Wednesday, July 11th 2018

New "Spectre" Variant Hits Intel CPUs, Company Promises Quarterly Microcode Updates

A new variant of the "Spectre" CPU vulnerability was discovered affecting Intel processors, by security researchers Vladimir Kiriansky and Carl Waldspurger, who are eligible to bag a USD $100,000 bounty by Intel, inviting researchers to sniff out vulnerabilities from its processors. This discovery, chronicled under CVE-2018-3693, is among 12 new CVEs Intel will publish later this week. The company is also expected to announce quarterly CPU microcode updates to allay fears of its enterprise customers.

The new vulnerability, like most other "Spectre" variants, targets the speculative execution engine of the processor, in a bounds-check bypass store attack. A malicious program already running on the affected machine can alter function pointers and return addresses in the speculative execution engine, thereby redirecting the flow of data out of protected memory address-spaces, making it visible to malware. This data could be anything, including cryptographic keys, passwords, and other sensitive information, according to "The Register." Intel chronicled this vulnerability in section 2.2.1 of its revised speculative execution side-channel attacks whitepaper. You can also catch a more detailed whitepaper from the researchers themselves.
Source: The Register
Add your own comment

73 Comments on New "Spectre" Variant Hits Intel CPUs, Company Promises Quarterly Microcode Updates

#51
RichF
I stated a fact. If that upsets you it's not my problem. It is a fact that when someone begins their post with an attack on the person they're allegedly responding to they are showing off for their friends rather than responding substantively in good faith.

Stating facts as I have is not ad hominem. Your behavior in this topic has been unacceptable and continues to be. Whatever you think you are accomplishing here it is not worth the effort you're putting into it.
Posted on Reply
#52
GlacierNine
RichFI stated a fact. If that upsets you it's not my problem. It is a fact that when someone begins their post with an attack on the person they're allegedly responding to they are showing off for their friends rather than responding substantively in good faith.

Stating facts as I have is not ad hominem. Your behavior in this topic has been unacceptable and continues to be. Whatever you think you are accomplishing here it is not worth the effort you're putting into it.
Actually I think you'll find your points are subjective, so cannot be claimed to be fact. They can absolutely be your personal truth, but there is no objective standard here that would enable you to qualify your opinion on my attitude as being "factual".

Now with that said, please accept a cloying, sickly sweet and absolutely sincere apology for my conduct, if it means we can now proceed to discuss the actual substance of my post. In fact, as a show of goodwill, I will reproduce it here, as it is now on the previous page of the thread and I wouldn't want to inconvenience you with the extra clicks required to be able to respond to it appropriately.
GlacierNine1 - You can think that, but deadlines of several months are not in any way unusual, and since the vulnerabilities were quite severe and required a lot of work to fix, it's absolutely sensible to give companies a reasonable amount of time within which to work and release fixes. As shown in that link, if the fixes are not provided, the details are published anyway, and Intel weren't given special treatment over Microsoft, to whom that example link refers. (Project Zero's standard period is 90 days, the same as given to MS and Intel)

2 - Please, by all means, point to the drawbacks you are blindly asserting exist in relation to this process. The only one I can personally think of is that, if a company were intentionally avoiding releasing patches and thus went over the deadline before being forced to make a patch, then the exploit would be patched slightly later than it otherwise would have been. However, this argument doesn't stand up to scrutiny, as a vulnerability NOT disclosed to the wider public is at substantially less risk of being exploited, so the net effect on consumers only even *exists* if a bad actor has already discovered the same vulnerability independently and begun to exploit it. (In which case, the company is solely responsible for not patching an exploit that is being used "in the wild" as it were, in order to protect their users - they should be doing so regardless of any security disclosure.) In such instances, it is the company's fault if, having been informed of the vulnerability, they have not taken steps to patch it. Project Zero would not be accountable for the hubris of a company that did not heed clear warnings, and in instances where a bad actor is not actively exploiting a vulnerability, this practice allows the vulnerability to be patched in advance of any bad actor being given even the slightest clue that it exists.

