Forum menu
If that's still going it must be liquid cooled.
My PCs have been liquid cooled since the late 90s. I mainly just use an old laptop now though.
Gaming sites have said the fix won't affect gaming performance, which is where most users push their machines.
Gaming sites have said the fix won't affect gaming performance, which is where most users push their machines.
Yeah the average home user, including gamers won't notice any difference realistically.
There's still a huge problem for data centers and cloud hosts etc.
House full of AMD processors here! Would feel smug, but my electicity bill shows that I use AMD as they are hungry wee things!
Two I7's (gaming desktop and gaming laptop), two I5's and a Zeon (older workstation).
Massive issue for data centres though.
Yeah, Intel here!.... 🙁
This must impact Macs too I'm guessing?
I don't use the pc an awful lot these days. Most of my stuff is done on my smartphone.
Still, INTEL, not looking great for you guys?
I used to run AMDs, as they were great value and I liked their underdog status for some reason.
It doesn't really affect home users, you might take a one or two FPS hit for your favourite game.
What it does affect is big business as that performance degradation could cost a lot of money in terms of broken SLA's and OLA's.
You don't spend wad of cash with a remote host and accept a 30% degradation on your Web, SQL servers etc.
This must impact Macs too I'm guessing?
Of course it affects macs, they all run Intel CPU's. But you probably won't be able to tell unless your using your mac as an industrial server, which nobody ever did ever.
Pfui! Just use Linux on POWER8 chips. You know it makes sense!
Or I suppose we could migrate everything back to the mainframe.
I guess this finally puts the kybosh on running Windows Server 2016 on a dl980 then .... 😛
Wrongly reported. Not just intel
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html?m=1
[url= https://newsroom.intel.com/news/intel-responds-to-security-research-findings/ ]Intel statement[/url]
"...many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits."
"Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time."
Yeah the average home user, including gamers won't notice any difference realistically.
Unless you play online. What do you think servers run with? I mean, besides the STW tuber based data farm.
You know what I'm looking forward to, multiple topics on the first page full of people trying to figure out how to un**** Windows Update so they can patch this.
Intel is committed to the industry best practice of responsible disclosure of potential security issues, which is why Intel and other vendors had planned to disclose this issue next week when more software and firmware updates will be available. However, Intel is making this statement today because of the current inaccurate media reports.
And their stock value!
If you have an up to date Mac, it appears this was fixed with the last update. Can't say I've seen anything noticeable in day to day use of my MBP.
https://www.macrumors.com/2018/01/03/intel-design-flaw-fixed-macos-10-13-2/
Cert seems quite clear what the solution is;
[img] 
[/img]
..many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.""Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time."
Note this is Intel's statement and is contradicted by pretty much every IT security specialist who has looked at the problem.
darrenspink - MemberWrongly reported. Not just intel
R4 saying AMD as well - sell those shares quick?
[i]Note this is Intel's statement [/i]
Google's statement as well:
"These vulnerabilities affect many CPUs, including those from AMD, ARM, and Intel, as well as the devices and operating systems running on them."
There are (at least) two related issues, maybe AMD/ARM is only affected by one of them.
It has to be remembered that this vulnerability is not to execute malicious code, but to potentially read kernel memory.
So for cloud hosts, and esx servers etc (ie the systems likely to be running at high capacity) the threat is actually quite minimal.
I am going to call some meetings this morning to see how we will deal with the situation, but there is absolutely no need to panic, I am quite happy to allow a mid to long term strategy to implement a fix.
[i]there is absolutely no need to panic[/i]
*assumes it must be really bad*
[img] 
[/img]
MSP - being able to read the host kernel from a VM on a cloud host is *really* bad. Like about as bad as you can imagine. Basically, any other guest on that cloud host can potentially read your data. Think about it for a minute...
Rachel
[i]So for cloud hosts, and esx servers etc (ie the systems likely to be running at high capacity) the threat is actually quite minimal.[/i]
That's what I was thinking - blocked externally?
So the threat is to normal users, who won't be affected by the patch... and datacentre servers?
It allows cross-VM data copying, how is that a minimal threat?
You don’t know who is buying space on the same host as your super-important service. They can upload code without your knowledge that simply harvest data from ring-0 and send it anywhere.
MSP - being able to read the host kernel from a VM on a cloud host is *really* bad. Like about as bad as you can imagine. Basically, any other guest on that cloud host can potentially read your data. Think about it for a minute...
There is no indication that the virtual system will have "pass through" capability to read physical kernel memory that I am aware of. But it is still a developing situation I expect to be getting more information thought the next few days.
There is no indication that the virtual system will have "pass through" capability to read
Yes, it appears there is: https://www.geekwire.com/2018/intel-cloud-vendors-shed-light-two-major-chip-security-issues-emerged-week/
Rachel
There is no indication that the virtual system will have "pass through" capability to read physical kernel memory that I am aware of. But it is still a developing situation I expect to be getting more information thought the next few days.
