Xeon Owners Club

[wanna_buy]

Can I assume you are competent in bios modifications? I have found people good at moving modules around and swapping them out but could never really find someone that really modified the code. I'd love to pick your brain if your up for it. I have a 1680v3 that I know will clock more if I can up the power current restrictions.

I only know how to unlock Turbo on V3 Xeons. I can not remove the power current restrictions.

 

[frankr2994]

I only know how to unlock Turbo on V3 Xeons. I can not remove the power current restrictions.

Gotcha. Ya that's about all I ran into. I believe that's a micro code delete and replacing an efi module. I'm trying to find someone like the person that wrote that efi module lol.

 

[Darmok N Jalad]

Question for any Westmere Xeon users, I have a 5,1 Mac Pro that I dual boot to Windows 10 for gaming only. Do the sceptre and meltdown patches affect gaming performance much, and how much of a chance would I be taking disabling them since I’m not using a browser? I have the x5690, which is high as I can go in the 5,1. Just trying to squeeze as much as I can out of it. I did some searching on it, and I didn’t see much on the pre-SB Xeons.

 

[lexluthermiester]

Do the sceptre and meltdown patches affect gaming performance much

Yes, they do.

and how much of a chance would I be taking disabling them since I’m not using a browser?

The actual security threat is almost non-existent. As has been stated elsewhere, the Spectre & Meltdown type vulnerabilities require a locally installed component. If you're only using the game client(Steam, Epic, Galaxy, Etc), there is no entry vector for a malware payload. Even if you were using a browser, the risk is similarly minimal as there would need to be an action by you to download and run a payload. As long as you don't do that, an attack based on these vulnerabilities is impossible.

Disable the patches, game on, enjoy.

 

[frankr2994]

Hey I'm trying to sort something out. There were some custom skus out there for e5-v3s. I know the single sockets were 1681,86,91 pretty sure of that. What I lost track of was what they used for dual socket. I know there was a few but I can't find info on them. I think Intel made them for Amazon or something.

 

[lexluthermiester]

Hey I'm trying to sort something out. There were some custom skus out there for e5-v3s. I know the single sockets were 1681,86,91 pretty sure of that. What I lost track of was what they used for dual socket. I know there was a few but I can't find info on them. I think Intel made them for Amazon or something.

One of the staff over at TechARP made a quick reference table for them. He quit working on it a few years ago, but I still use it regularly to look things up.

Should help you find what you're looking for.

 

[frankr2994]

One of the staff over at TechARP made a quick reference table for them. He quit working on it a few years ago, but I still use it regularly to look things up.
Should help you find what you're looking for.

F'n awesome. That's my new favorite thing lol. If it matters I was specifically looking for the e5-2666v3. Guide pointed me right to it and was even referenced to Amazon. Thanks.

 

[mechtech]

does this count?

 

[1freedude]

no

 

[lexluthermiester]

F'n awesome. That's my new favorite thing lol. If it matters I was specifically looking for the e5-2666v3. Guide pointed me right to it and was even referenced to Amazon. Thanks.

Unfortunately, he's not updating it anymore, which is a real shame. Glad it helped though!

does this count?

View attachment 273049

Nope. That's Xenon, not Xeon. Close but no cigar...

 

[80-watt Hamster]

does this count?

View attachment 273049

I dunno; do you own that xenon?

 

[mechtech]

I dunno; do you own that xenon?

lol alas no.............but I do have some Argon in the garage for the MIG.

 

[lexluthermiester]

I dunno; do you own that xenon?

Does it matter? LOL!

 

[1freedude]

When he uses the Argon, the matter will be....plasma!

I have some too, and some Helium, and of course, some Xeons

 

[80-watt Hamster]

Does it matter? LOL!

No, but I thought it was funny.

 

[mplayerMuPDF]

Yes, they do.

The actual security threat is almost non-existent. As has been stated elsewhere, the Spectre & Meltdown type vulnerabilities require a locally installed component. If you're only using the game client(Steam, Epic, Galaxy, Etc), there is no entry vector for a malware payload. Even if you were using a browser, the risk is similarly minimal as there would need to be an action by you to download and run a payload. As long as you don't do that, an attack based on these vulnerabilities is impossible.

Disable the patches, game on, enjoy.

