Intel gives up on patching Spectre variant 2

[Notional]

1 hour ago, LAwLz said:

I don't get your point. We're talking about percentages here. 10% is 10%, regardless of how many cores the processor got.

Each system call is now slower, so the more system calls a processor can handle, the more overhead there will be, which evens out to the same % everywhere.

 

If the game was CPU bound and you got 10 FPS for each core, you would get 60 FPS with a 6 core and 40 FPS with a quad core.

Nothing here makes sense. Your calculations have too many assumptions:

• Both 4790k and 8400 being CPU limited, that is not the case.
• IPC being equal; they're not. 8400 is 4 generations newer (although you can argue that kaby lake was 0% higher IPC).
• Clock rate being equal; they're not, although that is an upside for the 4790k.
• Both systems having same memory bandwidth; they don't.
• Both CPU's being hit equal by spectre/meltdown. According to Microsoft, they're not.

I'm clearly being massively CPU limited when I get micro stutter, and my GPU jumps from 100% to 0% like a goddamn game of pong. If the 8400 system is not CPU limiting the game, then there is a 0% decrease in perf. So no, we are not talking about percentages here.

 

1 hour ago, LAwLz said:

GTA5 is also open world, and as you can see in Tom's benchmarks there was no difference.

Because GTA5 wasn't CPU limited on the 8400k. TW3 was. All open world games worth a damn will stream data. That's why they don't use 4TB of vram. Streaming requires IO loads which is exactly what meltdown hits HARD. If you're already close to or CPU limited, this will easily hit even harder.

 

1 hour ago, LAwLz said:

Also, I am starting to wonder why we are even talking about Meltdown when this is about Spectre.

Because I complained about the massive perf. decrease resulted by spectre and meltdown.

 

1 hour ago, LAwLz said:

And like I said earlier, I doubt it affects performance. If that was the case then getting a faster SSD would increase your FPS in The Witcher or other open world games, but as far as I know it will just reduce/remove pop-ins (not FPS).

Some games do in fact. SSD's will increase FPS when the data reading becomes the bottleneck. You don't want that, but that can be the result in certain circumstances when IO is massively decreased as a result of meltdown.

 

1 hour ago, LAwLz said:

Here you go, Haswell-E benchmarks. First page on Google. Please note that he dropped the 1440p results because they showed no difference, and the 1080p and 720p results barely shows any difference either.

Wow thanks. A benchmark using a CPU with 100% more cores, that's clearly NOT CPU limited. That is very relevant and useful. Are you for real?

[divito]

Outside of very few industrial or commercial areas, hardware should not / cannot be expected to run for such a period of time. Countless industries are hit by companies undergoing inherent technical issues, discontinuing product lines/parts (whether faulty or not), or simply being outdone by new applications of hardware/software. That's why any solution chosen in a corporate environment has contingencies and budgets to work around such occurrences, should they happen. 

I think there's a few too many entitled millennials on here that think things should last forever, when the real world hardly works that way. I've seen a lot of companies done in by mismanaging their budget or hardware application because they thought it'd last forever. Sorry, but businesses don't operate that way.

[Zodiark1593]

50 minutes ago, divito said:

Outside of very few industrial or commercial areas, hardware should not / cannot be expected to run for such a period of time. Countless industries are hit by companies undergoing inherent technical issues, discontinuing product lines/parts (whether faulty or not), or simply being outdone by new applications of hardware/software. That's why any solution chosen in a corporate environment has contingencies and budgets to work around such occurrences, should they happen. 

I think there's a few too many entitled millennials on here that think things should last forever, when the real world hardly works that way. I've seen a lot of companies done in by mismanaging their budget or hardware application because they thought it'd last forever. Sorry, but businesses don't operate that way.

From a pure technical standpoint, those old 486s last quite a long time. (As in, technically, they still work just fine. ).

[LAwLz]

6 hours ago, Notional said:

I'm clearly being massively CPU limited when I get micro stutter, and my GPU jumps from 100% to 0% like a goddamn game of pong. If the 8400 system is not CPU limiting the game, then there is a 0% decrease in perf. So no, we are not talking about percentages here.

How do you know you're being CPU limited? The % utilization metrics are actually really poor indicators because they do not take the different pipelining stages into consideration.

It could also be that your installation is in some way broken, because like I said I have not been able to find any benchmark which even comes close to having such a massive difference as you claim to have post-patch.

I find that very suspicious.

 

 

6 hours ago, Notional said:

Because GTA5 wasn't CPU limited on the 8400k. TW3 was. All open world games worth a damn will stream data. That's why they don't use 4TB of vram. Streaming requires IO loads which is exactly what meltdown hits HARD. If you're already close to or CPU limited, this will easily hit even harder.

