Massive security hole in CPU's incoming?Official Meltdown/Spectre Discussion Thread

[FIVR]

You were okay until you brought politics into it. Take it to P&N if you want to take that angle with it.

I never brought "politics" into it. I merely stated a fact (Brain Kraznich has political connections). I didn't even mention to whom.

Anyway, the WSJ and SEC experts seem to disagree with you that it is a "conspiracy theory". Unless you believe the WSJ engages in conspiracy theories.

 

[maddie]

How is it "not relevant"? It is Intel's CEO acting upon his knowledge of the bug (the topic of the thread). It affects intel's customer mindshare and its business (because he is the CEO!)

The fact that he only kept the bare minimum mandated by his contract implies that HE thinks that this problem has legs and has more impact than most think.

Really love the dedicated defense by some however.

 

[LTC8K6]

Okay, BK is the stupidest insider trader ever...

 

[ZipSpeed]

iOS 11.2.2 for Apple devices now available for Spectre mitigation.

iOS 11.2.2
Released January 8, 2018

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Description: iOS 11.2.2 includes security improvements to Safari and WebKit to mitigate the effects of Spectre (CVE-2017-5753 and CVE-2017-5715).

 

[PingSpike]

Looks like MS borked the patch release on AMD hardware. Which is weird since AMD hardware doesn't even need the patch for meltdown.

https://betanews.com/2018/01/08/microsoft-meltdown-spectre-patch-bricks-amd-pcs/

 

[hnizdo]

It looks like prehistoric Athlon and Sempron hw affected, fortunatelly.

 

[MrTeal]

I never brought "politics" into it. I merely stated a fact (Brain Kraznich has political connections). I didn't even mention to whom.

Anyway, the WSJ and SEC experts seem to disagree with you that it is a "conspiracy theory". Unless you believe the WSJ engages in conspiracy theories.

con·spir·a·cy
kənˈspirəsē/
noun

1. a secret plan by a group to do something unlawful or harmful.

You posit a theory that Brain Kraznich secretly planned to do something unlawful. In this case, the WSJ does engage in conspiracy theories.

Just because it's a conspiracy doesn't mean it's not true.

 

[zinfamous]

Oh, I’m sure of it. It was only leaked to the US government over a year ago, when some exposed whitehouse computers were hacked. I can’t remember exactly the date, but it was during the Obama administration, and then it went crazy. That is, when Intel, and other major players were contacts.

It’s an interesting story, so I suggest everyone go research the timing/development/team etc.. it’s quite sad actually, that the public at large was ignored.

Please don't tell us to "go research." Please start us on the right path by providing some useful resources to get started on this.

Thanks.

 

[maddie]

con·spir·a·cy
kənˈspirəsē/
noun

1. a secret plan by a group to do something unlawful or harmful.

You posit a theory that Brain Kraznich secretly planned to do something unlawful. In this case, the WSJ does engage in conspiracy theories.

Just because it's a conspiracy doesn't mean it's not true.

Conspiracies, actually, are also quite common. Business, sports, politics, etc. In commerce, for example, every price fixing cartel was and is a conspiracy.

 

[zinfamous]

No because a skylake-x / coffelake will still outperform both of them in gaming even with patches to bios, and also probably anything else which is more single threaded and not fully multi threaded like a lot of older programs.

I hope you don't play any online games. Oh wait... Also, it sounds like Skylake and Coffee lake are now even worse off? yikes.

 

[zinfamous]

Discussions about stock sales and conspiracy theories probably aren't relevant to the topic at hand. This is CPUs & Overclocking, not Stocks and Insider Trading.

I think it's relevant in the sense that the CEO is (one would hope) in a position to know the severity of the issue as well as anyone possibly could. The strangeness of this sale adds further perspective to the nebulous corporate speak coming from intel as they run away from this security and performance issue, ignoring the most serious issue, for them only, and pointing the finger at everyone else.

Also, in reply to other post "his sale is commensurate with corporate policy" is just dumbtalk trying to hand wave this action by assuming that all other CEOs at all other Fortune 500 companies maintain the absolute bare minimum of stock on hand to keep their title. I highly, highly doubt that is actually true.

