Retard here

wrong. its intel only

meltdown, which is the really scary vulnerability, affects the last 20 years of intel products

amd is not affected by meltdown

Two bugs. Both make it possible for a program to read protected information that it shouldn't have access to.

Everyone's up in a craze about the more dangerous one, Meltdown, and patches are rolling out currently for it. Reports are saying that there are performance losses for Intel processors, due to the how the patch works.

The degree of performance loss depends on your workload, but the numbers being thrown around so far suggest anywhere from 'negligible' loss all the way up to 30% performance drops for Intel chips.

It's also very widespread, too, and affects essentially everything all the way back to the original Pentium.

There is a second bug which is harder to make use of, called Spectre. It affects both Intel and AMD, as well as other makes. Unsure about this one yet, since everyone's focused on Meltdown.

Does it mean a literal meltdown? Burning out the chipset? Or is it a fancy name

Yes, it heats up your processor until it melts.

Fancy name.

benchmarks

it's referring to Intel's stock value when the full implications of their incompetence goes public after all the datacenters in the world become 60% slower in the blink of an eye

Saw this earlier, but good to post nonetheless. This is why I'm not too worried about the performance losses. I'm waiting for the update to hit my system so I can do some testing for myself and see.

>everything is about gayms and shitty file compression
basement menchildren get out!

>gaymen

disable javascript

>Video games

Very useful to see if your daily use will be affected by Metldown.

Use some common sense. For 90% of the people here, that's all they care about.

in a nutshell
>it's fucking nothing

meltdownattack.com/
There are two vulnerabilities: Meltdown and Spectre
AMD is affected by Spectre (the harder to exploit of the two)
Intel is affected by both

morons don't know what caching is and got buttmad

What do you do with your home personal computer? Genuinely curious.

is this what a happening looks like on Sup Forums? because it's pretty damn amazing

is it menchildren, manchildren, menchild, menchilds, or manchilds?

Wrong.
amd.com/en/corporate/speculative-execution

Spectre 1 has been fixed, Spectre 2 has not yet been proven to work on AMD hardware.

Benchmarks.

maybe being a paid shill.
Anyhow, those "benchmarks" are misleading at best, the problem for Intel isn't some manchildren will get less FPS, it's the server and datacenter that matters.
If Sup Forums doesn't realize computing exist beyond call of duty it's their problem.

No but in theory the exploit can be used to brick your motherboard.

>leshockedanimuface

I use my personal computer to program, compile other software, render videos (from that time your girlfriend went out for girl's night), and trade stocks.

Compiling software just got 30% slower, video rendering is fucked, and I can't trade stock because my bank is 'under heavy load' -- all of these are Intel's fault.

While technically correct, this is Sup Forums; nobody shitposting on here has any reason to care about that. What matters to them is what is going to happen to *them* specifically, and that is what we're starting to figure out now.

Show me some vc for your projects.
Your editing portfolio?
What terminal software?

I highly doubt you can. You sit and shitpost on Sup Forums all day, that's what you do.

Show one example of AMD having Spectre v2 on it, i'm fucking waiting

>(from that time your girlfriend went out for girl's night)
Why'd you have to add such cringy shit into your post? I forget how young the posters are here sometimes.

I've pretty much got downs.

How does this effect me, as someone who just browses a select few websites and plays some vido gams?

As long as I'm not retarded and download coolmusic.mp3.exe, will anything change for me?

[spoiler]Yes I have intel. I'm on W7 and I have automatic updates off

Rogue JavaScript can read your full memory, find right place to Inject data and you are fucked

I'm reading what you're typing right now.

NANI

Marketing

>having js enabled in the first place

Who could be behind this post?

ty for this

Not gayman here for the assmad

my computers are both old I have q6600 and fx6350 am fucked? do I need to download anything to fix it?

>first reply again
Pretty funny shill

Exploitable through Javascript which means it would be very easy for someone to hack your stuff if you don't update

It's too late, kiddo, you've already been hacked ;)

You are as valuable has you have always been exploits are every where. You just know about this one. You will be fine.

inb4 this was an NSA exploit and just now someone found it. Just like juniper finding their backdoor.

I don't know about Windows but it seems the more syscalls you have the more you're hurt.
You might also find lots of performance degradation for the kernel itself.

So for most applications this will barely matter. I've always perceived code that does lots of syscalls as inherently uninterested in performance. Kernels having to isolate their own memory I could only speculate on.

Overall this looks very bad for Intel though, that's probably a much bigger factor than the actual performance impact. It destroys trust in them as a secure platform for people who really care about this. How old this is is especially bad.
With how virtual machines for servers is pretty much the only way we do server hosting now it's pretty major on that front. Performance there matters a lot for the companies hosting the VMs. You'll probably not see any difference as a customer though.

>I'm on W7 and I have automatic updates off
You face greater threats already.

...

...

Only the simplest patchable Spectre attack affects AMD, the other two do not.

It's not the exploits you know about you should be worried about. Exploits have always been around.

>mfw I don't care

Building a server machine what kind of flashy shit should I put in it ?

Threadripper

No it's a big thing. Just not for gaymers.
Regardless you should be considering Ryzen as your next purchase. Just read Agners Ryzen tests and his manual. It's pretty clear cut.

