Intel chip massive security flaw
- AttenuationHz
- Posts: 2048
- Joined: 20 Mar 2015
- Location: Back of the Rack-1
Right and AMD just happen to not be affected. Please scaremongering from an AMD lobbyist is all that is!grueser3 wrote: ↑03 Jan 2018you would think with all the money and talent intel has, things like this wouldn’t happen.
https://www.engadget.com/2018/01/03/int ... mory-flaw/
It is not too much of an ask for people or things to be the best version of itself!
- esselfortium
- Posts: 1456
- Joined: 15 Jan 2015
- Contact:
???
It's real and demonstrable with a proof-of-concept program. Windows and Linux kernel patches are already being created to work around it, at a cost to performance. That's not something Microsoft or other developers would do frivolously.
It's real and demonstrable with a proof-of-concept program. Windows and Linux kernel patches are already being created to work around it, at a cost to performance. That's not something Microsoft or other developers would do frivolously.
Sarah Mancuso
My music: Future Human
My music: Future Human
This appears to be very real.AttenuationHz wrote: ↑03 Jan 2018Right and AMD just happen to not be affected. Please scaremongering from an AMD lobbyist is all that is!grueser3 wrote: ↑03 Jan 2018you would think with all the money and talent intel has, things like this wouldn’t happen.
https://www.engadget.com/2018/01/03/int ... mory-flaw/
https://www.techspot.com/news/72550-mas ... -cpus.html
https://www.pcworld.com/article/3245606 ... c-mac.html
- FlowerSoldier
- Posts: 470
- Joined: 03 Jun 2016
The Intel PR piece is shady af.
Look how they imply it affects AMD too...
...which it doesn't.
Lawyers gonna lawyer.
https://newsroom.intel.com/news/intel-r ... -findings/
Look how they imply it affects AMD too...
...which it doesn't.
Lawyers gonna lawyer.
https://newsroom.intel.com/news/intel-r ... -findings/
Yeah I saw that, figures since their stock is taking a wack and AMD is up.FlowerSoldier wrote: ↑03 Jan 2018The Intel PR piece is shady af.
Look how they imply it affects AMD too...
...which it doesn't.
Lawyers gonna lawyer.
https://newsroom.intel.com/news/intel-r ... -findings/
- AttenuationHz
- Posts: 2048
- Joined: 20 Mar 2015
- Location: Back of the Rack-1
Some anti-virus company will be next coming out with a complete fix for the problem!
It is not too much of an ask for people or things to be the best version of itself!
I think that’s where the problem lies, any fix from what I’ve read is what’s going to affect the performance of the hardware. It’ll be interesting to see how this all plays out.AttenuationHz wrote: ↑03 Jan 2018Some anti-virus company will be next coming out with a complete fix for the problem!
-
- Posts: 275
- Joined: 14 Mar 2017
My thoughts exactly. Maybe not a complete fix right away but a decent one only applied when needed and not just 'always'...AttenuationHz wrote: ↑03 Jan 2018Some anti-virus company will be next coming out with a complete fix for the problem!
For the end-user, the highest risk lies in the browser, where f.e. a Java script exploits syscalls to intercept kernel data before the security checks or worse, in doing so defeating the kernel memory-map randomisation. Not the only but the highest risk because it is among the most widely used 'tools' or apps used by end-users.
Since most if not all virus and maware scanners are these days highly focused on all browser activity, apart from their usual disk and email real-scan tools, it couldn't be that insurmountable to come up with a malware or AV fix that handles it like all other av patches handle such exploits.
Then there is also the third party firewall companies who will, from their part, probably also come up with ways to do something similar (?)
Though until that can be confirmed we have to be very vigilant towards this patch, especially the one MS will isue next Patch Tuesday.
It was already tested in November 2017 through the Insider Preview update apparently, and they'll issue it for both Win 7/8 and Win10.
I can imagine I'm not the only one thinking I'd rather wait a while until the above stated can be confirmed and a fix will come from the AV, maware and FW devs, instead of blindly accepting this quickly rushed patch that will slow down your cpu.
And BEWARE, although they state that for the avarage user the impact would be minimal, for us music producers that fart won't fly !
