Intel backdoor: not a bug, a feature (buy a new processor!!!)

For friendly off topic discussion not covered in a forum above.
Forum rules
No politics, please.
User avatar
jan-jaap
Donor
Donor
Posts: 4955
Joined: Thu Jun 17, 2004 11:35 am
Location: Wijchen, The Netherlands
Contact:

Re: Intel backdoor: not a bug, a feature (buy a new processor!!!)

Unread postby jan-jaap » Thu Jan 04, 2018 3:23 am

Raion-Fox wrote:I'm glad I'm buying a Talos. Because AMD still has issues including the Security Processor which cannot be disabled (the BIOS switch is just a dummy switch similar to the AMT switch in an Intel BIOS) as it is integral to boot.

I may sound like a villain from a James Bond movie, but: you may run from pesky management engines but you can't hide from Spectre:
https://access.redhat.com/security/vulnerabilities/speculativeexecution wrote:There are 3 known CVEs related to this issue in combination with Intel, AMD, and ARM architectures. Additional exploits for other architectures are also known to exist. These include IBM System Z, POWER8 (Big Endian and Little Endian), and POWER9 (Little Endian).

Raion-Fox wrote:MIPS is unaffected :p

R10000 and newer do branch prediction and speculative execution, so until proven otherwise are possibly susceptible to a Spectre attack. Could be an interesting exercise. And then someone has to port a web browser with working JIT to IRIX for it to become dangerous ;)
:PI: :Indigo: :Indigo: :Indy: :Indy: :Indy: :Indigo2: :Indigo2: :Indigo2IMP: :Octane: :Octane2: :O2: :O2+: Image :Fuel: :Tezro: :4D70G: :Skywriter: :PWRSeries: :Crimson: :ChallengeL: :Onyx: :O200: :Onyx2: :O3x02L:
To accentuate the special identity of the IRIS 4D/70, Silicon Graphics' designers selected a new color palette. The machine's coating blends dark grey, raspberry and beige colors into a pleasing harmony. (IRIS 4D/70 Superworkstation Technical Report)

User avatar
SiliconClassics
Posts: 1490
Joined: Sun Apr 11, 2004 5:07 pm
Location: New York
Contact:

Re: Intel backdoor: not a bug, a feature (buy a new processor!!!)

Unread postby SiliconClassics » Thu Jan 04, 2018 5:52 am

Exactly how dangerous is this flaw? According to the link "It allows normal user programs – from database applications to JavaScript in web browsers – to discern to some extent the layout or contents of protected kernel memory areas" - so does this mean a web page could silently read my passwords from system memory? And couldn't a browser or Java update protect against this? Not sure exactly what the risk is at a practical level.
Silicon Classics on: YouTube | Twitter | Google+

User avatar
Raion-Fox
Donor
Donor
Posts: 1536
Joined: Thu Jan 30, 2014 5:01 pm
Location: near King George, Virginia
Contact:

Re: Intel backdoor: not a bug, a feature (buy a new processor!!!)

Unread postby Raion-Fox » Thu Jan 04, 2018 6:37 am

The Meltdown flaw isn't some sort of defect for Intel chips but a design flaw that nobody 20 years ago could have possibly known. That's not a quality flaw. Intel chips are still the best performers on the market.

AMD alienated me after years of poor quality GPU drivers on all platforms, and poor performance. Ryzen is closer but not quite there in terms of a threat to Intel as it barely scrapes Has well. Epyc is price competitive and has better I/O but not much else, it would potentially be good for OpenCL or other GPU dependent loads.

I am aware Spectre is affecting all modern architectures. I was talking MIPS has immunity to Meltdown.
:O3x02L: R16000 700MHz 8GB RAM kanna
:Octane: R12000 300MHz SI 896MB RAM yuuka
:Octane2: R12000A 400MHz V6 2.5GB RAM
:Tezro: Quad R16000 700MHz V12 8GB RAM murasaki
:Indy: (Acclaim) R4600 133MHz XL Graphics 32MB RAM
:Indy: (Challenge S) R4600 133MHz (MIPS III Build Server)

I am probably posting from yangxiaolong, HP Z230 with Xeon E3-1230v3, 16GB RAM, GeForce 750ti, and running NetBSD and Windows 8.1 Embedded.
Owner and operator of http://irix.pw

User avatar
Trippynet
Donor
Donor
Posts: 831
Joined: Thu Aug 15, 2013 6:22 am
Location: Aberdeen, Scotland, UK

Re: Intel backdoor: not a bug, a feature (buy a new processor!!!)

