• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

New "Spectre" Variant Hits Intel CPUs, Company Promises Quarterly Microcode Updates

Joined
Oct 5, 2017
Messages
595 (0.23/day)
Citation needed.
"A heap of bullshit"

When you start a post with insult you don't incentivize the person you're allegedly responding to bother to read your post. Instead, you're just showing off for others. That's not discourse. It starts with the letter t.

There you go, attempting to discredit my argument by taking issue with the manner in which it was delivered rather than the points I actually made.

Now that you've got your citation for that, perhaps you could trouble yourself to go back and deal with the other citations I made, in the post you're now avoiding addressing?
 
Joined
Jan 15, 2015
Messages
362 (0.10/day)
I stated a fact. If that upsets you it's not my problem. It is a fact that when someone begins their post with an attack on the person they're allegedly responding to they are showing off for their friends rather than responding substantively in good faith.

Stating facts as I have is not ad hominem. Your behavior in this topic has been unacceptable and continues to be. Whatever you think you are accomplishing here it is not worth the effort you're putting into it.
 
Joined
Oct 5, 2017
Messages
595 (0.23/day)
I stated a fact. If that upsets you it's not my problem. It is a fact that when someone begins their post with an attack on the person they're allegedly responding to they are showing off for their friends rather than responding substantively in good faith.

Stating facts as I have is not ad hominem. Your behavior in this topic has been unacceptable and continues to be. Whatever you think you are accomplishing here it is not worth the effort you're putting into it.
Actually I think you'll find your points are subjective, so cannot be claimed to be fact. They can absolutely be your personal truth, but there is no objective standard here that would enable you to qualify your opinion on my attitude as being "factual".

Now with that said, please accept a cloying, sickly sweet and absolutely sincere apology for my conduct, if it means we can now proceed to discuss the actual substance of my post. In fact, as a show of goodwill, I will reproduce it here, as it is now on the previous page of the thread and I wouldn't want to inconvenience you with the extra clicks required to be able to respond to it appropriately.

1 - You can think that, but deadlines of several months are not in any way unusual, and since the vulnerabilities were quite severe and required a lot of work to fix, it's absolutely sensible to give companies a reasonable amount of time within which to work and release fixes. As shown in that link, if the fixes are not provided, the details are published anyway, and Intel weren't given special treatment over Microsoft, to whom that example link refers. (Project Zero's standard period is 90 days, the same as given to MS and Intel)

2 - Please, by all means, point to the drawbacks you are blindly asserting exist in relation to this process. The only one I can personally think of is that, if a company were intentionally avoiding releasing patches and thus went over the deadline before being forced to make a patch, then the exploit would be patched slightly later than it otherwise would have been. However, this argument doesn't stand up to scrutiny, as a vulnerability NOT disclosed to the wider public is at substantially less risk of being exploited, so the net effect on consumers only even *exists* if a bad actor has already discovered the same vulnerability independently and begun to exploit it. (In which case, the company is solely responsible for not patching an exploit that is being used "in the wild" as it were, in order to protect their users - they should be doing so regardless of any security disclosure.) In such instances, it is the company's fault if, having been informed of the vulnerability, they have not taken steps to patch it. Project Zero would not be accountable for the hubris of a company that did not heed clear warnings, and in instances where a bad actor is not actively exploiting a vulnerability, this practice allows the vulnerability to be patched in advance of any bad actor being given even the slightest clue that it exists.

That practice absolutely keeps users safer, as it often takes more time to fix a vulnerability, than it does to exploit it after being informed of it.

3 - This is simply whataboutery. If anything it simply bolsters my point - CTS had reason to believe that by publishing this information they could force a movement in the stock market - the same one they'd seen Intel's CEO profit from earlier. The mechanics of their short position were slightly different, but this was absolutely their intention. Sure, Intel's CEO did that, and it's wrong that he did so or was able to. But I don't recall ever arguing that he was in the right to do so? If my memory fails me then by all means, point to where I defended his actions re: stock trading.

The second half of this point is simply you attempting, once again, to state (without any evidence to support you) that the industry standard practice of privately disclosing vulnerabilities to be patched before making them public, is somehow inherently flawed. If you genuinely believe that, then once again, you are taking issue with an entire industry's standard practice - A practice CTS labs wilfully ignored despite claiming to have many years of experience, and then defended ignoring with the shamefully ignorant argument of "We didn't think it was possible to patch these vulnerabilities in the time allotted so we went public straight away" - As if somehow that argument doesn't INCREASE the amount of time a bad actor has to find out about and abuse the issues raised, ahead of a fix being provided.

4) This is a stupid argument to be making. This is not difficult - Vulnerabilities are typically easier and quicker to exploit than they are to fix. By not giving manufacturers a headstart on mitigation, you are giving bad actors an extended window within which to work to exploit the issues. On the other hand, a user cannot patch their OS or programs by themselves - if they had the knowledge they were running unsafe software, it wouldn't do them any practical good, because they cannot fix the problems themselves unless they are developers themselves, running OSS they are free to modify themselves, and even then, most wouldn't have the time or skill to fix these issues themselves. What you just provided isn't a counterargument - It's simply a contrary assertion, and one that is contradicted by the practices of the entire InfoSec industry, to boot.

5 - Actually, it is "The industry". All I had to do to find a heap of examples of this happening was search the term "discloses vulnerability".

