# Major Intel CPU Hardware Vulnerability Found



## biffzinker (Jan 2, 2018)

_A major hardware flaw appears to have been discovered in Intel CPUs, and bypassing this bug can drastically impact performance. Patching the Intel CPU bug is purported to cause a performance hit of 30-35% on Intel CPUs, while all AMD CPUs are unaffected._

_The bug itself could potentially have devastating consequences. It opens up possible security vulnerabilities in Intel CPUs, including large cloud providers and web hosts. The hardware bug causes an Intel CPU to prefetch system memory areas and gain control of any application, in theory allowing for a VM on shared hosting to read and write over another VM. Breaking out of the confines of virtual machines hosted at cloud providers could prove hugely damaging._

_According to numerous sources, the security bug is currently embargoed, with Intel trying to keep a lid on it lest it is exploited for an attack. The bug was allegedly unearthed by developers working on the Linux kernel, with several major kernel patches dropping over the festive period quickly drawing attention._

Sources: Game Debate Reddit


----------



## natr0n (Jan 2, 2018)

I bet users are having panic attacks now at that performance loss.

Almost like getting your e-wiener reduced.


----------



## Solaris17 (Jan 2, 2018)

natr0n said:


> I bet users are having panic attacks now at that performance loss.
> 
> Almost like getting your e-wiener reduced.



This won't affect consumers or casual labbers with hyper-v enabled on there home machines. I've been following this and this is seems exclusive to big virtual farms not bare-metal installs.

no 3dmark scores going down im afraid. We also dont know what "35%" performance drop means either since this info is just from linux users and not windows fleets.


----------



## eidairaman1 (Jan 2, 2018)

With that vulnerability it is not good for intel no matter how you slice it, plus this stuff typically rolls down to consumers too.


----------



## Vayra86 (Jan 2, 2018)

Wow. Going to keep an eye on this


----------



## Solaris17 (Jan 2, 2018)

eidairaman1 said:


> With that vulnerability it is not good for intel no matter how you slice it, plus this stuff typically rolls down to consumers too.



Not really, this is specific to virtualization. So unless you own a AWS compute farm your probably not going to shut off windows ervices in task manager any time soon to boost your FPS in fallout 4.


----------



## jaggerwild (Jan 2, 2018)

"There is evidence of a massive Intel CPU hardware bug (currently under embargo) that directly affects big cloud providers like Amazon and Google. The fix will introduce notable performance penalties on Intel machines (30-35%)."
KEY HERE IS "CLOUD" providers like Amazon n Google, this is why they teach English in a school with a bell n strap


----------



## qubit (Jan 2, 2018)

This is bad news for Intel and AMD must be rubbing their hands with glee. I wonder if my 2700K is affected by this?


----------



## jboydgolfer (Jan 2, 2018)

Thank God it's an Intel-based issue.


----------



## Solaris17 (Jan 2, 2018)

If you fancy a read this is the type of kernel isolation they are talking about. The backport started only a few days ago since the kernel is very new. You can check that out here windows ASLR and Isolation is based off of *nix KPTI. While there isnt much info on windows ASLR regarding this specific bug you can get a grasp of what its doing and why it costs performance HERE though in lab testing penalties are not near 35%.



qubit said:


> This is bad news for Intel and AMD must be rubbing their hands with glee. I wonder if my 2700K is affected by this?



If the bug is in the lower registers then yes and for that matter every intel CPU would be.


----------



## cdawall (Jan 2, 2018)

I'm curious on more information for this one. Sounds like a bunch of people will be screaming how great amd is here shortly, for a bug that affects basically no one on the forum. Lol


----------



## Solaris17 (Jan 2, 2018)

cdawall said:


> I'm curious on more information for this one. Sounds like a bunch of people will be screaming how great amd is here shortly, for a bug that affects basically no one on the forum. Lol



This guy gets it.

Same, from what I'v seen this might be close-ish to the AMB TLB bug back in the day. I dont remember anyone crying over there FX CPU performance back then and that software workaround IIRC is in windows to this day.


----------



## biffzinker (Jan 2, 2018)

qubit said:


> I wonder if my 2700K is affected by this?


Supposedly goes all the way back to the Core 2 Duo.

The Register has a news post up.
https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/


----------



## cdawall (Jan 2, 2018)

Solaris17 said:


> This guy gets it.
> 
> Same, from what I'v seen this might be close-ish to the AMB TLB bug back in the day. I dont remember anyone crying over there FX CPU performance back then and that software workaround IIRC is in windows to this day.



As technically advanced as modern cpus are I am astonished more like this isn't found from both sides. AMD had an errata with zen already that they managed to fix right before release this popping up makes me curious if they actually fixed it.


----------



## Solaris17 (Jan 2, 2018)

cdawall said:


> As technically advanced as modern cpus are I am astonished more like this isn't found from both sides. AMD had an errata with zen already that they managed to fix right before release this popping up makes me curious if they actually fixed it.



I'm sure more users would be astonished to see how many issues are documented as -Not fixed or -No work around available if they just read the release architecture PDFs both camps publish.


----------



## EntropyZ (Jan 2, 2018)

I mean, Intel had a backdoor on their CPUs for a long time according to rumors. What's stopping them having these vulnerabilities, Intel brought this on themselves. Having their "features" *cough* (bugs) added in is a double-edged sword.

You are not buying a CPU I think, you're only getting a licence to use one.


----------



## biffzinker (Jan 2, 2018)

63% performance hit on Skylake i7-6700, and 49% on EPYC 7601 with patch active.
https://www.computerbase.de/2018-01/intel-cpu-pti-sicherheitsluecke/


----------



## cdawall (Jan 2, 2018)

biffzinker said:


> 63% performance hit on Skylake i7-6700, and 49% on EPYC 7601 is 49% with patch active.
> https://www.computerbase.de/2018-01/intel-cpu-pti-sicherheitsluecke/



Why would this patch ever be active on a 6700?


----------



## eidairaman1 (Jan 2, 2018)

cdawall said:


> I'm curious on more information for this one. Sounds like a bunch of people will be screaming how great amd is here shortly, for a bug that affects basically no one on the forum. Lol



Its the same as tlb or fma "erratta" lol


----------



## birdie (Jan 2, 2018)

More details.

Probably it's high time to buy AMD shares.


----------



## jboydgolfer (Jan 2, 2018)

cdawall said:


> Sounds like a bunch of people will be screaming how great amd is here shortly



thats why i said this



jboydgolfer said:


> Thank God it's an Intel-based issue



if it was AMD , there'd be a group of people in here, viciously attacking posters for commenting. the more i think about it, the closest thing i can think of, that resembles that type of behavior ,is Cult members.


----------



## Solaris17 (Jan 2, 2018)

EntropyZ said:


> I mean, Intel had a backdoor on their CPUs for a long time according to rumors. What's stopping them having these vulnerabilities, Intel brought this on themselves. Having their "features" added in is a double-edged sword.
> 
> You are not buying a CPU I think, you're only getting a licence to use one.



No your talking about Intel ME  Which your motherboard doesnt even support. and thats not CPU related, thats PCH (mobo)


----------



## EntropyZ (Jan 2, 2018)

Solaris17 said:


> No your talking about Intel ME  Which your motherboard doesnt even support. and thats not CPU related, thats PCH (mobo)


PCH that is solely by and for Intel. There are still murmurs about Intel having a bit too much control over your system. Like being able to remotely control it. Still unconfirmed, makes you think though.

I'd like to to think of these "features" they have as insurance, for if and when the time comes. *tinfoil hat mode on*

Sucks to be at the consumer end.


----------



## Solaris17 (Jan 2, 2018)

EntropyZ said:


> PCH that is solely by and for Intel. There are still murmurs about Intel having a bit too much control over your system. Like being able to remotely control it. Still unconfirmed, makes you think though.
> 
> I'd like to to think of these "features" they have as insurance, for if and when the time comes. *tinfoil hat mode on*



It really doesnt, Intel ME venerability was a leverage against the MINIX OS embedded in the ME EFI files. Intel ME while on an Intel PCH is only included on some  Intel PCHs mostly workstation and server boards. Which is also something that has already been patched. You can get that detection tool and follow up (if vulnerable) by bitching at your vendor Here


----------



## GC_PaNzerFIN (Jan 2, 2018)

Based on my reading on the topic, impact to normal home/workstation user should be pretty small, average about 5% tops on reasonable workloads. But if you are heavy network or I/O user like virtualized servers, you may see significantly larger hit of double digits. Probably so much that it will start to upset some cloud providers/customers. 

EPYC news for AMD server offerings! I wouldn't worry too much about your latest gaming PC purchase though.


----------



## Solaris17 (Jan 2, 2018)

GC_PaNzerFIN said:


> EPYC news for AMD server offerings! I wouldn't worry too much about your latest gaming PC purchase though.



This. Totally blows for providers that have invested billions in cloud infra. but its going to be great if you buy AMD servers at work! Now your IT dept will have more budget! Always a silver lining


----------



## birdie (Jan 2, 2018)

Meanwhile I'm so happy I haven't bought the 5th generation Sandy Bridge CPU aka Coffee Lake.


----------



## GC_PaNzerFIN (Jan 2, 2018)

Very interesting reading. The "rowhammer" type attacks that manipulate protected memory addresses by massively accessing same adjacent physical row(s) in DRAM to cause eventually random bit errors on the target address containing access right controls. This doesn't happen normally, because you are not accessing all the time same memory addresses as fast as you possibly could. Recent years have provided mitigations which make it way more difficult to locate potential target addresses too. 

https://www.tugraz.at/en/tu-graz/se...rticle/wenn-rowhammer-nur-noch-einmal-klopft/


----------



## Solaris17 (Jan 2, 2018)

GC_PaNzerFIN said:


> Very interesting reading. The "rowhammer" type attacks that manipulate protected memory addresses by massively accessing same adjacent physical row(s) in DRAM to cause eventually random bit errors on the target address containing access right controls. This doesn't happen normally, because you are not accessing all the time same memory addresses as fast as you possibly could. Recent years have provided mitigations which make it way more difficult to locate potential target addresses too.
> 
> https://www.tugraz.at/en/tu-graz/se...rticle/wenn-rowhammer-nur-noch-einmal-klopft/



Yeah this is cool stuff, I think you could even trigger "corruption" on SSDs doing s similar technique but I dont have the article handy.


----------



## biffzinker (Jan 2, 2018)

Solaris17 said:


> Yeah this is cool stuff, I think you could even trigger "corruption" on SSDs doing s similar technique but I dont have the article handy.


_"We use our knowledge of existing reliability mechanisms in SSDs (including ECC), to show that the attack primitive an attacker can obtain from MLC NAND flash weaknesses is a coarse granularity corruption: unlike in rowhammer, where the attacker can flip a single bit, in the case of this attack the attacker can only corrupt one block of data,” the researchers wrote. “We then show that this weaker attack primitive (when compared to flipping individual bits, which provides a higher level of control to the attacker) is nevertheless sufficient to mount a local privilege escalation attack."_

https://threatpost.com/rowhammer-attacks-come-to-mlc-nand-flash-memory/127504/


----------



## trparky (Jan 2, 2018)

*I have made edits to my post, re-read if you have read my previous post.*



Solaris17 said:


> This won't affect consumers or casual labbers with hyper-v enabled on there home machines. I've been following this and this is seems exclusive to big virtual farms not bare-metal installs.
> 
> no 3dmark scores going down im afraid. We also dont know what "35%" performance drop means either since this info is just from linux users and not windows fleets.





Solaris17 said:


> Not really, this is specific to virtualization. So unless you own a AWS compute farm your probably not going to shut off windows ervices in task manager any time soon to boost your FPS in fallout 4.


Incorrect. The key word is "virtual" not virtualization, as in "virtual memory" which is used just about every where. If you launch notepad, you have used virtual memory. If you use Firefox, you have used virtual memory. The idea is that every single program you have running on your computer is given its own memory space that's completely separate from other programs running on the same system. It's how two programs can write to 0x000012DF, the exact same memory address, and not have the memory clobbered because the OS translates that virtual address space to something else.

*



			Bad news: the software mitigation is expensive
		
Click to expand...

*


> The primary reason for the old Linux behavior of mapping kernel memory in the same page tables as user memory is so that when the user’s code triggers a system call, fault, or an interrupt fires, it is not necessary to change the virtual memory layout of the running process.
> 
> Since it is unnecessary to change the virtual memory layout, it is further unnecessary to flush highly performance-sensitive CPU caches that are dependant on that layout, primarily the Translation Lookaside Buffer.
> 
> With the page table splitting patches merged, it becomes necessary for the kernel to flush these caches every time the kernel begins executing, and every time user code resumes executing. For some workloads, the effective total loss of the TLB lead around every system call leads to highly visible slowdowns.



*



			Impact
		
Click to expand...

*


> It is understood the bug is present in modern Intel processors produced in the past decade. It allows normal user programs – from database applications to JavaScript in web browsers – to discern in some way the contents of protected kernel memory.
> 
> The fix is to separate the kernel's memory completely from user processes using what's called Kernel Page Table Isolation, or KPTI. At one point, Forcefully Unmap Complete Kernel With Interrupt Trampolines, aka FUCKWIT, was mulled by the Linux kernel team, giving you an idea of how annoying this has been for the developers.
> 
> ...


This has the potential to effect even your common every day desktop computer especially if you are multitasking heavily since this patch pretty much forces far more processor context switches which is very processor intensive to do, it's computationally expensive.


----------



## Solaris17 (Jan 3, 2018)

trparky said:


> *I have made edits to my post, re-read if you have read my previous post.*
> 
> 
> 
> ...



Totally missed that! Your right, this will affect consumer end machines then. It also really puts into perspective why AWS and cloud platforms will take a massive performance penalty given that those clusters utilize so much addressing for virtual processes. Let’s hope the fix isn’t too expensive. We as of yet have not had to deal with real world results.

Fingers crossed until the embargo lifts!


----------



## trparky (Jan 3, 2018)

I imagine it will depend upon how many processes are running on the system, the more processes you have running the more context switches from user to kernel and then back again you have thus incurring a higher overhead. Your typical desktop system will be impacted by this, there is no doubt in my mind that they will be. Obviously not to the extent that massive cloud computing clusters will be impacted but desktops will be impacted just not as severely.

It will be interesting to see the before and after benchmarks to see how much of an impact this security patch has on everyday systems. It would be hilarious if all the recent improvements Intel has made over the last couple of years were suddenly eaten up by this required kernel patch.


----------



## Solaris17 (Jan 3, 2018)

trparky said:


> I imagine it will depend upon how many processes are running on the system, the more processes you have running the more context switches from user to kernel and then back again you have thus incurring a higher overhead. Your typical desktop system will be impacted by this, there is no doubt in my mind that they will be. Obviously not to the extent that massive cloud computing clusters will be impacted but desktops will be impacted just not as severely.
> 
> It will be interesting to see the before and after benchmarks to see how much of an impact this security patch has on everyday systems.



Hm I think it would need to be purely synthetic it might be easy for joe smith to control his start up programs but more difficult to control the open thread handles on the system.

Still maybe that still would be a good test, I mean for a lot of us the 3DMark score is what would matter anyway.


----------



## biffzinker (Jan 3, 2018)

Is it the speculative execution plus translation lookaside buffer (TLB) causing unprivileged code to access private memory addresses the issue I understood it as?


----------



## trparky (Jan 3, 2018)

I also imagine that those of us with older (and slower) Intel processors will be impacted more so than those who have newer (and faster) Intel processors since the overhead won't be quite so severe.


----------



## xkm1948 (Jan 3, 2018)

Probably very bad for old HPC clusters, like in Universities.


----------



## Solaris17 (Jan 3, 2018)

biffzinker said:


> Is it the speculative execution plus translation lookaside buffer (TLB) causing unprivileged code to access private memory addresses the issue I understood it as?



I'm not sure to be honest with you, I have to read a bit more into it. I was reading it as I was clocking out. I just got home.



trparky said:


> I also imagine that those of us with older (and slower) Intel processors will be impacted more so than those who have newer (and faster) Intel processors since the overhead won't be quite so severe.



Possibly, im not sure of the math behind it. I would imagine newer high core count CPUs would suffer more only because the resource exhaustion points are higher. However, im not sure if that slow down would be linear, IE a core 2 duo suffers 30% but a 12 thread coffee lake also suffers 30% because utilization might be relative given a systems resources. What do you think?


----------



## EarthDog (Jan 3, 2018)

Solaris17 said:


> Not really, this is specific to virtualization. So unless you own a AWS compute farm your probably not going to shut off windows ervices in task manager any time soon to boost your FPS in fallout 4.


Indeed.

Not good for Intel in the data center space. Im wondering if huge companies like AWS(ec2 etc) or or MS(Azure) can then sue. De0ending on how this supppsed 35% affects what loads... that could be a big hit in the short term in overhead/thresholds...load balancing to maintain performance and having to open up more cpu to each vm whose loads are affected...


----------



## xkm1948 (Jan 3, 2018)

Yep, just talked to the University admin of HPC, the entire cluster will be taken offline for this update at the end of this week. Considering all the runs already piled up it is very bad for most researchers. 

FYI it uses Haswell-EP, a 20c40t varient CPU


----------



## Solaris17 (Jan 3, 2018)

EarthDog said:


> Indeed.
> 
> Not good for Intel in the data center space. Im wondering if huge companies like AWS(ec2 etc) or or MS(Azure) can then sue. De0ending on how this supppsed 35% affects what loads... that could be a big hit in the short term in overhead/thresholds...load balancing to maintain performance and having to open up more cpu to each vm whose loads are affected...



There may be ways around it and performance may get better, as I understand it there are two theoretical ways with dealing with the problem.

1: You can simply not patch or disable the work around in the kernel which means you would have to protect yourself higher up the chain.

2: it doesnt seem to be "my PC is upto 30% slower" its that the transactions with virtual memory maybe upto 30% slower. Which might be mitigated by smart coding and requiring less calls to protected kernel space.


----------



## trparky (Jan 3, 2018)

Solaris17 said:


> Which might be mitigated by smart coding and requiring less calls to protected kernel space.


Context switches from user to kernel and back again have always been a performance hit since the beginning of it all, this issue just adds 30% more to that performance hit. Reducing the need to go to the kernel to do something can and will put a bandaid on it and reduce the context switch overhead but this of course will require more intelligent programming on the behalf of the developers. Unfortunately not all developers are made equal. Some can write clean code, others... not so much.


----------



## cdawall (Jan 3, 2018)

Solaris17 said:


> There may be ways around it and performance may get better, as I understand it there are two theoretical ways with dealing with the problem.
> 
> 1: You can simply not patch or disable the work around in the kernel which means you would have to protect yourself higher up the chain.
> 
> 2: it doesnt seem to be "my PC is upto 30% slower" its that the transactions with virtual memory maybe upto 30% slower. Which might be mitigated by smart coding and requiring less calls to protected kernel space.



I think we are going to see a lot of number one being done.


----------



## EarthDog (Jan 3, 2018)

Solaris17 said:


> There may be ways around it and performance may get better, as I understand it there are two theoretical ways with dealing with the problem.
> 
> 1: You can simply not patch or disable the work around in the kernel which means you would have to protect yourself higher up the chain.
> 
> 2: it doesnt seem to be "my PC is upto 30% slower" its that the transactions with virtual memory maybe upto 30% slower. Which might be mitigated by smart coding and requiring less calls to protected kernel space.


it will be interesting to see how its dealt with... i need to call my peeps still at AWS...


----------



## FireFox (Jan 3, 2018)

Intel FANBOY HERE and the matter doesn't touch/bother me at all


----------



## Solaris17 (Jan 3, 2018)

EarthDog said:


> it will be interesting to see how its dealt with... i need to call my peeps still at AWS...



Same! This is super cool shit its what I live for, I'm anxious for the embargo to lift so we can see what had to happen and how its being dealt with, all we have to go on is back tracking upstream kernel commits for *nix which paints the picture for certain, but I want to know what color its going to be. At this point more changes for better or for worse can be committed, however I do admit if they are being approved upstream we may well be seeing what will hit the general public, atleast in linux land.


----------



## biffzinker (Jan 3, 2018)

You say that now @Knoxx29 until the kernel patch drops for Linux/Windows. Wonder when this shows for next patch Tuesday?


----------



## FireFox (Jan 3, 2018)

biffzinker said:


> You say that now @Knoxx29 until the kernel patch drops for Linux/Windows. Wonder when this shows for next patch Tuesday?



If my CPU runs DOOM and FIFA 2018 i am fine

Note: Life is just one and for sure this little thing is not going to make me crazy or not let sleep at night, there are more important things in life to worry about.


----------



## biffzinker (Jan 3, 2018)

I was never worried about this latest hardware errata. Already lost TSX support for my 4790K through micocode update. What else could possibly cripple it?


----------



## eidairaman1 (Jan 3, 2018)

@biffzinker way to go bro, you were faster on the draw of this news than our own moderators here


https://www.techpowerup.com/forums/...ug-affecting-datacenters.240174/#post-3777360


----------



## biffzinker (Jan 3, 2018)

eidairaman1 said:


> @biffzinker way to go bro, you were faster on the draw of this news than our own moderators her


Actually ColeLT1 at the Tech Report forums deserves credit.


----------



## R-T-B (Jan 3, 2018)

cdawall said:


> As technically advanced as modern cpus are I am astonished more like this isn't found from both sides. AMD had an errata with zen already that they managed to fix right before release this popping up makes me curious if they actually fixed it.



Do you remember my thread?  They didn't.  It stretched well into release.

https://www.techpowerup.com/forums/...s-linux-performance-marginality-issue.237195/


----------



## eidairaman1 (Jan 3, 2018)

This doesn't bode well on any level, lets not minimize this but actually call it what it really is, a major flaw in intels arcitecture.

More news here
https://www.techpowerup.com/forums/...ded-from-intel-vt-flaw-kernel-patches.240187/


----------



## P4-630 (Jan 3, 2018)

biffzinker said:


> 63% performance hit on Skylake i7-6700, and 49% on EPYC 7601 with patch active.
> https://www.computerbase.de/2018-01/intel-cpu-pti-sicherheitsluecke/



Sorry but where did you read "i7-6700"?
I only found "Core i7-4600U" on that page...

Ok found it on: https://nl.hardware.info/nieuws/547...s-leidt-tot-fors-prestatieverlies-bij-servers
If it's even relevant.


----------



## biffzinker (Jan 3, 2018)

Your right @P4-630 I assumed it was a i7-6700 as reported.


----------



## eidairaman1 (Jan 3, 2018)

I smell a class action suit for misrepresenting and allowing a flawed product line to be pushed on users since 2007.


----------



## Deleted member 172152 (Jan 3, 2018)

cdawall said:


> As technically advanced as modern cpus are I am astonished more like this isn't found from both sides. AMD had an errata with zen already that they managed to fix right before release this popping up makes me curious if they actually fixed it.


Yes they have: they fixed many things in the microcode and any faulty processors were replaced I believe (for the linux bug). AMD made a mistake and fixed it IMMEDIATELY, whereas Intel can and will not!!!! Ten years worth of processors will have to be replaced to fix this!

EDIT: not all gamers will be affected it seems. https://www.phoronix.com/scan.php?page=news_item&px=x86-PTI-Initial-Gaming-Tests
Maybe coffee lake has a fix or maybe vega just doesn't rely on the cpu enough The comment section is really interesting. If the 6700k is affected though, I'll hazard a guess the 7700k is too and only the newest CPU's aren't affected too much if at all. That would make the lawsuits much more interesting, since that would mean Intel figured out there was a major flaw and NEVER told anyone!


----------



## Ahhzz (Jan 3, 2018)

Solaris17 said:


> This guy gets it.
> 
> Same, from what I'v seen this might be close-ish to the AMB TLB bug back in the day. I dont remember anyone crying over there FX CPU performance back then and that software workaround IIRC is in windows to this day.


I thought the problem was not the slowdown, or what the vulnerability did, but the end result is a patch that will reduce processor speeds under load by 5%-30%?
https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/


Spoiler



The fix is to separate the kernel's memory completely from user processes using what's called Kernel Page Table Isolation, or KPTI. At one point, Forcefully Unmap Complete Kernel With Interrupt Trampolines, aka FUCKWIT, was mulled by the Linux kernel team, giving you an idea of how annoying this has been for the developers.

