Associate
No one anywhere?
What's that amd.com?
Oh dear.
I suppose someone will try to claim that because it's harder to exploit that makes it OK that AMD are vulnerable
-
Competitor rules
Please remember that any mention of competitors, hinting at competitors or offering to provide details of competitors will result in an account suspension. The full rules can be found under the 'Terms and Rules' link in the bottom right corner of your screen. Just don't mention competitors in any way, shape or form and you'll be OK.
No one anywhere?
What's that amd.com?
Oh dear.
I suppose someone will try to claim that because it's harder to exploit that makes it OK that AMD are vulnerable
- Joined
- 30 Jul 2006
- Posts
- 12,130
I suspect that it is only a matter of time before Intel claim that they reverse-engineered the AMD CPU and tried to make it more secure (and by happy coincidence faster) and that the whole disaster is entirely AMD's fault.
Caporegime
- Joined
- 18 Oct 2002
- Posts
- 33,188
No one anywhere?
What's that amd.com?
Oh dear.
I suppose someone will try to claim that because it's harder to exploit that makes it OK that AMD are vulnerable
Spectre attacks work against speculative execution chips , variant 2 works against branch target injection, this makes spectre 2 applicable to all such chips. However on the same page it says that AMD also say
This makes you a bit of a fool as in trying to insist I was incorrect, you quoted AMD using a different word somewhere else on the page for a different reason and failed to quote the bit where AMD also says they aren't currently vulnerable.
By difficult to exploit they mean, nearly impossible to the degree that despite the entire industries top guys all working on it, no one has made an attack worse.
More difficult to exploit doesn't mean, write an attack to exploit spectre 2 on Intel chips and then spend twice or even ten times as long writing a version that works on AMD, they mean quite literally that there is a much lower than 1% chance anyone would ever find a way to make it work.
The fundamental reason these attacks work on Intel is the BTB entries are in predictable locations on Intel chips, so you can find then keep attacking and keep reading that data. On AMD the entries are not in predictable locations, meaning there is no practical way to attack their chips. There is an entirely optional patch(which does drastically less than the Intel patch) for Spectre 2 that removes even that tiny possibility.
Caporegime
- Joined
- 18 Oct 2002
- Posts
- 33,188
You read that article(so you say) then immediately commented to once again have a pop for the near-zero statement, which once again has nothing to do with the lawsuit. AMD are vulnerable to variant 1 attacks, they didn't state they were in the Q1-Q4 reports for 2017 and also made a claim that there were no known problems to the shareholders, that actually was a lie, that is what they are being sued over.
Why you're even mentioning the near-zero statement I don't know, it has no relevance at all, if they are or aren't vulnerable (somehow everyone in the industry can make these attacks work on Intel and no one can on AMD.... but certain people on this forum apparently know better) isn't relevant, it's the lying on a legal document that they are being sued for, something that happened months ago, they aren't suing for anything at all pertaining to the announcements this month.
They are also nuisance lawsuits and nothing else, the ones that Intel might get from massive industry clients (I believe there are a couple) are extremely valid, the ones where people buy a little stock then try to extract some lawyer fees are not serious.
The reason they used near-zero in the announcement is as I said before, the risk isn't nothing, but it's extremely small. It's funny because it was you and someone else being foolish and when asked neither of you could come up with a suitable usable term instead of near-zero. Zero is incorrect, a number near-zero is the actual amount of risk there is to variant 2..... but apparently you and this other guy and a few others seem to take offence to using that term though of course neither of you could supply another term (you offered a substitution for the OTHER part of their statement) nor explain why near-zero is bad... to describe a number.... near-zero but not zero.
The article I read even states that one of the things that was under scrutiny was that one of the statements changed from "near zero" to "optional" and ties it in with the previous issues with disclosure.
Dunno why you are even defending AMD here they have such a history of using wording like this and it turns out to be BS and misleading for instance https://www.reddit.com/r/Amd/comments/7sedpq/amd_cancels_the_driver_path_for_primitive_shaders/ (find comments by loggedn2say, etc.).
Caporegime
- Joined
- 18 Oct 2002
- Posts
- 33,188
The article you linked to with your original statement said no such thing and AMD hasn't changed their statements from near-zero to optional, that is simply bull.
AMD said both from day one AND today in regards to the risk is that variant 2 has a near-zero chance of being exploited, no one anywhere has made a variant 2 attack work. They then released a spectre patch which, low and behold was widely reported, particularly on Intel friendly sites to not be optional. AMD simply put out a press release stating that the patch is optional if you want zero risk rather than near zero risk.
Near zero risk and optional are in regards to two entirely different things, the patch is optional, near-zero is how they rated the risk against variant 2. Please tell me you realise that AMD didn't make a statement that said their risk against variant 2 was 'optional', because both no one ever said this and it makes fundamentally no sense.
https://www.anandtech.com/show/11717/the-amd-radeon-rx-vega-64-and-56-review/3
Also if you notice Vega was mostly talked about as having primitive shaders, it still does, the statement directly says there are still primitive shaders... we've SEEN primitive shaders used in games like Doom. That statement is saying (if true) that they've stopped trying to get implicit primitive shaders working through the driver, they still fully support explicit primitive shaders through the developer which is what makes the games that use them run so well already.
