Axle Grease wrote:
Ah, so the MS patch is only installed, but until mobo manufactures release updated BIOSes containing the new intel microcode, there is no hardware support to enable the patch. Do I have that right? It does explain why there's stuff all difference in pre and post patch CPU benchmarks so far.

Depends what benchmarks you're referring to and more importantly which mediation was used. The original proposed solution at least in Linux, from Intel, has or had quite a bite more overhead then the one Google claims to have gone with. There's also the issue of what was really being tested since not all games for example would be affected as they are more GPU constrained.

Part of the fud being thrown around still involves what the exploits actually are.
Your computer is like a school bus. In the morning it picks up kids for school but during the day and afternoon it's chartered. What's supposed to happen is the bus gets cleaned between uses. Meltdown exploits the garbage people leave behind. SPECTRE is less exploit and more observation since it's like looking at the gas gage to judge how far the bus went between users. It doesn't know who they are but can eventually piece together enough data to guess.

All Intel's done at this point is replace the cleaning staff. They're slower, cost more and demanded concessions.

Both are well understood design problems. Meltdown should never have happened if Intel actually followed ring isolation.

What they are now calling SPECTRE for this, has been around for a long, long time and can affect anything with a cache since it's a timing attack. In HTTP it would be like a CDN sitting between you and a server. Probe the CDN enough and you can tell what is in cache. Find a way to uniquely identify a user - with say a session id in the url or sites without any kind of random seed - and you can passively determine where they have gone based on what is in the CDN. If it's there the response will be faster. That is what bugs like SPECTRE, are.

It's quite different from Meltdown and a smokescreen attempt by Intel.

* I've deliberately left out the mitigation methods in HTTP to better illustrate the point.

segfaulted wrote:
Depends what benchmarks you're referring to and more importantly which mediation was used. The original proposed solution at least in Linux, from Intel, has or had quite a bite more overhead then the one Google claims to have gone with. There's also the issue of what was really being tested since not all games for example would be affected as they are more GPU constrained.

Part of the fud being thrown around still involves what the exploits actually are.
Your computer is like a school bus. In the morning it picks up kids for school but during the day and afternoon it's chartered. What's supposed to happen is the bus gets cleaned between uses. Meltdown exploits the garbage people leave behind. SPECTRE is less exploit and more observation since it's like looking at the gas gage to judge how far the bus went between users. It doesn't know who they are but can eventually piece together enough data to guess.

All Intel's done at this point is replace the cleaning staff. They're slower, cost more and demanded concessions.

Both are well understood design problems. Meltdown should never have happened if Intel actually followed ring isolation.

What they are now calling SPECTRE for this, has been around for a long, long time and can affect anything with a cache since it's a timing attack. In HTTP it would be like a CDN sitting between you and a server. Probe the CDN enough and you can tell what is in cache. Find a way to uniquely identify a user - with say a session id in the url or sites without any kind of random seed - and you can passively determine where they have gone based on what is in the CDN. If it's there the response will be faster. That is what bugs like SPECTRE, are.

It's quite different from Meltdown and a smokescreen attempt by Intel.

* I've deliberately left out the mitigation methods in HTTP to better illustrate the point.

There's a new BIOS out for the Maximus X Formula dated Jan 2. Guru3D does some benchmarks. http://www.guru3d.com/articles-pages/windows-vulnerability-cpu-meltdown-patch-benchmarked,1.html Substantial 4K I/O performance degradation is noticeable in CrystalDiskMark, but it's so workload specific that I am finding it hard to elicit an emotion over it. Well, so long the new cleaning staff do their job...

Cleaning the bus between uses would also make it more difficult for any lowlife to exploit spectre as new rubbish replaces old more frequently, right? ...or wrong?

Axle Grease wrote:
There's a new BIOS out for the Maximus X Formula dated Jan 2. Guru3D does some benchmarks. http://www.guru3d.com/articles-pages/windows-vulnerability-cpu-meltdown-patch-benchmarked,1.html Substantial 4K I/O performance degradation is noticeable in CrystalDiskMark, but it's so workload specific that I am finding it hard to elicit an emotion over it. Well, so long the new cleaning staff do their job...

4k blocks are the default in just about every OS so the implications could be severe. I'm a bit confused looking at their results though. He's trying to do an AB comparison but not keeping the sort order?? Proper way to do that would have been either next to each other or even better on the same chart.

Those tests aren't really fair comparisons for this anyway. For one he's using SSD's and NVME which by design avoid CPU involvement more then a regular hard drive.

Axle Grease wrote:
Cleaning the bus between uses would also make it more difficult for any lowlife to exploit spectre as new rubbish replaces old more frequently, right? ...or wrong?

The analogy was meant to be more high level then technical so a bit of clarity. The act of cleaning the bus, is a cache flush. What intel does is like what a kid would do to clean their room - shove some stuff under the bed and hope no one sees it. Well, people did.

It's still very different then cache observation attacks (the gas gauge), some of which are actually useful byproducts. Think if you had a block in cache and a block on disk, getting it from cache would be quicker. But unless you have complete cache coherency, you cannot know for certain where the block is. Thus things like cache snooping (in a good way), are used. Effectively asking the hardware "do you have this?". The cost of doing that obviously has to be a net gain - both performance and security - the hardware telling you is in of itself an attack for the same reason a CDN can be leveraged against a site. In multi user environments that utilize things like dedupe you can attack the other hosts around you simply by asking the hardware what is in memory. This is all very well understood.. at least it should have been.


Enough analogies though, hope this makes more sense as to the smoke coming from Intel.

Caudwell wrote:
Hi all
I have ( Asus x99 Rampage V Extreme )
Bios i am useing is ( 3504 )
CPU i have is ( Intel Core i7-5930K )
I update my windows 10 to Version 1709 ( OS Build 16299.192 )
I Done Test this what Testing come back dose not look good hoping it be fix.

Dear.
You can update microcode with tool in atachments(with last uCode for HSW-E:0x3B)
Best Regards.

A.Catalin wrote:
https://www.asus.com/News/V5urzYAT6myCC1o2

Thanks for post but what why is my Motherboard not on the list ( Asus Rog x99 Rampage V Extreme ) ?

Caudwell wrote:
Thanks for post but what why is my Motherboard not on the list ( Asus Rog x99 Rampage V Extreme ) ?

These lists are subject to change and more models may get added. Regardless I would check and see if your board has an update released at the same time as other x99 boards. It's possible there is an update but you're not listed.