That brought me to Symantec for example, who followed this practice when helping apple to patch undisclosed vulnerabilities in iOS 11 - http://www.eweek.com/security/symantec-discloses-apple-ios-trustjacking-risks-at-rsa-conference

Duo security even published a table of vendors who they informed and when they subsequently updated after being informed Note that this article was published on 27th Feb, but the companies in the table were mostly notified 24 Jan. - https://www.kb.cert.org/vuls/id/475445

Check Point Software Technologies disclosed a vulnerability to WhatsApp and Telegram on March 7th, both companies developed patches for the issue before it was made public on March 15th. The same article mentions that they disclosed, and whatsapp fixed, another security vulnerability in the same way in 2015. https://blog.checkpoint.com/2017/03/15/check-point-discloses-vulnerability-whatsapp-telegram/

In fact, one of the major criticisms of the NSA after it's tools were leaked online (leading to WannaCry for example), was that these bugs could have been patched BEFORE they were exploited, if the NSA hadn't attempted to hide the vulnerabilities and keep them secret, rather than informing vendors - http://thehill.com/policy/cybersecu...t-vulnerability-connected-to-wanna-cry-report
https://www.wired.com/story/eternalblue-leaked-nsa-spy-tool-hacked-world/
https://www.wired.com/2016/08/shadow-brokers-mess-happens-nsa-hoards-zero-days/




You can dress this up all you like - At the end of the day, this is established practice for a reason - The EternalBlue and Wannacry ransomware attacks show exactly what can happen if this practice is disregarded. CTS Labs should have known this if they were anywhere near as experienced or "benevolent" as you are attempting to make out. The fact they disregarded it is proof of either their incompetence, their malice, or their vested interest.
 

rtwjunkie

PC Gaming Enthusiast
Supporter
Joined
Jul 25, 2008
Messages
14,019 (2.34/day)
Location
Louisiana
Processor Core i9-9900k
Motherboard ASRock Z390 Phantom Gaming 6
Cooling All air: 2x140mm Fractal exhaust; 3x 140mm Cougar Intake; Enermax ETS-T50 Black CPU cooler
Memory 32GB (2x16) Mushkin Redline DDR-4 3200
Video Card(s) ASUS RTX 4070 Ti Super OC 16GB
Storage 1x 1TB MX500 (OS); 2x 6TB WD Black; 1x 2TB MX500; 1x 1TB BX500 SSD; 1x 6TB WD Blue storage (eSATA)
Display(s) Infievo 27" 165Hz @ 2560 x 1440
Case Fractal Design Define R4 Black -windowed
Audio Device(s) Soundblaster Z
Power Supply Seasonic Focus GX-1000 Gold
Mouse Coolermaster Sentinel III (large palm grip!)
Keyboard Logitech G610 Orion mechanical (Cherry Brown switches)
Software Windows 10 Pro 64-bit (Start10 & Fences 3.0 installed)
I stated a fact. If that upsets you it's not my problem. It is a fact that when someone begins their post with an attack on the person they're allegedly responding to they are showing off for their friends rather than responding substantively in good faith.

Stating facts as I have is not ad hominem. Your behavior in this topic has been unacceptable and continues to be. Whatever you think you are accomplishing here it is not worth the effort you're putting into it.
As a spectator, I’m still trying to find these “facts” where he attacked you. Can you point me to them?
 
Joined
Oct 5, 2017
Messages
595 (0.23/day)
As a spectator, I’m still trying to find these “facts” where he attacked you. Can you point me to them?
I think he considers me calling his entire post bullshit, to be a form of personal attack.

That said, I'm really far more interested in discussing the actual topic, so please, I implore you, let's not get bogged down in these debates of what does and does not constitute ad hominem. I've already apologised for any offense I caused by referring to his post as a heap of bullshit - That includes any offense caused to him personally, and to any actual heaps of bullshit who don't wish to be unfairly tarred with the same brush, of course.

I really would like to just put this all behind us all as reasonable, astute individuals, and move on to discussing the points I made as rebuttals to the points Rich made.

Update btw - https://duo.com/labs/disclosure

This is Duo Lab's official disclosure policy.

Disclosure Timelines
  • Our default window of disclosure is 90 days from first contact attempt. This means we expect that the vulnerability being reported is dealt with and resolved within that window. We fully appreciate there will be corner cases and exceptions to this rule that may increase the timeframe beyond 90 days, but communication is key here in order for us to be able to properly assess the situation and the circumstances, which could cause the window to exceed 90 days.
  • In the event that a vendor does not respond within the first 30 days of attempted reporting, we will assume that no action will be taken. We will disclose the issue publicly and, where possible, include mitigation guidance.
  • Our 90-day window does not mean that we will sit on a fixed vulnerability for the duration. If the reported issue can be fixed and a fix can be released faster, we encourage this and will coordinate the disclosure with the fix date.
  • Once the 90-day clock runs out, we will notify the affected parties that the deadline is here and then begin planning the release of vulnerability details and mitigations or fixes. In most cases, this can be considered a small grace period to allow the affected party to coordinate with us as necessary. This grace period shall not exceed 14 days. Via email, we will share details on what we will be releasing and, if available, drafts of any content we are planning to publish.
What We Disclose
  • By default, we will not release what is known as a “weaponized” exploit. However, Duo may share relevant technical details with partners who are committed to using the information to help protect users.
  • We will release full details of the vulnerability and all the necessary technical details to properly illustrate the risk. This is typically achieved via a detailed white paper with an accompanying blog post that summarizes the paper.
  • Where appropriate, we may release videos or other media showing successful exploitation of the vulnerability.
  • Also where appropriate, we may release tools, scripts or other technical details that can help others identify similar or related vulnerabilities. An example of this might be a fuzzer we developed, or other tooling to automate testing.
  • Our releases will include a disclosure timeline that outlines our experience of working with the affected party during disclosure, along with the time spent resolving the issue.
  • If disclosure occurs without coordination with the affected parties, we will make our best effort to include mitigation advice when we are able to do so.
  • We will work with the affected party to ensure that a CVE entry, which is used to track vulnerabilities, is assigned to the vulnerability when possible.

