Massive CPU Security Flaws Revealed


That really isn’t a meaningful statement. If it took 0.02 seconds to view a photo before and 0.03 seconds after, that’s a whopping 50% slowdown but it only amounts to 100ms so you wouldn’t notice.


Exactly. People were worried about I/O syscalls being a lot slower, but since for most I/O syscalls the wait time is far larger than any time spent on the CPU (since I/O is usually orders of magnitude slower than the CPU), the impact is negligible if noticeable at all.


Yeah, but if I were Intel I would be very cautious about publicly taking the stance that CPU speed doesn’t matter.


Well, it does matter in a lot of situations, and context switching really hurts in the case of VMs and such.

I think Intel is hoping, right now, that people will consider buying faster/newer CPUs to make up for the lost performance, in spite of the fact that those newer CPUs will also have less than optimal performance. The fact that Intel doesn’t really have any (unaffected) major competitors helps.

BTW, game consoles are probably affected, are they not? Of course, it’s a lesser issue on those platforms since they’re more “controlled”, but who knows what could happen if an indie dev puts some “malicious” code in there…


Game consoles are vulnerable to Spectre, sure. They’re not Intel (ignoring the OG Xbox) so not Meltdown. All consoles are heavily sandboxed but the nature of this exploit allows you to escape the sandbox, and modern consoles have appstores so if you were to run (for example) a Kodi python addon, you could jailbreak the Xbone! So yes consoles do need to be fixed.

Next generation intel chips will absolutely have Meltdown fixed. Spectre will be around for a long time.


Notice that Intel’s benchmarks are from Skylake or newer chips, when the issue is that MS is saying it’s the Haswell or older that take the beating.


This appears to be MS being slightly lazy, they might back around to updating this in the future. Apparently there are two CPU features that help mitigate performance penalties of Meltdown - PCID which dates back to Sandy Bridge (as far as I can tell) and is difficult to use by itself; and INVPCID which helps out, dating from Haswell. Microsoft only implemented PCID+INVPCID combo for now.


Well, obsolescence is a thing, so I won’t get my hopes up. It would be easy for them to shrug off the old hardware.


Intel is having a bad 2018 so far.


C’mon, 4670K, just make it the, uh, 3-4 years more it will take before your $250 equivalent product on the lineup represents a meaningful upgrade in speed.


I have followed this only superficially. Why is Ryzen never mentioned?


Ryzen is immune to Meltdown, which is the primary exploit being patched so far.

It isn’t immune to Spectre, which has similar effects but is much more difficult to patch.


AMD just announced that they’re issuing microcode updates for their CPUs, including Ryzen. They still say that they’re invulnerable to Meltdown and Spectre Variant 3.


Seems like Ryzen was a good choice then. Thanks!


Yes, addressing Spectre requires CPU microcode updates for all processors. This applies to intel, AMD, and ARM. And there will likely be multiple updates as it isn’t easy to fix, being the result of fundamental design decisions made over a decade ago.


I really fucking hate that we can’t just have nice things.


So my PC restarted for updates last night and has since already rebooted again. Not sure if second block of updates or if I’m starting to enjoy the New Normal of borked Haswell-era patches :-/


Any word on sandy bridge issues? I have a 2500k.


So I guess there won’t be a Stusserbeast 2018 thread then which sucks because I was on the verge of doing an upgrade of my old I7-930. It’s fine for games made to run on consoles but sucks for sims like Xplane 11.

BTW, has anyone seen Dr. Baltar lately?


Where are you seeing a third variant for Spectre? The writeups I’ve read have two variants of that (conditional branch and indirect branch based) and a third related attack which was written up as Meltdown.

i.e., I’m double checking nomenclature to make sure I understand what you’re saying correctly. :)