wrote:Just comparing SPEC results, it actually looks like there's a pretty big drop on some subtests, especially branchier ones.
http://spec.org/cpu2017/results/res2017q4/cpu … 1003-00102.html (pre-mitigation)
http://spec.org/cpu2017/results/res2018q2/cpu … 0403-04894.html (post-mitigation)
Welcome to vogons, Colgate!
wrote:wrote:Just comparing SPEC results, it actually looks like there's a pretty big drop on some subtests, especially branchier ones.
http://spec.org/cpu2017/results/res2017q4/cpu … 1003-00102.html (pre-mitigation)
http://spec.org/cpu2017/results/res2018q2/cpu … 0403-04894.html (post-mitigation)Welcome to vogons, Colgate!
Thanks, lazibayer! Surprised anyone recognized my avatar.
It looks like the Spectre fun continues - there are more details here and here, but it looks like as many as eight new Spectre-type vulnerabilities are about to be announced. Bad news, if it's accurate.
Just my opinion.
I don't think this is a major concern for home computers. Little fish.
What you should be worried about are schools of fish with your information.
Companies that keep your CC number on file, your bank, anything in any cloud, PayPal, POS (cash register) systems,,,,,,,.
Those are big targets.
Why would a hacker to all the work for one little fish for one acct number when the same net will catch a whole school of fish and get thousands?
.
GRUMPY OLD FART - On Hiatus, sort'a
Mann-Made Global Warming. - We should be more concerned about the Intellectual Climate.
You can teach a man to fish and feed him for life, but if he can't handle sushi you must also teach him to cook.
More flaws found. https://www.heise.de/ct/artikel/Exclusive-Spe … us-4040648.html
A thought, since dosbox is pure emulation I would think it's immune or has the potential to be in the short term, where as they keep finding more vulnerabilities in hardware virtualization. Performance ranges from a pentium 233 to ghz+ and useable in some current day use cases, like a firewall.
wrote:A thought, since dosbox is pure emulation I would think it's immune or has the potential to be in the short term
I don't think that makes a difference. The exploit is basically based on being able to measure a difference in performance of executing path A vs executing path B.
This could occur in software just as well as in hardware.
I suppose the main difference is that DOSBox is open source, so anyone can modify it, whereas with hardware, only the CPU vendor can create microcode fixes.
I must have skipped over the exploit by measured performance delta, what I've read the problems have been described as something else entirely. yes, software too, but being open and software can be rectified quickly.
This is what I'm talking about, this presentation goes over finding undocumented instructions in x86, but also found bugs and exploits, and while qemu runs his test in the documented fashion from qemu not written to handle the bug, running on bare metal it does its bugged behavior so the exploit works. skip to just under 32 minutes. https://www.youtube.com/watch?v=KrksBdWcZgQ&i … G4jQyd#t=31m56s
I can see using this as a validation tool for dosbox.
wrote:This is what I'm talking about, this presentation goes over finding undocumented instructions in x86, but also found bugs and exploits, and while qemu runs his test in the documented fashion from qemu not written to handle the bug, running on bare metal it does its bugged behavior so the exploit works.
My point is rather that you can probably write similar exploits for qemu, DOSBox etc, if you were to specifically target their implementations.
In other words: they are not immune to the underlying problem. They are just not vulnerable in the exact same way as real hardware, so exploits targeting real hardware will likely not be effective.
wrote:A thought, since dosbox is pure emulation I would think it's immune or has the potential to be in the short term
Hardly a pure emulator on x86. Nothing is immune to these attacks but some of them are more practical than others. I would not worry too much on a home PC.
Article on Spectre and PowerPC
https://tenfourfox.blogspot.com/2018/01/actua … spectre-on.html
Checked my ASUS X54C running Windows 10 Pro x64.
CPU: Intel Celeron B820.
Results:
Meltdown protected: YES
Spectre protected: YES
Microcode update available: YES
Performance: SLOWER
Screenshot:
Discord: https://discord.gg/U5dJw7x
Systems from the Compaq Portable 1 to Ryzen 9 5950X
Twitch: https://twitch.tv/retropcuser
I think everything older than Haswell (ie Core 4xxx) will report "slower". There is a PCID feature on the newer CPUs that mostly alleviates the performance hit of the security workaround.
But really I haven't noticed my older stuff being slower. I hear storage I/O is by far the worst hit area. Might need benchmarks to notice for the most part.
My laptop has a 480GB SSD installed and runs beautifully. Even RuneScape NXT client runs amazingly on it. Will install Linux on the SSD as well.
Discord: https://discord.gg/U5dJw7x
Systems from the Compaq Portable 1 to Ryzen 9 5950X
Twitch: https://twitch.tv/retropcuser
What a mess!
11 1 111 11 1 1 1 1 1 11 1 1 111 1 111 1 1 1 1 111
Crap Inside
Retronautics: A digital gallery of my retro computers, hardware and projects.
Ryzen is the savior 🤣
isn't SMT from Ryzen also affected?
wrote:isn't SMT from Ryzen also affected?
Nope.
Retronautics: A digital gallery of my retro computers, hardware and projects.
Ryzen is unaffected for sure.
But have latest Ryzen problems with the older bugs of the thread subject beside the software patches and the latest cpu "hardware mitigations"? (even if the hardware "patch" feels someway unsecure itself anyway).
With the hyperthreading problem too I'd call this the revenge of the older Atom cpu up the D2500 version that many people criticized for their speed. Take that faster cpus! 😁