That practice absolutely keeps users safer, as it often takes more time to fix a vulnerability, than it does to exploit it after being informed of it.

3 - This is simply whataboutery. If anything it simply bolsters my point - CTS had reason to believe that by publishing this information they could force a movement in the stock market - the same one they'd seen Intel's CEO profit from earlier. The mechanics of their short position were slightly different, but this was absolutely their intention. Sure, Intel's CEO did that, and it's wrong that he did so or was able to. But I don't recall ever arguing that he was in the right to do so? If my memory fails me then by all means, point to where I defended his actions re: stock trading.

The second half of this point is simply you attempting, once again, to state (without any evidence to support you) that the industry standard practice of privately disclosing vulnerabilities to be patched before making them public, is somehow inherently flawed. If you genuinely believe that, then once again, you are taking issue with an entire industry's standard practice - A practice CTS labs wilfully ignored despite claiming to have many years of experience, and then defended ignoring with the shamefully ignorant argument of "We didn't think it was possible to patch these vulnerabilities in the time allotted so we went public straight away" - As if somehow that argument doesn't INCREASE the amount of time a bad actor has to find out about and abuse the issues raised, ahead of a fix being provided.

4) This is a stupid argument to be making. This is not difficult - Vulnerabilities are typically easier and quicker to exploit than they are to fix. By not giving manufacturers a headstart on mitigation, you are giving bad actors an extended window within which to work to exploit the issues. On the other hand, a user cannot patch their OS or programs by themselves - if they had the knowledge they were running unsafe software, it wouldn't do them any practical good, because they cannot fix the problems themselves unless they are developers themselves, running OSS they are free to modify themselves, and even then, most wouldn't have the time or skill to fix these issues themselves. What you just provided isn't a counterargument - It's simply a contrary assertion, and one that is contradicted by the practices of the entire InfoSec industry, to boot.

5 - Actually, it is "The industry". All I had to do to find a heap of examples of this happening was search the term "discloses vulnerability".

That brought me to Symantec for example, who followed this practice when helping apple to patch undisclosed vulnerabilities in iOS 11 - www.eweek.com/security/symantec-discloses-apple-ios-trustjacking-risks-at-rsa-conference

Duo security even published a table of vendors who they informed and when they subsequently updated after being informed Note that this article was published on 27th Feb, but the companies in the table were mostly notified 24 Jan. - www.kb.cert.org/vuls/id/475445

Check Point Software Technologies disclosed a vulnerability to WhatsApp and Telegram on March 7th, both companies developed patches for the issue before it was made public on March 15th. The same article mentions that they disclosed, and whatsapp fixed, another security vulnerability in the same way in 2015. blog.checkpoint.com/2017/03/15/check-point-discloses-vulnerability-whatsapp-telegram/

In fact, one of the major criticisms of the NSA after it's tools were leaked online (leading to WannaCry for example), was that these bugs could have been patched BEFORE they were exploited, if the NSA hadn't attempted to hide the vulnerabilities and keep them secret, rather than informing vendors - thehill.com/policy/cybersecurity/333928-nsa-warned-microsoft-about-vulnerability-connected-to-wanna-cry-report
www.wired.com/story/eternalblue-leaked-nsa-spy-tool-hacked-world/
www.wired.com/2016/08/shadow-brokers-mess-happens-nsa-hoards-zero-days/




You can dress this up all you like - At the end of the day, this is established practice for a reason - The EternalBlue and Wannacry ransomware attacks show exactly what can happen if this practice is disregarded. CTS Labs should have known this if they were anywhere near as experienced or "benevolent" as you are attempting to make out. The fact they disregarded it is proof of either their incompetence, their malice, or their vested interest.
Posted on Reply
#53
rtwjunkie
PC Gaming Enthusiast
RichFI stated a fact. If that upsets you it's not my problem. It is a fact that when someone begins their post with an attack on the person they're allegedly responding to they are showing off for their friends rather than responding substantively in good faith.