And here's Symantec's - - https://www.symantec.com/security-center/vulnerability-management

Note that the page links to this document: http://www.symantec.com/security/OIS_Guidelines for responsible disclosure.pdf

And that this document references ISO Standard ISO 29417 - which you can buy a copy of here: https://www.iso.org/standard/45170.html

Just in case any further proof was needed that this is industry standard and that CTS Labs handling of the issue was entirely abnormal.
 
Last edited:

Tatty_Two

Gone Fishing
Joined
Jan 18, 2006
Messages
25,944 (3.75/day)
Location
Worcestershire, UK
Processor Intel Core i9 11900KF @ -.080mV PL max @220w
Motherboard MSI MAG Z490 TOMAHAWK
Cooling DeepCool LS520SE Liquid + 3 Phanteks 140mm case fans
Memory 32GB (4 x 8GB SR) Patriot Viper Steel Bdie @ 3600Mhz CL14 1.45v Gear 1
Video Card(s) Asus Dual RTX 4070 OC + 8% PL
Storage WD Blue SN550 1TB M.2 NVME//Crucial MX500 500GB SSD (OS)
Display(s) AOC Q2781PQ 27 inch Ultra Slim 2560 x 1440 IPS
Case Phanteks Enthoo Pro M Windowed - Gunmetal
Audio Device(s) Onboard Realtek ALC1200/SPDIF to Sony AVR @ 5.1
Power Supply Seasonic CORE GM650w Gold Semi modular
Software Win 11 Home x64
At this point, I am more interested in reply banning some of you for turning this thread into a crapfest.
 
Joined
Jan 2, 2014
Messages
253 (0.06/day)
Location
Edmonton
System Name Coffeelake the Zen Destroyer
Processor 8700K @5.1GHz
Motherboard ASUS ROG MAXIMUS X FORMULA
Cooling Cooled by EK
Memory RGB DDR4 4133MHz CL17-17-17-37
Video Card(s) GTX 780 Ti to future GTX 1180Ti
Storage SAMSUNG 960 PRO 512GB
Display(s) ASUS ROG SWIFT PG27VQ to ROG SWIFT PG35VQ
Case Cooler Master HAF X Nvidia Edition
Audio Device(s) Logitech
Power Supply COOLER MASTER 1KW Gold
Mouse LOGITECH Gaming
Keyboard Logitech Gaming
Software MICROSOFT Redstone 4
Benchmark Scores Cine Bench 15 single performance 222
I herd Intel new 10nm++ Icelake architecture is bug free....? (Icelake & Z470 Chipset) DMI 4.0, PCIe 4.0 and DDR5 memory.... Probably Q4 2019

But all Intel 22nm and 14nm are all infected with security holes...

Means even second generation 14nm++ Coffeelake this fall with Z390 chipset still have the same security holes...

I myself have an 8700K on Maximus X FORMULA with Bios v1603...all software and firmware up to date. I don't notice any performance changes.

Older boards get the biggest hits.
 
Joined
Aug 16, 2016
Messages
1,025 (0.34/day)
Location
Croatistan
System Name 1.21 gigawatts!
Processor Intel Core i7 6700K
Motherboard MSI Z170A Krait Gaming 3X
Cooling Be Quiet! Shadow Rock Slim with Arctic MX-4
Memory 16GB G.Skill Ripjaws V DDR4 3000 MHz
Video Card(s) Palit GTX 1080 Game Rock
Storage Mushkin Triactor 240GB + Toshiba X300 4TB + Team L3 EVO 480GB
Display(s) Philips 237E7QDSB/00 23" FHD AH-IPS
Case Aerocool Aero-1000 white + 4 Arctic F12 PWM Rev.2 fans
Audio Device(s) Onboard Audio Boost 3 with Nahimic Audio Enhancer
Power Supply FSP Hydro G 650W
Mouse Cougar 700M eSports white
Keyboard E-Blue Cobra II
Software Windows 8.1 Pro x64
Benchmark Scores Cinebench R15: 948 (stock) / 1044 (4,7 GHz) FarCry 5 1080p Ultra: min 100, avg 116, max 133 FPS
Wonderful. Now security updates will likely even further slow down Intel CPU's. First update meant that eg. from i7 6700K you went straight to i7 3770K's performance; or from Skylake to an Ivy Bridge. This update will likely even further "improve" Intel CPU's eg. from i7 6700K's performance to i7 2600K's performance. Just wonderful. :shadedshu:

Supposedly Intel was "working" on some new update which would fix the slowdowns from Spectre & Meltdown microcode updates, but knowing Intel's greediness I doubt it.
 
Joined
Oct 5, 2017
Messages
595 (0.23/day)
Wonderful. Now security updates will likely even further slow down Intel CPU's. First update meant that eg. from i7 6700K you went straight to i7 3770K's performance; or from Skylake to an Ivy Bridge. This update will likely even further "improve" Intel CPU's eg. from i7 6700K's performance to i7 2600K's performance. Just wonderful. :shadedshu:

Supposedly Intel was "working" on some new update which would fix the slowdowns from Spectre & Meltdown microcode updates, but knowing Intel's greediness I doubt it.

Would definitely like to see some sources on that performance reduction. As far as I've seen, the only real impact for users was in situations like using postgres databases.

For almost all other workloads, users saw practically zero performance degradation. I certainly didn't see any issues on my 6700K, and it's certainly not performing at 3770K levels after patching.
 
