Intel Plans To Have Spectre & Meltdown-Proof CPUs This Year

[Tsumi]

just like intel using amd graphics and look how that turned out.

Entirely different scenarios though. Intel has only two choices for a high performance GPU, and Intel GPU is not one of them.

Besides, it isn't that Intel has integrated AMD onto the same die, at least as I understand it. They're on a single package, which saves space and power, but not the same as being one integrated APU as they call it.

 

[Big_Rig_Stig]

JUST in time for the Xmas selling season, amirite?

Told y'all this shit was intentional...

 

[Big_Rig_Stig]

I thought it took many many months and sometimes years to design CPU architectures.
If they're going to have CPUs that close this security hole this year, how long have they known about this vulnerability?

About as long as the processors in question went on the market?

 

[juanrga]

In that case AMD should see similar performance penalties when Spectre is patched. At the time of the article, the AMD system is not patched for Spectre. Spectre is a universal problem. Meltdown is Intel specific.

Preliminary work show AMD is similarly affected, but it is better to expect to final measurements because the patches are still being worked

Meltdown patches apply to ARM and IBM as well.

 

[juanrga]

Which is susceptible to 1 variant of Spectre.

It is susceptible to both variants of Spectre.

http://developer.amd.com/wordpress/media/2013/12/Managing-Speculation-on-AMD-Processors.pdf

 

[BSmith]

I hope you have offline backups or offline storage and no bank account info or tax returns on your computer

Of course I have backups of the data. I never bank, buy online, or do tax returns on my computer. You won't even find my address or phone number on my computer. I had to think about it, but my real name is not to be found on my computer either.

Anytime I do anything with my computer I always pretend there is someone watching over my shoulder. I work and play on my computer, but I never put anything personal out there.

Putting posts on a forum is about as far as I go in doing anything personal.

 

[cjcox]

maybe intel will license AMD cpu tech like they licensed the GPU tech?

They already cross license a lot of stuff. Remember, Intel really needs AMD to avoid any anti-trust stuff.

 

[Link]

But there's nothing for Intel to replace them with at this time that doesn't have these flaws.

The article says Intel will have "Spectre and Meltdown" proof CPUs this year.

 

[Tsumi]

The article says Intel will have "Spectre and Meltdown" proof CPUs this year.

"This year" is not the same as "at this time."

Also, anyone remember the VT-D bug Intel had and how they handled that? "If you're not impacted by this bug please do not RMA your CPU" was Intel's stance on that.

 

[Inacurate]

It's all relevant to the point.

You keep having faith, I'll keep buying the best equipment for my money, regardless of manufacturer.

Of course it is all relevant, Intel has shown time and again they're scum, evil, money-grabbing, non-innovating, law-breaking idjits with poor decision making skills when it counts.
AMD? No where close, but like all companies they are here to make a profit.

If you want to spend YOUR money on a company with such a track record, that is of course your choice and I wouldn't dare try to stop you.
I'd caution you, but you've already stated you don't care if you purchase a fundamentally broken component from a company who is handling it in all the wrong ways, so caution would be meaningless.

I'm livid the i7-920 I used for nine years was comprised the whole time, and it wasn't until about five years ago that I adopted my 'gaming PC only' mindset.
For four years there was such a bug that no matter the security measures taken, could still successfully steal data from me.

I'm having a hard time believing Intel didn't know with their history of doing business in bad faith.

They are either that shady to sell components designed on purpose to perform better at the expense of security (possible with their track record) or that inept they didn't test and evaluate their design choices and impact on security (also possible with their track record).

I genuinely hope nothing malicious happens before the world at large can transition away from the broken components where necessary and patch where acceptable, as that wouldn't just be a 'chuckle at the gullible' and move on moment. It would be a fairly significant event.

 

[nilepez]

Of course it is all relevant, Intel has shown time and again they're scum, evil, money-grabbing, non-innovating, law-breaking idjits with poor decision making skills when it counts.
AMD? No where close, but like all companies they are here to make a profit.

If you want to spend YOUR money on a company with such a track record, that is of course your choice and I wouldn't dare try to stop you.
I'd caution you, but you've already stated you don't care if you purchase a fundamentally broken component from a company who is handling it in all the wrong ways, so caution would be meaningless.

I'm livid the i7-920 I used for nine years was comprised the whole time, and it wasn't until about five years ago that I adopted my 'gaming PC only' mindset.
For four years there was such a bug that no matter the security measures taken, could still successfully steal data from me.

I'm having a hard time believing Intel didn't know with their history of doing business in bad faith.

