Re: [H] Should I rebuild my machine now or wait until the next gen of CPUs?
I was planning on getting a Synology NASshould I be concerned about security? I assumed that they would have this problem locked down on their new hardware...but I am not sure. At 07:01 PM 7/6/2018, you wrote: Thus far, AMD's story has been more compelling than Intel's. AMD is immune to meltdown, and is broadly speaking less vulnerable to the Sceptre variants. However, it would be naïve to believe that AMD is in the clear, as additional vulnerabilities are slowly coming out in this new and novel class of attack vector. My thinking is that while both Linux and Windows are currently only doing the PTI/KernelVA shadowing for Intel, it will eventually be mandatory for all architectures--for defense in depth if nothing else. -Original Message- From: Hardware [mailto:hardware-boun...@lists.hardwaregroup.com] On Behalf Of Brian Weeden Sent: Friday, July 6, 2018 3:42 PM To: hardware Subject: Re: [H] Should I rebuild my machine now or wait until the next gen of CPUs? Winter, that is exactly the situation I'm in and the question I'm asking. I have not applied any patches to my system because a) they're only partially effective and b) they have a performance hit. So I'm trying to see if it makes sense to upgrade to a new machine now, or whether I should stick it out for another several months (year?) to see if Intel or AMD rolls out something that actually fixes the underlying problems. - Brian On Fri, Jul 6, 2018 at 4:38 PM, Winterlight wrote: > This has been an interesting thread. So Greg the Ivy Bridge patch that > you posted will be delivered by Windows 10 ...eventually... maybe? I > am still running a P9X79 WS with my six core Ivy Bridge with Win10. > InSpectre tells me Spectre is not protected and performance is slower. > Just how much at risk am I. I figure I will never see a BIOS update.. > ... or will I. The whole thing is a big mess, and I would imagine > there are all sorts of class action law suites heading toward CPU and motherboard manufactures. > > > > At 10:08 AM 7/6/2018, you wrote: > >> The chipset vulnerabilities were ugly, yes, but for their part AMD >> did ensure they were resolved quickly despite the research firm not >> following industry best-practices regarding vulnerability disclosure. >> My bigger beef is that AMD would use ASSmedia (not a typo) at all, >> given their fairly well-established track record of being roughly equivalent to dog excrement. >> I don't subscribe to the AMD Fanboy narrative that it was an Intel >> hit-job, though. >> >> Intel's roadmap is a real mess right now. A sudden and surprisingly >> competitive AMD portfolio coupled with severe yield and performance >> issues with their ambitious 10nm process technology has painted them >> into a corner with no good near-term options. So, they're going to >> push their 14nm++ tech for another iteration, adding cores, to (try >> to) re-establish clear superiority . Luckily for them, their 14++ is actually really good. >> >> Greg >> >> -Original Message- >> From: Hardware [mailto:hardware-boun...@lists.hardwaregroup.com] On >> Behalf Of Brian Weeden >> Sent: Friday, July 6, 2018 9:03 AM >> To: hardware >> Subject: Re: [H] Should I rebuild my machine now or wait until the >> next gen of CPUs? >> >> Thanks, Greg. That pretty much aligns with my thought process on >> this, so I guess it's good at least one other person is coming to the >> same conclusions I am :) >> >> Didn't know about the Ivy Bridge patches - will look into that more. >> But one of the reasons I haven't patched at all is that all the >> mitigations for older chips like mine have had significant >> performance penalties. And at this point that's a bigger issue for me >> than the security, as I'm not really in that big of a threat environment. >> >> But I plan to use whatever I buy for the next several years and it >> would be good to get something that's not going to have major >> structural vulnerabilities that will be problems that entire time. >> >> My major hangup with AMD is not the performance but rather the >> massive vulnerabilities found in their Ryzen chipset, all because >> they did a very poor job providing oversight of the company they >> outsourced it to. That doesn't speak well of their commitment to security in my mind. >> >> I had heard that Intel's 2018 lineup was delayed until next year as >> they try and fix all this stuff, but maybe that was just for their mobile chips? >> >> >> >> >> - >> Brian >> >> >> On Fri, Jul 6, 2018 at 2:20 AM, Greg Sevart wrote: >> >> > Actually, your Ivy Bridge CPU had new microcode revision with >> > additional Spectre defenses released just this past Monday. While >> > it's a long-shot for your motherboard manufacturer to release a new >> > FW update, it *is* likely to appear in an OS patch. CPU microcode >> > can and is loaded via multiple mechanisms, including during OS >> > early boot. On Windows, your options are a
Re: [H] Should I rebuild my machine now or wait until the next gen ofCPUs?