That is incorrect. JavaScript (and specifically code executed by a JIT interpreter as it is in all popular web browsers, by default) is a vector. There is a reason that browsers were quick to implement their own mitigations after these transient execution vulnerabilities were revealed. That said, as they are not using a web browser on that machine this is irrelevant. It basically boils down to running untrusted code on your machine (and that includes JITing JavaScript in your web browser) being a problem and frankly it has always been since even before this new class of vulnerabilities was discovered there were security issues with JavaScript sandbox being escaped by malware. It has always been an arms race between browser vendors and attackers. And it is not just sketchy websites that you need to worry about either because you have ads, even on well-known reputable sites, serving malware. This is why it is to run uBlock Origin (or NoScript) these days. It is now at the heart of my personal security (and privacy but that is another story) doctrine because, I repeat, running untrusted code on your computer is simply a fundamental problem (and it will always be unless we get a revolution in popular hardware architecture; I have read that certain ancient mainframe architectures were significantly more secure by design than the PC/x86 but I am not an expert on that topic) no matter how many security measures software developers take.

 

[lexluthermiester]

JavaScript (and specifically code executed by a JIT interpreter as it is in all popular web browsers, by default) is a vector.

It's really not that simple. I don't really want to be going into it again, because...

There is a reason that browsers were quick to implement their own mitigations after these transient execution vulnerabilities were revealed.

...every modern browser patched that problem and all of it's variants. Browsers are NOT a valid attack vector. Even with a vulnerable browser, direct user interaction was required to install a payload. For anyone who has any knowledge of this, they will not be blindly clicking on crap or visiting "iffy" sites.

And it is not just sketchy websites that you need to worry about either because you have ads, even on well-known reputable sites, serving malware. This is why it is to run uBlock Origin (or NoScript) these days.

That's a fair point, but again, the user has to actively download and install the payload. Browsers are configured to block anything that would otherwise be presented to the user. Adblockers and JS managers provide further protection.

Put simply, those patches are completely redundant at this time and can safely be disabled. And if you knew me better and how much of a security boot-stomper I am, you could better appreciate this statement.

 

[mplayerMuPDF]

I am thinking about getting a microATX LGA 1150 Supermicro board from eBay complete with E3 v3 Xeon and swapping it into my current PC (see system specs). Anything I need to worry about? I think I am more comfortable with reusing my current ATX PSU than relying on a proprietary PSU in the HP Z420 and I think a more incremental change of my PC may be a better idea (I also do not look forward to the prospect of having to sell off my entire PC).

 

[Veseleil]

Anything I need to worry about?

In regards to E3-v3, nothing at all.

 

[mplayerMuPDF]

In regards to E3-v3, nothing at all.

I was primarily concerned about the Super Micro board but it is good to know that those Xeons are fine. I will be getting a Haswell Refresh chip just like your 1241, so there shouldn't be any issues with errata. I checked the product page/Quick Reference and the Super Micro board seems to have a standard ATX power connector so that should not be an issue at least.

I am hoping that the sale of my 1600 AF+Biostar X470GTQ (and perhaps WX2100 and DDR4 too) can fund the purchase of a new (well, to me) enterprise HDD to replace my UltraStar 7K3000 as my main HDD and a Noctua case fan to replace the noisy (and probably malfunctioning) case fan that came with my Fractal Design case.

It's really not that simple. I don't really want to be going into it again, because...

...every modern browser patched that problem and all of it's variants. Browsers are NOT a valid attack vector. Even with a vulnerable browser, direct user interaction was required to install a payload. For anyone who has any knowledge of this, they will not be blindly clicking on crap or visiting "iffy" sites.

That's a fair point, but again, the user has to actively download and install the payload. Browsers are configured to block anything that would otherwise be presented to the user. Adblockers and JS managers provide further protection.

Put simply, those patches are completely redundant at this time and can safely be disabled. And if you knew me better and how much of a security boot-stomper I am, you could better appreciate this statement.

I have no idea where you are getting this idea that users need to "actively download and install the payload". Any JavaScript on a web page is run by default when a page is loaded (or it is triggered by something else, which the web page (or ad) 'decides'). We are not talking about some kind of Java or Flash/Adobe AIR applet or something that you need to click to run or that needs to be downloaded and executed by some local runtime manually. "Adblockers and JS managers" do not just provide "further protection". On the contrary, they are necessary to override the dangerous default behavior/configuration of (most/popular) browsers.

Also, they are not "patches" that solve the problem. They are mitigations; they mitigate the risk, they do not eliminate it. You should look at this as browser vendors doing their part (to the degree that in their own eyes is reasonable, when balanced with other concerns such as performance and user experience) to make the best of a bad situation.

I am sure that you take security very seriously and have a great breadth of knowledge when it comes IT/system administration etc but I do not think you have an adequate understanding of this particular niche topic. I will be the first to admit that I am far from an expert when it comes transient execution vulnerabilities, JavaScript or browsers in general but I do have a tiny bit of experience creating web applications with JavaScript and I have learned a lot the last couple of years about how invasive JavaScript has become (in particular when it comes to tracking). Additionally, using OpenBSD as my main desktop OS for half a year and being a part of that community taught me a lot about security and I try to at least keep up on a surface level with the latest about these transient execution vulnerabilities.

