Reddoguk:

Could also be a ploy to force people on to the next "secure" platform. ^^

Fixd that for ya...

It's the gift that keeps on giving............................................. This is a perfect gift for an enemy 😉

There is a lot more inside than just intel it seems... or perhaps there is barely anything inside due to all the holes.

Kaarme:

Let's hope so. AMD could use the money to do some R&D.

Looks to me as if AMD R&D spent over the last five + years has been returning some very handsome roi's for the company of late...:) (What follows is not related to your comment, Kaarme!) Going to rant a tiny bit here, so please forgive me... This stuff really is getting old, though--is this another "must have admin rights to the local box" scenario? I actually feel for Intel with this crap--OS updates for "cpu bug fixes" are my least favorite mode of address because when you change OSes or switch to a different OS version you need to patch all over again--I much prefer a microcode situation--because then you patch the cpu and don't have to worry about OS-specific patching, etc. It's done and it is over. This is really getting ridiculous, frankly. Remember the so-called Spectre 3/3a/4(?) "vulnerabilities" that got publicized just a few weeks ago? (After Spectre2 got fixed and InSpectre #8 could detect the fix, etc.) Guess what--InSpectre hasn't budged from #8--along with no new patches, no new announcements (after that cheery warning on 3/3a/4)--and no new microcode patches for anyone (AMD or Intel) that I can find. So pffffttttt....wtf is going on? I've never seen the vulnerability/patching/information-handling loop in this poor of a shape! Remember that loony Israeli-based company that tried to dive-bomb AMD with--what was it--12?--silly-stoopid "vulnerabilities" with jerkwater nicknames and the whole nine yards? You know, like "Doomsday Planet Buster Supernuke Man-killer Annihilation Extinction Event #415"....???? But golly-gee--oh, gee--it wasn't actually a vulnerability at all unless you have admin rights to the box and physical access! Heck--that sort of thing doesn't even qualify for a cpu bug, really--it's a *simple OS patch fix*! Or *it used to be!* Whole different category--no stupid names, no panic, no muss and no fuss. I feel like Ripley in Alien 2 after being rescued in deep space after 75 years of freezing her bunns off--when she said, "What? Did IQs drop sharply while I was away?"... 🙄 Something is missing from these announcements--like *credibility*, maybe? But I believe HH *has got to run the warnings*--because they *might* be real--maybe--and not to run them would be highly irresponsible! Catch-22. I just think that maybe even *most* of these "vulnerabilities" actually are OS bugs in reality that are being misreported by persons who think they know what they are doing and saying when they really are just barely hanging on by their eye teeth!...:( Or...it's deliberate manipulation. This is unfortunately the era of fake political news and now--my gosh--seems like we are getting *fake cpu vulnerability* news as well??? (This has nothing to do with HH and G3d, btw--he doesn't like this any more than any of us and he says so!) It's easy to sort through the political garbage--if it's a "report" and the sources are "unnamed" or "In hiding," "invisible" or "deceased," etc., (j/k sort of), and it's a lot of bile spewed against a particular politician that consists of 100% accusation and 0% proof of anything--well, that's easy--you know it's fake, right? No doubt about it--take it to the bank, etc. Fake. But what a shame that now none of *us* knows whether the latest Doomsday Nation-Smasher From Outer Space cpu bug "report" was written by someone who knows what he's doing or by somebody with an angle--an ax to grind, or a stock price he's trying to manipulate with this stuff--or simply someone who likes chaos. Etc. ad infinitum. KUDOs to HH's handling of these seemingly inexhaustible extinction event announcements! I really appreciate his informing us when he doesn't like to make these announcements but nevertheless feels compelled to make them--I agree that he *has to make the announcements*! I give him high marks for dutifully publishing the warnings while at the same time making it known he doesn't actually *know* what is actually the case...! Just like all of *us*!... 😕 Arrrrrghghghghgh-h-h-h-h-hhhhh... 😡 I'm really too old to be playing Ring Around the CPU bug Posey every other week, eh? I'm certain I am in good company here. about that. ('Kay--just popped another Metoprolol beta-blocker...I'll be fine, really....I will....:D)