Unread postby Trippynet » Thu Jan 04, 2018 7:17 am

SiliconClassics wrote:Exactly how dangerous is this flaw? According to the link "It allows normal user programs – from database applications to JavaScript in web browsers – to discern to some extent the layout or contents of protected kernel memory areas" - so does this mean a web page could silently read my passwords from system memory? And couldn't a browser or Java update protect against this? Not sure exactly what the risk is at a practical level.


Well, it depends which one you mean. You're maybe best to read this summary of the pair of them as it goes into good detail: https://www.theregister.co.uk/2018/01/0 ... erability/

Raion-Fox wrote:AMD alienated me after years of poor quality GPU drivers on all platforms, and poor performance. Ryzen is closer but not quite there in terms of a threat to Intel as it barely scrapes Has well.


Well, GPUs and CPUs are different products. Personally, I went off Nvidia a bit some time back after being stung by the bad-bump scandal with the GeForce 8 series that left me with a paperweight about 3 months after the warranty had expired (and I've not had problems with Radeon drivers recently), but my latest card is an Nvidia card again as I believed it a better choice than the AMD Vega cards.

Performance wise, well it depends what and when you buy. My previous AMD CPU was an Athlon X2, and these comfortably outperformed the competing Pentium D CPUs in both single and multi-threaded workloads. Of course, AMD's more recent CPUs have generally been pretty poor, which is why my last CPU was a Core i5.

Ultimately, Ryzen is an interesting one as it's better than current Intel CPUs at some workloads, and weaker at others. If single-threaded performance is all that matters to you, I agree that Intel are currently the fastest. For multi-threaded workloads, Ryzen is better at the same price point - you have to pay a lot more for an Intel CPU that can compete (my CPU is 8 core. For the price I paid, you're stuck with a 4 core Core i7).

Hence, I like to look at current technology and buy what is best suited for my needs at the present time (I didn't let Intel's dreadful P4s put me off buying my previous Core i5 for example). And right now, Ryzen offers better multi-threaded performance for most apps with single-threaded performance that is also respectable enough for what I need. I run very little single-threaded stuff these days where CPU power is the limiting factor. But like I say, that's my usage requirements - yours may be different.

Raion-Fox wrote:The Meltdown flaw isn't some sort of defect for Intel chips but a design flaw that nobody 20 years ago could have possibly known. That's not a quality flaw.


20 years ago, sure! But even Intel CPUs being sold today (and with modern designs) are vulnerable. Call it what you will, it's a pretty serious design flaw (the fix for which will cost at least some level of performance) and it's a flaw that does not exist on AMD's CPUs. Performance wise, we'll have to see how much of a hit is taken in different situations once the patches roll out.
Systems in use:
:Indigo2IMP: - Nitrogen: R10000 195MHz CPU, 384MB RAM, SolidIMPACT Graphics, 36GB 15k HDD & 300GB 10k HDD, 100Mb/s NIC, New/quiet fans, IRIX 6.5.22
:Fuel: - Lithium: R14000 600MHz CPU, 4GB RAM, V10 Graphics, 72GB 15k HDD & 300GB 10k HDD, 1Gb/s NIC, New/quiet fans, IRIX 6.5.30
Other system in storage: :O2: R5000 200MHz, 224MB RAM, 72GB 15k HDD, PSU fan mod, IRIX 6.5.30

User avatar
bifo
Posts: 87
Joined: Sat Aug 20, 2016 8:02 pm

Re: Intel backdoor: not a bug, a feature (buy a new processor!!!)

