Intel - Flaws and Slow Running Systems

What do you think about this?

  • I am worried. My only PC runs on Intel

    Votes: 1 8.3%
  • My only PC runs intel. I do not care.

    Votes: 0 0.0%
  • I have several PCs running Intel. I do not care

    Votes: 3 25.0%
  • I have several PCs running Intel. I am worried.

    Votes: 2 16.7%
  • AMD All the way through!

    Votes: 0 0.0%
  • Both AMD and Intel - Let's see what happens.

    Votes: 6 50.0%
  • Something else!

    Votes: 0 0.0%

  • Total voters
    12

soulweaver

Offending Sensibilities
Adept
Sep 2, 2005
281
110
131
Thanks to the new found flaw in intel chips, our systems are at risk. To overcome this, Windows is issuing a patch that could make systems on Intel chips run upto 50% slower.

There are several sites reporting on the same. Here are a couple:

https://www.howtogeek.com/338269/a-huge-intel-security-hole-could-slow-down-your-pc-soon/

https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-every-modern-processor-has-unfixable-security-flaws/

What would it mean for us? Is any processor safe? What are we doing to do about slowed down systems?
 
  • Like
Reactions: Crazy_Eddy

6pack

Well-Known Member
ex-Mod
Sep 19, 2005
7,448
1,490
302
I have an AMD and an already tortoise slow Intel NUC with Intel processor inside. If it gets any slower, I'll ask full cash back from Intel for selling me a useless box. Its in the 1 year warranty so they should honor the return. Intel should be made to replace all the affected chips with new chips for free imo. They already charge more than AMD and give useless bug ridden chips now.
 

Chaos

Well-Known Member
Veteran
Jan 29, 2005
9,035
871
252
So the basic gist of this issue is that desktop users shouldn't be worried much. Its a bug that allows ring 3 code (user code) to read ring 0 (kernel) data. Might affect virtualization and similar stuff. Apps that make a lot of system calls for I/O will get slowed down.

IIntel should be made to replace all the affected chips with new chips for free imo. They already charge more than AMD and give useless bug ridden chips now.
They'll have to replace every chip since Pentium Pro in that case :p
 

6pack

Well-Known Member
ex-Mod
Sep 19, 2005
7,448
1,490
302
Apps that make a lot of system calls for I/O will get slowed down.
That means a lot of apps will see slow down. From copying files to writing files. torrent apps will slow down. paging area will slow down in windows. swap area in linux (usually on hdd) will slow down. browsers could slow down while downloading. media players could slow down since they read a lot. probably on the fly media transcoders like plex will get performance hit.
 

Chaos

Well-Known Member
Veteran
Jan 29, 2005
9,035
871
252
That means a lot of apps will see slow down. From copying files to writing files. torrent apps will slow down. paging area will slow down in windows. swap area in linux (usually on hdd) will slow down. browsers could slow down while downloading. media players could slow down since they read a lot. probably on the fly media transcoders like plex will get performance hit.
Opening the file is a system call. Reading data from it is not once you memory map the file. So if an app accesses millions of files per second, there will be a slowdown. Not otherwise. Essentially any process that accesses an OS kernel system call will take around a 30-50% hit in performance only for the system call which is a tiny fraction of the entire time. The extent of this will be known soon. However phoronix did some linux benches and there wasn't any noticeable difference in client workloads.

https://www.phoronix.com/scan.php?page=article&item=linux-more-x86pti&num=1

Edit: AMD's statement

http://www.amd.com/en/corporate/speculative-execution

Edit: Meat of the entire issue. Here's the paper from TU graz:
https://spectreattack.com/spectre.pdf
 
Last edited:
  • Like
Reactions: soulweaver

vishalrao

Global Moral Police
Veteran
Nov 10, 2007
4,546
673
202
Pune, India
Yeah it's a shitshow. Don't forget ARM affected too - so your mobile phones. Google says Android Jan 2018 security update already fixes this.

Lots of speculation (no pun intended) out there with conflicting information (AMD affected or not, or if so, then how severely) also some places saying that certain scenarios are not fixable and will require chip level redesign.

Maybe when the dust settles in a few days/weeks then we'll realise that everyone needs to abandon x86/ARM and move to others like IBM's POWER CPUs :D What fun.
 

soulweaver

Offending Sensibilities
Adept
Sep 2, 2005
281
110
131
Maybe when the dust settles in a few days/weeks then we'll realise that everyone needs to abandon x86/ARM and move to others like IBM's POWER CPUs :D What fun.
Does it mean I will have to give up my trusty, 2010 AMD Phenon that's been chugging along so flawlessly despite everything I throw at it?