Using a DAW means real-time processes that WILL be highly affected with this patch, and also the amount of threads in use will determine how much: the more threads the slower your cpu will be ! Expect something between 7-30% !
To be clear: it is NOT the issue that causes this but the patch that prevents the issue by isolating the entire kernel from user mode, forcing the cpu to switch memory spaces on EACH syscall and each hardware I/O interrupt !
When the AV apps come out with a fix it should prevent the same issue without slowing down the entire system,
by only isolating the kernel leaks when the exploit is attempted to be abused, instead of 'always' with this patch.
Expecially for win7 users this would make all the difference, 'assuming' that, since they could care less for Win7, their Win10 patch would be less of a 'bogg-job' than that for Win7.
Then also for AMD users it is important to know that MS will most probably be forcing this patch to ALL x86 processors, including AMD's that aren't even affected by the issue due to different security architecture (their kernel doesn't allow speculative memory accesses from less privileged code). Linux has already issued a fix that excludes AMD chips from installing the patch, though I highly doubt, as do many others, that MS is going to do the same, so beware everyone using an AMD when installing Windows updates come Tuesday.
This is all Intel's fault imo. They have most likely known of this flaw for years but never acted on it.
Basically they got caught, and on corporate level they'll receive the blow for this huge blunder.
-
- Posts: 275
- Joined: 14 Mar 2017
This is highly debatable, because we are talking about 'tiny' leaks from lower priviliged user mode executions making syscalls to the kernel, that potential 'malicious' code executed by a running app or process could exploit, and read/extract these 'tiny' amounts of kernel data from this leak.grueser3 wrote: ↑03 Jan 2018I think that’s where the problem lies, any fix from what I’ve read is what’s going to affect the performance of the hardware. It’ll be interesting to see how this all plays out.AttenuationHz wrote: ↑03 Jan 2018Some anti-virus company will be next coming out with a complete fix for the problem!
The way in which this exploit can be abused is not unlike most mallicious code, which all AV and malware companies have been fighting for decades now. They will most likely not pass on this opportunity to do the same.
MS provides this patch f.e., that simply circumvents the leak (not 'fixing' it at all actually : only a hardware fix is an actual fix!) by issuing a full kernel isolation from user mode, which is certainly the most secure option but causes a crapload of unneeded overhead for the system, by forcing the cpu to switch mem spaces upon each syscal, causing a lag of about 200 cpu cycles per syscall opposed to less than 1 per.
Especially for databases like SQL, real-time execution code and handlings, and basically any kind of task(s) requiring many user mode syscalls, this patch will wreak havoc to upto 60% (!!!) loss.
It shouldn't be impossible for AV devs to find a way to block access to the kernel from such lower priviliged code when attempted to be executed from let's say a malicious script running in IE trying to abuse this specific exploit of trying to access the kernel from a user mode level without the proper security checks prior to it. So then effectively isolating the kernel only when a user mode call is being made. In this case the cpu would only have to switch memory spaces when the AV detects a user mode call to the kernel.
I wouldn't expect something like that in a matter of days or weeks, but perhaps months if such approach is indeed attainable.
-
- Posts: 536
- Joined: 03 Aug 2016
We're definitely going to need a thread where we can monitor how much the imminent Windows patch will affect Reason performance, with and without various categories of REs and VSTs. I know that I'm not going to want to apply the patch until I can see what kind of hit to expect. This thread would be the most logical place to do that, but I worry that it won't get as much attention as it should if it's in this subforum. Would it make sense to start a thread to monitor this issue in the main "Reason General" forum? Possibly even making it a sticky for now? What do the mods think? Bear in mind, this could have a huge impact on the day-to-day usability of Reason for many users, and lots of people will be wondering why they're experiencing sudden slowdowns with no idea what might be causing them, and they may not even think to check in this part of the forum.