Whenever a running program needs to do anything useful – such as write to a file or open a network connection – it has to temporarily hand control of the processor to the kernel to carry out the job. To make the transition from user mode to kernel mode and back to user mode as fast and efficient as possible, the kernel is present in all processes' virtual memory address spaces, although it is invisible to these programs. When the kernel is needed, the program makes a system call, the processor switches to kernel mode and enters the kernel. When it is done, the CPU is told to switch back to user mode, and reenter the process. While in user mode, the kernel's code and data remains out of sight but present in the process's page tables.

Think of the kernel as God sitting on a cloud, looking down on Earth. It's there, and no normal being can see it, yet they can pray to it.

These KPTI patches move the kernel into a completely separate address space, so it's not just invisible to a running process, it's not even there at all. Really, this shouldn't be needed, but clearly there is a flaw in Intel's silicon that allows kernel access protections to be bypassed in some way.

The downside to this separation is that it is relatively expensive, time wise, to keep switching between two separate address spaces for every system call and for every interrupt from the hardware. These context switches do not happen instantly, and they force the processor to dump cached data and reload information from memory. This increases the kernel's overhead, and slows down the computer.


----------



## FireFox (Jan 3, 2018)

Dont cry that much people, the solution is around the corner *Ice lake*


----------



## Solaris17 (Jan 3, 2018)

Ahhzz said:


> I thought the problem was not the slowdown, or what the vulnerability did, but the end result is a patch that will reduce processor speeds under load by 5%-30%?
> https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
> 
> 
> ...



Thats the slow down we are talking about. The increased time in transactions.


----------



## Space Lynx (Jan 3, 2018)

So let me guess this straight.  Intel has known about this since November according to this article https://www.techspot.com/news/72550...und-almost-all-intel-cpus.html#commentsOffset 

Intel cashes out on Coffee Lake.

CEO's sale stock of Intel at end/beginning of new year.

and Windows 10, Intel, Nvidia, all have DRM dibs on HDR for Netflix.   that monopoly sure is yummy.


I am going Vega 2 and Ryzen 2 this year. Enough is enough. HDR can suck it. AMD just announced a new hotfix will fix older SAGE DX9 games to working again despite all the uproar about it. AMD is for gamers and always has been, they just struggle with the cash flow. I'm fine with taking a performance hit, screw this crap Intel is pulling. Nvidia isn't so bad, but eh the telemetry increase in their drivers for the last 6 months is a little more than iffy imo.


----------



## R0H1T (Jan 3, 2018)

lynx29 said:


> So let me guess this straight.  Intel has known about this since November according to this article https://www.techspot.com/news/72550...und-almost-all-intel-cpus.html#commentsOffset
> 
> Intel cashes out on Coffee Lake.
> 
> ...


Intel's known about this longer, the patchwork for Linux started around that time or even earlier. There's lots of rotten fishes in this mess, hope they get caught though.





> By *Jonathan Corbet*
> November 15, 2017
> 
> *All told, KAISER has the look of a patch set that has been put onto the fast track*. *It emerged nearly fully formed and has immediately seen a lot of attention from a number of core kernel developers. Linus Torvalds is clearly in support of the idea, though he naturally has pointed out a number of things that, in his opinion, could be improved. *Nobody has talked publicly about time frames for merging this code, but 4.15 might not be entirely out of the question.


https://lwn.net/Articles/738975/


----------



## cdawall (Jan 3, 2018)

R-T-B said:


> Do you remember my thread?  They didn't.  It stretched well into release.
> 
> https://www.techpowerup.com/forums/...s-linux-performance-marginality-issue.237195/


I actually hadn't seen that. I had a binned ryzen chip when testing so I probably would have never seen the issue.


----------



## Bill_Bright (Jan 3, 2018)

cdawall said:


> Sounds like a bunch of people will be screaming how great amd is here shortly, for a bug that affects basically no one on the forum. Lol


Yeah, that's bad enough - there are already posters claiming nefarious motives by Intel here.   

Others are criticizing Intel for being secretive about this. Of course they are be secretive. In any security situation (not just computer security) you don't go blabber-mouthing your vulnerabilities to the world letting the bad guys know your weaknesses.

But forum posters are not the ones I am really worried about. It is the _wannabe "journalists"_  - cough cough, choke choke - in the IT press (and their parrot followers) who will blow it all out of proportion with exaggerated or even false claims. Look at that The Register article from posts #13 and #20 above. They claim the flaw "_has forced a significant redesign of the Linux and Windows kernels_".

_Significant_ redesign? Come on! There are over 30 million lines of code in Windows. Fixing bugs often takes a little as flipping one "bit" (once that bit is found - often a challenge in itself). It is the testing after that is significant! 

Are there any, even one report this bug has been exploited? I don't think so. 

So I say lets wait and see what happens before passing judgement on a topic we (1) likely don't have the expertise to fully understand and (2) don't yet have the full details of the vulnerabilities (and how they affect us) or the fix.


----------



## FireFox (Jan 3, 2018)

cdawall said:


> Sounds like a bunch of people will be screaming how great amd is here shortly,



That wont never happen even if they cut a 50% of performance from my Chip


----------



## R-T-B (Jan 3, 2018)

Knoxx29 said:


> That wont never happen even if they cut a 50% of performance from my Chip



We all know Knoxx that you'd still buy intel even if they took you to potato-pc levels...


----------



## FireFox (Jan 3, 2018)

R-T-B said:


> We all know Knoxx that you'd still buy intel even if they took you to potato-pc levels...



You got it right Bro


----------



## dont whant to set it"' (Jan 3, 2018)

I'd like to think that I've got a fix but... after these 3 suspension marks I leave it to your imagination; funny story ends.


----------



## ensabrenoir (Jan 3, 2018)

....not the way to start the year off...blue team cant catch a break.


----------



## FireFox (Jan 3, 2018)

ensabrenoir said:


> blue team cant catch a break.



That is why their name is Intel


----------



## RejZoR (Jan 3, 2018)

I hope they won't nerf older generations that aren't broken as well with the "patch" just so they could shill the 9th generation of CPU's that has the flaw fixed. If they do this I don't think I'll ever buy anything from Intel ever again.


----------



## R-T-B (Jan 3, 2018)

Hugh Mungus said:


> Yes they have: they fixed many things in the microcode and any faulty processors were replaced I believe (for the linux bug).



Don't be so optimistic.

Most of the Ryzen non-TR processors running around and even some still for sale suffer from the linux bug.

It's actually rare to see one without it.  Usually, if you got one, it's because it's hot off the line, or you complained like me, and likely had no pc for 2-weeks/months



RejZoR said:


> I hope they won't nerf older generations that aren't broken as well with the "patch" just so they could shill the 9th generation of CPU's that has the flaw fixed. If they do this I don't think I'll ever buy anything from Intel ever again.



It goes back to Core Duo series man...


----------



## biffzinker (Jan 3, 2018)

Solaris17 said:


> This guy gets it.
> 
> Same, from what I'v seen this might be close-ish to the AMB TLB bug back in the day. I dont remember anyone crying over there FX CPU performance back then and that software workaround IIRC is in windows to this day.


It wasn't FX but the first Phenom series such as Phenom X4 9500.


R-T-B said:


> It goes back to Core Duo series man...


Some are suggesting it goes all the way back to the Pentium Pro?


----------



## Vya Domus (Jan 3, 2018)

Bill_Bright said:


> Others are criticizing Intel for being secretive about this. Of course they are be secretive. In any security situation (not just computer security) you don't go blabber-mouthing your vulnerabilities to the world letting the bad guys know your weaknesses.



So you wait whilst doing nothing until the whole thing just can't be kept under the rug anymore even though the "bad guys" would already know about it ? Of course , I suppose.


----------



## OfficerTux (Jan 3, 2018)

Have you read the offical statement from Intel yet?

I am not sure what to make of it, this is probably the most interesting part:



> Recent reports that these exploits are caused by a “bug” or a “flaw” and *are unique to Intel products are incorrect*. Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.
> 
> Intel is committed to product and customer security and is* working closely with many other technology companies, including AMD, ARM Holdings* and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively.


----------



## Vya Domus (Jan 3, 2018)

Blo3der-Kuh said:


> Have you read the offical statement from Intel yet?
> 
> I am not sure what to make of it, this is probably the most interesting part:



It's just a bit of damage control on their part. They are insinuating there are similar vulnerabilities in many other processors but they aren't referring to this one in particular, which might very well be true.


----------



## biffzinker (Jan 3, 2018)

Vya Domus said:


> It's just a bit of damage control on their part.


I read it more as deflect the attention away from Intel, and claim other companies are at fault.


----------



## EarthDog (Jan 3, 2018)

Some testing in linux... not sure how that translate to windows though. Seems like the testing up top is brutal. Good news for most tpu readers that the consumer loads, encoding and compiling, didnt show a difference.
https://www.phoronix.com/scan.php?page=article&item=linux-415-x86pti&num=2

There's also a link at the bottom showing zero difference in games. 

Again... not sure how this translates to windows... that top part is rough though. DC and cloud providers are going to take a beating. 


Intel also responded, saw this in another thread here, and said there are a lot of rumors out as far as performance hits go, it will be fixed, and improvements to performance will happen over time.


----------



## OfficerTux (Jan 3, 2018)

Computer Base also has some Windows tests done using a Win10 Insider Preview which has the fix enabled.

Full article here in German, charts below. Graphics card used for AC: Origins was a GTX 1080 Ti.



Performance loss is only marginal in most cases, M.2 SSD performance does take quite a hit though. The loss in AC: Origins is at least measurable (~3%), but only when the CPU is bottlenecking (low details, high FPS).


----------



## EarthDog (Jan 3, 2018)

From twitter... ARM is affected.

Intel saying its nkt an arch flaw but a side attack, w/e that means...


__ https://twitter.com/i/web/status/948654425824022530

From google...
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html?m=1

A takeaway...."To take advantage of this vulnerability, an attacker first must be able to run malicious code on the targeted system."

Need to be able to fet in the front door before you can steal from the bedroom it appears..


----------



## Vya Domus (Jan 3, 2018)

Speculative execution always came with this concern/vulnerability. I do not think this is the exact same issue Intel is dealing with.


----------



## EarthDog (Jan 3, 2018)

Why do you think that? Google said...

"We are posting before an originally coordinated disclosure date of January 9, 2018 because of existing public reports and growing speculation in the press and security research community about the issue, which raises the risk of exploitation. The full Project Zero report is forthcoming."

Maybe this intel thing is pushing something  unrelated under the rug as i havent seen any other major issue which would cause an announcement to move up by 4 days. They do say "the issue" immediately after 'existing public reports' and 'growing speculation by media'....


----------



## R-T-B (Jan 3, 2018)

If there is an ARM issue, I wonder if the AMD PSP is vulnerable, being it is ARM based...


----------



## Vya Domus (Jan 3, 2018)

EarthDog said:


> Why do you think that?



ARM is fundamentally different from X86_64 ? They also mention how only certain high end processors have this vulnerability , talking probably about cores such as the A72 which have out-of-order execution and dynamic branch predictor. Their problem seems related more to that particular aspect rather than anything else.

Their statement is as cryptic and vague as expected.


----------



## notb (Jan 3, 2018)

Blo3der-Kuh said:


> Computer Base also has some Windows tests done using a Win10 Insider Preview which has the fix enabled.
> 
> Full article here in German, charts below.


If true, I can live with that. 
Waiting for the final update and results on servers.



R-T-B said:


> If there is an ARM issue, I wonder if the AMD PSP is vulnerable, being it is ARM based...


Even if, is there any security risk at all? Putting a theoretical gov backdoor aside, I don't think you can access PSP from the OS level. Plus, PSP can access the whole RAM by design, so it's not like this flaw would change much.


----------



## R-T-B (Jan 3, 2018)

Vya Domus said:


> ARM is fundamentally different from X86_64 ?



Not really when talking about concepts like rings, virtualization, and page tables. They are quite similar there. It would not surprise me if ARM holdings back in the day licensed vt-d from intel...


----------



## Vya Domus (Jan 3, 2018)

Yes but my point was from what they said it seems related to other aspects. Maybe I am just looking too much into it and it really is the same issue.


----------



## OfficerTux (Jan 3, 2018)

So Google has just published their research on the matter. Actually there are three kinds of problems which were identified:

Variant 1: bounds check bypass
Variant 2: branch target injection
Variant 3: rogue data cache load
Variant 3 is called *Meltdown*, while 1 and 2 are called *Spectre*. 

From what I have read so far AMD processors actually are save at least for Variant 3 which is the one the Linux and Windows Kernels are getting patched for with PTI (page table isolation).

Variant 1 seems to be a problem for all Vendors, but is already fixed or easily fixed by OS updates with negligible performance impact.

Variant 2 seems to be the biggest problem and will need some time to get fixed, although AMD claims they are not affected according to this post by Ryan Shrout.

Edit: Some more information on the bugs called Meltdown and Spectre.


----------



## IceScreamer (Jan 3, 2018)

Apparenty, the guys who wrote this paper, https://spectreattack.com/spectre.pdf , also found that AMD chips are affected, to a degree.
Though, they talk about different types of attacks, Spectre and Meltdown. From what I've gathered, Meltdown is the "big" one and it affects Intel only, Spectre affects all.
Someone more knowledgeable, or with better reading comprehension can/will learn more.

EDIT: This appears to be a similar research to the one @Blo3der-Kuh posted.


----------



## Frag_Maniac (Jan 3, 2018)

As far as I can tell, the only way this will affect my plans of an 8700k is positively. AMD will likely get some needed sales back, which may force Intel to be more competitive on pricing. I've already noticed a recent drop in price from $405 to $390 at Newegg on the 8700k.

Performance wise I see this as a non issue on the latest CPUs, especially with balanced hardware spec. I'm actually more concerned about cell phone security, since I finally bit the bullet and decided to get one. Yeah I'm a retro grouch about some things, sue me.


----------



## OfficerTux (Jan 4, 2018)

Frag Maniac said:


> I'm actually more concerned about cell phone security



Yes, this is probably the biggest problem. According to Google you are safe when you are running Android with the January 2018 security patches installed. I hope Sony keeps up the pace with their updates for my XZ


----------



## Zyll Goliat (Jan 4, 2018)

LATEST NEWS!!! https://www.onmsft.com/news/microso...ddress-intel-amd-processors-security-concerns


----------



## EarthDog (Jan 4, 2018)

Moar....


__ https://twitter.com/i/web/status/948717216689807360
From amd...
https://www.amd.com/en/corporate/speculative-execution

MS Azure.. no impact... shocked about that...
https://azure.microsoft.com/en-us/blog/securing-azure-customers-from-cpu-vulnerability/


----------



## R-T-B (Jan 4, 2018)

EarthDog said:


> Moar....
> 
> 
> __ https://twitter.com/i/web/status/948717216689807360
> ...



Interesting.  All I ever saw demonstrated via high syscalls was a DoS attack that caused the machine to reboot...


----------



## notb (Jan 4, 2018)

EarthDog said:


> Moar....
> 
> From amd...
> https://www.amd.com/en/corporate/speculative-execution
> ...


So who exchanged Intel's for AMD's stocks today?


----------



## EarthDog (Jan 4, 2018)

People panicking and clueless? Not sure.


----------



## boise49ers (Jan 4, 2018)

I wouldn't scream AMD is better, because obviously it isn't for many reasons. Cheaper? Yes and I use my for gaming and does just fine for that. I don't run tests on speed of overclocking abilities or any of that crap. But what I use it for it handles perfect. Gaming and video editing mostly, oh and Internet of course.


----------



## Solaris17 (Jan 4, 2018)

EarthDog said:


> People panicking and clueless? Not sure.


 Guess you could say they were having a metldown


----------



## FireFox (Jan 4, 2018)

it seems that Intel has ruined AMD's Party


----------



## cakehunter (Jan 4, 2018)

About spectre 1 and BPF JIT

https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html

You can look in linux kernel documentatio what it is:
(IMO, not that useful stuff, like GRUB command line or kernel root console #)

https://www.mjmwired.net/kernel/Documentation/sysctl/net.txt

proc/sys/net/core - Network core options

bpf_jit_enable

This enables the BPF Just in Time (JIT) compiler. BPF is a flexible
and efficient infrastructure allowing to execute bytecode at various
hook points. It is used in a number of Linux kernel subsystems such
as networking (e.g. XDP, tc), tracing (e.g. kprobes, uprobes, tracepoints)
and security (e.g. seccomp). LLVM has a BPF back end that can compile
restricted C into a sequence of BPF instructions. After program load
through bpf(2) and passing a verifier in the kernel, a JIT will then
translate these BPF proglets into native CPU instructions. There are
two flavors of JITs, the newer eBPF JIT currently supported on:


----------



## R-T-B (Jan 4, 2018)

Knoxx29 said:


> it seems that Intel has ruined AMD's Party



Judging from the stock today, you kinda got that one backwards.

Probably short term, admittedly.


----------



## FireFox (Jan 4, 2018)

Now i am scared to update my Motherboard's Bios, maybe they want to trick me


----------



## Batou1986 (Jan 4, 2018)

The thing here is all these people jumping to say what is affected and what isn't didnt bother to read before clicking the publish button.
EVERYTHING is vulnerable to specter which can be fixed with a minor software patch that has little to no performance impact. "hopefully"
INTEL is vulnerable to meltdown which needs a software patch that definitely has a performance impact.

This is where the back and forth about what is effected and what isn't is coming from.
Here are your sources




https://meltdownattack.com/meltdown.pdf


----------



## kidchunk (Jan 4, 2018)

Batou1986 said:


> The thing here is all these people jumping to say what is affected and what isn't didnt bother to read before clicking the publish button.
> EVERYTHING is vulnerable to specter which can be fixed with a minor software patch that has little to no performance impact. "hopefully"
> INTEL is vulnerable to meltdown which needs a software patch that definitely has a performance impact.
> 
> ...



Thanks for the clarity it was needed, btw here is AMD's official Response...
link >>>  https://www.amd.com/en/corporate/speculative-execution


----------



## R-T-B (Jan 4, 2018)

Batou1986 said:


> EVERYTHING is vulnerable to specter which can be fixed with a minor software patch that has little to no performance impact.



That's not what I read about Specter.  According to my understanding, specter is inherently unfixable without hardware changes, because of how OoO execution works in most modern CPUs.


----------



## RejZoR (Jan 4, 2018)

R-T-B said:


> That's not what I read about Specter.  According to my understanding, specter is inherently unfixable without hardware changes, because of how OoO execution works in most modern CPUs.



Not true according to Google research team. Spectre1 affects all processors, but in AMD's case, only Linux kernels. Fix is possible from OS side. All Intel CPU's are affected and no fix is possible except for Meltdown, for which performance will degrade.

Which means AMD users on Windows are fine, on Linux they'll require fix for Spectre1. For the rest, the are not affected.


----------



## laszlo (Jan 4, 2018)

for those who think are affected there is a fix which work 100% - disconnect from internet 

but this fix has a 99% performance hit....no more pron ,movies, forum.... in a way wouldn't be bad as we'll have more direct social interaction ,as we had 20 years ago....i miss those times...., and kids won't grow-up with facebook and other personality wreaking apps...


----------



## Vya Domus (Jan 4, 2018)

RejZoR said:


> but in AMD's case, only Linux kernels.



Can't say I am an expert on the matter but from what I gathered this can occur on every OS.


----------



## TheoneandonlyMrK (Jan 4, 2018)

Solaris17 said:


> This. Totally blows for providers that have invested billions in cloud infra. but its going to be great if you buy AMD servers at work! Now your IT dept will have more budget! Always a silver lining


You say that but i imagine AMDs Epic sales guy is sweating, Amd run a tight ship, just how many server chips Could they ship, id be saying the likes of Cadvium might win some work but their arm core's could also be affected , this could actually finish up a few companies if it goes too bad.
Not good for the industry this I'm not likely to be impacted directly until i upgrade pc but we probably all will be eventually via costs.


----------



## Vya Domus (Jan 4, 2018)

theoneandonlymrk said:


> You say that but i imagine AMDs Epic sales guy is sweating



I wouldn't be so sure , there are plenty of people still convinced Intel is the only choice to make for servers even with their astronomically priced parts and this issue.


----------



## Zyll Goliat (Jan 4, 2018)

Some tests after the win 10 patch


----------



## FireFox (Jan 4, 2018)

Zyll Goliath said:


> Some tests after the win 10 patch



Is it that bad? Not at all.


----------



## jsfitz54 (Jan 4, 2018)

*SEE THE PATCH*: * https://www.bing.com/search?q=KB4056892&src=IE-SearchBox&FORM=IESR3A&pc=EUPP_*

*KB4056892*


----------



## R-T-B (Jan 4, 2018)

RejZoR said:


> Not true according to Google research team. Spectre1 affects all processors, but in AMD's case, only Linux kernels. Fix is possible from OS side. All Intel CPU's are affected and no fix is possible except for Meltdown, for which performance will degrade.
> 
> Which means AMD users on Windows are fine, on Linux they'll require fix for Spectre1. For the rest, the are not affected.



I guess I was simply misunderstanding the differentiation between spectre1 and spectre2.  So many bugs either way...  easy to get confused.  Thanks.


----------



## FireFox (Jan 4, 2018)

jsfitz54 said:


> *SEE THE PATCH*: * https://www.bing.com/search?q=KB4056892&src=IE-SearchBox&FORM=IESR3A&pc=EUPP_*
> 
> *KB4056892*



As i can see it has to be downloaded manually or am i wrong?


----------



## P4-630 (Jan 4, 2018)

Knoxx29 said:


> As i can see it has to be downloaded manually or am i wrong?



Well I got this update installed today on my w10 laptop via the usual windows updates: https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892


----------



## Sasqui (Jan 4, 2018)

Zyll Goliath said:


> Some tests after the win 10 patch



Good post and good news for us average Joe users and gamers.  Several benchmarks improved even.

Now we'll wait to see the verdict with VM's and servers...


----------



## FireFox (Jan 4, 2018)

P4-630 said:


> Well I got this update installed today on my w10 laptop via the usual windows updates: https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892



This is what i have so far and it was yesterday, nothing new today





Sasqui said:


> Good post and good news for us average Joe users and gamers. Several benchmarks improved even.



I saw the video and said WTF


----------



## THE_EGG (Jan 4, 2018)

Received my update and installed it a couple of hours ago. Performance doesn't seem to have taken a noticeable hit - so it's all g. 

A nice bonus is that it seems to have randomly fixed my audio device driver bug I've had for a couple of weeks.


----------



## R0H1T (Jan 4, 2018)

THE_EGG said:


> Received my update and installed it a couple of hours ago. Performance doesn't seem to have taken a noticeable hit - so it's all g.
> 
> A nice bonus is that it seems to have randomly fixed my audio device driver bug I've had for a couple of weeks.


Funny, my notebook's gone mute after the update


----------



## Bill_Bright (Jan 4, 2018)

FTR - it was reported these fixes and Windows Updates could potentially degrade performance with some processors up to 30%. I have not done any benchmarks to see how things look "on paper", but I can say I have "_perceived_" no performance degradation whatsoever with any of my systems. These include a variety of i3, i5 and i7 based platforms.


----------



## Zyll Goliat (Jan 4, 2018)

Sasqui said:


> Good post and good news for us average Joe users and gamers.  Several benchmarks improved even.
> 
> Now we'll wait to see the verdict with VM's and servers...


Yeah.....I still going to postpone this update a bit .....


----------



## FireFox (Jan 4, 2018)

Zyll Goliath said:


> Yeah.....I still going to postpone this update a bit .....



I have my Windows update disable for now.


----------



## FYFI13 (Jan 4, 2018)

Zyll Goliath said:


> Some tests after the win 10 patch


I also did quite a lot of benchmarking today and can't really see any noticeable differences. All results are within margin of error.


----------



## FireFox (Jan 4, 2018)

FYFI13 said:


> I also did quite a lot of benchmarking today and can't really see any noticeable differences. All results are within margin of error.



