these tools? I don't as well as don't trust Intel getting these patches done right soon, the amount of garbage attempts there have been so far with the patches is crazy.
> 
> At least my board has dual UEFI and switching back to old version is a matter of flipping a switch in case they mess something up in a new UEFI version.


I use that "uefi bios updater" on my evga z97 classified and it works as well as nvflash did for my older gpus. But it didn't make a flashable bios for my asus h81, the asus ezflash tool rejected it. And I know nothing of how much of a security risk it is. But where it works, it works all of the time.

I also have a bios switch (3 spots) so I had less to risk by trying.


----------



## Blameless

JackCY said:


> So they said before and it was rolled back twice or more when it was causing issues.


The initial patches for Haswell through Coffee Lake were retracted, but there haven't been any issues, as of yet, with the second round of microcode.



JackCY said:


> Haven't seen a single trustworthy official tool for modifying UEFI, so good luck security wise using some 3rd party tool downloaded from who knows where doing who knows what. Intel releases linux microcode files and then people go hack that into their UEFI images with 3rd party tools, you trust these tools?


You can patch the microcode completely manually with a hex editor, which is what I did with the first round of fixes (that seemed to work, without issue, for me) and it's just as easy to verify what third party utilities are doing.

Microcode patches are very small and board firmware very modular. Simply looking up the microcode used in one's firmware, finding a copy of said microcode to compare to the contents of one's firmware, then pasting the new microcode over it and adding or subtracting from the padding seconds of the firmware to maintain the same file size is enough.

So, yes, as these third party utilities (UBU, for example) do nothing more complex than this and this is trivially easy to verify, I don't need to trust them...but I do. No one is trying to deceive anyone and any such deception would be immediately apparent.

In the end, it's far preferable to patch the microcode myself, or with UBU, than it is to rely upon the motherboard makers that may include other, undesireable alterations to their firmware. My X99 SOC Champion is a perfect example of this...the revision 22 final firmware has trash memory tables and for some reason needs at least 10mV more vcore for HW-E parts to achive similar stability, but it's the newest, so it's what they used for the microcode patched version. The patched version they have, which is listed as a production release, not a beta, has the old, first run 3B and 23 microcode patches slapped on top of the 22 final firmware, making it crap in two different ways. Patching the 3C and 25 microcode on to the revision 22n beta firmware myself is the best of all worlds.


----------



## LostParticle

JackCY said:


> 17 means in HEX, so it should have been written as 0x17 = 23 in DEC. For Broadwell they write it as 1D instead of 0x1D but at least it's more clear there. HEX vs DEC version number confusion.


Hi, 

IF you're referring to my post/query, surely HEX 17 = DEC 23 but... in my BIOS, the official one I got from ASRock, it says MC 24! So, what are these guys [ASRock] talking about?!
Note, that I got it as soon as it was released and the description was different. I don't know why they describe it like this (17), I don't know IF it was replaced...
And I do not have UBU any more to verify which MC it has.


----------



## rluker5

LostParticle said:


> Hi,
> 
> IF you're referring to my post/query, surely HEX 17 = DEC 23 but... in my BIOS, the official one I got from ASRock, it says MC 24! So, what are these guys [ASRock] talking about?!
> Note, that I got it as soon as it was released and the description was different. I don't know why they describe it like this (17), I don't know IF it was replaced...
> And I do not have UBU any more to verify which MC it has.


HWiNFO shows the microcode if you care, also probably in bios cpu info somewhere.


----------



## Blameless

LostParticle said:


> Hi,
> 
> IF you're referring to my post/query, surely HEX 17 = DEC 23 but... in my BIOS, the official one I got from ASRock, it says MC 24! So, what are these guys [ASRock] talking about?!
> Note, that I got it as soon as it was released and the description was different. I don't know why they describe it like this (17), I don't know IF it was replaced...
> And I do not have UBU any more to verify which MC it has.


What motherboard is this?

Edit:

The newest firmware for the Z97 OC Formula has microcodes 1D (Broadwell) and 24 (Haswell). These are the most recent available.


----------



## LostParticle

Blameless said:


> What motherboard is this?
> 
> Edit:
> 
> The newest firmware for the Z97 OC Formula has microcodes 1D (Broadwell) and 24 (Haswell). These are the most recent available.


It's the ASRock Z97 OC Formula. 
Yes, I know I am running microcode 24 because I see it in my BIOS, as I already said 

I'm just wondering why ASRock writes (in the Description of my BIOS): "Update Haswell CPU Microcode to revision 17"...?

17 HEX = 23 DEC

But the BIOS has microcode 24. Not 23...


----------



## GeneO

LostParticle said:


> It's the ASRock Z97 OC Formula.
> Yes, I know I am running microcode 24 because I see it in my BIOS, as I already said
> 
> I'm just wondering why ASRock writes (in the Description of my BIOS): "Update Haswell CPU Microcode to revision 17"...?
> 
> 17 HEX = 23 DEC
> 
> But the BIOS has microcode 24. Not 23...


Believe me they wouldn't convert it to decimal. They said 17 and it is just a mistake.


----------



## LostParticle

GeneO said:


> Believe me they wouldn't convert it to decimal. They said 17 and it is just a mistake.



I agree / believe you.


----------



## rluker5

Thread necro time.
https://support.microsoft.com/en-us/help/4093836/summary-of-intel-microcode-updates
That link is pretty self explanatory. Microcode updates for Skylake and newer.
Which is good? Probably? Fast hard drives will be slower and some games will stutter more at least with my cpu.
My poor optane. But spectre fixes for Intel chips will be widely available.
And there will be less of an exploitable market and so less incentive to do so. So I can revert my microcode with an increased sense of security.
Or maybe just the older chips will be hit with the bigger performance loss and AMD will be more competitive.

Just checked and I didn't get them, so maybe they're optional? Anyone with a Skylake or newer want to check their update history or get one if that is your desire?
Catalog is here: http://www.catalog.update.microsoft.com/Home.aspx


----------



## LostParticle

Still no new BIOS for my ASUS Maximus VII Hero.
Anyone heard anything?


----------



## Skylinestar

Anyone tried ASRock Z170 Gaming K6 v7.40 BIOS (latest with Spectre & Meltdown fix)?
Is SkyOC still in it?
Any changes in overclock?


----------



## EniGma1987

Skylinestar said:


> Anyone tried ASRock Z170 Gaming K6 v7.40 BIOS (latest with Spectre & Meltdown fix)?
> Is SkyOC still in it?
> Any changes in overclock?



SkyOC was removed many bios versions ago when Intel made motherboard manufacturers do it as it was never an intentional feature from Intel. So no, that wouldnt be in the Spectre fix bios. Anything past Microcode 76 will not have SkyOC:


> 1.Update microcode to 0x76.
> 2.Remove Sky OC function.




I see that ASRock has Spectre bios fixes out for all 3 of my boards from them: Z170 OC Formula, Z270 Supercarrier, and Z370 Professional (and no I dont upgrade every year, I just have a lot of computers)


----------



## termathor

LostParticle said:


> Still no new BIOS for my ASUS Maximus VII Hero.
> Anyone heard anything?


I have its little sister the VII Impact. Nice piece of kit with the same FW.

Here is what I'm monitoring:
https://rog.asus.com/forum/showthread.php?98738-SPECTRE-and-MELTDOWN-Bug-rocks-Intel-ARM-CPUs/page53

https://www.asus.com/News/V5urzYAT6...15.1777626642.1521649964-260844942.1500562679
They unfortunately don't list Z97 mobo 

One poster (page 52) posted the following:
""...our software engineer is currently developing new BIOS update."

Well, that actually explains everything, doesn't it?
'Cmon Tommy, hurry up with those BIOSs, we're all counting on you man! "

I'm not able to retrace the source of this TBH.

The point is, if ASUS ignores our ROG platform for this (mine was twice the price of other mobos !), they'll pretty much kill the product line. There are very angry posts in this thread 

I think we'll have updates soon ...


----------



## LostParticle

termathor said:


> I have its little sister the VII Impact. Nice piece of kit with the same FW.
> 
> Here is what I'm monitoring:
> https://rog.asus.com/forum/showthread.php?98738-SPECTRE-and-MELTDOWN-Bug-rocks-Intel-ARM-CPUs/page53
> 
> https://www.asus.com/News/V5urzYAT6...15.1777626642.1521649964-260844942.1500562679
> They unfortunately don't list Z97 mobo
> 
> One poster (page 52) posted the following:
> ""...our software engineer is currently developing new BIOS update."
> 
> Well, that actually explains everything, doesn't it?
> 'Cmon Tommy, hurry up with those BIOSs, we're all counting on you man! "
> 
> I'm not able to retrace the source of this TBH.
> 
> The point is, if ASUS ignores our ROG platform for this (mine was twice the price of other mobos !), they'll pretty much kill the product line. There are very angry posts in this thread
> 
> I think we'll have updates soon ...


Thanks for the links, I appreciate it and I'll keep an eye. After my "Z97 experience" = Gigabyte Z97 SOC Force, ASUS Maximus VII Hero, ASRock Z97 OC Formula, and my very first one, the Asrock Z97 Extreme 6, I have decided, after everything I've seen, that I will be purchasing only ASRock motherboards from now on. I'm planning on going AMD after approx. 8 months, 'cause now I'll most probably need a laptop, well, ASRock it is going to be, like 99.99%. Republics are good when they're functioning.


----------



## Skylinestar

EniGma1987 said:


> SkyOC was removed many bios versions ago when Intel made motherboard manufacturers do it as it was never an intentional feature from Intel. So no, that wouldnt be in the Spectre fix bios. Anything past Microcode 76 will not have SkyOC:


No. My current 7.20 has SkyOC, with intel i5 6500 overclocked.
https://valid.x86.fr/412w19


----------



## cfu97

Is there any practical reported news saying someone got hacked because of using an unpatched computer?


----------



## rluker5

Skylinestar said:


> No. My current 7.20 has SkyOC, with intel i5 6500 overclocked.
> https://valid.x86.fr/412w19


Your validation says you have microcode 73. HWinfo64 can also show you this and it may be in your bios under cpu info or something. 
But as a consolation prize you have skyoc so there is that.


----------



## rluker5

cfu97 said:


> Is there any practical reported news saying someone got hacked because of using an unpatched computer?


I'd like to know that too. I posted a little testing on my uncommon chip here: www.overclock.net/forum/5-intel-cpus/1583537-intel-broadwell-c-ownership-club-258.html and a viable threat would help convince me to swallow the performance loss and switch over.
This thread would be perfect for that.


----------



## cfu97

rluker5 said:


> I'd like to know that too. I posted a little testing on my uncommon chip here: www.overclock.net/forum/5-intel-cpus/1583537-intel-broadwell-c-ownership-club-258.html and a viable threat would help convince me to swallow the performance loss and switch over.
> This thread would be perfect for that.


No point to apply patch since the real problem now is patch could be so unstable and the whole computer would just stop working and may not even recoverable. This risk is much higher than a potential hack that may has no real risk at all. I don't see how can any human shows someone would be hacked by a javascript with this security hole by browsing online or any practical way.


----------



## rluker5

cfu97 said:


> No point to apply patch since the real problem now is patch could be so unstable and the whole computer would just stop working and may not even recoverable. This risk is much higher than a potential hack that may has no real risk at all. I don't see how can any human shows someone would be hacked by a javascript with this security hole by browsing online or any practical way.


With my cpu it seemed just as stable as the others. My ram tightenings still worked, cpu core and cache overclocks worked at the same voltage. And the reduction in i/o performance was consistent. My edram cache use as an L3 bank may also be curtailed but I don't know that for sure, and that part is specific to a few cpus.
Maybe if you somehow botched modding your bios things could get messed up. If you are worried about that (i was too) you could wait for the windows update or manufacturers update for your mobo to come out and use that.

I thought they were able to use javascript to read your cpu cache for passwords and stuff. So I try to keep mine clean (by not having browser save them, clear history on exit and not having multiple tabs open when one has a money backed password entered), but if there were to be found instances of this exploit I would be more careful.


----------



## cfu97

rluker5 said:


> With my cpu it seemed just as stable as the others. My ram tightenings still worked, cpu core and cache overclocks worked at the same voltage. And the reduction in i/o performance was consistent. My edram cache use as an L3 bank may also be curtailed but I don't know that for sure, and that part is specific to a few cpus.
> Maybe if you somehow botched modding your bios things could get messed up. If you are worried about that (i was too) you could wait for the windows update or manufacturers update for your mobo to come out and use that.
> 
> I thought they were able to use javascript to read your cpu cache for passwords and stuff. So I try to keep mine clean (by not having browser save them, clear history on exit and not having multiple tabs open when one has a money backed password entered), but if there were to be found instances of this exploit I would be more careful.


Using javascript to hack with this vulnerabilities should be not practical yet.


----------



## ku4eto

Someone said, there are no viruses, its a overblown issue:

https://www.techspot.com/amp/news/7...essfully-demonstrated-several-intel-cpus.html

https://arstechnica.com/gadgets/201...-reveal-more-branch-prediction-attacks/?amp=1


----------



## OutlawII

ku4eto said:


> Someone said, there are no viruses, its a overblown issue:
> 
> https://www.techspot.com/amp/news/7...essfully-demonstrated-several-intel-cpus.html
> 
> https://arstechnica.com/gadgets/201...-reveal-more-branch-prediction-attacks/?amp=1


I have not seen any actual cases of this exploit being used for malicious attacks. The only thing i have seen is demonstrations of how this could potentially work. I agree that this is a very bad thing but i also think it has been a one-sided blown up attack. Because as we all know AMD is also affected by some of these issues but barely makes any of the discussions.


----------



## ryan92084

OutlawII said:


> I have not seen any actual cases of this exploit being used for malicious attacks. The only thing i have seen is demonstrations of how this could potentially work. I agree that this is a very bad thing but i also think it has been a one-sided blown up attack. Because as we all know AMD is also affected by some of these issues but barely makes any of the discussions.


That is because AMD is affected by only 1.5 of the 3 well now 4 exploits and (with the exception of some quite old chipsets) had their main vulnerability patched with little fuss by the time the info came out.


----------



## OutlawII

ryan92084 said:


> That is because AMD is affected by only 1.5 of the 3 well now 4 exploits and (with the exception of some quite old chipsets) had their main vulnerability patched with little fuss by the time the info came out.


So this makes it not newsworthy? That is my point not much news on the red team side of things sounds like a one-sided hateful story


----------



## ryan92084

OutlawII said:


> So this makes it not newsworthy? That is my point not much news on the red team side of things sounds like a one-sided hateful story


? It was reported on widely when the story first broke almost 3 months ago. Actually back then a big complaint was AMD being over reported on since they often got lumped together with Intel on meltdown impact articles. There was also a lot of uproar over their "not susceptible to all three variants" response as well as confusion about one variant being Linux only (its not) and requiring a bios setting change (it didn't).

The intel story has lasted longer because the impact is bigger (meltdown), the microcode being buggy, microcode pulled, windows having to issue another patch, and then the slow roll out of the new microcodes this month. So yes, at this point the story rather one sided but that's because the other side is settled (atm) and had to deal with CTS instead.

At this point besides having to make sure future reviews use properly patched systems, waiting for the lawsuits to play out, discovering new variants, and seeing if/when actual viruses are in the wild there isn't much to discuss/report on.


----------



## rluker5

ku4eto said:


> Someone said, there are no viruses, its a overblown issue:
> 
> https://www.techspot.com/amp/news/7...essfully-demonstrated-several-intel-cpus.html
> 
> https://arstechnica.com/gadgets/201...-reveal-more-branch-prediction-attacks/?amp=1


I missed that someone, but you offer no evidence to the contrary of their claim. 

From one of your citations, but they both say this: "As with Spectre 2, it's not clear just how much software is truly vulnerable to BranchScope attacks. In both cases, attackers need the ability to run code on a victim system, so these attacks will never be used for initial entry into a system. What they do, however, is demonstrate that the isolation boundaries that have long been assumed to exist are rendered somewhat permeable by the speculative execution hardware that is essential to high-performance processors. Moreover, BranchScope shows that Spectre isn't the only avenue through which this speculative execution can be exploited. "

If they had access, why wouldn't they install a keylogger or something? Would be a lot more effective than fishing in the dark.

I'm no expert and I wouldn't even be bothered if someone were to point out that I was wrong for having the meltdown update active + w.defender + Malwarebytes + no spectre microcode update. But they look like a convoluted chance based keylogger that should be manageable with a windows and a browser and a java update and normal virus/malware protection. 
I don't save passwords in my browser and have my history cleared on exit, is there any way for my passwords to get into my cache if they aren't in my memory?


----------



## ku4eto

rluker5 said:


> I missed that someone, but you offer no evidence to the contrary of their claim.
> 
> From one of your citations, but they both say this: "As with Spectre 2, it's not clear just how much software is truly vulnerable to BranchScope attacks. In both cases, attackers need the ability to run code on a victim system, so these attacks will never be used for initial entry into a system. What they do, however, is demonstrate that the isolation boundaries that have long been assumed to exist are rendered somewhat permeable by the speculative execution hardware that is essential to high-performance processors. Moreover, BranchScope shows that Spectre isn't the only avenue through which this speculative execution can be exploited. "
> 
> If they had access, why wouldn't they install a keylogger or something? Would be a lot more effective than fishing in the dark.
> 
> I'm no expert and I wouldn't even be bothered if someone were to point out that I was wrong for having the meltdown update active + w.defender + Malwarebytes + no spectre microcode update. But they look like a convoluted chance based keylogger that should be manageable with a windows and a browser and a java update and normal virus/malware protection.
> I don't save passwords in my browser and have my history cleared on exit, is there any way for my passwords to get into my cache if they aren't in my memory?


