Personal computing discussed
Moderators: renee, Flying Fox, morphine
Ryu Connor wrote:https://youtu.be/W-AHuwfyLoo
I made a video that shows you how to manage the Meltdown and Spectre patch, e.g. status, enable, disable, in Windows.
For those of you with legacy systems, how to disable the KPTI changes is most likely of interest.
DragonDaddyBear wrote:I just read the Ars article explaining just why there is a performance impact. It stems from the TLB design. For you smarter gerbils, it's TLB especially hard to design (relative to the complexity of designing processors)? AMD had a bug related to the same thing in the Phenom processors.
https://arstechnica.com/gadgets/2018/01 ... rformance/
ludi wrote:Is that your voice-over? Remove the southern accent and you could probably wake up Ok Google on my phone.
Ryu Connor wrote:ludi wrote:Is that your voice-over? Remove the southern accent and you could probably wake up Ok Google on my phone.
Are you saying I sound like you with a southern accent?
DragonDaddyBear wrote:I just read the Ars article explaining just why there is a performance impact. It stems from the TLB design. For you smarter gerbils, it's TLB especially hard to design (relative to the complexity of designing processors)? AMD had a bug related to the same thing in the Phenom processors.
cegras wrote:
Ryu Connor wrote:PCID and INVPCID would require significant work to the Windows 7 kernel. So if the patch lacks the hardware acceleration path, I would not be surprised. Windows 7 is outside of mainstream support, Microsoft not gonna waste their time tweaking the kernel.
Server 2008 and Server 2012 don't even have a patch currently.
Waco wrote:cegras wrote:
Yep. Desktop users may not care but this is causing absolute hell in performance-sensitive applications with lots of syscalls.
If the frametimes are considered, the differences become clearer: The threshold, over which 99 per cent of the frametimes lie, falls with active Meltdown Patch by four (720p) and / or three (1080p) per cent, the active Specter countermeasures cost again four and / or three per cent , All in all, the performance losses in this discipline are therefore very much in line with what could have been observed when switching to the previous CPU generation.
captaintrav wrote:Waco wrote:cegras wrote:
Yep. Desktop users may not care but this is causing absolute hell in performance-sensitive applications with lots of syscalls.
I wonder if for whatever reason (kernel design?) Linux is getting hit harder performance wise. Or it could be just the workloads in question? What's worse is the current kernel enables KPTI to address Meltdown, but patching Spectre on Linux is still coming. So possibly more performance hits looming?
nerdrage wrote:The latest news from Saturday is we now need an emergency out-of-band Windows update to roll back the kernel mitigation for Spectre variant 2 because it may cause data loss and/or corruption in addition to the known rebooting issue. On top of that, Intel says to stop patching microcode/firmware updates until further notice. Dell and HP have pulled their firmware updates.
Glorious wrote:nerdrage wrote:The latest news from Saturday is we now need an emergency out-of-band Windows update to roll back the kernel mitigation for Spectre variant 2 because it may cause data loss and/or corruption in addition to the known rebooting issue. On top of that, Intel says to stop patching microcode/firmware updates until further notice. Dell and HP have pulled their firmware updates.
These would appear to be all the same thing. That microsoft update is cagey, but I can't see how what they are talking about isn't a reversion of the microcode they must have slipped into a previous update.
I don't know why they aren't straightforward about that, but I can't figure what the heck else they are saying.
Ubuntu did the exact same thing about a week ago.
Bauxite wrote:Javascript should be default deny surfing the web, if the computer you're using has anything of real value on it. Only whitelist domains you need to accomplish a purpose. Decide how much you really give a damn about websites that still don't work when you enable their root and cdn domains. The browsers try hard, but keep in mind for many of their vulnerability updates, they learned about and patched that particular issue only because someone else already got owned by it.
Bauxite wrote:Honestly though the best policy is you have computer(s) just for surfing and it can't connect in any meaningful way (shares, casual file transfer, etc) to computers you care about. Its hard because you have to change your habits. You are the biggest security threat.
just brew it! wrote:Disabling JavaScript may have been a viable option 15 years ago. Doing so today renders most of the web useless, or at best very inconvenient to use.
Yes, these vulnerabilities are a big deal for service providers, because they can result in leakage of data between customers who are running on shared infrastructure. For the typical end user, nothing has really changed. Keep your OS and browser current on security patches, and try to avoid the dark alleys of the internet.
just brew it! wrote:The biggest risk by far is outdated/unpatched web browsers. Your web browser implicitly runs untrusted code all the time (in the form of JavaScript on web pages). This opens the possibility of malicious code on a web page using the Spectre vulnerability to leak information from outside the JavaScript sandbox (i.e. anything in your web browser's memory) to the attacker. As an end user, the first (and most important) line of defense is to make sure you keep your web browser updated; Microsoft, Google, and Mozilla are already putting mitigations in place. The JavaScript compilers in the web browsers are being updated with the appropriate patches, and the sandboxing of data associated with different web sites is being strengthened.
Intel is announcing that they have developed hardware fixes for both the Meltdown and Spectre v2 vulnerabilities, which in turn will be implemented into future processors. Both the next version of Intel’s Xeon server/HEDT platform – Cascade Lake – as well as new 8th gen Core processors set to ship in the second half of this year will include the mitigations.