So where's the mainstream press Google proof gamers? It's a hoax
Reason 12 ,gear4 music sdp3 stage piano .nektar gxp 88,behringer umc1800 .line6 spider4 30
hear scince reason 2.5
hear scince reason 2.5
https://uk.yahoo.com/news/serious-intel ... 00415.html
i hoped, yet theirs nothing about the update halving cpu speeds
i hoped, yet theirs nothing about the update halving cpu speeds
Reason 12 ,gear4 music sdp3 stage piano .nektar gxp 88,behringer umc1800 .line6 spider4 30
hear scince reason 2.5
hear scince reason 2.5
This affects both Intel, AMD and ARM processors and is an issue with speculative execution in most modern processors (doing tasks before they're being executed)
Kenni Andruszkow
SoundCloud
SoundCloud
There are 2 exploits, called Meltdown and Spectre. Meltdown affects Intel only, and Spectre affects all CPUs including ARM architecture. That means your phone is also vulnerable to Spectre. Meltdown mostly affects virtual machines. If you don't know what that is, you will not be affected. Anyone who has an Intel CPU should not worry about performance loss.
Based on years of reading threads on software and hardware computer on Reasontalk, very few people here know what the hell they are talking about. So chill out and let the engineers fix the issue. There are way more important things at stake than DAW and VST performance loss that affects everyone since the entire internet relies on servers and virtual machines to run.
Based on years of reading threads on software and hardware computer on Reasontalk, very few people here know what the hell they are talking about. So chill out and let the engineers fix the issue. There are way more important things at stake than DAW and VST performance loss that affects everyone since the entire internet relies on servers and virtual machines to run.
- AttenuationHz
- Posts: 2048
- Joined: 20 Mar 2015
- Location: Back of the Rack-1
That's such a nice thing to say...Vyckeil wrote: ↑04 Jan 2018There are 2 exploits, called Meltdown and Spectre. Meltdown affects Intel only, and Spectre affects all CPUs including ARM architecture. That means your phone is also vulnerable to Spectre. Meltdown mostly affects virtual machines. If you don't know what that is, you will not be affected. Anyone who has an Intel CPU should not worry about performance loss.
Based on years of reading threads on software and hardware computer on Reasontalk, very few people here know what the hell they are talking about. So chill out and let the engineers fix the issue. There are way more important things at stake than DAW and VST performance loss that affects everyone since the entire internet relies on servers and virtual machines to run.
It is not too much of an ask for people or things to be the best version of itself!
Sorry to be blunt but that's just something I noticed. The point being, chill out and keep making music. These exploits probably won't affect any of us.AttenuationHz wrote: ↑04 Jan 2018That's such a nice thing to say...Vyckeil wrote: ↑04 Jan 2018There are 2 exploits, called Meltdown and Spectre. Meltdown affects Intel only, and Spectre affects all CPUs including ARM architecture. That means your phone is also vulnerable to Spectre. Meltdown mostly affects virtual machines. If you don't know what that is, you will not be affected. Anyone who has an Intel CPU should not worry about performance loss.
Based on years of reading threads on software and hardware computer on Reasontalk, very few people here know what the hell they are talking about. So chill out and let the engineers fix the issue. There are way more important things at stake than DAW and VST performance loss that affects everyone since the entire internet relies on servers and virtual machines to run.
- stratatonic
- Posts: 1507
- Joined: 15 Jan 2015
- Location: CANADA
Nothing like getting everyone all hyped up by calling the "exploits" Meltdown and Spectre - as opposed to , say, Teddy Bear and Gummy Bear...
- Exowildebeest
- Posts: 1553
- Joined: 16 Jan 2015
Here's my Geekbench benchmarks for 8700k on Win10:
Before patch:
Single-core - 6092
Multi-core - 27336
After patch:
Single-core - 6057
Multi-core - 27120
There seems to be some loss of performance in this benchmark test, but not much. It remains unclear how audio workloads/Reason are affected. Audio workloads are woefully underrepresented in benchmark tests - it's all video, games, physics, cryptography and whatnot. And I did not have time yesterday to figure out some pre-patch Reason benchmark.
Let's hope the difference won't be noticable in everyday audio use.
Edit: don't read too much into these scores, as it's unclear which tasks in the benchmark cause the lower score. For all I know, on task may be massively slower while the others are faster. I'll have to look at the entire table of results and see if I can find any differences that stand out.
