Winter, that is exactly the situation I'm in and the question I'm asking. I have not applied any patches to my system because a) they're only partially effective and b) they have a performance hit.
So I'm trying to see if it makes sense to upgrade to a new machine now, or whether I should stick it out for another several months (year?) to see if Intel or AMD rolls out something that actually fixes the underlying problems. --------- Brian On Fri, Jul 6, 2018 at 4:38 PM, Winterlight <winterli...@winterlight.org> wrote: > This has been an interesting thread. So Greg the Ivy Bridge patch that you > posted will be delivered by Windows 10 ...eventually... maybe? I am still > running a P9X79 WS with my six core Ivy Bridge with Win10. InSpectre tells > me Spectre is not protected and performance is slower. Just how much at > risk am I. I figure I will never see a BIOS update.. ... or will I. The > whole thing is a big mess, and I would imagine there are all sorts of class > action law suites heading toward CPU and motherboard manufactures. > > > > At 10:08 AM 7/6/2018, you wrote: > >> The chipset vulnerabilities were ugly, yes, but for their part AMD did >> ensure they were resolved quickly despite the research firm not following >> industry best-practices regarding vulnerability disclosure. My bigger beef >> is that AMD would use ASSmedia (not a typo) at all, given their fairly >> well-established track record of being roughly equivalent to dog excrement. >> I don't subscribe to the AMD Fanboy narrative that it was an Intel hit-job, >> though. >> >> Intel's roadmap is a real mess right now. A sudden and surprisingly >> competitive AMD portfolio coupled with severe yield and performance issues >> with their ambitious 10nm process technology has painted them into a corner >> with no good near-term options. So, they're going to push their 14nm++ tech >> for another iteration, adding cores, to (try to) re-establish clear >> superiority . Luckily for them, their 14++ is actually really good. >> >> Greg >> >> -----Original Message----- >> From: Hardware [mailto:hardware-boun...@lists.hardwaregroup.com] On >> Behalf Of Brian Weeden >> Sent: Friday, July 6, 2018 9:03 AM >> To: hardware <hardw...@lists.hardwaregroup.com> >> Subject: Re: [H] Should I rebuild my machine now or wait until the next >> gen of CPUs? >> >> Thanks, Greg. That pretty much aligns with my thought process on this, >> so I guess it's good at least one other person is coming to the same >> conclusions I am :) >> >> Didn't know about the Ivy Bridge patches - will look into that more. But >> one of the reasons I haven't patched at all is that all the mitigations for >> older chips like mine have had significant performance penalties. And at >> this point that's a bigger issue for me than the security, as I'm not >> really in that big of a threat environment. >> >> But I plan to use whatever I buy for the next several years and it would >> be good to get something that's not going to have major structural >> vulnerabilities that will be problems that entire time. >> >> My major hangup with AMD is not the performance but rather the massive >> vulnerabilities found in their Ryzen chipset, all because they did a very >> poor job providing oversight of the company they outsourced it to. That >> doesn't speak well of their commitment to security in my mind. >> >> I had heard that Intel's 2018 lineup was delayed until next year as they >> try and fix all this stuff, but maybe that was just for their mobile chips? >> >> >> >> >> --------- >> Brian >> >> >> On Fri, Jul 6, 2018 at 2:20 AM, Greg Sevart <ad...@xfury.net> wrote: >> >> > Actually, your Ivy Bridge CPU had new microcode revision with >> > additional Spectre defenses released just this past Monday. While it's >> > a long-shot for your motherboard manufacturer to release a new FW >> > update, it *is* likely to appear in an OS patch. CPU microcode can and >> > is loaded via multiple mechanisms, including during OS early boot. On >> > Windows, your options are a bit more limited as you must wait for >> > Microsoft to update their microcode patch. >> > >> > Microsoft's microcode patch information, which is ONLY available for >> > Windows 10 1709 (or later?) can be found here: >> > https://support.microsoft.com/en-us/help/4090007/intel-microcode-updat >> > es >> > >> > It's something of a mess. As you may see, Ivy Bridge desktop CPUs are >> > not listed explicitly, but I've heard reports of the patch taking >> > effect on them anyway. Use a tool such as InSpectre or >> > Get-SpeculationControlSettings in the PowerShell Gallery to verify your >> status post-update. >> > >> > >> > With regard to an upgrade...hard to say. On the desktop side, with >> > Ryzen, AMD has finally released a product that is competitive. Broadly >> > speaking (i.e., on overall average), it is not clearly superior >> > despite higher core counts, but very competitive and hence a viable >> > option to Intel's Coffee Lake SKUs. If you're interested in HEDT, >> > that's a bit harder to answer...for highly threaded workloads, the >> > Threadripper/X399 platform wins on both performance and price (despite >> > the dumb name and attempt to usurp Intel's existing platform naming >> > scheme), but if single-threaded performance is more important, >> Skylake-X/X299 is still the better bet. >> > >> > CPUs with integrated defenses to the various Spectre variants are >> > expected near the end of the year. As it stands now, performance wise, >> > Intel's silicon is more negatively impacted via existing mitigations, >> > but not enough to make a meaningful difference in *most* client >> > workloads for current silicon. Older CPUs (such as your Ivy) that do >> > not support INVPCID are especially hurt by Meltdown's mitigation. >> > Fundamentally, I don't think either one is substantially more secure if >> your mitigations are current. >> > While we've already seen some since the initial 3 CVEs were announced, >> > it's widely expected that more vulnerabilities will be discovered in >> > the coming months and years as this new and novel class of attack >> vector is researched. >> > >> > Major items rumored to be coming soon-ish: >> > Intel desktop: Widely expected to have a new 8-core mainstream chip >> > out sometime later this year. >> > Intel HEDT: Cascade Lake-X expected in Q4, up to 28C, though the >> > series may span sockets. Maybe a 22C interim offering? >> > AMD Desktop: Zen+ 2000-series just released offering minor >> > improvements, Zen 2 expected next year AMD HEDT: Zen+ refresh of >> > Threadripper expected soon, up to 32C. >> > >> > >> > My personal take: I'd buy Intel for intensive, lightly-threaded >> > workloads, and AMD for intensive, heavily-threaded workloads. Anything >> > not intensive isn't going to be different enough to matter, so go with >> > whatever floats your boat and/or wallet. >> > >> > Greg >> > >> > -----Original Message----- >> > From: Hardware [mailto:hardware-boun...@lists.hardwaregroup.com] On >> > Behalf Of Brian Weeden >> > Sent: Thursday, July 5, 2018 9:45 PM >> > To: hwg <hardware@hardwaregroup.com> >> > Subject: [H] Should I rebuild my machine now or wait until the next >> > gen of CPUs? >> > >> > Currently running a core i5-3750K with 32GB of RAM on my main machine, >> > which I use for both work and gaming. >> > >> > Been looking to replace it for several months now, but have held off >> > in part because of all the vulnerabilities that keep turning up in >> > modern CPUs (Meltdown, Spectre, and all their variants). The thing is, >> > my existing CPU is old enough that it doesn't support any of the >> > mitigations, so I'm actually less secure now than if I bought a new >> > CPU that at least had mitigations against the vulns (even if the new >> > CPUs that actually fix them are 6-12 months away). >> > >> > So first question is, is the time right to go do this now? >> > >> > Second question is, Intel or AMD? Is one better off than the other >> > from a security standpoint that's worth taking into consideration? >> > >> > >> > --------- >> > Brian >> > >> > >> > >> > >