Joined
Aug 16, 2016
Messages
1,025 (0.34/day)
Location
Croatistan
System Name 1.21 gigawatts!
Processor Intel Core i7 6700K
Motherboard MSI Z170A Krait Gaming 3X
Cooling Be Quiet! Shadow Rock Slim with Arctic MX-4
Memory 16GB G.Skill Ripjaws V DDR4 3000 MHz
Video Card(s) Palit GTX 1080 Game Rock
Storage Mushkin Triactor 240GB + Toshiba X300 4TB + Team L3 EVO 480GB
Display(s) Philips 237E7QDSB/00 23" FHD AH-IPS
Case Aerocool Aero-1000 white + 4 Arctic F12 PWM Rev.2 fans
Audio Device(s) Onboard Audio Boost 3 with Nahimic Audio Enhancer
Power Supply FSP Hydro G 650W
Mouse Cougar 700M eSports white
Keyboard E-Blue Cobra II
Software Windows 8.1 Pro x64
Benchmark Scores Cinebench R15: 948 (stock) / 1044 (4,7 GHz) FarCry 5 1080p Ultra: min 100, avg 116, max 133 FPS
Nooo, the performance actually increased after the update. :laugh:

There are quite a few reports about this update slowing down Intel CPU's, even a test made by some folks: https://beta.techcrunch.com/wp-cont...7.1982391869.1531903158-1943528229.1531903158

As I can tell, it definitely slowed down CPU in many synthetic benchmarks and even games. Nothing drastic, but still... Luckily you can disable this patch. Considering Intel's performance increase of ~5% from generation to generation at the same clocks, it's not far from the Ivy Bridge.
 
Joined
Oct 5, 2017
Messages
595 (0.23/day)
For DX11 gaming performance, their test showed the same performance.

The hardest hit applications were "data/financial analysis" - which is to say, work that heavily relies on databases. That's the same sort of work that postgres does, which was expected to begin with.

Again, for most users there was no performance hit. It certainly wasn't enough to wipe out 5 core generations of IPC improvement. It barely knocked the coffee lake processors they tested back to Kaby-Lake IPC.
 

hat

Enthusiast
Joined
Nov 20, 2006
Messages
21,747 (3.29/day)
Location
Ohio
System Name Starlifter :: Dragonfly
Processor i7 2600k 4.4GHz :: i5 10400
Motherboard ASUS P8P67 Pro :: ASUS Prime H570-Plus
Cooling Cryorig M9 :: Stock
Memory 4x4GB DDR3 2133 :: 2x8GB DDR4 2400
Video Card(s) PNY GTX1070 :: Integrated UHD 630
Storage Crucial MX500 1TB, 2x1TB Seagate RAID 0 :: Mushkin Enhanced 60GB SSD, 3x4TB Seagate HDD RAID5
Display(s) Onn 165hz 1080p :: Acer 1080p
Case Antec SOHO 1030B :: Old White Full Tower
Audio Device(s) Creative X-Fi Titanium Fatal1ty Pro - Bose Companion 2 Series III :: None
Power Supply FSP Hydro GE 550w :: EVGA Supernova 550
Software Windows 10 Pro - Plex Server on Dragonfly
Benchmark Scores >9000
I herd Intel new 10nm++ Icelake architecture is bug free....? (Icelake & Z470 Chipset) DMI 4.0, PCIe 4.0 and DDR5 memory.... Probably Q4 2019

But all Intel 22nm and 14nm are all infected with security holes...

Means even second generation 14nm++ Coffeelake this fall with Z390 chipset still have the same security holes...

I myself have an 8700K on Maximus X FORMULA with Bios v1603...all software and firmware up to date. I don't notice any performance changes.

Older boards get the biggest hits.

I'm not sure anymore. I remember reading a while ago that Ice Lake will have Spectre and Meltdown fixes baked into the silicon, but that was before everybody and their brother were finding new variants of Spectre. As such, don't expect anything to be secure unless it's offline. I could see a news post tomorrow saying that somebody found some vulnerability in some some major/widely used SSD controller hardware that allows a potential attacker to do this and that and I wouldn't be the slightest bit surprised. Plenty of posts have been made in jest saying something like "soon we'll be all the way back to Northwood performance" and while going to that extreme is quite silly, it hints that the users who make comments like that probably think similarly as I do... seems like since Spectre and Meltdown were initially published, we're stuck in this eternal battle against bugs/design flaws found in hardware that need to be patched. Also, it's more than Intel 22nm/14nm architecture. This stuff goes way back... speculative execution was introduced with... the Pentium Pro? and exists in almost every processor today. Even shitty phone chipsets use it. That said, don't hold your breath for too long, if you wanted Ice Lake with the baked in fixes. Seems anymore that something new is sure to rear its head. Ice Lake is probably already vulnerable to some of these new attacks.
 
Joined
Oct 5, 2017
Messages
595 (0.23/day)
I'm not sure anymore. I remember reading a while ago that Ice Lake will have Spectre and Meltdown fixes baked into the silicon, but that was before everybody and their brother were finding new variants of Spectre. As such, don't expect anything to be secure unless it's offline. I could see a news post tomorrow saying that somebody found some vulnerability in some some major/widely used SSD controller hardware that allows a potential attacker to do this and that and I wouldn't be the slightest bit surprised. Plenty of posts have been made in jest saying something like "soon we'll be all the way back to Northwood performance" and while going to that extreme is quite silly, it hints that the users who make comments like that probably think similarly as I do... seems like since Spectre and Meltdown were initially published, we're stuck in this eternal battle against bugs/design flaws found in hardware that need to be patched. Also, it's more than Intel 22nm/14nm architecture. This stuff goes way back... speculative execution was introduced with... the Pentium Pro? and exists in almost every processor today. Even shitty phone chipsets use it. That said, don't hold your breath for too long, if you wanted Ice Lake with the baked in fixes. Seems anymore that something new is sure to rear its head. Ice Lake is probably already vulnerable to some of these new attacks.


You're making the assumption that the patches will affect performance though.