The CTS Labs vulnerabilities were poorly disclosed and over-hyped, but there *were* legitimate issues. Reasonable people can disagree about the criticality, but they were not fake. Plus, ASSmedia sucks, and it would not unreasonable to question AMD's decision making if they were to use them to install lightbulbs, let alone incorporate their IP into their product line. -Original Message- From: Hardware [mailto:hardware-boun...@lists.hardwaregroup.com] On Behalf Of James Boswell Sent: Friday, July 6, 2018 8:06 PM To: hardw...@lists.hardwaregroup.com Subject: Re: [H] Should I rebuild my machine now or wait until the next gen ofCPUs? *puzzled expression* Are you referring to the CTS Labs hatchet job? Or has there actually been a legit security issue with the chipsets? -JB From: Brian Weeden Sent: 07 July 2018 02:04 To: hardware Subject: Re: [H] Should I rebuild my machine now or wait until the next gen ofCPUs? Agree with all of that, although as I mentioned earlier AMD's utter failure in screening their motherboard chipset vendor also gives me pause. Hard to tell if that's a one-off mistake, or a sign that they don't really care that much about security. - Brian On Fri, Jul 6, 2018 at 9:01 PM, Greg Sevart wrote: > Thus far, AMD's story has been more compelling than Intel's. AMD is > immune to meltdown, and is broadly speaking less vulnerable to the > Sceptre variants. However, it would be naïve to believe that AMD is in > the clear, as additional vulnerabilities are slowly coming out in this > new and novel class of attack vector. > > My thinking is that while both Linux and Windows are currently only > doing the PTI/KernelVA shadowing for Intel, it will eventually be > mandatory for all architectures--for defense in depth if nothing else. > > -Original Message- > From: Hardware [mailto:hardware-boun...@lists.hardwaregroup.com] On > Behalf Of Brian Weeden > Sent: Friday, July 6, 2018 3:42 PM > To: hardware > Subject: Re: [H] Should I rebuild my machine now or wait until the > next gen of CPUs? > > Winter, that is exactly the situation I'm in and the question I'm asking. > I have not applied any patches to my system because a) they're only > partially effective and b) they have a performance hit. > > So I'm trying to see if it makes sense to upgrade to a new machine > now, or whether I should stick it out for another several months > (year?) to see if Intel or AMD rolls out something that actually fixes > the underlying problems. > > > > - > Brian > > > On Fri, Jul 6, 2018 at 4:38 PM, Winterlight > > wrote: > > > This has been an interesting thread. So Greg the Ivy Bridge patch > > that you posted will be delivered by Windows 10 ...eventually... > > maybe? I am still running a P9X79 WS with my six core Ivy Bridge with Win10. > > InSpectre tells me Spectre is not protected and performance is slower. > > Just how much at risk am I. I figure I will never see a BIOS update.. > > ... or will I. The whole thing is a big mess, and I would imagine > > there are all sorts of class action law suites heading toward CPU > > and > motherboard manufactures. > > > > > > > > At 10:08 AM 7/6/2018, you wrote: > > > >> The chipset vulnerabilities were ugly, yes, but for their part AMD > >> did ensure they were resolved quickly despite the research firm not > >> following industry best-practices regarding vulnerability disclosure. > >> My bigger beef is that AMD would use ASSmedia (not a typo) at all, > >> given their fairly well-established track record of being roughly > equivalent to dog excrement. > >> I don't subscribe to the AMD Fanboy narrative that it was an Intel > >> hit-job, though. > >> > >> Intel's roadmap is a real mess right now. A sudden and surprisingly > >> competitive AMD portfolio coupled with severe yield and performance > >> issues with their ambitious 10nm process technology has painted > >> them into a corner with no good near-term options. So, they're > >> going to push their 14nm++ tech for another iteration, adding > >> cores, to (try > >> to) re-establish clear superiority . Luckily for them, their 14++ > >> is > actually really good. > >> > >> Greg > >> > >> -Original Message- > >> From: Hardware [mailto:hardware-boun...@lists.hardwaregroup.com] On > >> Behalf Of Brian Weeden > >> Sent: Friday, July 6, 2018 9:03 AM > >> To: hardware > >> Subject: Re: [H] Should I rebuild my machine now or wait until the > >> next gen of CPUs? > >> > >> Thanks, Greg. That pretty much aligns with my thought process on > >> this, so I guess it's good at least one other person is coming to > >> the same conclusions I am :) > >> > >> Didn't know about the Ivy Bridge patches - will look into that more. > >> But one of the reasons I haven't patched at all is that all the > >> mitigations for older chips like mine have had significant > >> performance penalties. And at this point that's a bigger issue for > >> me than the
Re: [H] Should I rebuild my machine now or wait until the next gen ofCPUs?
