• Competitor rules

    Please remember that any mention of competitors, hinting at competitors or offering to provide details of competitors will result in an account suspension. The full rules can be found under the 'Terms and Rules' link in the bottom right corner of your screen. Just don't mention competitors in any way, shape or form and you'll be OK.

Intel bug incoming? Meltdown and Spectre exploits

If you had a game pc though with steam and battlenet cpuz would you need a new pc? I always maintained a spare device was a lifesaver. And if the above performance hit is real in 4770k sorry but i cant afford to patch lol.

Does this need a program to steal passwords in a machine? Or could it come through chrome?
 
Perfect_Chaos said:
I bought it in March 2015, says it has a 3 year warranty on the site so i guess it's still in warranty then. Same as the board, i bought both together as a bundle.
Click to expand...
As others have suggested, what do you suggest you would do if you were to get a refund? Is there some other CPU which doesn't have the same issues?
For what are you using your system such that it is no longer suitable?
People's hysterical reaction to this bug bewilders me.
 
AmateurExpert said:
My point was that even though Ryzen doesn't need a redesign to tackle Meltdown, the performance hit from the Spectre software mitigations in some cases is not negligible for Ryzen (though some Intel kit seems to get hit worse - but I wasn't talking about Intel), and this is even before AMD have supplied microcode updates to facilitate OS-level Spectre Variant 2 mitigations. Therefore there is still an opportunity for AMD to change future chips to give back some performance in these areas - whether through negating the need for the software workarounds or otherwise.
Click to expand...

AMD's messaging seems to be being ignored by a lot of reporters but they are specifically saying, none of the current attacks work on AMD< there is nearly no chance anyone will crack a way to make the attacks work due to the way they've protected their information the attack is trying to read. They have produced an extra step that makes it actually impossible to attack rather than 99.99999% safe but are saying it's effective for piece of mind and is 100% optional. For Intel the attacks are easy and the fix is more necessary than optional. The problem seems to be so many people are confusing the two bits of information, that variant 2 attacks are more difficult to exploit than meltdown attacks and that AMD are saying it's nearly impossible to exploit a variant 2 attack on them. This is two separate pieces of information.

It's more difficult yet to write an variant 2 than variant 3 attack, but when you've done so variant 2 and variant 3 can work effectively against any Intel chips. With AMD it's simply near impossible because that same attack simply won't ever rear the correct information.

When they convince themselves of it, 99% of servers will disable the variant 2 fix for AMD but those running Intel absolutely need it.
 
AmateurExpert said:
Even without the microcode updates, the patches to the Linux kernel so far have impacted Ryzen and EPYC. Maybe there'll be strong enough proof that Ryzen etc. are not vulnerable to Spectre and so allow them an exception from the mitigations (as with Meltdown), but until then the default is to take the hit.
Click to expand...

Looked on Phoronix but only see meltdown patch data which are now default off. No other references.

Have a link for the comparisons ?
 
drunkenmaster said:
none of the current attacks work on AMD
Click to expand...

On one side we have the researchers' claim in their paper that their experiments demonstrated Ryzen was vulnerable to Spectre (section 4.1 on page 6). GP0's blog doesn't have Ryzen in its scope.

I want to hear from other teams if the original claim can be replicated or challenged, as all we have on the other side is a limited response from AMD that discounts the research findings with nothing that really addresses the discrepancy. Intel have been terrible with engaging in PR bluff and made some questionable decisions in their handling of the patches, but AMD are doing not much better and don't seem to be working well with the original research team.

drunkenmaster said:
It's more difficult yet to write an variant 2 than variant 3 attack, but when you've done so variant 2 and variant 3 can work effectively against any Intel chips. With AMD it's simply near impossible because that same attack simply won't ever rear the correct information.

When they convince themselves of it, 99% of servers will disable the variant 2 fix for AMD but those running Intel absolutely need it.
Click to expand...

AMD from the start didn't claim zero risk for variant 2, just near-zero, and are following up with microcode updates. The latest statement from AMD is "we believe that AMD’s processor architectures make it difficult to exploit Variant 2" and they are still working on it. It's possible this reassurance evolves enough over time for those running critical infrastructure (VMs, cloud services) to forego the available mitigations, but it's insufficient at the moment.

pete910 said:
Looked on Phoronix but only see meltdown patch data which are now default off. No other references.

Have a link for the comparisons ?
Click to expand...