Oh
from
https://www.anandtech.com/show/11002/the-amd-vega-gpu-architecture-teaser/2
So you're saying they were misleading when AMD only talked about primitive shaders directly and we still have them. So twice you've made bogus claims about AMD's history with wording, by using entirely unliked and incomparable examples and both are nonsense anyway.
You've still failed in any way to explain why near-zero is inherently bad to use in this situation and what term would be better.
I've said several times that a more traditional way of putting it is along the lines of "no known vulnerabilities at this time" - "near zero" is BS political speak along the lines of the whole "we are looking at a timeframe when we can begin to start" type speak that is often used in US politics, etc.
You should be able to answer that for yourself.......................................
I've said several times - Exactly, that is your opinion.
I SAY - your opinion is BS. You are saying that AMD should be sued because they said 'near zero' instead of your "no known vulnerabilities at this time"
Intel on the other hand Intel are ??? - you tell me!
arguing the meaning of 'near zero' is for shills and or lawyers which one are you?
I'm not saying they should be sued no.
I said their wording is transparent political speak and its pretty **** obviously so.
After all these years where they've been shown to be full of **** in their statements I'm surprised anyone is defending their clunky use of a nonsense term to cover their arses - poor volta anyone?
What about Intel?
Caporegime
- Joined
- 18 Oct 2002
- Posts
- 33,188
Seriously Rroff, again, you're taking the option of replacing the wrong part of their statement... again?
AMDs statement on variant 2 was TWO PART and was this
The second part of that statement is paraphrased, there is no known vulnerability at this time. THis was quoted to you earlier in the thread and then when asked to replace the word non-zero.... you rephrased the SECOND statement here.
I've asked you multiple times to tell me what word you would replace non-zero with... not to rephrase the second part. THat quote was there on the day AMD first made their announcement, it hasn't changed (despite your claim that they changed non-zero to optional or the other way round, whatever it was).
AMD gave a completely valid explanation and twice you've insisted they should have said no known vulnerabilities instead... when they said that straight away. It's very simple, they said exactly what you wanted and also said they believe there to be an exceptionally small chance that they will become vulnerable in the future because of the differences in architecture, or in other words, we didn't do the thing Intel did that makes them vulnerable. They said non-zero here instead of zero... precisely for legal reasons, because even if you believe you're not vulnerable and won't be, if someone finds a way you become legally liable.
Again the lawsuit has absolutely nothing to do with this statement, the lawsuits are about disclosure in the quarterly reports made months before this announcement.
- Joined
- 30 Jul 2006
- Posts
- 12,130
This is a bit like watching a five-set tennis match; might it be an idea to dedicate some other thread to it? Iwould respectfullu suggest that some people would like to know what they should be doing in terms of:
- Updating various generations of Windows
- Updating (or changing) their browser (I would recommend Firefox v58)
- Changing their Anti-Virus software (I would recommend Kaspersky)
- Updating their BIOS (assuming an update is actually available)
- . . . anything else
Soldato
I'll be posting my testing results in the next few hours once I've finished.. Results are based on the average score from a minimum of 3 runs of each test, 3d mark, realbench and cinebench in 3 states –
.
- Windows 10 pre meltdown/spectre patch (my 12 month old bench results so bear in mind there's been windows and gpu driver updates since then)
- Windows 10 with the January meltdown/spectre patch installed
- Windows 10 fully patched and mainboard BIOS flashed with latest January CPU microcode security update
Spoiler alert... The results are good
Caporegime
Well the microcode that was up for mine on Linux, dated the 08/01/2018, has now been taken down, its gone back to the previous one that was released last year.
Not surprising given the random reboot issues (not sure if these are limited to Haswell and Broadwell or affect all updated CPUs).
Good as in minimal differences, or good as in juicy?
Good as in marginally better results over my benchmarks from a year ago, only 3d mark took a hit but it's too small to care about, realbench and cinebecnch showed a slight performance increase, but again, so small it's margin of error territory.
Conclusion... No reason for the average user or even gamer not to patch.
That's just on my PC though , I can't say whether other hardware configurations would fare better or worse.
After the bios update I put my overclock back on straight away, same settings as before, I experienced no crashes during the benchmarking.
Last edited:
I'm not even sure what you are saying any more I addressed those two parts of the statement separately earlier on you seem to be going down a rabbit hole based on snippets of what I've said and adding your own perception of what I must have meant to them :s
The average user and/or gamer actually has less of a reason really to patch anything other than the browser and any software like that - their biggest exposure is unsolicited attempts from dubious or compromised web-sites. Any software already running on their system they'd have had to already trust to an extent and there are far easier ways for software to compromise a user once it is already running than using these vulnerabilities on Windows which lacks more granular permissions, etc. and pretty much a binary state for software between limited or elevated to full access - Linux is a little bit of a different case as its user level security is a bit better and other OSes have more granular permissions which might make these vulnerabilities more attractive to defeat that.
Where you definitely want to be doing the full microcode and OS patches, etc. is anywhere you have multiple users logging in who might make use of these vulnerabilities to see or even gain access to parts of the system they ostensibly are restricted from and likewise any kind of sandboxed environment where its important what is running inside it is isolated from the host.