lexluthermiesterYou'd think, but the reality is most companies and researchers do not release vulnerability findings like this to the pubic without giving those affected by it a chance to research it themselves. Just throwing out to the public willy-nilly would be an act of gross irresponsibility. So yes, companies like Microsoft, Apple, Google, Intel, AMD, Nvidia, etc., etc. will keep such info confidentual until they have time to solve the problem. Intel and the researchers were being responsible, not secretive or sneaky. Meltdown is effectively solved and that solution will be refined in the coming months. And this is why we have a fix for within days instead of weeks or months.

This.

You all have to keep in mind that if someone finds a leak in your CPU architecture, there is no realistic way to adjust that on a hardware design level anyway, any fix like that is one or two years ahead of us at best. The fact they found this in June, only months before CFLs release, is proof of that in itself. Yes, they knew it was in there, and yes, they were already testing and finding fixes for Meltdown back then. I think its safe to say that we won't see a hardware adjustment until Ice Lake, or beyond.

Communicating leaks before you have solutions is possibly much worse than announcing them days prior to a fix. The entire industry works with that premise, its really telling that people here think otherwise - its a clear sign you have no clue of how this industry functions. While not the best layer of security, Security by Obscurity still is a layer of defense, and it was utilized here.

On the other side of the fence, even AMD releases their CPUs with knowledge of Spectre's existence, and even after official announcements were to be found on Intel's website, AMD's website did not contain a SINGLE TRACE of Spectre's existence. This is a strategy, too, and it shows in everything AMD has put out regarding this issue: they want to silence the issue ASAP, they are making it 'small and inconsequential' if you read their PR. I'll leave it up to each individual to decide what's better...

The bottom line remains: both Intel and AMD had this knowledge around the same time, and the decision to keep this quiet until now has been a unanimous one across ALL related companies. Any alternative decision is much more damaging: to end users, to the industry, to the overall level of trust in every PC we use, and all of the data we handle.

Vayra86This is a strategy, too, and it shows in everything AMD has put out regarding this issue: they want to silence the issue ASAP, they are making it 'small and inconsequential' if you read their PR. I'll leave it up to each individual to decide what's better...

I don't think that's what AMD is doing at all. The public knows how serious this is. AMD knows they have nothing to add because, at this moment, there is no real solution for Spectre. Like everyone else, they're working the problem and they're not going to say anything until they have something to say.

There real thing with Meltdown and Spectre is this, there are no villains in this matter. Not one manufacturer in their right mind would engineer such a pervasive problem into their products. And the fact that Spectre affects every CPU in existence for the past 25+ years, regardless of architecture, is evidence enough that it was not foreseen and has caught everyone almost equally off-guard. Laying blame at anyone is a waste of time and effort because we'd have to blame everyone equally. Even old games systems like the Playstation and N64 are vulnerable. So let's all stop the blame game, focus on the details of the problems and solving it, shall we?

Because of the way these vulnerabilities work, they take advantage of a very useful set of functions within CPU's that help them work faster and more efficiently. Engineering that out of CPU's is going to take us back at least a decade, performance-wise, and even more than that for some forms of software. Instead, it might be better to find a way to isolate those functions from direct high-level software access, which would mitigate the problems without removing them.

lexluthermiesterI don't think that's what AMD is doing at all. The public knows how serious this is. AMD knows they have nothing to add because, at this moment, there is no real solution for Spectre. Like everyone else, they're working the problem and they're not going to say anything until they have something to say.

There real thing with Meltdown and Spectre is this, there are no villains in this matter. Not one manufacturer in their right mind would engineer such a pervasive problem into their products. And the fact that Spectre affects every CPU in existence for the past 25+ years, regardless of architecture, is evidence enough that it was not foreseen and has caught everyone almost equally off-guard. Laying blame at anyone is a waste of time and effort because we'd have to blame everyone equally. Even old games systems like the Playstation and N64 are vulnerable. So let's all stop the blame game, focus on the details of the problems and solving it, shall we?

Because of the way these vulnerabilities work, they take advantage of a very useful set of functions within CPU's that help them work faster and more efficiently. Engineering that out of CPU's is going to take us back at least a decade, performance-wise, and even more than that for some forms of software. Instead, it might be better to find a way to isolate those functions from direct high-level software access, which would mitigate the problems without removing them.

You're right, but its not a mistake to think there hasn't gone serious thought over what to publish or what not to publish / say. That, is strategy :)

I wonder for how long Government agencies and hackers alike have been exploiting bug on systems with INTEL's processors. Intel was aware of this bug well in advance when they released Skylake X and Coffee lake processors and yet they continue to market/sell these processors to consumers and business. It seems as if ethical and moral values hold no value in IT industry any longer. There goes resale value of anyone who purchased these processors.

Asus 1203

Vayra86You're right, but its not a mistake to think there hasn't gone serious thought over what to publish or what not to publish / say. That, is strategy :)

Agreed, they're being strategic, but not in any nefarious way.

lexluthermiesterAgreed, they're being strategic, but not in any nefarious way.

The only thing wrong is waiting until the last minute while others were already patching their cloud servers. Intel was sitting on their hands for the general public.

The NDA was over on the 9th and if it wasn't for an AMD linux patch leading to the general public disclosure of this. It would still be hush, hush. We wouldn't know how this would have played it out and how Intel would react or have treated it.

XzibitThe only thing wrong is waiting until the last minute while others were already patching their cloud servers. Intel was sitting on their hands for the general public.

The NDA was over on the 9th and if it wasn't for an AMD linux patch leading to the general public disclosure of this. It would still be hush, hush. We wouldn't know how this would have played it out and how Intel would react or have treated it.

Ok.

Microsoft's thoughts on the matter. Apparently the Specter mitigation puts a dent into performance aka Variant 2 which requires a microcode update (BIOS flash) . Techspot even has a benchmark on it.


In case anyone missed Microsoft's post :
cloudblogs.microsoft.com/microsoftsecure/2018/01/09/understanding-the-performance-impact-of-spectre-and-meltdown-mitigations-on-windows-systems/?ranMID=24542&ranEAID=nOD/rLJHOac&ranSiteID=nOD_rLJHOac-0BvaqQnfhAKWeHcm0ft.mA&tduid=(9a91604a36bf2e42a2f74b67007e4bbd)(256380)(2459594)(nOD_rLJHOac-0BvaqQnfhAKWeHcm0ft.mA)()


Techspot's benchmark:
www.techspot.com/article/1556-meltdown-and-spectre-cpu-performance-windows/

I NoIn case anyone missed Microsoft's post :
cloudblogs.microsoft.com/mi...459594)(nOD_rLJHOac-0BvaqQnfhAKWeHcm0ft.mA)()

This talked about it..

I NoTechspot's benchmark:
www.techspot.com/article/1556-meltdown-and-spectre-cpu-performance-windows/

This showed it. Kinda interesting.

The only set of benchmarks that stand out as anything more than "statistical margin of error" is the storage benchmarks. And based on the rumblings coming out of variously locations, those performance problems will likely have a fix soon.

And here I am like thousands of others, just an average user seemingly unaffected by Meltdown and Spectre
enjoying my new i7 8700k build.

I guess when I get hit in the head by a piece of falling sky, I'll know to panic. But until then...I think I'll go play some BF1.

hapkimanBut until then...I think I'll go play some BF1.

Go play some "Return to Castle Wolfenstein" ( www.gog.com/game/return_to_castle_wolfenstein ) with the Realisim HD pack ( www.moddb.com/mods/realrtcw-realism-mod ). Much better, if older, game play experience.