If looking at the geometric mean for the tests run today, the Intel systems all saw about 16% lower performance out-of-the-box now with these default mitigations and obviously even lower if disabling Hyper Threading for maximum security. The two AMD systems tested saw a 3% performance hit with the default mitigations. While there are minor differences between the systems to consider, the mitigation impact is enough to draw the Core i7 8700K much closer to the Ryzen 7 2700X and the Core i9 7980XE to the Threadripper 2990WX.
Oof.Context switching used to be faster on Intel CPUs over the AMD Zen CPUs, but that is certainly no longer the case. With these default mitigations, context switching is taking about five to six times longer than in the unmitigated configuration.
If I was an IT manager with half a brain, I have 2 options:By buying new hardware, of course.
Why are data centers running applications that do nothing but context switch?Context switching used to be faster on Intel CPUs over the AMD Zen CPUs, but that is certainly no longer the case. With these default mitigations, context switching is taking about five to six times longer than in the unmitigated configuration.
How are cloud providers and data centers going to cope with five to six times loss of performance?
If looking at the geometric mean of all the benchmarks carried out, the EPYC 7601 averages out to about a 1% hit with its Spectre mitigations. The dual Xeon Platinum 8280 Cascadelake setup with its mostly hardware-based mitigations was slower by 4% with the relevant mitigations enabled. Meanwhile the dual Xeon Gold 6138 server that unfortunately doesn't have the hardware mitigations saw a 11% hit from the benchmarks run with these Spectre/Meltdown/L1TF/MDS mitigations or 15% if disabling Hyper Threading as an additional measure based on the benchmarks carried out today.
Actually, no, since the hardware "fixes" make the 9th gen Intel processors more susceptible to Fallout. More like time to consider Epyc. Move all Internet exposed VMs to patched and Intel hyper threading disabled hosts and patched hosts for internal only that still need performance, until you can buy some Epyc based servers.
That's why Cascade has additional hardware mitigations.Actually no, since the hardware "fixes" make the Intel processors more susceptible to Fallout. More like time to consider Epyc. Move all web exposed VMs to patched and Intel hyper threading disabled hosts and patched hosts for internal only that still need performance, until you can buy some Epyc based servers to replace any generation of Intel processors, since even 9th gen has flaws.
It does appear that Intel states their 8th and 9th gen processors have Hardware fixes or via Microcode update and software patch.That's why Cascade has additional hardware mitigations.
That would be because there is a stepping for CFL-R that introduces more hardware mitigation’s AFAIK. Stepping R0It's interesting they indicate they have a hardware fix, but the Fallout paper indicates the Coffee Lake Refresh with it's hardware fix made it more susceptible.
The problem is validation. If you're rolling out new hardware from a new vendor, it takes time and money to get it ready for deployment on an organizational scale. It's easier to replace your current hardware from the same vendor, especially when switching from Skylake-SP to Cascade Lake-SP amounts to installing what is almost exactly the same uarch.Actually, no, since the hardware "fixes" make the 9th gen Intel processors more susceptible to Fallout.
. . . is about their CPU testing tool. It's bad, but it's not the CPUs themselves, just if you have the tool installed - presumably because it enables admin access to anyone.The SSD one doesn't seem to be a big deal, but the first one . . .
Updating software on an org level is a PITA though. And Intel isn't MS, they don't necessarily have autoupdates or anything of the sort.
If looking at the geometric mean for these various mitigation-sensitive benchmarks, the default mitigations on the Core i9 9900K amounted to a 28% hit while the Ryzen 7 2700X saw a 5% hit with its default Spectre mitigations and the new Ryzen 7 3700X came in at 6% and the Ryzen 9 3900X at just over 5%. Keep in mind these benchmarks ran for this article were a good portion of synthetic tests and focused on workloads affected by Spectre/Meltdown/L1TF/Zombieload. Many of these particular tests aren't multi-threaded and that's why you don't see as much of a difference between these HEDT and desktop CPUs as in our more normal benchmarks.
We'll update if hearing back from AMD on whether any software mitigation changes are expected for AMD Zen 2 processors given their hardware mitigations or if they still recommend these same conservative defaults as it currently stands in the Linux 5.2 kernel.
iPhones have never been "obscure" and Apple has never depended on security by obscurity for the iOS platform. It has always been locked down far tighter than Android. Apple doesn't want unauthorized non-AppStore code to run, even if it's not malicious.Apple's iOS is now know to have been exploited for years, with complete access to user's accounts and data gained by simply visiting a website.
Technical perspective from Porject Zero's blog:
How i this not OT, considering we're talking software based exploits from another company? Well, first of all Intel gets a relief package since Apple is now the king of pwned: active exploits used for years on unsuspecting customers.
Second of all... we now have the ultimate proof that security through obscurity is exactly as bad as some people warned it would be, and Intel is just as vulnerable from this perspective through their Management Engine. I hope AMD has a better approach, I haven't followed up on their decisions on this matter.
|Thread starter||Similar threads||Forum||Replies||Date|
|N||Intel CPUs Hit by NetCAT Security Vulnerability, AMD Not Impacted||CPUs and Overclocking||89|
|exact name of the screws used to secure the AM4 backplate||CPUs and Overclocking||3|