Stating facts as I have is not ad hominem. Your behavior in this topic has been unacceptable and continues to be. Whatever you think you are accomplishing here it is not worth the effort you're putting into it.
As a spectator, I’m still trying to find these “facts” where he attacked you. Can you point me to them?
Posted on Reply
#54
GlacierNine
rtwjunkieAs a spectator, I’m still trying to find these “facts” where he attacked you. Can you point me to them?
I think he considers me calling his entire post bullshit, to be a form of personal attack.

That said, I'm really far more interested in discussing the actual topic, so please, I implore you, let's not get bogged down in these debates of what does and does not constitute ad hominem. I've already apologised for any offense I caused by referring to his post as a heap of bullshit - That includes any offense caused to him personally, and to any actual heaps of bullshit who don't wish to be unfairly tarred with the same brush, of course.

I really would like to just put this all behind us all as reasonable, astute individuals, and move on to discussing the points I made as rebuttals to the points Rich made.

Update btw - duo.com/labs/disclosure

This is Duo Lab's official disclosure policy.


Disclosure Timelines
  • Our default window of disclosure is 90 days from first contact attempt. This means we expect that the vulnerability being reported is dealt with and resolved within that window. We fully appreciate there will be corner cases and exceptions to this rule that may increase the timeframe beyond 90 days, but communication is key here in order for us to be able to properly assess the situation and the circumstances, which could cause the window to exceed 90 days.
  • In the event that a vendor does not respond within the first 30 days of attempted reporting, we will assume that no action will be taken. We will disclose the issue publicly and, where possible, include mitigation guidance.
  • Our 90-day window does not mean that we will sit on a fixed vulnerability for the duration. If the reported issue can be fixed and a fix can be released faster, we encourage this and will coordinate the disclosure with the fix date.
  • Once the 90-day clock runs out, we will notify the affected parties that the deadline is here and then begin planning the release of vulnerability details and mitigations or fixes. In most cases, this can be considered a small grace period to allow the affected party to coordinate with us as necessary. This grace period shall not exceed 14 days. Via email, we will share details on what we will be releasing and, if available, drafts of any content we are planning to publish.
What We Disclose
  • By default, we will not release what is known as a “weaponized” exploit. However, Duo may share relevant technical details with partners who are committed to using the information to help protect users.
  • We will release full details of the vulnerability and all the necessary technical details to properly illustrate the risk. This is typically achieved via a detailed white paper with an accompanying blog post that summarizes the paper.
  • Where appropriate, we may release videos or other media showing successful exploitation of the vulnerability.
  • Also where appropriate, we may release tools, scripts or other technical details that can help others identify similar or related vulnerabilities. An example of this might be a fuzzer we developed, or other tooling to automate testing.
  • Our releases will include a disclosure timeline that outlines our experience of working with the affected party during disclosure, along with the time spent resolving the issue.
  • If disclosure occurs without coordination with the affected parties, we will make our best effort to include mitigation advice when we are able to do so.
  • We will work with the affected party to ensure that a CVE entry, which is used to track vulnerabilities, is assigned to the vulnerability when possible.

And here's Symantec's - - www.symantec.com/security-center/vulnerability-management

Note that the page links to this document: www.symantec.com/security/OIS_Guidelines for responsible disclosure.pdf

And that this document references ISO Standard ISO 29417 - which you can buy a copy of here: www.iso.org/standard/45170.html

Just in case any further proof was needed that this is industry standard and that CTS Labs handling of the issue was entirely abnormal.
Posted on Reply
#55
Tatty_Two
Gone Fishing
At this point, I am more interested in reply banning some of you for turning this thread into a crapfest.
Posted on Reply
#56
ToxicTaZ
I herd Intel new 10nm++ Icelake architecture is bug free....? (Icelake & Z470 Chipset) DMI 4.0, PCIe 4.0 and DDR5 memory.... Probably Q4 2019

But all Intel 22nm and 14nm are all infected with security holes...

Means even second generation 14nm++ Coffeelake this fall with Z390 chipset still have the same security holes...

I myself have an 8700K on Maximus X FORMULA with Bios v1603...all software and firmware up to date. I don't notice any performance changes.