Nah my nigga that shit is too weak I am thinking Quantum processors for cpu and vga
I mean't flashy lights n maybe like a smoke machine and strobe lights or some shit.

though I could certainly make use of them.
what would be comparable ? ?

sorry to hijack the thread op.

>I'm on W7 and I have automatic updates off
the absolute state of gamer retards

as my gift to you
youtube.com/watch?v=s7ALdl0gkaY

Pajeet please. This is not effectively achieving your goals.

None of those is IO intensive. Post IO benchmarks

All three attacks rely on a side channel element. AMD is immune to meltdown because privileged memory addresses immediately rejected before entering the execution stage at all. Spectre v1 uses a similar OOE/line cache attack which simply searches for kernel pages by repeatedly injecting eBPF bytecode which runs speculatively during a misprediction until cached kernel memory is detected and then can be completely dumped. Spectre v2 demonstrates that an attack can be executed from a guest kernel on the HOST kernel by recovering branch predictor history buffers within a root run hypervisor allowing hypercalls (e.g. KVM acceleration, Xen).

For sure meltdown is the easiest to access because it is possible from Ring 3 directly and not from guessing addresses thrown from kernel context bytecode interpreters or root privileged VMs. The other two do present alarming problems with the aggressive and potentially unsafe way all processors are designed.

English, doc.

Linux kernel patch

lmao just sort your shit to not cache miss

Has nothing to do with this you fucking moron.

>which runs speculatively during a misprediction
ok

>be a company
>release first desirable product in years in a market that you have been clawing away at after decades of shrewd business practices by your competitor
>its revealed your competitor's product is dangerous and broken
>its revealed your competitor's product has 3 major faults that the only known fixes are to make them preform worse
>competitor issues statement it is working with other companies to fix the products they and YOU made
>issue a statement that your products are not dangerous and broken in these ways
>vendors don't care and nerf everything anyway
>your competitor gets off scott-free using FUD
epic timeline.

They can't do that, it goes against the narrative.

>these bugs coming to light now
Is there any evidence anyone's exploited them?

HOW DO I MAKE SURE I'M PATCHED ON UBUNTU PLS HELP IM SCARED AND I BROWSING THE INTERNET SUCKS WITH NOSCRIPT I WANT TO DISABLE IT ALREADY

>root run hypervisor

>NOSCRIPT
javascript control is better

people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5753.html

...

What's the name of the fucking update for Win10?

...

Should I stay away from browsing manga websites for now

...

Thanks for the spoon feed, I only wish I was lurking Sup Forums like I usually do when this broke.

computers are 100% obsolete now
buy an abacus

doesn't the nsa have a treasure trove of zero days they're just sitting on?

What's the name of the fucking update for Win10?
>What's the name of the fucking update for Win10?
What's the name of the fucking update for Win10?
>What's the name of the fucking update for Win10?
What's the name of the fucking update for Win10?
>What's the name of the fucking update for Win10?

Spectre is INCREDIBLY hard to implement. It's based on artifacts left behind by the type of branch optimization and speculative execution that modern chip architecture uses, allowing people to guess the timing of memory references. You can use this to guess the functions that the underlying code uses, and in turn guess the data that is being returned.

THAT'S SO HARD TO DO, especially when you're operating on a non familiar system.

That's why people aren't exactly freaking out about Spectre.

catalog.update.microsoft.com/Search.aspx?q=KB4056892

You shouldnt go to them in the first place, lame weeaboo.

And for Windows 7?

What about older architectures?

This. People freaking out about javascript implementations forget that you have the V8 engine introducing latencies of it's own. It's like they never worked with the language before

Fucking upgrade to Windows 10.

Basically Meltdown allows for privileged memory to be exposed by loading kernel memory references into CPU registers and executes an incoming instruction that loads probed data into cache. The reason the CPU does this without causing the program the crash as would be in normal cases is because instructions don't necessarily execute sequentially on modern processors; by executing certain instructions ahead in a conditional which is believed to be more likely executed, there is potential speedup.
Spectre also exploits this by loading out-of-bound addresses from kernel context or loading foreign data pointers into the branch target buffer (a buffer containing what the CPU believes is the next set of instructions to execute next) in a root run VM.

Misprediction does NOT arise from a cache miss. A cache miss will halt the instruction to wait for the MMU to feed it data. Branch misprediction AND BTP (target prediction) explicitly predetermine conditional execution by feeding the target address next into the pipeline - a misprediction would mean that the pipeline is cleared and the new branch must be fed in. The exploits rely on loading the payload into cache (in Meltdown and Spectre v1) because the speculated branch has preloaded the following instruction into cache and executed - however, in Spectre, additionally, it is possible to measure the amount of time the speculative branch takes as the saturated cache line loads an out of bounds memory offset to rebuild the memory map and determine the address of the kernel. With this OOB bypass, you can then dump kernel memory.

Yes, those programs are not syscall heavy and so the performance should remain roughly the same.

With a large number of instructions you can still discern with the Chrome performance timer the behavior of the CPU with the use of shared array buffers. Google will be updating Chrome to mitigate this at the cost of SAB and a performance cost.

>What's the quick rundown on the Intel shit.