*puzzled expression* Are you referring to the CTS Labs hatchet job? Or has there actually been a legit security issue with the chipsets? -JB From: Brian Weeden Sent: 07 July 2018 02:04 To: hardware Subject: Re: [H] Should I rebuild my machine now or wait until the next gen ofCPUs? Agree with all of that, although as I mentioned earlier AMD's utter failure in screening their motherboard chipset vendor also gives me pause. Hard to tell if that's a one-off mistake, or a sign that they don't really care that much about security. - Brian On Fri, Jul 6, 2018 at 9:01 PM, Greg Sevart wrote: > Thus far, AMD's story has been more compelling than Intel's. AMD is immune > to meltdown, and is broadly speaking less vulnerable to the Sceptre > variants. However, it would be naïve to believe that AMD is in the clear, > as additional vulnerabilities are slowly coming out in this new and novel > class of attack vector. > > My thinking is that while both Linux and Windows are currently only doing > the PTI/KernelVA shadowing for Intel, it will eventually be mandatory for > all architectures--for defense in depth if nothing else. > > -Original Message- > From: Hardware [mailto:hardware-boun...@lists.hardwaregroup.com] On > Behalf Of Brian Weeden > Sent: Friday, July 6, 2018 3:42 PM > To: hardware > Subject: Re: [H] Should I rebuild my machine now or wait until the next > gen of CPUs? > > Winter, that is exactly the situation I'm in and the question I'm asking. > I have not applied any patches to my system because a) they're only > partially effective and b) they have a performance hit. > > So I'm trying to see if it makes sense to upgrade to a new machine now, or > whether I should stick it out for another several months (year?) to see if > Intel or AMD rolls out something that actually fixes the underlying > problems. > > > > - > Brian > > > On Fri, Jul 6, 2018 at 4:38 PM, Winterlight > wrote: > > > This has been an interesting thread. So Greg the Ivy Bridge patch that > > you posted will be delivered by Windows 10 ...eventually... maybe? I > > am still running a P9X79 WS with my six core Ivy Bridge with Win10. > > InSpectre tells me Spectre is not protected and performance is slower. > > Just how much at risk am I. I figure I will never see a BIOS update.. > > ... or will I. The whole thing is a big mess, and I would imagine > > there are all sorts of class action law suites heading toward CPU and > motherboard manufactures. > > > > > > > > At 10:08 AM 7/6/2018, you wrote: > > > >> The chipset vulnerabilities were ugly, yes, but for their part AMD > >> did ensure they were resolved quickly despite the research firm not > >> following industry best-practices regarding vulnerability disclosure. > >> My bigger beef is that AMD would use ASSmedia (not a typo) at all, > >> given their fairly well-established track record of being roughly > equivalent to dog excrement. > >> I don't subscribe to the AMD Fanboy narrative that it was an Intel > >> hit-job, though. > >> > >> Intel's roadmap is a real mess right now. A sudden and surprisingly > >> competitive AMD portfolio coupled with severe yield and performance > >> issues with their ambitious 10nm process technology has painted them > >> into a corner with no good near-term options. So, they're going to > >> push their 14nm++ tech for another iteration, adding cores, to (try > >> to) re-establish clear superiority . Luckily for them, their 14++ is > actually really good. > >> > >> Greg > >> > >> -Original Message- > >> From: Hardware [mailto:hardware-boun...@lists.hardwaregroup.com] On > >> Behalf Of Brian Weeden > >> Sent: Friday, July 6, 2018 9:03 AM > >> To: hardware > >> Subject: Re: [H] Should I rebuild my machine now or wait until the > >> next gen of CPUs? > >> > >> Thanks, Greg. That pretty much aligns with my thought process on > >> this, so I guess it's good at least one other person is coming to the > >> same conclusions I am :) > >> > >> Didn't know about the Ivy Bridge patches - will look into that more. > >> But one of the reasons I haven't patched at all is that all the > >> mitigations for older chips like mine have had significant > >> performance penalties. And at this point that's a bigger issue for me > >> than the security, as I'm not really in that big of a threat > environment. > >> > >> But I plan to use whatever I buy for the next several years and it > >> would be good to get something that's not going to have major > >> structural vulnerabilities that will be problems that entire time. > >> > >> My major hangup with AMD is not the performance but rather the > >> massive vulnerabilities found in their Ryzen chipset, all because > >> they did a very poor job providing oversight of the company they > >> outsourced it to. That doesn't speak well of their commitment to > security in my mind. > >> > >> I had heard that Intel's 2018 lineup was delayed until next year as > >> they try and fix all this stuff, but
Re: [H] Should I rebuild my machine now or wait until the next gen of CPUs?