 

[Topweasel]

His "automated sale" was vastly larger than any of his other sales and was arranged in October, roughly 4 months after the vulnerability was revealed to Intel and weeks before public disclosure.


It looks like textbook insider trading. The amazing part is that he probably knows he'll get away with it because of his political connections.

Yeah it's not an automated sale if it is nearly all of his non-required holdings and is quickly followed up with the selling of a very minor but very eye opening selling of the odd left over shares to bring himself down to exactly the 250k he is required to hold onto.

 

[Jan Olšan]

[PSA] Meltdown has not been fixed completely, remains wide open on 32bit Windows and Linux

I don't see this mentioned anywhere and almost nobody tells you this, but apparently Meltdown is NOT FIXED on 32bit Windows - the fixes are 64bit only. Same goes for Linux. So Intel CPUs remain forever open to attacks on those platform, it seems:
https://gist.github.com/woachk/2f86755260f2fee1baf71c90cd6533e9
https://twitter.com/aionescu/status/949442882062073856

(If you know users running 32bit systems, maybe share this, because as said, there is little to no public knowledge about this.)

I'm a victim of this myself, having bought a Bay Trail tablet (Transformer Book T100TA with Atom Z3740, not a bad machine besides this). Intel or somebody weren't able to develop a 64bit UEFI for it in time so they shipped 32bit firmware. Result is that this machines can't boot 64bit Windows, so it is not possible to migrate up. I guess beside these cases, people that run Win32 for the 16bit compatibility or for the need to run old drivers unavailable for 64bit, are in the same boat. This rather sucks.

This is the output of the powershell tool after installing the anti-meltdown update on the Transformer, Windows 10 32bit. You can see it is vulnerable but not fixed as there is no Kernel VA Shadowing on 32bit.

(Also waiting for the firmware update fixing Spectre 2... lol. Good luck with a 2014 computer I guess.)

 

[goldstone77]

Warning: Microsoft's Meltdown and Spectre patch is bricking some AMD PCs
By Mark Wycislik-Wilson Published 10 hours ago
https://betanews.com/2018/01/08/microsoft-meltdown-spectre-patch-bricks-amd-pcs/

As if the Meltdown and Spectre bug affecting millions of processors was not bad enough, the patches designed to mitigate the problems are introducing issues of their own. Perhaps the most well-known effect is a much-publicized performance hit, but some users are reporting that Microsoft's emergency patch is bricking their computers.
We've already seen compatibility issues with some antivirus tools, and now some AMD users are reporting that the KB4056892 patch is rendering their computer unusable. A further issue -- error 0x800f0845 -- means that it is not possible to perform a rollback.
Details of the problem have been gradually emerging through reports posted by users on Microsoft Answers. People with AMD Athlon-powered computers say that following the installation of the patch, it is impossible to boot into Windows leaving a full reinstallation as the only option -- although some users report that even this does not fix the problem.
One user, Jaroslav Škarvada, explains the predicament:
I have older AMD Athlon 64 X2 6000+, Asus MB, after installation of KB4056892 the system doesn't boot, it only shows the Windows logo without animation and nothing more. After several failed boots it do roll-back then it shows error 0x800f0845. Unfortunately, it seems it's not easy to disable the automatic updates without gpedit tweaks, so it tries installing and rolling-back the update over and over. The sfc /scannow shows no problem, in-place upgrade also doesn't seem to help. I can try full reinstall, but I doubt it will change anything. It seems like the update is binary incompatible with my old CPU.
The number of people experiencing the problem appears to be fairly significant, but Microsoft is yet to issue a response. Judging from the thread on Windows Answers, the best chances for success are to perform a complete reinstallation of Windows and immediately disable Windows Update. Another user, Snoopy_garnet, explains what to do in Group Policy Editor:
Open the Run command (Win + R), in it type: gpedit.msc and press enter.
Navigate to: Computer Configuration -> Administrative Templates -> Windows Components -> Windows Update.
Open this and change the Configure Automatic Updates setting to '2 - Notify for download and notify for install"

If you have an older AMD processor it looks like at least some of them are getting bricked by the latest Windows update.

 

[ZipSpeed]

Warning: Microsoft's Meltdown and Spectre patch is bricking some AMD PCs
By Mark Wycislik-Wilson Published 10 hours ago
https://betanews.com/2018/01/08/microsoft-meltdown-spectre-patch-bricks-amd-pcs/


If you have an older AMD processor it looks like at least some of them are getting bricked by the latest Windows update.