So that's why Intel can do HIGHER IPC you see ??? they have ALL Security holes, all cause that's what effect the CPU SPEED.

waltc3:

Looks to me as if AMD R&D spent over the last five + years has been returning some very handsome roi's for the company of late...:) (What follows is not related to your comment, Kaarme!) Going to rant a tiny bit here, so please forgive me... This stuff really is getting old, though--is this another "must have admin rights to the local box" scenario? I actually feel for Intel with this crap--OS updates for "cpu bug fixes" are my least favorite mode of address because when you change OSes or switch to a different OS version you need to patch all over again--I much prefer a microcode situation--because then you patch the cpu and don't have to worry about OS-specific patching, etc. It's done and it is over. This is really getting ridiculous, frankly. Remember the so-called Spectre 3/3a/4(?) "vulnerabilities" that got publicized just a few weeks ago? (After Spectre2 got fixed and InSpectre #8 could detect the fix, etc.) Guess what--InSpectre hasn't budged from #8--along with no new patches, no new announcements (after that cheery warning on 3/3a/4)--and no new microcode patches for anyone (AMD or Intel) that I can find. So pffffttttt....wtf is going on? I've never seen the vulnerability/patching/information-handling loop in this poor of a shape! Remember that loony Israeli-based company that tried to dive-bomb AMD with--what was it--12?--silly-stoopid "vulnerabilities" with jerkwater nicknames and the whole nine yards? You know, like "Doomsday Planet Buster Supernuke Man-killer Annihilation Extinction Event #415"....???? But golly-gee--oh, gee--it wasn't actually a vulnerability at all unless you have admin rights to the box and physical access! Heck--that sort of thing doesn't even qualify for a cpu bug, really--it's a *simple OS patch fix*! Or *it used to be!* Whole different category--no stupid names, no panic, no muss and no fuss. I feel like Ripley in Alien 2 after being rescued in deep space after 75 years of freezing her bunns off--when she said, "What? Did IQs drop sharply while I was away?"... 🙄 Something is missing from these announcements--like *credibility*, maybe? But I believe HH *has got to run the warnings*--because they *might* be real--maybe--and not to run them would be highly irresponsible! Catch-22. I just think that maybe even *most* of these "vulnerabilities" actually are OS bugs in reality that are being misreported by persons who think they know what they are doing and saying when they really are just barely hanging on by their eye teeth!...:( Or...it's deliberate manipulation. This is unfortunately the era of fake political news and now--my gosh--seems like we are getting *fake cpu vulnerability* news as well??? (This has nothing to do with HH and G3d, btw--he doesn't like this any more than any of us and he says so!) It's easy to sort through the political garbage--if it's a "report" and the sources are "unnamed" or "In hiding," "invisible" or "deceased," etc., (j/k sort of), and it's a lot of bile spewed against a particular politician that consists of 100% accusation and 0% proof of anything--well, that's easy--you know it's fake, right? No doubt about it--take it to the bank, etc. Fake. But what a shame that now none of *us* knows whether the latest Doomsday Nation-Smasher From Outer Space cpu bug "report" was written by someone who knows what he's doing or by somebody with an angle--an ax to grind, or a stock price he's trying to manipulate with this stuff--or simply someone who likes chaos. Etc. ad infinitum. KUDOs to HH's handling of these seemingly inexhaustible extinction event announcements! I really appreciate his informing us when he doesn't like to make these announcements but nevertheless feels compelled to make them--I agree that he *has to make the announcements*! I give him high marks for dutifully publishing the warnings while at the same time making it known he doesn't actually *know* what is actually the case...! Just like all of *us*!... 😕 Arrrrrghghghghgh-h-h-h-h-hhhhh... 😡 I'm really too old to be playing Ring Around the CPU bug Posey every other week, eh? I'm certain I am in good company here. about that. ('Kay--just popped another Metoprolol beta-blocker...I'll be fine, really....I will....:D)