Agree with all of that, although as I mentioned earlier AMD's utter failure in screening their motherboard chipset vendor also gives me pause. Hard to tell if that's a one-off mistake, or a sign that they don't really care that much about security. - Brian On Fri, Jul 6, 2018 at 9:01 PM, Greg Sevart wrote: > Thus far, AMD's story has been more compelling than Intel's. AMD is immune > to meltdown, and is broadly speaking less vulnerable to the Sceptre > variants. However, it would be naïve to believe that AMD is in the clear, > as additional vulnerabilities are slowly coming out in this new and novel > class of attack vector. > > My thinking is that while both Linux and Windows are currently only doing > the PTI/KernelVA shadowing for Intel, it will eventually be mandatory for > all architectures--for defense in depth if nothing else. > > -Original Message- > From: Hardware [mailto:hardware-boun...@lists.hardwaregroup.com] On > Behalf Of Brian Weeden > Sent: Friday, July 6, 2018 3:42 PM > To: hardware > Subject: Re: [H] Should I rebuild my machine now or wait until the next > gen of CPUs? > > Winter, that is exactly the situation I'm in and the question I'm asking. > I have not applied any patches to my system because a) they're only > partially effective and b) they have a performance hit. > > So I'm trying to see if it makes sense to upgrade to a new machine now, or > whether I should stick it out for another several months (year?) to see if > Intel or AMD rolls out something that actually fixes the underlying > problems. > > > > - > Brian > > > On Fri, Jul 6, 2018 at 4:38 PM, Winterlight > wrote: > > > This has been an interesting thread. So Greg the Ivy Bridge patch that > > you posted will be delivered by Windows 10 ...eventually... maybe? I > > am still running a P9X79 WS with my six core Ivy Bridge with Win10. > > InSpectre tells me Spectre is not protected and performance is slower. > > Just how much at risk am I. I figure I will never see a BIOS update.. > > ... or will I. The whole thing is a big mess, and I would imagine > > there are all sorts of class action law suites heading toward CPU and > motherboard manufactures. > > > > > > > > At 10:08 AM 7/6/2018, you wrote: > > > >> The chipset vulnerabilities were ugly, yes, but for their part AMD > >> did ensure they were resolved quickly despite the research firm not > >> following industry best-practices regarding vulnerability disclosure. > >> My bigger beef is that AMD would use ASSmedia (not a typo) at all, > >> given their fairly well-established track record of being roughly > equivalent to dog excrement. > >> I don't subscribe to the AMD Fanboy narrative that it was an Intel > >> hit-job, though. > >> > >> Intel's roadmap is a real mess right now. A sudden and surprisingly > >> competitive AMD portfolio coupled with severe yield and performance > >> issues with their ambitious 10nm process technology has painted them > >> into a corner with no good near-term options. So, they're going to > >> push their 14nm++ tech for another iteration, adding cores, to (try > >> to) re-establish clear superiority . Luckily for them, their 14++ is > actually really good. > >> > >> Greg > >> > >> -Original Message- > >> From: Hardware [mailto:hardware-boun...@lists.hardwaregroup.com] On > >> Behalf Of Brian Weeden > >> Sent: Friday, July 6, 2018 9:03 AM > >> To: hardware > >> Subject: Re: [H] Should I rebuild my machine now or wait until the > >> next gen of CPUs? > >> > >> Thanks, Greg. That pretty much aligns with my thought process on > >> this, so I guess it's good at least one other person is coming to the > >> same conclusions I am :) > >> > >> Didn't know about the Ivy Bridge patches - will look into that more. > >> But one of the reasons I haven't patched at all is that all the > >> mitigations for older chips like mine have had significant > >> performance penalties. And at this point that's a bigger issue for me > >> than the security, as I'm not really in that big of a threat > environment. > >> > >> But I plan to use whatever I buy for the next several years and it > >> would be good to get something that's not going to have major > >> structural vulnerabilities that will be problems that entire time. > >> > >> My major hangup with AMD is not the performance but rather the > >> massive vulnerabilities found in their Ryzen chipset, all because > >> they did a very poor job providing oversight of the company they > >> outsourced it to. That doesn't speak well of their commitment to > security in my mind. > >> > >> I had heard that Intel's 2018 lineup was delayed until next year as > >> they try and fix all this stuff, but maybe that was just for their > mobile chips? > >> > >> > >> > >> > >> - > >> Brian > >> > >> > >> On Fri, Jul 6, 2018 at 2:20 AM, Greg Sevart wrote: > >> > >> > Actually, your Ivy Bridge CPU had new microcode revision with > >> > additional Spectre defenses released just this
Re: [H] Should I rebuild my machine now or wait until the next gen of CPUs?