Older boards get the biggest hits.
Posted on Reply
#57
Komshija
Wonderful. Now security updates will likely even further slow down Intel CPU's. First update meant that eg. from i7 6700K you went straight to i7 3770K's performance; or from Skylake to an Ivy Bridge. This update will likely even further "improve" Intel CPU's eg. from i7 6700K's performance to i7 2600K's performance. Just wonderful. :shadedshu:

Supposedly Intel was "working" on some new update which would fix the slowdowns from Spectre & Meltdown microcode updates, but knowing Intel's greediness I doubt it.
Posted on Reply
#58
GlacierNine
KomshijaWonderful. Now security updates will likely even further slow down Intel CPU's. First update meant that eg. from i7 6700K you went straight to i7 3770K's performance; or from Skylake to an Ivy Bridge. This update will likely even further "improve" Intel CPU's eg. from i7 6700K's performance to i7 2600K's performance. Just wonderful. :shadedshu:

Supposedly Intel was "working" on some new update which would fix the slowdowns from Spectre & Meltdown microcode updates, but knowing Intel's greediness I doubt it.
Would definitely like to see some sources on that performance reduction. As far as I've seen, the only real impact for users was in situations like using postgres databases.

For almost all other workloads, users saw practically zero performance degradation. I certainly didn't see any issues on my 6700K, and it's certainly not performing at 3770K levels after patching.
Posted on Reply
#59
Komshija
Nooo, the performance actually increased after the update. :laugh:

There are quite a few reports about this update slowing down Intel CPU's, even a test made by some folks: beta.techcrunch.com/wp-content/uploads/2018/01/intel-meltdown-performance-chart.png?_ga=2.13967607.1982391869.1531903158-1943528229.1531903158

As I can tell, it definitely slowed down CPU in many synthetic benchmarks and even games. Nothing drastic, but still... Luckily you can disable this patch. Considering Intel's performance increase of ~5% from generation to generation at the same clocks, it's not far from the Ivy Bridge.
Posted on Reply
#60
GlacierNine
For DX11 gaming performance, their test showed the same performance.

The hardest hit applications were "data/financial analysis" - which is to say, work that heavily relies on databases. That's the same sort of work that postgres does, which was expected to begin with.

Again, for most users there was no performance hit. It certainly wasn't enough to wipe out 5 core generations of IPC improvement. It barely knocked the coffee lake processors they tested back to Kaby-Lake IPC.
Posted on Reply
#61
hat
Enthusiast
ToxicTaZI herd Intel new 10nm++ Icelake architecture is bug free....? (Icelake & Z470 Chipset) DMI 4.0, PCIe 4.0 and DDR5 memory.... Probably Q4 2019

But all Intel 22nm and 14nm are all infected with security holes...

Means even second generation 14nm++ Coffeelake this fall with Z390 chipset still have the same security holes...

I myself have an 8700K on Maximus X FORMULA with Bios v1603...all software and firmware up to date. I don't notice any performance changes.