People were panicking without even knowing what was really happening and some others even were saying that they wouldn't buy an Intel CPU any more *ROFL*


----------



## Zyll Goliat (Jan 4, 2018)

FYFI13 said:


> I also did quite a lot of benchmarking today and can't really see any noticeable differences. All results are within margin of error.


Ohh sure I don´t think this will impact ordinary users,however it might be different with the Servers and VM......anyway I am always skeptical with any win update


----------



## Sasqui (Jan 4, 2018)

Knoxx29 said:


> People were panicking without even knowing what was really happening and some others even were saying that they wouldn't buy an Intel CPU any more *ROFL*



History tends to repeat itself.  Intel has been here before.


----------



## FYFI13 (Jan 4, 2018)

Knoxx29 said:


> People were panicking without even knowing what was really happening LOL


Can't blame them, some "journalists" did really good job at turning it into a big thing. I can bet if this patch was pushed through WU silently, regular (heck, even advanced) users wouldn't even know what happened.



Zyll Goliath said:


> Ohh sure I don´t think this will impact ordinary users,however it might be different with the Servers and VM......anyway I am always skeptical with any win update


After i finished all benchmarking, i wiped my spare SSD and installed this patch on all PC's at home. I see no reasons for home users to not install this patch. Everything works just as it did before.


----------



## TheoneandonlyMrK (Jan 4, 2018)

Knoxx29 said:


> People were panicking without even knowing what was really happening and some others even were saying that they wouldn't buy an Intel CPU any more *ROFL*


It's also a security issue, the performance of crysis isn't the only issue.


----------



## R0H1T (Jan 4, 2018)

Knoxx29 said:


> People were panicking *without even knowing what was really happening* and some others even were saying that they wouldn't buy an Intel CPU any more *ROFL*


If you care about your privacy or security, even in the cloud, then meltdown should scare the heck out of you! This so so much worse that the 5 fps lost during gaming!


----------



## FireFox (Jan 4, 2018)

R0H1T said:


> then meltdown should scare the heck out of you!



It doesn't scare me at all.

As long as i can i will avoid installing any updates


----------



## Bill_Bright (Jan 4, 2018)

Knoxx29 said:


> It doesn't scare me at all.


Me either. What scares me is the poor and unethical reporting by some bloggers and tech sites and their highly exaggerated, blown _way_ out of proportion claims. And what scares me is readers who automatically believed those exaggerated reports, or worse, parrot those reports without doing their homework. 

Was the bug bad? Sure. Was it exploited? There's no evidence of that. Microsoft has already released a patch. Has it degraded everyone's performance by 30% as claimed by those headline seeking bloggers and [cough cough, choke choke] "journalists"  in the IT press. No.


----------



## FireFox (Jan 4, 2018)

Wise words


----------



## trparky (Jan 4, 2018)

And we have some benchmarks from a reputable reviewer on YouTube, Steve from Hardware Unboxed who's associated with TechSpot.com.





TLDW (Too long, didn't watch)

Gaming benchmarks appear to be all within a margin of error according to Steve's benchmarks after the emergency Windows 10 patch. VeraCrypt and 7ZIP compression/decompression also show no signs of significant reduction in performance after the patch and all differences seem to be within a margin of error. The only thing that seems a bit worrying is the significant reduction (23%) in 4K Random Read Speeds on systems with SSDs so there is going to be a reduction in raw disk I/O performance.


----------



## Bill_Bright (Jan 4, 2018)

I even heard on Headline News this morning all those affected processors will have to be replaced!


----------



## RejZoR (Jan 4, 2018)

Replaced how? What fixed CPU am I suppose to place in my LGA2011v3 socket? But if I have to replace whole platform, i'ts going to be AMD even if Intel fixes everything.

What even is fixed with the above mentioned (tested) update exactly?


----------



## R-T-B (Jan 4, 2018)

Bill_Bright said:


> Has it degraded everyone's performance by 30% as claimed by those headline seeking bloggers and [cough cough, choke choke] "journalists"  in the IT press. No.



No one sensible should've been claiming anything but a 30% "IO penalty," which is quite different than an across the board "penalty."

I agree, the panic was unneccesary outside of people who are possibly datacenter admins (who rightly should apply this patch right away), but you know what sells news in most parts of the world unfortunately.

I pride myself on being the exception to that rule, even if my articles sometimes "miss out" because of it.


----------



## Bill_Bright (Jan 4, 2018)

RejZoR said:


> Replaced how? What fixed CPU am I suppose to place in my LGA2011v3 socket?


Exactly! LOL 

Bad reporting!


R-T-B said:


> No one sensible should've been claiming...


Sensible being the operative word. Actually, nobody should be claiming anything without empirical evidence through actual testing. And common sense should tell everyone not to believe (and especially not repeat) such claims without seeing proof of such testing.


R-T-B said:


> but you know what sells news in most parts of the world unfortunately.


Yeah. Sensationalized headlines.  Especially if they make popular person, place or thing, look bad.


----------



## cucker tarlson (Jan 4, 2018)

Everybody just keep your pants on. So far there seems to be no performance penalty on desktop computers. 4K random read decrease - I'm certainly not seeing that on my rig, it's actualy 5% faster. We'll have to see how the situation unfolds but at this point there's really not much to worry about for us, desktop users, let alone to change your CPU and crap your pants.


----------



## FireFox (Jan 4, 2018)

He is just panicking, poor thing lol


----------



## R-T-B (Jan 4, 2018)

The performance penalty everyone is worrying about is honestly the least of my concerns.

I'm more worried about the impacts this will have in the cloud where inevitably not every admin will apply patches, and thus your once secure data will be leaked somewhere.


----------



## cucker tarlson (Jan 4, 2018)

I've heard of the cloud but still don't know what it is. I defy anyone to tell me to worry about anything.
Oh I know, my savegames are on a cloud. Now I'm getting an ATARI.


----------



## Regeneration (Jan 4, 2018)

Most overrated security flaw ever. One must have access to the victim's PC to exploit it. There are a lot better local exploits than this. This is only a problem for host providers. The workaround seems to be worst than the vulnerability itself.

Call me if you find something like Windows NT/2K/XP DCOM vulnerability.


----------



## RejZoR (Jan 4, 2018)

cucker tarlson said:


> Everybody just keep your pants on. So far there seems to be no performance penalty on desktop computers. 4K random read decrease - I'm certainly not seeing that on my rig, it's actualy 5% faster. We'll have to see how the situation unfolds but at this point there's really not much to worry about for us, desktop users, let alone to change your CPU and crap your pants.



Yeah, but what is actually being fixed by the update in Windows? Just the Meltdown flaw since the other two are allegedly unfixable?


----------



## rtwjunkie (Jan 4, 2018)

Well according to this little write up, the temp fix will involve code to IE11 and Edge, and will slow things a bit (imperceptibly to normal users), with a *5-20ms* delay built in. 

I know the info was already put out, I was just adding for sake of the tiny delay, which is not much of a slowdown at all.

http://news.softpedia.com/news/wind...meltdown-spectre-on-version-1703-519219.shtml


----------



## biffzinker (Jan 4, 2018)

Applied the Windows patch last night from the Microsoft Catalog after @xkm1948 post in the other thread for KB4056892.

Also Ryu Connor over at the Techreport Forums posted: 


> https://support.microsoft.com/en-us/hel ... -kb4056891
> 
> Looks like the Microsoft Patch won't deploy unless your AV software is updated and adds a RegKey saying it's okay.
> 
> ...



Going by the other link in his post: Windows Client Guidance for IT Pros to protect against speculative execution side-channel vulnerabilities
Thought I'd check if protections were enabled by the patch, this what I got in Powershell using the module SpeculationControl. 
Good thing my Haswell CPU has PCID to lessen the performance impact?


----------



## jaggerwild (Jan 4, 2018)

GURU of 3D did a bunch of tests, showed little if any impact. Makes me laugh all the pissing n moaning that went on.


----------



## biffzinker (Jan 4, 2018)

rtwjunkie said:


> Well according to this little write up, the temp fix will involve code to IE11 and Edge, and will slow things a bit (imperceptibly to normal users), with a 5-20ms delay built in.
> http://news.softpedia.com/news/wind...meltdown-spectre-on-version-1703-519219.shtml



Also this from Microsoft: Mitigating speculative execution side-channel attacks in Microsoft Edge and Internet Explorer

Mozilla Security Blog - Mitigations landing for new class of timing attack


----------



## Fluffmeister (Jan 4, 2018)

trparky said:


> And we have some benchmarks from a reputable reviewer on YouTube, Steve from Hardware Unboxed who's associated with TechSpot.com.
> 
> 
> 
> ...



Here is the article up on TechSpot itself for those interested:

https://www.techspot.com/article/1554-meltdown-flaw-cpu-performance-windows/


----------



## Bill_Bright (Jan 4, 2018)

Windows antivirus patch compatibility


----------



## R0H1T (Jan 4, 2018)

jaggerwild said:


> GURU of 3D did a bunch of tests, showed little if any impact. Makes me laugh all the pissing n moaning that went on.


Yeah keep laughing 


> *SaturnusDK - Thursday, January 04, 2018 - link*
> So if I'm understanding this correctly then the Windows Update rolled out yesterday is not complete for Intel system before Intel have rolled out a microcode update as well? And if so, we cannot make performance impact tests before that happens?
> *Ryan Smith - Thursday, January 04, 2018 - link*
> It's looking that way. We've yet to find a system that shows as having hardware support for branch injection mitigation.


----------



## biffzinker (Jan 4, 2018)

So Intel microcode update delivered through Windows Update is on the way? I doubt Asus would bother with a update for older boards such as my Z97.


----------



## R0H1T (Jan 4, 2018)

biffzinker said:


> So Intel microcode update delivered through Windows Update is on the way? I doubt Asus would bother with a update for older boards such as my Z97.


This is for spectre (2) so a microcode update *may work* or it may not, considering it should also cover spectre variant 1. That's what Ryan is saying, there's no demonstrable exploit for Ryzen though *in theory* it might be vulnerable.


----------



## TheoneandonlyMrK (Jan 4, 2018)

Bill_Bright said:


> Me either. What scares me is the poor and unethical reporting by some bloggers and tech sites and their highly exaggerated, blown _way_ out of proportion claims. And what scares me is readers who automatically believed those exaggerated reports, or worse, parrot those reports without doing their homework.
> 
> Was the bug bad? Sure. Was it exploited? There's no evidence of that. Microsoft has already released a patch. Has it degraded everyone's performance by 30% as claimed by those headline seeking bloggers and [cough cough, choke choke] "journalists"  in the IT press. No.





Knoxx29 said:


> Wise words


Miggt be wiser to wait until it's proveably fixed instead of jumping on the opposite soap box and shouting it's all fine ,carry on.
Most do still use an email server Not in their own home, that's just one and my main concern regarding security outside my homes control.

I wouldn't want a performance hit of any kind like others but it's definitely the security issues that concerns me most, the bit about needing physical access assures me least as it's probably the easiest thing to work on a solution to if you're interested ie blackhat wearer and is also where a lot of work is being done (by many hacker teams)to mitigate the air gap safety.


----------



## Bill_Bright (Jan 4, 2018)

theoneandonlymrk said:


> instead of jumping on the opposite soap box and shouting it's all fine ,carry on.


For sure, nobody is suggesting all is fine. There is a problem. But are users, even cloud, corporate and server users at such risk as many in the IT media suggest? Heck no. As is typically the case with newly discovered vulnerabilities, those exaggerating the threats are ether totally ignorant or choose to ignore the very real-world fact the malicious code (which first must be developed) needed to exploit these vulnerabilities must some how bypass all the security measures already in place designed to thwart unknown, suspicious and malicious activities and "behavior". Then this code must execute or deliver its payload, and get away with the compromised undetected.

It is like telling someone not to leave a $20 bill on their dinning room table because it will get stolen, totally ignoring the fact the bad guy must somehow first get past the nosy neighbor, exterior security cameras, locked doors and windows, advanced security alarm system, and past the two rottweilers while he snatches the $20,  then make it out of the house and out of the neighborhood without getting bit or anyone noticing. 

Is it possible? Yes. Likely? Probably not.


----------



## jaggerwild (Jan 4, 2018)

No Windows update rolled out yesterday, the news only just broke..................For all I know your Ryan!!!! Why don't you list yer spec's?


----------



## Vayra86 (Jan 4, 2018)

theoneandonlymrk said:


> Miggt be wiser to wait until it's proveably fixed instead of jumping on the opposite soap box and shouting it's all fine ,carry on.
> Most do still use an email server Not in their own home, that's just one and my main concern regarding security outside my homes control.
> 
> I wouldn't want a performance hit of any kind like others but it's definitely the security issues that concerns me most, the bit about needing physical access assures me least as it's probably the easiest thing to work on a solution to if you're interested ie blackhat wearer and is also where a lot of work is being done (by many hacker teams)to mitigate the air gap safety.



Oh this isn't fine 

The best guess right now on an ETA for this to be fixed in a definitive sense, is probably two years at best. The fix has to be on an architectural (CPU design) level.

I'm quite up to speed but unfortunately the best most informative piece I've read was in Dutch. Still is worth a Google Translate, I suppose:

Squee's top comment.

https://tweakers.net/reviews/5939/l...ntwoord.html?showReaction=10996183#r_10996183

The gist of it is: even something as cute as a Javascript can now gain control of your system, read out anything you're doing, etc. That means: *you visit a website*, you can already pick up malware that just sits on your PC for a while until a specific process has been read out, it calls home, and you're compromised. Now consider the risk for a simple sys admin anywhere who runs a password manager.

So physical access is not at all required for this to work. What's more, consider the fact that all of our data is stored in the cloud right now. Your home PC is the least interesting target but think about crypto wallets, banking, etc.

Suffice to say, this is f'in huge.



Bill_Bright said:


> For sure, nobody is suggesting all is fine. There is a problem. But are users, even cloud, corporate and server users at such risk as many in the IT media suggest? Heck no. As is typically the case with newly discovered vulnerabilities, those exaggerating the threats are ether totally ignorant or choose to ignore the very real-world fact the malicious code (which first must be developed) needed to exploit these vulnerabilities must some how bypass all the security measures already in place designed to thwart unknown, suspicious and malicious activities and "behavior". Then this code must execute or deliver its payload, and get away with the compromised undetected.
> 
> It is like telling someone not to leave a $20 bill on their dinning room table because it will get stolen, totally ignoring the fact the bad guy must somehow first get past the nosy neighbor, exterior security cameras, locked doors and windows, advanced security alarm system, and past the two rottweilers while he snatches the $20,  then make it out of the house and out of the neighborhood without getting bit or anyone noticing.
> 
> Is it possible? Yes. Likely? Probably not.



You say that, but look at how many data leaks get reported and you can't possibly be convinced this won't go south at some point.


----------



## biffzinker (Jan 4, 2018)

jaggerwild said:


> No Windows update rolled out yesterday, the news only just broke..................For all I know your Ryan!!!! Why don't you list yer spec's?


The update is out, ask @P4-630 - already made post about getting the update through Windows Update eariler.


----------



## brandonwh64 (Jan 4, 2018)

> this is NOT just an Intel bug, *it affects AMD and ARM processors as well*



This effects a range of platforms, not just intel. This is a major issue that even the Gov sent our work security emails today warning us. Our personal security company also called to have a meeting about this issue. Here is a gov article explaining in more detail

https://isc.sans.edu/diary.html?utm...al&utm_source=twitter.com&utm_campaign=buffer


----------



## jaggerwild (Jan 4, 2018)

We gonna get money back? Yeah huge is the scope of people who are affected, I don't use VM'S or anything. But I do worry about what if anything is being "FIXED" on my computer, for all i know they will open a back door then. Sense I'm least affected by this news, Smmh!


----------



## EarthDog (Jan 4, 2018)

Premature lawsuit is premature, no? DO we have any idea what the performance hits are? We have seen some preliminary testing, but... in many cases, there isn't a hit (and others, significant). Seems like the chicken and the egg to me.


----------



## Vayra86 (Jan 4, 2018)

EarthDog said:


> Premature lawsuit is premature, no? DO we have any idea what the performance hits are? We have seen some preliminary testing, but... in many cases, there isn't a hit (and others, significant). Seems like the chicken and the egg to me.



It is premature and outright wrong because the way we handle branch prediction really is a uniform best practice in most performance oriented cpu architectures.


----------



## R-T-B (Jan 4, 2018)

Bill_Bright said:


> It is like telling someone not to leave a $20 bill on their dinning room table because it will get stolen, totally ignoring the fact the bad guy must somehow first get past the nosy neighbor, exterior security cameras, locked doors and windows, advanced security alarm system, and past the two rottweilers while he snatches the $20,  then make it out of the house and out of the neighborhood without getting bit or anyone noticing.
> 
> Is it possible? Yes. Likely? Probably not.



Bill, I like you, but you really don't understand this one.  This vulnerability, if allowed unchecked, is akin to being locked in a cage in a house with money, with the keys to cage in hand.

If you have a VM on the machine (and many VMs in the cloud share with rental providers), you can access any memory of any OTHER VM on the machine...  Yes, undetected, from within your own VM.  In other VMs memory, there are keys, passwords, certificates, and all these can be accessed unchecked.  That's how bad this is unpatched, and there is no exaggeration there.

In many ways, this is worse than heartbleed.  It will depend on how fast cloud providers deploy the fix how much damage is done, though.  That's the determining factor.

The performance penalty is exagerated.  The security implications are not.  Nor is the call of it being a "signifigant redesign of OS kernels."  After reading they basically ripped out the shared symbol file wholehog (a mainstay since the 90s) I'm actually inclined to agree with the media:  That's the biggest redesign in some time.


----------



## Solaris17 (Jan 5, 2018)

R-T-B said:


> Bill, I like you, but you really don't understand this one.  This vulnerability, if allowed unchecked, is akin to being locked in a cage in a house with money, with the keys to cage in hand.
> 
> If you have a VM on the machine (and many VMs in the cloud share with rental providers), you can access any memory of any OTHER VM on the machine...  Yes, undetected, from within your own VM.  In other VMs memory, there are keys, passwords, certificates, and all these can be accessed unchecked.  That's how bad this is unpatched, and there is no exaggeration there.
> 
> ...



This and might I add, the performance penalty is exaggerated for US, azure,aws,google farms have yet to feel the impact since these patches will require full node reboots. But those clusters dont word the way our desktops do.

EDIT:: I would also like too add, the real question is again, what are the performance implications for those this will actually affect? The answer is we will probably never know. Internal metrics are seldom announced or shared for competitive advantage. However MS isnt just going to let its Azure clusters fall on there face. They will task out more nodes to pick up the performance so customers dont see a thing. I would be very interested in that number though.


----------



## lexluthermiester (Jan 5, 2018)

brandonwh64 said:


> This effects a range of platforms, not just intel. This is a major issue that even the Gov sent our work security emails today warning us. Our personal security company also called to have a meeting about this issue. Here is a gov article explaining in more detail
> https://isc.sans.edu/diary.html?utm...al&utm_source=twitter.com&utm_campaign=buffer


This seems to have the greatest effect on enterprise level systems. But even on personal type devices there is risk. I'm betting this has already been exploited on some level in the wild. It wouldn't be surprising at all if there were governments around the world have do so. Apple's walled garden seems to have had a benefit though.


----------



## jaggerwild (Jan 5, 2018)

Will my smart phone be safe(not running windows, or IOS)? Is it a dumb phone now? Or just a phone, do I need to be running certain programs for it to be vulnerable? OK, I'll go read more links..........


----------



## lexluthermiester (Jan 5, 2018)

jaggerwild said:


> Will my smart phone be safe(not running windows, or IOS)? Is it a dumb phone now? Or just a phone, do I need to be running certain programs for it to be vulnerable?


If it's Android, root your phone, install a firewall[my personal fav is AFWall+] and don't let anything connect that does not need to. Then install an adblocker on your web browser and never turn it off. Get yourself in the habit of not leaving the phone connected to the internet 24/7. Making sure you stay away from websites that fall under the category of " IShouldn'tBeHere.Com " and you should be ok.
If you have a phone that you can't root, you can still use a non-root firewall that will still work well.


----------



## TheMailMan78 (Jan 5, 2018)

Damn casuals. Run VIA chips like real men!


----------



## lexluthermiester (Jan 5, 2018)

TheMailMan78 said:


> Damn casuals. Run VIA chips like real men!


VIA CPU's are also affected. Sorry, but "real men" are just as boned..


----------



## EarthDog (Jan 5, 2018)

Didnt google mention android wasnt affected? May want to check their statement...

..id link it, but im mobile.


----------



## lexluthermiester (Jan 5, 2018)

EarthDog said:


> Didnt google mention android wasnt affected? May want to check their statement...
> ..id link it, but im mobile.


When you get a chance, I'd like to read what you're referring to. According to brandonwh64's link and arctechnica; https://arstechnica.com/gadgets/201...odern-processor-has-unfixable-security-flaws/ , and a growing number of other sources, these problems will effect all CPU's with any level of execution prediction, which literally goes all the way back to the CPU's from the late 90's on. This is turning into some seriously scary stuff.

EDIT; found this; https://meltdownattack.com/
The info found there is very informative about the details of this set of problems.


----------



## FireFox (Jan 5, 2018)

EarthDog said:


> Premature lawsuit is premature, no? DO we have any idea what the performance hits are? We have seen some preliminary testing, but... in many cases, there isn't a hit (and others, significant). Seems like the chicken and the egg to me.



Many Journalist and Reviewers are just playing the Nostradamus's Game. Lol

Does anyone has the time to tell if this whole thing affect Intel's future CPU's?


----------



## Hood (Jan 5, 2018)

My 4790K system received the KB4056892 update from Windows earlier today, so I tested overall performance with Passmark Performance Test 9.0 a few minutes ago.  It tested out the same as always, maybe a tiny bit slower, but within margin of error.  It is still faster than 99% of all systems tested.  I'm not worried about it, and any Intel-bashing is not justified, in my opinion.


----------



## biffzinker (Jan 5, 2018)

Hood said:


> My 4790K system received the KB4056892 update from Windows earlier today, so I tested overall performance with Passmark Performance Test 9.0 a few minutes ago.  It tested out the same as always, maybe a tiny bit slower, but within margin of error.  It is still faster than 99% of all systems tested.  I'm not worried about it, and any Intel-bashing is not justified, in my opinion.


The full effect of Micrsoft's patch hasn't been felt yet until Intel pushes out a microcode/firmware update. The first half of the patch is still inactive.

*Branch Target Injection* is inactive without the necessary hardware support but *Rogue Data Cache Load* is flipped on.


----------



## Regeneration (Jan 5, 2018)




----------



## FireFox (Jan 5, 2018)

Regeneration said:


>



The sense of the Video?


----------



## biffzinker (Jan 5, 2018)

https://support.microsoft.com/en-us...ive-execution-side-channel-vulnerabilities-in


----------



## OfficerTux (Jan 5, 2018)

biffzinker said:


> View attachment 95560
> https://support.microsoft.com/en-us...ive-execution-side-channel-vulnerabilities-in



In other words: If Asus does not publish a BIOS update for my aged Z68 board, I am screwed anyway? Or is it possible to load microcode through windows updates?


----------



## biffzinker (Jan 5, 2018)

Blo3der-Kuh said:


> Or is it possible to load microcode through windows updates?


Yes it is possible, I'm curious myself if that's what will happen though. It's either Asus or Intel my bets on Intel unless Asus but doubt that'll happen.


----------



## Deleted member 163934 (Jan 5, 2018)

Blo3der-Kuh said:


> In other words: If Asus does not publish a BIOS update for my aged Z68 board, I am screwed anyway? Or is it possible to load microcode through windows updates?



https://labs.vmware.com/flings/vmware-cpu-microcode-update-driver#instructions

Even if the mb manufactures doesn't bother to update the microcode and microsoft doesn't bother to update the microcode loaded by windows you can still use a newer microcode in windows following the stuff in the link above, but we still need Intel to release a microcode update (the latest https://downloadcenter.intel.com/download/27337/Linux-Processor-Microcode-Data-File is from 11/17/2017).

*Keep in mind that if you decide to use the method described in the link above you do it on your own risk.*

(I saw no problems on my Haswell cpu while using the method described in the link above to update the microcode, but well this is just my case.)