Because a normal Keylogger is caught by every normal AV? And you dont need root access (admin rights) to be able to use this. Thats the point.


----------



## rluker5

ku4eto said:


> Because a normal Keylogger is caught by every normal AV? And you dont need root access (admin rights) to be able to use this. Thats the point.


Also need elevated privileges for spectre. And the side channel is timing based (doesn't read cache directly) and that has been removed in java and the major browsers by lowering the timing resolution and some have tossed in fake timing jitter.

Right now it seems easier to use a keylogger since you need the same access for both and spectre can't even read the out of focus stuff anymore.
But it might not be, so I was curious about exploits out in the wild.

But thanks ku4eto, you prodded me to check out spectre more in depth and now I feel more at ease with my 5775c since it's cache/ram timing ratios are all messed up due to the large L4 cache presence (L4 cache is closer to ddr than L3 cache in speeds).


----------



## cfu97

ku4eto said:


> Someone said, there are no viruses, its a overblown issue:
> 
> https://www.techspot.com/amp/news/7...essfully-demonstrated-several-intel-cpus.html
> 
> https://arstechnica.com/gadgets/201...-reveal-more-branch-prediction-attacks/?amp=1


These links don't provide any practical hack details at all. Don't sound like that could be done by javascript or internet kind of way, seem like it must be extremely closed to each other like at least two Virtual Machines in the same physical server with same cpu, then one vm can somehow "hack" the cpu to access the information for another VM. By for this case not practical for any normal user.


----------



## ku4eto

cfu97 said:


> These links don't provide any practical hack details at all. Don't sound like that could be done by javascript or internet kind of way, seem like it must be extremely closed to each other like at least two Virtual Machines in the same physical server with same cpu, then one vm can somehow "hack" the cpu to access the information for another VM. By for this case not practical for any normal user.


What do you mean not practical for normal user?

How do you thing Amazon Web Services work? Same with web hostings? Lots of normal people, have their sites on shared hostings or VPS'es. What would cost me (30$ for example), to get the cheapest VPS plan for 1 month, and execute such attacks? I would be able to gain anykind of information, about the other VM's working on that server. Maybe even read a root password? Thats the idea of those hacks.


----------



## cfu97

ku4eto said:


> What do you mean not practical for normal user?
> 
> How do you thing Amazon Web Services work? Same with web hostings? Lots of normal people, have their sites on shared hostings or VPS'es. What would cost me (30$ for example), to get the cheapest VPS plan for 1 month, and execute such attacks? I would be able to gain anykind of information, about the other VM's working on that server. Maybe even read a root password? Thats the idea of those hacks.


Don't sound like this bug would affect normal user. You think amazon wouldn't patch it somehow? I am talking about normal personal computer user.


----------



## ku4eto

cfu97 said:


> Don't sound like this bug would affect normal user. You think amazon wouldn't patch it somehow? I am talking about normal personal computer user.


Unless you are a person of interest, who is going to target you? If they make a virus, that can read directly from CPU the password for X bank sites, and then transmit it, along with other collected personal information, it will be useful. Otherwise, too much hassle. Dont think you are safe through, lots of loonies around, and they maybe are already using this. Its just that we dont know yet.


----------



## Vlada011

New Security Problems are found similar to Spectre 2, name Branch Scope.
Intel's Train go deeper in problems. 
Are you aware how Intel Vulnerable and Security Bugs helped me to keep Intel X99 and don't even to think about any platform upgrade until everything settle down for at least 2 years.

After some many Bugs even hundreds security patches not help except to cripple performance.
Insane start of 2018 for Intel CPU owners. 
We will lost self in security updates for Intel CPU Flaws.


----------



## cfu97

X99 doesnt have any of these bugs?


----------



## cfu97

I dont think we need to care these new and old tons of bugs except there is practical case that somehow a trojan horse kind of attack can happen through web browsing


----------



## ThrashZone

cfu97 said:


> X99 doesnt have any of these bugs?


Hi,
Yes 
But so does the newest platforms too 
https://www.grc.com/inspectre.htm


----------



## revro

so seems ms really wants to kill win7. the meltdown patch for win7 is failure

https://www.reddit.com/r/sysadmin/comments/87lxdc/thought_meltdown_was_bad_heres_total_meltdown/

https://www.reddit.com/r/programming/comments/87n7pa/total_meltdown_windows_7_meltdown_patch_allows/

anyone who can decipher it which march KB to download to fix it on win7? thank you


----------



## Leopardi

So intel finished the microcodes, full list: https://newsroom.intel.com/wp-content/uploads/sites/11/2018/04/microcode-update-guidance.pdf

Only Haswell mobile cpu's, not desktop?


----------



## tpi2007

Leopardi said:


> So intel finished the microcodes, full list: https://newsroom.intel.com/wp-content/uploads/sites/11/2018/04/microcode-update-guidance.pdf
> 
> Only Haswell mobile cpu's, not desktop?



That list is still a mess. Incoherent things like listing desktop Sandy Bridge but not Ivy Bridge for example (but they do list Ivy Bridge-E) .

Also, for those wondering, the news is that they dropped their plans to develop patches for 45nm Core 2 CPUs and x58 CPUs (Nehalem, Westemere). One of their reasons doesn't add up regarding Nehalem, as they are still planning on patching some Xeons in that range and mainstream first gen Core series are also still getting patched (Celeron, Pentium, Core i3 500 series, Core i5 600 and 700 series and Core i7 800 series and also the Arrandale mobile CPU range).

https://techreport.com/news/33464/intel-axes-plans-to-armor-some-cpus-against-spectre


----------



## JackCY

Intel is melting down, slowly but surely. The more bugs they find and prove the better, Intel likes to ignore it all until there exists a practical exploit not only theoretical.


----------



## Vlada011

Every week you will hear for new bugs and problems.
Intel guys had several plans.
First they expected much bigger complain of gamers and enthusisasts even demand for refund, because of that Intel employers sold stocks and later thanks to companies and people on way they accept reality.

1. Avoid possible refund to people with damage control and suring people that everything is fine, patchs arrive etc... No one didn't talk about future problems of defective silicon
2. Push people to think that Coffee Lake and Skylake-X will survive much less performance loss.
3. On longer period working to people feel unpleasant with their Intel platforms and upgrade instantly of first silicon with fix.
Intel plan here to biggest percent of enthusiasts upgrade their configuration at once. If 5-10% upgrade every year, they want to 50% replace their buggy platform.
They play game very carefull, can't to much to push because angry customers will ask refund, but in same time want to people find reason to upgrade even if they bought i9-7890XE for next 5 years. He is buggy and should be replaced.
I would not be surprised after new silicon show up that our platforms start to crash, BSOD, freeze, stutter or simple COLLAPSE on any way because some MS-Intel Update Deal. They will update something with regular update, you will not be able to prevent that in new Windows 10 and suddenly as Audio had problems after 1709 all processors will be slower, buggy, etc because they will be full of patches like someone who survived bee attacks.
Patches, patches all arround, for this for that, one make problem to another, people lost their minds completely what they need to do and when and how.

People should sue Intel for refund silicon and for wasting their time searching for idiotism for patch for not patchable problem.
In moment when I talk that people should be united and sue Intel everything would finished long time ago and exactly as Intel employers predicted.
They would defend little, oppose and payed at the end to customers and companies. They would lost arround 1.000.000.000-2.000.000.000 but that's similar price as Samsung lost after collapse of new smart phone model. Not big deal for them, they recover for half year. Intel expect and up to 5.000.000.000 lost I can bet, and everything they defend is gift for them. Gift and they pass without punishment because advertised 3 generations with silicon error.

We should be smarter, many moderators, administrators even reviews who support Intel replaced their Intel platforms with Threadripper.
Don't need to be 1950X. Nice 1900X for 450-500$ and later when second generation show up nice upgrade and that's it.
Only one thing make problem here, that's significant performance loss of processors who can't reach 4.3 GHz example. Lets say 4.3-4.4GHz.
If AMD overpass that barrier many people will abandon Intel. Because 4.0GHz vs 4.5GHz you feel difference in surfing in daily working, games, everywhere. 6, 8, 10, 20 cores sleep in that moment but frequency should reach at least 4.3GHz.


----------



## ThrashZone

revro said:


> so seems ms really wants to kill win7. the meltdown patch for win7 is failure
> 
> https://www.reddit.com/r/sysadmin/comments/87lxdc/thought_meltdown_was_bad_heres_total_meltdown/
> 
> https://www.reddit.com/r/programming/comments/87n7pa/total_meltdown_windows_7_meltdown_patch_allows/
> 
> anyone who can decipher it which march KB to download to fix it on win7? thank you


Hi,
There was many stating to not update further than december 2017 rollup 
All rollups past have been one joke after another.

Patch is use noscript and ublock origin in your browser.

On another note I suppose if we were smart we would of returned all skylake-x and kabylake-x processor as defective just for thermal issues they have from Intel using old pigion poop instead of solder 
But no we fools delid and give Intel a pass so they will never learn


----------



## Leopardi

Heads up any Gigabyte Z97 users here! They have made a spectre/meltdown fixed BIOS, but have decided to not publish it on the website. Ask it from the support, they might give it to you.


----------



## somethingname

*GIGABYTE Z370 AORUS Gaming 5*

Is the 8700k even worth getting anymore after all the patching? I was waiting for a 7900k but it seems like that's not going to happen this year.

I have on my list a 8700k with a Gygabyte Aorus Gaming 5 motherboard and T-force 3000mhz 16gb Ram kit

I never let Windows update after seeing the performance benches done by Digital Foundry so my 2600k CPU is still clean from all that derp. Except Nvidia driver side security patches.


----------



## The Robot

somethingname said:


> Is the 8700k even worth getting anymore after all the patching? I was waiting for a 7900k but it seems like that's not going to happen this year.
> 
> I have on my list a 8700k with a Gygabyte Aorus Gaming 5 motherboard and T-force 3000mhz 16gb Ram kit
> 
> I never let Windows update after seeing the performance benches done by Digital Foundry so my 2600k CPU is still clean from all that derp. Except Nvidia driver side security patches.


You might as well wait a little and get a Ryzen 2700X, it's got two more cores plus a future-proof platform and a soldered heatspreader. Real-world performance difference vs 8700K is tiny (plus Zen is largely unaffected by Spectre).


----------



## Blameless

somethingname said:


> Is the 8700k even worth getting anymore after all the patching?


None of the patches/mitigations change performance enough to influence a purchase decision.



The Robot said:


> Zen is largely unaffected by Spectre


Zen is vulnerable to Spectre: https://www.amd.com/en/corporate/speculative-execution-previous-updates#paragraph-337801

How much harder it is to exploit variant 2 on AMD processors hasn't really been quantified, but the mitigation options are roughly the same between AMD and Intel (software patches for variant 1, microcode patches for variant 2).


----------



## cfu97

There are too many bugs now and I don't even care until there is a practical hack news comes out. There is update for my board but I don't care, the chance it screws up my computer is much higher than any other risk.


----------



## ku4eto

AMD adresses the Spectre var 2 with Microcode updates: 
http://tomshardware.com/news/amd-spectre-meltdown-patch-microcode,36860.html


----------



## rluker5

ku4eto said:


> AMD adresses the Spectre var 2 with Microcode updates:
> http://amp.tomshardware.com/news/amd-spectre-meltdown-patch-microcode,36860.html


The spectre 2 microcode update is the one that really hurts performance with my intel cpu. I'm not using that and I have meltdown protection enabled. 

Hopefully AMD has less of a performance loss. Although you will probably hear even less of it than you do of the intel loss so nobody will ever know.


----------



## tpi2007

rluker5 said:


> The spectre 2 microcode update is the one that really hurts performance with my intel cpu. I'm not using that and I have meltdown protection enabled.
> 
> Hopefully AMD has less of a performance loss. Although you will probably hear even less of it than you do of the intel loss so nobody will ever know.



Here's a little something for the time being:



> We were able to fully patch one of our Ryzen systems this way, and quick benchmarks suggest that any performance impact is minor—about 3% or so for the Javascript benchmarks we use as a gauge of day-to-day performance impacts. That's in line with our results for Spectre mitigations on recent Intel systems. In fact, the impact appears to be less severe on Ryzen CPUs overall.


https://techreport.com/news/33493/today-patch-tuesday-helps-harden-amd-cpus-against-spectre


I hope that sites do a comprehensive set of benchmarks once the BIOS and OS updates dust settles down.


----------



## rluker5

tpi2007 said:


> Here's a little something for the time being:
> 
> https://techreport.com/news/33493/today-patch-tuesday-helps-harden-amd-cpus-against-spectre
> 
> 
> I hope that sites do a comprehensive set of benchmarks once the BIOS and OS updates dust settles down.


I hope sites do that too. Just ran some severe cpu bottleneck benchmarks on ROTR and Metro LL at 720p low and the microcode fix dropped the framerate by about 10% in those 2. Meltdown is a lot less. Also I disabled GeForce experience ingame overlay after my computer went to sleep over dinner and woke up not quite right and now it is irreparably faster. 

The professionals at sites would better control this stuff and may videotape it.

But they mostly seem pretty inept at doing good cpu bottleneck scenarios that are completely unrealistic. And switching microcodes is a pain if you don't have a multi bios switch on your mobo like mine. Still is a pain getting everything to match. I've got a pile of big screenshots, but don't want to mercilessly eat someone's mobile data and don't know how to spoiler anything on this site anymore. And the spectre microcode update is supposedly easier on the Skylake family. Which the sites would test.

In real life the 720p cpu bottleneck performance won't affect me as much as the unnoticed i/o. Just bugs me.


----------



## The Robot

ku4eto said:


> AMD adresses the Spectre var 2 with Microcode updates:
> http://tomshardware.com/news/amd-spectre-meltdown-patch-microcode,36860.html


I wonder how far back the microcodes go. Are first gen Athlon X2s covered, for example? What about all the APUs?
Edit: saw that pre-2011 stuff is not covered, still though, that means only Bulldozer and Ryzen?


----------



## Vlada011

I think that we easy should distance from debate about Security Bugs any more.
Off course for everyone of us is shock when they hear about performance drop because some mistakes.
In worse moment when AMD have best processors ever.
But as someone who decide sto stay loyal to Intel I will ignore informations about security problems in future.
That's losing time and when everything settle down we will see what should be done.
I could sell X99 and buy 1800X with Crosshair VI Extreme. But I feel much better on my Intel platform, i7 is reliable for me and I'm happy with him. Don't even to talk that times come when my X99 with affordable i7-6950X will be similar as Ryzen 2 or Ryzen 3.

Any platform attract me to change and that's only because Intel's anniversary and 40th years and their new i7-8086K with 5000MHz Turbo.
God I wish that CPU maybe even more than i7-5960X upgrade of X99.
I will try some combinations and after I finish watercooling of X99 maybe I will switch to i7-8086. 
It's bad because no Intel Anniversay Board.
It would be nice to ASUS or EVGA Launch some Anniversary Apex or Code as support for Intel i7-8086K.
But some more affordable board, not Maximus X Extreme Anniversary with Intels motive for 500$, something for 300-350$.


----------



## Oubadah

..


----------



## Blameless

Oubadah said:


> I haven't been paying very close attention to this, so can someone who has please tell me what the deal is with pre-Sandy Bridge systems? Now that Intel isn't releasing microcode updates for those systems, does that mean that there's no chance for them? I heard something about Windows applying microcode updates on the fly every time it boots, but presumably that's only for CPUs for which Intel has released fixed microcode (but won't be getting a BIOS upgrade for whatever reason).
> 
> I still have some Wolfdale and Westmere systems that are internet-connected. Will I need to replace them?


Windows' microcode patches are for a much narrower range of systems than Intel has released microcode for. I believe only Skylake and newer parts are supported in these patches. Some people have advocated using 3rd party CPU drivers to load microcode at OS boot, but this doesn't actually work...the microcode is loaded too late to be utilized.

Intel has released firmware for Westmere (if you have a 32nm LGA-1366 Xeon, you should be able to patch your BIOS) and though they have officially halted the Gulftown updates...since the architectures are effectively identical, it's likely possible to get Gulftown patched anyway.

Your Wolfdale system is out of luck...you'll have to be that much more careful about what software you allow to be executed.


----------



## khanmein

https://support.microsoft.com/en-us/help/4090007/intel-microcode-updates


----------



## Oubadah

..


----------



## The Robot

Oubadah said:


> They haven't even got SB or IB in there. I find it amusing that they exclude the older platforms, ie. the ones that actually need this because they're less likely to receive the microcode via BIOS updates..


My guess is that they will rolled out later if they are proven stable. Its understandable that Microsoft doesn't want to brick thousands of systems at once. At least now I can patch a Haswell Vaio tablet that my family uses, next up is the Sandy Bridge laptop and I'll be all set.


----------



## tpi2007

khanmein said:


> https://support.microsoft.com/en-us/help/4090007/intel-microcode-updates





> This update is a standalone update available through the Microsoft Update Catalog and targeted for Windows 10 version 1709 (Fall Creators Update) & Windows Server 2016 Version 1709 (Server Core).