Older boards get the biggest hits.
I'm not sure anymore. I remember reading a while ago that Ice Lake will have Spectre and Meltdown fixes baked into the silicon, but that was before everybody and their brother were finding new variants of Spectre. As such, don't expect anything to be secure unless it's offline. I could see a news post tomorrow saying that somebody found some vulnerability in some some major/widely used SSD controller hardware that allows a potential attacker to do this and that and I wouldn't be the slightest bit surprised. Plenty of posts have been made in jest saying something like "soon we'll be all the way back to Northwood performance" and while going to that extreme is quite silly, it hints that the users who make comments like that probably think similarly as I do... seems like since Spectre and Meltdown were initially published, we're stuck in this eternal battle against bugs/design flaws found in hardware that need to be patched. Also, it's more than Intel 22nm/14nm architecture. This stuff goes way back... speculative execution was introduced with... the Pentium Pro? and exists in almost every processor today. Even shitty phone chipsets use it. That said, don't hold your breath for too long, if you wanted Ice Lake with the baked in fixes. Seems anymore that something new is sure to rear its head. Ice Lake is probably already vulnerable to some of these new attacks.
Posted on Reply
#62
GlacierNine
hatI'm not sure anymore. I remember reading a while ago that Ice Lake will have Spectre and Meltdown fixes baked into the silicon, but that was before everybody and their brother were finding new variants of Spectre. As such, don't expect anything to be secure unless it's offline. I could see a news post tomorrow saying that somebody found some vulnerability in some some major/widely used SSD controller hardware that allows a potential attacker to do this and that and I wouldn't be the slightest bit surprised. Plenty of posts have been made in jest saying something like "soon we'll be all the way back to Northwood performance" and while going to that extreme is quite silly, it hints that the users who make comments like that probably think similarly as I do... seems like since Spectre and Meltdown were initially published, we're stuck in this eternal battle against bugs/design flaws found in hardware that need to be patched. Also, it's more than Intel 22nm/14nm architecture. This stuff goes way back... speculative execution was introduced with... the Pentium Pro? and exists in almost every processor today. Even shitty phone chipsets use it. That said, don't hold your breath for too long, if you wanted Ice Lake with the baked in fixes. Seems anymore that something new is sure to rear its head. Ice Lake is probably already vulnerable to some of these new attacks.
You're making the assumption that the patches will affect performance though.

For the first set of Spectre patches, Intel confirmed ahead of time that a performance impact would be expected. For these patches there's no evidence of that yet. It's entirely possible that sure, they'll need patches, but that those patches won't cause any impact.

Even the patches that can be proven to have caused an impact already, in most cases (particularly for newer CPUs), didn't really do anything significant to performance for the majority of users - in particular, gamers and streamers shouldn't have noticed any differences.
Posted on Reply
#63
hat
Enthusiast
You are correct that I assume the patches will affect performance. That is because I've read many times that there will be a performance impact, and I've seen reports of this happening. Truth be told, on my own system, I haven't noticed a difference, though, even though inspectre says my performance is "slower". That's with whatever MS pushed my way via Windows Update. There is no BIOS update or anything available for me.

However, that was the minor point of my post. The major point was about the seemingly constant struggle we've seen since the advent of Spectre and Meltdown originally. There's been multiple news stories posted about some new Spectre variant, and of course that whole mess with CTS labs. It seems like new vulnerabilities are being discovered all the time, and we're met with patches that reduce performance, or worse, render systems completely unusable. Somewhat ironically, while the patches may not affect the majority of users in the way of reduced performance, the vulnerabilities being patched also don't affect the majority of users in the first place. Nobody is going to use Spectre to obtain Bob's facebook password... unless they really hate Bob, and also have the skill to do it in the first place. No, the big target would be data centers, large corporations, that type of stuff... the same systems that the performance reducing patch is going to hurt the most.

I feel like we're in the very early stages of this. I have a lot of unanswered questions about it, questions only time can tell. The vulnerabilities we know of today, while serious, are rather difficult (but not impossible) to execute. How much worse is it going to get? How long before any script kiddie is able to easily hack Bob with minimal effort? Or will this issue eventually be totally remedied? How long is this going to be a thing for? How many iterations of hardware will we see with current vulnerabilities fixed at the hardware level, only for new ones to be found? What else could possibly carry serious vulnerabilities?
Posted on Reply
#64
GlacierNine
hatYou are correct that I assume the patches will affect performance. That is because I've read many times that there will be a performance impact, and I've seen reports of this happening. Truth be told, on my own system, I haven't noticed a difference, though, even though inspectre says my performance is "slower". That's with whatever MS pushed my way via Windows Update. There is no BIOS update or anything available for me.
That's what you've read many times about the patches originally released for spectre.

There has not been a single word uttered by Intel, Microsoft, or anyone else, about any performance impacts that future patches might cause.