Edit2: most significant slowdowns I can find are in JPEG and PDF rendering and HTML5 parse, -3 to -5 % give or take. I think this relates to accessing my nvme SSD. I don't think that'll be the bottleneck for audio rendering.
Before patch:
Single-core - 6092
Multi-core - 27336
After patch:
Single-core - 6057
Multi-core - 27120
There seems to be some loss of performance in this benchmark test, but not much. It remains unclear how audio workloads/Reason are affected. Audio workloads are woefully underrepresented in benchmark tests - it's all video, games, physics, cryptography and whatnot. And I did not have time yesterday to figure out some pre-patch Reason benchmark.
Let's hope the difference won't be noticable in everyday audio use.
Edit: don't read too much into these scores, as it's unclear which tasks in the benchmark cause the lower score. For all I know, on task may be massively slower while the others are faster. I'll have to look at the entire table of results and see if I can find any differences that stand out.
Edit2: most significant slowdowns I can find are in JPEG and PDF rendering and HTML5 parse, -3 to -5 % give or take. I think this relates to accessing my nvme SSD. I don't think that'll be the bottleneck for audio rendering.
ugg -
"Intel's stock took a small hit this week, but making matters even more uncomfortable, Intel CEO Brian Krzanich sold off $24 million worth of stock and options in the company in late November. Intel was already aware of the chip vulnerability then."
https://www.techspot.com/news/72576-mas ... -what.html
"Intel's stock took a small hit this week, but making matters even more uncomfortable, Intel CEO Brian Krzanich sold off $24 million worth of stock and options in the company in late November. Intel was already aware of the chip vulnerability then."
https://www.techspot.com/news/72576-mas ... -what.html
- AttenuationHz
- Posts: 2048
- Joined: 20 Mar 2015
- Location: Back of the Rack-1
Smart man!splangie wrote: ↑04 Jan 2018ugg -
"Intel's stock took a small hit this week, but making matters even more uncomfortable, Intel CEO Brian Krzanich sold off $24 million worth of stock and options in the company in late November. Intel was already aware of the chip vulnerability then."
https://www.techspot.com/news/72576-mas ... -what.html
It is not too much of an ask for people or things to be the best version of itself!
Here is another benchmark (not mine) - It's pre-Skylake (Haswell) which is said to suffer more from this.
https://www.reddit.com/r/pcmasterrace/c ... 2_i74790k/
I have the same CPU and the latest Windows update. As far I can tell there isn't any noticable performance decrease, even in moderately CPU-heavy projects. DSP usage might be a tad worse, but I haven't done before/after tests, so I can't really tell.
https://www.reddit.com/r/pcmasterrace/c ... 2_i74790k/
I have the same CPU and the latest Windows update. As far I can tell there isn't any noticable performance decrease, even in moderately CPU-heavy projects. DSP usage might be a tad worse, but I haven't done before/after tests, so I can't really tell.
Please, someone do a before/after test using their lowest latency settings. I don't know enough about what's going on to really know, but I suspect that it might be more of a problem with small buffer sizes, since that brings out big differences between different cpus.
- Exowildebeest
- Posts: 1553
- Joined: 16 Jan 2015
JPEG, Canny, PDF - same areas affected on my 8700k, but yeah probably somewhat less harshly.Tumble wrote: ↑04 Jan 2018Here is another benchmark (not mine) - It's pre-Skylake (Haswell) which is said to suffer more from this.
https://www.reddit.com/r/pcmasterrace/c ... 2_i74790k/
-
- Posts: 536
- Joined: 03 Aug 2016
The concern is primarily for pre-Haswell chips. If you're on a Haswell or later, you have a full suite of PCID features on-chip and shouldn't expect to see much slowdown from the imminent patches. However, for those of us on older chips (Sandy/Ivy Bridge in particular still have a big install base), there's some potential for real problems. We're definitely going to need to collect some performance reports from pre-Haswell users. And by "performance reports" I don't mean benchmarking, I mean loading up Reason songs that pushed the system hard to begin with and seeing if they still run.
-
- Information
-
Who is online
Users browsing this forum: No registered users and 17 guests