They are either that shady to sell components designed on purpose to perform better at the expense of security (possible with their track record) or that inept they didn't test and evaluate their design choices and impact on security (also possible with their track record).

I genuinely hope nothing malicious happens before the world at large can transition away from the broken components where necessary and patch where acceptable, as that wouldn't just be a 'chuckle at the gullible' and move on moment. It would be a fairly significant event.

If Intel had known about the bug, they would have fixed it years ago.

Yes, the bugs are old, but let's not pretend that there aren't S/W bugs that are found that are 10 or 20 years old, because it's happened before and it will happen again. If you want bug free software, I can send you a nice hello world program. In the real world, every piece of s/w you use has bugs and probably most H/W have bugs that may or may not be exploited at some point.

 

[Tsumi]

Of course it is all relevant, Intel has shown time and again they're scum, evil, money-grabbing, non-innovating, law-breaking idjits with poor decision making skills when it counts.
AMD? No where close, but like all companies they are here to make a profit.

If you want to spend YOUR money on a company with such a track record, that is of course your choice and I wouldn't dare try to stop you.
I'd caution you, but you've already stated you don't care if you purchase a fundamentally broken component from a company who is handling it in all the wrong ways, so caution would be meaningless.

I'm livid the i7-920 I used for nine years was comprised the whole time, and it wasn't until about five years ago that I adopted my 'gaming PC only' mindset.
For four years there was such a bug that no matter the security measures taken, could still successfully steal data from me.

I'm having a hard time believing Intel didn't know with their history of doing business in bad faith.

They are either that shady to sell components designed on purpose to perform better at the expense of security (possible with their track record) or that inept they didn't test and evaluate their design choices and impact on security (also possible with their track record).

I genuinely hope nothing malicious happens before the world at large can transition away from the broken components where necessary and patch where acceptable, as that wouldn't just be a 'chuckle at the gullible' and move on moment. It would be a fairly significant event.

Idiots don't make money. Smart people make money. Just because they have done shady things does not make them idiots. Non-innovating? They were the first to introduce the micro-op queue, which is now copied by AMD. They introduced Hyperthreading and made it work. They were the first with the integrated PCI-E controller. They are almost always the first to each new node. And while recent CPU designs haven't developed in the direction most gamers would want, Intel has been innovating for what is currently the biggest market: data centers and mobile devices.

Trump says a lot of stupid things, yet he is the president and a billionaire. Clearly he is smart enough to make more money than most of us.

AMD purposely obfuscated the performance of Bulldozer before its launch. They aren't saints either.

You speak like a person truly ignorant of software programming and circuit design. There are 731 million transistors in your CPU, with several million ways of interacting with different parts of the CPU. There is a reason why large software companies like Microsoft and Google offer bounties for bug reports, as most bugs are found by chance. There is no way any company can have enough manpower to test for all possible bugs simply because the number of possible permutations is obscenely large. Supporting a large number of people to just find bugs would make their services and products prohibitively expensive.

 

[Link]

"This year" is not the same as "at this time."

Also, anyone remember the VT-D bug Intel had and how they handled that? "If you're not impacted by this bug please do not RMA your CPU" was Intel's stance on that.

I don't know why you are so fixated with "this time". The article says "this year", and my question on warranty claim is for exchanging my current CPU with the one of the new ones with the fixes.

 

[Tsumi]

I don't know why you are so fixated with "this time". The article says "this year", and my question on warranty claim is for exchanging my current CPU with the one of the new ones with the fixes.

Perhaps you should reread the post you quoted.

Additionally, there is a very high likelihood that this will not be a simple stepping fix like the VT-D bug. This will be an architecture modification, which means a new line of CPUs, which probably means new sockets and new motherboards. It's almost guaranteed you aren't going to get to RMA your CPU for a fixed one that will drop into your motherboard.

 

[Deleted member 93354]

Perhaps you should reread the post you quoted.

Additionally, there is a very high likelihood that this will not be a simple stepping fix like the VT-D bug. This will be an architecture modification, which means a new line of CPUs, which probably means new sockets and new motherboards. It's almost guaranteed you aren't going to get to RMA your CPU for a fixed one that will drop into your motherboard.

A simple bounds check on the jmp will determine if it's in the CPU's CS DS and SS registers for the kernel or not. It's actually a fairly simple fix. microcode update without a performance drop? Not likely. But easy enough fix with a few circuits. By doing this you deny the hackers the opportunity to attack by preventing them from jumping outside the kernel.

A more serious fix would be to validate the cache possibly with a ECC bit or row refresh. Depending on the exact nature of the cache poisoning mechanism.