It's impossible to overlook Microsoft's hypocrisy in this case, considering their mandatory updates policy with Windows 10. 

Suddenly, it's not even having back the freedom to install or not install from Windows Update, it goes beyond that, it's that you have to go to their Catalog site, download the update and install it yourself if you want to be protected against Spectre Variant 2. It's a complete 180.


----------



## rluker5

tpi2007 said:


> khanmein said:
> 
> 
> 
> https://support.microsoft.com/en-us/help/4090007/intel-microcode-updates
> 
> 
> 
> 
> 
> 
> 
> This update is a standalone update available through the Microsoft Update Catalog and targeted for Windows 10 version 1709 (Fall Creators Update) & Windows Server 2016 Version 1709 (Server Core).
> 
> Click to expand...
> 
> 
> It's impossible to overlook Microsoft's hypocrisy in this case, considering their mandatory updates policy with Windows 10.
> 
> Suddenly, it's not even having back the freedom to install or not install from Windows Update, it goes beyond that, it's that you have to go to their Catalog site, download the update and install it yourself if you want to be protected against Spectre Variant 2. It's a complete 180.
Click to expand...

But this update has a quiet upside that not a lot will notice, even if it saves them a bunch of hassle, and a lot of demonstrably worse performance numbers that could make for bad publicity. Seems like the smart way to do this one.
I'm going to the catalog for my h81 pc and my i5-4300y tablet btw. Just not my gaming PC.


----------



## tpi2007

rluker5 said:


> But this update has a quiet upside that not a lot will notice, even if it saves them a bunch of hassle, and a lot of demonstrably worse performance numbers that could make for bad publicity. Seems like the smart way to do this one.
> I'm going to the catalog for my h81 pc and my i5-4300y tablet btw. Just not my gaming PC.



Of course, smart for them and for Intel. It just has the secondary effect of demolishing any pretense of the mandatory updates being for increased security, when they leave one of the most important security problems of the year out of it.

There is a wide variety of security updates that don't apply to home users' typical usage cases and a whole lot of them that require physical access to exploit, yet since Windows 10 Microsoft isn't giving people the option to install only the ones that they want / need. 

Except for this one, of course. The incoherency is in full display. They do it when it suits them, not the users.


----------



## rluker5

I can't argue with that. Maybe Intel made a deal to make it go away as quietly as possible.


----------



## TinyRichard

So, now that the e-hype, blogger noise and other various wannabe "journalists" have moved on to other clicks, what was the final tally on quantifiable damages? 

Like maybe 3 PCs mining bitcoins in Montana?


----------



## khanmein

https://support.microsoft.com/en-us...o-enable-mitigation-against-spectre-variant-2


----------



## ryan92084

Potential round 3 


> *Eight new Spectre Bugs found in Intel CPU's *
> German Website, but here with Google translate in english:
> Short News:
> https://translate.google.com/transl...ten-Sicherheitsluecken-betroffen-4039302.html
> Detailed report (link was/is below the short news text):
> https://translate.google.com/transl...ken-im-Anflug-4039134.html&edit-text=&act=url


source https://www.reddit.com/r/Amd/comments/8go6eq/eight_new_spectre_bugs_found_in_intel_cpus/ with original source in the quote. Please note these haven't been fully tested on ARM or AMD to know if they are affected.

Edit: so much for those unfixable flaws.AMD ships CTS Labs vulnerability patches to ecosystem partners


----------



## Blameless

TinyRichard said:


> So, now that the e-hype, blogger noise and other various wannabe "journalists" have moved on to other clicks, what was the final tally on quantifiable damages?


There is never going to be a final tally and any real analysis of the scope of the problem is years out. Broad awareness of the vulnerabilities is still quite new and they have only begun to be exploited.


----------



## ku4eto

TinyRichard said:


> So, now that the e-hype, blogger noise and other various wannabe "journalists" have moved on to other clicks, what was the final tally on quantifiable damages?
> 
> Like maybe 3 PCs mining bitcoins in Montana?


Oh wow, your comment says you own an Intel CPU and you are hurt. If you were having any knowledge, you would know few things:

There are no PC's mining bitcoins. Even if there were, they wouldn't care about CPU security issues.

A single article of those "Wannabe journalists" probably have more words than all of your posts combined. And have actual content, instead of waving a hand and saying "pft, no big deal, hold my beer".

The enterprise got hit big time. And if you were watching the thread closely, you would have seen that datacenters, that rely on I/O have huge impact of negative 10%-30% performance hit.


----------



## Oubadah

..


----------



## ku4eto

Oubadah said:


> How reliable is Inspectre? It claims that my 2017 Elitebook x360 1030 G2 with latest BIOS is Spectre vulnerable, even though the BIOS is listed on HP’s Spectre page as containing the microcode.


Uh, not sure. On some of the rigs i tested, it showed OK, on others no.


----------



## The Robot

Oubadah said:


> How reliable is Inspectre? It claims that my 2017 Elitebook x360 1030 G2 with latest BIOS is Spectre vulnerable, even though the BIOS is listed on HP’s Spectre page as containing the microcode.


Stupid question but is your Windows patched for Spectre?
Also, Windows 10 1803 currently has no mitigations available.


----------



## ThrashZone

Oubadah said:


> How reliable is Inspectre? It claims that my 2017 Elitebook x360 1030 G2 with latest BIOS is Spectre vulnerable, even though the BIOS is listed on HP’s Spectre page as containing the microcode.


Hi,
Micro code updates well asus issued 2 bios in 4 days apart so possibly the Intel code changed and the manufacture hasn't used the newer code yet.
x99's is still in beta no way I'm touching it.


----------



## Neilthran

Apparently there are new flaws in Intel CPUs, AMD still in testing for the flaws:

https://www.heise.de/ct/artikel/Exc...U-flaws-revealed-several-serious-4040648.html


----------



## Blameless

Oubadah said:


> How reliable is Inspectre? It claims that my 2017 Elitebook x360 1030 G2 with latest BIOS is Spectre vulnerable, even though the BIOS is listed on HP’s Spectre page as containing the microcode.


Inspectre just reports what the OS tells it. You can try running MS' own powershell script to detect the presence of the mitigations, but it should say the same thing.

https://support.microsoft.com/en-us...ive-execution-side-channel-vulnerabilities-in

Are you sure the OS patches have been applied and are enabled?



The Robot said:


> Also, Windows 10 1803 currently has no mitigations available.


The previous mitigations no longer work?


----------



## khanmein

1803 is included mitigations.


----------



## Pro3ootector

https://fudzilla.com/news/46213-more-intel-bugs-emerge

8 new bugs in intel chpis.


----------



## Offler

https://twitter.com/aionescu/status...l=http://www.dsl.sk/article.php?article=21071

Oh well...


----------



## Quantium40

Ah, nevermind


----------



## tpi2007

Offler said:


> https://twitter.com/aionescu/status...l=http://www.dsl.sk/article.php?article=21071
> 
> Oh well...



So they made a similar mistake patching Meltdown on Windows 10 that they had already made when patching the 64-bit version of Windows 7?

Luckily, the Windows 7 flaw was found out earlier and has already been patched; Windows 10 was only patched now with the RS4 build and there are still no backports for earlier versions (if there ever will be is anyone's guess).

They should spend some more money on QC.


----------



## Mysticial

Pro3ootector said:


> https://fudzilla.com/news/46213-more-intel-bugs-emerge
> 
> 8 new bugs in intel chpis.


Just for the record, I'll dump this here where it belongs:



Mysticial said:


> I wonder if an AVX-based Spectre is one of the 8. This is something that we've been chatting about in the office for some time.
> 
> The idea is to use speculative execution to trigger the AVX or AVX512 offset on Intel processors. Then you can measure the speed of a piece of code against a baseline to determine whether the CPU is running at the full speed or the AVX/AVX512 speed. Which speed it's running at will tell you whether the data bit that you're attacking is a 0 or a 1.
> 
> Intel's manuals state that the AVX/AVX512 offsets can be triggered by speculation. And they stay in force for many milliseconds - that's large enough to overcome any sort of timer fuzzying mitigations that current browsers are doing.
> 
> -----
> 
> If this does turn out to be the case, I really hope the software mitigation doesn't involve disabling AVX/AVX512 instructions completely...


----------



## JedixJarf

TinyRichard said:


> So, now that the e-hype, blogger noise and other various wannabe "journalists" have moved on to other clicks, what was the final tally on quantifiable damages?
> 
> Like maybe 3 PCs mining bitcoins in Montana?


Server workloads, SQL servers, Hypervisors, at least in my real world experience so far : (


----------



## somethingname

Looks like i'll be getting a 2700x soon

Exclusive: Spectre-NG - Multiple new Intel CPU flaws revealed, several serious
https://www.heise.de/ct/artikel/Exc...U-flaws-revealed-several-serious-4040648.html


----------



## Shogoki

somethingname said:


> Looks like i'll be getting a 2700x soon
> 
> Exclusive: Spectre-NG - Multiple new Intel CPU flaws revealed, several serious
> https://www.heise.de/ct/artikel/Exc...U-flaws-revealed-several-serious-4040648.html


This is it. I will not allow any more update geared towards altering the behaviour and performance of my CPU. And if i can't help it, i will do everything i can to disable it.


----------



## chispy

Oh dear more gimping to my Intel PCs  , where does it ends !


----------



## ThrashZone

somethingname said:


> Looks like i'll be getting a 2700x soon
> 
> Exclusive: Spectre-NG - Multiple new Intel CPU flaws revealed, several serious
> https://www.heise.de/ct/artikel/Exc...U-flaws-revealed-several-serious-4040648.html


Hi,
Yeah the gift that just keeps giving 
Wonder how these will be handled bios or mostly os bubble gum patches :/


----------



## chispy

Any updated info on how Intel plans to patch this new 8 vulnerabilities ?


----------



## tpi2007

chispy said:


> Any updated info on how Intel plans to patch this new 8 vulnerabilities ?



Yes, there are news and they aren't good: they delayed the patches:

[TH] Intel Postpones Patching 'Spectre NG' CPU Flaws


----------



## Kimir

Oh boy, will this ever end...


----------



## chispy

tpi2007 said:


> Yes, there are news and they aren't good: they delayed the patches:
> 
> [TH] Intel Postpones Patching 'Spectre NG' CPU Flaws


Thank you for the information , appreciate it. Not looking good these spectre/meltdown security fiasco on Intel cpus. My already slow and old Intel cpus will get slower after so many patches. More gimping for my laptop and old Intel PC. I need to upgrade all my rigs to AMD Ryzen soon ...


----------



## ThrashZone

tpi2007 said:


> Yes, there are news and they aren't good: they delayed the patches:
> 
> [TH] Intel Postpones Patching 'Spectre NG' CPU Flaws


Hi,
Nice 


> These high-risk CPU flaws affect all of Intel’s chips, including the Xeon lineup. Some of the flaws are supposed to be even worse than the original Spectre bugs, as they could allow attackers to bypass not just virtual machines, but virtual machines inside other virtual machines, and then exploit the host machine. The flaws even bypass the security guaranteed by Intel's Software Guard Extension


----------



## Blameless

Kimir said:


> Oh boy, will this ever end...


It'll end when everyone goes back to making exclusively in-order processors that don't use speculative execution at all. It's fundamentally difficult to isolate predictive capabilities and still be able to use them to improve performance.

Depending on how the balance of fixes vs. vulnerabilities goes in the years to come, we may well see a shift back to simpler in-order architectures with much of the performance burden returning to compilers...basically tricks that were tried before but never panned out because advances in complex speculative architectures made them less economical to pursue.


----------



## amlett

https://www.elazaradvisors.com/2018/05/amd-not-affected-intels-new-spectre-ng-flaw.html


AMD Not Affected By New Spectre-NG Flaws


----------



## SuperZan

amlett said:


> https://www.elazaradvisors.com/2018/05/amd-not-affected-intels-new-spectre-ng-flaw.html
> 
> 
> AMD Not Affected By New Spectre-NG Flaws


"While the recent reports in early May only cited Intel, it was not clear if AMD was exposed as well. So we asked AMD. They said, as of now, they know of no exposure to the new Spectre-NG risks."

Not quite the same as a blanket assurance of 'not affected', but it's certainly a potential positive.


----------



## Vlada011

You remind me on cartoon hero when try to plug hole of water first with hands, than with legs and than even with ears and nose but more and more holes show up.
Give up. 
Belive me, I don't know what to do and how many fixes, bugs, problems have.
I don't know nothing. Some of you search for fix like Easter egg. 
This will never end, more problems will show up, if some bug exsist they can't find fix so fast as someone could find new hole.
This become like Kaspersky lab and fight against viruses, malwares, etc... 
you are pulled in game Intel create to avoid compensation for mistakes and believe me they were ready on that 
only customers surprised them.
And he will throw you left and right, left and right as they want until you stop to search fix for silicon error in AMD and Intel processors.
You never could be protected as you want even with new silicon.
I'm much happier after I stop to read about performance drop etc...
I mean I didn't found some corporation with big secrets to scream, then I will not cry as well with movies, music and few torrents in computer. 
If you do nothing, your protection and performance will be on same level as before 3, 5, 10 years.
If you install patches you could cause performance drop and more problems without reason.

There are people more powerfull than Intel and AMD and they control if someone hold monopol they cut, dictate performance dosing everything until other player back in game, they help with false, news, false advertising, bad and good stories.
AMD was in very big problem before Ryzen and Threadripper show up. I mean they didn't had competitive product 5 years on both field.
Even with Ryzen and Threadripper they had help to hold more % of market.


----------



## Anty

https://www.theregister.co.uk/2018/05/21/spectre_meltdown_v4_microsoft_google/

CPUs are made of cheese nowadays, not silicon


----------



## tpi2007

Anty said:


> https://www.theregister.co.uk/2018/05/21/spectre_meltdown_v4_microsoft_google/
> 
> CPUs are made of cheese nowadays, not silicon






> We’ve already delivered the microcode update for Variant 4 in beta form to OEM system manufacturers and system software vendors, and we expect it will be released into production BIOS and software updates over the coming weeks. *This mitigation will be set to off-by-default, providing customers the choice of whether to enable it.* We expect most industry software partners will likewise use the default-off option. In this configuration, we have observed no performance impact. *If enabled, we’ve observed a performance impact of approximately 2 to 8 percent based on overall scores for benchmarks like SYSmark® 2014 SE and SPEC integer rate on client1 and server2 test systems.*


https://newsroom.intel.com/editorials/addressing-new-research-for-side-channel-analysis/

Bold and underlined for emphasis.

At the end of the day we really need some sites to start adding up all the patches (once this latest firmware is available) and see what the actual performance impact is with all the mitigations turned on.

Edit: And then later this year there's the 8 other vulnerabilities to be patched too.


----------



## azanimefan

wait intel is releasing a microcode patch to stop spector 4, but the patch will be "turned off" by default just so it "doesn't affect" performance? 

What the hell type of patch is this? This isn't patching a problem.


----------



## ibb27

And AMD update for the new Spectre Variants 3a and 4.

https://www.amd.com/en/corporate/security-updates

New CPUs (back to Bulldozer) are not vulnerable to 3a, some are (or maybe) vulnerable to 4. Microsoft will provide support to disable Speculative Store Bypass for affected CPUs.

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012


----------



## ku4eto

ibb27 said:


> And AMD update for the new Spectre Variants 3a and 4.
> 
> https://www.amd.com/en/corporate/security-updates
> 
> New CPUs (back to Bulldozer) are not vulnerable to 3a, some are (or maybe) vulnerable to 4. Microsoft will provide support to disable Speculative Store Bypass for affected CPUs.
> 
> https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012


The white paper maybe is short, but it contains the technical juice. Was this one also on 90-day notification?


----------



## ryan92084

I'm starting to lose track now. Are 3a and 4 part of these http://www.overclock.net/forum/225-...-prediction-processor-attacks-discovered.html, these http://www.overclock.net/forum/225-...-vulnerabilities-impact-intel-arm-proces.html, or are they other new ones?


----------



## tictoc

azanimefan said:


> wait intel is releasing a microcode patch to stop spector 4, but the patch will be "turned off" by default just so it "doesn't affect" performance?
> 
> What the hell type of patch is this? This isn't patching a problem.



Corporate double speak is hilarious further down in the blog post intel has this to say:




> Protecting our customers’ data and ensuring the security of our products remain critical priorities for me and everyone at Intel.



Riiiiight... Off by default since intel used their crystal ball to foresee all of the possible ways that this vulnerability can be exploited. A better option would be on by default, and then let sysadmins and users decide if they want to turn it off. That way at least someone has to take a lok at the threat model and make an informed decision on whether or not to implement the patches. Leaving it turned off is the same as saying "What vulnerability, there's no vulnerability here."


Initial Spectre V4 mitigation is in the latest Linux kernel, and has been back ported to Linux kernels 4.9.102, 4.14.43, and 4.16.11.
Source: https://www.phoronix.com/scan.php?page=news_item&px=Linux-4.9-To-4.16-SSBD


----------



## AlphaC

Need to see R7 2700X vs i7-8700k reviews with all patches... I bet the margin will be even smaller with these new patches.