Thus far, AMD's story has been more compelling than Intel's. AMD is immune to meltdown, and is broadly speaking less vulnerable to the Sceptre variants. However, it would be naïve to believe that AMD is in the clear, as additional vulnerabilities are slowly coming out in this new and novel class of attack vector. My thinking is that while both Linux and Windows are currently only doing the PTI/KernelVA shadowing for Intel, it will eventually be mandatory for all architectures--for defense in depth if nothing else. -Original Message- From: Hardware [mailto:hardware-boun...@lists.hardwaregroup.com] On Behalf Of Brian Weeden Sent: Friday, July 6, 2018 3:42 PM To: hardware Subject: Re: [H] Should I rebuild my machine now or wait until the next gen of CPUs? Winter, that is exactly the situation I'm in and the question I'm asking. I have not applied any patches to my system because a) they're only partially effective and b) they have a performance hit. So I'm trying to see if it makes sense to upgrade to a new machine now, or whether I should stick it out for another several months (year?) to see if Intel or AMD rolls out something that actually fixes the underlying problems. - Brian On Fri, Jul 6, 2018 at 4:38 PM, Winterlight wrote: > This has been an interesting thread. So Greg the Ivy Bridge patch that > you posted will be delivered by Windows 10 ...eventually... maybe? I > am still running a P9X79 WS with my six core Ivy Bridge with Win10. > InSpectre tells me Spectre is not protected and performance is slower. > Just how much at risk am I. I figure I will never see a BIOS update.. > ... or will I. The whole thing is a big mess, and I would imagine > there are all sorts of class action law suites heading toward CPU and > motherboard manufactures. > > > > At 10:08 AM 7/6/2018, you wrote: > >> The chipset vulnerabilities were ugly, yes, but for their part AMD >> did ensure they were resolved quickly despite the research firm not >> following industry best-practices regarding vulnerability disclosure. >> My bigger beef is that AMD would use ASSmedia (not a typo) at all, >> given their fairly well-established track record of being roughly equivalent >> to dog excrement. >> I don't subscribe to the AMD Fanboy narrative that it was an Intel >> hit-job, though. >> >> Intel's roadmap is a real mess right now. A sudden and surprisingly >> competitive AMD portfolio coupled with severe yield and performance >> issues with their ambitious 10nm process technology has painted them >> into a corner with no good near-term options. So, they're going to >> push their 14nm++ tech for another iteration, adding cores, to (try >> to) re-establish clear superiority . Luckily for them, their 14++ is >> actually really good. >> >> Greg >> >> -Original Message- >> From: Hardware [mailto:hardware-boun...@lists.hardwaregroup.com] On >> Behalf Of Brian Weeden >> Sent: Friday, July 6, 2018 9:03 AM >> To: hardware >> Subject: Re: [H] Should I rebuild my machine now or wait until the >> next gen of CPUs? >> >> Thanks, Greg. That pretty much aligns with my thought process on >> this, so I guess it's good at least one other person is coming to the >> same conclusions I am :) >> >> Didn't know about the Ivy Bridge patches - will look into that more. >> But one of the reasons I haven't patched at all is that all the >> mitigations for older chips like mine have had significant >> performance penalties. And at this point that's a bigger issue for me >> than the security, as I'm not really in that big of a threat environment. >> >> But I plan to use whatever I buy for the next several years and it >> would be good to get something that's not going to have major >> structural vulnerabilities that will be problems that entire time. >> >> My major hangup with AMD is not the performance but rather the >> massive vulnerabilities found in their Ryzen chipset, all because >> they did a very poor job providing oversight of the company they >> outsourced it to. That doesn't speak well of their commitment to security in >> my mind. >> >> I had heard that Intel's 2018 lineup was delayed until next year as >> they try and fix all this stuff, but maybe that was just for their mobile >> chips? >> >> >> >> >> - >> Brian >> >> >> On Fri, Jul 6, 2018 at 2:20 AM, Greg Sevart wrote: >> >> > Actually, your Ivy Bridge CPU had new microcode revision with >> > additional Spectre defenses released just this past Monday. While >> > it's a long-shot for your motherboard manufacturer to release a new >> > FW update, it *is* likely to appear in an OS patch. CPU microcode >> > can and is loaded via multiple mechanisms, including during OS >> > early boot. On Windows, your options are a bit more limited as you >> > must wait for Microsoft to update their microcode patch. >> > >> > Microsoft's microcode patch information, which is ONLY available >> > for Windows 10 1709 (or
Re: [H] Should I rebuild my machine now or wait until the next gen of CPUs?
