If looking at the geometric mean for the tests run today, the Intel systems all saw about 16% lower performance out-of-the-box now with these default mitigations and obviously even lower if disabling Hyper Threading for maximum security. The two AMD systems tested saw a 3% performance hit with the default mitigations. While there are minor differences between the systems to consider, the mitigation impact is enough to draw the Core i7 8700K much closer to the Ryzen 7 2700X and the Core i9 7980XE to the Threadripper 2990WX.
Context switching used to be faster on Intel CPUs over the AMD Zen CPUs, but that is certainly no longer the case. With these default mitigations, context switching is taking about five to six times longer than in the unmitigated configuration.
If I was an IT manager with half a brain, I have 2 options:By buying new hardware, of course.
Why are data centers running applications that do nothing but context switch?Context switching used to be faster on Intel CPUs over the AMD Zen CPUs, but that is certainly no longer the case. With these default mitigations, context switching is taking about five to six times longer than in the unmitigated configuration.
How are cloud providers and data centers going to cope with five to six times loss of performance?
If looking at the geometric mean of all the benchmarks carried out, the EPYC 7601 averages out to about a 1% hit with its Spectre mitigations. The dual Xeon Platinum 8280 Cascadelake setup with its mostly hardware-based mitigations was slower by 4% with the relevant mitigations enabled. Meanwhile the dual Xeon Gold 6138 server that unfortunately doesn't have the hardware mitigations saw a 11% hit from the benchmarks run with these Spectre/Meltdown/L1TF/MDS mitigations or 15% if disabling Hyper Threading as an additional measure based on the benchmarks carried out today.
That's why Cascade has additional hardware mitigations.Actually no, since the hardware "fixes" make the Intel processors more susceptible to Fallout. More like time to consider Epyc. Move all web exposed VMs to patched and Intel hyper threading disabled hosts and patched hosts for internal only that still need performance, until you can buy some Epyc based servers to replace any generation of Intel processors, since even 9th gen has flaws.
That's why Cascade has additional hardware mitigations.
That would be because there is a stepping for CFL-R that introduces more hardware mitigation’s AFAIK. Stepping R0It's interesting they indicate they have a hardware fix, but the Fallout paper indicates the Coffee Lake Refresh with it's hardware fix made it more susceptible.
Actually, no, since the hardware "fixes" make the 9th gen Intel processors more susceptible to Fallout.
. . . is about their CPU testing tool. It's bad, but it's not the CPUs themselves, just if you have the tool installed - presumably because it enables admin access to anyone.The SSD one doesn't seem to be a big deal, but the first one . . .
If looking at the geometric mean for these various mitigation-sensitive benchmarks, the default mitigations on the Core i9 9900K amounted to a 28% hit while the Ryzen 7 2700X saw a 5% hit with its default Spectre mitigations and the new Ryzen 7 3700X came in at 6% and the Ryzen 9 3900X at just over 5%. Keep in mind these benchmarks ran for this article were a good portion of synthetic tests and focused on workloads affected by Spectre/Meltdown/L1TF/Zombieload. Many of these particular tests aren't multi-threaded and that's why you don't see as much of a difference between these HEDT and desktop CPUs as in our more normal benchmarks.
We'll update if hearing back from AMD on whether any software mitigation changes are expected for AMD Zen 2 processors given their hardware mitigations or if they still recommend these same conservative defaults as it currently stands in the Linux 5.2 kernel.
iPhones have never been "obscure" and Apple has never depended on security by obscurity for the iOS platform. It has always been locked down far tighter than Android. Apple doesn't want unauthorized non-AppStore code to run, even if it's not malicious.Apple's iOS is now know to have been exploited for years, with complete access to user's accounts and data gained by simply visiting a website.
Technical perspective from Porject Zero's blog:
How i this not OT, considering we're talking software based exploits from another company? Well, first of all Intel gets a relief package since Apple is now the king of pwned: active exploits used for years on unsuspecting customers.
Second of all... we now have the ultimate proof that security through obscurity is exactly as bad as some people warned it would be, and Intel is just as vulnerable from this perspective through their Management Engine. I hope AMD has a better approach, I haven't followed up on their decisions on this matter.