Per phoronix the Linux kernel 4.16 has the mitigations for Spectre v4?


https://www.phoronix.com/scan.php?page=news_item&px=Linux-4.9-To-4.16-SSBD
https://www.phoronix.com/scan.php?page=article&item=spectre4-amd-initial&num=1


----------



## tictoc

AlphaC said:


> Per phoronix the Linux kernel 4.16 has the mitigations for Spectre v4?


That is correct. The latest stable 4.16 kernel (4.16.11) does have the mitigation for Spectre v4 (at least for x86 processors, the ARM mitigations look to have been pushed and should be in the next point release). 

On intel CPUs it is only half of the fix needed to mitigate the vulnerability. Depending on your distro, you may or may not be able to do an easy kernel upgrade, since it was just released 7 hours ago. It will be interesting to see the performance impact once the new microde is released for intel CPUs. Intel says 2-8%, but I haven't been able to find where they published their actual benchmark results. For reference, here is what intel published about performance after the original Spectre/Meltdown patches: https://newsroom.intel.com/editoria...tial-performance-data-results-client-systems/


----------



## Hueristic

> This mitigation will be set to off-by-default, providing customers the choice of whether to enable it. We expect most industry software partners will likewise use the default-off option. In this configuration, we have observed no performance impact.




Off by default! what??? Is that performance hit ontop of the previous ones? 

I can't believe they are releasing a security patch that is OFF BY DEFAULT!!!!

I think they will be liable for that to anyone that get hacked through that exploit after the patch is applied.


----------



## ibb27

ryan92084 said:


> I'm starting to lose track now. Are 3a and 4 part of these http://www.overclock.net/forum/225-...-prediction-processor-attacks-discovered.html, these http://www.overclock.net/forum/225-...-vulnerabilities-impact-intel-arm-proces.html, or are they other new ones?


Maybe they are similar, but 3a and 4 are found by Google, Microsoft, SYSGO, and BiZone.



> Acknowledgements:
> 
> Intel would like to acknowledge and thank Jann Horn of Google Project Zero (GPZ) and Ken Johnson of the Microsoft Security Response Center (MSRC) for independently reporting CVE-2018-3639.
> 
> Intel would like to acknowledge and thank Zdenek Sojka, Rudolf Marek and Alex Zuepke from SYSGO AG (https://sysgo.com) for reporting CVE-2018-3640. Intel would also like to acknowledge and thank Innokentiy Sennovskiy from BiZone LLC (bi.zone).


----------



## EniGma1987

Hueristic said:


> Off by default! what??? Is that performance hit ontop of the previous ones?
> 
> I can't believe they are releasing a security patch that is OFF BY DEFAULT!!!!
> 
> I think they will be liable for that to anyone that get hacked through that exploit after the patch is applied.



Yep, that is just the performance hit of this patch, not the cumulative effect of them all so far.
By the end of this I am betting we wont even have speculative execution enabled anymore on CPUs and will have to radically alter how CPUs are designed as speculative execution will no longer be viable.


----------



## ThrashZone

Hi,
Regardless all this stuff will be band-aided in the os.


----------



## sefwe

I'm still on 2017 updates. They done gimping performance fixing yet? I'll just wait for "disable all spectre mitigations" patch.


----------



## Vlada011

Guys did you patched system finally. Is it i7-5820K competitive with FX8350 after all patches?
Never mind, now when i7-9700K show up you hurry to buy him.

I hope X99 will serve me until they design new core from scratch.
Next gen core probably somewhere at the late 2020.


----------



## cfu97

Too many bugs again and again, worth the time and risk to upgrade bios at all now?


----------



## inedenimadam

Vlada011 said:


> Guys did you patched system finally. Is it i7-5820K competitive with FX8350 after all patches?
> Never mind, now when i7-9700K show up you hurry to buy him.
> 
> I hope X99 will serve me until they design new core from scratch.
> Next gen core probably somewhere at the late 2020.



I'm all patched up with the lastest x99-A bios from ASUS and from Windows update. 6800k (essentially a 5820k) and I can't tell a difference in performance at any level. There probably is some if I benched before and after, but I would poke a guess that the 8350 is not going to catch up.


----------



## Blameless

My Haswell-E and Broadwell-E systems are as fully mitigated as they can get and like inedenimadam I haven't seen any perceptible changes in day to day performance.

I can bench a significant falloff in I/O performance on my better SSDs, my 3DMark score has fallen ~500 points, and the main render thread in Elite: Dangerous now uses about 10% more cycles in kernel time than it used to. However, I none of this really translates into noticeable changes in real world use; I'm only rarely I/O limited, 3DMark isn't a game, and in my actual games I'm still too GPU limited with an overclocked GTX 1080 Ti for the modest increase in CPU load to matter.


----------



## dansi

I can feel my HW-e system loading apps a second or three slower after the patch. It sucks.


----------



## cfu97

dansi said:


> I can feel my HW-e system loading apps a second or three slower after the patch. It sucks.


This sucks too much


----------



## Elrick

Kimir said:


> Oh boy, will this ever end...


Only when Intel decides to actually design and manufacture the cpu from scratch, to STOP any possible attack from any current and future developments with this style of hack.

But no one at Intel is committed to even try aside from endlessly releasing software updates, that can in effect be made redundant by the most talented hackers.

This will not go away until there is a fundamental change of management at Intel to address this, so it's just "shuffling chairs on the Titanic" attitude being applied thus far.


----------



## cfu97

Elrick said:


> Only when Intel decides to actually design and manufacture the cpu from scratch, to STOP any possible attack from any current and future developments with this style of hack.
> 
> But no one at Intel is committed to even try aside from endlessly releasing software updates, that can in effect be made redundant by the most talented hackers.
> 
> This will not go away until there is a fundamental change of management at Intel to address this, so it's just "shuffling chairs on the Titanic" attitude being applied thus far.


I am not going to buy a new cpu with so many existing bugs


----------



## Blameless

dansi said:


> I can feel my HW-e system loading apps a second or three slower after the patch. It sucks.


I don't think I have any apps that take a second or three to load.



Elrick said:


> Only when Intel decides to actually design and manufacture the cpu from scratch, to STOP any possible attack from any current and future developments with this style of hack.
> 
> But no one at Intel is committed to even try aside from endlessly releasing software updates, that can in effect be made redundant by the most talented hackers.
> 
> This will not go away until there is a fundamental change of management at Intel to address this, so it's just "shuffling chairs on the Titanic" attitude being applied thus far.


This will not go away until there is a paradigm shift in CPU design away from the core performance innovation that has led to the largest increase in ILP in the last 25 years.

There will be security flaws related to speculative execution as long as there are CPUs using speculative execution. It's wholly unreasonable to expect Intel, or AMD, to release vastly slower architectures that are fundamentally immune to such vulnerabilities rather than patch specific holes as they find them.


----------



## cfu97

Blameless said:


> I don't think I have any apps that take a second or three to load.
> 
> 
> 
> This will not go away until there is a paradigm shift in CPU design away from the core performance innovation that has led to the largest increase in ILP in the last 25 years.
> 
> There will be security flaws related to speculative execution as long as there are CPUs using speculative execution. It's wholly unreasonable to expect Intel, or AMD, to release vastly slower architectures that are fundamentally immune to such vulnerabilities rather than patch specific holes as they find them.


Look like there are almost unlimited number of security bugs and holes now that there is no way they can patch specific for each bug without slowing down, look like they just keep releasing new cpu without even caring there are these security bugs.


----------



## Blameless

cfu97 said:


> Look like there are almost unlimited number of security bugs and holes now that there is no way they can patch specific for each bug without slowing down, look like they just keep releasing new cpu without even caring there are these security bugs.


They care to the extent that it affects their business. As long as new microcode and software fixes can do the job, they won't be inclined to delay product cycles.

Even in the areas were the mitigations really harm performance, they don't have much choice. Selling something is better than not having a product at all while they redesign things (which takes time).


----------



## cfu97

Blameless said:


> They care to the extent that it affects their business. As long as new microcode and software fixes can do the job, they won't be inclined to delay product cycles.
> 
> Even in the areas were the mitigations really harm performance, they don't have much choice. Selling something is better than not having a product at all while they redesign things (which takes time).


Look like all their new cpu amazing speed or whatever benchmarks are only possible if they have turned off all patches....which means...basically fake


----------



## Blameless

cfu97 said:


> Look like all their new cpu amazing speed or whatever benchmarks are only possible if they have turned off all patches....which means...basically fake


Best to ignore any benchmarks that aren't run on fully patched systems.


----------



## JackCY

There is some impact but it differs between all the tiny architecture changes over years and also not all performance is affected, it's probably mostly I/O that is affected and that's what should really hurt Intel badly in business market. Where as for desktop use the performance on most seems almost identical pre and post patch unless you're doing some I/O intensive work.

I think Linus Torvalds has made good comments about all these patches from the start, their quality and so on, no need to repeat that as he has expressed them very well. It's a damn butchery. And an issue known since 1992 ignored by Intel because they hoped no one would practically manage to do it, well guess what Intel, it always gets done by someone every single time it's only a matter of often unpaid effort put into it. Or other shady deals Intel (and other often US corporations) may have done to keep certain issues present as backdoors, issues known or still secret.


----------



## Elrick

JackCY said:


> Or other shady deals Intel (and other often US corporations) may have done to keep certain issues present as backdoors, issues known or still secret.


That would be the correct assessment.

THEY (being the so-called Security Services) wanted this from the beginning BUT now others have taken the advantage of their purposeful 'backdoors'.

Don't just blame the Corporations here, they were instructed to provide a way for any of their Security Services to gain access or install anything upon target computers.

Probably still occurring now because I'm afraid the NSA, CIA and FBI do NOT want any Home PC system on this planet, to be totally bulletproof to any of their 'penetrations'.


----------



## TinyRichard

I have to give props to this thread. Keeping this non-story alive after all this time is impressive.

Good interneting IMO.


----------



## termathor

Elrick said:


> That would be the correct assessment.
> Don't just blame the Corporations here, they were instructed to provide a way for any of their Security Services to gain access or install anything upon target computers.
> 
> Probably still occurring now because I'm afraid the NSA, CIA and FBI do NOT want any Home PC system on this planet, to be totally bulletproof to any of their 'penetrations'.


You're a bit going all conspiracy theory, here. I really don't think this was deliberate. It was just a compromise to go faster, at the detriment of security.



TinyRichard said:


> I have to give props to this thread. Keeping this non-story alive after all this time is impressive.
> 
> Good interneting IMO.


Yes, it's good to keep it up. After all this time some recent mobos still have no update available. 

And don't worry, those issues will loose press coverage soon.


----------



## azanimefan

TinyRichard said:


> I have to give props to this thread. Keeping this non-story alive after all this time is impressive.
> 
> Good interneting IMO.


considering half the found vulnerabilities still aren't patched, and most modern motherboards/chips don't have a single patch for any of these (my cpu/MB is one which isn't patched yet) I find it funny you think it better we bury our heads in the sand, pretend nothing is wrong and move along. 

I think there should be a practical limit to fanboying.


----------



## ThrashZone

azanimefan said:


> considering half the found vulnerabilities still aren't patched, and most modern motherboards/chips don't have a single patch for any of these (my cpu/MB is one which isn't patched yet) I find it funny you think it better we bury our heads in the sand, pretend nothing is wrong and move along.
> 
> I think there should be a practical limit to fanboying.


Hi,
Not a fanboy but come on 
Like you said you have unpatched and so do I on x99 for the second round of crap so what do you propose 

Most of these vulnerabilities are mostly tied to running vm's and targets are for the most part servers lol so how exactly are pc's effected besides vm usage of which I've never been interested in 
If I want to install another os I do so on it's own ssd and when I use it it's the only ssd or hdd connected at that time.

Anything else has always been having the best security to do it's freaking job :thumb:
So personally I'm not worried one little bit.

Oops last part remote desktop Off


----------



## KyadCK

ThrashZone said:


> Hi,
> Not a fanboy but come on
> Like you said you have unpatched and so do I on x99 for the second round of crap so what do you propose
> 
> Most of these vulnerabilities are mostly tied to running vm's and targets are for the most part servers lol so how exactly are pc's effected besides vm usage of which I've never been interested in
> If I want to install another os I do so on it's own ssd and when I use it it's the only ssd or hdd connected at that time.
> 
> Anything else has always been having the best security to do it's freaking job :thumb:
> So personally I'm not worried one little bit.
> 
> Oops last part remote desktop Off


You seem to think that it only effects VMs. That is incorrect, Spectre is used to abuse predictive data systems to read data it should not have access to. It can run on any OS that is not patched and can be executed via drive-by JavaScript on a web page or any other means.

The reason VMs get mentioned a lot is that this can break out of the isolation, and to cloud providers that is a big deal. It can just as easily pull any information it wants including passwords out of your kernel data if you are not patched, and Spectre NG has 8 MORE vulnerabilities on top of that that have yet to be disclosed.


----------



## ThrashZone

Hi,
Well as I said security is always first 
Beit 
No script/ ublock origin/....


----------



## miklkit

Better you than me. My puter was hacked so it took part in the ddos attacks on the French election in 2016, and then it was used in ddos attacks on other sites as well. The russians have also attacked my credit cards and 2 weeks ago they went after my telephone. Being a Socialist these days ain't easy.


----------



## rluker5

KyadCK said:


> You seem to think that it only effects VMs. That is incorrect, Spectre is used to abuse predictive data systems to read data it should not have access to. It can run on any OS that is not patched and can be executed via drive-by JavaScript on a web page or any other means.
> 
> The reason VMs get mentioned a lot is that this can break out of the isolation, and to cloud providers that is a big deal. It can just as easily pull any information it wants including passwords out of your kernel data if you are not patched, and Spectre NG has 8 MORE vulnerabilities on top of that that have yet to be disclosed.


I thought the side channel mechanism used in all spectre type vulnerabilities to read 1s or 0s in ram was timing based. I have long thought that my L4 cache that is concurrently shared with my ram and is twice as fast thwarted this, but would just significantly changing your ram speed or timings do the same or does the ram response time side channel adapt to any ram speeds or timings you may have?


Or in other words, is overclocking your ram an effective and penalty free defense for all of this spectre stuff? I know I can't see my ram timings in my os without clicking ok on a uac box.


----------



## ThrashZone

Hi,
My point is the issue is between three parties not I
Intel
ASUS in my case
Microsoft 

No sense in me worrying about it.


----------



## KyadCK

rluker5 said:


> I thought the side channel mechanism used in all spectre type vulnerabilities to read 1s or 0s in ram was timing based. I have long thought that my L4 cache that is concurrently shared with my ram and is twice as fast thwarted this, but would just significantly changing your ram speed or timings do the same or does the ram response time side channel adapt to any ram speeds or timings you may have?
> 
> 
> Or in other words, is overclocking your ram an effective and penalty free defense for all of this spectre stuff? I know I can't see my ram timings in my os without clicking ok on a uac box.


It is timing based and very hard to use, but Spectre NG, while not fully disclosed, theoretically makes it stupid simple to break out of isolation.

https://www.heise.de/ct/artikel/Super-GAU-fuer-Intel-Weitere-Spectre-Luecken-im-Anflug-4039134.html


> Intel classifies four of the Specter NG vulnerabilities as "high-risk"; the danger of the other four is only rated as medium. According to our own research, Specter-NG risks and attack scenarios are similar to those of Specter - with one exception.
> 
> One of the Specter NG gaps simplifies cross-system attacks so much that we are much more aware of the threat potential than Specter. In concrete terms, an attacker could launch his exploit code in a virtual machine (VM) and attack the host system from there - for example, the server of a cloud hoster. Or he attacks the VMs of other customers running on the same server. Passwords and secret keys for secure data transmission are highly sought-after targets on cloud systems and are acutely endangered by this gap. Incidentally, Intel's Software Guard Extensions (SGX), which aim to protect sensitive data on cloud servers, are also not Specter-proof .
> 
> *In principle, attacks on other VMs or the host system were already possible with Specter ; but the real implementation required so much prior knowledge that it was extremely difficult. However, the mentioned Specter NG gap can also be exploited quite easily for attacks across system boundaries; the danger thus receives a new quality.* As a result, providers of cloud services such as Amazon or Cloudflare and, of course, their customers are particularly affected.


Again while VMs are the primary concern due to them being big targets, this bug is a kernel data access bug first and foremost, and effects much more. Who all Spectre NG effects at this time is unknown, we're still in the 90-day period they have to fix it before disclosure.

As the article mentions there are many other attack vectors for people like us, but it's yet another soon to be widely known exploit we need to keep in mind.


----------



## rluker5

KyadCK said:


> It is timing based and very hard to use, but Spectre NG, while not fully disclosed, theoretically makes it stupid simple to break out of isolation.
> 
> https://www.heise.de/ct/artikel/Super-GAU-fuer-Intel-Weitere-Spectre-Luecken-im-Anflug-4039134.html
> 
> 
> Again while VMs are the primary concern due to them being big targets, this bug is a kernel data access bug first and foremost, and effects much more. Who all Spectre NG effects at this time is unknown, we're still in the 90-day period they have to fix it before disclosure.
> 
> As the article mentions there are many other attack vectors for people like us, but it's yet another soon to be widely known exploit we need to keep in mind.