For meltdown, my feeling is that the risk is real. Code running in unprivileged user space can pull memory contents from anything, including the kernel. That's bad. It's not unauthenticated RCE bad, but it could make other RCE vulnerabilities worse. Spectre is a bit tougher. The CVSS (v3) is supposed to help better categorize risk, but frankly I'm not sure it really helps. The reality is that the risk is probably low...until it isn't. The most common attack vector for a typical client/user is via Javascript executing within browser, and most browsers now have incorporated strategies to mitigate the risk the best they can, mostly by decreasing timer precision. However, w.r.t. Spectre, risk reduction is about all we can hope for at this point. In my mind, the biggest danger is for cloud/multi-tenant service providers, especially those using virtualization (i.e., all). And I can virtually guarantee you that everybody on this distribution has data they would consider sensitive on one of these platforms, knowingly or not. Before I left my last job in January, where part of my role included vulnerability risk analysis with respect to the environments we operated, this was the largest risk we were tracking. It's unlikely we'll see BIOS updates incorporating the new microcode for boards as old as the X79, but my Sandy Bridge-E's CPUID (206D7) is included in the Microsoft patch I linked previously. -Original Message- From: Hardware [mailto:hardware-boun...@lists.hardwaregroup.com] On Behalf Of Winterlight Sent: Friday, July 6, 2018 3:38 PM To: hardw...@lists.hardwaregroup.com Subject: Re: [H] Should I rebuild my machine now or wait until the next gen of CPUs? This has been an interesting thread. So Greg the Ivy Bridge patch that you posted will be delivered by Windows 10 ...eventually... maybe? I am still running a P9X79 WS with my six core Ivy Bridge with Win10. InSpectre tells me Spectre is not protected and performance is slower. Just how much at risk am I. I figure I will never see a BIOS update.. ... or will I. The whole thing is a big mess, and I would imagine there are all sorts of class action law suites heading toward CPU and motherboard manufactures. At 10:08 AM 7/6/2018, you wrote: >The chipset vulnerabilities were ugly, yes, but for their part AMD >did ensure they were resolved quickly despite the research firm not >following industry best-practices regarding vulnerability >disclosure. My bigger beef is that AMD would use ASSmedia (not a >typo) at all, given their fairly well-established track record of >being roughly equivalent to dog excrement. I don't subscribe to the >AMD Fanboy narrative that it was an Intel hit-job, though. > >Intel's roadmap is a real mess right now. A sudden and surprisingly >competitive AMD portfolio coupled with severe yield and performance >issues with their ambitious 10nm process technology has painted them >into a corner with no good near-term options. So, they're going to >push their 14nm++ tech for another iteration, adding cores, to (try >to) re-establish clear superiority . Luckily for them, their 14++ is >actually really good. > >Greg > >-Original Message- >From: Hardware [mailto:hardware-boun...@lists.hardwaregroup.com] On >Behalf Of Brian Weeden >Sent: Friday, July 6, 2018 9:03 AM >To: hardware >Subject: Re: [H] Should I rebuild my machine now or wait until the >next gen of CPUs? > >Thanks, Greg. That pretty much aligns with my thought process on >this, so I guess it's good at least one other person is coming to >the same conclusions I am :) > >Didn't know about the Ivy Bridge patches - will look into that more. >But one of the reasons I haven't patched at all is that all the >mitigations for older chips like mine have had significant >performance penalties. And at this point that's a bigger issue for >me than the security, as I'm not really in that big of a threat environment. > >But I plan to use whatever I buy for the next several years and it >would be good to get something that's not going to have major >structural vulnerabilities that will be problems that entire time. > >My major hangup with AMD is not the performance but rather the >massive vulnerabilities found in their Ryzen chipset, all because >they did a very poor job providing oversight of the company they >outsourced it to. That doesn't speak well of their commitment to >security in my mind. > >I had heard that Intel's 2018 lineup was delayed until next year as >they try and fix all this stuff, but maybe that was just for their >mobile chips? > > > > >- >Brian > > >On Fri, Jul 6, 2018 at 2:20 AM, Greg Sevart wrote: > > > Actually, your Ivy Bridge CPU had new microcode revision with > > additional Spectre defenses released just this past Monday. While it's > > a long-shot for your motherboard manufacturer to release a new FW > > update, it *is* likely to appear in an OS patch. CPU microcode can and > > is loaded via multiple
[H] wifi issues
I use a Ubiquiti Airmax Pro for wifi. I have devices that refuse to connect to it. Newer AC devices connect and operate great but older N devices either don't even see it or connect to it poorly. I have updated drivers fully patched OS confirmed and re configured network settings countless times in an attempt to fix the problem, and yet they will not connect. For example My Nokia Windows 8 and10 phones connect great. A new Lenovo G 5 phone connects great but a Morotola G2 doesn't even see the AirMax when it is four feet away from the AirMax. The same G2 has no problem connecting to other routers and hotspots. A 10 year old ACER laptop has no problem connecting with windows 7 or 10 but I have two LIVA Xcomputers using onboard Realtek rtl8723BE wireless LAN 802.11n PCI-E NIC and they do not see the AirMax at all when they are ten feet away from it. I have a Lenovo Edge Thinkpad Centrini Wireless N-2230 running Win10 doesn't see the AirMax but has no problems connecting to other hotspots or my previous router. The only thing that seems to connect easily are a HP Spectra laptop, Samsung Tablet, Windows 10 phones and a Lenovo G5. Everything else does not see the AirMax or sometimes connects and then doesn't connect. I keep thinking it is a setup, firmware, or driver problem but I have exhausted that approach. Anybody see this kind of behavior before or know how to rectify it?
Re: [H] Should I rebuild my machine now or wait until the next gen of CPUs?