Note 1 : On boot the bios will load the old microcode, the stuff from the above link is basicaly a driver that will load a newer microcode (as long as it's available) in Windows (it has to be loaded every time Windows starts because it doesn't changes the microcode in your bios).
Note 2: From what I tested with this stuff I know it also works with AMD k10 cpus but it doesn't work with AMD k8 cpu (similar with linux, didn't bothered to read the amd k8 family cpu errata, maybe the k8 microcode update procedure is bugged or well there is no such procedure to begin with).

In Linux you can update the cpu microcode from Drivers Manager (or whatever the name for this things is in your distro). It's actually easier in Linux  .


----------



## biffzinker (Jan 5, 2018)

From Intel: We have begun providing software and firmware updates to mitigate these exploits. *End users* and systems administrators should check with their *operating system vendors *and* system manufacturers*, and apply any updates as soon as they are available.

https://www.intel.com/content/www/u...side-channel-analysis-and-intel-products.html

Thanks for the tip off @thedukesd1, method appears to still work.


Short summary from Google for anyone interested in the highlights.


> *Speculative Execution and the Three Methods of Attack*
> In addition, to follow up on yesterday’s post, today we’re providing a summary of speculative execution and how each of the three variants work.In order to improve performance, many CPUs may choose to speculatively execute instructions based on assumptions that are considered likely to be true. During speculative execution, the processor is verifying these assumptions; if they are valid, then the execution continues. If they are invalid, then the execution is unwound, and the correct execution path can be started based on the actual conditions. It is possible for this speculative execution to have side effects which are not restored when the CPU state is unwound, and can lead to information disclosure.Project Zero discussed three variants of speculative execution attack. There is no single fix for all three attack variants; each requires protection independently.
> 
> Variant 1 (CVE-2017-5753), “bounds check bypass.” This vulnerability affects specific sequences within compiled applications, which must be addressed on a per-binary basis.
> ...


 More details about mitigations for the CPU Speculative Execution issue


----------



## IceScreamer (Jan 5, 2018)

Knoxx29 said:


> Many Journalist and Reviewers are just playing the Nostradamus's Game. Lol
> 
> Does anyone has the time to tell if this whole thing affect Intel's future CPU's?


From what I've understood, yes, the future CPU's will be affected, unless Intel makes changes on the architecture level. The problem requires some changes on the bottom level of the arch.


----------



## Vya Domus (Jan 5, 2018)

IceScreamer said:


> From what I've understood, yes, the future CPU's will be affected, unless Intel makes changes on the architecture level. The problem requires some changes on the bottom level of the arch.



It's not really down to the particular architecture they employ. That's just the nature of modern superscalar CPUs , stuff is executed in parallel as the CPU looks back and forth through the instructions it's supposed to run. There is no hardware fix to speak of as it is nearly impossible to know when not to do that outside of a couple known situations , which is basically what the software fix is about.


----------



## biffzinker (Jan 5, 2018)

Vya Domus said:


> which is basically what the software fix is about.


Speaking of software fixes I found Google's "Retpoline" was a interesting read.


> *Executive Summary*
> “Retpoline” sequences are a software construct which allow indirect branches to be isolated from speculative execution.  This may be applied to protect sensitive binaries (such as operating system or hypervisor implementations) from branch target injection attacks against their indirect branches.
> The name “retpoline” is a portmanteau of “return” and “trampoline.”  It is a trampoline construct constructed using return operations which also figuratively ensures that any associated speculative execution will “bounce” endlessly.
> (If it brings you any amusement: imagine speculative execution as an overly energetic 7-year old that we must now build a warehouse of trampolines around.)


Retpoline: a software construct for preventing branch-target-injection


----------



## IceScreamer (Jan 5, 2018)

Vya Domus said:


> It's not really down to the particular architecture they employ. That's just the nature of modern superscalar CPUs , stuff is executed in parallel as the CPU looks back and forth through the instructions it's supposed to run. There is no hardware fix to speak of as it is nearly impossible to know when not to do that outside of a couple known situations , which is basically what the software fix is about.


Yea I figured the issue is not a specific part, rather the way things are done. Tho the answer still stands, things (probably) won't get fixed with the following release.


----------



## HTC (Jan 5, 2018)

R-T-B said:


> Bill, I like you, but you really don't understand this one.  This vulnerability, if allowed unchecked, is akin to being locked in a cage in a house with money, with the keys to cage in hand.
> 
> *If you have a VM on the machine (and many VMs in the cloud share with rental providers), you can access any memory of any OTHER VM on the machine...  Yes, undetected, from within your own VM.  In other VMs memory, there are keys, passwords, certificates, and all these can be accessed unchecked.  That's how bad this is unpatched, and there is no exaggeration there.*
> 
> ...



Has anyone considered that this problem *may have been* discovered quite some time ago by X or Y hacker and, obviously, he / she kept quiet about it and has, since then, been able to take advantage of it for his / her nefarious purposes? As such, how do we know if this problem hasn't already caused any damage? For all we know, that Equifax data breach problem could have been done using these exploits, no? And this is assuming these exploits were found by just one hacker and that he / she didn't "share" with any "colleague".


----------



## R0H1T (Jan 5, 2018)

HTC said:


> Has anyone considered that this problem *may have been* discovered quite some time ago by X or Y hacker and, obviously, he / she kept quiet about it and has, since then, been able to take advantage of it for his / her nefarious purposes? As such, how do we know if this problem hasn't already caused any damage? For all we know, that Equifax data breach problem could have been done using these exploits, no? And this is assuming these exploits were found by just one hacker and that he / she didn't "share" with any "colleague".


Yes & there's also speculation that this was a CIA/NSA induced *bug* (meltdown) but we have no credible way to know anything more apart from the two flaws disclosed by project zero & four PoC.


----------



## Vya Domus (Jan 5, 2018)

R0H1T said:


> Yes & there's also speculation that this was a CIA/NSA induced *bug* (meltdown)



Probably the Illuminati too. Or are they the same ?


----------



## R0H1T (Jan 5, 2018)

Vya Domus said:


> Probably the Illuminati too. Or are they the same ?


Sorry I don't follow Illuminati, there's no such thing in my part of the world.
Corrupt govt agencies though, are part & parcel of our lives.


----------



## Vya Domus (Jan 5, 2018)

That was supposed to be sarcastic.

The US and it's intelligence agency is given to much credit. No , they probably aren't responsible for every single shit that happens with regards to cyber security. Seriously , give others some love too.


----------



## R0H1T (Jan 5, 2018)

Vya Domus said:


> That was supposed to be *sarcastic*.
> 
> The US and it's intelligence agency is given to much credit. No , they probably aren't responsible for every single shit that happens with regards to cyber security. Seriously , give others some love too.


Yeah I figured but personally don't follow conspiracy theories outside of my geography. The Snowden revelations though have me skeptical of an imminent big brother threat ~ Personal data of a billion Indians sold online for £6, report claims


----------



## Vya Domus (Jan 5, 2018)

There is no doubt there are concerns with regards to security and privacy but slapping an NSA tag on every single things seems unnecessary.


----------



## R0H1T (Jan 5, 2018)

Vya Domus said:


> There is no doubt there are concerns with regards to security and privacy but slapping an *NSA* tag on every single things seems unnecessary.


You probably missed the sarcastic part then, this isn't my theory - it's all over the net, I don't subscribe to it bit I won't rule it out either.
The point is govt agencies, much like corporations, won't accept anything until they absolutely have to.


----------



## LocoDiceGR (Jan 5, 2018)

in simple words the average user is F**.


----------



## EarthDog (Jan 5, 2018)

LocoDiceGR said:


> in simple words the average user is F**.


LOL, no.


----------



## Easy Rhino (Jan 5, 2018)

The knee jerk reaction to this story was totally overblown.


----------



## EarthDog (Jan 5, 2018)

That's funny, I JUST posted something to that effect a minute ago in one of the 5 threads going.. thanks TPU news.


----------



## FireFox (Jan 5, 2018)

biffzinker said:


> The update is out, ask @P4-630 - already made post about getting the update through Windows Update eariler.



No new updates for me.








Blo3der-Kuh said:


> In other words: If Asus does not publish a BIOS update for my aged Z68 board, I am screwed anyway? Or is it possible to load microcode through windows updates?



At least Asus has released a new Bios update for my Board but i wont install it


----------



## EarthDog (Jan 5, 2018)

I have it as well.. did you check the history and see if it already installed?


----------



## lexluthermiester (Jan 5, 2018)

Vya Domus said:


> The US and it's intelligence agency is given to much credit. No , they probably aren't responsible for every single shit that happens with regards to cyber security.


True, but this set of problems has NSA methodologies written all over it. While I'm not directly blaming them, it would not be at all surprising.


Knoxx29 said:


> At least Asus has released a new Bios update for my Board but i wont install it


Why not? Are you waiting for a possibly better version?


----------



## Regeneration (Jan 5, 2018)

thedukesd1 said:


> https://labs.vmware.com/flings/vmware-cpu-microcode-update-driver#instructions
> 
> Even if the mb manufactures doesn't bother to update the microcode and microsoft doesn't bother to update the microcode loaded by windows you can still use a newer microcode in windows following the stuff in the link above, but we still need Intel to release a microcode update (the latest https://downloadcenter.intel.com/download/27337/Linux-Processor-Microcode-Data-File is from 11/17/2017).
> 
> ...



Don't even try it. VMware CPU Microcode Updater can fry your hardware.


----------



## Bill_Bright (Jan 5, 2018)

Vayra86 said:


> You say that, but look at how many data leaks get reported and you can't possibly be convinced this won't go south at some point.


And how many of those leaks occurred because *the system administrator failed in their responsibilities and neglected to keep the system and system security fully updated in a timely basis*? Virtually all of them. How many of those were then exploited because the user of the outdated computer was "click-happy" on some unsolicited link, download, attachment or popup? Virtually all of them.

So stop panicking! Microsoft already released patches. Intel already issued updates. Many were available BEFORE Meltdown and Spectre were disclosed! 





Knoxx29 said:


> At least Asus has released a new Bios update for my Board


Gigabyte has for mine too.

And, except in rare circumstances, the fixes do NOT impart any performance hit.

(My *bold underline* added to R-T-B's comment below to illustrate my following point)


R-T-B said:


> Bill, I like you, but you really don't understand this one. This vulnerability, *if allowed unchecked*, is akin to being locked in a cage in a house with money, with the keys to cage in hand.
> 
> If you have a VM on the machine (and many VMs in the cloud share with rental providers), you can access any memory of any OTHER VM on the machine... Yes, undetected, from within your own VM. In other VMs memory, there are keys, passwords, certificates, and all these can be accessed unchecked. That's how bad this is unpatched, and there is no exaggeration there.



I do fully understand. Sorry (and I like you too) but it is you who don't understand the threat here. To continue your analogy, that house is still locked and surrounded by security - just like me and my computer are now! A bad guy still must get through my locked doors and security to get in. And even I have to purposely unlock and disable my security to get out with my money!

You are suggesting anyone with a VM automatically has access to and can see the data in memory of any other VM on that same machine. That is NOT true. Certainly not that simple. The badguy (*who must have root access* in the first place), must be running a program on the hacked system which is then used to gain access to the memory in other VMs. Having access to the memory does NOT mean any ol' Jane or Joe can see (and make sense of) the data in that memory. 
Therefore, there are several big *IF*s that must fall into place before this vulnerability can be exploited. So yes, you are exaggerating this.


Easy Rhino said:


> The knee jerk reaction to this story was totally overblown.


I think it is more precise to say, "there was a knee jerk reaction to the totally overblown reporting of this story".

It IS a big story because it potentially affects so many devices. I am not denying that! But the story has been blown way out of proportion by the IT press, bloggers and parrots with all the exaggerated claims the impact _will _ be. Because, there are many hurdles the bad guy must bypass first before this vulnerability can be exploited (as R-T-B correctly noted) *IF allowed unchecked*.


----------



## Vya Domus (Jan 5, 2018)

Bill_Bright said:


> Having access to the memory does NOT mean any ol' Jane or Joe can see (and make sense of) the data in that memory.



???

Then what does having access to a portion memory mean other than the fact that you can read from it ? You do know that all that is stored there can be easily interpreted , it's all just data or instructions or addresses to either one of them. Once you can see what is there it doesn't take much effort to find out what is going on.


----------



## Deleted member 163934 (Jan 5, 2018)

Regeneration said:


> Don't even try it. VMware CPU Microcode Updater can fry your hardware.



I wrote: "*Keep in mind that if you decide to use the method described in the link above you do it on your own risk.*" for a reason.

Also I doubt the current microcode from Intel is fixing the current vulnerability. At least for my Haswell both 11/17/2017 ( https://downloadcenter.intel.com/download/27337/Linux-Processor-Microcode-Data-File ) and 7/7/2017 (https://downloadcenter.intel.com/download/26925/Linux-Processor-Microcode-Data-File) update to the same revision: 22. If Intel would had release a microcode update back in 7/7/2017 to solve this doubt all the news about this problem would had existed  .

I doubt it will fry the hardware but well if the BIOS/UEFI is coded in weird ways it can easily mess up with it and make the pc not boot. (It's not like Ubuntu 17.10 didn't messed up some Lenovo laptops  http://www.omgubuntu.co.uk/2017/12/ubuntu-corrupting-lenovo-laptop-bios ).
Brand pcs/laptops have higher chances to not play well with microcode update done this way (or in the way linux can do it) mostly because they have a passion to just lock things for no reason at all...


----------



## jsfitz54 (Jan 5, 2018)

Closing backdoors is a good thing.  Major data leaks that affect national security and private finance and utility companies and hospitals needs to stop.
This has been going on more heavily these past 2 years.

I'm glad for the shake up.

Who do we have to blame?
Nefarious actors include: North Korea, Russia, China, Iran and others.


----------



## TheoneandonlyMrK (Jan 5, 2018)

Bill_Bright said:


> And how many of those leaks occurred because *the system administrator failed in their responsibilities and neglected to keep the system and system security fully updated in a timely basis*? Virtually all of them. How many of those were then exploited because the user of the outdated computer was "click-happy" on some unsolicited link, download, attachment or popup? Virtually all of them.
> 
> So stop panicking! Microsoft already released patches. Intel already issued updates. Many were available BEFORE Meltdown and Spectre were disclosed! Gigabyte has for mine too.
> 
> ...


Reassuring to a point and I don't dissagree with any of it but there are two points that you are not accounting for.
Intel and clearly a few others knew about this for a while yet only disclosed when forced to which to me means also only what they were forced to.
There can be no way to know if this is the extent of the issue, it's clear intel would not say if it's worse until pushed and due to the disparity of time between known and fixed ,a time in which many other hacks occoured some netting millions.
Systems were and already are compromised, perhaps not by this perhaps, but as you say access is required,it might already have been had ,but who can now definitely state that two months ago their email and the accounts it represents were safe /are safe, dramma yes but honestly I don't know, I'm sure ill get to know but would That be a year from now too, you see there's a third point, Trust not just in the hardware but in the Word of the Intel, they have work to do no doubt.

And play fair No one expects the average joe to be able to utilise this issue ,no one , it's potent professional actors that concern me.


----------



## Bill_Bright (Jan 5, 2018)

Vya Domus said:


> ???
> 
> Then what does having access to a portion memory mean other than the fact that you can read from it ? You do know that all that is stored there can be easily interpreted , it's all just data or instructions or addresses to either one of them. Once you can see what is there it doesn't take much effort to find out what is going on.


 Right. So according to you, this vulnerability is so exposed to the world that any "ol' Jane and Joe" I referenced to above can easily use one VM system to run any old program to access the memory in another VM system, and then totally understand the raw hexidecimal data stored in memory on that other VM system. 

Okay. We are all doomed.


----------



## Vya Domus (Jan 5, 2018)

Bill_Bright said:


> Right. So according to you, this vulnerability is so exposed to the world that any "ol' Jane and Joe" I referenced to above can easily use one VM system to run any old program to access the memory in another VM system



I am not saying every idiot can jump in and do that , obviously they can't. But you said gaining access to the memory of another VM isn't enough to do anything which just isn't really true. That's why there is *all this security *in the first place for Christ sake.



Bill_Bright said:


> and then totally understand the raw hexidecimal data stored in memory on that other VM system.



Those hexadecimal values aren't complete gibberish to everyone, you can eventually track down and decode the instructions and data and determine what is going on , *that's what this is about*. To what degree that is useful I don't know but clearly there is a concern for it.


----------



## notb (Jan 5, 2018)

https://access.redhat.com/articles/3307751

8-19% in heavy I/O load (sysbench, pgbench - fairly realistic stuff for datacenters)
3-7% in DSS and JVM
2-5% in HPC

Bad, but very far from the 30% or more apocalypse that many hoped for.
I mean: it's not like servers and supercomputers will stop working and tomorrow you'll wake up in a world where some things - like weather forecasts - don't work very well.
It's nothing that can't be quickly compensated by getting a bit better or more stuff. Especially when Intel will pay for most of it. 

RedHat is going to optimize the patch further, so expect a decent improvement.

Possibly a good time to buy Intel stock if you haven't done that in the morning.


----------



## Bill_Bright (Jan 5, 2018)

theoneandonlymrk said:


> but there are two points that you are not accounting for.
> Intel and clearly a few others knew about this for a while yet only disclosed when forced to which to me means also only what they were forced to.


I did account for it, a couple times already in this thread. Way back in post #64 I said, 





Bill_Bright said:


> Others are criticizing Intel for being secretive about this. Of course they are be secretive. In any security situation (not just computer security) you don't go blabber-mouthing your vulnerabilities to the world letting the bad guys know your weaknesses.


And I pointed out in post #202 above that Intel already released patches too which shows they have been working on it for some time.


theoneandonlymrk said:


> Systems were and already are compromised, perhaps not by this perhaps, but as you say access is required,it might already have been had ,but who can now definitely state that two months ago their email and the accounts it represents were safe /are safe, dramma yes but honestly I don't know


Thank you pointing out your comment is "drama" - further illustrating my point that this "story" is being blown way out of proportion.


Vya Domus said:


> Those hexadecimal values aren't complete gibberish to everyone, you can eventually track down and decode the instructions and data and determine what is going on , *that's what this is about*. To what degree that is useful I don't know but clearly there is a concern for it.


NOT ONCE did I say this issue was not of concern. In fact, I said "This IS a big story". But even now you are admitting it would take someone with special skillsets and tools to "_eventually track down and decode the instructions and data and determine what is going on_".



notb said:


> Possibly a good time to buy Intel stock if you haven't done that in the morning.


Actually, Intel stocks are doing just fine. And I am very happy I started buying (through an allotment so I would not miss it out of my paycheck) $50 worth of Intel per month starting in 1995 in a DRIP account as I now have 578.348647 shares.


----------



## TheoneandonlyMrK (Jan 5, 2018)

notb said:


> https://access.redhat.com/articles/3307751
> 
> 8-19% in heavy I/O load (sysbench, pgbench - fairly realistic stuff for datacenters)
> 3-7% in DSS and JVM
> ...


That many hoped for, i did wonder where you was but no more.
Whos hoping for a shitter outcome then is necessary , poor choice of words , surely even intel Hater's realise no good comes from such a thing , see my other posts for common sense comments on the security issues your missing completely.
I am not one of those who dramatised the performance penalties btw before you suggest it.


@Bill_Bright my coment sounded like dramma did it so show me why and how your so sure email servers were safe two Months ago then.
You dodged that question last time to imply i was being dramatic , crack on and illuminate me i would love further reassurance.


----------



## notb (Jan 5, 2018)

Bill_Bright said:


> Actually, Intel stocksare doing just fine.


That's what I meant. Obvious correction. Also AMD is going down.


> And I am very happy I started buying (through an allotment so I would not miss it out of my paycheck) $50 worth of Intel per month starting in 1995 in a DRIP account as I now have 578.348647 shares.


Hm... not bad. I'm currently opening an account for buying stocks outside of my country this year for a similar saving idea. For now I can only access these markets via financial derivatives.
I just wished I did it earlier, because I missed the AI/Autonomous car boom.
Maybe I'll find something else or just keep buying Microsoft, Intel and NVIDIA for the next 20 years.


----------



## FireFox (Jan 5, 2018)

EarthDog said:


> I have it as well.. did you check the history and see if it already installed?



Yeap i have checked and nothing there.


----------



## notb (Jan 5, 2018)

theoneandonlymrk said:


> Whos hoping for a shitter outcome then is necessary


You didn't read these few threads very closely, did you?


> surely even intel Hater's realise no good comes from such a thing


I very much doubt they do.


> see my other posts for common sense comments on the security issues your missing completely.
> I am not one of those who dramatised the performance penalties btw before you suggest it.


You've taken it very personally. I wonder why.


----------



## TheoneandonlyMrK (Jan 5, 2018)

*Maybe I'll find something else or just keep buying Microsoft, Intel and NVIDIA for the next 20 years. *


*explains a lot *, I've found a signature i think.


----------



## P4-630 (Jan 5, 2018)

Knoxx29 said:


> Yeap i have checked and nothing there.



It must be in the first 2018 update that you already have installed IIRC.


----------



## Bill_Bright (Jan 5, 2018)

theoneandonlymrk said:


> @Bill_Bright my coment sounded like dramma did it so show me why and how your so sure email servers were safe two Months ago then.


That's just silly and you know it. Show us where BT was not hacked in November. Show us unicorns don't exist. Show us TPU  was not hacked last year. Show us ANY - even one - report from any of the 1000s of security experts looking at this that these vulnerabilities have been exploited.


notb said:


> I just wished I did it earlier


I've said that a million times - even with Intel. If I started investing in Intel in 1980 when I first learned of Intel (I lived in Albuquerque back then), I would be a millionaire many times over by now. Same with bitcoin and many other missed opportunities I was too scared to risk the money on.


----------



## TheoneandonlyMrK (Jan 5, 2018)

Bill_Bright said:


> That's just silly and you know it. Show us where BT was not hacked in November. Show us unicorns don't exist. Show us TPU  was not hacked last year. Show us ANY - even one - report from any of the 1000s of security experts looking at this that these vulnerabilities have been exploited.
> I've said that a million times - even with Intel. If I started investing in Intel in 1980 when I first learned of Intel (I lived in Albuquerque back then), I would be a millionaire many times over by now. Same with bitcoin and many other missed opportunities I was too scared to risk the money on.


Thing is i agreed with you at first it's all to dramatic ,you say im adding drama lol but no i just have doubts and accounts im looking for reassurance on that's impossible to get see , it may yet be about right on the dramma scale ,we may both be wrong in a year.


----------



## FireFox (Jan 5, 2018)

P4-630 said:


> It must be in the first 2018 update that you already have installed IIRC.



This is the update KB4056892 right?


----------



## Bill_Bright (Jan 5, 2018)

Woody Leonard pointed readers to this nice read, A Simple Explanation of the Differences Between Meltdown and Spectre.

Note the following, my *bold* added, 





> _Both Meltdown and Spectre allow low-privilege users *who execute code on your system* to read sensitive information from memory via Speculative Execution_.


----------



## P4-630 (Jan 5, 2018)

Knoxx29 said:


> This is the update KB4056892 right?



Yeah, I thought you posted a screenshot of it before but I can't seem to find it anymore.


----------



## FireFox (Jan 5, 2018)

P4-630 said:


> Yeah, I thought you posted a screenshot of it before but I can't seem to find it anymore.



So, you have confirmed what i continue telling you, i don't have that update 
#118


----------



## P4-630 (Jan 5, 2018)

Knoxx29 said:


> So, you have confirmed what i continue telling you, i don't have that update
> #118



Hmm, ok.
I have read something about that the update depends on what anti virus you have installed.

"_Due to an issue with some versions of Anti-Virus software, this fix is only being made applicable to the machines where the Anti virus ISV has updated the ALLOW REGKEY. Contact yourAnti-Virus AV to confirm that their software is compatible and have set the following REGKEY on the machine_"

https://www.google.nl/search?q=kb40...rome..69i57.5563j0j4&sourceid=chrome&ie=UTF-8


----------



## xkm1948 (Jan 5, 2018)




----------



## TheoneandonlyMrK (Jan 5, 2018)

P4-630 said:


> Hmm, ok.
> I have read something about that the update depends on what anti virus you have installed.
> 
> "_Due to an issue with some versions of Anti-Virus software, this fix is only being made applicable to the machines where the Anti virus ISV has updated the ALLOW REGKEY. Contact yourAnti-Virus AV to confirm that their software is compatible and have set the following REGKEY on the machine_"
> ...