Well I'm glad I never gave Amazon my debit card info. Guess I'll have to keep my online credit use isolated to a single low limit card. Of course my other cards are still exposed by the bank's servers and the places I've used them at the very least.
Makes you wonder if something could slip through some kind of online hdcp handshake that you give permissions for, if the host is compromised. Not like you are going to check your task manager while you are streaming fullscreen. Or a compromised https site.
Suppose there are still plenty of ways for trouble for intel servers, and those who access them as customers with this.


----------



## sefwe

KyadCK said:


> but the real implementation required so much prior knowledge that it was extremely difficult.


So it already went from "critical vulnerability" to "extremely difficult to use". Well it was obvious in January, but still is Laughable.


The problem with Spectre protection is that anyone who can rune malicious code on the target pc, instead of using dubious spectre attacks can simly install a crypto miner or some other malware which are all better options than trying to read some memory for an uncertain result. So Spectre is only something for the server market. Your link says the same.


> The concrete danger for private individuals and company PCs, however, is rather low, because there are usually other, easier-to-exploit vulnerabilities


----------



## KyadCK

sefwe said:


> So it already went from "critical vulnerability" to "extremely difficult to use". Well it was obvious in January, but still is Laughable.
> 
> 
> The problem with Spectre protection is that anyone who can rune malicious code on the target pc, instead of using dubious spectre attacks can simly install a crypto miner or some other malware which are all better options than trying to read some memory for an uncertain result. So Spectre is only something for the server market. Your link says the same.


You misunderstand what Spectre is if you compare it to someone running malicious programs. If you can run those programs with the required elevated permissions to read the same data Spectre does, the PC is already compromised. Spectre is a vector _to compromise it in the first place_, which is a much bigger issue. 

It allows you to gain admin rights without admin rights, and can not be caught, only prevented. Who cares how long it takes to do it if you can simply wait? It's still an extremely critical issue regardless of difficulty to use, and again, Spectre NG makes it much easier to use.



rluker5 said:


> Well I'm glad I never gave Amazon my debit card info. Guess I'll have to keep my online credit use isolated to a single low limit card. Of course my other cards are still exposed by the bank's servers and the places I've used them at the very least.
> Makes you wonder if something could slip through some kind of online hdcp handshake that you give permissions for, if the host is compromised. Not like you are going to check your task manager while you are streaming fullscreen. Or a compromised https site.
> Suppose there are still plenty of ways for trouble for intel servers, and those who access them as customers with this.



By "who all is affected", I refer to CPU vendors (Intel, AMD, ARM, etc) if that was not clear.

Poisoning sites and man in the middle are certainly legit ways, but most people use an account with admin rights when doing normal things on their PC, so ANY malware not caught by the OS or AV can run in those instances, which was sefwe's above argument. More profitable short term to use a ransomware attempt.

'net's a scary place at times. Just gotta do what you're willing to do to minimize risk.


----------



## termathor

rluker5 said:


> Well I'm glad I never gave Amazon my debit card info. Guess I'll have to keep my online credit use isolated to a single low limit card. Of course my other cards are still exposed by the bank's servers and the places I've used them at the very least.
> Makes you wonder if something could slip through some kind of online hdcp handshake that you give permissions for, if the host is compromised. Not like you are going to check your task manager while you are streaming fullscreen. Or a compromised https site.
> Suppose there are still plenty of ways for trouble for intel servers, and those who access them as customers with this.


To be frank, you really should never EVER put your debit card number on ANY web service.

Most banks, today, provide secure payment services, like e-visa cards in Europe. You basically put a virtual debit card on the site, which is generated via the bank website, which only lasts one month, and is only valuable for a given money lump sum.
There is absolutely no risk whatsoever, even if all the payment data are stolen.

I'm using this every month (phone bills, netflix, Steam etc ...).


----------



## cfu97

I think just better wait for after years 2020 cpu, that would be time they have fixed it and the bugs of the fix within hardware design.


----------



## inedenimadam

cfu97 said:


> I think just better wait for after years 2020 cpu, that would be time they have fixed it and the bugs of the fix within hardware design.



There will always be more bugs.


----------



## ibb27

How to enable protection against Speculative Store Bypass after today MS Patches.

Source: https://www.ghacks.net/2018/06/12/protect-windows-against-speculative-store-bypass-exploits/


----------



## GeneO

ibb27 said:


> How to enable protection against Speculative Store Bypass after today MS Patches.
> 
> Source: https://www.ghacks.net/2018/06/12/protect-windows-against-speculative-store-bypass-exploits/



For Intel, it needs new microcode (not yet available) to work, and will have a performance impact when enabled and with the new microcode.


----------



## Blameless

rluker5 said:


> I know I can't see my ram timings in my os without clicking ok on a uac box.


Not the sort of timing being referred to in a timing attack and none of the things you mention are defenses.

https://en.wikipedia.org/wiki/Timing_attack


----------



## rluker5

Blameless said:


> Not the sort of timing being referred to in a timing attack and none of the things you mention are defenses.
> 
> https://en.wikipedia.org/wiki/Timing_attack


I've got something interesting for you that unfortunately was more clear before the latest windows update apparently installs the second best microcode (17 per hwinfo64) at boot which isn't as good for gaming or this demonstration as the one on my mobo FFFF0003: A little bench that has a memory latency ladder at the bottom:
http://www.userbenchmark.com/UserRun/9225235

My ram has a latency of about 54ns, and my 128MB L4 cache is running stock and has a latency of around 40ns, both per aida64. The F03 microcode keeps the memory sections of the latency ladder a lot more distinct, but 17 is good enough for demonstration.
Why would the latency be lower than either ram or cache and the low latency taper off at about the size of the L4 cache?
The easiest answer is that both of the (different latency) memory controllers are acting concurrently on a first come, first serve basis.
Their timings seem hardware randomized with a performance boost. For a pic of the memory controllers search for Broadwell c die map.

And it looks like it thwarts the timing attack wiki page you used to help explain to me.

And I could be wrong, there is so little concrete info on my cpu's L4 cache handling in a dgpu scenario. Just looks like instead of a 2 step timing difference there is a hazy cloud timing difference to interpret. 

As for the ram overclocking stuff, the more and less times would probably be clearly more and less between the ram and cache, so a smart spectre hack would probably still work. 

I don't know what the deal with the microcode is, I'll check that out later.


----------



## Blameless

rluker5 said:


> The easiest answer is that both of the (different latency) memory controllers are acting concurrently on a first come, first serve basis.


You can't really compare latency results from different tests using different datasets or thread counts to do the benchmarking, but that latency vs. stride size still clearly reveals where the data sets fit. Anything over 32KiB is too big for L1, meaning fastest access is from L2, which cost more cycles, then we see another jump at 512KiB, which no longer fits in L2, and another at 8MiB, because that doesn't fit in the 6MiB L3. The spike big spike at 128MiB comes as the data stops fitting in the L4 victim cache.

Anyway, it makes perfect sense to access the LLC and memory controller in tandem, and indeed, this has been common since the original Pentium 1 era when CPUs had both a frontside and backside bus. The larger LLC of the eDRAM equipped parts, as well as it's exclusive nature, just makes this more obvious.



rluker5 said:


> And it looks like it thwarts the timing attack wiki page you used to help explain to me.


I'm highly doubtful that the cache config is a strong mitigation to timing attacks. Frequently accessed, known functions, will still be highly predictable as they will reside almost entirely in L1 and unpredictable results can still reveal that something is less commonly accessed...and those are only the most obvious examples. The white papers for Spectre go into some detail on how even highly non-obvious latency mechanisms can be utilized to indirectly reveal or manipulate data.

In general,


----------



## NoDestiny

I can't keep up with all the Specter flaw stuff, but just saw this on Toms...

https://www.tomshardware.com/news/intel-processors-lazyfp-speculative-execution,37302.html



> Security researchers from Amazon and Cyberus Technologies jointly discovered one of the eight second-generation Spectre flaws, which they dubbed “LazyFP” (CVE-2018-3665) because the vulnerability targets CPUs that use lazy floating point unit (FPU) switching.


----------



## Pro3ootector

https://www.techspot.com/news/75090-intel-cpus-have-another-bug-can-leak-sensitive.html

Lazy FP State Restore deals with how floating point numbers are calculated. All Intel Core processors are considered to be affected by this vulnerability. In order to improve performance, a dedicated hardware portion of the CPU handles all floating point calculations and maintains its own set of registers. When switching between tasks, Intel's CPUs save their current execution states and load in a new set of information.

During this process, the floating point unit state can be ignored since many applications do not need to pause and resume computation of floating point numbers. In what is known as the lazy restore scheme, the FPU issues a Device not Available exception during a task switch. However, the data stored in the FPU registers is able to be determined by other processes when the lazy restore scheme is used.

In this case, the fix is already possible via regular software updates and thankfully not another problem that requires microcode updates. Simply avoiding the use of lazy FP state restore mitigates the problem. Eager save and restore is a secondary method of accomplishing the same goal but with slightly lower performance.

For general consumers this vulnerability is unlikely to have any severe impacts, but for enterprise and data centers, this is going to be another painful round of applying patches. Vendors such as RedHat have already begun issues updates to their software to implement eager save and restore operations.


----------



## sefwe

KyadCK said:


> Who cares how long it takes to do it if you can simply wait?


This is all a repeat from January and is getting a bit old.


----------



## lombardsoup

Pro3ootector said:


> For general consumers this vulnerability is unlikely to have any severe impacts, but for enterprise and data centers, this is going to be another painful round of applying patches. Vendors such as RedHat have already begun issues updates to their software to implement eager save and restore operations.


As far as I'm aware, Red Hat Enterprise Linux 7 is already using eager FPU restore, and is therefore not vulnerable.


----------



## cfu97

how many bugs now? Too many too hard to count


----------



## rluker5

Blameless said:


> You can't really compare latency results from different tests using different datasets or thread counts to do the benchmarking, but that latency vs. stride size still clearly reveals where the data sets fit. Anything over 32KiB is too big for L1, meaning fastest access is from L2, which cost more cycles, then we see another jump at 512KiB, which no longer fits in L2, and another at 8MiB, because that doesn't fit in the 6MiB L3. The spike big spike at 128MiB comes as the data stops fitting in the L4 victim cache.
> 
> Anyway, it makes perfect sense to access the LLC and memory controller in tandem, and indeed, this has been common since the original Pentium 1 era when CPUs had both a frontside and backside bus. The larger LLC of the eDRAM equipped parts, as well as it's exclusive nature, just makes this more obvious.
> 
> 
> 
> I'm highly doubtful that the cache config is a strong mitigation to timing attacks. Frequently accessed, known functions, will still be highly predictable as they will reside almost entirely in L1 and unpredictable results can still reveal that something is less commonly accessed...and those are only the most obvious examples. The white papers for Spectre go into some detail on how even highly non-obvious latency mechanisms can be utilized to indirectly reveal or manipulate data.
> 
> In general,


It appears my belief of cache related Broadwell-c's immunity was based on a misconception that spectre's memory read was more dependent on response time differences between ram replies to requests than it is. That the speed of ram responses mattered. As opposed to what spectre apparently does, typically reading timing differences between requests to memory and their responses that either come from L1 or ram. And sending out a long series of specific memory requests that riddle out the data bit by bit.

You were right :/

The difference in response time between L1 and ram is much more significant than any difference a variance in ram timing could impart.
I will selfishly blame my misconception on the sloppy use of the word "memory" in many spectre explanations where it sometimes means ram only and sometimes ram+cache memory  .

But while spectre attacks certanly can compromise Broadwell-c, if an attack relies on a simple L1 to ram response time for the avoidance of different cache level timing noise, Broadwell-c is safer with those. So at least I have that.

Also the latest windows update also is changing the microcode on my daughter's leftovers rig as well on bootup. The 4770k's code is changed from 19 in bios to 22 in os per hwinfo64. So stuff is quietly going on there. Got mixed feelings about that.


----------



## tpi2007

NoDestiny said:


> I can't keep up with all the Specter flaw stuff, but just saw this on Toms...
> 
> https://www.tomshardware.com/news/intel-processors-lazyfp-speculative-execution,37302.html





lombardsoup said:


> As far as I'm aware, Red Hat Enterprise Linux 7 is already using eager FPU restore, and is therefore not vulnerable.



Correct, this one doesn't seem so hard to fix and from what it seems, from Sandy Bridge onwards there is mostly no performance penalty for using the eager FPU restore method (The Register, see link here, even says it can be faster to use this method), hence why Red Hat uses it by default on Red Hat version 7 on these CPU archs.



> Red Hat says newer Intel CPUs implement instructions that make the potential performance benefits of the lazy FP state restore mostly irrelevant, so the technique isn't used on those chips.





> Given that Red Hat says version 7 of its Enterprise Linux OS uses this "eager" technique by default on Sandy Bridge and newer Intel architectures, the issue is likely confined to pre-Sandy Bridge chips.



They also say that they'll add a flag to version 6 and earlier to toggle between lazy and eager.

Read more here: https://techreport.com/news/33816/i...ore-vunerability-could-expose-privileged-data


From these articles it seems that Linux kernel 4.9 (released in 2016) and modern versions of Windows (except Server 2008, which will be patched) aren't affected:

https://betanews.com/2018/06/14/floating-point-lazy-state-save-restore-vulnerability/
http://www.theregister.co.uk/2018/06/13/intel_lazy_fpu_state_security_flaw/

As far as I understand it, the problem is basically a historical one: in the beginning (8086 up to the 80386) the floating point unit - then known as the "math co-processor" - was a separate chip on a different socket on the motherboard, so it made sense to use the lazy method, which would be faster. Also, networked computers weren't what they are today and the Internet wasn't a thing anyway, so I doubt that this exploit method would have crossed people's minds, especially as the math co-processor was an optional chip that for example consumer level PCs didn't ship with.


----------



## cfu97

Why would anyone buy the new expensive cpu now with all these big security bugs?


----------



## ThrashZone

cfu97 said:


> Why would anyone buy the new expensive cpu now with all these big security bugs?


Hi,
If one is really worried just stay off the internet computers are not for them lol 
Otherwise no reason to cry about stuff that will always be discovered after the fact.


----------



## cfu97

ThrashZone said:


> Hi,
> If one is really worried just stay off the internet computers are not for them lol
> Otherwise no reason to cry about stuff that will always be discovered after the fact.


If we are only talking bugs that affect speed or something not important, I agree what you said,
but we are talking about big security bug.


----------



## The Robot

cfu97 said:


> Why would anyone buy the new expensive cpu now with all these big security bugs?


Yeah, makes me wonder who would buy Intel at this point (excluding 720p 9000hz e-peeners).


----------



## azanimefan

The Robot said:


> Yeah, makes me wonder who would buy Intel at this point (excluding 720p 9000hz e-peeners).


psh. 720p doesn't tell you _anything_. the true L33T play on 480p monitors with 10k mhz. If you can't see the difference between 9000 fps and 10,000 fps then you need your eyes checked n00b.


----------



## EniGma1987

Great. Now we are going to lose our hyper threading support soon too. lol. By the time this is all done we will probably be seeing 8700k processors running Core 2 Duo speeds. 

https://arstechnica.com/gadgets/201...rypto-keys-on-hyperthreaded-processors/?amp=1






> Jake Williams, a former hacker for the National Security Agency, has tweeted that it's going to require complex operating system changes to fix, such as avoiding running processes from different users on the same physical core. de Raadt has said that this kind of fix is not straightforward; there are plausible scenarios (such as malicious JavaScript in a browser) where this kind of separation wouldn't be adequate protection. OpenBSD's current approach addresses the immediate concern, but it's heavy-handed. SMT is an important performance feature in modern processors, and disabling it can exact a heavy performance cost.
> 
> 
> Are we likely to see the same kind of industry-wide mobilization to address TLBleed as we saw with Spectre and Meltdown? If history is any guide, the answer here is "no." Gras tweeted that while TLBleed is a new side channel, it's not fundamentally any more powerful than cache side channels. Since at least 2005, it's been known that SMT makes cache-based side channels much easier to exploit. The industry's response to this?
> 
> 
> Neither processors nor operating systems have been modified in response.








SO if Hyper Threading/SMT style core arch's become non-viable, do you think we will start seeing multi-core processors take on a style of single-core processors all packed into a single package so that info is not shared and thus leaked between them? That would be a good security solution, but it would really kill multi-core performance scaling. Or will the issue be ignored like the article suggests and only FreeBSD will care about it?


----------



## Blameless

Just updated my Haswell-E system to the newest production microcode (3D) that was made public a few days ago to address Spectre variants 3a and 4. So far so good and performance, if anything, is slightly improved over the previous revision (3C), in what little I've tested so far.



EniGma1987 said:


> Great. Now we are going to lose our hyper threading support soon too. lol. By the time this is all done we will probably be seeing 8700k processors running Core 2 Duo speeds.
> 
> https://arstechnica.com/gadgets/201...rypto-keys-on-hyperthreaded-processors/?amp=1
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> SO if Hyper Threading/SMT style core arch's become non-viable, do you think we will start seeing multi-core processors take on a style of single-core processors all packed into a single package so that info is not shared and thus leaked between them? That would be a good security solution, but it would really kill multi-core performance scaling. Or will the issue be ignored like the article suggests and only FreeBSD will care about it?


SMT isn't going anywhere, but OS and application schedulers will certainly need to be adapted to prevent sensitive threads from sharing physical cores with random processes.