I can see getting a new laptop from Dell or the like, but a home made workstation? I wouldn't do it unless I was forced to. I would wait until all this is resolved. At 02:42 PM 7/6/2018, you wrote: Winter, that is exactly the situation I'm in and the question I'm asking. I have not applied any patches to my system because a) they're only partially effective and b) they have a performance hit. So I'm trying to see if it makes sense to upgrade to a new machine now, or whether I should stick it out for another several months (year?) to see if Intel or AMD rolls out something that actually fixes the underlying problems. - Brian On Fri, Jul 6, 2018 at 4:38 PM, Winterlight wrote: > This has been an interesting thread. So Greg the Ivy Bridge patch that you > posted will be delivered by Windows 10 ...eventually... maybe? I am still > running a P9X79 WS with my six core Ivy Bridge with Win10. InSpectre tells > me Spectre is not protected and performance is slower. Just how much at > risk am I. I figure I will never see a BIOS update.. ... or will I. The > whole thing is a big mess, and I would imagine there are all sorts of class > action law suites heading toward CPU and motherboard manufactures. > > > > At 10:08 AM 7/6/2018, you wrote: > >> The chipset vulnerabilities were ugly, yes, but for their part AMD did >> ensure they were resolved quickly despite the research firm not following >> industry best-practices regarding vulnerability disclosure. My bigger beef >> is that AMD would use ASSmedia (not a typo) at all, given their fairly >> well-established track record of being roughly equivalent to dog excrement. >> I don't subscribe to the AMD Fanboy narrative that it was an Intel hit-job, >> though. >> >> Intel's roadmap is a real mess right now. A sudden and surprisingly >> competitive AMD portfolio coupled with severe yield and performance issues >> with their ambitious 10nm process technology has painted them into a corner >> with no good near-term options. So, they're going to push their 14nm++ tech >> for another iteration, adding cores, to (try to) re-establish clear >> superiority . Luckily for them, their 14++ is actually really good. >> >> Greg >> >> -Original Message- >> From: Hardware [mailto:hardware-boun...@lists.hardwaregroup.com] On >> Behalf Of Brian Weeden >> Sent: Friday, July 6, 2018 9:03 AM >> To: hardware >> Subject: Re: [H] Should I rebuild my machine now or wait until the next >> gen of CPUs? >> >> Thanks, Greg. That pretty much aligns with my thought process on this, >> so I guess it's good at least one other person is coming to the same >> conclusions I am :) >> >> Didn't know about the Ivy Bridge patches - will look into that more. But >> one of the reasons I haven't patched at all is that all the mitigations for >> older chips like mine have had significant performance penalties. And at >> this point that's a bigger issue for me than the security, as I'm not >> really in that big of a threat environment. >> >> But I plan to use whatever I buy for the next several years and it would >> be good to get something that's not going to have major structural >> vulnerabilities that will be problems that entire time. >> >> My major hangup with AMD is not the performance but rather the massive >> vulnerabilities found in their Ryzen chipset, all because they did a very >> poor job providing oversight of the company they outsourced it to. That >> doesn't speak well of their commitment to security in my mind. >> >> I had heard that Intel's 2018 lineup was delayed until next year as they >> try and fix all this stuff, but maybe that was just for their mobile chips? >> >> >> >> >> - >> Brian >> >> >> On Fri, Jul 6, 2018 at 2:20 AM, Greg Sevart wrote: >> >> > Actually, your Ivy Bridge CPU had new microcode revision with >> > additional Spectre defenses released just this past Monday. While it's >> > a long-shot for your motherboard manufacturer to release a new FW >> > update, it *is* likely to appear in an OS patch. CPU microcode can and >> > is loaded via multiple mechanisms, including during OS early boot. On >> > Windows, your options are a bit more limited as you must wait for >> > Microsoft to update their microcode patch. >> > >> > Microsoft's microcode patch information, which is ONLY available for >> > Windows 10 1709 (or later?) can be found here: >> > https://support.microsoft.com/en-us/help/4090007/intel-microcode-updat >> > es >> > >> > It's something of a mess. As you may see, Ivy Bridge desktop CPUs are >> > not listed explicitly, but I've heard reports of the patch taking >> > effect on them anyway. Use a tool such as InSpectre or >> > Get-SpeculationControlSettings in the PowerShell Gallery to verify your >> status post-update. >> > >> > >> > With regard to an upgrade...hard to say. On the desktop side, with >> > Ryzen, AMD has finally released a product that is competitive. Broadly >> > speaking (i.e., on overall average), it is
Re: [H] Should I rebuild my machine now or wait until the next gen of CPUs?