Strange so Av has a say , my rig installed that update on a strange 2am reboot last night ,i say strange because its set up to let me decide when to install nit just reboot whenever as it did but hey ho.

So i checked my four other rigs a mix of Av solutions on them unlike mine on security essentials and no sign of the patch. 
It seams to be as you say Av dependant when you get patched.


----------



## jsfitz54 (Jan 5, 2018)

PATCH:  If you have it done correctly, check W10 version number...



MrGenius said:


> Download January 3 CU KB4056892 x64 (601.8MB)
> 
> Brings system to *16299.192*
> 
> List of improvements and fixes found here.(page doesn't want to load with IE, for me anyway, works fine with Edge though)


----------



## John Naylor (Jan 5, 2018)

Everything that's coming out today has it going far beyond Intel and into even mobile phones .... that won't stop pundits / fans of all sides from running 28 benchmarks and publishing the best / worst one of the bunch as "typical impact"


----------



## trog100 (Jan 5, 2018)

jsfitz54 said:


> Closing backdoors is a good thing.  Major data leaks that affect national security and private finance and utility companies and hospitals needs to stop.
> This has been going on more heavily these past 2 years.
> 
> I'm glad for the shake up.
> ...



i would lay the blame far closer to home.. but then again i aint a patriotic american.. just an old cynical English dude.. he he

trog


----------



## notb (Jan 5, 2018)

Knoxx29 said:


> So, you have confirmed what i continue telling you, i don't have that update
> #118


I had a similar issue. Check if your connection isn't marked as metered.
Mine was, I switched it off and the update appeared instantly.






theoneandonlymrk said:


> Microsoft, Intel and NVIDIA
> explains a lot , I've found a signature i think.


Because I like to invest in large, fairly stable companies making electronics? I don't think that's a very unique approach. 
I have 8 companies on a list. I can tell you the forth one: SAP.
They tick all the right boxes: big, fairly dominant in their niche, paying stable dividends, relatively diversified if possible (Intel's weakness, but they're working on it) and I understand their products.
It's meant to be a fairly safe portfolio for the next decade or so. It's going to replace some stock-based investment funds and I'm hoping for 20% yearly.

Just to inform you:
1) why there are no Internet-era giants like Amazon or Alphabet: they don't pay dividends,
2) why there is no AMD: because I think they will be restructured before we see AM5. 

In fact, 2018 might be the year when both Intel and AMD fire their CEOs. Interesting.


----------



## TheoneandonlyMrK (Jan 5, 2018)

notb said:


> I had a similar issue. Check if your connection isn't marked as metered.
> Mine was, I switched it off and the update appeared instantly.
> View attachment 95586
> 
> ...


Fair enough and fairly wise I would say but i was just having a crypto meeting with a friend (i got him into mining and run his stuff) and his main gist of the evening was , Can someone talk up or down particular cryptos via social media channels etc and affect the price in a helpful way, i think you can.
It made me realise that this can be a legitimate motivator to people.


----------



## FireFox (Jan 5, 2018)

notb said:


> I had a similar issue. Check if your connection isn't marked as metered.
> Mine was, I switched it off and the update appeared instantly.



Everything is ok there.

As you can see my system is still *16299 *instead* 16299.192*



MrGenius said:


> Download January 3 CU KB4056892 x64 (601.8MB)
> 
> Brings system to *16299.192*


----------



## R-T-B (Jan 5, 2018)

Bill_Bright said:


> *who must have root access*



In his own VM...

This is a VM-internal exploitable bug, bill.  Average Joe may not be able to make heads or tails of memory but a skilled hacker with nefarious intentions can.


----------



## biffzinker (Jan 6, 2018)

Performance impact of Windows patch and BIOS update (0606) on i7-8700 on ASUS PRIME Z370-A motherboard using Realbench 2.56







> I just finished running Rise of the Tomb Raider benchmarks, 1080p, very high preset, FXAA.
> Unpatched:
> 
> Mountain Peak: 131.48 FPS (min: 81.19 max: 197.02)
> ...



Everyone's favorite Geekbench

Unpatched:




Windows Patch Only




Windows Patch + BIOS Update




Source: Reddit


----------



## fullinfusion (Jan 6, 2018)

Ryzen 2 here I come!!

And next exploited will be Nvida lol


----------



## okidna (Jan 6, 2018)

Knoxx29 said:


> Everything is ok there.
> 
> As you can see my system is still *16299 *instead* 16299.192*
> 
> ...



Run "winver" command and you will see your full Windows version.


----------



## R0H1T (Jan 6, 2018)

The AWS forum seems to be having a *meltdown* of sorts


----------



## R-T-B (Jan 6, 2018)

R0H1T said:


> The AWS forum seems to be having a *meltdown* of sorts



To be fair, if I I was a web service hoster I'd be concerned.  But I doubt AWS is that stupid to not patch.


----------



## R0H1T (Jan 6, 2018)

R-T-B said:


> To be fair, if I I was a web service hoster I'd be concerned.  But I doubt AWS is that stupid to not patch.


I was referring to AWS customers, lots of them have seen a performance hit & there's huge concern wrt security & the kind of misinformation Intel's doing won't help anyone at all.
For instance not one mention of a *microcode* update by Intel IIRC.


----------



## FireFox (Jan 6, 2018)

okidna said:


> Run "winver" command and you will see your full Windows version.



I will when i get home this afternoon.


----------



## R0H1T (Jan 6, 2018)

Another way to see how you're vulnerable ~ https://github.com/ionescu007/SpecuCheck


----------



## FireFox (Jan 6, 2018)

R0H1T said:


> Another way to see how you're vulnerable ~ https://github.com/ionescu007/SpecuCheck
> View attachment 95594



Do you mind to explain that screenshot?


----------



## R0H1T (Jan 6, 2018)

Knoxx29 said:


> Do you mind to explain that screenshot?


The first part is meltdown *CVE-2017-5754* (patched yesterday with MS' KB4056892) *user pages marked global* scratch that, seems irrelevant 

This is an evolving situation so I won't comment more than I already know or understand.

The second is spectre 2 (CVE-2017-5715) which needs a hardware fix (microupdate) from Intel & an OS update I presume, that's still to be patched.


----------



## johnspack (Jan 6, 2018)

Can I keep this microcode update off my 1650....  I run multiple vms at times...  and I can't afford slowdowns on this old thing.  And I don't give a dam if they share memory!
Yeah,  I know.....


----------



## R0H1T (Jan 6, 2018)

johnspack said:


> *Can I keep this microcode update off my 1650*....  I run multiple vms at times...  and I can't afford slowdowns on this old thing.  And I don't give a dam if they share memory!
> Yeah,  I know.....


There's always that choice, though I don't know what microcode update you're talking about? The MS KB4056892 is for meltdown on win10, it doesn't have any microcode update that I know of.


----------



## notb (Jan 6, 2018)

An *excellent *article about the situation. Highly recommended.
https://arstechnica.com/gadgets/201...el-apple-microsoft-others-are-doing-about-it/


----------



## Vlada011 (Jan 6, 2018)

Real Bench 2.54 Image Edition 5820K 4.2GHz



 

September 17

197.304
28.2745

October 14

199.103
26.7559

December 7

197.903
26.9221

December 10

198.633
26.8232

After Windows Update
Januar 6

138.704
38.4125


Intel just destroy enjoying of people in benchmark tests, overclocking, delidding, watercooling, etc.
No everything look pointless and to be honest many people will don't like any more to test their systems like that and that will reflect on motherboard vendors and memory vendors, watercooling systems, delidding tolls, etc...

How someone could ask to buy i7-8700K, are you normal. Who normal think about upgrade before complete fix and completely new Core.
Intel sell us same Core 10 years and it's not weird why all of them have same problems.


----------



## FireFox (Jan 6, 2018)

As i said in some of my previous post before, my Machine runs FIFA, DOOM and the rest of the others Games i own, that said i am fine, Benchmarks? My Machine wasn't built for that.


----------



## notb (Jan 6, 2018)

Vlada011 said:


> Intel just destroy enjoying of people in benchmark tests, overclocking, delidding, watercooling, etc.


Yup, Intel doesn't care about all that. Nor does the other 99.9% of human race. You have to live with that.
You're benchmarking your system at least once a month? For how long has this been going on? Seriously?


----------



## Ahhzz (Jan 6, 2018)

"_Security experts said it was impossible to know whether hackers had used the two software flaws to steal data, though it’s possible given that rumors of the flaws had been circulating for several months within the security community_."
"_Cybersecurity researcher Matt Tait said he first learned about Meltdown last week. With about a day of work, he was able to develop a functioning example of how the vulnerability could work. He said it’s impossible to know whether malicious hackers have deployed Meltdown because the flaw creates no record of the intrusion._
_'The reality is we don’t know,' said Tait, a senior cybersecurity fellow at the Robert S. Strauss Center at the University of Texas at Austin. 'Now that the vulnerability has been made public, we should expect this being exploited in the wild in the next few days.__' _"

Accepting that it's not a major risk to most people, we have no way of knowing whether or how long it was exploited.


----------



## HTC (Jan 6, 2018)

Knoxx29 said:


> As i said in some of my previous post before, my Machine runs FIFA, DOOM and the rest of the others Games i own, that said i am fine, Benchmarks? My Machine wasn't built for that.



It's a good thing that you can be attacked by this by something *external* to your PC then: Take a look @notb 's post link  (which i quote below) and scroll down to the "microsoft" section, just below the blue background pic and start reading from there.

It's a good thing this can't affect you then, right? Oh wait ...



notb said:


> An *excellent *article about the situation. Highly recommended.
> https://arstechnica.com/gadgets/201...el-apple-microsoft-others-are-doing-about-it/


----------



## Final_Fighter (Jan 6, 2018)

notb said:


> Yup, Intel doesn't care about all that. Nor does the other 99.9% of human race. You have to live with that.
> You're benchmarking your system at least once a month? For how long has this been going on? Seriously?




its the people who benchmark systems that recommend products and give good reviews and hype a product. would you have bought your system if it was 10% slower then the competition? not likely unless the price reflected that. the products you are running might have not gotten as much publicity either.

Benchmarkers matter.


----------



## FYFI13 (Jan 6, 2018)

Has anyone done some testing in online FPS shooters? I'm experiencing weird lag in Arma 3 with the patch installed. Enemy vehicles literally teleporting in steps of 5-10 meters instead of driving normally. Uninstalling patch seems to help a lot. Just curious.


----------



## Final_Fighter (Jan 6, 2018)

FYFI13 said:


> Has anyone done some testing in online FPS shooters? I'm experiencing weird lag in Arma 3 with the patch installed. Enemy vehicles literally teleporting in steps of 5-10 meters instead of driving normally. Uninstalling patch seems to help a lot. Just curious.



hopefully its just your system experiencing this. that will be extremely bad if this effects everybody like you just said. only time will tell.


----------



## HTC (Jan 6, 2018)

FYFI13 said:


> *Has anyone done some testing in online FPS shooters?* I'm experiencing weird lag in Arma 3 with the patch installed. Enemy vehicles literally teleporting in steps of 5-10 meters instead of driving normally. Uninstalling patch seems to help a lot. Just curious.



http://www.dsogaming.com/news/intel...c-shows-performance-impact-on-gaming-servers/

Courtesy of @*pigulici* ,from this post.


----------



## FireFox (Jan 6, 2018)

HTC said:


> It's a good thing that you can be attacked by this by something *external* to your PC then: Take a look @notb 's post link  (which i quote below) and scroll down to the "microsoft" section, just below the blue background pic and start reading from there.
> 
> It's a good thing this can't affect you then, right? Oh wait ...



What would they could steal, my Steam and Origin account password? if so i don't care


----------



## HTC (Jan 6, 2018)

Knoxx29 said:


> What would they could steal, my Steam and Origin account password? if so i don't care



Good for you ...


----------



## FilipM (Jan 6, 2018)

I reveived an update today, but it is different tnan what you people get

KB4056891...Weird


----------



## FireFox (Jan 6, 2018)

HTC said:


> Good for you ...



Nah, I am just more realistic and less paranoid.


----------



## 64K (Jan 6, 2018)

Intel released a list of CPUs affected by Spectre and Meltdown..............


_Intel® Core™ i3 processor (45nm and 32nm)_
_Intel® Core™ i5 processor (45nm and 32nm)_
_Intel® Core™ i7 processor (45nm and 32nm)_
_Intel® Core™ M processor family (45nm and 32nm)_
_2nd generation Intel® Core™ processors_
_3rd generation Intel® Core™ processors_
_4th generation Intel® Core™ processors_
_5th generation Intel® Core™ processors_
_6th generation Intel® Core™ processors_
_7th generation Intel® Core™ processors_
_8th generation Intel® Core™ processors_
_Intel® Core™ X-series Processor Family for Intel® X99 platforms_
_Intel® Core™ X-series Processor Family for Intel® X299 platforms_
_Intel® Xeon® processor 3400 series_
_Intel® Xeon® processor 3600 series_
_Intel® Xeon® processor 5500 series_
_Intel® Xeon® processor 5600 series_
_Intel® Xeon® processor 6500 series_
_Intel® Xeon® processor 7500 series_
_Intel® Xeon® Processor E3 Family_
_Intel® Xeon® Processor E3 v2 Family_
_Intel® Xeon® Processor E3 v3 Family_
_Intel® Xeon® Processor E3 v4 Family_
_Intel® Xeon® Processor E3 v5 Family_
_Intel® Xeon® Processor E3 v6 Family_
_Intel® Xeon® Processor E5 Family_
_Intel® Xeon® Processor E5 v2 Family_
_Intel® Xeon® Processor E5 v3 Family_
_Intel® Xeon® Processor E5 v4 Family_
_Intel® Xeon® Processor E7 Family_
_Intel® Xeon® Processor E7 v2 Family_
_Intel® Xeon® Processor E7 v3 Family_
_Intel® Xeon® Processor E7 v4 Family_
_Intel® Xeon® Processor Scalable Family_
_Intel® Xeon Phi™ Processor 3200, 5200, 7200 Series_
_Intel® Atom™ Processor C Series_
_Intel® Atom™ Processor E Series_
_Intel® Atom™ Processor A Series_
_Intel® Atom™ Processor x3 Series_
_Intel® Atom™ Processor Z Series_
_Intel® Celeron® Processor J Series_
_Intel® Celeron® Processor N Series_

As you can see it's just a few CPUs. What are the odds that very many people will have one of those anyway?


----------



## RejZoR (Jan 6, 2018)

Hm, what about Atom X5 Z8300 ? They list X3 and Z series separately. Was X3 different series than X5 and X7 and the later two fall into a Z series? A bit confused there...


----------



## HTC (Jan 6, 2018)

Knoxx29 said:


> Nah, I am just more realistic and less paranoid.



Attention all hackers: this dude doesn't care if you steal his Steam and Origin passwords!


----------



## FireFox (Jan 6, 2018)

HTC said:


> Attention all hackers: this dude doesn't care if you steal his Steam and Origin passwords!



Is it that important for you an Origin and Steam password? Or maybe you think i have my Credit card or any personal information on both platforms

For me isn't.


----------



## TheoneandonlyMrK (Jan 6, 2018)

64K said:


> Intel released a list of CPUs affected by Spectre and Meltdown..............
> 
> 
> _Intel® Core™ i3 processor (45nm and 32nm)_
> ...


This should be pinned to the Op, it's very useful, apparently i need a new phone as asus aren't patching zenphone2s ever.
Now im aggrieved ,OoO effin idiots.


----------



## FireFox (Jan 6, 2018)

okidna said:


> Run "winver" command and you will see your full Windows version.











R0H1T said:


> Another way to see how you're vulnerable ~ https://github.com/ionescu007/SpecuCheck
> View attachment 95594


----------



## Ahhzz (Jan 8, 2018)

https://www.techspot.com/news/72625-epic-games-blames-fortnite-issues-meltdown-patches.html

"_Epic also released a chart showing the impact on CPU usage of one of its back-end servers after it was patched. It shows CPU utilization jumping around 20 percent following the application of the Meltdown patches._"


----------



## Vayra86 (Jan 8, 2018)

Ahhzz said:


> https://www.techspot.com/news/72625-epic-games-blames-fortnite-issues-meltdown-patches.html
> 
> "_Epic also released a chart showing the impact on CPU usage of one of its back-end servers after it was patched. It shows CPU utilization jumping around 20 percent following the application of the Meltdown patches._"



They will need more Intel cores to fix that problem.

Wait...


----------



## RejZoR (Jan 9, 2018)

Ahhzz said:


> https://www.techspot.com/news/72625-epic-games-blames-fortnite-issues-meltdown-patches.html
> 
> "_Epic also released a chart showing the impact on CPU usage of one of its back-end servers after it was patched. It shows CPU utilization jumping around 20 percent following the application of the Meltdown patches._"



They wouldn't have those issues with AMD servers XD


----------



## _JP_ (Jan 9, 2018)

RejZoR said:


> They wouldn't have those issues with AMD servers XD


Depends, panic-induced patching can affect AMD in performance too, just because it is a rainbow-herbicide-type move.


----------



## RejZoR (Jan 9, 2018)

_JP_ said:


> Depends, panic-induced patching can affect AMD in performance too, just because it is a rainbow-herbicide-type move.



Then it's at least a clear cut who to blame. Sticking a Meltdown patch on AMD systems can only be interpreted as intentional act to make AMD look bad. There is NO other explanation to it. Microsoft can target things based on endless variables. Sticking it to AMD systems can only mean they are either incompetent or doing it deliberately.


----------



## notb (Jan 9, 2018)

_JP_ said:


> Depends, panic-induced patching can affect AMD in performance too, just because it is a rainbow-herbicide-type move.


You guys don't read news a lot... It seems Spectre patches for Windows make some AMD systems unbootable.
https://support.microsoft.com/en-us...security-update-block-for-some-amd-based-devi


----------



## _JP_ (Jan 9, 2018)

notb said:


> You guys don't read news a lot... It seems Spectre patches for Windows make some AMD systems unbootable.
> https://support.microsoft.com/en-us...security-update-block-for-some-amd-based-devi


I do. And there's a news article on TPU's front page.
K8 arch affected so far, by reports.
Microsoft claiming AMD didn't provide the right information regarding its chipsets and claiming no liability for not testing it doesn't abide for them* and proves my point.

*Releasing patches as "Security - Critical" without proper testing usually creates a mess. And it did.



RejZoR said:


> Sticking a Meltdown patch on AMD systems can only be interpreted as intentional act to make AMD look bad.


Well, that would be quite a feat, actually, since Meltdown is Intel exclusive. So there shouldn't be one to begin with.
EDIT: I meant with my reply, blinded, "anything goes" patching against Spectre, that affects both Intel and AMD. Patching done by Linux and Microsoft should take into consideration that the way each architecture executes an instruction, common x86 arch aside.


----------



## notb (Jan 9, 2018)

_JP_ said:


> Microsoft claiming AMD didn't provide the right information regarding its chipsets and claiming no liability for not testing it doesn't abide for them* and proves my point.


You don't believe them?
Remember when Ryzen launched and mobo/cooler manufacturers also said that everything is delayed because AMD didn't share information early enough?
You think it's an industry-wide conspiracy against AMD? 


> *Releasing patches as "Security - Critical" without proper testing usually creates a mess. And it did.


Of course it did. That's why there is an embargo. The information became public too early (and AFAIK it was released by a guy from AMD...)


> Well, that would be quite a feat, actually, since Meltdown is Intel exclusive. So there shouldn't be one to begin with.


The particular attack technique may be. The flaw is not - AMD has the same security issue.


----------



## Ahhzz (Jan 9, 2018)

notb said:


> .... The information became public too early (and AFAIK it was released by a guy from AMD...)
> 
> .....



No spreading FUD, please. 
_Meltdown was discovered independently by Jann Horn from Google's Project Zero, Werner Haas and Thomas Prescher from Cyberus Technology, as well as Daniel Gruss, Moritz Lipp, Stefan Mangard and Michael Schwarz from Graz University of Technology.[19] The same research teams that discovered Meltdown also discovered a related CPU security vulnerability now called __Spectre_


----------



## Deleted member 163934 (Jan 9, 2018)

_JP_ said:


> K8 arch affected so far, by reports.



They don't provide this patch for all AMD cpus? The pc with an intel cpu shows the patch in wu, but the one with my athlon ii x4 640 (k10) doesn't show the patch (both run same windows version and are updated in same time).


----------



## _JP_ (Jan 9, 2018)

notb said:


> You don't believe them?
> Remember when Ryzen launched and mobo/cooler manufacturers also said that everything is delayed because AMD didn't share information early enough?
> You think it's an industry-wide conspiracy against AMD?
> 
> ...


I have to, but I believe Microsoft is trying to shake some guilt off over the mess done, so that the line of fire remains aimed at CPU makers.
Ryzen was a completely different situation. New tech being released vs. early support being pushed within NDA period.
Conspiracies against AMD? please...


thedukesd1 said:


> They don't provide this patch for all AMD cpus? The pc with an intel cpu shows the patch in wu, but the one with my athlon ii x4 640 (k10) doesn't show the patch (both run same windows version and are updated in same time).


Microsoft was providing the patch for every system, issue arised on older AMD processors/chipsets. Microsoft has since halted patching for AMD-detected systems.


----------



## notb (Jan 9, 2018)

Ahhzz said:


> No spreading FUD, please.
> _Meltdown was discovered independently by Jann Horn from Google's Project Zero, Werner Haas and Thomas Prescher from Cyberus Technology, as well as Daniel Gruss, Moritz Lipp, Stefan Mangard and Michael Schwarz from Graz University of Technology.[19] The same research teams that discovered Meltdown also discovered a related CPU security vulnerability now called __Spectre_


Not what I meant.
Project Zero was the first to discover and inform CPU makers about these problems (which they did in June). The issue wasn't made public to give CPU manufacturers time to fix it.
However, it leaked some time before the planned patch launch date.
There's a good article about this situation:
https://arstechnica.com/gadgets/201...el-apple-microsoft-others-are-doing-about-it/
"It's true that AMD didn't actually reveal the details of the flaw before the embargo was up, but *one of the company's developers came very close*. Just after Christmas, an AMD developer contributed a Linux patch that excluded AMD chips from the Meltdown mitigation.* In the note with that patch, the developer wrote, "The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault.*
(...)
For a company operating under an embargo, with many different players attempting to synchronize and coordinate their updates, patches, whitepapers, and other information, this was a deeply unhelpful act."

The patch note is from Dec 26. I've seen some forum discussions about it on 27-28 already.


----------



## TheoneandonlyMrK (Jan 9, 2018)

notb said:


> Not what I meant.
> Project Zero was the first to discover and inform CPU makers about these problems (which they did in June). The issue wasn't made public to give CPU manufacturers time to fix it.
> However, it leaked some time before the planned patch launch date.
> There's a good article about this situation:
> ...


Still trying to run up your intel share portfolio i see.


----------



## Bill_Bright (Jan 9, 2018)

> but I believe Microsoft is trying to shake some guilt off over the mess done


Why should Microsoft have any guilt? It's a processor problem. Microsoft does not make Intel, AMD or ARM processors. The flaw is in processors designed by Intel, AMD and ARM. Not Microsoft. 

Three different processor manufacturing companies making CPUs designed to run various operating systems and who gets the blame and is expected to accept guilt? Microsoft.  

I don't get why some just have to blame Microsoft for every and anything that goes wrong, or even might go wrong. There are plenty of screwed up things Microsoft has actually done that deserves our scorn, why do some feel it necessary to pour gas on the fire? These clear biases and down right hatred makes no sense. But worse, it spreads unwarranted, misdirected fear and loathing and misinformation. 