Damn. :(
 

vivek.krishnan

If you cant see the green dot, I'm offline :P
Veteran
Dec 18, 2009
7,424
1,655
253
Ghatkopar, Mumbai
plus.google.com
I have an AMD and an already tortoise slow Intel NUC with Intel processor inside. If it gets any slower, I'll ask full cash back from Intel for selling me a useless box. Its in the 1 year warranty so they should honor the return. Intel should be made to replace all the affected chips with new chips for free imo. They already charge more than AMD and give useless bug ridden chips now.
You should see their response to the C2000 bug. I doubt they will replace any older setups.

@cyberwarfare

Yeah it's a shitshow. Don't forget ARM affected too - so your mobile phones. Google says Android Jan 2018 security update already fixes this.

Lots of speculation (no pun intended) out there with conflicting information (AMD affected or not, or if so, then how severely) also some places saying that certain scenarios are not fixable and will require chip level redesign.

Maybe when the dust settles in a few days/weeks then we'll realise that everyone needs to abandon x86/ARM and move to others like IBM's POWER CPUs :D What fun.
Opensource CPUs could be the way to go...
 

psyph3r

Well-Known Member
Veteran
Jun 24, 2007
1,482
1,006
252
Pune
Looks like a test run for a future planned obsolescence move, one can never trust the length these corporations will go to in order to ensure profits.
A software fix for a hardware issue is always going to come at the cost of performance, not everyone upgrades their pc's that often anymore so they might as well slow it down with a mandatory fix.
Stock has taken a 2% hit, insiders and whales could've already offloaded beforehand just like the CEO did in December.

https://www.businessinsider.in/Intel-was-aware-of-the-chip-vulnerability-when-its-CEO-sold-off-24-million-in-company-stock/articleshow/62359605.cms
 

cyberwarfare

Well-Known Member
Adept
Oct 21, 2009
1,039
121
103
27
Mumbai
https://www.kb.cert.org/vuls/id/584653

Apparently this link had the text "Fully removing the vulnerability requires replacing vulnerable CPUs" but with recent updates that text is no longer there. I wonder how/why that got removed.
There are Two Different Attack Methods, with a total of 3 methods between them:

1) Meltdown - This is of a single type. It can and is being addressed through software updates to the OS. Although such updates are bound to reduce performance between 0% - 30% (depending on system workload and workflows)

2) Spectre - This is of two types. It CANNOT be addressed through a software bug. Hence this will require a CPU Hardware redesign to address. The full scope of this attack vector is unknown, and hence it is the more severe of the three attack vectors.

Almost all Intel chips made since 1995 are affected by both Spectre and Meltdown (exceptions being the Itanium chips and few others). Spectre affects all 3 (i.e. Intel, AMD and ARM).

More information can be found here : https://meltdownattack.com/
 

6pack

Well-Known Member
ex-Mod
Sep 19, 2005
7,448
1,490
302
Mozilla confirms everybody's worst fears

Mozilla has officially confirmed that the recently disclosed Meltdown and Spectre CPU flaws can be exploited via web content such as JavaScript files in order to extract information from users visiting a web page.

Meltdown and Spectre are two vulnerabilities discovered by Google security researchers that affect almost all CPUs released since 1995, impacting CPUs deployed in desktops, laptops, servers, smartphones, smart devices, and cloud services.

Researchers say that attackers can use the two flaws to read data from a computer's kernel memory (Meltdown), but also data handled by other apps (Spectre).

More precisely, Google says the two bugs can be exploited to "to steal data which is currently processed on the computer," which includes "your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents."
FF 57.0.4 has been rolled out with the security fixes for Spectre and Meltdown.
https://www.mozilla.org/en-US/firefox/57.0.4/releasenotes/
 
  • Like
Reactions: cyberwarfare

soulweaver

Offending Sensibilities
Adept
Sep 2, 2005
281
110
131
@vivek.krishnan @Chaos @cyberwarfare

I am asking this out of pure ignorance. So humour me. :);)

Is it possible for all the cryptomining guys to exploit these bugs? I mean, if this could be done via browsers and javascripts and such like, could they 'steal' our CPU resources?