----------



## HITTI

tpi2007 said:


> Correct, this one doesn't seem so hard to fix and from what it seems, from Sandy Bridge onwards there is mostly no performance penalty for using the eager FPU restore method (The Register, see link here, even says it can be faster to use this method), hence why Red Hat uses it by default on Red Hat version 7 on these CPU archs.
> 
> 
> 
> 
> They also say that they'll add a flag to version 6 and earlier to toggle between lazy and eager.
> 
> Read more here: https://techreport.com/news/33816/i...ore-vunerability-could-expose-privileged-data
> 
> 
> From these articles it seems that Linux kernel 4.9 (released in 2016) and modern versions of Windows (except Server 2008, which will be patched) aren't affected:
> 
> https://betanews.com/2018/06/14/floating-point-lazy-state-save-restore-vulnerability/
> http://www.theregister.co.uk/2018/06/13/intel_lazy_fpu_state_security_flaw/
> 
> As far as I understand it, the problem is basically a historical one: in the beginning (8086 up to the 80386) the floating point unit - then known as the "math co-processor" - was a separate chip on a different socket on the motherboard, so it made sense to use the lazy method, which would be faster. Also, networked computers weren't what they are today and the Internet wasn't a thing anyway, so I doubt that this exploit method would have crossed people's minds, especially as the math co-processor was an optional chip that for example consumer level PCs didn't ship with.


Lol aka linux/unix. I will never switch back to linux/unix even if my life depended on it, especially redcrap.

I just seen that my title name says linux lobbyists ROFL. Windows mothertruckers.


----------



## Oubadah

..


----------



## EniGma1987

Oubadah said:


> Purchased a NUC with a Celeron J3455 (Apollo Lake) in it. Running the latest BIOS and Windows 10, InSpectre says that Meltdown protection is disabled (but has a button to enable it). Why would Meltdown protection be disabled by default? Is this normal? (maybe for especially weak processors?)


Intel keeps it disabled by default because it is performance degrading.


----------



## GeneO

That is not correct. Meltdown and the first Spectre variants are on by default. The latest Spectre variants are off by default. I expect because it is another big performance hit.


----------



## white owl

That's exactly what they said.


----------



## Oubadah

..


----------



## Malinkadink

I haven't investigated patches for newer variants of the vulnerabilities, far as i know I'm still running the first updates that came out for my z270 7700k which had around a 30% I/O hit, didn't measure how much CPU performance was lost. When are we to expect on chip solutions that avoid all the performance degradation? Will the 9700k or whatever they may call the rumored 8 core mainstream part include the fixes? I know 2019 Ryzen will have the fixes, just not sure what Intel is doing.


----------



## ThrashZone

Hi,
I doubt there will ever be a chip without needing patches since the security holes keep piling up Intel's on like the 3rd or 4th round now and it's like the gift that keeps on giving and not in a good way


----------



## Pro3ootector

https://www.pcper.com/news/General-...chance-new-Chrome-nor-will-your-available-RAM



> Chrome's predilection for gobbling up vast amounts of RAM will soon increase to new levels but it is for a very good reason. Chrome 67 will offer a Site Isolation feature which will protect you against a variety of Spectre attacks. When you have this feature enabled in Chrome each site would be isolated, with the a single renderer process per page. This means coss-site iframes and pop-ups will be unable to read data from other pages; in fact a single site may spawn multiple render processes, each running in isolation.
> 
> There is of course a cost, The Inquirer was quoted an increase of 10-13% in RAM usage ... so better get a 128GB kit.


----------



## Asmodian

Pro3ootector said:


> https://www.pcper.com/news/General-...chance-new-Chrome-nor-will-your-available-RAM


That is great, an increase in security for a 10-13% increase in ram usage is a deal I am willing to make.


----------



## sefwe

Disable google update. Problem solved.


----------



## Pro3ootector

https://www.techspot.com/review/1659-intel-spectre-variant-4-performance-test/

Intel anticipated a performance hit in the range of a 2 to 8% when addressing the Variant 4 vulnerability by disabling Speculative Store Bypass, but in our tests it looks more like 1 to 3%. The impact for Linux users appears to align closer to Intel’s claim and we believe this comes down to the Windows scheduler which is less efficient than Linux's.

When patching Variant 1, 2 and 3 we had found reduced gaming performance on the i7-8700K by up to 5%, though for the most part we saw a 0 to 3% decrease in frame rates. Variant 4 has seen a further 1 to 3% dip, though this time we were testing with the non-K 8700, but the margins should be much the same across the entire range.

In other words, since December the gaming performance of Intel Coffee Lake CPUs is down by 1 to 6%, or about 1-2 fps in games pushing over 60 fps and up to 5 fps for high refresh rate gaming. Definitely not a huge deal overall, but it’s worth keeping in mind that Intel will suffer an IPC hit because of this with future architectures that address these vulnerabilities at the hardware level.

Those of you fortunate enough to own an 8th generation Intel Core processor don't need to worry about your games turning into a slideshow as the performance impact is not significant. But even if it was, we would have strongly recommended you update your BIOS and enable the mitigations as soon as possible.


----------



## cfu97

Not going to patch current motherboard since it should screw up everything and not really fix so many security bugs anyway. Not going to buy new one until like 2020 all are hardware solved with real new design.


----------



## sefwe

Pro3ootector said:


> https://www.techspot.com/review/1659-intel-spectre-variant-4-performance-test/
> 
> Intel anticipated a performance hit in the range of a 2 to 8% when addressing the Variant 4 vulnerability by disabling Speculative Store Bypass, but in our tests it looks more like 1 to 3%. The impact for Linux users appears to align closer to Intel’s claim and we believe this comes down to the Windows scheduler which is less efficient than Linux's.
> 
> When patching Variant 1, 2 and 3 we had found reduced gaming performance on the i7-8700K by up to 5%, though for the most part we saw a 0 to 3% decrease in frame rates. Variant 4 has seen a further 1 to 3% dip, though this time we were testing with the non-K 8700, but the margins should be much the same across the entire range.
> 
> In other words, since December the gaming performance of Intel Coffee Lake CPUs is down by 1 to 6%, or about 1-2 fps in games pushing over 60 fps and up to 5 fps for high refresh rate gaming. Definitely not a huge deal overall, but it’s worth keeping in mind that Intel will suffer an IPC hit because of this with future architectures that address these vulnerabilities at the hardware level.
> 
> Those of you fortunate enough to own an 8th generation Intel Core processor don't need to worry about your games turning into a slideshow as the performance impact is not significant. But even if it was, we would have strongly recommended you update your BIOS and enable the mitigations as soon as possible.



Meanwhile in the real world the 8th gen Coffee Lake get 10% performance decrease in games with just January updates.


----------



## The Robot

sefwe said:


> Meanwhile in the real world the 8th gen Coffee Lake get 10% performance decrease in games with just January updates.


Does it mean it's on par with Ryzen 2700X now? Someone needs to do a honest bench without OC, multicore enhancement off and with all patches enabled. None of the big sites will do it for obvious reasons.


----------



## Raghar

sefwe said:


> Meanwhile in the real world the 8th gen Coffee Lake get 10% performance decrease in games with just January updates.


I'm so happy I refused to update my BIOS. While these vulnerabilities are fun, I had fun with stuff like this 11 years ago, for normal users it's bit irrelevant. And doing all these mitigations only for hysteria is like forcing every airline passenger to strip and change into prison clothes to prevent hidden explosives and other terrorist activities. 

1/10 decrease is quite bad, because it negates increase by overclocking. And for these with slower CPUs it can change into unplayable area. (Especially when DRM takes 30 percent of CPU cycles.)


Frankly when MS can show patches to W10 behind users back, worrying about vulnerabilities that requires effort from attacker is bit mislead.


----------



## Blameless

sefwe said:


> Meanwhile in the real world the 8th gen Coffee Lake get 10% performance decrease in games with just January updates.


By "games" you mean one of the six tested there.



Raghar said:


> I'm so happy I refused to update my BIOS. While these vulnerabilities are fun, I had fun with stuff like this 11 years ago, for normal users it's bit irrelevant. And doing all these mitigations only for hysteria is like forcing every airline passenger to strip and change into prison clothes to prevent hidden explosives and other terrorist activities.
> 
> 1/10 decrease is quite bad, because it negates increase by overclocking. And for these with slower CPUs it can change into unplayable area. (Especially when DRM takes 30 percent of CPU cycles.)
> 
> 
> Frankly when MS can show patches to W10 behind users back, worrying about vulnerabilities that requires effort from attacker is bit mislead.


Far more hysteria around the generally non-existent performance impact.


----------



## sefwe

Spectre patches work by introducing a massive bottleneck, in particular hard drive and network activity. So open world games, online games, and MMOs are particularly affected. And those which are not visibly affected will get stutter and lag. The impact is noticeable depending on how well Intel brainwashed you. Case in point.



> Witcher 3 10% decrease with latest gen Intel





Blameless said:


> non-existent performance impact


----------



## Blameless

sefwe said:


> Spectre patches work by introducing a massive bottleneck, in particular hard drive and network activity. So open world games, online games, and MMOs are particularly affected. And those which are not visibly affected will get stutter and lag.


The patches work by flushing the TLB during certain context switches to better isolate data, which does have the unfortunate side effect of increasing the overhead of I/O activities.

Virtually no games, even if you run a server, are going to be significantly affected by the increased overhead of the levels network or disk I/O in play here. Sure, if you run a database or virtualization heavy server or the like, then you'll see a major hit to performance, but not in the overwhelming majority of games.

The idea that the sort of network access a game _client_ would produce would be noticeably affected is flatly absurd. Every single 1500 byte packet requiring a TLB flush at 10 megabits per second (an extreme scenario) is not going to even put a dent in the performance of a remotely modern processor.



sefwe said:


> The impact is noticeable depending on how well Intel brainwashed you.


Most end users reporting performance issues are looking at hard drive benchmarks, not actual use cases, or are falsely attributing other issues to these mitigations.

I'd bet almost anything that you would not be able to perceive any difference in 19 out of 20 open world or MMO games when comparing a system with pre-mitigation firmware and no patches to the same system with the most recent microcode that's been fully patched. I sure can't, even on my oldest CPUs that suffer the most from the mitigations, but if you have any proof of your assertion that the performance impact of these patches produces anything resembling the effects you describe, I'd be very interested in seeing and trying to duplicate it.

Any benchmarks that show more than the average frame rates of a handful of outliers, or anything like FCAT frame times or some other latency measurement that would reveal the 'stutter and lag' you mention?



sefwe said:


> Case in point.


You should go back and read the source of the results you're quoting.

They managed to find a half dozen very CPU dependent titles, used settings and looked specifically at areas most likely to produce an impact, then saw a meaningful hit in one of those tests.

What was their conclusion?



Richard Leadbetter said:


> The good news is that performance is holding up: our tests here artificially push CPU performance to the forefront in a world where the GPU is the primary limiting factor in gaming. And even here, only one game sees an appreciable hit to performance and even that is in one part of a very well-optimised game that we've specifically chosen for CPU stress-testing. Most of The Witcher 3 plays much more smoothly.


Seems like you've brainwashed yourself.


----------



## Offler

To Blameless:
Its true that there was a video of Witcher 3 running on a Intel system, showcasing 10% performance loss after initial Spectre patching.

But the real impact was on server segment.


----------



## EniGma1987

Blameless said:


> The idea that the sort of network access a game _client_ would produce would be noticeably affected is flatly absurd. Every single 1500 byte packet requiring a TLB flush at 10 megabits per second (an extreme scenario) is not going to even put a dent in the performance of a remotely modern processor.



I dont think games even use up 10mbit yet. They have to cater to lowest denominator service so games have barely breached into the 1-2 megabit range just recently.


----------



## ThrashZone

Hi,
With the never ending exploits still being uncovered I doubt anyone can really assess performance hits 
x99's some waited 3-4 months for asus to release bios for the first round now there are a few more and nill from asus 2 months after those have been exposed lol so all I can say is what ever,
Seems more like we'd getting hit by lightening is more likely than getting exploited by any of these intel holes.


----------



## Raghar

How much cycles takes one TLB flush? I'd was quite anxious about ANY flushes after I found how many cycles certain Intel instructions take.



> The good news is that performance is holding up: our tests here artificially push CPU performance to the forefront in a world where the GPU is the primary limiting factor in gaming. And even here, only one game sees an appreciable hit to performance and even that is in one part of a very well-optimised game that we've specifically chosen for CPU stress-testing. Most of The Witcher 3 plays much more smoothly.


Well from my noncomercial game development times, I know EXACTLY how to benchmark a game. Infuse code into block I want to test, measure testing code overhead, then measure CPU time for that block including testing method overhead. However reviewers don't have access to source code.

There is a little problem, when someone wants to measure CPU or OS impact, they MUST reduce GPU use. Otherwise they are just benchmarking the GPU. When I had full access to source code, I could run it headless, or with dummy calls. A random review site can at best reduce graphics settings to reduce GPU load.

There is probably decent way to test Meltdown patch. Grabbing Warhammer II Voksi version, calculate loading times with Meltdown enabled, then reboot and calculate loading times with Meltdown disabled. Considering Voksi was an amateur who just tried to patch a game to be able to run offline without any activation, his work should be relatively heavy handed and has MUCH higher overhead than CPY, or baldies works.


----------



## Blameless

Offler said:


> Its true that there was a video of Witcher 3 running on a Intel system, showcasing 10% performance loss after initial Spectre patching.


This was never in dispute. Witcher 3 is an outlier often used to illustrate the potential for game performance being harmed by the mitigations. It's fairly repeatable and has been used in several reviews, including the one referenced by multiple individuals in the last few pages of this thread.

The issue is with people taking the single most dramatic outlier, which still barely has any effect on playability, and pretending that it's a common or typical scenario.

If someone is only concerned with playing Witcher 3 in CPU/memory limited scenarios then they may have half an argument for omitting these patches. However, the overwhelming bulk of gamers aren't going to see any difference.



EniGma1987 said:


> I dont think games even use up 10mbit yet. They have to cater to lowest denominator service so games have barely breached into the 1-2 megabit range just recently.


That's the point. The scenario was an extreme one and is still at least an order of magnitude below the point at which I/O would be significantly impacted by the mitigations or would produce enough extra overhead to harm game performance.



Raghar said:


> How much cycles takes one TLB flush? I'd quite anxious from ANY flushes after I found how many cycles certain Intel instruction take.


Dozens to hundreds...out of several billions per second, per core.



Raghar said:


> However there is a little problem, when someone wants to measure CPU or OS impact, they MUST reduce GPU use. Otherwise they are just benchmarking the GPU.


That's one of the reasons these patches/mitigation do not actually harm the gaming experience. Most games are overwhelmingly GPU limited at the settings most people play at. Even when they aren't, significant CPU load isn't coming from TLB flushes or branch misprediction penalties as the most demanding aspects are rarely I/O related.

Doubling the cost for disk or network access does essentially nothing to most apps, including most games.

I can see the post-mitigation changes in some of my games just by looking at the graphs in Process Explorer. CPU usage, mostly with regard to kernel times (I/O) is up across the board. It's fairly dramatic when I can pin down I/O heavy threads. However, the games didn't get any slower because I am completely GPU limited in essentially every game I have on a GTX 1080 Ti, even if I pair it with 7-8 year old CPUs.


----------



## cfu97

Pointless to discuss any cpu related new product until this is really solved by new hardware design. No point to buy new cpu while it has serious security bug.


----------



## Solohuman

cfu97 said:


> Pointless to discuss any cpu related new product until this is really solved by new hardware design. No point to buy new cpu while it has serious security bug.


Agree with you in principle but the market needs early adopters of new tech to finance R&D for next wave of new tech.. & their will always be those who just have to have the latest & greatest. The cult of consumerism with clever marketing depts thrive off them.


----------



## Blameless

Flawed CPUs are the only option most people looking for an x86 part faster than an Atom have at the moment. Essentially all out-of-order processors are vulnerable to Spectre to some degree.

As long as the vulnerabilities can be adequately mitigated, and as long as people are looking at post-patch performance for their comparisons, then it shouldn't matter much whether the fixes are firmware, software, or silicon. There are highly likely to be Spectre variants discovered after the first round of silicon fixes are finalized as well. If you want to wait until there are no exploitable flaws with speculative execution in hardware, you are probably going to be waiting for a very long time.


----------



## tpi2007

One more to the pile and it seems that researchers are catching up, as SGX is a Skylake (2015) onwards feature, so Intel better up its ante in the future:


https://www.techspot.com/news/75971-foreshadow-fifth-major-cpu-security-flaw-discovered-2018.html



> A hot potato: The dust has barely settled over the Spectre and Meltdown vulnerabilities and now security researchers are looking at a whole new hardware flaw that could be potentially worse. They are calling it Foreshadow and it is similar to Spectre, but affects one of the most secure elements of Intel chips -- Software Guard Extensions or SGX.





> Foreshadow has two versions: the original attack designed to extract data from SGX enclaves and Foreshadow NG (Next Generation) that can be used to extract any information residing in the L1 cache. NG affects virtual machines, hypervisors, OS kernel memory, and system management mode memory, potentially threatening entire cloud platform’s infrastructure.
> 
> “There were certain aspects that were surprising and certain aspects that weren't,” said microarchitecture security researcher Yuval Yarom. “We thought speculative execution could get some information from SGX, but we weren’t sure how much. The amount of information we actually got out—that took us by surprise.”