In another thread where the mods thankfully shutdown, you have folks calling Microsoft "immoral", "greedy", "morons", "foul", "sneaky", "blatantly dishonest" "dbags" because they have a program that offers Windows 10 for free  to "people with disabilities" - but not to able-bodied people.  And just because Microsoft is such an evil company, it is okay for able-bodied people to grab those free licenses intended for people with disabilities too. Who's being greedy? 

Microsoft can't catch a break even when they are trying to do something good. 

For decades Microsoft have been blamed for the security mess we are in when it was the bad guys who put us here and the anti-malware industry who failed to stop them - after they (Norton, McAfee, CA, TrendMicro, and the others) cried and whined to Congress and the EU it was their job to do so. But who got blamed? Microsoft.

Now you want to blame Microsoft for a flaw in microprocessors made by other companies? They did not require those processor makers to put that vulnerability  in there! They are just trying to mitigate the severity for now because it is easier at the software level than it is at the hardware level where the real and permanent fix must occur.

Do you blame MacOS and Linux too? Are they guilty? Why not? Those system are affected too!

If Microsoft is not perfect in everything they do, someone will find fault and bash them relentlessly, then others will blindly follow. Who out there is perfect?

Gee whiz. Bash where bashing is due and I will defend your right to do so with vigor. But senselessly bash the innocent and I will defend them (regardless their past sins) with the same vigor! 

And speaking of those in the security industry, where have they been for the last 23 years? Huh? Where? This flaw apparently affects some Intel processors manufactured since 1995! Why was it not discovered until just recently? And you want to blame Microsoft?

Pure FUD and biased MS bashing!    The problem is serious enough without MS biases and MS bashing rumormongering based on falsehoods.

Why is there even all this effort to place blame? Does that solve anything? Especially on a problem that goes back 23 years?


----------



## _JP_ (Jan 9, 2018)

Bill...like calm down for a minute.
I wrote that as purely my opinion. I didn't try to set it in stone.
*To me*, developers writing code, releasing it, stating "MUST USE" and then, if shit hits the fan go all "wasn't me", just doesn't sound responsible.
Pointing all the blame to the hardware manufacturer for products that have existed since 2006 and have survived 4  supported OS iterarions on Windows alone (XP, Vista, 7 and 8.1) isn't...well, reasonable, *to me*.


----------



## Bill_Bright (Jan 9, 2018)

I don't care why you wrote it. You are entitled to your opinion and I will defend your right to express it - where appropriate. But in a technical discussion, it should be based on fact, not biases and misinformation.


_JP_ said:


> Pointing all the blame to the hardware manufacturer for products that have existed since 2006 and have survived 4 supported OS iterarions on Windows alone (XP, Vista, 7 and 8.1) isn't...well, reasonable, *to me*.


It is not the job of OS developers to reverse engineer processors (devices with billions of transistor gates and millions of instruction sets) looking for obscure security flaws. It is the job of the hardware manufacturers and those security organizations who have put themselves in the position of detecting such flaws. 

I said my piece. Now please stop spreading more FUD and stick with the facts. There are plenty of real and true facts to place real and deserving blame where it belongs - since placing blame seems to be your goal here.


----------



## TheoneandonlyMrK (Jan 9, 2018)

Bill_Bright said:


> I don't care why you wrote it. You are entitled to your opinion and I will defend your right to express it - where appropriate. But in a technical discussion, it should be based on fact, not biases and misinformation.
> It is not the job of OS developers to reverse engineer processors (devices with billions of transistor gates and millions of instruction sets) looking for obscure security flaws. It is the job of the hardware manufacturers and those security organizations who have put themselves in the position of detecting such flaws.
> 
> I said my piece. Now please stop spreading more FUD and stick with the facts. There are plenty of real and true facts to place real and deserving blame where it belongs - since placing blame seems to be your goal here.


Playing fair Bill, the mucks being thrown quite widely on this one and everyone's deserved of a bit of it , they do all talk after all, and the continuing emergant cockups are just adding fuel to a few fires.
I don't think we're going to be passed this for a bit.


----------



## trparky (Jan 9, 2018)

Bill_Bright said:


> Gee whiz. Bash where bashing is due and I will defend your right to do so with vigor. But senselessly bash the innocent and I will defend them (regardless their past sins) with the same vigor!


The same can be said about Apple, the Apple hate train is just as packed as the Microsoft hate train is. I swear that hating on both Microsoft and Apple have become some sort of e-sport, the "in" or "cool" thing to do just because everyone else is doing it. Oh, since everyone else is doing it I don't want to feel left out so give me that ticket to board the hate train! All aboard the hate train! Next stop is Microsoft... get your pitchforks and torches ready, it's going to be a real hoot!

*Edit*
You see, I'm not a fanboy in any sense of the word. I will defend a company when the need arises and I will bash them with the same amount of vigor when that need arises. People are blaming Microsoft for this crap when you really should be blaming Intel. As @Bill_Bright said, how long has this been an issue? More than a decade! But oh no, we can't blame Intel... we're going to blame Microsoft who had no part in it other than trying to patch the systems against Intel's screw-up. *If it weren't for Intel's screw-up we would not be in this mess to begin with!!!* Put the blame where the blame is due... at Intel's feet.


----------



## Bill_Bright (Jan 9, 2018)

trparky said:


> The same can be said about Apple, the Apple hate train is just as packed as the Microsoft hate train is.


That's very true. But the numbers are much smaller so they don't get the same level of attention or make near as much noise.


theoneandonlymrk said:


> they do all talk after all


And that's a good thing. I don't think there is any evidence of hiding (except from the general public - and therefore the bad guys) or worse, any signs of a cover up. What I see is Microsoft, ASUS, Gigabyte and others trying to be proactive and releasing patches and updates as quickly as possible And that's a good thing.


----------



## TheoneandonlyMrK (Jan 9, 2018)

Bill_Bright said:


> That's very true. But the numbers are much smaller so they don't get the same level of attention or make near as much noise.
> And that's a good thing. I don't think there is any evidence of hiding (except from the general public - and therefore the bad guys) or worse, any signs of a cover up. What I see is Microsoft, ASUS, Gigabyte and others trying to be proactive and releasing patches and updates as quickly as possible And that's a good thing.


True i do however think it's not going to pan out for some , my phones now on the ropes because of this(zenphone2) it shouldn't be as it's still a good and viable phone but it won't receive Any fix and for that im angry at many companies ,intel asus Google, pile of nobs just chasing now cash.
Then there's the millions of motherboards and devices that wont get a patch ,any asus mobo over two years gets dropped clean off the update lists , and it's likely the same with some others so if a OS patch , firmware patch and mobo bios are all requirements of a fix some are definitely SOL.
That some would be millions , this needs much more clarity on what Is required to mitigate it per system type etc.

I sure as shit wont be seen defending asus intel or ms or Google on meltdown and spectre. 
They're all complicit with implementing features that have proved to have been made too insecure by design, that's all of them to blame equally.
Though i get defending an unbalanced blame post.


----------



## eidairaman1 (Jan 9, 2018)

_JP_ said:


> I have to, but I believe Microsoft is trying to shake some guilt off over the mess done, so that the line of fire remains aimed at CPU makers.
> Ryzen was a completely different situation. New tech being released vs. early support being pushed within NDA period.
> Conspiracies against AMD? please...
> 
> Microsoft was providing the patch for every system, issue arised on older AMD processors/chipsets. Microsoft has since halted patching for AMD-detected systems.



Just to be on safe side we should be aware of Patches for Intel, make sure they dont show up on AMD Winupdate lists by having those KBs listed that should be intel only for fixing them.


----------



## Bill_Bright (Jan 9, 2018)

theoneandonlymrk said:


> Then there's the millions of motherboards and devices that wont get a patch ,any asus mobo over two years gets dropped clean off the update lists , and it's likely the same with some others


True, but the vast majority of those boards will not likely be exposed to the exploits those flaws might imposed. Are they running multiple VM environments on a system with public access where a bad guy with access to one VM accesses data in memory used by another VM? That's a pretty specific scenario that doesn't apply to many home users.


----------



## TheoneandonlyMrK (Jan 9, 2018)

Bill_Bright said:


> True, but the vast majority of those boards will not likely be exposed to the exploits those flaws might imposed. Are they running multiple VM environments on a system with public access where a bad guy with access to one VM accesses data in memory used by another VM? That's a pretty specific scenario that doesn't apply to many home users.


Agreed but that's with the risk potential as is , an attack vector can be expanded upon over time.
Hopefully you are right about this still in six or twelve months.
But i do think more clarity is required by OEMs as to what they will and wont be required to do and what is or isn't updated personally, hopefully that comes with time.


----------



## Bill_Bright (Jan 9, 2018)

theoneandonlymrk said:


> But i do think more clarity is required by OEMs as to what they will and wont be required to do and what is or isn't updated personally, hopefully that comes with time.


This fix will not be cheap. OEMs with deeper pockets will be better able to absorb the expense. So I suspect ASUS, Gigabyte, MSI and some of the other big name boards will be more supportive - especially if it only takes a BIOS firmware update. 

Lessor known brand owners may be out of look sooner. 

That said, not sure the OEMs will be "required" to do anything. 

More clarity all around is required. But in order to keep valuable information from the bad guys, it may not be that forthcoming. Like it or not, that is probably the best policy too.


----------



## Deleted member 163934 (Jan 9, 2018)

New Intel Microcode Update from Intel for Linux: https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File?v=t

Release notes don't say much as usual...


----------



## Vayra86 (Jan 9, 2018)

I have to side with @Bill_Bright here, I think the industry is doing a pretty good job at providing and fixing quality product, and a 'blame game' has no place here.

That being said, this is not purely a 'technical discussion' (lets be fair, there is little for us to figure out here), and it still is interesting to see how different companies react to this in different ways. It shows a certain company culture, and once you can discern that, you get a pretty solid feel for how companies are likely to act. I think @notb commenting on how AMD communicates to and within the industry is a very good example of that, and another really good example was the first press release Intel sent out where it explicitly mentioned other companies and made it a core piece of that text. Every company right now is completely out of their comfort zone, out of their 'managed PR'. We get to see things as they are from very close by right now. You just need to read between the lines.

The problem is mostly with the reader, not the writer. We all need to let go of the idea that every comment directed at whichever company automatically labels one as a fanboy. If we can do that, we can be a community of like-minded individuals that look at the industry and form opinion about it. And perhaps discover some things along the way.


----------



## Bill_Bright (Jan 9, 2018)

Vayra86 said:


> another really good example was the first press release Intel sent out where it explicitly mentioned other companies and made it a core piece of that text.


Not to drive this off on yet another OT tangent, I wonder how much of that first press release was dictated by company shysters... err... lawyers trying to mitigate liability issues? 

''_The first thing we do, let's kill all the lawyers_''. William Shakespeare, Henry VI, Part 1. 1591.


----------



## biffzinker (Jan 9, 2018)

thedukesd1 said:


> New Intel Microcode Update from Intel for Linux: https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File?v=t
> 
> Release notes don't say much as usual...


The microcode update provides hardware support for "branch target injection." Windows patch is showing this after I used the VMware driver. For whatever reason though Windows doesn't want to enable that part of the patch even if I force it by registry key.



Reverting to the November microcode update


----------



## Deleted member 163934 (Jan 9, 2018)

biffzinker said:


> The microcode update provides hardware support for "branch target injection." Windows patch is showing this after I used the VMware driver. For whatever reason though Windows doesn't want to enable that part of the patch even if I force it by registry key.
> View attachment 95713
> 
> Reverting to the November microcode update
> View attachment 95716



Same here.
I suspect that Windows is checking before the new microcode is loaded by vmware driver and because the check fails it doesn't enable it.
Microsoft might actually have to provide the microcode update via WU for older cpu because I doubt all mb manufacturer will release bios updates for mb that aren't sold for years. Some do but there are others that just don't really bother to update the bios even when there are obvious problems with it...


----------



## Flaky (Jan 11, 2018)

thedukesd1 said:


> I suspect that Windows is checking before the new microcode is loaded by vmware driver and because the check fails it doesn't enable it.


Yup, exactly. 
It's interesting why microsoft simply does not push new microcodes into the system. They had no problem previously doing that and _accidentally _hurting G3258 OC on cheap mobos  
Updating microcode should be also doable with some simple pre-os utility, that would just update the microcode - somehow similar to how diy egpu setup works.
It would be a much less invasive alternative to bios modding 

Anyway, updating microcode was easy. I also disabled ME - just because I can


----------



## RejZoR (Jan 11, 2018)

*Easy to use tool to check for Spectre/Meltdown vulnerability:*
https://www.ashampoo.com/en/usd/pin/1304/security-software/Ashampoo-Spectre-Meltdown-CPU-Checker

It's just odd that it's still showing AMD system as "Vulnerable" for Spectre. MS only distributed patches for Meltdown so far? The system also had BIOS updated which addresses this vulnerability (dated December 2017). CPU is AMD A9-9420 APU (Stoney Ridge).

*Use this command in PowerShell afterwards because Ashampoo for some dumb reason doesn't set it back after the test:*
Set-ExecutionPolicy -ExecutionPolicy Default -Scope CurrentUser


----------



## biffzinker (Jan 11, 2018)

*An Update on AMD Processor Security 1/11/2018*

The public disclosure on January 3rd that multiple research teams had discovered security issues related to how modern microprocessors handle speculative execution has brought to the forefront the constant vigilance needed to protect and secure data. These threats seek to circumvent the microprocessor architecture controls that preserve secure data.
At AMD, security is our top priority and we are continually working to ensure the safety of our users as new risks arise. As a part of that vigilance, I wanted to update the community on our actions to address the situation.

Google Project Zero (GPZ) Variant 1 (Bounds Check Bypass or Spectre) *is applicable to AMD processors. *
We believe this threat can be contained with an operating system (OS) patch and we have been working with OS providers to address this issue.
Microsoft is distributing patches for the majority of AMD systems now. We are working closely with them to correct an issue that paused the distribution of patches for some older AMD processors (AMD Opteron, Athlon and AMD Turion X2 Ultra families) earlier this week. We expect this issue to be corrected shortly and Microsoft should resume updates for these older processors by next week. For the latest details, please see Microsoft’s website.
Linux vendors are also rolling out patches across AMD products now.

GPZ Variant 2 (Branch Target Injection or Spectre) *is applicable to AMD processors. *
While we believe that AMD’s processor architectures make it difficult to exploit Variant 2, we continue to work closely with the industry on this threat.  We have defined additional steps through a combination of processor microcode updates and OS patches that we will make available to AMD customers and partners to further mitigate the threat.
AMD will make optional microcode updates available to our customers and partners for Ryzen and EPYC processors starting this week. We expect to make updates available for our previous generation products over the coming weeks. These software updates will be provided by system providers and OS vendors; please check with your supplier for the latest information on the available option for your configuration and requirements.
Linux vendors have begun to roll out OS patches for AMD systems, and we are working closely with Microsoft on the timing for distributing their patches. We are also engaging closely with the Linux community on development of “return trampoline” (Retpoline) software mitigations.

GPZ Variant 3 (Rogue Data Cache Load or Meltdown) *is not applicable to AMD processors. *
We believe AMD processors are not susceptible due to our use of privilege level protections within paging architecture and no mitigation is required.

There have also been questions about GPU architectures. AMD Radeon GPU architectures do not use speculative execution and thus are not susceptible to these threats.
We will provide further updates as appropriate on this site as AMD and the industry continue our collaborative work to develop mitigation solutions to protect users from these latest security threats.
Mark Papermaster,
Senior Vice President and Chief Technology Officer

*Source: *An Update on AMD Processor Security 1/11/2018



RejZoR said:


> It's just odd that it's still showing AMD system as "Vulnerable" for Spectre.


Probably because AMD's processors are vulnerable to Spectre going by their latest update they just posted.


Update from Intel on the performance impact of a patched system with Skylake up to Coffeelake if anyone missed yesterdays update.

*Jan. 10 Performance Data Results*

Today we are sharing data on several 6th, 7th and 8th Generation Intel® Core™ processor platforms using Windows* 10. We previously said that we expected our performance impact should not be significant for average computer users, and the data we are sharing today support that expectation on these platforms.

The performance impact of the mitigation on 8th generation platforms (Kaby Lake, Coffee Lake) with SSDs is small. Across a variety of workloads, including office productivity and media creation as represented in the SYSMark2014SE benchmark, the expected impact is less than 6 percent. In certain cases, some users may see a more noticeable impact. For instance, users who use web applications that involve complex JavaScript operations may see a somewhat higher impact (up to 10 percent based on our initial measurements). Workloads that are graphics-intensive like gaming or compute-intensive like financial analysis see minimal impact.

Our measurements of the impact on the 7th Gen Kaby Lake-H performance mobile platform are similar to the 8th generation platforms (approximately 7 percent on the SYSMark2014SE benchmark).

For the 6th generation Skylake-S platform, our measurements show the performance impact is slightly higher, but generally in line with the observations on 8th and 7th generation platforms (approximately 8 percent on the SYSMark2014SE benchmark). We have also measured performance on the same platform with Windows 7, a common configuration in the installed base, especially in office environments. The observed impact is small (approximately 6 percent on the SYSMark2014SE benchmark). Observed impact is even lower on systems with HDDs.

As we collect more information across the broad range of usages and Intel platforms, we will make it available. _Within the next week, we intend to offer a representative set of data for mobile and desktop platforms that were launched within the past five years._ For those Intel customers who are worried about performance impacts, you should know that we will work on creative solutions with our industry partners to reduce those performance impacts wherever possible.


*Source: *Intel Security Issue Update: Initial Performance Data Results for Client Systems


----------



## notb (Jan 11, 2018)

biffzinker said:


> GPZ Variant 3 (Rogue Data Cache Load or Meltdown) *is not applicable to AMD processors. *
> We believe AMD processors are not susceptible due to our use of privilege level protections within paging architecture and no mitigation is required.


It took them a week to go from "Zero AMD vulnerability due to AMD architecture differences." to "we believe we're not susceptible, because we've included countermeasures ".
Also, they still didn't show any sign they've actually analyzed the problem or replicated Project Zero's results. I'd expect an extensive publication by now - ARM and Intel gave them a week ago...

Seriously, this is not how you win enterprise clients. Even if the patches slow down Intel by 30% and don't touch AMD at all (unlikely), companies will just buy more Xeons...


----------



## Frag_Maniac (Jan 11, 2018)

Never mind AMD's response, what's their excuse for not knowing, or at least claiming to not know this was going to be a problem when designing the chips? How is it when this kind of thing comes out, only Intel gets accused of cleverly hiding the truth? AMD may make a lot of bone headed marketing decisions, but it's not like their design guys are total imbeciles. I'm sure they must have seen this vulnerability, especially since server farms and the cloud have been around so long. It's mostly those corporations that use them and their many customers that deserve at least an honest answer. Most of us mere individual PC users aren't going to be affected by it at all in comparison.

For the record, I'm not saying Intel doesn't have dirt on their hands, I'm saying *both* of them do. I look at this stuff with the same bad taste in my mouth I get from US politics lately. They both sling muck at each other, and feign innocence, while the customers are caught in the middle. This is also kind of like how bank derivatives got out of control. Many saw it as a potential financial crisis coming, but too many were just pretending it would iron itself out. There's a lot to be said for preventative maintenance when it comes to design time. I hope both sides have learned their lesson from this.


----------



## johnspack (Jan 11, 2018)

Yep,  here it comes,  let's see what it does to my vms.....  diddly squad so far,  whee!


----------



## biffzinker (Jan 12, 2018)

johnspack said:


> Yep,  here it comes,  let's see what it does to my vms.....  diddly squad so far,  whee!


Since your chip is Sandybridge maybe skip out on the microcode update for Spectre but patch for Meltdown? I'm considering going that direction myself.


----------



## fullinfusion (Jan 12, 2018)

Oh what to do, what to do!

Do I install M$ patch and my Board Bios? 

Seriously should I be worried or...


----------



## notb (Jan 12, 2018)

biffzinker said:


> Since your chip is Sandybridge maybe skip out on the microcode update for Spectre but patch for Meltdown? I'm considering going that direction myself.


Hmm... what exactly is the idea behind not installing patches for security issues?


----------



## R-T-B (Jan 12, 2018)

notb said:


> Hmm... what exactly is the idea behind not installing patches for security issues?



Is there a microcode update as far back as Sandy Bridge?


----------



## biffzinker (Jan 12, 2018)

notb said:


> Hmm... what exactly is the idea behind not installing patches for security issues?


Performance hit as result of the microcode update for Spectre since I'm on Haswell. If I had Skylake I wouldn't be bothered by the minor performance difference.


----------



## notb (Jan 12, 2018)

biffzinker said:


> Performance hit as result of the microcode update for Spectre since I'm on Haswell. If I had Skylake I wouldn't be bothered by the minor performance difference.


Do you log into your bank account from this PC? Because the way I see it, if you decide not to install the patch, you might as well just buy Skylake.


----------



## fullinfusion (Jan 12, 2018)

notb said:


> Do you log into your bank account from this PC? Because the way I see it, if you decide not to install the patch, you might as well just buy Skylake.


lol


----------



## OneMoar (Jan 12, 2018)

not gonna install this garbage patch

whole thing was blown way out of proportion the attack vector is complex hard to implement. and doesn't offer anymore data access then other attack vectors

if your system is compromised enough to where specter is a problem for data security then you are SOL, because you are already rootkitted and malwared to death by that point

security theater folks the odds of any attacker willing to bother with this method on the general populous are less then 0

ill probly write a ps script to allow people to opt out once all of the dust settles


----------



## cucker tarlson (Jan 12, 2018)

biffzinker said:


> Performance hit as result of the microcode update for Spectre since I'm on Haswell. If I had Skylake I wouldn't be bothered by the minor performance difference.


I suppose the difference on Haswell will be minor too, for the typical PC use that is.Let's wait for the tests before we jump to conclusions, shall we ?


----------



## OneMoar (Jan 12, 2018)

cucker tarlson said:


> I suppose the difference on Haswell will be minor too, for the typical PC use that is.Let's wait for the tests before we jump to conclusions, shall we ?


its 15-20% across the board
games video desktop stuff all of it
thats not minor thats HUGE


----------



## R0H1T (Jan 12, 2018)

Meltdown PoC by *Lipp, Schwarz, Gruss, Prescher, Haas, Mangard, Kocher, Genkin, Yarom, and Hamburg *- https://github.com/IAIK/meltdown


----------



## johnspack (Jan 12, 2018)

Seriously?  I showed the microcode update for my sandybridge under ubuntu RTB?  1650 is a sandybridge,  and it's available.  Maybe not under windows,  but who gives a fart.....


----------



## R-T-B (Jan 12, 2018)

johnspack said:


> Seriously?  I showed the microcode update for my sandybridge under ubuntu RTB?  1650 is a sandybridge,  and it's available.  Maybe not under windows,  but who gives a fart.....



It was a question, not a statement.  Thank you for answering.

How far do they go back I wonder?  Westmere?  Nehalem?


----------



## RejZoR (Jan 12, 2018)

RejZoR said:


> *Easy to use tool to check for Spectre/Meltdown vulnerability:*
> https://www.ashampoo.com/en/usd/pin/1304/security-software/Ashampoo-Spectre-Meltdown-CPU-Checker
> 
> It's just odd that it's still showing AMD system as "Vulnerable" for Spectre. MS only distributed patches for Meltdown so far? The system also had BIOS updated which addresses this vulnerability (dated December 2017). CPU is AMD A9-9420 APU (Stoney Ridge).
> ...



I'm re-quoting myself because the update to the post is quite important for those who used Ashampoo test tool.


----------



## fullinfusion (Jan 12, 2018)

OneMoar said:


> its 15-20% across the board
> games video desktop stuff all of it
> thats not minor thats HUGE


I did the M$ Maximus ix Code patch and mobo Bios update tonight, and so far I found no slow downs at all.. If anything I found out my 960 NVME drive is snappier then before but then again the bios said it has fixes to Samsung NVME drives...


----------



## cucker tarlson (Jan 12, 2018)

OneMoar said:


> its 15-20% across the board
> games video desktop stuff all of it
> thats not minor thats HUGE


haven't seen the tests, I thought there weren't any out there yet. could you provide the link please ?