I acknowledge It is a developing situation, but It would appear thats exactly what this flaw will allow people to do, once the exploit has been developed 'fully'.
I'd say its the public cloud providers and people running workloads on public cloud providers that are at the biggest risk.
At present it appears no one has developed this exploit yet, but you can expect all the bad'uns to be beavering away at it now.
All my Azure subs were patched last night with very little warning at around 2am.
Apparently performance impact is minimal...
https://azure.microsoft.com/en-us/blog/securing-azure-customers-from-cpu-vulnerability/
There is no indication that the virtual system will have "pass through" capability to read physical kernel memory that I am aware of. But it is still a developing situation I expect to be getting more information thought the next few days.
Spectre (one of the variants) can allow a VM to read memory used by another VM running on the same physical host. VMware have acknowledged this and have a patch (although I'm still trying to find out if ESXi v5.5 is vulnerable to CVE-2017-5753, I suspect it is, and if so when/if VMware are going to release a patch for it as most of our kit is on that version).
Looks like Windows Server patches won't be available until the 9th, fortunately it's another team that needs to worry about patching those...
Some further analysis from El Reg, particularly of Intel's statement...
https://www.theregister.co.uk/2018/01/04/intel_meltdown_spectre_bugs_the_registers_annotations/
Wow, that doesnt sound biased in any way. Especially when everone else seems to be acknowledging that it isnt confined to Intel, omething they seem to have glossed right over.
Might the increased overhead in patching this be problematic for people who rely on battery life of laptops a lot? A few percent might not impinge on processor performance per se if you're not running at 100%, but it will presumably chew battery?
Someone asked that question in the reg comments. No answer.
As suggested I imagine it will have an impact even if not immediately apparant. More activity means more power means more heat. And that's just at consumer level.
In other news, once we reach the year 2000, all the computers in the world will stop working with cataclysmic consequences. Next to that, taking an extra 20 seconds to process an image in Photoshop will seem like a walk in the park.
Apple are fairly clear it's ARM processors too, and by implication AMD.
[i]
“Security researchers have recently uncovered security issues known by two names, Meltdown and Spectre,” it added. “These issues apply to all modern processors and affect nearly all computing devices and operating systems. All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time.[/i]
[url= https://www.theguardian.com/technology/2018/jan/05/apple-mac-spectre-meltdown-iphone-ipad-hackers?CMP=twt_a-technology_b-gdntech ]https://www.theguardian.com/technology/2018/jan/05/apple-mac-spectre-meltdown-iphone-ipad-hackers?CMP=twt_a-technology_b-gdntech[/url]
There still seems confusion/lack of information about which CPUs are vulnerable to which of the attacks. I'm hoping things get clarified quickly!
At least as far as I understand:
Meltdown does seem primarily Intel related (although the Apple position implies could also affect ARM), from what I've read the whole "Intel CPUs since 2010" was derived from what the Google zero day team tested on, they have actually said it could be an issue since branch prediction microcode was introduced in the 90's (they just haven't tested CPUs that old to confirm).
Spectre is much more widespread in what CPUs are affected but is more difficult to exploit
So all my computers updated last night - was that the Meltdown/Spectre patch?
Impact of the microsoft patches:
[b]With Windows 10 on newer silicon[/b] (2016-era PCs with Skylake, Kabylake or newer CPU), benchmarks show single-digit slowdowns, but we don’t expect most users to notice a change because these percentages are reflected in milliseconds.[b]With Windows 10 on older silicon[/b] (2015-era PCs with Haswell or older CPU), some benchmarks show more significant slowdowns, and we expect that some users will notice a decrease in system performance.
[b]With Windows 8 and Windows 7 on older silicon[/b] (2015-era PCs with Haswell or older CPU), we expect most users to notice a decrease in system performance.
[b]Windows Server on any silicon[/b], especially in any IO-intensive application, shows a more significant performance impact when you enable the mitigations to isolate untrusted code within a Windows Server instance. This is why you want to be careful to evaluate the risk of untrusted code for each Windows Server instance, and balance the security versus performance tradeoff for your environment.
[url= https://cloudblogs.microsoft.com/microsoftsecure/2018/01/09/understanding-the-performance-impact-of-spectre-and-meltdown-mitigations-on-windows-systems/ ]sauce[/url]
Apple have release iOS 11.2.2 to update Safari against Spectre:
https://support.apple.com/en-us/HT208401
[url= https://www.forbes.com/sites/gordonkelly/2018/01/10/apple-ios-11-2-2-battery-life-iphone-performance-slowdown-throttle/ ]Mixed reports[/url] whether it impacts performance or not.
Seems fine on my SE.