Unread postby bifo » Thu Jan 04, 2018 7:41 am

The reg also has a good overview of how intel is trying to PR-wipe this away

https://www.theregister.co.uk/2018/01/0 ... notations/

User avatar
Raion-Fox
Donor
Donor
Posts: 1536
Joined: Thu Jan 30, 2014 5:01 pm
Location: near King George, Virginia
Contact:

Re: Intel backdoor: not a bug, a feature (buy a new processor!!!)

Unread postby Raion-Fox » Thu Jan 04, 2018 7:48 am

Trippynet wrote:Performance wise, well it depends what and when you buy. My previous AMD CPU was an Athlon X2, and these comfortably outperformed the competing Pentium D CPUs in both single and multi-threaded workloads. Of course, AMD's more recent CPUs have generally been pretty poor, which is why my last CPU was a Core i5.


Yeah 10 years is a long time for a CPU. The Pentium D and other Netburst based CPUs were pretty awful.

Trippynet wrote:Ultimately, Ryzen is an interesting one as it's better than current Intel CPUs at some workloads, and weaker at others. If single-threaded performance is all that matters to you, I agree that Intel are currently the fastest. For multi-threaded workloads, Ryzen is better at the same price point - you have to pay a lot more for an Intel CPU that can compete (my CPU is 8 core. For the price I paid, you're stuck with a 4 core Core i7).


I have a Xeon E3-1230v3, soon to be upgraded to a 1245v3. The multithread performance is about comparable. Haswell was released in 2013. So Ryzen is barely as good as a 4 year old CPU design. Not something to be proud of. And like it or not, a lot of software depends on ST. If I was say doing HPC then I'd be comparing Epyc to high end Xeons, not a low end one like I have and more dependent on ST.

Trippynet wrote:Hence, I like to look at current technology and buy what is best suited for my needs at the present time (I didn't let Intel's dreadful P4s put me off buying my previous Core i5 for example). And right now, Ryzen offers better multi-threaded performance for most apps with single-threaded performance that is also respectable enough for what I need. I run very little single-threaded stuff these days where CPU power is the limiting factor. But like I say, that's my usage requirements - yours may be different.


I need ECC, so there's that too. I'd have to go Epyc to do that, but I never buy new hardware anyways. I always buy used. It's almost always a better value.

Raion-Fox wrote:The Meltdown flaw isn't some sort of defect for Intel chips but a design flaw that nobody 20 years ago could have possibly known. That's not a quality flaw.


Trippynet wrote:20 years ago, sure! But even Intel CPUs being sold today (and with modern designs) are vulnerable. Call it what you will, it's a pretty serious design flaw (the fix for which will cost at least some level of performance) and it's a flaw that does not exist on AMD's CPUs. Performance wise, we'll have to see how much of a hit is taken in different situations once the patches roll out.


Chip fabrication to fix this will take a long time, but they didn't have much advance notice. Months may as well be minutes to a chip manufacturer. If they shut down production lines it would have raised suspicion and put thousands out of work. It's hard to keep secrets that way. I don't foresee this being fixed until well after Cannon Lake. Maybe Ice Lake. But not Cannon Lake. They've already started production for Cannon. Nothing short of a court order will stop their production now.

As for that article, I don't get how unprofessional journalism gets a past. They're literally mocking them in a kindergarten way. The media handled this poorly. There should have been a press blackout temporarily until the full extent of the exploits were published and most updates were rolled out.
:O3x02L: R16000 700MHz 8GB RAM kanna
:Octane: R12000 300MHz SI 896MB RAM yuuka
:Octane2: R12000A 400MHz V6 2.5GB RAM
:Tezro: Quad R16000 700MHz V12 8GB RAM murasaki
:Indy: (Acclaim) R4600 133MHz XL Graphics 32MB RAM
:Indy: (Challenge S) R4600 133MHz (MIPS III Build Server)

I am probably posting from yangxiaolong, HP Z230 with Xeon E3-1230v3, 16GB RAM, GeForce 750ti, and running NetBSD and Windows 8.1 Embedded.
Owner and operator of http://irix.pw

User avatar
thunderbird32
Posts: 53
Joined: Thu Sep 20, 2012 7:33 pm
Location: Joliet, United States
Contact:

Re: Intel backdoor: not a bug, a feature (buy a new processor!!!)