The logical thing to take away from that is that clearly there is no anticipated performance impact.
Posted on Reply
#65
hat
Enthusiast
Time will answer that, as well. So far, some users have had a decent experience with the patches available to them (mostly those with at least Haswell and up as far as I can tell), others not so much... it's definitely a mixed bag. Again, however, I stress that's a minor point for me. As a guy who enjoys using computers, the potential performance loss is a frustrating thing. I was looking forward to upgrading to a Coffee Lake system at some point when it became available, but now I feel it's better to at least see what happens with Ice Lake, where performance is concerned. No, I don't want to lose performance because of some shitty vulnerability in the hardware... but more concerning to me than the performance impact is the question of how long this is gonna be going on for. These are some nasty vulnerabilities, and it seems new ones are coming up as the ones we already knew about for a while now are still being worked on. OG Meltdown/Spectre is still a problem, patches are still in the works, and new ones are popping up all the time. It's like battling a wildfire.
Posted on Reply
#66
rtwjunkie
PC Gaming Enthusiast
GlacierNineThere has not been a single word uttered by Intel, Microsoft, or anyone else, about any performance impacts that future patches might cause.
:laugh: Of COURSE they haven’t mentioned them. It’s not in their interest to. But it is having effects everywhere, and some major. Heck, there is even a current thread here about what it did to @RejZoR laptop.
Posted on Reply
#67
GlacierNine
hatTime will answer that, as well. So far, some users have had a decent experience with the patches available to them (mostly those with at least Haswell and up as far as I can tell), others not so much... it's definitely a mixed bag. Again, however, I stress that's a minor point for me. As a guy who enjoys using computers, the potential performance loss is a frustrating thing. I was looking forward to upgrading to a Coffee Lake system at some point when it became available, but now I feel it's better to at least see what happens with Ice Lake, where performance is concerned. No, I don't want to lose performance because of some shitty vulnerability in the hardware... but more concerning to me than the performance impact is the question of how long this is gonna be going on for. These are some nasty vulnerabilities, and it seems new ones are coming up as the ones we already knew about for a while now are still being worked on. OG Meltdown/Spectre is still a problem, patches are still in the works, and new ones are popping up all the time. It's like battling a wildfire.
I'm not sure what you're having such a hard time grasping here.

The patches for these new exploits are not the same as the patches for the original exploits. There is no concrete reason why there would be any performance impact of any kind.

It was abnormal that the original patches caused a performance loss. Intel has patched vulnerabilities before without causing performance loss and will patch vulnerabilities in future without causing performance losses. Let the proof be in the pudding for this one, rather than fearmongering about performance losses that probably won't ever exist.
rtwjunkie:laugh: Of COURSE they haven’t mentioned them. It’s not in their interest to. But it is having effects everywhere, and some major. Heck, there is even a current thread here about what it did to @RejZoR laptop.
I've seen that thread and it's a shitfest. No patch causes a drop from 178 to 100 points in a benchmark, and even if it did that would have been frontpage on every tech site for *WEEKS* afterwards. Something else is going on with that laptop and people are simply screaming at each other and blaming the patch because they want to fuel the controversy.

The benchmarks up above in this thread showed no, or very little, performance loss after the patch. Rejzor is showing a completely abnormal result, and that should be people's focus in that thread. Instead, people are just using it to bash on brands they don't like, be it Intel or AMD.

Let's also not forget that he bought a dual core AMD, non-ryzen laptop in 2018 and claims it was "as fast as my desktop Core i7 at casual office tasks down to slower than computer I've had 2 decades ago.". That right there says to me that there's a quagmire of poorly communicated ideas and expectations under the issue. Hell, that's why I didn't comment in the thread - Because it's full of completely insane assertions that simply don't line up with reality, both from the OP and the commenters.
Posted on Reply
#68
hat
Enthusiast
GlacierNineI'm not sure what you're having such a hard time grasping here.

The patches for these new exploits are not the same as the patches for the original exploits. There is no concrete reason why there would be any performance impact of any kind.

It was abnormal that the original patches caused a performance loss. Intel has patched vulnerabilities before without causing performance loss and will patch vulnerabilities in future without causing performance losses. Let the proof be in the pudding for this one, rather than fearmongering about performance losses that probably won't ever exist.