----------



## EarthDog (Jan 12, 2018)

OneMoar said:


> its 15-20% across the board
> games video desktop stuff all of it
> thats not minor thats HUGE


There have been plenty of preliminary testing showing gaming wasn't affected. 

I would like to see some links too because some of what you list isn't showing slow downs. It intitles where there is hihgh I/O between disk and CPU, it could cause some  slowdowns, otherwise gaming is largely unaffected.


----------



## RejZoR (Jan 12, 2018)

I was seeing huge kernel usage times during Windows update and stuff so that's gonna be affected the most.


----------



## EarthDog (Jan 12, 2018)

AMD admits it is  vulnerable...update

https://www.amd.com/en/corporate/speculative-execution

Google Project Zero (GPZ) Variant 1 (Bounds Check Bypass or Spectre) is applicable to AMD processors.
GPZ Variant 2 (Branch Target Injection or Spectre) is applicable to AMD processors.
GPZ Variant 3 (Rogue Data Cache Load or Meltdown) is not applicable to AMD processors.


EDIT: Biff posted this already... Oops!


----------



## Peter Evans (Jan 12, 2018)

EarthDog said:


> There have been plenty of preliminary testing showing gaming wasn't affected.
> 
> I would like to see some links too because some of what you list isn't showing slow downs. It intitles where there is hihgh I/O between disk and CPU, it could cause some  slowdowns, otherwise gaming is largely unaffected.



This user *biffzinker* did some initial testing of ROTR in thread "*After these security flaws should i go with Intel 8700k or AMD R 1700?*", cant post direct link?
See #10 and expand, minimum frame-rates devastated!


----------



## EarthDog (Jan 12, 2018)

ZOMG devastated!!!!!!!!!!!!!

https://www.techspot.com/article/1556-meltdown-and-spectre-cpu-performance-windows/page2.html




> It in titles where there is high I/O between disk and CPU, it could cause some slowdowns, otherwise gaming is largely unaffected.


----------



## RejZoR (Jan 12, 2018)

EarthDog said:


> ZOMG devastated!!!!!!!!!!!!!
> 
> https://www.techspot.com/article/1556-meltdown-and-spectre-cpu-performance-windows/page2.html



Considering games are texture streaming heavy in current times, this can be an issue...


----------



## EarthDog (Jan 12, 2018)

Perhaps BOLD would help clarify things a bit. 



> It in titles where there is high I/O between disk and CPU, it could cause some slowdowns, otherwise gaming is *largely* unaffected.



We've literally seen what, one title, maybe two(?) that had more than 1-2% performance loss  (more than margin off error)??? I am all ears/eyes to be proven otherwise. Again, I am sure it will affect a couple of titles, but what we have seen so far, is very very few are showing anything more than a negligible difference. 


I honestly think if had not bailed on this thing very shortly after I came out, I would have nuked and melted people at this site (and likely my ability to ever post here again). I can see why I did that the more I post on the subject, LOL!


----------



## OneMoar (Jan 12, 2018)

EarthDog said:


> Perhaps BOLD would help clarify things a bit.
> 
> 
> 
> ...


they tested one cpu we all know that anything >skylake would have a ~%5 hit

its a different story on haswell tho, still waiting for microcode sources so I can patch my bios(windows level patch does not enable all the fixes) but even with just the windows update before they pulled i was seeing -100pt in firestrike


----------



## RejZoR (Jan 12, 2018)

I don't see any difference in Killing Floor 2 pre and post Meltdown update. Spectre thingie still waiting for it...


----------



## Ahhzz (Jan 12, 2018)

Meh, not patching.


----------



## IceScreamer (Jan 12, 2018)

Apparently Sandy plus Win7 perf drop is not negligible.
https://translate.googleusercontent...marks/&usg=ALkJrhi-Hx_uJfTyVbvqcxjEVJMeVi9pog


----------



## Bill_Bright (Jan 12, 2018)

Frag Maniac said:


> Never mind AMD's response, what's their excuse for not knowing, or at least claiming to not know this was going to be a problem when designing the chips? How is it when this kind of thing comes out, only Intel gets accused of cleverly hiding the truth?


When designing the chips? Nah! If they knew, they would not have kept designing newer chips with the flaws in them. 

I don't see where Intel is being blamed for "cleverly" or deceptively hiding the truth - except accusations by uninformed or biased haters. Exploitable bugs and flaws need to stay secret so the bad guys don't learn of them and release zero-day threats. 

Also, nobody, not Intel, not AMD, and not the security industry - no one knew exactly the extent or complexity of these flaws/bugs in the beginning. As further research was conducted, more information and clarifications came out. This is no different from major natural disasters, accidents, terrorist attacks, or battle in a war zone. There is always confusion, missing and misinformation in the beginning. 

The we (consumers have) is all the biased reporting and speculations. Let the dust settle them move on from there.


----------



## biffzinker (Jan 12, 2018)

Looks like I just missed the cut off for the microcode update. ASUS, Gigabyte, and MSI are or will be issuing BIOS updates starting with Intel 100/X99 PCH up to Z370/X299.

https://www.asus.com/News/V5urzYAT6myCC1o2

https://www.gigabyte.com/Press/News/1586

https://www.msi.com/news/detail/QBt...HcZnxQNrE3uwkiUor437JtN5UyEv_PKbKx1DpEUNxNA~~


----------



## cucker tarlson (Jan 14, 2018)

Seriously ? No bios update for Z97 ? Broadwell-c is a Q2 15 CPU, but too obsolete to include in the update ? Well, maybe they're gonna patch it eventually, not that I'm too concerned about those anyway since there's really nothing to steal on my PC. What a scam company though.


----------



## DimBo (Jan 22, 2018)

cucker tarlson said:


> Seriously ? No bios update for Z97 ? Broadwell-c is a Q2 15 CPU, but too obsolete to include in the update ? Well, maybe they're gonna patch it eventually, not that I'm too concerned about those anyway since there's really nothing to steal on my PC. What a scam company though.


I asked Gigabyte tech support whether they're going to release new BIOSes with updated CPU microcode for Z87 & Z97 motherboards or not. They answered that they'll provide updated BIOSes per user request and asked the exact model and revision of the motherboard I need an updated BIOS for.


----------



## Bill_Bright (Jan 22, 2018)

DimBo said:


> per user request


Wow. That seems highly inefficient. I wonder what that really means? I bet they will develop an update after they receive a certain number of requests per chipset/board. 

FTR - Gigabyte has a new BIOS update for the Z170 series boards, like the one I use in this computer, dated 2018/01/11. Once I finally remembered  I had disabled booting from USB, the update flashed with @bios with no problems. And I have not noticed any degradation in performance or any problems with fan noise or heat. 

There is no update for my secondary computer running with a Z77X chipset and i7 3770. Oh well.


----------



## cucker tarlson (Jan 22, 2018)

DimBo said:


> I asked Gigabyte tech support whether they're going to release new BIOSes with updated CPU microcode for Z87 & Z97 motherboards or not. They answered that they'll provide updated BIOSes per user request and asked the exact model and revision of the motherboard I need an updated BIOS for.


Weird.


----------



## Vya Domus (Jan 22, 2018)

Bill_Bright said:


> Also, nobody, not Intel, not AMD, and not the security industry - no one knew exactly the extent or complexity of these flaws/bugs in the beginning.



Intel clearly knew for quite some time. Why do you think the shitstorm hit them first ?


----------



## EarthDog (Jan 22, 2018)

They didnt both get hit at the same time with the release of that testing? I recall amd (prematurely) denying it affected their processors the same day...maybe that is why you feel it is different? I dont know... this is a hilarious shitstorm here i am proud to say i have mostly stayed out of.


----------



## RejZoR (Jan 22, 2018)

Makes you wonder, has no one at any point through the history stopped for a second and evaluated the speculative cache design or everyone just crossed their fingers and hoped no one would exploit it? I mean, they are the makers of the chips, surely they know how it works and what are the possibilities for exploitation. Or was that awesome performance gain just too sweet to lose it and they just did the fingers crossed thing?


----------



## Vya Domus (Jan 22, 2018)

EarthDog said:


> They didnt both get hit at the same time with the release of that testing?



"Meltdown like" vulnerabilities have been exposed on the Intel side throughout the year 2017. All I am saying is Intel did knew about all this without question and pretty much did nothing about it up until this was picked up by the media like crazy.

Not that I am blaming them , this is pretty much standard behavior for these companies in situations like these.


----------



## kruk (Jan 22, 2018)

Hehe, Intel kernel developers managed to p*ss of Linus Torvalds:

http://lkml.iu.edu/hypermail/linux/kernel/1801.2/04628.html



> As it is, the patches  are COMPLETE AND UTTER GARBAGE.
> 
> They do literally insane things. They do things that do not make
> sense. That makes all your arguments questionable and suspicious. The
> ...


----------



## EarthDog (Jan 22, 2018)

Vya Domus said:


> "Meltdown like" vulnerabilities have been exposed on the Intel side throughout the year 2017. All I am saying is Intel did knew about all this without question and pretty much did nothing about it up until this was picked up by the media like crazy.
> 
> Not that I am blaming them , this is pretty much standard behavior for these companies in situations like these.


What's worse... knowing about it and not doing anything about it, or not knowing about it and denying it affects 'us'? (don't answer... this is in jest).

Either way, its a hilarious situation on many fronts from all sides. Lots of mountains, when in reality, its mole hills for most any user on here. The vocal should be the cloud providers, not a bunch of people it really doesn't affect. 




I'd wish Linus would stop complaining and explain what a better fix would actually be or why they are implementing like that. I deal with tantrums like this from my 10 y.o. I don't expect to see it out of an educated professional.


----------



## Bill_Bright (Jan 22, 2018)

Vya Domus said:


> Bill_Bright said:
> 
> 
> > Also, nobody, not Intel, not AMD, and not the security industry - no one knew exactly the extent or complexity of these flaws/bugs in the beginning.
> ...


 I said, "_in the beginning_". You even quoted it! 

And the storm hit from 2 groups of people for 2 different reasons, one legitimate the other totally ridiculous. 

The first storm hit because of the shear size and impact of the problem. That was totally legimate. What was rediculous was the second storm created by haters and wannabe journalists creating all the FUD with their wild speculations and outright falsehoods. 

OF COURSE Intel and others knew about it before the news hit the fan. If you have a security vulnerability, you don't go advertising it to the world before you have a fix for it. But sadly, the haters and wannabes (and their blind followers) are too naive, stupid, or ignorant (or all 3) to understand that. 

This is not a problem Intel has been sitting on for over a decade with their fingers crossed hoping nobody would notice. The problem is, nobody, not even Intel, noticed it until recently - including the big and very resourceful "whitehat" security firms Intel, AMD, Microsoft and others hire to find such bugs. We are just fortunate the bad guys did not find it first.


----------



## DimBo (Jan 24, 2018)

The last answer from Gigabyte support (quoted text is translated from Russain to English by me, so don't be surprised if it contains errors):


> The request for BIOSes with fixes for Intel SA-00086 & SA-00088 vulnerabilities was sent to our engineers. Because our BIOS team is under a high workload now, it'll take some time to make these customizations. We'll send you the BIOSes as soon as they'll be ready.


Judging by the answer they indeed are going to send BIOSes per request instead of publishing them, which is strange. I also expected that they'll warn me about the current "anti-spectre" CPU microcode for Haswell and Broadwell being unstable (it is known to cause BSODs and spontaneous shutdowns), just in case I don't know about it, but they didn't. Well, the fact that they're supporting 4-5 years old hardware is a good thing anyway.  At least they didn't tell me to GTFO and buy a new CPU


----------



## Vya Domus (Jan 24, 2018)

Bill_Bright said:


> OF COURSE Intel and others knew about it before the news hit the fan.





Bill_Bright said:


> The problem is, nobody, not even Intel, noticed it until recently



The thing is they knew for a pretty _*damn long time*_ :

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754

This was filed back in Feburary 2017. I legit do not believe they were struggling the find a fix ever since.  The patch is not something you would have worked on for an entire year , it is clear to everyone that it was something put together in a very short time when the media reports exploded.

The only conclusion I can make is that they knew for a very long time and they simply *did not care about it at all*. That's all there is to it , and again I do not expect anything better from all of these manufacturers , not just Intel.

I don't know why you are struggling to defend Intel and blame everything on shitty journalism and FUD , that doesn't pardon the obvious lack of response Intel had on this issue. Yes , the articles written were absolute garbage and it was indeed full of FUD but what else did you expect from them ?


----------



## londiste (Jan 24, 2018)

RejZoR said:


> Makes you wonder, has no one at any point through the history stopped for a second and evaluated the speculative cache design or everyone just crossed their fingers and hoped no one would exploit it? I mean, they are the makers of the chips, surely they know how it works and what are the possibilities for exploitation. Or was that awesome performance gain just too sweet to lose it and they just did the fingers crossed thing?


They did. A lot of people have worked on this problem and the Meltdown/Spectre discoveries were not found from scratch, a lot of previous research has been done and has been used in this.
- The theoretical vulnerability was known and warned about from the start of speculative execution being implemented in CPUs (early nineties or even earlier). Specific concerns about Intel's predictor were aired around 2012-2013. In 2016 it was found/shown that speculative execution really does load data it should not (but no method to retrieve it was found).
- Add to it the various necessary know-how. A lot of prerequisites for the work came from both published information as well as couple/several years worth of research on Intel's branch predictors (specifically Haswell but it has probably been pretty much the same in this regard at least since Sandy Bridge if not earlier). Flush+Reload was found in 2013.
There were other bits in there but I do not remember all I have read about this clearly enough. I may be off by a year here or there but this is the gist of it.



Vya Domus said:


> Bill_Bright said:
> 
> 
> > Also, nobody, not Intel, not AMD, and not the security industry - no one knew exactly the extent or complexity of these flaws/bugs in the beginning.
> ...


Depends on what we look at as the beginning. Specifically Meltdown and Spectre were found in June 2017 and reported to the industry. The half-year embargo on details is not unexpected, it gave time to everyone involved/affected to align their affairs. Details were supposed to be published somewhere in the second half of January but rapid feverish changes being pushed into Linux kernel obviously caused a lot of alerts to go off.

Intel deservedly got the shitstorm first because Meltdown is stupid


----------



## Bill_Bright (Jan 24, 2018)

DimBo said:


> udging by the answer they indeed are going to send BIOSes per request instead of publishing them, which is strange. I


I don't think it is strange. It makes sense to me - from a business decision. Gigabyte is a hardware maker. No doubt their programming staff is not very big. So their limited resources must be concentrated on those Gigabytes platforms that are currently in design, development or in production stages. It would be bad business to sell brand new products that are flawed leaving the factory.


> The thing is they knew for a pretty _*damn long time*_ :
> 
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754
> 
> This was filed back in Feburary 2017. I legit do not believe they were struggling the find a fix ever since.  The patch is not something you would have worked on for an entire year , it is clear to everyone that it was something put together in a very short time when the media reports exploded.


I don't think you appreciate the complexity of the task.

It is not like calling up the source code, edit a couple lines, compile and save the code and be good to go.

And re-tooling a high-tech processor manufacturing plant is a major, extremely complex process too.

Plus it is not just CPU makers involved but countless partners and  competing OEMs who all must make a coordinated effort to develop, test and distribute fixes.

I am not blaming everything on bad journalism and FUD. But I sure am blaming bad journalism and their FUD for exaggerating the threat and stirring up and creating unrealistic expectations in people who don't really understand or appreciate the problem, or how to correct it.

It seems you and your fellow believers are just mad because you and the public were not made aware of this issue sooner. Well, anyone who's worked in security for any length of time knows and appreciates there are many things the public (which includes the badguys) does not need to know about. But that does not mean there are not many dedicated people working behind the scenes to protect us. That is exactly why Intel, AMD, Google Microsoft and others all agreed to keep the details under wraps.

But that does not mean I don't put any blame on Intel as you also seem to believe.  The flaw is in Intel chips. Chips they designed and manufactured. That's on them. And their PR department (probably with the help of their shyster... err... I mean legal department)  blew it by downplaying the problem when it first went public.

But the fact remains related flaws are found in competing processors too. Intel did not force those flaws on AMD or ARM processors. But as is typical, the one with the deepest pockets gets the most wrath. That, and the unrealistic expectations and blown out of proportion threats are what I am defending against.

Apple has indicated that all iPhones, iPads and modern Mac devices are affected by Meltdown. Where's the wrath against them?

Is the threat serious? Of course. I have never denied that. But is it unlikely any of us reading this thread has, or ever will be compromised by a badguy exploiting it.


----------



## EarthDog (Jan 24, 2018)

Bill_Bright said:


> I don't think it is strange. It makes sense to me - from a business decision. Gigabyte is a hardware maker. No doubt their programming staff is not very big. So their limited resources must be concentrated on those Gigabytes platforms that are currently in design, development or in production stages. It would be bad business to sell brand new products that are flawed leaving the factory.


Interesting take. Its not like they have to apply the BIOS to 10s of thousands of people. They have to develop a few dozen. Though their staffs are small, I am certain in no time flat someone would have requested a BIOS for each board they made which is affected. So why not dedicate resources up front to tackle them all and mass distribute?  

To answer that, I would think that customer service would get bombarded, so perhaps that is actually why and has nothing to do with BIOS staff.


----------



## trickson (Jan 24, 2018)

natr0n said:


> I bet users are having panic attacks now at that performance loss.
> 
> Almost like getting your e-wiener reduced.


AMD Ryzen FTW!!! 
So there saying this affects speed and performance and security? WOW! Sounds like Intel has some E-peens to fix... LOL.


----------



## Zyll Goliat (Jan 24, 2018)

Intel Recommends Users Don't Install Meltdown and Spectre Fixes Due to Random Reboots?
Links:
http://www.game-debate.com/news/244...tdown-and-spectre-fixes-due-to-random-reboots

https://www.computerworld.com/artic...-not-install-its-meltdown-firmware-fixes.html

https://www.wired.com/story/meltdown-and-spectre-patches-take-toll/


----------



## trickson (Jan 24, 2018)

Zyll Goliath said:


> Intel Recommends Users Don't Install Meltdown and Spectre Fixes Due to Random Reboots?
> Links:
> http://www.game-debate.com/news/244...tdown-and-spectre-fixes-due-to-random-reboots
> 
> ...


I recommend everyone dumping Intel if that is the case! I mean so what Intel has been doing knowingly is sell consumers defective chips that do not work accordingly to the spec's? That is if able to be prove maybe false advertising misleading the consumer? This is NOT good for Intel!


----------



## biffzinker (Jan 24, 2018)

The Microsoft patch that encompasses Meltdown mitigation plus Spectre with the microcode update from Intel isn't causing any issues unless you had a old AMD K8 CPU (later fixed.) 

The microcode update from Intel is causing sporadic reboots on Haswell/Broadwell, and possibly later Skylake/Kabylake.


----------



## Zyll Goliat (Jan 24, 2018)

trickson said:


> I recommend everyone dumping Intel if that is the case! I mean so what Intel has been doing knowingly is sell consumers defective chips that do not work accordingly to the spec's? That is if able to be prove maybe false advertising misleading the consumer? This is NOT good for Intel!


Well Intel is just more vulnerable then AMD but basically almost all todays CPU´s are affected.....either way it´s not bad for"them"when you really think about it,listen this happened now when we reach the peak of the Ghz speed maybe they believe that it´s time now to slow down this "older"CPU architecture a bit and then they can produce and sell the new CPU architecture that are not affected with this malfunction at all......thats just my"conspiratorial"2 cents.....


----------



## Bill_Bright (Jan 24, 2018)

EarthDog said:


> So why not dedicate resources up front to tackle them all and mass distribute?


Because for legacy (no longer in production) boards, they get $0.00 returns on those investments. It is not just about developing the updated code. It has to be thoroughly tested with most if not all supported CPUs for that chipset/BIOS. I suspect many of those are boards and CPUs (and compatible RAM) they no longer have laying around. 

You say a "few dozen", it is a lot more than that. I note Gigabyte alone has boards with 24 different CPU sockets! And some of those sockets support more than a dozen different chipsets. And many of those chipsets are used with many boards (dozens and dozens!) they have produced. 

I mean it looks like Gigabyte currently shows 134 boards for the 1155 socket alone!   That's more than a few dozen already. The 1150 has almost as many and the 1150 has 143! And the 775 socket has 195! That's 600 boards just for those 4 sockets. 

So its a big undertaking that really cuts directly into their bottom line with zero chance of recouping even a penny for those efforts.


----------



## biffzinker (Jan 24, 2018)

Bill_Bright said:


> I mean it looks like Gigabyte currently shows 134 boards for the 1155 socket alone!  That's more than a few dozen already. The 1150 has almost as many and the 1150 has 143! And the 775 socket has 195!That's 600 boards just for those 4 sockets.


If the major motherboard brands didn't have so many variations of the same chipset/socket but instead had been more sensible with their product catalog for past/future boards it wouldn't of been such a huge time sink issuing firmware updates.


----------



## Bill_Bright (Jan 24, 2018)

biffzinker said:


> If the major motherboard brands didn't have so many variations of the same chipset/socket but instead had been more sensible with their product catalog for past/future boards it wouldn't of been such a huge time sink issuing firmware updates.


I agree but they would not make so many models and variations of models if us consumers didn't demand them.


----------



## TheoneandonlyMrK (Jan 24, 2018)

Bill_Bright said:


> I don't think it is strange. It makes sense to me - from a business decision. Gigabyte is a hardware maker. No doubt their programming staff is not very big. So their limited resources must be concentrated on those Gigabytes platforms that are currently in design, development or in production stages. It would be bad business to sell brand new products that are flawed leaving the factory.
> I don't think you appreciate the complexity of the task.
> 
> It is not like calling up the source code, edit a couple lines, compile and save the code and be good to go.
> ...



Its not a flaw ,its a f^ck$p in forward thinking yes but not a flaw ,it works just as intended , and despite being knowledgable you seam to keep getting the details wrong NO EXPLOIT HAS BEEN SHOWN  on AMD systems its just a *potential* attack vector they accepted they are vulnerable to thats a big difference, significantly many flaws have been exposed and demonstrated on intel hardware directly relating to their ass hat workings and spectre /meltdown and the follow up patching they have done.

also you keep saying this is overblown way WAY before its ended , like it cant get worse from here, dreamy.


----------



## NdMk2o1o (Jan 24, 2018)

Is this "fix" still being pushed out by Windows update? or has it been withdrawn now due to rebootGate?


----------



## lexluthermiester (Jan 24, 2018)

NdMk2o1o said:


> Is this "fix" still being pushed out by Windows update? or has it been withdrawn now due to rebootGate?


AFAIK, the Spectre patches are causing the reboots and BSOD's. The Meltdown patch seems to work fine.


----------



## biffzinker (Jan 24, 2018)

NdMk2o1o said:


> Is this "fix" still being pushed out by Windows update? or has it been withdrawn now due to rebootGate?


Microsoft's patch isn't the issue. The microcode update from Intel the motherboard brands have been including in BIOS updates for Spectre is causing the reboot issue. 

https://www.techpowerup.com/forums/...t-reboot-issues-post-security-patches.240905/


----------



## TheoneandonlyMrK (Jan 24, 2018)

biffzinker said:


> Microsoft's patch isn't the issue. The microcode update from Intel the motherboard brands have been including in BIOS updates for Spectre is causing the reboot issue.
> 
> https://www.techpowerup.com/forums/...t-reboot-issues-post-security-patches.240905/


Id accept that if I had not fixed three pcs for no boot after patching , there's unreported issues im sure too , my own pc has had a few hangs it did not have pre patch, and in general is not the same, odd lagy moments etc and start menu becoming as responsive as me 8am Monday's.


----------



## lexluthermiester (Jan 24, 2018)

theoneandonlymrk said:


> Id accept that if I had not fixed three pcs for no boot after patching , there's unreported issues im sure too , my own pc has had a few hangs it did not have pre patch, and in general is not the same, odd lagy moments etc and start menu becoming as responsive as me 8am Monday's.


I'll be honest, haven't patched my main systems. Only tested on one and then reverted it back after reading about the problems. The reasons for this is that no one is in possession of the full effects of these vulnerabilities. They are seemingly so difficult to exploit that the chances of a successful go are very remote. Even success with Meltdown is dubious at best. Anyone with a good computing ethic and secure-minded methodologies is not going to be a viable target for attackers anyway.