Wait, are you talking about loading into VRAM now? GPUs has DMA. Loading things into VRAM completely bypasses the CPU, and therefore won't be affected by the decrease in system call performance.

But I think there is an even bigger misconception here... Big world != lots of VRAM use, because most textures will just be repeats and they do not need to be fetched again. They are already buffered.

 

6 hours ago, Notional said:

Because I complained about the massive perf. decrease resulted by spectre and meltdown.

No, you were saying "fuck you greedy Intel" for not releasing a BIOS update that restored some of your performance, even though the idea of the BIOS update restoring performance was something that appears like you came up with yourself.

I certainly can't find any evidence of that case at least.

 

 

6 hours ago, Notional said:

Some games do in fact. SSD's will increase FPS when the data reading becomes the bottleneck. You don't want that, but that can be the result in certain circumstances when IO is massively decreased as a result of meltdown.

I haven't been able to find any evidence for this. Got any benchmarks?

I know it can result in pop-ins, but never heard of it having any meaningful effect on FPS.

[mynameisjuan]

15 hours ago, mr moose said:

As I said, I don't how I feel about it, I don't expect free stuff for old products, but I do expect companies to support their products when the fault is theirs and not general wear and tear.    Hell there are even recalls here In Australia for cars with faulty airbags going back to 2001.  That's 17 year old product not covered by any warranty, but because it's a design fault with safety implications the manufacturer has to fix it free.  So yes, I do expect a certain degree of support when the issue is design related and not age or use or simple evolution of technology.

BUGS ARE NOT A COMPANIES FAULT! 

 

We are human, you can only test for so many situations. Its until black hats spend time trying to break through or a WTF moment happens unexpectedly that they are found. These are not cars with a 200 parts, these are comprised of billions of transistors and millions of circuits. Only so much shit you can test for.

 

I mean look, its took nearly 20 years to find this bug, 20 fucking years!

 

Also you airbag analogy is not the same at all. Faulty airbags could take the life of someone or many, we are talking death, not losing your facebook or steam password.  

[leadeater]

53 minutes ago, mynameisjuan said:

I mean look, its took nearly 20 years to find this bug, 20 fucking years!

And with that time frame in mind can anyone give an accurate picture of vulnerable systems still in use for critical systems or for personal/confidential information that are not receiving microcode updates, then of those how many are actually at risk of being compromised, then again of those how many have much more immediate and more easily exploitable security vulnerabilities in those systems due to their legacy nature and requiring to be like that.

 

Of that extremely small subset of computers still in use for important tasks Spectre variant 2 is going to be very far down the list on the risk register for that system.

 

Sure it sucks Intel isn't pushing microcode updates back another generation or two but quite frankly the at risk systems have been addressed, the rest already were and have either been mitigated or that risk has been accepted and nothing can be done to mitigate it.

[Me1z]

Just checked the shit-list and it looks like my E5520s and my X5650 are getting patched and will live to fight another day! RIP every pre-2009 CPU though...

[mynameisjuan]

16 minutes ago, leadeater said:

And with that time frame in mind can anyone give an accurate picture of vulnerable systems still in use for critical systems or for personal/confidential information that are not receiving microcode updates, then of those how many are actually at risk of being compromised, then again of those how many have much more immediate and more easily exploitable security vulnerabilities in those systems due to their legacy nature and requiring to be like that.

 

Of that extremely small subset of computers still in use for important tasks Spectre variant 2 is going to be very far down the list on the risk register for that system.

 

Sure it sucks Intel isn't pushing microcode updates back another generation or two but quite frankly the at risk systems have been addressed, the rest already were and have either been addressed or that risk has been accepted and nothing can be done to mitigate it.

[LAwLz]

13 minutes ago, leadeater said:

And with that time frame in mind can anyone give an accurate picture of vulnerable systems still in use for critical systems or for personal/confidential information that are not receiving microcode updates, then of those how many are actually at risk of being compromised, then again of those how many have much more immediate and more easily exploitable security vulnerabilities in those systems due to their legacy nature and requiring to be like that.

 

Of that extremely small subset of computers still in use for important tasks Spectre variant 2 is going to be very far down the list on the risk register for that system.

 

Sure it sucks Intel isn't pushing microcode updates back another generation or two but quite frankly the at risk systems have been addressed, the rest already were and have either been addressed or that risk has been accepted and nothing can be done to mitigate it.

Indeed, and on top of that this BIOS update was not meant to be the be all and end all update for Spectre 2. It is just one out of many mitigation deployed, like repotline (which will work even on computers without a BIOS patch).

This isn't some decision someone made during a coffee break. They have most likely done some extensive risk analysis.

[oskarha]

Here's the full doc from Intel on the status of microcode updates for their CPUs:

https://newsroom.intel.com/wp-content/uploads/sites/11/2018/04/microcode-update-guidance.pdf

I find it interesting how Gulftown is getting left out, but Westmere EP and WS have already been updated when they (to my knowledge) are very similar CPUs.

