Interestingly, my ancient Lumia still gets updates from MS periodically.
Also, how likely is it that Intel, AMD, etc. will do recalls? Will they only do recalls for new models? How new?
A crazy performance loss from this for some of the Fortnite servers:
This is why multiple teams arrived at the same destination independently…
So why do things like this happen (granted the story about Daniel is a freaky one) Well CPU research is much like drawing a map of an uncharted world. Researchers start from known research and proceed into the unknown, and if they find something they document it and add it to the map. This essentially means that the frontier looks very similar to everybody leading people into the same paths. This processed is very much sustained by the fact that almost all research in this area is academic and academia is much better organized in terms of recording and documenting than hackers.
Thanks for posting that’s interesting stuff.
There won’t be any recalls. For one, we’re talking about everyone needing to redesign CPUs differently this way forward; no one has a design that is Spectre-proof, and it takes years to design a CPU. Second, we’re talking about literally hundreds of millions, if not billions, of CPUs that would need to be recalled. It would bankrupt anyone. Thirdly, if you even tried to say, redesign a first-generation Core CPU, all the machinery that made them is probably destroyed by now. That was a decade ago. There’s no point redesigning a 10-year-old CPU, and there’s no point putting a modern CPU in a 10-year-old machine, because all the supporting technology (motherboard, RAM) can’t support it.
The only realistic and practical way forward is to put in mitgations at the firmware, OS, and software level for now, and redesign CPUs moving forward. The good news there is that all the chip companies probably started the “we need a whole new thinking around CPUs” process six months ago.
If it truly is going to take a whole new way of thinking about CPU’s, think we better get comfortable with current CPU power, it’ll probably take a while until it starts going up again.
Here’s a pretty readable summary of how these attacks work conceptually:
As is usually the case with this kind of thing, it sounds very obvious in retrospect.
I updated the Windows clients on my vmware hosts this morning, and I’m already seeing 20% higher CPU utilization and only about half the clients have restarted for the new image now. We have a lot of available CPU over head, and it shouldn’t really affect us too badly (I connected in and have been using an updated client and performance is the same) since we have plenty of CPU, but still, kind of crazy. Next, onto my server environment!
The piece I was missing from these summaries (headlines and forum posts) is using the cache timing and getting one bit out.
I ran into that problem this weekend trying to update an ancient desktop. Glad to know it wasn’t just me.
See, this is why you don’t break embargo. Rushed deployments are dangerous.
Ironic bit is an AMD engineer is the one that did it!
MS reporting in. Sounds like anything Skylake and later should be in the single digits in terms of performance loss. The bad news is that Haswell and older are hit harder. Combination of older OS with the microcode/firmware updates that Intel is pushing out to handle Spectre.
Well I’m screwed with my old Sandy Bridge i5-2550k then. And, umm… Windows 7…
Desktop is an i7-6700, so that should be OK? My laptop is an i7-4700, though. Haswell.
What OS? MS says that Windows 7/8 take a harder hit.
It’s also tough to say because I don’t think Intel has gotten around to pushing Haswell microcode updates yet. I’m still waiting on word from Dell, and I have a i7-4770.
I use Win 10 on everything.
If your CPU name starts with a 6 or higher, you’ll get “single digit” slowdowns. Which could of course be up to 9%.
If not, I guess you’re looking at double digits. So it won’t grind to a halt at 100% slowdown, that’s something anyway.
Running a desktop with a web browser, you have no choice, you must update when available.
reddit/r/sysadmin is tracking software affected:
https://www.reddit.com/r/sysadmin/comments/7p6t7a/list_of_software_breaks_after_meltdownspectre/
MS SCCM that uses a SQL 2016+ backend breaks: https://twitter.com/djammmer/status/949122372384141312