> Intel has rated Foreshadow as 'high severity' and confirmed that the flaw affects all SGX-enabled Core processors, while Intel Atom CPUs are unaffected.





> As of writing, only Intel CPUs have been confirmed to be vulnerable to Foreshadow. In order to secure systems against the two Foreshadow variants, mitigations will be required at both the software level (OS, VM, VMM, etc.) and microcode level (hardware firmware, BIOS).
> 
> Intel, who refers to Foreshadow as "L1 Terminal Fault," has stated that they started distributing microcode updates to partners around May/June and are in the process of releasing mitigations for all affected processors.



I guess that for banking operations and log-ins in general Intel could start bundling some low power Atom cores, preferably based on the first gen design (in order arch) to do the job.


----------



## gamefoo21

That would explain why there was another bios released for my tablet and for my Z170 board.


----------



## tpi2007

More in-depth coverage of the issue here: https://arstechnica.com/gadgets/201...ou-guessed-it-a-speculative-execution-attack/

And this relevant piece of info at the end:



> For SGX data, however, the L1TF risk with hyperthreading enabled can't be completely eliminated.
> 
> Longer term, Intel promises to fix the issue in hardware. Cascade Lake processors, due to ship later this year, will not suffer the L1TF (or Meltdown) issues at all, suggesting that the new processors will change how they handle the permission checks to prevent speculative execution from running ahead of permissions checks.


----------



## ThrashZone

Hi,
I believe the os updates will mitigate the newer threats 
x99 is not likely to see anymore bios updates
Heck it took asus 4 months to release the beta bios from the first string of flaws lol


----------



## Blameless

ThrashZone said:


> x99 is not likely to see anymore bios updates
> Heck it took asus 4 months to release the beta bios from the first string of flaws lol


Intel will likely push microcode fixes for Haswell and newer architectures for a while. As long as the microcode is out there somewhere, it will be possible to integrate it into firmware.

Also, the SGX flaws don't apply to X99 because Skylake was the first architecture with the feature.


----------



## AlphaC

tpi2007 said:


> More in-depth coverage of the issue here: https://arstechnica.com/gadgets/201...ou-guessed-it-a-speculative-execution-attack/
> 
> And this relevant piece of info at the end:



As Blameless mentioned, Skylake is the first with SGX.


----------



## scgt1

Haven't read this whole thread but there is a class action investigation on this problem. What's pathetic is it only involves 30 something states. Of course my state (TX) isn't part of the suite.

For those in the following states take a crack at getting something from it here https://topclassactions.com/lawsuit...re-attack-class-action-lawsuit-investigation/



This investigation is looking for those who live in one of the following states or U.S. territories:

Alaska
Arizona
Connecticut
Delaware
Guam
Hawaii
Idaho
Iowa
Kentucky
Louisiana
Maine
Massachusetts
Michigan
Minnesota
Missouri
Montana
Nebraska
New Hampshire
New Mexico
North Carolina
North Dakota
Oklahoma
Oregon
Puerto Rico
Rhode Island
South Dakota
Tennessee
US Virgin Islands
Utah
Vermont
Washington
Washington, D.C.
West Virginia
Wyoming


----------



## rdr09

scgt1 said:


> Haven't read this whole thread but there is a class action investigation on this problem. What's pathetic is it only involves 30 something states. Of course my state (TX) isn't part of the suite.
> 
> For those in the following states take a crack at getting something from it here https://topclassactions.com/lawsuit...re-attack-class-action-lawsuit-investigation/
> 
> 
> 
> This investigation is looking for those who live in one of the following states or U.S. territories:
> 
> Alaska
> Arizona
> Connecticut
> Delaware
> Guam
> Hawaii
> Idaho
> Iowa
> Kentucky
> Louisiana
> Maine
> Massachusetts
> Michigan
> Minnesota
> Missouri
> Montana
> Nebraska
> New Hampshire
> New Mexico
> North Carolina
> North Dakota
> Oklahoma
> Oregon
> Puerto Rico
> Rhode Island
> South Dakota
> Tennessee
> US Virgin Islands
> Utah
> Vermont
> Washington
> Washington, D.C.
> West Virginia
> Wyoming


WTH, where is NJ? And why just intel?


----------



## tpi2007

AlphaC said:


> As Blameless mentioned, Skylake is the first with SGX.



You meant to reply to ThrashZone. I know that:



tpi2007 said:


> One more to the pile and it seems that researchers are catching up, as SGX is a Skylake (2015) onwards feature, so Intel better up its ante in the future:
> 
> 
> https://www.techspot.com/news/75971-foreshadow-fifth-major-cpu-security-flaw-discovered-2018.html


----------



## termathor

ThrashZone said:


> Hi,
> I believe the os updates will mitigate the newer threats
> x99 is not likely to see anymore bios updates
> Heck it took asus 4 months to release the beta bios from the first string of flaws lol


Yep, and still today, it is still in beta for Z97 mobos. So long for the super expensive ROG products, like the MAXIMUS line ...
Don't hold your breath for the BIOS updates for the new vulns !


----------



## encrypted11

ThrashZone said:


> Hi,
> I believe the os updates will mitigate the newer threats
> x99 is not likely to see anymore bios updates
> Heck it took asus 4 months to release the beta bios from the first string of flaws lol


It's actually up to the board manufacturer and their decisions shouldn't be conflated. 
ASRock has been providing the microcode mitigations for boards dating back to the IvyBridge platform.



Spoiler



ftp://asrock.cn/BIOS/1150/
ftp://asrock.cn/BIOS/1155/
ftp://asrock.cn/BIOS/2011/


----------



## ThrashZone

Blameless said:


> Intel will likely push microcode fixes for Haswell and newer architectures for a while. As long as the microcode is out there somewhere, it will be possible to integrate it into firmware.
> 
> *Also, the SGX flaws don't apply to X99 because Skylake was the first architecture with the feature*.


Hi,
Thanks for that, that is news to me 

As far as micro code from Intel 
Doesn't mean a lot if asus "in my case" doesn't test it on x99 bios.
ASUS had a heck of a time on this last beta bios for x99 from random shut downs or restarts with the first round :/

I had no luck with the new bios personally between it and 10 updates the system was a watchdog... freaking mess so I bailed on both.


----------



## Offler

rdr09 said:


> WTH, where is NJ? And why just intel?


My wild guess is that its because AMD CPUs were not affected by Meltdown.


----------



## Offler

Well, then check whether AMDs were affected by Meltdown... and they were not as far I know.


----------



## Blameless

ThrashZone said:


> Hi,
> Thanks for that, that is news to me
> 
> As far as micro code from Intel
> Doesn't mean a lot if asus "in my case" doesn't test it on x99 bios.
> ASUS had a heck of a time on this last beta bios for x99 from random shut downs or restarts with the first round :/
> 
> I had no luck with the new bios personally between it and 10 updates the system was a watchdog... freaking mess so I bailed on both.


Patch the new microcode into an old BIOS version you know works.

ASUS probably used the opportunity to integrate other changes, but the microcode itself shouldn't cause any significant problems, outside of the known performance impact in some scenarios, and maybe requiring a small adjustment to voltages.


----------



## ThrashZone

Blameless said:


> Patch the new microcode into an old BIOS version you know works.
> 
> ASUS probably used the opportunity to integrate other changes, but the microcode itself shouldn't cause any significant problems, outside of the known performance impact in some scenarios, and maybe requiring a small adjustment to voltages.


Hi,
Thanks but i have no idea how to do that lol 
2101 bios is about as good as I've run into but there are still win-10 updates that screw the os 
I'm on 1803 os build 17134.1 with updates paused and it's doing okay.


----------



## cfu97

Any program to test if the bios update has fixed all bugs?


----------



## mAs81

cfu97 said:


> Any program to test if the bios update has fixed all bugs?


The one I use is InSpectre , if by bugs you meant the vulnerabilities 

Luckily , both my z97 systems (ASRock and ASUS) have had BIOS updates(albeit the ASUS is still in Beta) with no performance loss,to my attention..


----------



## rdr09

Offler said:


> My wild guess is that its because AMD CPUs were not affected by Meltdown.



But the case includes vulnerability to Spectre, which affects AMD.

How about Foreshadow? I read turning off Hyperthreading will help, which will reduce performance quite a bit on processors affected. Ugh.


----------



## Blameless

ThrashZone said:


> Hi,
> Thanks but i have no idea how to do that lol
> 2101 bios is about as good as I've run into but there are still win-10 updates that screw the os
> I'm on 1803 os build 17134.1 with updates paused and it's doing okay.


I used the latest version of UBU to merge the 3D (HW-E) and 14 (BW-E) microcodes (newest available, which include the Spectre Variant 4 mitigations) into the ASUS X99 Sabertooth 2101 BIOS, if you'd like to try it.

I've attached the file to this post and uploaded it to Sendspace as well (https://www.sendspace.com/file/touegm), in case there are issues with the attachment.

Due to the way ASUS' checksums work as well as the fact that this is likely an older firmware version than what you're using now, you have to use ASUS' BIOS flashback feature, where you copy the .CAP file to an otherwise blank FAT32 formatted USB stick and use the special slot and button to force an update to the firmware. The board's manual has full details.

If you care to, you can verify with a hex editor that has file compare features that the only differences from the 2101 CAP direct from ASUS and this modified file are part of the header/checksum and the microcode area. However, as I do not have one of these boards, I cannot test the modification myself. So, use at your own risk. I don't anticipate any problems and you should be able to reverse the procedure with another flashback, if there are issues, but I cannot make any guarantees.


----------



## Offler

rdr09 said:


> But the case includes vulnerability to Spectre, which affects AMD.
> 
> How about Foreshadow? I read turning off Hyperthreading will help, which will reduce performance quite a bit on processors affected. Ugh.


Running Spectre code on AMDs will only result in noticeable performance reduction. Thats when your AV should step in and zap the responsible process.

Hypethreading ... well lets say it increases possible utilization level, so total performance output is increased by 25%, on other hand it decreases peak performance. In server/productivity oriented situation its a real mess. Speaking of games... not that much.


----------



## rdr09

Offler said:


> Running Spectre code on AMDs will only result in noticeable performance reduction. Thats when your AV should step in and zap the responsible process.
> 
> Hypethreading ... well lets say it increases possible utilization level, so total performance output is increased by 25%, on other hand it decreases peak performance. In server/productivity oriented situation its a real mess. Speaking of games... not that much.


I certainly agree that in games not much will be affected. Besides, with six real cores being available, it will be awhile before the need for more becomes ideal.


----------



## cfu97

Any real plan from Intel or AMD to fix the bugs through hardware design in 2019 so far?


----------



## Nizzen

cfu97 said:


> Any real plan from Intel or AMD to fix the bugs through hardware design in 2019 so far?


There will allways be bugs in software and hardware, so if you are afraid about that; start running 😄


----------



## splangie

rdr09 said:


> But the case includes vulnerability to Spectre, which affects AMD.
> 
> How about Foreshadow? I read turning off Hyperthreading will help, which will reduce performance quite a bit on processors affected. Ugh.



I have read one of the main threats are side channel and may often be the result of vulnerabilities hyperthreading opens up. Does that mean CPUs like the 9700k are "less vulnerable" to Spectre, Meltdown and Foreshadow?


Update: I see Foreshadow is Spectre-based. So are 9700ks "less vulnerable" to Spectre and Meltdown in general?


----------



## rdr09

splangie said:


> I have read one of the main threats are side channel and may often be the result of vulnerabilities hyperthreading opens up. Does that mean CPUs like the 9700k are "less vulnerable" to Spectre, Meltdown and Foreshadow?
> 
> 
> Update: I see Foreshadow is Spectre-based. So are 9700ks "less vulnerable" to Spectre and Meltdown in general?



Based on what i've read here in OCN and other sites, the only vulnerabilities that are related to Hyper-threading are Foreshadow, which was discovered last year, and Portsmash. The latter affects both individual pc owners and servers.

If you're just a gamer, i don't think you should really be concerned about these stuff.


----------



## Blameless

cfu97 said:


> Any real plan from Intel or AMD to fix the bugs through hardware design in 2019 so far?


Both AMD an Intel are trying to include hardware fixes, where applicable, but there will likely always need to be firmware and software mitigations.

Fact of the matter is that speculative execution itself introduces some intrinsic vulnerabilities. Most can probably be mitigated in hardware, but I'm doubtful the vulnerabilities will ever be eliminated all together. We aren't going to see a return to in-order/non-speculative architectures either, as this would totally destroy performance, if not combined with a radical rewriting of all software.

Just use rational precautions and keep your stuff patched and chances are you'll be fine.


----------



## ThrashZone

Hi,
Not a lot of money in hacking individuals unless you're Bill Gates...


----------



## cfu97

Blameless said:


> cfu97 said:
> 
> 
> 
> Any real plan from Intel or AMD to fix the bugs through hardware design in 2019 so far?
> 
> 
> 
> Both AMD an Intel are trying to include hardware fixes, where applicable, but there will likely always need to be firmware and software mitigations.
> 
> Fact of the matter is that speculative execution itself introduces some intrinsic vulnerabilities. Most can probably be mitigated in hardware, but I'm doubtful the vulnerabilities will ever be eliminated all together. We aren't going to see a return to in-order/non-speculative architectures either, as this would totally destroy performance, if not combined with a radical rewriting of all software.
> 
> Just use rational precautions and keep your stuff patched and chances are you'll be fine.
Click to expand...

Look like they both would never really patch these since much slower cpu that would destroy the sales number.


----------



## EniGma1987

ThrashZone said:


> Hi,
> Not a lot of money in hacking individuals unless you're Bill Gates...



Sure there is. You develop an application that exploits a vulnerability to get your onto a normal users PC, have it install a ransomware or other malware, and exploit tens of thousands of users with the development of a single application. If it hits a server, corporate office, or someone extra rich then thats just a bonus.


----------



## miklkit

How many bank accounts could be cleaned out like that?


----------



## rdr09

cfu97 said:


> Look like they both would never really patch these since much slower cpu that would destroy the sales number.


The Spoiler that affects intel processors cannot be software patched.


----------



## splangie

rdr09 said:


> Based on what i've read here in OCN and other sites, the only vulnerabilities that are related to Hyper-threading are Foreshadow, which was discovered last year, and Portsmash. The latter affects both individual pc owners and servers.
> 
> If you're just a gamer, i don't think you should really be concerned about these stuff.



All Dev, DAW and virtuals for me. I haven't been a gamer since 3dfx. Ok, a bit past that. But once the cost of a top end video card went above a mid range HEDT cpu I said screw that. All serious stuff now.


----------



## rdr09

splangie said:


> All Dev, DAW and virtuals for me. I haven't been a gamer since 3dfx. Ok, a bit past that. But once the cost of a top end video card went above a mid range HEDT cpu I said screw that. All serious stuff now.


Even if it is a work pc, so long as you don't keep sensitive data such as from clients, then no big deal. Now, if you do, then that is up to you.


----------



## EniGma1987

miklkit said:


> How many bank accounts could be cleaned out like that?



Well, since bank terminals often run XP or Win 7 on embedded Intel systems, all of them? I bet someone could hack a magnetic strip of a bank card and input a minor virus that takes advantage of the ATM's CPU that opens the system to further compromise where they could issue fake commands.


----------



## miklkit

Hmm. Since consumer interest rates are at 0.4% or less a coffee can in the back yard is starting to look like the safest bet.


----------



## cfu97

So what is the real risk of these bugs so far? Someone has to be at least in my local lan network to do these hacking right?


----------



## ThrashZone

Hi,
Some need to be in the same room 
Disable remote desktop nonsense and you kill the rest
Disable virtualization and you're looking pretty good.

Now only be scared of being hit by lightening or hit by a bus in your living room


----------



## The Robot

cfu97 said:


> So what is the real risk of these bugs so far? Someone has to be at least in my local lan network to do these hacking right?


So far, none, for home users at least. Not counting hacking demos on YouTube, where a guy compiles and runs the malware manually on Linux. Browsers were already patched day one anyway, and that's where the attack is likely to come from.


----------



## bmaxa

Risk is that wahtever you run can steal sensitive data from your computer...


----------



## cfu97

The Robot said:


> So far, none, for home users at least. Not counting hacking demos on YouTube, where a guy compiles and runs the malware manually on Linux. Browsers were already patched day one anyway, and that's where the attack is likely to come from.


Let's say a pro hacker knows my home IP, can he do anything with these cpu bugs?


----------



## ThrashZone

Hi,
He can know where you live and break in.


----------



## Imouto

The Robot said:


> So far, none, for home users at least. Not counting hacking demos on YouTube, where a guy compiles and runs the malware manually on Linux. Browsers were already patched day one anyway, and that's where the attack is likely to come from.


Again.

For ninth time.

Spectre and Meltdown are the exploitation or attack vectors of the vulnerabilities in Intel CPUs regarding speculative execution. The thing is broken so to speak and needs hardware fixes to stop new exploits to appear from time to time. Spectre and Meltdown were discovered almost 2 years ago but Spoiler was discovered barely a year ago. ZombieLoad, RIDL or Fallout are way more recent.

You can't fix it with software because it is broken at hardware level. You can mitigate the known attack vectors patching everything along the way.


----------



## bmaxa

cfu97 said:


> Let's say a pro hacker knows my home IP, can he do anything with these cpu bugs?


I don't believe that hacker cares about those bugs... every OS is vulnerable to more or less extent, but if you are specifically targeted
by human you will be cracked.


----------



## cfu97

Imouto said:


> Again.
> 
> For ninth time.
> 
> Spectre and Meltdown are the exploitation or attack vectors of the vulnerabilities in Intel CPUs regarding speculative execution. The thing is broken so to speak and needs hardware fixes to stop new exploits to appear from time to time. Spectre and Meltdown were discovered almost 2 years ago but Spoiler was discovered barely a year ago. ZombieLoad, RIDL or Fallout are way more recent.
> 
> You can't fix it with software because it is broken at hardware level. You can mitigate the known attack vectors patching everything along the way.


yes I understand. My question is how can a hacker use those bugs to attack user like me?


----------



## Imouto

cfu97 said:


> yes I understand. My question is how can a hacker use those bugs to attack user like me?


The easiest way would be your browser as simple JS is know to be able to exploit it. You have two options then:

- Use something like uBlock Origin to stop most malicious advertising from attacking your computer and/or use NoScript to stop any scripting from doing so be it malicious ads or sites. Take in mind that NoScript breaks a lot of sites both in functionality and/or appearance.
- Just update your OS and software as these exploits aren't widely used and the sensitive data they can collect depends wildly on a lot of variables.


----------



## cfu97

Imouto said:


> The easiest way would be your browser as simple JS is know to be able to exploit it. You have two options then:
> 
> - Use something like uBlock Origin to stop most malicious advertising from attacking your computer and/or use NoScript to stop any scripting from doing so be it malicious ads or sites. Take in mind that NoScript breaks a lot of sites both in functionality and/or appearance.
> - Just update your OS and software as these exploits aren't widely used and the sensitive data they can collect depends wildly on a lot of variables.


Any known case that hacker use JS or other way to hack user through browser?


----------



## Imouto

cfu97 said:


> Any known case that hacker use JS or other way to hack user through browser?


LMGTFY

Some times I don't know if this community is this insufferable on purpose.


----------



## The Robot

Imouto said:


> Again.
> 
> For ninth time.
> 
> Spectre and Meltdown are the exploitation or attack vectors of the vulnerabilities in Intel CPUs regarding speculative execution. The thing is broken so to speak and needs hardware fixes to stop new exploits to appear from time to time. Spectre and Meltdown were discovered almost 2 years ago but Spoiler was discovered barely a year ago. ZombieLoad, RIDL or Fallout are way more recent.
> 
> You can't fix it with software because it is broken at hardware level. You can mitigate the known attack vectors patching everything along the way.


Not denying this, but built-in holes have always existed with Intel even before spectre. There's MEI that can read your memory while the PC is in standby and potentially send that info over the net. Even encryption won't help, no patches, firewalls and microcodes will ever help, other switching the CPU to AMD or preferably something more obscure like PowerPC. I just don't think these holes are a big concern to average user, unless they are doing something that warrants to be targeted by a handcrafted NSA black ops exploit, but then they have bigger problems than ZombieFallout.


----------



## cfu97

Spectre has been a long journey and has highlighted the best in collaboration across vendors in the industry and academia. So far, white hats appear to be ahead of black hats. We still know of no attacks in the wild, outside of the curious tinkerers and professional researchers developing proof of concept gadgets. New variants of these vulnerabilities continue to trickle out, and may continue to do so for some time. We continue to track these threats and take them seriously.

https://v8.dev/blog/spectre


----------



## ThrashZone

Hi,
Most likely threat is ransomware.


----------



## cfu97

The Robot said:


> Not denying this, but built-in holes have always existed with Intel even before spectre. There's MEI that can read your memory while the PC is in standby and potentially send that info over net. Even encryption won't help, no patches, firewalls and microcodes will ever help, other switching the CPU to AMD or preferably something more obscure like PowerPC. I just don't think these holes are a big concern to average user, unless they are doing something that warrants to be targeted by a handcrafted NSA black ops exploit, but then they have bigger problems than ZombieFallout.


Even for the latest cpu, AMD is more safe than Intel if these cpu bugs are concerned?


----------



## cfu97

By the way, does the latest intel/amd cpu come with these bugs and no fix?!


----------



## The Robot

cfu97 said:


> Even for the latest cpu, AMD is more safe than Intel if these cpu bugs are concerned?


Yes, AMD is safer because their arch doesn't rely on speculative execution that much. It can get hit by some spectre variants though.
https://www.techspot.com/news/79234-amd-addresses-spoiler-vulnerability-ryzen-users-safe-one.html
https://www.amd.com/en/corporate/product-security


----------



## 113802

Imouto said:


> Again.
> 
> For ninth time.
> 
> Spectre and Meltdown are the exploitation or attack vectors of the vulnerabilities in Intel CPUs regarding speculative execution. The thing is broken so to speak and needs hardware fixes to stop new exploits to appear from time to time. Spectre and Meltdown were discovered almost 2 years ago but Spoiler was discovered barely a year ago. ZombieLoad, RIDL or Fallout are way more recent.
> 
> You can't fix it with software because it is broken at hardware level. You can mitigate the known attack vectors patching everything along the way.


Yes, Intel has more vulnerabilities than AMD in their on their current architectures. With Ice Lake Intel implemented all the hardware fixes. 


You left out AMD, ARM and Power when mentioning Spectre. Spectre v1 is exploitable on pretty much every chip that performs branch-prediction speculative execution. Since it has no suitable hardware solution.


----------



## cfu97

WannaBeOCer said:


> Yes, Intel has more vulnerabilities than AMD in their on their current architectures. With Ice Lake Intel implemented all the hardware fixes.
> 
> 
> You left out AMD, ARM and Power when mentioning Spectre. Spectre v1 is exploitable on pretty much every chip that performs branch-prediction speculative execution. Since it has no suitable hardware solution.


Ice Lake cpu comes with all known bugs fixed, while latest amd cpu still comes with these known bugs?


----------



## deepor

cfu97 said:


> yes I understand. My question is how can a hacker use those bugs to attack user like me?



I had that question myself and tried to look into it quite a bit, and here's how I understood things. I'd be happy if people could correct misunderstandings:

What these security bugs do is that one normal program can peek out from its own memory space and into the rest of the memory of the machine. With "normal program" I mean that the program is not running with Administrator rights, you don't see an UAC prompt when you start it.

An attack would then be something where that evil program manages to follow how you are ordering stuff on Amazon, then later the attacker buys stuff with your account. Or another thing would be the attacker following how the World of Warcraft client logs into the game and somehow managing to steal your WoW account with that.

Now taking a step back, there first has to be that evil program getting onto your system. On a Windows PC you download all kinds of programs and use them. Each of those could be bad through one of its developers being a criminal, or there could be a sort of virus added to the program through the website where you got it from.

There's also experiments about how to do the attacks with Javascript code, making it so a webpage you visit could do the attack. Chrome and Firefox were tweaked to (supposedly) make Javascript attacks impossible.

Overall, I decided for myself that the attacks are unrealistic on my home PC. I mostly work and play on a Linux PC and I completely disable all mitigations that are built into the Linux kernel (but every time I explain this people tell me I'm an idiot). On Windows I keep all security mitigations enabled mostly because I feel lazy about tweaking it as I'm not using it a lot.

I think the attacks really matter to people running cloud servers. On those computers you have strangers being allowed to run their own code. There's always an attacker working on stealing stuff from other strangers on that same server.

On that Linux PC where I work and play, nearly all programs I run come from the distribution's software repository. All the programs in the repository were open source and compiled into binaries by the distro. There's shouldn't be strange code/viruses managing to get into the programs. The only programs I get as binaries are Steam and games. Those could be dangerous, I'm just hoping they aren't. I also guess that other types of attacks are more realistic than Spectre stuff, so if something's dangerous it'll do its thing anyway even if mitigations are enabled.


----------



## cfu97

deepor said:


> I had that question myself and tried to look into it quite a bit, and here's how I understood things. I'd be happy if people could correct misunderstandings:
> 
> What these security bugs do is that one normal program can peek out from its own memory space and into the rest of the memory of the machine. With "normal program" I mean that the program is not running with Administrator rights, you don't see an UAC prompt when you start it.
> 
> An attack would then be something where that evil program manages to follow how you are ordering stuff on Amazon, then later the attacker buys stuff with your account. Or another thing would be the attacker following how the World of Warcraft client logs into the game and somehow managing to steal your WoW account with that.
> 
> Now taking a step back, there first has to be that evil program getting onto your system. On a Windows PC you download all kinds of programs and use them. Each of those could be bad through one of its developers being a criminal, or there could be a sort of virus added to the program through the website where you got it from.
> 
> There's also experiments about how to do the attacks with Javascript code, making it so a webpage you visit could do the attack. Chrome and Firefox were tweaked to (supposedly) make Javascript attacks impossible.
> 
> Overall, I decided for myself that the attacks are unrealistic on my home PC. I mostly work and play on a Linux PC and I completely disable all mitigations that are built into the Linux kernel (but every time I explain this people tell me I'm an idiot). On Windows I keep all security mitigations enabled mostly because I feel lazy about tweaking it as I'm not using it a lot.
> 
> I think the attacks really matter to people running cloud servers. On those computers you have strangers being allowed to run their own code. There's always an attacker working on stealing stuff from other strangers on that same server.
> 
> On that Linux PC where I work and play, nearly all programs I run come from the distribution's software repository. All the programs in the repository were open source and compiled into binaries by the distro. There's shouldn't be strange code/viruses managing to get into the programs. The only programs I get as binaries are Steam and games. Those could be dangerous, I'm just hoping they aren't. I also guess that other types of attacks are more realistic than Spectre stuff, so if something's dangerous it'll do its thing anyway even if mitigations are enabled.


Base on my understanding, I agree it is almost impossible for a hacker to hack another person just through internet with these bugs (except godlike hacker in places like CIA, that kind of next level kind of human!? For hacker like this he/she would have more than 100 ways to hack me anyway). The main concern should be cloud server.


----------



## cfu97

and if someone really concerns security like these bugs, look like amd is better choice than intel.


----------



## 113802

cfu97 said:


> Ice Lake cpu comes with all known bugs fixed, while latest amd cpu still comes with these known bugs?


What? I don't think you understood what I said. Ice Lake is as secure as the latest Zen 2 architecture.

Every CPU that does branch-prediction speculative execution is vulnerable to Spectre V1. We won't see a hardware fix for Spectre v1 for a long time.


----------



## cfu97

WannaBeOCer said:


> What? I don't think you understood what I said. Ice Lake is as secure as the latest Zen 2 architecture.
> 
> Every CPU that does branch-prediction speculative execution is vulnerable to Spectre V1. We won't see a hardware fix for Spectre v1 for a long time.


I just did some google searches and yes latest cpu of both intel/amd just fix little bit of these cpu bugs and most of these bugs haven't been fixed and don't look like they would try to fix these bugs at all because
They sell faster and faster cpu speed forever and we all know fixing these bugs mean it could slow the cpu like 40%, 50%............

I look at some latest most expensive customer grade motherboard for latest cpu, don't look like they try to fix all of these bugs at all, ho yeah motherboard needs to show better speed for more sales, not security...


----------



## cfu97

mAs81 said:


> The one I use is InSpectre , if by bugs you meant the vulnerabilities
> 
> Luckily , both my z97 systems (ASRock and ASUS) have had BIOS updates(albeit the ASUS is still in Beta) with no performance loss,to my attention..



Is this program still a good way to detect if my computer is safe from all these cpu bugs?


----------



## Nammi

cfu97 said:


> Is this program still a good way to detect if my computer is safe from all these cpu bugs?


I don't think it detects all of them.
You can check with powershell. https://support.microsoft.com/en-us...-of-get-speculationcontrolsettings-powershell


----------



## rdr09

cfu97 said:


> Is this program still a good way to detect if my computer is safe from all these cpu bugs?


Only time you really need to be concerned is if you have any sensitive data in your pc. If just for gaming, make sure you have the latest update from MS and you are set.


----------



## cfu97

rdr09 said:


> Only time you really need to be concerned is if you have any sensitive data in your pc. If just for gaming, make sure you have the latest update from MS and you are set.


I guess almost anyone would do online e-banking with computer....


----------



## reqq

Will upcoming 10 core from Intel have these?


----------



## Section31

They are patched for current bugs and had redesign to restore the lost performance. However, they are still based on the core architecture (but heavily modified in some areas). There are bound to be other holes popping up. 

My feeling is intel won't be safe till Ocean Cove (desktop) or laptop variant comes out. Safest bet is AMD for now though these security researchers will find exploits given an couple of years of being able to dig around the code.


----------



## looniam

cfu97 said:


> I guess almost anyone would do online e-banking with computer....


hold my beer.



Spoiler












i have a gaming machine, not a banking machine.

maybe i'm too old fashion but i go to the bank.

get off my lawn.


----------



## rluker5

I do my banking on a different computer.
My gaming computer is so far from a microcode update it's microcode isn't even detected


----------



## rdr09

Patch this.

https://arstechnica.com/information...s-researchers-steal-encrypted-ssh-keystrokes/


----------



## EniGma1987

That could be extremely bad for the financial trading sector, as they rely on RDMA to do their work. They also require internet connections to their computer clusters, so no option to turn it off or secure their network from the outside. Not a single company is going to turn the feature off and take a guaranteed loss in millions of dollars profit against the threat of a possible loss of profit.
I didnt see whether this required local access or not though. They talk about the attack, but no mention of whether the attack can be executed remotely against the target. Hopefully not as that would solve much of the problem.


----------



## ibb27

rdr09 said:


> Patch this.
> 
> https://arstechnica.com/information...s-researchers-steal-encrypted-ssh-keystrokes/


And:
https://www.techpowerup.com/259096/...s-ddio-on-intel-xeon-processors-to-steal-data

I love the comments, especially proposed DILDO (damaging Intel leak data option) name for the 'feature'. LOL


----------



## 113802

ibb27 said:


> rdr09 said:
> 
> 
> 
> Patch this.
> 
> https://arstechnica.com/information...s-researchers-steal-encrypted-ssh-keystrokes/
> 
> 
> 
> And:
> https://www.techpowerup.com/259096/...s-ddio-on-intel-xeon-processors-to-steal-data
> 
> I love the comments, especially proposed DILDO (damaging Intel leak data option) name for the 'feature'. LOL
Click to expand...

That's the same exploit:

https://arstechnica.com/information...s-researchers-steal-encrypted-ssh-keystrokes/



> The researchers have named their attack NetCAT, short for Network Cache ATtack. Their research is prompting an advisory for Intel that effectively recommends turning off either DDIO or RDMA in untrusted networks. The researchers say future attacks may be able to steal other types of data, possibly even when RDMA isn't enabled. They are also advising hardware makers do a better job of securing microarchitectural enhancements before putting them into billions of real-world servers.


----------



## papant7

Another issue with these vulnerabilities especially with those with private clouds is the risk of data breach from one container to another. One system could be exposed to external networks and can access data from a different container that would be for internal use only. IDK why people say that they are basically unaffected by this. If only you know how many CIOs and CTOs are scratching their heads thinking how many more vulnerabilities would be coming up. Especially with fixes with performance impact, client facing companies rely on their capacity planning for purchases which are done in advance. You can't just order a server like a laptop and get it delivered next day. With Epyc being cheaper and better performing, IDK how the long term sales projections are.


----------



## cfu97

Look like new Ryzen is safer than Intel


----------



## EniGma1987

cfu97 said:


> Look like new Ryzen is safer than Intel



Well since half these bugs are due to the same security check flaw in the cache, yes Ryzen is safer than the current and older gen Intels. And Intel is fixing it, and they they will be the same.


----------



## cfu97

EniGma1987 said:


> Well since half these bugs are due to the same security check flaw in the cache, yes Ryzen is safer than the current and older gen Intels. And Intel is fixing it, and they they will be the same.


I doubt Intel will fix it in hardware design in years since it would hurt its performance a lot and that would hurt sales number a lot.


----------



## cx-ray

cfu97 said:


> I doubt Intel will fix it in hardware design in years since it would hurt its performance a lot and that would hurt sales number a lot.


They already have implemented several hardware fixes. The whole point of them is to mitigate the performance loss of software workarounds. For instance, on the 9900K it brings back the theoretical 4KQ1T1 read of an Optane 900 series SSD back up to ~300 MB/s from ~200 MB/s on patched Skylake-X. 

(Note these are performance differences you see in benchmarks. Such large gains are rarely mirrored in actual application performance.)


----------



## 113802

cx-ray said:


> cfu97 said:
> 
> 
> 
> I doubt Intel will fix it in hardware design in years since it would hurt its performance a lot and that would hurt sales number a lot.
> 
> 
> 
> They already have implemented several hardware fixes. The whole point of them is to mitigate the performance loss of software workarounds. For instance, on the 9900K it brings back the theoretical 4KQ1T1 read of an Optane 900 series SSD back up to ~300 MB/s from ~200 MB/s on patched Skylake-X.
> 
> (Note these are performance differences you see in benchmarks. Such large gains are rarely mirrored in actual application performance.)
Click to expand...

They already implemented the hardware fixes in Ice Lake which is 18% faster than Skylake and 9% faster than Zen 2. My next notebook will have Ice Lake. 

https://www.anandtech.com/show/14664/testing-intel-ice-lake-10nm/3


----------

