Yeahhh 3 fresh intel security holes

They’re the same flaw, just with a new flavor.
Intel messed up with their speculative execution security.
Now everyones just finding new way to poke at the wound.
If you read the article, i mean really read the article, and understand
(basically reading the 3 flaws description).
how big a difference is there between this and spectre/meltdown?
aka. you do some code which tells the cache to point somewhere else, and read
and voila you magically gain access to unencrypted memory.
ALL of it relying on speculative execution, and hypervisors.
Again im a AMD guy, and have disliked Intel ever since i read their bussiness history with bribes
and lawyers etc.
If anything take a poke at the corrupt bussiness pratice of Intel, and just let the horse die allready
instead of kicking it.

1 Like

I concur. AMD CPUs, like all complex electronics, likely contain a lot of severe bugs as well. But this is not an excuse for intel to produce insecure chips. Their reaction to Spectre/Meltdown was less than stellar as well.

Whatever the intentions of the security researchers are, the security issues are real and have to be dealt with.

So when they find a flaw, those “researchers” to need to be silent??. I don’t care so f everybody??. The thing thats for me the most telling about Intel sinds the core arch is its stil the same +avx512 but like 5 6 generations back get hit with those problems.

no they need to stop repeating “Hey i found the same error”, just with new makeup.
originally spectre and Meltdown were deadly as sin, because theoretically i could make a
webpage which read your system memory, and/or hosting companies were vulnerable to me
renting a VM and accessing other VM’s memory space.

Different cause same impact.

Not the same bug.

Requires different mitigation as well

4 Likes

This ^^

2 Likes

If they were the same why different CVE numbers? And press releases? And different services affected?

basically someone figured, hey if i smash this hammer against this window, it breaks.
All they’re doing is smashing a different window with the same hammer.
They’re using speculative execution, and kv-whatever to access what they’re not suppose to, like
spectre and meltdown did.
Google deserves a medal for their finding. These not so much.

1 Like

Well shit, by that logic every single computer virus is just a virus and any further work on virii is just moot. Its a computer virus, so the fuck what. Who cares if it has different attack vector, different mechanisms for infection, different replication code, different services… its a computer virus. Therefore we should stop having computer virii talked about because everyone knows what a virus is, new virii are just smashing the hammer that is a virus.

Please don’t make this a “moping about CPU boo-boo’s” thread.
This was never meant to be a cry about Intel or coo about AMD having less issues topic.

None of you are obligated to defend whatever CPU you happen to own.
Also no conspiracy trash, I’m sick of tech conspiracy stories, they have a bad tendancy to ruin threads and the we need to send posts to /dev/null
Nobody want’s to be in /dev/null, it’s a very cold dark place with no escape.

1 Like

they’re the same attack vector, thats the point…
just at a slightly altered trajection.
it’s not rocket science

BTW you are right.

I’m fully expecting the amount of issues found for AMD and ARM chips to grow proportionally to their market share.

Particularly once according to AMD’s strategy AMD Zen CPU’s start to grow in number of data center deployments more researchers will be getting their grubby hands on AMD hardware and finding problems.

Yes they are extremely similar. But they still require different countermeasures. The original protections put in place for meltdown/spectre do not defend against the new vulnerabilities. Even if researchers stop looking for vulnerabilities in intel CPUs, attackers won’t.

Naw.

Real talk, Meltdown was 5%, Spectre 8% (with retpoline) and now looks like L1Terminal will be 3%. So we’re looking at a no bullshitting around 8% performance drop over the past year due to Intel-only bugs and another 8% due to Spectre which hits ARM and AMD too.

Now if you have to turn off HT, L1Terminal will make Meltdown and Spectre look like afterthoughts. That would be catastrophic.

2 Likes

That’s it. I’m going to put money aside each month that for a Ryzen Acer Helios 500 lol. I’m done with this crap. Meltdown and Spectre performance degradation was bad enough on Linux.

Ah, okay. I seem to recall people throwing around 30% as if it was accurate. Specifically, the Epic Games CPU load charts were what sold me.

But 8% is still nothing to sneeze at, considering that’s damn close to the performance improvements per release on Intel lately.

you mean the last 3 put together, or do they ramp the clocks in server just like on the desktop?

When RISC looks better.

1 Like

There are implementation bugs (shit happens, sometimes things don’t work as you expect), and there is complete brain damage, such as executing code BEFORE validating permission to execute.

I am still stunned that this approach was OK’d as a performance hack, But hey, performance at all costs, right? This was a conscious design decision of prioritising performance at the expense of security, ASSUMING you can un-wind what you did without taking into account caches, impact those instructions may have had on other things, etc.

1 Like

I guess this applies to the US being the most litigious or maybe the EU.

Intel will no double have more NDA’s to be revealed with performance hits to come out.

What is there obligation on selling these and new 9K series processors known to be flawed but under NDA’s for patching / mitigation’s. Of course we will find out when the NDA expires.

Its an interesting time because Intel is king of server machines world wide and there so flawed because of short cuts to performance. Is it another case of too big to fail ?

If a small company short cuts big players they squash them flat.