From "Benchmarking Linux With The Retpoline Patches For Spectre":

embed.php

embed.php

embed.php
 
AmateurExpert said:
On one side we have the researchers' claim in their paper that their experiments demonstrated Ryzen was vulnerable to Spectre (section 4.1 on page 6). GP0's blog doesn't have Ryzen in its scope.

I want to hear from other teams if the original claim can be replicated or challenged, as all we have on the other side is a limited response from AMD that discounts the research findings with nothing that really addresses the discrepancy. Intel have been terrible with engaging in PR bluff and made some questionable decisions in their handling of the patches, but AMD are doing not much better and don't seem to be working well with the original research team.



AMD from the start didn't claim zero risk for variant 2, just near-zero, and are following up with microcode updates. The latest statement from AMD is "we believe that AMD’s processor architectures make it difficult to exploit Variant 2" and they are still working on it. It's possible this reassurance evolves enough over time for those running critical infrastructure (VMs, cloud services) to forego the available mitigations, but it's insufficient at the moment.



From "Benchmarking Linux With The Retpoline Patches For Spectre":
Click to expand...


Well AMD is on a winner there. Just as they have said.

All that Intel have to do is just redesign their next cpu and bring it out on 10nm. What could possibly go wrong.

Oh yes, and compensate their current users - sorted.
 
stockhausen said:
As others have suggested, what do you suggest you would do if you were to get a refund? Is there some other CPU which doesn't have the same issues?
For what are you using your system such that it is no longer suitable?
People's hysterical reaction to this bug bewilders me.
Click to expand...
I would have to use older hardware for now. Nope guess there isn't a CPU which doesn't have an issue, yet. Not sure I'm using anything that would make it less good.

Maybe a chance to switch to another platform, but the only one that would have any worthwhile longevity would be AM4, no hysterics needed :p I'm not sure if it would be worth the hassle anyway.
 
AmateurExpert said:
On one side we have the researchers' claim in their paper that their experiments demonstrated Ryzen was vulnerable to Spectre (section 4.1 on page 6). GP0's blog doesn't have Ryzen in its scope.

I want to hear from other teams if the original claim can be replicated or challenged, as all we have on the other side is a limited response from AMD that discounts the research findings with nothing that really addresses the discrepancy. Intel have been terrible with engaging in PR bluff and made some questionable decisions in their handling of the patches, but AMD are doing not much better and don't seem to be working well with the original research team.



AMD from the start didn't claim zero risk for variant 2, just near-zero, and are following up with microcode updates. The latest statement from AMD is "we believe that AMD’s processor architectures make it difficult to exploit Variant 2" and they are still working on it. It's possible this reassurance evolves enough over time for those running critical infrastructure (VMs, cloud services) to forego the available mitigations, but it's insufficient at the moment.



From "Benchmarking Linux With The Retpoline Patches For Spectre":

embed.php

embed.php

embed.php
Click to expand...
The original paper doesn't say the attack works on Ryzen, but that it's applicable - which normally means the potential to build an attack is there. So AMDs message matches what the original researchers said. However the wording is strange as you'd normally say the vector was applicable not the attack so perhaps they are saying their specific attack worked? In which case they are back to being contradictory.

Later in 4.1 they talk about observing the vulnerability not using it, again poor language choice as it remains ambiguous if it's signing a probable vector or a working exploit. I hate language :p

Meh.

Edit: rereading it I'm pretty sure they're trying to say their attack does work on Ryzen, just phrasing it badly.

Re-edit: Though it could be the non-compromising POC that is allowing reads without crossing a privilege boundary in which case it's back to not an actual exploit. Argh. So I second your comment that it'd be nice to hear from other teams (and/or have them address each others findings) rather than just nitpick over exact wording.
 
Last edited:
DarkBahamut said:
If your CPU is the Ivybridge CPU in your sig then there isn't an update. There are only updates as far back as Haswell so far. The file includes microcode for all the CPU's listed, but only Haswell and newer are Spectre patched ones. The release notes files included will detail the updated microcode files.
Click to expand...

Thanks, will keep an eye out for new Intel updates.
 
A little hope in an open letter from Brian Krzanich...

