Yeah Spectre affects ALL CPUs (including ARM) since 1995. If read descriptions that is a SCARY one. Side effects for speculative execution? Damn, why did no-one think that is a bad idea?

https://tech.slashdot.org/story/18/01/04/0524 … d-spectre-flaws

This was the hot story yesterday. From what I gather the OS level patch will dump cache after each kernel operation before returning to user space. Lots of benchmarks were floating around showing the impact on consumer software (games) to be extremely minuscule.

You can probably dig through recent commits to the linux kernel by now to see what's happening

As far as the professional market (databases, vms, etc) it could be pretty nasty. Here's hoping for a cheap xeon rig on ebay!!!

Is this at all related to the Intel Management Engine vulnerabilities that have been recently disclosed? The timing seems awfully coincidental if not.
https://en.wikipedia.org/wiki/Intel_Management_Engine

clueless1: no, this is another completely separate issue with Intel CPUs.

Srandista wrote:

clueless1: no, this is another completely separate issue with Intel CPUs.

Wow, Intel's having a rough go of it lately!

vladstamate wrote:

Yeah Spectre affects ALL CPUs (including ARM) since 1995. If read descriptions that is a SCARY one. Side effects for speculative execution? Damn, why did no-one think that is a bad idea?

https://tech.slashdot.org/story/18/01/04/0524 … d-spectre-flaws

Isn't spectre the old bug starting with the PPRO allowing you to hijack the -2 (SMM) ring after they implemented the ability to relocate the APIC? If so I thought that one was patched?

https://www.theregister.co.uk/AMP/2015/08/11/ … impression=true

I could be wrong, it's been a while. Anyway, Meltdown is the big intel only one (supposedly). I personally don't care unless it rains 8-16 core xeons on ebay, then I'll be happy as a clam 😊

Re speculative execution, I guess we know now 😜

https://support.microsoft.com/en-us/help/4072 … ative-execution

Okay, they talk about this in the latest Security Now podcast (01/03/18). Just listened to it and they break it down pretty thoroughly.

BeginnerGuy wrote:

Re speculative execution, I guess we know now 😜

https://support.microsoft.com/en-us/help/4072 … ative-execution

So that website says this:

In addition to installing the January security update, a processor microcode update is required. This should be available through your OEM.

How do we get the processor microcode? And how do we install that?

Usually BIOS update provided by motherboard vendor or computer manufacturer.

vladstamate: either via BIOS or sometimes Windows Update.

BeginnerGuy wrote:

This was the hot story yesterday. From what I gather the OS level patch will dump cache after each kernel operation before returning to user space. Lots of benchmarks were floating around showing the impact on consumer software (games) to be extremely minuscule.

You can probably dig through recent commits to the linux kernel by now to see what's happening

As far as the professional market (databases, vms, etc) it could be pretty nasty. Here's hoping for a cheap xeon rig on ebay!!!

It appears to impact syscall heavy tasks like DB operations and IO somewhat more. Phoronix showed the greatest degradation on the PostgreSQL benchmark. RH is indicating real world penalties of 5% for HPC nodes and 7% for Java (EJB, Servlet, JSP) based servers.
https://access.redhat.com/articles/3307751

BeginnerGuy wrote:

Here's hoping for a cheap xeon rig on ebay!!!

Anything pre-Skylark is particularly affected...so expect a flood of -well/-bridge based system to hit the second-hand market in 3...2..1...

Please do correct me if I'm wrong (and you're confident about your facts), information of questionable quality is scattered all around.
As I understand it there are two "problems"/malwares: Meltdown and Spectre. Only Intel is affected by Meltdown, Spectre affects everyone.
Now to the serious stuff, am I correct in those:
1) Metldown is/can be fixed by a software patch that will have some performance impact
2) Spectre cannot be addressed using software / no software solution is yet available EDIT: apparently one Spectre variant can be patched using software

Time to dust off my dual-G5 tank? Booyah.

BeginnerGuy wrote:

Isn't spectre the old bug starting with the PPRO allowing you to hijack the -2 (SMM) ring after they implemented the ability to relocate the APIC? If so I thought that one was patched?

I believe APIC hijack is another one.

Will there be a patch for MS-DOS and Windows 98 or are they unaffected by these exploits?

The Google people have a VERY good description of all the 3 issues here: https://googleprojectzero.blogspot.com/2018/0 … -with-side.html

Dangit google. This is the internet you're only supposed to have sensational articles and people making assumptions and statements based off of those articles. No facts allowed.

I was thinking about building a new PC with i5-8400 or 8600K this year. 😒