Really could do with an overview of the type of tasks this affects. If they're everyday tasks that don't strain the CPU then it doesn't matter (to me), however if it's going to noticeably slow down tasks that already use up all the performance of the CPU then it's a bloody big deal!
"or go buy a new processor without the design blunder" such as? AMD only? Crikey
I don't feel like giving more money to the saudis
What a bizarre thing to say. AMD is a publicly traded American company - if you want to avoid giving money to a certain country at any point in the supply chain for whatever strange reason, you better avoid Intel too and go live in the woods or something. Certainly stay away from any plastics or petroleum products!
Pleiades (04-01-2018)
TBF it's probably not going to be as bad as 30%, or even 10%, in consumer workloads. The way I understand it at the moment (which is admittedly from skim-reading a couple of articles), this first round of patches is more of an emergency fix with the possibility of better-optimised workarounds coming later? A couple of demanding consumer workloads such as gaming and video encoding don't seem to be too badly affected according to Phoronix's tests, though of course they're Linux so it could be different on Windows.
I'm very interested to see this put to the test though! And furthermore, if any future patches do improve things, it's only fair to post updated results when they're available.
Story has been updated with an official response from Intel:
Intel has officially responded to the security flaw reports in an email to HEXUS and via its official Newsroom Blog. In a nutshell it has issued a denial of sorts, saying that any exploits via flaws are not unique to Intel products. It then mentions how it is working closely with the likes of AMD, ARM Holdings and several operating system vendors to solve the issues discussed in the news above. Below is an excerpt of the statement for your convenience, or you can digest the full Intel blog post at the link above.
"Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed. Intel believes these exploits do not have the potential to corrupt, modify or delete data.
Recent reports that these exploits are caused by a “bug” or a “flaw” and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.
Snip
Intel believes its products are the most secure in the world and that, with the support of its partners, the current solutions to this issue provide the best possible security for its customers."
Last edited by mtyson; 03-01-2018 at 09:43 PM. Reason: indents
The cynic in me wonders if this is a damage limitation exercise given the volatility in the Intel share price.
On the other hand, there has been a lot of speculation about the effects of the patch and the risks of the ‘exploit’ and lets face it, bad news is good news for some media outlets - nothing like a bit of sensationalism to generate readers.
So it will be interesting to see what the real world effects are wh3n the patches are released - presumably next week.
(\__/)
(='.'=)
(")_(")
Been helped or just 'Like' a post? Use the Thanks button!
My broadband speed - 750 Meganibbles/minute
How come it took them so many years to find this flaw ?
Probably because no-one was looking for it. I guess it was stumbled on by chance. There has been a lot of work recently in reverse engineering the Intel Management Engine and this could have come to light during that work (even though the two seem to be otherwise unrelated)
Lots of bugs have been around a long time. The shell shock bug was around for 30 years without causing problems, and was only discovered when other software advances started using that particular shell command in novel ways.
(\__/)
(='.'=)
(")_(")
Been helped or just 'Like' a post? Use the Thanks button!
My broadband speed - 750 Meganibbles/minute
Which workloads, and define "average computer user". Also mitigated over time, in what manner? Software? Buying more Intel products with higher IPC?Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.
In light of what AMD has already stated, I assume Intel have asked them for advice on how to resolve the problem, seeing as AMD CPUs are not affected in the same way.AMD processors are not subject to the types of attacks that the kernel
page table isolation feature protects against.
I've read (no idea how true this is so please don't quote me) this may affect some non-x86 CPUs in a similar way. Intel's statement therefore doesn't necessarily contradict the ones from AMD or Linux commits.
Intel haven't said AMD are effected but have managed to drag their name into the story to make consumers unsure
No surprise there
More information released from Google.
https://security.googleblog.com/2018...-need.html?m=1
There's a lot going on with this story
https://www.wired.com/story/critical...ost-computers/
On Wednesday evening, a large team of researchers at Google's Project Zero, universities including the Graz University of Technology, the University of Pennsylvania, the University of Adelaide in Australia, and security companies including Cyberus and Rambus together released the full details of two attacks based on that flaw, which they call Meltdown and Spectre.
"These hardware bugs allow programs to steal data which [is] currently processed on the computer," reads a description of the attacks on a website the researchers created. "While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs."
Although both attacks are based on the same general principle, Meltdown allows malicious programs to gain access to higher-privileged parts of a computer's memory, while Spectre steals data from the memory of other applications running on a machine. And while the researchers say that Meltdown is limited to Intel chips, they say that they've verified Spectre attacks on AMD and ARM processors, as well.
There are currently 1 users browsing this thread. (0 members and 1 guests)