For the first set of Spectre patches, Intel confirmed ahead of time that a performance impact would be expected. For these patches there's no evidence of that yet. It's entirely possible that sure, they'll need patches, but that those patches won't cause any impact.

Even the patches that can be proven to have caused an impact already, in most cases (particularly for newer CPUs), didn't really do anything significant to performance for the majority of users - in particular, gamers and streamers shouldn't have noticed any differences.
 

hat

Enthusiast
Joined
Nov 20, 2006
Messages
21,747 (3.29/day)
Location
Ohio
System Name Starlifter :: Dragonfly
Processor i7 2600k 4.4GHz :: i5 10400
Motherboard ASUS P8P67 Pro :: ASUS Prime H570-Plus
Cooling Cryorig M9 :: Stock
Memory 4x4GB DDR3 2133 :: 2x8GB DDR4 2400
Video Card(s) PNY GTX1070 :: Integrated UHD 630
Storage Crucial MX500 1TB, 2x1TB Seagate RAID 0 :: Mushkin Enhanced 60GB SSD, 3x4TB Seagate HDD RAID5
Display(s) Onn 165hz 1080p :: Acer 1080p
Case Antec SOHO 1030B :: Old White Full Tower
Audio Device(s) Creative X-Fi Titanium Fatal1ty Pro - Bose Companion 2 Series III :: None
Power Supply FSP Hydro GE 550w :: EVGA Supernova 550
Software Windows 10 Pro - Plex Server on Dragonfly
Benchmark Scores >9000
You are correct that I assume the patches will affect performance. That is because I've read many times that there will be a performance impact, and I've seen reports of this happening. Truth be told, on my own system, I haven't noticed a difference, though, even though inspectre says my performance is "slower". That's with whatever MS pushed my way via Windows Update. There is no BIOS update or anything available for me.

However, that was the minor point of my post. The major point was about the seemingly constant struggle we've seen since the advent of Spectre and Meltdown originally. There's been multiple news stories posted about some new Spectre variant, and of course that whole mess with CTS labs. It seems like new vulnerabilities are being discovered all the time, and we're met with patches that reduce performance, or worse, render systems completely unusable. Somewhat ironically, while the patches may not affect the majority of users in the way of reduced performance, the vulnerabilities being patched also don't affect the majority of users in the first place. Nobody is going to use Spectre to obtain Bob's facebook password... unless they really hate Bob, and also have the skill to do it in the first place. No, the big target would be data centers, large corporations, that type of stuff... the same systems that the performance reducing patch is going to hurt the most.

I feel like we're in the very early stages of this. I have a lot of unanswered questions about it, questions only time can tell. The vulnerabilities we know of today, while serious, are rather difficult (but not impossible) to execute. How much worse is it going to get? How long before any script kiddie is able to easily hack Bob with minimal effort? Or will this issue eventually be totally remedied? How long is this going to be a thing for? How many iterations of hardware will we see with current vulnerabilities fixed at the hardware level, only for new ones to be found? What else could possibly carry serious vulnerabilities?
 
Joined
Oct 5, 2017
Messages
595 (0.23/day)
You are correct that I assume the patches will affect performance. That is because I've read many times that there will be a performance impact, and I've seen reports of this happening. Truth be told, on my own system, I haven't noticed a difference, though, even though inspectre says my performance is "slower". That's with whatever MS pushed my way via Windows Update. There is no BIOS update or anything available for me.

That's what you've read many times about the patches originally released for spectre.

There has not been a single word uttered by Intel, Microsoft, or anyone else, about any performance impacts that future patches might cause.

The logical thing to take away from that is that clearly there is no anticipated performance impact.
 

hat

Enthusiast
Joined
Nov 20, 2006
Messages
21,747 (3.29/day)
Location
Ohio
System Name Starlifter :: Dragonfly
Processor i7 2600k 4.4GHz :: i5 10400
Motherboard ASUS P8P67 Pro :: ASUS Prime H570-Plus
Cooling Cryorig M9 :: Stock
Memory 4x4GB DDR3 2133 :: 2x8GB DDR4 2400
Video Card(s) PNY GTX1070 :: Integrated UHD 630
Storage Crucial MX500 1TB, 2x1TB Seagate RAID 0 :: Mushkin Enhanced 60GB SSD, 3x4TB Seagate HDD RAID5
Display(s) Onn 165hz 1080p :: Acer 1080p
Case Antec SOHO 1030B :: Old White Full Tower
Audio Device(s) Creative X-Fi Titanium Fatal1ty Pro - Bose Companion 2 Series III :: None
Power Supply FSP Hydro GE 550w :: EVGA Supernova 550
Software Windows 10 Pro - Plex Server on Dragonfly
Benchmark Scores >9000
Time will answer that, as well. So far, some users have had a decent experience with the patches available to them (mostly those with at least Haswell and up as far as I can tell), others not so much... it's definitely a mixed bag. Again, however, I stress that's a minor point for me. As a guy who enjoys using computers, the potential performance loss is a frustrating thing. I was looking forward to upgrading to a Coffee Lake system at some point when it became available, but now I feel it's better to at least see what happens with Ice Lake, where performance is concerned. No, I don't want to lose performance because of some shitty vulnerability in the hardware... but more concerning to me than the performance impact is the question of how long this is gonna be going on for. These are some nasty vulnerabilities, and it seems new ones are coming up as the ones we already knew about for a while now are still being worked on. OG Meltdown/Spectre is still a problem, patches are still in the works, and new ones are popping up all the time. It's like battling a wildfire.
 

