Announcement

**sykobee** · 15 May 2019, 04:45 AM

It is quite clear that Intel got some of their performance advantage by not designing their CPU core in a secure manner, considering CPUs are a shared resource since almost forever. This has burned them greatly, and this one couldn't come at a worse time, given Epyc 2 release very soon.

I look forward to the benchmarks.

**xcom** · 15 May 2019, 05:49 AM

Originally posted by t_m_b View Post

Microcode are here:
https://github.com/intel/Intel-Linux...0190514.tar.gz

Microcodes are updated automatically in Ubuntu LTS, right ? I don't have to manually install them.

**r_a_trip** · 15 May 2019, 06:39 AM

Originally posted by Cattus_D View Post

Assuming that AMD CPUs really have fewer vulnerabilities than Intel processors, I wonder how the performance of older Intel CPUs compares with that of AMD CPUs of the same generation. I.e., are they still faster or have these mitigations affected them so much that their performance is now lower than, or on a par with, that of the AMD offerings that were available in the same time frame?

From the looks of it, with this cascade of Intel vulnerabilities with performance costly mitigations flooding the landscape, it seems that the Bulldozer architecture wasn't as bad as it was painted back then. Then came Zen. Now Zen 2. Rising performance and far fewer holes in the silicon. Looks like AMD is a safe bet to get. Even if marginally slower, less chance of having your data out on the street.

**Vistaus** · 15 May 2019, 12:07 PM

Originally posted by DoMiNeLa10 View Post

I guess it's time for the another vulnerability that will slow down Intel chips even more. I'll have to enjoy my chips while they're still fast. With how things are looking, maybe the best bet is to go back to early chips that weren't cutting corners (even older than 486) to improve performance and try to make them bearable by putting in SIMD instructions and a huge cache, or maybe abandon x86 for everything besides (offline) video games, where it seems to do well enough.

How long will it take for OpenBSD to refuse to boot on Intel chips because of how insecure they are?

The sad thing is that mentioned hardware mitigations make new chips more vulnerable to the fallout bug.

Optimizing with Assembly for specific CPU's as was common back then, that leads to great performance

(also look at KolibriOS)

**Guest** · 15 May 2019, 12:24 PM

Originally posted by r_a_trip View Post

From the looks of it, with this cascade of Intel vulnerabilities with performance costly mitigations flooding the landscape, it seems that the Bulldozer architecture wasn't as bad as it was painted back then. Then came Zen. Now Zen 2. Rising performance and far fewer holes in the silicon. Looks like AMD is a safe bet to get. Even if marginally slower, less chance of having your data out on the street.

Considering the trend, I'd say it's a matter of time before Intel chips become slower if you decide to keep mitigations on.

**F.Ultra** · 15 May 2019, 12:39 PM

Originally posted by xcom View Post

Microcodes are updated automatically in Ubuntu LTS, right ? I don't have to manually install them.

Yes, if you have installed the "intel-microcode" package, "amd64-microcode" for those of us that run AMD processors.

**Ropid** · 15 May 2019, 01:43 PM

Originally posted by flower View Post

sadly this does nothing atm. from your link:

I tried to research what this means and it seems those "upcoming patches" happened very shortly afterwards so things should work already, for example the x86 patch is this one here for 4.19:

x86/speculation: Support 'mitigations=' cmdline option - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v4.19.43&id=af5332dd991e849e2ad42014271b07478fa0163c

**DarkFoss** · 15 May 2019, 03:17 PM

I'd bet my trusty FX 8350 would fare well against Sandy/Ivy Bridge these days.

**hotaru** · 17 May 2019, 03:08 PM

Originally posted by DarkFoss View Post

I'd bet my trusty FX 8350 would fare well against Sandy/Ivy Bridge these days.

Sandy Bridge is still significantly faster even with SMT disabled, but we still haven't seen any mitigation for SPOILER at all. that one is expected to have a huge performance impact, so the FX may still win in the end.

**DarkFoss** · 18 May 2019, 11:48 AM

Originally posted by hotaru View Post

Sandy Bridge is still significantly faster even with SMT disabled, but we still haven't seen any mitigation for SPOILER at all. that one is expected to have a huge performance impact, so the FX may still win in the end.

Heh I was just having a bit of fun.
I thought spoiler could only be fixed through hardware so no microcode patches will ever come to previous and current Intel cpus. Unless the next gen Intel Specter hardware mitigations also cover Spoiler to some degree your only protection will come through software changes, ie slowdowns for all (Amd,Arm no clue about Ibm).

Announcement

MDS: The Newest Speculative Execution Side-Channel Vulnerability

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment