Intel's 10nm Problems Might Be Worse Than First Thought

[MMKing]

5 hours ago, mr moose said:

It has been speculated to exist for a very long time (I've heard some people claim 10 years but I suspect that's talking about cache timing attacks Which I don't know anything about but sounds impressive anyway), but they have actually only proved it could be exploited in 2017, Intel was made aware in july 2017. 

 

There is no way Intel could have processors ready for sale now that is hardware immune to spectre like flaws, And lets not forget AMD are updating and working on mitigation for this as well which clearly indicates they haven't got 100% immune hardware either.

The ''spectre'' flaw affects every CPU that utilize some form of speculative execution. However, due to how Intel has been designing it's speculative execution since it's birth with the Pentium 1 line in 1995. The ''meltdown'' flaw only affects Intel and some ARM CPUs.

 

As i understand it. Spectre is a vulnerability that tricks a program into accessing arbitrary locations in the program's memory space. The key point being that a piece of software is being tricked into requesting information without the legitimate user doing so, allowing unrestricted access without proper passwords and the like.

 

While the meltdown vulnerability allows viruses and malware access to system memory and even the CPU cache. The important distinction being that Intel CPUs and some ARM CPUs allow unrestricted access to the entire memory pool, the CPU cache. In addition, due to the way operating systems are coded. Any attacker has practically limitless access to everything on the computer, and any attack is untraceable.

 

Further more. Spectre and Meltdown attacks are not inventions that sprung up in 2017.

Paper from 1995

https://pdfs.semanticscholar.org/2209/42809262c17b6631c0f6536c91aaf7756857.pdf

 

The inherent security risks of speculative executions have been theorized since at least 1995, the same year Intel released the Pentium 1 lineup utilizing the technology.

[leadeater]

1 hour ago, MMKing said:

As i understand it. Spectre is a vulnerability that tricks a program into accessing arbitrary locations in the program's memory space. The key point being that a piece of software is being tricked into requesting information without the legitimate user doing so, allowing unrestricted access without proper passwords and the like.

 

While the meltdown vulnerability allows viruses and malware access to system memory and even the CPU cache. The important distinction being that Intel CPUs and some ARM CPUs allow unrestricted access to the entire memory pool, the CPU cache. In addition, due to the way operating systems are coded. Any attacker has practically limitless access to everything on the computer, and any attack is untraceable.

Spectre also allows access to read protected memory areas as well, Meltdown is basically just an easier exploitation with the same result as Spectre.

[Unixsystem]

21 hours ago, mr moose said:

Sounds to me like the people you are listening to know nothing about density. Yes we always get one or two that pop up and try to use dies size and transistor count to devise a number they think is relevant, but so what? maybe this article is wrong in their appraisal too.   So again why is it fantastic news that Intel's 10nm is not going to be as good as expected?  Is it just because you want some people who don't know what they are talking about to be visibly wrong?

The "this is fantastic news" was sarcasm, related to the impact its going to have on forum discourse. I have no real opinion on the actual story, other than the fact that I guess it's about time for Intel to ship something other than additional plus signs on 14nm.

 

Ideally proper 2.7x density 10nm would have shipped years ago when Intel said, and then other brands 7nm would compete and everyone would have a nice little scuffle, but since that clearly didn't happen I'll settle for something over nothing.

[Hellion]

On Sunday, August 05, 2018 at 11:23 PM, Zodiark1593 said:

You expect Intel to altogether stop selling CPU's for a span of literally years? They're already losing marketshare to AMD. If forced to stop selling, there will probably be nothing left for Intel to sell to, and we'll wind up with an AMD monopoly (every bit as unappealing a thought as an Intel monopoly).

 

Please clarify the name of this fantasy land you reside in?

If by "fantasy land" you mean present day governed by moral values that are pro consumer then sure. I don't give a fuck about Intel's bottom line. They abused the monopoly they held for several years with very little discourse and because of this were able to essentially wipe their hands clean of the problem and for the SKU's they did choose to support issued half assed, poorly implemented, inconsistent patches which in many cases caused even more problems.

 

Knowingly selling a flawed product out of the box for several generations is neglegent which they need to be held accountable for. Perhaps the growing pains which they would feel financially would incentivize them to put all hands on deck to accelerate the process of correctly fixing the problem.

[bcredeur97]

On 8/3/2018 at 4:27 PM, Deus Voltage said:

I just have a question; why doesn't Intel take advantage of TSMC's manufacturing process? Is it a legal thing? A pride thing? A financial thing? 

I believe it's also been covered that TSMC's manufacturing process isn't quite as good as Intel's normally is.

 

Basically similar to what this post is about... except now Intel is going to be doing it too

[Stefan Payne]

22 minutes ago, bcredeur97 said:

I believe it's also been covered that TSMC's manufacturing process isn't quite as good as Intel's normally is.

That is not true.

It is a different process that is

optimized for different parameters.

 

Just think about who they make the process for and who could have the most say in this.

 

For Intel, it is obviously clear -> Intel.

For TSMC its the mobile phone, ARM Based CPUs that they do the most, that AFAIR are alrady manufactured in 10nm.

 

So with that knowledge, it should be obvious that TSMC might optimize their process for lower power consumption and sacrifice maximum archievable Clockrate vs. the Intel one that sacrifices Power Consumption for higher Clockrate.

just take a look here:

https://www.anandtech.com/show/11859/the-anandtech-coffee-lake-review-8700k-and-8400-initial-numbers/2

 

Quote

Increased gate pitch moves transistors further apart, forcing a lower current density. This allows for higher leakage transistors, meaning higher peak power and higher frequency at the expense of die area and idle power.

 

 

[asus killer]

On 8/4/2018 at 9:55 PM, Taf the Ghost said:

Intel should have made the decision to step back from the issues with 10nm in 2015. That's why they fired their previous CEO.

 

Krzanich hired in 2013.

 

$300 Million for Diversity efforts, announced in January 2015.

 

Which is about the exact moment that decisions around 10nm were botched. While these types of mistakes are not exclusive to Diversity pushes, when a CEO is making big investments/statements that do nothing to help the company function better you always end up with these results. If Intel wasn't so big & profitable, this would be a far, far worse problem. (If 14nm wasn't such an amazing process & AMD wasn't in the midst of the Dozer Disaster, Intel would have big, big problems right now.)

come on, 300M for them is peanuts and this has nothing to do it what is happening. Seems like a gigantic leap in connecting phantom dots to reach whatever conclusion you like

 

i guess there will be some problem with Zen in the future then:

https://community.amd.com/community/amd-corporate/blog/2016/12/05/diversity-fuels-innovation-becoming-a-best-place-to-work-for-lgbt-equality

[Zodiark1593]

1 hour ago, Hellion said:

If by "fantasy land" you mean present day governed by moral values that are pro consumer then sure. I don't give a fuck about Intel's bottom line. They abused the monopoly they held for several years with very little discourse and because of this were able to essentially wipe their hands clean of the problem and for the SKU's they did choose to support issued half assed, poorly implemented, inconsistent patches which in many cases caused even more problems.

 

Knowingly selling a flawed product out of the box for several generations is neglegent which they need to be held accountable for. Perhaps the growing pains which they would feel financially would incentivize them to put all hands on deck to accelerate the process of correctly fixing the problem.

Fixing the security flaws associated with Speculative Excution (not just Meltdown) is not a trivial task, software-wise, or in hardware. The design decisions that led up to Meltdown and Spectre were intentional tradeoffs made to improve performance at the theoretical expense of security. However, those theoretical security concerns were revealed to the public to be legitimate concers. 

 

It will take time to design the hardware to mitigate or eliminate these security flaws without performance hits (not to mention any undisclosed flaws). A rush job here will bring a repeat of the buggy patches issued, with the additional bonus of being unchangeable once sold to the public without a costly recall.

 

Reading the Spectre witepaper, I've doubts Speculative Execution will ever be entirely secure.

[cj09beira]

1 hour ago, asus killer said:

come on, 300M for them is peanuts and this has nothing to do it what is happening. Seems like a gigantic leap in connecting phantom dots to reach whatever conclusion you like

 

i guess there will be some problem with Zen in the future then:

https://community.amd.com/community/amd-corporate/blog/2016/12/05/diversity-fuels-innovation-becoming-a-best-place-to-work-for-lgbt-equality

insert Face Palm here 

every time they talk about inclusion there is someone left out, i would hope they would leave their politics on the front door before entering

[pas008]

2 hours ago, Hellion said:

If by "fantasy land" you mean present day governed by moral values that are pro consumer then sure. I don't give a fuck about Intel's bottom line. They abused the monopoly they held for several years with very little discourse and because of this were able to essentially wipe their hands clean of the problem and for the SKU's they did choose to support issued half assed, poorly implemented, inconsistent patches which in many cases caused even more problems.

 

Knowingly selling a flawed product out of the box for several generations is neglegent which they need to be held accountable for. Perhaps the growing pains which they would feel financially would incentivize them to put all hands on deck to accelerate the process of correctly fixing the problem.

 

44 minutes ago, Zodiark1593 said:

Fixing the security flaws associated with Speculative Excution (not just Meltdown) is not a trivial task, software-wise, or in hardware. The design decisions that led up to Meltdown and Spectre were intentional tradeoffs made to improve performance at the theoretical expense of security. However, those theoretical security concerns were revealed to the public to be legitimate concers. 

 

It will take time to design the hardware to mitigate or eliminate these security flaws without performance hits (not to mention any undisclosed flaws). A rush job here will bring a repeat of the buggy patches issued, with the additional bonus of being unchangeable once sold to the public without a costly recall.

 

Reading the Spectre witepaper, I've doubts Speculative Execution will ever be entirely secure.

knowingly and intentionally

where are you guys getting this from?

 

i'd like to see this source

[Taf the Ghost]

1 hour ago, asus killer said:

come on, 300M for them is peanuts and this has nothing to do it what is happening. Seems like a gigantic leap in connecting phantom dots to reach whatever conclusion you like

 

i guess there will be some problem with Zen in the future then:

https://community.amd.com/community/amd-corporate/blog/2016/12/05/diversity-fuels-innovation-becoming-a-best-place-to-work-for-lgbt-equality

One is a press release. The other included $300 Million expenditure and time of top-level executives, along with a Media push with it. (That's why I remembered it and went looking for the date.)  We're already starting to call it "Get Woke, Go Broke" for a reason. It doesn't matter if it's a Diversity push or whatever the current "woke" move is (I even remembered the Rainforest push after a bit of Search-fu). Top level executives at big companies make a lot of decisions that can go badly pretty quickly, which is why the Woke Moves are an endemic sign of serious management issues.

 

Intel had a 90% Market Share with revenue in the 50+ billion category. They can afford certain missteps, but not that many missteps. Most companies run on pretty slim net profit margins, and if you're not over about 12% you're probably toast in the nearish future. (Thus the "Will AMD go bankrupt?" narrative of recent vintage.) That doesn't leave a lot of room for errors. It never has. Business is hard; showing off to your other CEO friends with company time & money means your eye isn't on the ball.

 

There's a reason when a company announces "we're going to hire many of X because of reason Y", where Y isn't "best person for the job that took our money", you're going to want to short that company. Same when a CEO build a big house. (At least 4000 ft².) Both are signs of a relative peak for a company, as they're going to lose track of the cut-throat details necessary to survive as a larger company.

[leadeater]

2 hours ago, pas008 said:

knowingly and intentionally

where are you guys getting this from?

 

i'd like to see this source

There's been pondering about security issues with speculative execution for a long time but for all those years of wondering if and many trying none were able to do it, until recently. At the time no Intel was not intentionally designing a flawed product and the theoretical concerns were very low, was Intel supposed to not doing something because of a very low maybe? I think without hindsight everyone would say no do it for the performance gain.

 

And it's still a significant challenge to exploit Spectre, and if you can often the rate of data reading is very low. The mitigations in place now are enough until new products are developed, that will remain true unless something else big gets discovered.

 

Edit:

Plus it's not just Intel, IBM, ARM and AMD have all implemented speculative execution in products.

[Brooksie359]

2 hours ago, Taf the Ghost said:

One is a press release. The other included $300 Million expenditure and time of top-level executives, along with a Media push with it. (That's why I remembered it and went looking for the date.)  We're already starting to call it "Get Woke, Go Broke" for a reason. It doesn't matter if it's a Diversity push or whatever the current "woke" move is (I even remembered the Rainforest push after a bit of Search-fu). Top level executives at big companies make a lot of decisions that can go badly pretty quickly, which is why the Woke Moves are an endemic sign of serious management issues.

 

Intel had a 90% Market Share with revenue in the 50+ billion category. They can afford certain missteps, but not that many missteps. Most companies run on pretty slim net profit margins, and if you're not over about 12% you're probably toast in the nearish future. (Thus the "Will AMD go bankrupt?" narrative of recent vintage.) That doesn't leave a lot of room for errors. It never has. Business is hard; showing off to your other CEO friends with company time & money means your eye isn't on the ball.

 

There's a reason when a company announces "we're going to hire many of X because of reason Y", where Y isn't "best person for the job that took our money", you're going to want to short that company. Same when a CEO build a big house. (At least 4000 ft².) Both are signs of a relative peak for a company, as they're going to lose track of the cut-throat details necessary to survive as a larger company.

4000 square feet is tiny for a very wealthy persons home. I would wager the minimum would be higher. Although tbh you realize that there is such thing as a house that is too big. Lots of unused space is kinda pointless. 

[Taf the Ghost]

7 minutes ago, Brooksie359 said:

4000 square feet is tiny for a very wealthy persons home. I would wager the minimum would be higher. Although tbh you realize that there is such thing as a house that is too big. Lots of unused space is kinda pointless. 

It was the study I caught a few years back. It probably starts a bit smaller than that, but it's some combination of large space (normally 5k or higher) and high cost. When a CEO drops over 2 million on a place, minus if the company is in NYC, San Fran or LA, you should probably be thinking of either getting out of your Long position or looking for Shorts.

 

The actual reason comes down to being reflective of an extraordinarily good period. Pretty simple logic chain: Company over performs -> Board Rewards CEO -> CEO comfortable enough to drop big money to move from a big place to an even bigger place -> Sign the CEO is really comfortable -> Too comfortable and a CEO doesn't make the hard decisions as firmly as they should -> Company has either problems or returns to more normal results. 

 

"Abundance" can cause its own problems. I've got nothing against a CEO that does a great job, gets rewarded and buys a nice place with it. As long as they weren't cheating anyone, all the better for everyone. (Profit is good; Greed is evil; Profit only because of Greed destroys a society & tends to be a crime anyway.) The issue is that it's a nice of great abundance, and the most effective periods, business-wise, is when you're "hungry" for it. It's human nature to not be as aggressive. In theory, that's why a big company should burn through a CEO every 5 years or so.

[Brooksie359]

5 minutes ago, Taf the Ghost said:

It was the study I caught a few years back. It probably starts a bit smaller than that, but it's some combination of large space (normally 5k or higher) and high cost. When a CEO drops over 2 million on a place, minus if the company is in NYC, San Fran or LA, you should probably be thinking of either getting out of your Long position or looking for Shorts.

 

The actual reason comes down to being reflective of an extraordinarily good period. Pretty simple logic chain: Company over performs -> Board Rewards CEO -> CEO comfortable enough to drop big money to move from a big place to an even bigger place -> Sign the CEO is really comfortable -> Too comfortable and a CEO doesn't make the hard decisions as firmly as they should -> Company has either problems or returns to more normal results. 

 

"Abundance" can cause its own problems. I've got nothing against a CEO that does a great job, gets rewarded and buys a nice place with it. As long as they weren't cheating anyone, all the better for everyone. (Profit is good; Greed is evil; Profit only because of Greed destroys a society & tends to be a crime anyway.) The issue is that it's a nice of great abundance, and the most effective periods, business-wise, is when you're "hungry" for it. It's human nature to not be as aggressive. In theory, that's why a big company should burn through a CEO every 5 years or so.

I would have thought they'd spend more than 2 million on a house. Doesn't seem like much for a CEO of a large company. I guess if it's a small company? 

[Taf the Ghost]

1 minute ago, Brooksie359 said:

I would have thought they'd spend more than 2 million on a house. Doesn't seem like much for a CEO of a large company. I guess if it's a small company? 

Most Fortune 500s aren't in NYC, San Fran or LA. And most of the actual Fortune 500 companies are fairly uninteresting manufacturers, infrastructure & chemical companies. There are as many in much lower cost areas.

 

https://www.redfin.com/IA/Des-Moines/3545-Lincoln-Place-Dr-50312/home/124127697

 

An older home, but it's 7 bed, 6 bath, over 7000 sq ft and 1.7mil asking price in Des Moines, Iowa. 

 

https://www.redfin.com/TX/Fort-Worth/4669-Saint-Benet-Ct-76126/home/106225401

 

Recent construction (2008), 6 bed, 5 bath, 8750 sq ft for 2 million in Fort Worth, TX.

 

Location matters, as "What is excess?" depends on location.

[leadeater]

7 minutes ago, Brooksie359 said:

I would have thought they'd spend more than 2 million on a house. Doesn't seem like much for a CEO of a large company. I guess if it's a small company? 

Well it kind of depends if the conversation is geared around the Intel, IBM, Apple, Microsoft, Walmart etc CEOs or decent sized company like an IT firm, or a printing business, or advertising firm.

[pas008]

1 hour ago, leadeater said:

There's been pondering about security issues with speculative execution for a long time but for all those years of wondering if and many trying none were able to do it, until recently. At the time no Intel was not intentionally designing a flawed product and the theoretical concerns were very low, was Intel supposed to not doing something because of a very low maybe? I think without hindsight everyone would say no do it for the performance gain.

 

And it's still a significant challenge to exploit Spectre, and if you can often the rate of data reading is very low. The mitigations in place now are enough until new products are developed, that will remain true unless something else big gets discovered.

 

Edit:

Plus it's not just Intel, IBM, ARM and AMD have all implemented speculative execution in products.

Yes i know

Was just making a point

Since 2 users are claiming this

I hate when people state things as fact 

Especially very misleading info

Hurts the community more than help

Causes more divide and supports fanboyism

[Taf the Ghost]

1 hour ago, leadeater said:

There's been pondering about security issues with speculative execution for a long time but for all those years of wondering if and many trying none were able to do it, until recently. At the time no Intel was not intentionally designing a flawed product and the theoretical concerns were very low, was Intel supposed to not doing something because of a very low maybe? I think without hindsight everyone would say no do it for the performance gain.

 

And it's still a significant challenge to exploit Spectre, and if you can often the rate of data reading is very low. The mitigations in place now are enough until new products are developed, that will remain true unless something else big gets discovered.

 

Edit:

Plus it's not just Intel, IBM, ARM and AMD have all implemented speculative execution in products.

Spectre is the result of issues with speculative execution. Meltdown is an actual design flaw in Intel's architecture, so I'm of the opinion that's the one that deserves some flak for. I believe it also works on a few ARM designs as well. 

[kirashi]

On 8/4/2018 at 3:03 PM, Daegun said:

but when turning left you can't go over 160mph. Not only do you or any average person not notice it,

Turning left at 160mph is an unrealistic and unsafe scenario. Wanting to get the best performance while having 50 Chrome tabs open (or doing any other heavy workload task) is a realistic scenario. You're not comparing apples with apples here, and an average user will indeed notice it if they had doubles of the EXACT same hardware side-by-side running both a patched BIOS and OS on one system, and an unpatched BIOS and OS on the other.

 

Even the manufacturers and software developers have confirmed it will use more hardware resources to help secure things, and yet users are not receiving any compensation for this. In the case of Chrome, users will lose up to 10% of their RAM over this, and with RAM price fixing still at play, it's not even fair to tell people to "just buy more RAM" to help with this increase in usage. https://mobilesyrup.com/2018/07/13/google-chromes-new-meltdown-and-spectre-safeguard-is-a-memory-hog/

[MMKing]

1 hour ago, Taf the Ghost said:

Spectre is the result of issues with speculative execution. Meltdown is an actual design flaw in Intel's architecture, so I'm of the opinion that's the one that deserves some flak for. I believe it also works on a few ARM designs as well. 

Some IBM, Apple and VIA CPUs are affected as well. However, the IBM and VIA CPUs can rightly be called legacy hardware at this point.

 

ARM CPUs affected by Meltdown

 

* ARM Cortex-A75

* ARM Cortex-A72

* ARM Cortex-A57

* ARM Cortex-A15

 

Technically AMD is not unaffected, there are some AMD SOC that are affected by the meltdown bug, and these are the, AMD Opteron A1170, AMD Opteron A1150 and the AMD Opteron A1120. All 3 utilize ARM Cortex-A57 CPUs. I can list all the ARM products affected, and all the AMD SOC affected. The Intel list would be over 1800 lines long, don't quote me on this.

 

Considering AMD is able to keep up in terms of performance, i don't see Intel releasing their next architecture on the 10nm without a full fix. Whenever 10nm hits, though i doubt the upcoming 8 core i9-9900k will be unaffected

 

Edit: In fact, every Apple CPU from the A4 through the newest A11 is affected by the Meltdown bug.

[leadeater]

1 hour ago, Taf the Ghost said:

Spectre is the result of issues with speculative execution. Meltdown is an actual design flaw in Intel's architecture, so I'm of the opinion that's the one that deserves some flak for. I believe it also works on a few ARM designs as well. 

True, it's still under the same subset of side channel attacks as Spectre though and Meltdown also applied to some IBM Power CPUs and ARM.

 

Quote

The first two vulnerabilities, CVE-2017-5753 and CVE-2017- 5715, are collectively known as Spectre, and allow user-level code to infer data from unauthorized memory; the third vulnerability, CVE-2017-5754, is known as Meltdown, and allows user-level code to infer the contents of kernel memory. The vulnerabilities are all variants of the same class of attacks and differ in the way that speculative execution is exploited.

https://www.ibm.com/blogs/psirt/ibm-storage-meltdownspectre/

[79wjd]

2 hours ago, Taf the Ghost said:

Location matters, as "What is excess?" depends on location.

It sure does. 2 million would get you a really nice house where I live, but far from what I would consider a CEO house -- then again, I'm from right outside NYC, where a decent 1 bedroom apartment can easily run you over a million; even rents are just stupid. 

[pas008]

1 hour ago, MMKing said:

Some IBM, Apple and VIA CPUs are affected as well. However, the IBM and VIA CPUs can rightly be called legacy hardware at this point.

 

ARM CPUs affected by Meltdown

 

* ARM Cortex-A75

* ARM Cortex-A72

* ARM Cortex-A57

* ARM Cortex-A15

 

Technically AMD is not unaffected, there are some AMD SOC that are affected by the meltdown bug, and these are the, AMD Opteron A1170, AMD Opteron A1150 and the AMD Opteron A1120. All 3 utilize ARM Cortex-A57 CPUs. I can list all the ARM products affected, and all the AMD SOC affected. The Intel list would be over 1800 lines long, don't quote me on this.

 

Considering AMD is able to keep up in terms of performance, i don't see Intel releasing their next architecture on the 10nm without a full fix. Whenever 10nm hits, though i doubt the upcoming 8 core i9-9900k will be unaffected

 

Edit: In fact, every Apple CPU from the A4 through the newest A11 is affected by the Meltdown bug.

I believe they stated hardware fixes 2nd half of 2018

[mr moose]

10 hours ago, pas008 said:

Yes i know

Was just making a point

Since 2 users are claiming this

I hate when people state things as fact 

Especially very misleading info

Hurts the community more than help

Causes more divide and supports fanboyism

I thought @Zodiark1593 's posts were fairly accurate.  He didn't say Intel knew definitively about it, but that they made design decisions regarding speculative execution intentionally (which is kinda obvious),  while they knew there was speculation it might be a vulnerability.  I believe that is in line with what @leadeater  pointed out claiming it was more about moving forward with really good odds rather than holding back on a slim maybe.