Happened to one my machines here at work. Athlon X2 4850e we use for video monitoring stuck on the Windows logo after reboot. Had to rollback prior to the update to get it working again. Temporarily disabled Windows Update in the meantime.

 

[PhonakV30]

https://www.techspot.com/article/1556-meltdown-and-spectre-cpu-performance-windows/page4.html

some people reports decreases performance in synthetic app but zero performance hit in game.

Quote From Techspot

On the GPU front, Nvidia is reportedly also affected, so there will be loads of additional tests to be done when time comes. Our interpretation from Nvidia's blog is that they rely on CPU-like aggressive branch prediction on their GPU architectures. It's part of their performance gains over consecutive generations. The flaw appears to be the same as Intel CPUs, in that speculative operations occur without security checks first, as a secure design should be done.

Security Bulletin: NVIDIA GPU Display Driver Security Updates for Speculative Side Channels

 

[Dayman1225]

Intel reorganizes amid tumult over computer chip flaw

BK seems to have sent a memo to employees on Monday and created a new security division after getting caught red handed! How splendid.

 

[ashetos]

[PSA] Meltdown has not been fixed completely, remains wide open on 32bit Windows and Linux

I don't see this mentioned anywhere and almost nobody tells you this, but apparently Meltdown is NOT FIXED on 32bit Windows - the fixes are 64bit only. Same goes for Linux.

Linux can allegedly boot from 32-bit UEFI into 64-bit linux kernel, even though I haven't done it myself.

 

[bryanW1995]

i expect to see some price slashing on all of these to-be-gimped Intel processors... finally a bit of poetic karma for the overpriced wafers. The irony here... biblical!

I was expecting price cuts, too, but from looking at newegg there's not much discounting going on yet.

 

[ashetos]

Only Intel needs the patches for the ones that have a performance impact. If you want "more secure" Ryzen or threadripper are the most secure right now.

That is correct, I was talking about my and other people's intel systems but it was not clear in my post.

 

[bryanW1995]

No because a skylake-x / coffelake will still outperform both of them in gaming even with patches to bios, and also probably anything else which is more single threaded and not fully multi threaded like a lot of older programs.

How many games are cpu-limited these days with modern processors though? I'm still using a 4770k that I un-overclocked after a year b/c I didn't need the extra horsepower. If this were just about games then we wouldn't all be so worked up, it's the commercial side that needs to be worried.

 

[bryanW1995]

Looks like Brian Kraznich may have to talk to the SEC pretty soon. WSJ article out with experts saying he should be investigated. Behind paywall, so here it is:

Intel stock is almost exactly the same price today that it was on from nov 17 to the end of the month though. It's hard to see how he'll come under any serious scrutiny from the SEC over this. He should be more worried about his PR fiasco, even if he's not directly managing their response to this he could end up being the fall guy over it.

 

[Borealis7]

small aside: HP just announced a new line of SPECTRE laptops with intel G-series CPUs (vega igp). what an ... "unfortunate" name.

 

[TempAcc99]

How many games are cpu-limited these days with modern processors though? I'm still using a 4770k that I un-overclocked after a year b/c I didn't need the extra horsepower. If this were just about games then we wouldn't all be so worked up, it's the commercial side that needs to be worried.

depends on the game and resolution you play on. Yeah if you play at 4k single-player only, it won't impact you as you are 100% GPU limited. Multiplayer say BF1 64-player needs a very beefy CPU. At 4k you mostly will still be GPU limited but there will be some dips due to CPU in crowded areas. Now go down to 1080p and 144 hz and a 10% penalty in CPU is huge.

 

[jpiniero]

Intel stock is almost exactly the same price today that it was on from nov 17 to the end of the month though. It's hard to see how he'll come under any serious scrutiny from the SEC over this. He should be more worried about his PR fiasco, even if he's not directly managing their response to this he could end up being the fall guy over it.

I still think he sold because of 10 nm, but the stock recovered because Intel stated that the flaws won't be material to results. Which I find hard to believe since at the very least you would think that The Cloud Guys will get even bigger discounts on processors now.