----------



## johnspack (Jan 25, 2018)

Slowly pushing it to linux:


----------



## londiste (Jan 25, 2018)

theoneandonlymrk said:


> Its not a flaw ,its a f^ck$p in forward thinking yes but not a flaw ,it works just as intended , and despite being knowledgable you seam to keep getting the details wrong NO EXPLOIT HAS BEEN SHOWN  on AMD systems its just a *potential* attack vector they accepted they are vulnerable to thats a big difference, significantly many flaws have been exposed and demonstrated on intel hardware directly relating to their ass hat workings and spectre /meltdown and the follow up patching they have done.


I do not know about that second part.
From Spectre paper: https://spectreattack.com/spectre.pdf


> Experiments were performed on multiple x86 processor architectures,  including  Intel  Ivy  Bridge  (i7-3630QM), Intel  Haswell  (i7-4650U),  Intel  Skylake  (unspecified Xeon on Google Cloud), and AMD Ryzen.  The Spectre vulnerability was observed on all of these CPUs


----------



## TheoneandonlyMrK (Jan 25, 2018)

londiste said:


> I do not know about that second part.
> From Spectre paper: https://spectreattack.com/spectre.pdf


How's about you read your pdf , it confirmed what I said Amd are deamed susceptible but HAVE NOT had it shown as presently doable unlike intel.


----------



## _JP_ (Jan 25, 2018)

Bill_Bright said:


> So its a big undertaking that really cuts directly into their bottom line with zero chance of recouping even a penny for those efforts.


This is a kudos before profit moment for manufacturers.
It is their responsibility and moral obligation to do so. Investment recoup should not be a consideration as much as market share loss due to bad behaviour on support for their consumers.
However I agree, spanning 600-odd boards for gigabyte alone is indeed a big undertaking...ASUS, I think, has even more


----------



## Bill_Bright (Jan 25, 2018)

_JP_ said:


> It is their responsibility and moral obligation to do so. Investment recoup should not be a consideration as much as market share loss due to bad behaviour on support for their consumers.


I agree and I note they are addressing the issue. They are not shirking their obligations here. I note they (Gigabyte) already released a BIOS update for my Z170 board 2 weeks ago. And that board has been out of production for nearly 2 years.

That said, not sure holding the motherboard makers responsible for a fault, flaw, bug, mistake (or whatever you want to call it  ) they did not create is fair. But I applaud them for stepping up to help correct the problem.



theoneandonlymrk said:


> you seam to keep getting the details wrong
> also you keep saying this is overblown way WAY before its ended , like it cant get worse from here, dreamy.


It is way overblown and your comment just illustrated that! 

And it is you who keep getting the details wrong as it is apparent you don't know the difference between an "exploit" and a "vulnerability". Exploits attack or take advantage of vulnerabilities. Vulnerabilities are flaws, bugs, intentional openings, weaknesses (or whatever you wish to call them) that have the potential to be exploited. And I will say it again, there is no evidence any of these vulnerabilities have been exploited out in the real world.

Therefore, it is people like you, theoneandolymrk, who are blowing this WAY out of proportion with your false claims "_it can't get worse from here_". It can get much worse if the bad guys learn how to "exploit" this vulnerability and create the necessary malicious code and distribution method to deliver it. But again, that has not happened so please stop with your FUD!


----------



## trickson (Jan 25, 2018)

Bill_Bright said:


> I agree and I note they are addressing the issue. They are not shirking their obligations here. I note they (Gigabyte) already released a BIOS update for my Z170 board 2 weeks ago. And that board has been out of production for nearly 2 years.
> 
> That said, not sure holding the motherboard makers responsible for a fault, flaw, bug, mistake (or whatever you want to call it  ) they did not create is fair. But I applaud them for stepping up to help correct the problem.
> 
> ...



I am going to agree with you here.
One thing is fact, No one has been affected by this vulnerability or bug. Till then as long as AMD and Intel know about it and are on top of it with BIOS fixes and the such then this is all totally blown out of proportion.
More than likely a PR stunt or a need to generate some News in the Tech industry and turn the focus off the rising RAM and Video card prices due to product manipulation by the big Chip makers!
This is NON-Sequitur, moot, nothing burger. SQUAT!


----------



## Bill_Bright (Jan 25, 2018)

trickson said:


> More than likely a PR stunt or a need to generate some News in the Tech industry


It's a PR stunt and a desire to attract attention for the wannabe journalists trying to get noticed, and for the lemmings who just parrot what they read. That's how falsehoods and exaggerations go "viral".

It is also opportunistic bashings by haters - people who just love to throw shade on others and blow issues WAY out of proportion to make others look bad and themselves good. 



> turn the focus off the rising RAM and Video card prices


Neither Intel or AMD make RAM so I don't believe it has anything to do with that. And AMD makes graphics cards, so that would just be drawing attention back on themselves.


----------



## TheoneandonlyMrK (Jan 25, 2018)

Bill_Bright said:


> It's a PR stunt and a desire to attract attention for the wannabe journalists trying to get noticed, and for the lemmings who just parrot what they read. That's how falsehoods and exaggerations go "viral".
> 
> It is also opportunistic bashings by haters - people who just love to throw shade on others and blow issues WAY out of proportion to make others look bad and themselves good.
> 
> ...


You two might not have been affected but I actually have, as i said three fixed pcs since meltdown and Spectre.
One new laptop bought to replace non booter that i know of(my bro is admittedly an ass ,i told him so too).
If the shit didn't need patching because we're all safe then why are all these companies Even bothering.

Cut out the labeling we are not all as asured as you by intels meanderings on the topic sorry but given the botched patching debarkle that followed some have earned the right in lost hours, to say what they feel.

If intel could sit on a flaw knowingly for month's legitimately and reasonably not saying anything , then wtf do you suppose is the timeline for the likes of russia ,china gchq and your Nsa to own up to using said exploits, the Nsa shelves were getting bare after being raided, who knows, sure as shit not you.

Note I didn't start this thread or the drama so stop with the singling out but whatever trevor.

Im no hater and im not the one gaurding this thread and taking on all Comer's big or small soley on intels side regardless but then I've no share's to protect eh.

@trickson I heartily dissagree with your slant on the matter but i remember you well enough to just leave it at that.


----------



## Bill_Bright (Jan 25, 2018)

So let me get this straight. You are claiming that you have already fixed 3 PCs that somehow, a hacker was able get past all security on those systems, install heretofore unknown malicious code needed to exploit those vulnerabilities on those computers without being detected, then exploit those vulnerabilities and run-off with the data, again without being detected? Is that really what you are claiming?

If that is what you are claiming, then it would appear you are the first in the world and you need to write a paper and become rich and famous.

While meltdown is relatively easy for "a hacker" to exploit, the hacker must still have some how gained access to the machine. How was that possible since Windows, all the major browsers and most antimalware solutions released patches almost immediately, if not before!

Spectre, on the other hand, affects more systems, but is extremely hard to execute and requires an extensive level of knowledge about the target processor. And again, requires the hacker to first gain access to the system to execute his malicious javascript code.


theoneandonlymrk said:


> If the shit didn't need patching because we're all safe then why are all these companies Even bothering.


See this is more of the FUD. Nobody said they didn't need patching or that we're all safe. This is you twisting things around. 

****

For everybody else, Steve Gibson released a nice little program called InSpectre to see if your computer is safe from these threats.


----------



## TheoneandonlyMrK (Jan 25, 2018)

Bill_Bright said:


> So let me get this straight. You are claiming that you have already fixed 3 PCs that somehow, a hacker was able get past all security on those systems, install heretofore unknown malicious code needed to exploit those vulnerabilities on those computers without being detected, then exploit those vulnerabilities and run-off with the data, again without being detected? Is that really what you are claiming?
> 
> If that is what you are claiming, then it would appear you are the first in the world and you need to write a paper and become rich and famous.
> 
> ...


Not at alll.

Unknown glitches while updating or updated windows 10 , and two were Amd systems hence why im not heavily blaming intel, but im not polishing their ass either.

The affected are on mass already due to the random reboot bs , that's without any direct use on any system if the exploits.

That's already ,despite your heady nonsense, now if they get addapted ,worked on and weaponised.

Which im fairly certain a few are going to be trying to do ie find the loophole in retpoline or some mad deviant of the original issues.

Your move mr calm , hype those comments like you have my others i might yet get famous.
You have misunderstood my meaning a few times so far but understand this, im not hyping it , the vulnerability is none existent at the minute I fully agree ,im not agrieved either, it is what it is.
But I think the total handling of it by All concerned was very poor , worse offenders being intel And Microsoft, though Amd didnt shine either they have done more then apple and arm to quell fears and issues but nonetheless no-one handled it well.


----------



## Bill_Bright (Jan 26, 2018)

theoneandonlymrk said:


> Not at alll.
> 
> Unknown glitches while updating or updated windows 10 , and two were Amd systems hence why im not heavily blaming intel, but im not polishing their ass either.



So in the end, now you are saying these 3 computers were NOT exploited through the Meltdown or Spectre vulnerabilities even though you just said in your previous post #367 above,


theoneandonlymrk said:


> You two might not have been affected but I actually have


So the truth is, the problems with these three machines is there were "unknown issues" caused [maybe] by a Windows Update, and not the CPU vulnerabilities as you tried to make us believe they were.  

So in other words, more FUD, falsehoods, overblown and exaggerated claims, and unwarranted opportunistic bashings. 

You were blaming Intel when in reality it was a Microsoft patch and 2 of the machines were AMD. And no you weren't polishing their a$$, instead you were trying to tarnish it further with false claims!    I remind you that you also accused us claiming no patches were needed because we're all safe - clearly not true. And you claimed the problem can't get any worse when in fact, it could have been much worse. The bad guys could have found the problem first and released a zero-day exploit before the white-hats, Intel, AMD, motherboard makers, or Microsoft were even aware a problem existed. But again, that did not happen. 

Common sense needs to return back to this tread now.

Are the "vulnerabilities" serious? Yes! Very serious!
But have they been "exploited"? There is no evidence they have.
Are they easy to exploit? NO! While Meltdown is easier than Spectre, a badguy will have to gain access with his malicious code to the system first - not an easy task. And for the more serious Spectre, the bad guy would have to have extensive knowledge of the system, and specific targeted CPU, before able to glean any data.
Are there patches/fixes? Yes! And most have already been deployed. Operating systems have been updated. Browsers have been updated. Security programs have been updated. And many BIOS firmware updates have been made available.



theoneandonlymrk said:


> im not hyping it , the vulnerability is none existent at the minute I fully agree ,im not agrieved either, it is what it is.
> But I think the total handling of it by All concerned was very poor , worse offenders being intel And Microsoft, though Amd didnt shine either they have done more then apple and arm to quell fears and issues but nonetheless no-one handled it well.


But you are hyping it and twisting it and exaggerating it. And the "vulnerabilities" DO exist right now! The CPUs have not be replaced. It is "exploits" that are nonexistent, as far as anyone knows at this point in time.

As far as how it is all being handled, I say stop trying to point fingers and place blame while the ship is still taking on water and listing! Help others get their systems updated. Wait for all the facts to come in, until "after-action" reports are done, and the "permanent" fixes are in place. Then go back and learn what was done right and what was done wrong and build an action plan for next time.

And PLEASE stop posting FUD and get back to the facts. And for everyone else, clearly you can't believe everything you read. Do your homework. Make sure your system and security are updated. And don't be "click-happy" on unsolicited links, downloads, attachments and popups - the exact same advise and recommendations for every day security precautions.


----------



## trickson (Jan 26, 2018)

theoneandonlymrk said:


> You two might not have been affected but I actually have, as i said three fixed pcs since meltdown and Spectre.
> One new laptop bought to replace non booter that i know of(my bro is admittedly an ass ,i told him so too).
> If the shit didn't need patching because we're all safe then why are all these companies Even bothering.
> 
> ...




SO wait YOU have been affected by this 2 times? WTF? Can you prove it? ( I'm not meaning to flame you ) 
If you have irrefutable evidence that your system was hacked or that your system fell victim to this "BUG" then you have a case. If this is just your going by what you seen and can't prove it then I have to question motives. 
So are you saying I am wrong? Okay then Prove it.  
I still think it is just pure trumped up tech news for PR. This bug has been in every CPU and EVERY system in the WORLD yet YOU are the only one hit the hardest? I have heard about this bug way back when it was called a bug! they ( AMD & Intel ) used to put out patches for the CPU's all the time it was never any big deal everyone would just install the patch all is good, even if you didn't patch it was still fine.

PROF! That is the key. Just having some test in a lab under lab and controlled condition to try to exploit the bug isn't prof either! 
REAL WORLD and REAL PROF is king! Just like the old adage goes :
SCREEN SHOT OR IT DIDN'T HAPPEN! 

And GO!


----------



## Bill_Bright (Jan 26, 2018)

trickson said:


> SO wait YOU have been affected by this 2 times? WTF?


Define what you mean by "this". Note he clarified and later said he got "_Unknown glitches while updating or updated windows 10_". While the updates may be to address the Meltdown and Spectre issues, that does not mean Meltdown or Spectre caused those "_unknown glitches_".


----------



## TheoneandonlyMrK (Jan 26, 2018)

It's like speaking to a wall, re read last post, in short

If there was no security issues.

There wouldn't be patches or updates.

Then these updates would not have f#£@ed three pcs i know of and had to fix.

I can't write that any simpler .


And ill get back to your bullshit later bill when i can quote what I choose.


Oh and sorry no screanies were taken when i fresh installed a sandy bridge pc ,or the others but wtf would you expect to see if something wont boot to Os and declares there's no bootable drive.


----------



## cadaveca (Jan 26, 2018)

You guys are hilarious. You're wasting your time with BIOS updates. There is no properly working BIOS updates yet.

I'll post what Intel said on Monday...:



> We ask that our industry partners focus efforts on testing early versions of the updated solution so we can accelerate its release. We expect to share more details on timing later this week.




It's now Friday, and no updates have come yet, so this microcode isn't ready yet. So anyone thinking they are flashing a BIOS that is going to fix this properly is mistaken.

https://newsroom.intel.com/news/roo...-updated-guidance-for-customers-and-partners/




> We recommend that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behavior.



Like, just... stop. Intel tells you "stop deployment", and ya'all are still thinking you got working BIOSes? Was that BIOS dated after the 22nd, and did that date of the Microcode show as being published just a couple of days earlier? If not, you just broke your system. 


Congrats.


----------



## Bill_Bright (Jan 26, 2018)

cadaveca said:


> It's now Friday, and no updates have come yet, so this microcode isn't ready yet. So anyone thinking they are flashing a BIOS that is going to fix this properly is mistaken.


I don't feel any BIOS patch will ever "fix" the problem because the problem is hard coded into the design of the processors. Patches may mitigate or even totally negate the vulnerabilities. But is a permanent patch a "fix"? I don't believe so in this case because it does not return everything back to "good as new"  - or preferably better than new.

Since it is impossible to recall and replace every Apple iPhone and iPad, every affected Intel and AMD processor, etc. the only way to fix this properly is to fix (rewrite)  the code going forward. That is, in newly designed/hard coded processors coming off the line.



theoneandonlymrk said:


> If there was no security issues.
> 
> There wouldn't be patches or updates.
> 
> ...


I am not and never have denied Intel deserves some culpability in this - in all of this. But it is not Intel's fault Microsoft rushed a poorly designed and inadequately tested patch out the door that broke some AMD machines! Yet that is exactly where you want to put all of the blame.  

I have also repeatedly said the problem is serious, even "_very serious_". It is just not the FUD or end of the world or "_can't get worse from here_" scenario as previous suggested.

I see no reason to discuss these side issues further. So I won't.


----------



## trickson (Jan 26, 2018)




----------



## cadaveca (Jan 26, 2018)

Bill_Bright said:


> I don't feel any BIOS patch will ever "fix" the problem because the problem is hard coded into the design of the processors. Patches may mitigate or even totally negate the vulnerabilities. But is a permanent patch a "fix"? I don't believe so in this case because it does not return everything back to "good as new"  - or preferably better than new.





It is completely possible for this to be patched by BIOS. See, there's this little buffer, and it allows data inside it to be truncticated so that it fits more data than it would be allowed to otherwise. This allows for partial bits of code to be maligned from what YOU want, and allows an attacker to force their data to be used instead of the legit data. The fix (and why AMD is less prone to the problem) is to ensure that the data in this buffer is NOT truncticated (which AMD does already).

Of course, if this data takes up more space in the buffer, it slows things down a bit since more data is processed, and not as many commands can be held within the buffer. Bingo! Performance loss.

Think of a game cheat (trainer) injecting it's own code into a game. Similar thing here. Game thinks it's data is it's own, processes it, but instead of 100 life, you've got 10000.


We're talking about 1's and 0's here, not magic.

So sure, you can say "but I lost performance", but in reality, you didn't. The CPU is still performing as it should, and is processing data in the same way, it's just that it has to process a bit more now.

Horrors!


This really isn't as big of an issue as it seems to be, honestly. Security-wise, sure, it's a problem. But this problem has existed for a long time, and just because nobody knew it was being exploited does not mean that it hasn't been... I mean, the way I see it, this is part of why any system, be it Intel, AMD, ARM, or whatever, and any processor, whether it be in your PC or your phone, or your TV could and can be hacked for decades. These things do and can exist, and so I find myself asking WHY this is being presented as such a large issue... maybe you should ask yourself the same too.


----------



## R-T-B (Jan 26, 2018)

I'm curious what is considered a "wannabe journalist" in this day and age...

I found most of the press coverage of the issue pretty accurate, considering how iffy the initial info was, anyhow.  We tend to be the spur that gets companies to act, bear in mind (the press in general, not just TPU).


----------



## EarthDog (Jan 26, 2018)

cadaveca said:


> so I find myself asking WHY this is being presented as such a large issue...


the media... and how the uninformed can easily be swayed by any media...


----------



## R-T-B (Jan 26, 2018)

Ok before I hop on the "let's hate the media" bandwagon...

would it be sacrilegious to ask what the pay is for a "wannabe journalist?"

I'm kidding, or so you should hope...


----------



## cadaveca (Jan 26, 2018)

R-T-B said:


> I'm curious what is considered a "wannabe journalist" in this day and age...



Doesn't exist.

"Blurred Lines".




Always look for allegory.



R-T-B said:


> I found most of the press coverage of the issue pretty accurate, considering how iffy the initial info was, anyhow.  We tend to be the spur that gets companies to act, bear in mind (the press in general, not just TPU).


I can't say I feel as you do, unfortunately.

But then, I'm outright crazy and maybe a bit paranoid. Being a parent does that to anyone .


You see, there is a reason, after all, that AMD and Intel are close-lipped about how these buffers actually work... Oh look, someone figures it out, and now we have a problem...


----------



## R-T-B (Jan 26, 2018)

cadaveca said:


> But then, I'm outright crazy and maybe a bit paranoid. Being a parent does that to anyone .



Thanks for the reminder to be cautious in my breeding habits.


----------



## jsfitz54 (Jan 26, 2018)

R-T-B said:


> Ok before I hop on the "let's hate the media" bandwagon...
> 
> would it be sacrilegious to ask what the pay is for a "wannabe journalist?"
> 
> I'm kidding, or so you should hope...



SIR, YES SIR, MAY I HAVE ANOTHER SIR!

We all need to be very quiet and take the Orwellian dystopia in the ass and be happy.
Intel is now your Mother and Father.  Intel will take care of you.
There's no reason to think for yourself, it's being done for you.
All hail Intel... and the 20 years of stock profit.

STOP THINKING ABOUT IT! Go to the feelies.


----------



## StrayKAT (Jan 26, 2018)

jsfitz54 said:


> SIR, YES SIR, MAY I HAVE ANOTHER SIR!
> 
> We all need to be very quiet and take the Orwellian dystopia in the ass and be happy.
> Intel is now your Mother and Father.  Intel will take care of you.
> ...



I'm concerned far more about services and software when it comes to dystopias. Intel is hardly a mother or father there. Just a chump player among many at this point. And they no longer have the clout to purposely piss off the likes of Google. This was just a mistake on their part.


----------



## Bill_Bright (Jan 26, 2018)

cadaveca said:


> This really isn't as big of an issue as it seems to be, honestly.


I agree.


R-T-B said:


> I'm curious what is considered a "wannabe journalist" in this day and age...


A journalist is supposed to report the facts. Not embellish them. A journalist should not create sensationalized headlines just to seek personal attention. 

A "wannabe journalist" is someone pretending to be a professional journalist. They are in it for personal attention and not for the purpose of informing the public of the unbiased truth.

The Journalist's Creed.


----------



## Frag_Maniac (Jan 26, 2018)

The fact is most journalist walk a fine line between fact and fiction just due to the greedy corporate types they work for. Ever since news became a business, it can't fully be trusted. You always have to read between the lines.


----------



## jsfitz54 (Jan 26, 2018)

StrayKAT said:


> This was just a mistake on their part.



Bend over, here's the 55 Gallon Big Boy Lube job.


----------



## StrayKAT (Jan 26, 2018)

jsfitz54 said:


> Bend over, here's the 55 Gallon Big Boy Lube job.View attachment 96421



I'm irrelevant. Their real customers are bigger than even Intel themselves... and they wouldn't purposely screw them all. It's just not good business in the longrun. You're living in the 90s if you think they're some all-powerful juggernaut. Might as well use words like "Wintel" too... as if that means anything anymore.


----------



## Zyll Goliat (Jan 26, 2018)

jsfitz54 said:


> SIR, YES SIR, MAY I HAVE ANOTHER SIR!
> 
> We all need to be very quiet and take the Orwellian dystopia in the ass and be happy.
> Intel is now your Mother and Father.  Intel will take care of you.
> ...


----------



## Bill_Bright (Jan 26, 2018)

Frag Maniac said:


> You always have to read between the lines.


Which really would not be hard if the different news outlets didn't put those lines wherever they wanted (or wherever their paying sponsors wanted them). This is especially true with politics - and I am NOT starting a political discussion here. I am just saying if the news outlet owners lean to the right, the news will be presented only (and typically extremely) from the right.  If the owners or sponsors lean to the left, the news will be presented only (and typically extremely) from the left. 

There is no meeting in the middle - no compromising.  It is all or nothing and who suffers? The 95% of us in the middle.


----------



## jsfitz54 (Jan 26, 2018)

Bill_Bright said:


> who suffers? The 95% of us in the middle.



When 2 elephants fight, the grass suffers.


----------



## Bill_Bright (Jan 26, 2018)

Same with 1 elephant and 1 donkey, I'm afraid.  But we are not talking politics.


----------



## StrayKAT (Jan 26, 2018)

That's one stubborn jackass to hold his own against an elephant.

Politics aside, I kind of felt like I got out of the Matrix after the 2016 election. I actually voted for Clinton, but after Trump won, it made me think how much lying had been going on in the media, when they kept saying how assured of victory she was.


----------



## jsfitz54 (Jan 26, 2018)

StrayKAT said:


> That's one stubborn jackass to hold his own against an elephant.
> 
> Politics aside, I kind of felt like I got out of the Matrix after the 2016 election. I actually voted for Clinton, but after Trump won, it made me think how much lying had been going on in the media, when they kept saying how assured of victory she was.



OH SHIT, the door is open for religion, sex and politics.
Let me get my fork and knife.

So a priest and a rabbi go.....


----------



## StrayKAT (Jan 26, 2018)

jsfitz54 said:


> OH SHIT, the door is open for religion, sex and politics.
> Let me get my fork and knife.



Hah.. I didn't mean it. As I said, I voted for Clinton.. but at the same time, I'm trying to criticize the media brainwash on my own "side", if you will. I'm trying to be indifferent and a-political about it as I can get. I see it for what it is.. and it really is like the Matrix for me. I can't ever go back and "not see" it anymore. I trust the news far less in all kinds of subjects now.

"Why oh why didn't I take the Blue Pill?"


----------



## sneekypeet (Jan 26, 2018)

Since the topic appears to have run its course and has turned into "let's talk about anything" I'm closing up shop.


----------