As an aside I was reading an overview paper by one of the security researchers involved in discovering these vulnerabilities recently (I will have to look it up again and finish it in the near future) and even though I do not understand at least half of what they are talking about (my rudimentary understanding of how CPUs work from a college computer architecture/assembly language programming course does not really cut it), I still learned a fair amount about the basic concepts behind these vulnerabilities (and there are actually significant differences between different classes of them).

 

[lexluthermiester]

I have no idea where you are getting this idea that users need to "actively download and install the payload". Any JavaScript on a web page is run by default when a page is loaded (or it is triggered by something else, which the web page (or ad) 'decides'). We are not talking about some kind of Java or Flash/Adobe AIR applet or something that you need to click to run or that needs to be downloaded and executed by some local runtime manually. "Adblockers and JS managers" do not just provide "further protection". On the contrary, they are necessary to override the dangerous default behavior/configuration of (most/popular) browsers.

Like I said, I'm not getting into this discussion again. It was argued to death a few years ago when people kept saying the same thing and no one has EVER proved it(JS proof of concepts where only theoretical and did NOT actually prove anything). What is known is that exploits for side-channel type attacks NEED local physical access. Remote access(that includes JS) DOES NOT WORK. Full stop, end of story. Let it go.

As an aside I was reading an overview paper by one of the security researchers involved in discovering these vulnerabilities recently (I will have to look it up again and finish it in the near future) and even though I do not understand at least half of what they are talking about (my rudimentary understanding of how CPUs work from a college computer architecture/assembly language programming course does not really cut it), I still learned a fair amount about the basic concepts behind these vulnerabilities (and there are actually significant differences between different classes of them).

Finish that read. It'll help you understand why this series of vulnerabilities is so woefully misunderstood.

 

[mplayerMuPDF]

Like I said, I'm not getting into this discussion again. It was argued to death a few years ago when people kept saying the same thing and no one has EVER proved it(JS proof of concepts where only theoretical and did NOT actually prove anything).

I think there were actual JS demos that could extract secrets from your RAM given enough time but I could be wrong.

What is known is that exploits for side-channel type attacks NEED local physical access.

That is true for traditional side-channel attacks that have been known since the 80s, yes. But transient execution vulnerabilities are very different; their discovery in 2018 changed everything.

Finish that read. It'll help you understand why this series of vulnerabilities is so woefully misunderstood.

I sure will.

I don't think that these are the type of vulnerabilities that will be exploited by the average cybercriminal but I think that more advanced actors (think powerful state level actors) can and will definitely use these vulnerabilities, especially as they leave no trace. I think that some of these actors may have a better understanding of these vulnerabilities than public/academic and independent researchers currently do.

 

[lexluthermiester]

I think there were actual JS demos that could extract secrets from your RAM given enough time but I could be wrong.

I never saw one that actually worked.

I don't think that these are the type of vulnerabilities that will be exploited by the average cybercriminal but I think that more advanced actors (think powerful state level actors) can and will definitely use these vulnerabilities, especially as they leave no trace. I think that some of these actors may have a better understanding of these vulnerabilities than public/academic and independent researchers currently do.

Exactly. It's just not something the average use needs to be worried about.

 

[KLiKzg]

Well here is the thing.....first of all also depend with what motherboard you will pair this cpu's because 1620 v2 is unlocked and it can be OC easily beyond 4ghz on some decent mobo...second E5 2620 V3 is 6c/12t so you have more threads even if is it maybe a bit slower on single core performance you will have more power under the "hood" which is also important in gaming + turbo unlock hack works on cheap Chinese motherboards so this CPU probably can work on 3,2Ghz on all cores and then his IPC wil be better....

If you do not planing to do any OC or turbo-bios-hack and you asking just for stock speed between these 2 cpu's then I guess it will really depend of the game you playing because most/older games still prefer "few"faster cores BUT newer games starting to like more cores/threads and sometimes even if they are slower they can give you more FPS in certain situations......
It's a close race between these 2 but In this case I will pick 2620 v3.....saying that even 6c/12t is not enough anymore maybe you can look for some cheap 8c/16t solution?


If you have somewhere 1 more fan put it on it it will work GREAT on CM T20 as twin-turbo and sometimes temps can go down drastically....

View attachment 169646

Well CM Hyper T20 turned out not so great product. Failed in the middle of 24/7 working computer!

 

[Zyll Goliat]

Well CM Hyper T20 turned out not so great product. Failed in the middle of 24/7 working computer!

Srry to hear that...is the fan that failed or what?How long lasted?