Unread postby thunderbird32 » Thu Jan 04, 2018 8:16 am

Raion-Fox wrote:I need ECC, so there's that too. I'd have to go Epyc to do that...


I'm pretty sure both Ryzen and Threadripper support ECC RAM (depending on motherboard).
Digital Personal Workstation 500au
HP Visualize C3700 (HP-UX 11.11)
IBM RS/6000 7011-250 (AIX 4.3.3) | IBM RS/6000 7044-170 (AIX 5.3)
Sun SPARCclassic (SunOS 4.1.4) | Sun Ultra 1 (Solaris 2.6)

User avatar
Raion-Fox
Donor
Donor
Posts: 1536
Joined: Thu Jan 30, 2014 5:01 pm
Location: near King George, Virginia
Contact:

Re: Intel backdoor: not a bug, a feature (buy a new processor!!!)

Unread postby Raion-Fox » Thu Jan 04, 2018 8:51 am

thunderbird32 wrote:
Raion-Fox wrote:I need ECC, so there's that too. I'd have to go Epyc to do that...


I'm pretty sure both Ryzen and Threadripper support ECC RAM (depending on motherboard).


AMD does not validate ECC for their consumer chips. Same as Intel.
:O3x02L: R16000 700MHz 8GB RAM kanna
:Octane: R12000 300MHz SI 896MB RAM yuuka
:Octane2: R12000A 400MHz V6 2.5GB RAM
:Tezro: Quad R16000 700MHz V12 8GB RAM murasaki
:Indy: (Acclaim) R4600 133MHz XL Graphics 32MB RAM
:Indy: (Challenge S) R4600 133MHz (MIPS III Build Server)

I am probably posting from yangxiaolong, HP Z230 with Xeon E3-1230v3, 16GB RAM, GeForce 750ti, and running NetBSD and Windows 8.1 Embedded.
Owner and operator of http://irix.pw

User avatar
thunderbird32
Posts: 53
Joined: Thu Sep 20, 2012 7:33 pm
Location: Joliet, United States
Contact:

Re: Intel backdoor: not a bug, a feature (buy a new processor!!!)

Unread postby thunderbird32 » Thu Jan 04, 2018 9:12 am

Ah, wasn't aware you needed official support. ECC will at least work in AMD's consumer grade systems, whereas with Intel they won't.
Digital Personal Workstation 500au
HP Visualize C3700 (HP-UX 11.11)
IBM RS/6000 7011-250 (AIX 4.3.3) | IBM RS/6000 7044-170 (AIX 5.3)
Sun SPARCclassic (SunOS 4.1.4) | Sun Ultra 1 (Solaris 2.6)

User avatar
Raion-Fox
Donor
Donor
Posts: 1536
Joined: Thu Jan 30, 2014 5:01 pm
Location: near King George, Virginia
Contact:

Re: Intel backdoor: not a bug, a feature (buy a new processor!!!)

Unread postby Raion-Fox » Thu Jan 04, 2018 9:39 am

I need validation because of some of the data I work with
:O3x02L: R16000 700MHz 8GB RAM kanna
:Octane: R12000 300MHz SI 896MB RAM yuuka
:Octane2: R12000A 400MHz V6 2.5GB RAM
:Tezro: Quad R16000 700MHz V12 8GB RAM murasaki
:Indy: (Acclaim) R4600 133MHz XL Graphics 32MB RAM
:Indy: (Challenge S) R4600 133MHz (MIPS III Build Server)

I am probably posting from yangxiaolong, HP Z230 with Xeon E3-1230v3, 16GB RAM, GeForce 750ti, and running NetBSD and Windows 8.1 Embedded.
Owner and operator of http://irix.pw

User avatar
marshallh
Posts: 26
Joined: Tue Nov 03, 2009 12:53 pm

Re: Intel backdoor: not a bug, a feature (buy a new processor!!!)