By Jan. 15, we will have issued updates for at least 90 percent of Intel CPUs introduced in the past five years, with updates for the remainder of these CPUs available by the end of January. We will then focus on issuing updates for older products as prioritized by our customers.
Click to expand...

https://newsroom.intel.com/news-releases/security-first-pledge/
 
AmateurExpert said:
From "Benchmarking Linux With The Retpoline Patches For Spectre":
Click to expand...

Are yes, forgot it's not called spectre the actual work round :o.

Not sure if that includes the serialization patch as AMD is different if it does need it. Think it will take a few months before the fall out from this is known to the full extent tbh.

Going on the news that keeps seeping + benches with only Intel's in the mix am fairly certain AMD is either lucky or not so effected.
 
David Bisset said:
Argh. So I second your comment that it'd be nice to hear from other teams (and/or have them address each others findings) rather than just nitpick over exact wording.
Click to expand...

LOL - it's easy to poke fun at research papers for often concluding that "more research is needed" as somehow just furthering some sort of perceived academic gravy train, but the researchers are justified in doing so as it's easy to overlook or misinterpret things at the first pass. This does seem to need rather more time to be understood enough.

pete910 said:
Not sure if that includes the serialization patch as AMD is different if it does need it. Think it will take a few months before the fall out from this is known to the full extent tbh.

Going on the news that keeps seeping + benches with only Intel's in the mix am fairly certain AMD is either lucky or not so effected.
Click to expand...

The Phoronix benchmarks so far do indicate that (for the Linux Spectre mitigations applied to date) there's often less of an impact on AMD Ryzen/EPYC than even the newer Intel CPUs, but I agree there's rather more to come in terms of knowing what is really vulnerable to Spectre and all the mitigations that are still being developed and tested, not to mention potential optimisations.

jabbz said:
So when will the final update be or does no one know yet?
Click to expand...

So I think Meltdown is more or less complete in terms of being understood and the mitigations that are applicable - Windows, Linux and MacOS at least have all released updates, and the Xen hypervisor has countermeasures too.

Spectre is much more complex, and it seems to me we're some way from knowing all there is to know about it. Where applicable, there are a variety of countermeasures that can be applied at OS (with microcode support) and application level, and it may take a while for performance impacts to settle.
 
hey everyone.

so I have a non k 6400 with an f6 custom bios on my GB z170 so I can overclock it..how urgent is doing this MB bios update as I believe I will lose my OC ability if i update the bios.
I only game and browse the net.

I understand this 'bug' has been out for a while now so how real is the threat in being compromised now after all this time?..are the chances higher now than they were before?

thanks
david
 
Cromulent said:
I rang the Citizens Advice Bureau about this yesterday and apparently you do have some rights if the product is not performing as originally stated due to the patches. You first need to talk to the people who sold you the hardware directly. The option seems to be for a full but if any computer you buy is going to suffer from the same issue I'm not sure returning the computer will be much of an option. Having said that you do have rights as consumers and you should speak to the people you bought the hardware from. If you paid by credit card and the seller isn't playing ball then you can talk to your credit card company who are also liable if the item cost more than £100.

I'm highly tempted to talk to the people I bought my hardware from as it is a new computer and this is unacceptable that I should pay so much and then get such a massive performance penalty. If anyone is interested in doing the same let me know and we can try and help each other. Due to OCUK forum rules though I am not able to mention any company names.

If you are a business this doesn't include you as business transactions are handled under different legislation.
Click to expand...

Good luck with that...
 
fastboy said:
hey everyone.

so I have a non k 6400 with an f6 custom bios on my GB z170 so I can overclock it..how urgent is doing this MB bios update as I believe I will lose my OC ability if i update the bios.
I only game and browse the net.

I understand this 'bug' has been out for a while now so how real is the threat in being compromised now after all this time?..are the chances higher now than they were before?

thanks
david
Click to expand...

They are not disclosing much but as above im in the same boat i have a main gaming only pc with a custom hpet toggle and NVMe bios for my z87ud4h which is rare. This pc is fast and viable yet four years old is it not funny how the following is true?

1 brand new ssds arrive and people instead of bios support are abandoned.
2 no toggle for hpet on latest intel motherboards. Im told ryzen has hpet toggle.
3 intel cpu sales slow and a new bug arrives to encourage upgrades and mess with old pcs



Unless gigabyte give me a like for like bios again i am boycotting intel and gigabyte for the rest of my life. And i will just sit on my 4770k until the first AMD cpu of 2019.
 
You must log in or register to reply here.
Back
Top Bottom