rtwjunkie

PC Gaming Enthusiast
Supporter
Joined
Jul 25, 2008
Messages
14,019 (2.34/day)
Location
Louisiana
Processor Core i9-9900k
Motherboard ASRock Z390 Phantom Gaming 6
Cooling All air: 2x140mm Fractal exhaust; 3x 140mm Cougar Intake; Enermax ETS-T50 Black CPU cooler
Memory 32GB (2x16) Mushkin Redline DDR-4 3200
Video Card(s) ASUS RTX 4070 Ti Super OC 16GB
Storage 1x 1TB MX500 (OS); 2x 6TB WD Black; 1x 2TB MX500; 1x 1TB BX500 SSD; 1x 6TB WD Blue storage (eSATA)
Display(s) Infievo 27" 165Hz @ 2560 x 1440
Case Fractal Design Define R4 Black -windowed
Audio Device(s) Soundblaster Z
Power Supply Seasonic Focus GX-1000 Gold
Mouse Coolermaster Sentinel III (large palm grip!)
Keyboard Logitech G610 Orion mechanical (Cherry Brown switches)
Software Windows 10 Pro 64-bit (Start10 & Fences 3.0 installed)
There has not been a single word uttered by Intel, Microsoft, or anyone else, about any performance impacts that future patches might cause.
:laugh: Of COURSE they haven’t mentioned them. It’s not in their interest to. But it is having effects everywhere, and some major. Heck, there is even a current thread here about what it did to @RejZoR laptop.
 
Joined
Oct 5, 2017
Messages
595 (0.23/day)
Time will answer that, as well. So far, some users have had a decent experience with the patches available to them (mostly those with at least Haswell and up as far as I can tell), others not so much... it's definitely a mixed bag. Again, however, I stress that's a minor point for me. As a guy who enjoys using computers, the potential performance loss is a frustrating thing. I was looking forward to upgrading to a Coffee Lake system at some point when it became available, but now I feel it's better to at least see what happens with Ice Lake, where performance is concerned. No, I don't want to lose performance because of some shitty vulnerability in the hardware... but more concerning to me than the performance impact is the question of how long this is gonna be going on for. These are some nasty vulnerabilities, and it seems new ones are coming up as the ones we already knew about for a while now are still being worked on. OG Meltdown/Spectre is still a problem, patches are still in the works, and new ones are popping up all the time. It's like battling a wildfire.

I'm not sure what you're having such a hard time grasping here.

The patches for these new exploits are not the same as the patches for the original exploits. There is no concrete reason why there would be any performance impact of any kind.

It was abnormal that the original patches caused a performance loss. Intel has patched vulnerabilities before without causing performance loss and will patch vulnerabilities in future without causing performance losses. Let the proof be in the pudding for this one, rather than fearmongering about performance losses that probably won't ever exist.

:laugh: Of COURSE they haven’t mentioned them. It’s not in their interest to. But it is having effects everywhere, and some major. Heck, there is even a current thread here about what it did to @RejZoR laptop.
I've seen that thread and it's a shitfest. No patch causes a drop from 178 to 100 points in a benchmark, and even if it did that would have been frontpage on every tech site for *WEEKS* afterwards. Something else is going on with that laptop and people are simply screaming at each other and blaming the patch because they want to fuel the controversy.

The benchmarks up above in this thread showed no, or very little, performance loss after the patch. Rejzor is showing a completely abnormal result, and that should be people's focus in that thread. Instead, people are just using it to bash on brands they don't like, be it Intel or AMD.

Let's also not forget that he bought a dual core AMD, non-ryzen laptop in 2018 and claims it was "as fast as my desktop Core i7 at casual office tasks down to slower than computer I've had 2 decades ago.". That right there says to me that there's a quagmire of poorly communicated ideas and expectations under the issue. Hell, that's why I didn't comment in the thread - Because it's full of completely insane assertions that simply don't line up with reality, both from the OP and the commenters.
 
Last edited:

hat

Enthusiast
Joined
Nov 20, 2006
Messages
21,747 (3.29/day)
Location
Ohio
System Name Starlifter :: Dragonfly
Processor i7 2600k 4.4GHz :: i5 10400
Motherboard ASUS P8P67 Pro :: ASUS Prime H570-Plus
Cooling Cryorig M9 :: Stock
Memory 4x4GB DDR3 2133 :: 2x8GB DDR4 2400
Video Card(s) PNY GTX1070 :: Integrated UHD 630
Storage Crucial MX500 1TB, 2x1TB Seagate RAID 0 :: Mushkin Enhanced 60GB SSD, 3x4TB Seagate HDD RAID5
Display(s) Onn 165hz 1080p :: Acer 1080p
Case Antec SOHO 1030B :: Old White Full Tower
Audio Device(s) Creative X-Fi Titanium Fatal1ty Pro - Bose Companion 2 Series III :: None
Power Supply FSP Hydro GE 550w :: EVGA Supernova 550
Software Windows 10 Pro - Plex Server on Dragonfly
Benchmark Scores >9000
I'm not sure what you're having such a hard time grasping here.

The patches for these new exploits are not the same as the patches for the original exploits. There is no concrete reason why there would be any performance impact of any kind.

It was abnormal that the original patches caused a performance loss. Intel has patched vulnerabilities before without causing performance loss and will patch vulnerabilities in future without causing performance losses. Let the proof be in the pudding for this one, rather than fearmongering about performance losses that probably won't ever exist.


I've seen that thread and it's a shitfest. No patch causes a drop from 178 to 100 points in a benchmark, and even if it did that would have been frontpage on every tech site for *WEEKS* afterwards. Something else is going on with that laptop and people are simply screaming at each other and blaming the patch because they want to fuel the controversy.

The benchmarks up above in this thread showed no, or very little, performance loss after the patch. Rejzor is showing a completely abnormal result, and that should be people's focus in that thread. Instead, people are just using it to bash on brands they don't like, be it Intel or AMD.