linux got patches for spectre v3a/4 in may https://www.phoronix.com/scan.php?page=news_item&px=Linux-4.9-To-4.16-SSBD only intel requires microcode to fix it, which hasn't yet been released. microsoft hasnt pushed its patches via windows update yet, which is why inspectre hasnt been updated. theres no conspiracy, these are real problems, these types of exploits have been theorized for decades, no one had a poc until recently, people know what to look for now is all. software trusts the cpu to be secure , but it isnt , which is why software must be patched. Only new hardware can fix these problems, these vulnerabilites are inherent to the design, they cannot be patched with microcode alone, apart from disabling those functions entirely, which would put us back to pre core 2 duo levels of performance, which is simply not an option at this point. the only way to be completely secure from speculative excution exploits atm, is to not do speculative execution. the only "modern" x86 cpu that doesnt is the first gen intel atom. perhaps the path those russian elbrus cpus have taken is the way going forward.

waltc3:

Looks to me as if AMD R&D spent over the last five + years has been returning some very handsome roi's for the company of late...:) (What follows is not related to your comment, Kaarme!) Going to rant a tiny bit here, so please forgive me... This stuff really is getting old, though--is this another "must have admin rights to the local box" scenario? I actually feel for Intel with this crap--OS updates for "cpu bug fixes" are my least favorite mode of address because when you change OSes or switch to a different OS version you need to patch all over again--I much prefer a microcode situation--because then you patch the cpu and don't have to worry about OS-specific patching, etc. It's done and it is over. This is really getting ridiculous, frankly. Remember the so-called Spectre 3/3a/4(?) "vulnerabilities" that got publicized just a few weeks ago? (After Spectre2 got fixed and InSpectre #8 could detect the fix, etc.) Guess what--InSpectre hasn't budged from #8--along with no new patches, no new announcements (after that cheery warning on 3/3a/4)--and no new microcode patches for anyone (AMD or Intel) that I can find. So pffffttttt....wtf is going on? I've never seen the vulnerability/patching/information-handling loop in this poor of a shape! Remember that loony Israeli-based company that tried to dive-bomb AMD with--what was it--12?--silly-stoopid "vulnerabilities" with jerkwater nicknames and the whole nine yards? You know, like "Doomsday Planet Buster Supernuke Man-killer Annihilation Extinction Event #415"....???? But golly-gee--oh, gee--it wasn't actually a vulnerability at all unless you have admin rights to the box and physical access! Heck--that sort of thing doesn't even qualify for a cpu bug, really--it's a *simple OS patch fix*! Or *it used to be!* Whole different category--no stupid names, no panic, no muss and no fuss. I feel like Ripley in Alien 2 after being rescued in deep space after 75 years of freezing her bunns off--when she said, "What? Did IQs drop sharply while I was away?"... 🙄 Something is missing from these announcements--like *credibility*, maybe? But I believe HH *has got to run the warnings*--because they *might* be real--maybe--and not to run them would be highly irresponsible! Catch-22. I just think that maybe even *most* of these "vulnerabilities" actually are OS bugs in reality that are being misreported by persons who think they know what they are doing and saying when they really are just barely hanging on by their eye teeth!...:( Or...it's deliberate manipulation. This is unfortunately the era of fake political news and now--my gosh--seems like we are getting *fake cpu vulnerability* news as well??? (This has nothing to do with HH and G3d, btw--he doesn't like this any more than any of us and he says so!) It's easy to sort through the political garbage--if it's a "report" and the sources are "unnamed" or "In hiding," "invisible" or "deceased," etc., (j/k sort of), and it's a lot of bile spewed against a particular politician that consists of 100% accusation and 0% proof of anything--well, that's easy--you know it's fake, right? No doubt about it--take it to the bank, etc. Fake. But what a shame that now none of *us* knows whether the latest Doomsday Nation-Smasher From Outer Space cpu bug "report" was written by someone who knows what he's doing or by somebody with an angle--an ax to grind, or a stock price he's trying to manipulate with this stuff--or simply someone who likes chaos. Etc. ad infinitum. KUDOs to HH's handling of these seemingly inexhaustible extinction event announcements! I really appreciate his informing us when he doesn't like to make these announcements but nevertheless feels compelled to make them--I agree that he *has to make the announcements*! I give him high marks for dutifully publishing the warnings while at the same time making it known he doesn't actually *know* what is actually the case...! Just like all of *us*!... 😕 Arrrrrghghghghgh-h-h-h-h-hhhhh... 😡 I'm really too old to be playing Ring Around the CPU bug Posey every other week, eh? I'm certain I am in good company here. about that. ('Kay--just popped another Metoprolol beta-blocker...I'll be fine, really....I will....:D)

Do you know what would be funny? If it was all intel's doing fake patches and just reducing performance of all current chips. Then releasing exactly same chip with: "Hey, greatly improved IPC."

user1:

which would put us back to pre core 2 duo levels of performance, which is simply not an option at this point.