I've seen that thread and it's a shitfest. No patch causes a drop from 178 to 100 points in a benchmark, and even if it did that would have been frontpage on every tech site for *WEEKS* afterwards. Something else is going on with that laptop and people are simply screaming at each other and blaming the patch because they want to fuel the controversy.

The benchmarks up above in this thread showed no, or very little, performance loss after the patch. Rejzor is showing a completely abnormal result, and that should be people's focus in that thread. Instead, people are just using it to bash on brands they don't like, be it Intel or AMD.

Let's also not forget that he bought a dual core AMD, non-ryzen laptop in 2018 and claims it was "as fast as my desktop Core i7 at casual office tasks down to slower than computer I've had 2 decades ago.". That right there says to me that there's a quagmire of poorly communicated ideas and expectations under the issue. Hell, that's why I didn't comment in the thread - Because it's full of completely insane assertions that simply don't line up with reality, both from the OP and the commenters.
Once again, performance loss was a minor concern. That said, we'll only see what direction that goes, as well as the eternal security battle (which once again was the major point in my comment), in due time.

As for Rejzor's thread... I'm not sure what you're saying there. So he bought a Bulldozer laptop in 2018... what's wrong with that? Compared to the other choice he had at the time (Atom) it seems like a good buy... and I would fully expect a Bulldozer to perform on par with any i7 chip in general tasks, such as web surfing. It's not until you run benchmarks or launch a demanding application that the difference becomes clear, and that wasn't the use case for this laptop. It was a general purpose machine his mom could use to check her email and watch youtube or whatever. There's no reason to think it should be inadequate just because it was Bulldozer.

Sure, you got the typical fanboy comments, as you do everywhere else on this site, and everywhere else in the world. Sports fans and car guys are the same way. We just do it with PC hardware cause we're nerds like that. Now, if you are someone who can see such a thread and refrain from posting comments like "AMD sux, lol faildozer", and bob and weave through other such comments made by other users... you'll see the thread is actually about a shitty patch that significantly crippled that machine's performance. It's not the first time such a claim has been made, either. Again, though, we are still in the early stages of this mess (or at least I think so) and hopefully you are right that new and better patches are coming that don't cripple performance, or worse, render machines unusable. There's been plenty of reports of machines being left unbootable after such updates...
Posted on Reply
#69
GlacierNine
hatOnce again, performance loss was a minor concern. That said, we'll only see what direction that goes, as well as the eternal security battle (which once again was the major point in my comment), in due time.

As for Rejzor's thread... I'm not sure what you're saying there. So he bought a Bulldozer laptop in 2018... what's wrong with that? Compared to the other choice he had at the time (Atom) it seems like a good buy... and I would fully expect a Bulldozer to perform on par with any i7 chip in general tasks, such as web surfing. It's not until you run benchmarks or launch a demanding application that the difference becomes clear, and that wasn't the use case for this laptop. It was a general purpose machine his mom could use to check her email and watch youtube or whatever. There's no reason to think it should be inadequate just because it was Bulldozer.

Sure, you got the typical fanboy comments, as you do everywhere else on this site, and everywhere else in the world. Sports fans and car guys are the same way. We just do it with PC hardware cause we're nerds like that. Now, if you are someone who can see such a thread and refrain from posting comments like "AMD sux, lol faildozer", and bob and weave through other such comments made by other users... you'll see the thread is actually about a shitty patch that significantly crippled that machine's performance. It's not the first time such a claim has been made, either. Again, though, we are still in the early stages of this mess (or at least I think so) and hopefully you are right that new and better patches are coming that don't cripple performance, or worse, render machines unusable. There's been plenty of reports of machines being left unbootable after such updates...
Put it this way. From what was said in that thread, and how utterly hysterical most of the comments are, plus the fact the performance decrease he experienced was SO FAR beyond any other report, test, statement, or even other complaint thread I have ever seen on the topic?

I would be willing to bet that resetting the UEFI and reinstalling windows would resolve the issue even after all patches were reapplied. I simply do not believe that ANY of the spectre patches currently available for download, actually result in a drop in performance that severe.

As for machines having boot issues, that was in JANUARY, and those patches were pulled and subsequently replaced with different ones within 10 days.