Let's also not forget that he bought a dual core AMD, non-ryzen laptop in 2018 and claims it was "as fast as my desktop Core i7 at casual office tasks down to slower than computer I've had 2 decades ago.". That right there says to me that there's a quagmire of poorly communicated ideas and expectations under the issue. Hell, that's why I didn't comment in the thread - Because it's full of completely insane assertions that simply don't line up with reality, both from the OP and the commenters.

Once again, performance loss was a minor concern. That said, we'll only see what direction that goes, as well as the eternal security battle (which once again was the major point in my comment), in due time.

As for Rejzor's thread... I'm not sure what you're saying there. So he bought a Bulldozer laptop in 2018... what's wrong with that? Compared to the other choice he had at the time (Atom) it seems like a good buy... and I would fully expect a Bulldozer to perform on par with any i7 chip in general tasks, such as web surfing. It's not until you run benchmarks or launch a demanding application that the difference becomes clear, and that wasn't the use case for this laptop. It was a general purpose machine his mom could use to check her email and watch youtube or whatever. There's no reason to think it should be inadequate just because it was Bulldozer.

Sure, you got the typical fanboy comments, as you do everywhere else on this site, and everywhere else in the world. Sports fans and car guys are the same way. We just do it with PC hardware cause we're nerds like that. Now, if you are someone who can see such a thread and refrain from posting comments like "AMD sux, lol faildozer", and bob and weave through other such comments made by other users... you'll see the thread is actually about a shitty patch that significantly crippled that machine's performance. It's not the first time such a claim has been made, either. Again, though, we are still in the early stages of this mess (or at least I think so) and hopefully you are right that new and better patches are coming that don't cripple performance, or worse, render machines unusable. There's been plenty of reports of machines being left unbootable after such updates...
 
Joined
Oct 5, 2017
Messages
595 (0.23/day)
Once again, performance loss was a minor concern. That said, we'll only see what direction that goes, as well as the eternal security battle (which once again was the major point in my comment), in due time.

As for Rejzor's thread... I'm not sure what you're saying there. So he bought a Bulldozer laptop in 2018... what's wrong with that? Compared to the other choice he had at the time (Atom) it seems like a good buy... and I would fully expect a Bulldozer to perform on par with any i7 chip in general tasks, such as web surfing. It's not until you run benchmarks or launch a demanding application that the difference becomes clear, and that wasn't the use case for this laptop. It was a general purpose machine his mom could use to check her email and watch youtube or whatever. There's no reason to think it should be inadequate just because it was Bulldozer.

Sure, you got the typical fanboy comments, as you do everywhere else on this site, and everywhere else in the world. Sports fans and car guys are the same way. We just do it with PC hardware cause we're nerds like that. Now, if you are someone who can see such a thread and refrain from posting comments like "AMD sux, lol faildozer", and bob and weave through other such comments made by other users... you'll see the thread is actually about a shitty patch that significantly crippled that machine's performance. It's not the first time such a claim has been made, either. Again, though, we are still in the early stages of this mess (or at least I think so) and hopefully you are right that new and better patches are coming that don't cripple performance, or worse, render machines unusable. There's been plenty of reports of machines being left unbootable after such updates...

Put it this way. From what was said in that thread, and how utterly hysterical most of the comments are, plus the fact the performance decrease he experienced was SO FAR beyond any other report, test, statement, or even other complaint thread I have ever seen on the topic?

I would be willing to bet that resetting the UEFI and reinstalling windows would resolve the issue even after all patches were reapplied. I simply do not believe that ANY of the spectre patches currently available for download, actually result in a drop in performance that severe.

As for machines having boot issues, that was in JANUARY, and those patches were pulled and subsequently replaced with different ones within 10 days.

Spectre and Meltdown patches have had some issues, yes, but bringing up issues that only existed for less than 2 weeks, and that haven't been an issue for over 6 months is just adding unnecessary FUD into the entire discussion.
 
Last edited:

rtwjunkie

PC Gaming Enthusiast
Supporter
Joined
Jul 25, 2008
Messages
14,019 (2.34/day)
Location
Louisiana
Processor Core i9-9900k
Motherboard ASRock Z390 Phantom Gaming 6
Cooling All air: 2x140mm Fractal exhaust; 3x 140mm Cougar Intake; Enermax ETS-T50 Black CPU cooler
Memory 32GB (2x16) Mushkin Redline DDR-4 3200
Video Card(s) ASUS RTX 4070 Ti Super OC 16GB
Storage 1x 1TB MX500 (OS); 2x 6TB WD Black; 1x 2TB MX500; 1x 1TB BX500 SSD; 1x 6TB WD Blue storage (eSATA)
Display(s) Infievo 27" 165Hz @ 2560 x 1440
Case Fractal Design Define R4 Black -windowed
Audio Device(s) Soundblaster Z
Power Supply Seasonic Focus GX-1000 Gold
Mouse Coolermaster Sentinel III (large palm grip!)
Keyboard Logitech G610 Orion mechanical (Cherry Brown switches)
Software Windows 10 Pro 64-bit (Start10 & Fences 3.0 installed)
Actually, if you follow to the end of the discussion there, some of our more knowledgeable and respected members have levelheadedly waded in and determined he really may have a MS issue from these patches. The riff raff and fanboys have been set to the side.
 