Nice to see the W3670 in my server still being supported, just have to find a way of installing the microcode onto my X58 Sabertooth ?

Edited April 9, 2018 by oskarha

[orbitalbuzzsaw]

On 4/4/2018 at 10:05 AM, Misanthrope said:

Well even I think most of the chips affected here are fully obsolete by now. This really isn't a big deal except for maybe nuclear submarines that still run on Windows XP because that certainly makes me feel safe about it.

I know people still running Core 2 Quads.

[Misanthrope]

Just now, orbitalbuzzsaw said:

I know people still running Core 2 Quads.

Yeah and there's also people without basic needs like food or shelter, doesn't means they wouldn't accept it if offered, same for those core2quad users.

[orbitalbuzzsaw]

1 minute ago, Misanthrope said:

Yeah and there's also people without basic needs like food or shelter, doesn't means they wouldn't accept it if offered, same for those core2quad users.

Yes but I'm just saying Intel really should have done SOMETHING for people using those older platforms

[mynameisjuan]

6 minutes ago, orbitalbuzzsaw said:

Yes but I'm just saying Intel really should have done SOMETHING for people using those older platforms

Again, they did try patching it.  Something just wasnt right, hell maybe the performance drop was just way too much or there wasnt a workaround for those chips in particular. 

 

This has been going on for months and intel has probably dumped a few $100,000 or more in just patching this. So yes something has been done. 

[mr moose]

8 hours ago, mynameisjuan said:

BUGS ARE NOT A COMPANIES FAULT! 

 

We are human, you can only test for so many situations. Its until black hats spend time trying to break through or a WTF moment happens unexpectedly that they are found. These are not cars with a 200 parts, these are comprised of billions of transistors and millions of circuits. Only so much shit you can test for.

 

I was arguing exactly that when the meltdown original hit the forums.  I can't believe I forgot that in the context of this discussion.  I agree It was not their fault.  But I still feel they should be doing something.  Not sure what and to what degree though.

 

8 hours ago, mynameisjuan said:

 

 

Also you airbag analogy is not the same at all. Faulty airbags could take the life of someone or many, we are talking death, not losing your facebook or steam password.  

 

It is the same in that each condition brings with it an outcome that is beyond the users control and damaging given the intrinsic nature of the product.  You literally have to replace the product in both cases.  I am not arguing a 10 year old bug in a processor carries the same physical threat of of a faulty airbag.

[leadeater]

1 hour ago, mr moose said:

It is the same in that each condition brings with it an outcome that is beyond the users control and damaging given the intrinsic nature of the product.  You literally have to replace the product in both cases.  I am not arguing a 10 year old bug in a processor carries the same physical threat of of a faulty airbag.

With a car though you can replace the airbag not the whole car. For a computer to replace the CPU for something that old means a complete replacement, for something with little risk. There are hundreds of millions of cars on the road right now that would fail current safety standards but since they are evaluated on when they were manufactured they can still be registered for use on the road, that is actually more like Spectre. One case we're saying it's fine keep using it (the car) and the other we are saying no it's not fine stop using it (the CPU).

[mr moose]

8 hours ago, leadeater said:

One case we're saying it's fine keep using it (the car) and the other we are saying no it's not fine stop using it (the CPU).

Nope, if the car came with an airbag it is illegal to drive without one.  It is considered unroadworthy.   But my point is not about replacement parts but about the law that  underpins what is considered the manufacturers responsibility.    In both cases the product is no longer usable due to an issue intrinsic to the design. 

[vorticalbox]

On 04/04/2018 at 1:33 PM, CommandMan7 said:

These architectures are all 10+ years old but nonetheless I still think it's reckless to not even try to secure them. Im sure there are plenty of ATM's, School PC's, and other critical systems running these chips.

That's not how any of this works. With that logic Google should be updating android 4 because lots of devices still use it.

[JoeCoke]

I feel that the Core 2 series should have been updated. Core 2 is still just fine, hell, the vast majority of people in the world wouldn't be able to tell the difference between a Core2Duo/8800gt and a modern rig, because most people just browse the web, which Core 2 still does flawlessly.

 

Also, is the OP really suggesting that Windows 7 is not secure? If this was 2020, that'd be right, but it's still 2018 and Windows 7 is being frequently updated for security.

[jagdtigger]

20 minutes ago, 2Buck said:

If this was 2020, that'd be right

Not necessarily, its heavily dependent on the user. For instance my win7 had no updates since 2016(when MS gone full retard) but contrary to what many ppl think i didnt get any infection. (When this hell broke loose i jumped to linux and now its only used for gaming[if the game dont have a linux variant that is ].)