They should do it so that I could return my CPU for a full refund. I could use the money to buy an AMD CPU. I'd still need to buy a new mobo, but some sacrifices are needed for the sake of progress.

number of times you, or anyone you know has been hacked by means of any of the so far discovered security holes = 0. number of times you, or anyone you know will be hacked by means of any of the so far discovered security holes = 0.

gx-x:

number of times you, or anyone you know has been hacked by means of any of the so far discovered security holes = 0. number of times you, or anyone you know will be hacked by means of any of the so far discovered security holes = 0.

methods of detecting whether a computer has been exploited this way=0 malwares discovered that use it = growing exponentially since at least february. only a matter of time really .

method of discovering is you see that something you didn't want to get out - got out. Money stolen? Data mysteriously erased? There are a lot of methods of discovery. And no, anti-malware will do nothing to stop/detect/prevent this. 1. those attacks will not be files, so nothing for anti-malware to do. 2. No one uses those attacks, there are easier ways to hack people/companies etc. Only a matter of time for what? These "holes" have been around for over 10 years (some of them). People are just paranoid about stupid stuff. Instead of being aware of about real stuff.

user1:

methods of detecting whether a computer has been exploited this way=0 malwares discovered that use it = growing exponentially since at least february. only a matter of time really .

gx-x:

method of discovering is you see that something you didn't want to get out - got out. Money stolen? Data mysteriously erased? There are a lot of methods of discovery. And no, anti-malware will do nothing to stop/detect/prevent this. 1. those attacks will not be files, so nothing for anti-malware to do. 2. No one uses those attacks, there are easier ways to hack people/companies etc. Only a matter of time for what? These "holes" have been around for over 10 years (some of them). People are just paranoid about stupid stuff. Instead of being aware of about real stuff.

I think I agree with parts of both of these replies. Yes, I think the chances of being hacked by a Spectre attack will increase as time goes by, as more Malware starts being released that uses it. And for the second post I agree that there are easier ways to hack PC's to gain the same info, so the risk of attack is greater from the more traditional malware, risk of Spectre related attack therefore relatively quite low. That's my impression on it.

And how exactly did everyone think Intel managed to keep their IPC speeds so high compared to AMD's simple they cut corners and kept cutting those corners because a: It didn't effect the running of software b: It allowed Intel to maintain better IPC speeds over AMD which they then touted all over the place Well now we know how they did it and now that it's being patched Intel are loosing their IPC speed over AMD's soon with all the corners that were cut being patched they'll either have the same IPC speed as AMD or will be behind them look at it this way, you have two cars exactly the same make model engine output yadda yadda except car A has all but the drivers seat removed and car B is still stock which car will now be faster car A or car B ..... Car A ofcourse because it now weighs far less than car B yet both cars A and B are still susceptible to the same types of breakdowns But car A is also now more vulnerable because alot of the safety features were removed to save weight

gx-x:

method of discovering is you see that something you didn't want to get out - got out. Money stolen? Data mysteriously erased? There are a lot of methods of discovery. And no, anti-malware will do nothing to stop/detect/prevent this. 1. those attacks will not be files, so nothing for anti-malware to do. 2. No one uses those attacks, there are easier ways to hack people/companies etc. Only a matter of time for what? These "holes" have been around for over 10 years (some of them). People are just paranoid about stupid stuff. Instead of being aware of about real stuff.

There is no way to detect whether this method has been used, spectre allows you to leak information about other stuff in memory, ie if you have a tab open that has your bank details on it, another tab running a malicious javascript program can access that data. has nothing to do with writing to disk. you would have no idea how that information was leaked, since it leaves no evidence. That is why patching your software is important. particularly the browser is most important.