Last edited:
Joined
Jan 29, 2016
Messages
128 (0.04/day)
System Name Ryzen 5800X-PC / RyzenITX (2nd system 5800X stock)
Processor AMD Ryzen 7 5800X (atx) / 5800X itx (soon one pc getting 5800X3D upgrade! ;)
Motherboard Gigabyte X570 AORUS MASTER (ATX) / X570 I Aorus Pro WiFi (ITX)
Cooling AMD Wrath Prism Cooler / Alphenhone Blackridge (ITX)
Memory OLOY 4000Mhz 16GB x 2 (32GB) DDR4 4000 Mhz CL18, (22,22,22,42) 1.40v AT & ITX PC's (2000 Fclk)
Video Card(s) AMD Radeon RX 6800 XT (ATX) /// AMD Radeon RX 6700 XT 12GB GDDR6 (ITX)
Storage (Sys)Sammy 970EVO 500GB & SabrentRocket 4.0+ 2TB (ATX) | SabrentRocket4.0+ 1TB NVMe (ITX)
Display(s) 30" Ultra-Wide 21:9 200Hz/AMD FREESYNC 200hz/144hz LED LCD Montior Connected Via Display Port (x2)
Case Lian Li Lancool II Mesh (ATX) / Velkase Velka 7 (ITX)
Audio Device(s) Realtek HD ALC1220 codec / Onboard HD Audio* (BOTH) w/ EQ settings
Power Supply 850w (Antec High-Current Gamer) HC-850 PSU (80+ gold certified) ATX) /650Watt Thermaltake SFX (ITX)
Mouse Logitech USB Wireless KB & MOUSE (Both Systems)
Keyboard Logitech USB Wireless KB & MOUSE (Both Systems)
VR HMD Oculus Quest 2 - 128GB - Standalone + Oculus link PC
Software Windows 10 Home x64bit 2400 /BOTH SYSTEMS
Benchmark Scores CPUZ - ATX-5800X (ST:670) - (MT: 6836.3 ) CPUZ - ITX -5800X (ST:680.2) - (MT: 7015.2) ??? same CPU?

las

Joined
Nov 14, 2012
Messages
1,693 (0.38/day)
System Name Meh
Processor 7800X3D
Motherboard MSI X670E Tomahawk
Cooling Thermalright Phantom Spirit
Memory 32GB G.Skill @ 6000/CL30
Video Card(s) Gainward RTX 4090 Phantom / Undervolt + OC
Storage Samsung 990 Pro 2TB + WD SN850X 1TB + 64TB NAS/Server
Display(s) 27" 1440p IPS @ 360 Hz + 32" 4K/UHD QD-OLED @ 240 Hz + 77" 4K/UHD QD-OLED @ 144 Hz VRR
Case Fractal Design North XL
Audio Device(s) FiiO DAC
Power Supply Corsair RM1000x / Native 12VHPWR
Mouse Logitech G Pro Wireless Superlight + Razer Deathadder V3 Pro
Keyboard Corsair K60 Pro / MX Low Profile Speed
Software Windows 10 Pro x64
You bought a low binned part... And we all know the process target was 3 GHz for mobile. 4+ is quite a feat without huge power demands.

It's a 1700X and there is tons of people that can't break 4 GHz on 1st gen, even on 1800X's.
There's barely any binning going on with Ryzen. All chips hit OC wall. Non-X can easily OC better than a X model. Go see owners thread on OC forums...

Not even 2nd gen Ryzen clocks much better and performance goes down in many workloads (especially games) when OC'ed manually instead of using stock boost. This is fact. Tons of reviews show this. Boost will clock higher than all-core OC.

I'm not that impressed with Ryzen. Maybe value/performance wise with B350/B450 + 1600/2600. But Threadripper is much better if you really need alot of cores, but these are not great for gaming and many "normal" workloads. Going with an AMD CPU is good for SOME workloads. Intel still delivers best performance overall.

CEMU is running terrible on my Ryzen 1700X compared to my 6700K. Alot of programs and games run much worse on an AMD CPU. Many applications are optimized for Intel or simply prefers higher clocks, better IPC on less cores and threads.

Glofo is claiming 5ghz-ish with their 7nm process so I don't see why the tsmc 7nm process should not enable 5ghz-ish for ryzen 3000. I think an overlooked aspect of what AMD has been using process node wise is that its a 14nm samsung node used by Glofo, as far as I know samsung only make mobile centric processors where power efficiency is a premium and clock speed tend to be in the 1ghz to maybe 3ghz range, I dont believe there is a high performance variant of a samsung node just low power, TSMC and Glofo both state they will have both a high performance and low power verison of their 7nm process. This is why I believe the ryzen clock speeds have been lacking but power efficiency has been pretty good. Either way in time it will be revealed.

5 GHz haha, not going to happen. You'll see next year. Would be awesome tho, but forget it.

Since we got from 3.9-4.1 to 4.2-4.4 with a refresh and without tweaks in the arch on basically the same production line which with some tweaks got from 14nm to 12nm, a full node improvement to 7nm alongside a big improvement encore can easily reach very close or above the 5GHz limit at stock boost for 1-2 thread needs. My 5 cents.

We didn't go from 3.9-4.1 to 4.2-4.4. Some 1st gen did 4.2 and almost NO 2nd gen does 4.4 when we're talking 100% stable, and not just bench stable.

It's more like 200 MHz on average, from 1st to 2nd gen.

If they want gamers they first need to do something with this horrendous latency that CCX design produces, otherwise Intel will beat them in gaming as long as they keep using ring design.

Yeah. Ring bus is superior for gaming. I'll probably just crap one of Intel's new octa cores with solder and be fine for the next few years or atleast till next console gen hits in 2021ish. My Ryzen 1700X is much worse for high fps gaming than my i7-6700K. 60 fps/Hz gamers will be fine with Ryzen tho.
 
Last edited:
Joined
Mar 18, 2015
Messages
2,963 (0.83/day)
Location
Long Island
I'm still looking for justification to this hysteria ... where is the post from the guy posting "Oh I didn't wanna do the Spectre / Meltdown patch because of potential performance issues and now my life is hell" ... haven't seen so much "mush ado about nothing" since Y2k
 
Top