[leadeater]

3 hours ago, mr moose said:

Nope, if the car came with an airbag it is illegal to drive without one.  It is considered unroadworthy.   But my point is not about replacement parts but about the law that  underpins what is considered the manufacturers responsibility.    In both cases the product is no longer usable due to an issue intrinsic to the design. 

I was meaning if you were to put those hundreds of millions of cars back through safety certification so they could be sold, as new, they would fail. If you were to present a brand new 1991 Honda Civic now for safety certification it would not be allowed to be sold, it's too unsafe.

 

Cars are assessed only from when they were manufactured so if they were deemed safe then, design and engineering wise, it's safe forever. You still have to keep the car up to warrant of fitness standard but that isn't a vehicle safety certification, that never changes.

 

Safety requirements over time get stricter and we find flaws in the design and engineering of cars but it's impossible to retrospectively fix them on existing cars, like these old CPUs, the only way to get a safer car is to buy a newer safer car.

[mr moose]

6 minutes ago, leadeater said:

I was meaning if you were to put those hundreds of millions of cars back through safety certification so they could be sold, as new, they would fail. If you were to present a brand new 1991 Honda Civic now it would not be allowed to be sold, it's too unsafe.

 

Cars are assessed only from when they were manufactured so if they were deemed safe then, design and engineering wise, it's safe forever. You still have to keep the car up to warrant of fitness standard but that isn't a vehicle safety certification, that never changes.

 

Safety requirements over time get stricter and we find flaws in the design and engineering of cars but it's impossible to retrospectively fix them on existing cars, like these old CPUs, the only way to get a safer car is to buy a new safer car.

Except it turns out they weren't safe then either, this design fault has been there from the start, much like the spectre it was only discovered recently. Which is why I used it as the example.

[leadeater]

2 minutes ago, mr moose said:

Except it turns out they weren't safe then either, this design fault has been there from the start, much like the spectre it was only discovered recently. Which is why I used it as the example.

Well like the cars they had those faults from the start, we just didn't know any better or couldn't manufacture them any better. You were equally likely to die in a car crash in a 1991 Civic in 1991 as you are in 2018.

[mr moose]

8 minutes ago, leadeater said:

Well like the cars they had those faults from the start, we just didn't know any better or couldn't manufacture them any better. You were equally likely to die in a car crash in a 1991 Civic in 1991 as you are in 2018.

Which is my point.  With the exception of the severity of the case, the similarities are close enough for a legal comparison.  would the same verdict be made for Intel? I don't know. As I said I am not sure how I feel about it given the age but also the fact that many people still use core2's.

 

EDIT: I guess my biggest beef was the claim that:

 

Quote

Based on customer inputs, most of these products are implemented as 'closed systems' and therefore are expected to have a lower likelihood of exposure to these vulnerabilities."

Which to  me is a cop out and likely a lot of BS.  Core 2's are still popular, I use 2 at home myself (both connected to the net).

[AncientNerd]

On 4/4/2018 at 4:40 PM, mr moose said:

What?  hardly anything has changed in the last ten years. Technology doesn't obsolete itself the way it used to.  There are literally billions of people who could be running a 10 year old CPU in their computer and they wouldn't know bar for the fact they brought the machine.   I still use ten year old CPU's in my NAS and workshop computers. 

 

 

 

As I said, I don't how I feel about it, I don't expect free stuff for old products, but I do expect companies to support their products when the fault is theirs and not general wear and tear.    Hell there are even recalls here In Australia for cars with faulty airbags going back to 2001.  That's 17 year old product not covered by any warranty, but because it's a design fault with safety implications the manufacturer has to fix it free.  So yes, I do expect a certain degree of support when the issue is design related and not age or use or simple evolution of technology.

You completely miss the actual point, automotive tech hasn't changed in the last 50 years, there are millions if not hundreds of millions of people driving cars from the 1950's and '60s now, today. That have what would right now today be considered horrible design flaws, they kill their drivers/passengers at 10-50x the rate of current cars...do the auto companies have to fix this design flaw? I can tell you that these flaws were known in the mid-1960's because I was there when my father did some of the studies that proved these flaws and published them. So...same kind of reaction they offered fixes to the next gen cars and have been slowly fixing the flaws over the next 50 years.

 

And yes there have been dramatic changes to the underlying tech of the processors in the last 10 years, not the top level where most people see but at the lowest level the 2017/2018 processors are very different from the 2007/2008 processors. The 2007 processor aren't obsolete for day to day use, but neither is a 1968 pickup truck, it's just slower and harder to be productive with than a 2018 version. Probably the top end performance 1968 vehicle is closer to the performance of  a 2018 vehicle than a 2008 processor is to the top end performance of a 2018 processor.

 

And frankly the "it goes obsolete in a year" meme was never really true, take the 80386 released in 1985 I installed the last system running one of these in 1994 controlling a conveyor system in a factory.