Unread postby marshallh » Thu Jan 04, 2018 11:18 am

To be fair, current Intel chips have essentially identical single-thread perf to their predecessors from 3 years ago

User avatar
Raion-Fox
Donor
Donor
Posts: 1536
Joined: Thu Jan 30, 2014 5:01 pm
Location: near King George, Virginia
Contact:

Re: Intel backdoor: not a bug, a feature (buy a new processor!!!)

Unread postby Raion-Fox » Thu Jan 04, 2018 11:36 am

marshallh wrote:To be fair, current Intel chips have essentially identical single-thread perf to their predecessors from 3 years ago


Essentially why I can use Haswell.
:O3x02L: R16000 700MHz 8GB RAM kanna
:Octane: R12000 300MHz SI 896MB RAM yuuka
:Octane2: R12000A 400MHz V6 2.5GB RAM
:Tezro: Quad R16000 700MHz V12 8GB RAM murasaki
:Indy: (Acclaim) R4600 133MHz XL Graphics 32MB RAM
:Indy: (Challenge S) R4600 133MHz (MIPS III Build Server)

I am probably posting from yangxiaolong, HP Z230 with Xeon E3-1230v3, 16GB RAM, GeForce 750ti, and running NetBSD and Windows 8.1 Embedded.
Owner and operator of http://irix.pw

User avatar
escimo
Posts: 121
Joined: Sat Mar 22, 2008 4:07 am
Location: Frankfurt/Main, Germany
Contact:

Re: Intel backdoor: not a bug, a feature (buy a new processor!!!)

Unread postby escimo » Thu Jan 04, 2018 11:46 am

What irony: although I have CPU systems (i386, i486, SPARC V7) from the years before 1995 but the OS is so outdated that we don't have to speak about security at all. Soon the reboot wave in Amazon AWS should start. :arrow:
Sun Solaris 2.4 @ SPARCstation 2 and SNI PCD-4H. Migration path: NetBSD

User avatar
tomvos
Donor
Donor
Posts: 139
Joined: Fri Jul 04, 2008 1:08 pm
Location: Aachen, Germany, Europe
Contact:

Re: Intel backdoor: not a bug, a feature (buy a new processor!!!)

Unread postby tomvos » Thu Jan 04, 2018 12:35 pm

robespierre wrote:I think this may finally be the goad that makes people take new computer architectures like The Mill seriously.


I might go a little off-topic ... I found the mill architecture pretty intriguing. However I'm not really able to tell whether spectre or meltdown would not be able to be exploited on the mill architecture, too?

https://millcomputing.com/docs/prediction/
:Fuel: :Octane2: :O2: :O2: :1600SW: :Indy: :Indy:
Where subtlety fails us we must simply make do with cream pies.

robespierre
Posts: 1609
Joined: Mon Sep 12, 2011 2:28 pm
Location: Boston

Re: Intel backdoor: not a bug, a feature (buy a new processor!!!)

Unread postby robespierre » Thu Jan 04, 2018 1:50 pm

tomvos wrote:However I'm not really able to tell whether spectre or meltdown would not be able to be exploited on the mill architecture, too?

I haven't had time to work out whether the Spectre approach would work or not. The side-channel exploited by this family of attacks is that the cache is not fully associative, and that a speculative cache load can evict another cache line with some address bits in common. So if you test how fast you can access a certain cache line A legitimately, you can detect when it has been evicted by another cache line B which you cannot access. And that cache line B can be loaded based on arbitrary data (a double indirect data access) executed speculatively. This scheme can be stopped by several architectural changes, the most obvious of which is datatype tags that distinguish addresses. Another change would be to use fine-grained parallelism so you don't have different trust domains within the same address space. Mandatory array bounds checking would also work: Spectre relies on the processor speculating down a branch that falsely assumes the array index is within bounds.
:PI: :O2: :Indigo2IMP: :Indigo2IMP:


Return to “Everything Else”

Who is online

Users browsing this forum: No registered users and 2 guests