Spectre and Meltdown patches have had some issues, yes, but bringing up issues that only existed for less than 2 weeks, and that haven't been an issue for over 6 months is just adding unnecessary FUD into the entire discussion.
Posted on Reply
#70
rtwjunkie
PC Gaming Enthusiast
Actually, if you follow to the end of the discussion there, some of our more knowledgeable and respected members have levelheadedly waded in and determined he really may have a MS issue from these patches. The riff raff and fanboys have been set to the side.
Posted on Reply
#71
Adam Krazispeed
Tsukiyomi91here we go again... == come on Intel... you can do better than that.
no they cant the lost BRIAN? ha ha
Posted on Reply
#72
las
TheGuruStudYou bought a low binned part... And we all know the process target was 3 GHz for mobile. 4+ is quite a feat without huge power demands.
It's a 1700X and there is tons of people that can't break 4 GHz on 1st gen, even on 1800X's.
There's barely any binning going on with Ryzen. All chips hit OC wall. Non-X can easily OC better than a X model. Go see owners thread on OC forums...

Not even 2nd gen Ryzen clocks much better and performance goes down in many workloads (especially games) when OC'ed manually instead of using stock boost. This is fact. Tons of reviews show this. Boost will clock higher than all-core OC.

I'm not that impressed with Ryzen. Maybe value/performance wise with B350/B450 + 1600/2600. But Threadripper is much better if you really need alot of cores, but these are not great for gaming and many "normal" workloads. Going with an AMD CPU is good for SOME workloads. Intel still delivers best performance overall.

CEMU is running terrible on my Ryzen 1700X compared to my 6700K. Alot of programs and games run much worse on an AMD CPU. Many applications are optimized for Intel or simply prefers higher clocks, better IPC on less cores and threads.
MT66Glofo is claiming 5ghz-ish with their 7nm process so I don't see why the tsmc 7nm process should not enable 5ghz-ish for ryzen 3000. I think an overlooked aspect of what AMD has been using process node wise is that its a 14nm samsung node used by Glofo, as far as I know samsung only make mobile centric processors where power efficiency is a premium and clock speed tend to be in the 1ghz to maybe 3ghz range, I dont believe there is a high performance variant of a samsung node just low power, TSMC and Glofo both state they will have both a high performance and low power verison of their 7nm process. This is why I believe the ryzen clock speeds have been lacking but power efficiency has been pretty good. Either way in time it will be revealed.
5 GHz haha, not going to happen. You'll see next year. Would be awesome tho, but forget it.
HD64GSince we got from 3.9-4.1 to 4.2-4.4 with a refresh and without tweaks in the arch on basically the same production line which with some tweaks got from 14nm to 12nm, a full node improvement to 7nm alongside a big improvement encore can easily reach very close or above the 5GHz limit at stock boost for 1-2 thread needs. My 5 cents.
We didn't go from 3.9-4.1 to 4.2-4.4. Some 1st gen did 4.2 and almost NO 2nd gen does 4.4 when we're talking 100% stable, and not just bench stable.

It's more like 200 MHz on average, from 1st to 2nd gen.
cucker tarlsonIf they want gamers they first need to do something with this horrendous latency that CCX design produces, otherwise Intel will beat them in gaming as long as they keep using ring design.
Yeah. Ring bus is superior for gaming. I'll probably just crap one of Intel's new octa cores with solder and be fine for the next few years or atleast till next console gen hits in 2021ish. My Ryzen 1700X is much worse for high fps gaming than my i7-6700K. 60 fps/Hz gamers will be fine with Ryzen tho.
Posted on Reply
#73
John Naylor
I'm still looking for justification to this hysteria ... where is the post from the guy posting "Oh I didn't wanna do the Spectre / Meltdown patch because of potential performance issues and now my life is hell" ... haven't seen so much "mush ado about nothing" since Y2k
Posted on Reply
Add your own comment
Dec 22nd, 2024 20:56 EST change timezone

New Forum Posts

Popular Reviews

Controversial News Posts