If they can, I am certain they are already working on exploiting the stuff. And considering how much power (processing and motive) they have, it wouldn't be a surprise if many pcs haven't already been exploited considering the bug has been outed by Google months ago.
 

swagatrath

Well-Known Member
Adept
Nov 29, 2014
476
175
56
Bangalore
From what I understand with these vulnerabilities, programs can read data from unauthorized memory locations.. So unless we install programs from shady developers/sources we are supposedly safe
There is no way a remote attacker can read this sensitive data unless we install & run the program with the malicious code to read this data..
 

cyberwarfare

Well-Known Member
Adept
Oct 21, 2009
1,039
121
103
27
Mumbai
@vivek.krishnan @Chaos @cyberwarfare

I am asking this out of pure ignorance. So humour me. :);)

Is it possible for all the cryptomining guys to exploit these bugs? I mean, if this could be done via browsers and javascripts and such like, could they 'steal' our CPU resources?

If they can, I am certain they are already working on exploiting the stuff. And considering how much power (processing and motive) they have, it wouldn't be a surprise if many pcs haven't already been exploited considering the bug has been outed by Google months ago.
Let me start by saying this, ANYTHING is possible.

However, this bug/ issue pertains more to stealing sensitive data, rather than manipulating system resources. I could be very very wrong so treat it with salt.
 

vivek.krishnan

If you cant see the green dot, I'm offline :P
Veteran
Dec 18, 2009
7,424
1,655
253
Ghatkopar, Mumbai
plus.google.com
@vivek.krishnan @Chaos @cyberwarfare

I am asking this out of pure ignorance. So humour me. :);)

Is it possible for all the cryptomining guys to exploit these bugs? I mean, if this could be done via browsers and javascripts and such like, could they 'steal' our CPU resources?

If they can, I am certain they are already working on exploiting the stuff. And considering how much power (processing and motive) they have, it wouldn't be a surprise if many pcs haven't already been exploited considering the bug has been outed by Google months ago.
Cryptomining - I dont think so. But if say stealing something else - passwords/keys/etc possibly. But, not by itself. Many exploits make use of multiple bugs such as these.
 

mach9

Das Layzeemeister
Adept
Dec 17, 2007
897
285
153
Anywhere between 0 - 47000 feet
Would anyone know for sure how bad the issue is with the latest Gen Intel chips especially the 8700k.

Various online resources are not 100% clear with a few estimates showing up to 1-3% hit on performance. I also cannot find any comprehensive assessment regarding system stability and reliability post the patches. A friend of mine running the 6600K on Asus board with all the patches reported severe issues with kernel memory interruptions and BSOD's during intense memory use operations involving large volume extractions etc and has been complaining that ever since he patched for meltdown and spectre he just doesn't have the reliability from the system. Weirdly I don't seem to have the problem with my setup which is similar and running the patches except that if I were to nitpick I can say that occasionally I will find the system a little less snappy than before but I obviously haven't run measurements to verify.

Long and short is it worth upgrading to coffee lake or should I skip altogether and wait for them to address it through hardware revisions in the future gens
 

soulweaver

Offending Sensibilities
Adept
Sep 2, 2005
281
110
131
Would anyone know for sure how bad the issue is with the latest Gen Intel chips especially the 8700k.

Various online resources are not 100% clear with a few estimates showing up to 1-3% hit on performance. I also cannot find any comprehensive assessment regarding system stability and reliability post the patches. A friend of mine running the 6600K on Asus board with all the patches reported severe issues with kernel memory interruptions and BSOD's during intense memory use operations involving large volume extractions etc and has been complaining that ever since he patched for meltdown and spectre he just doesn't have the reliability from the system. Weirdly I don't seem to have the problem with my setup which is similar and running the patches except that if I were to nitpick I can say that occasionally I will find the system a little less snappy than before but I obviously haven't run measurements to verify.

Long and short is it worth upgrading to coffee lake or should I skip altogether and wait for them to address it through hardware revisions in the future gens
I use multiple Windows desktops with both AMD and Intel chips and use High end, midrange, and lower midrange systems all on Windows 10 barring one and have experienced and am experiencing issues on only one of the 14 systems I have.I highly doubt if it is related to the meltdown and spectre patches.

While I did not specifically test with large archives, using video editing programs and image editing / gfx design programs seem to pose no problems and I haven't experienced a perceptible drop in speeds.

Gaming also seems largely the same.

As for upgrades, if you can wait, you will always get a faster chip or you will get the chip you want to get at a lower cost, and any vulnerabilities there might be would have been exposed by then.
 
  • Like
Reactions: mach9