Winter, that is exactly the situation I'm in and the question I'm asking. I have not applied any patches to my system because a) they're only partially effective and b) they have a performance hit. So I'm trying to see if it makes sense to upgrade to a new machine now, or whether I should stick it out for another several months (year?) to see if Intel or AMD rolls out something that actually fixes the underlying problems. - Brian On Fri, Jul 6, 2018 at 4:38 PM, Winterlight wrote: > This has been an interesting thread. So Greg the Ivy Bridge patch that you > posted will be delivered by Windows 10 ...eventually... maybe? I am still > running a P9X79 WS with my six core Ivy Bridge with Win10. InSpectre tells > me Spectre is not protected and performance is slower. Just how much at > risk am I. I figure I will never see a BIOS update.. ... or will I. The > whole thing is a big mess, and I would imagine there are all sorts of class > action law suites heading toward CPU and motherboard manufactures. > > > > At 10:08 AM 7/6/2018, you wrote: > >> The chipset vulnerabilities were ugly, yes, but for their part AMD did >> ensure they were resolved quickly despite the research firm not following >> industry best-practices regarding vulnerability disclosure. My bigger beef >> is that AMD would use ASSmedia (not a typo) at all, given their fairly >> well-established track record of being roughly equivalent to dog excrement. >> I don't subscribe to the AMD Fanboy narrative that it was an Intel hit-job, >> though. >> >> Intel's roadmap is a real mess right now. A sudden and surprisingly >> competitive AMD portfolio coupled with severe yield and performance issues >> with their ambitious 10nm process technology has painted them into a corner >> with no good near-term options. So, they're going to push their 14nm++ tech >> for another iteration, adding cores, to (try to) re-establish clear >> superiority . Luckily for them, their 14++ is actually really good. >> >> Greg >> >> -Original Message- >> From: Hardware [mailto:hardware-boun...@lists.hardwaregroup.com] On >> Behalf Of Brian Weeden >> Sent: Friday, July 6, 2018 9:03 AM >> To: hardware >> Subject: Re: [H] Should I rebuild my machine now or wait until the next >> gen of CPUs? >> >> Thanks, Greg. That pretty much aligns with my thought process on this, >> so I guess it's good at least one other person is coming to the same >> conclusions I am :) >> >> Didn't know about the Ivy Bridge patches - will look into that more. But >> one of the reasons I haven't patched at all is that all the mitigations for >> older chips like mine have had significant performance penalties. And at >> this point that's a bigger issue for me than the security, as I'm not >> really in that big of a threat environment. >> >> But I plan to use whatever I buy for the next several years and it would >> be good to get something that's not going to have major structural >> vulnerabilities that will be problems that entire time. >> >> My major hangup with AMD is not the performance but rather the massive >> vulnerabilities found in their Ryzen chipset, all because they did a very >> poor job providing oversight of the company they outsourced it to. That >> doesn't speak well of their commitment to security in my mind. >> >> I had heard that Intel's 2018 lineup was delayed until next year as they >> try and fix all this stuff, but maybe that was just for their mobile chips? >> >> >> >> >> - >> Brian >> >> >> On Fri, Jul 6, 2018 at 2:20 AM, Greg Sevart wrote: >> >> > Actually, your Ivy Bridge CPU had new microcode revision with >> > additional Spectre defenses released just this past Monday. While it's >> > a long-shot for your motherboard manufacturer to release a new FW >> > update, it *is* likely to appear in an OS patch. CPU microcode can and >> > is loaded via multiple mechanisms, including during OS early boot. On >> > Windows, your options are a bit more limited as you must wait for >> > Microsoft to update their microcode patch. >> > >> > Microsoft's microcode patch information, which is ONLY available for >> > Windows 10 1709 (or later?) can be found here: >> > https://support.microsoft.com/en-us/help/4090007/intel-microcode-updat >> > es >> > >> > It's something of a mess. As you may see, Ivy Bridge desktop CPUs are >> > not listed explicitly, but I've heard reports of the patch taking >> > effect on them anyway. Use a tool such as InSpectre or >> > Get-SpeculationControlSettings in the PowerShell Gallery to verify your >> status post-update. >> > >> > >> > With regard to an upgrade...hard to say. On the desktop side, with >> > Ryzen, AMD has finally released a product that is competitive. Broadly >> > speaking (i.e., on overall average), it is not clearly superior >> > despite higher core counts, but very competitive and hence a viable >> > option to Intel's Coffee Lake SKUs. If you're interested in HEDT, >> > that's a bit harder to answer...for highly
Re: [H] Should I rebuild my machine now or wait until the next gen of CPUs?
This has been an interesting thread. So Greg the Ivy Bridge patch that you posted will be delivered by Windows 10 ...eventually... maybe? I am still running a P9X79 WS with my six core Ivy Bridge with Win10. InSpectre tells me Spectre is not protected and performance is slower. Just how much at risk am I. I figure I will never see a BIOS update.. ... or will I. The whole thing is a big mess, and I would imagine there are all sorts of class action law suites heading toward CPU and motherboard manufactures. At 10:08 AM 7/6/2018, you wrote: The chipset vulnerabilities were ugly, yes, but for their part AMD did ensure they were resolved quickly despite the research firm not following industry best-practices regarding vulnerability disclosure. My bigger beef is that AMD would use ASSmedia (not a typo) at all, given their fairly well-established track record of being roughly equivalent to dog excrement. I don't subscribe to the AMD Fanboy narrative that it was an Intel hit-job, though. Intel's roadmap is a real mess right now. A sudden and surprisingly competitive AMD portfolio coupled with severe yield and performance issues with their ambitious 10nm process technology has painted them into a corner with no good near-term options. So, they're going to push their 14nm++ tech for another iteration, adding cores, to (try to) re-establish clear superiority . Luckily for them, their 14++ is actually really good. Greg -Original Message- From: Hardware [mailto:hardware-boun...@lists.hardwaregroup.com] On Behalf Of Brian Weeden Sent: Friday, July 6, 2018 9:03 AM To: hardware Subject: Re: [H] Should I rebuild my machine now or wait until the next gen of CPUs? Thanks, Greg. That pretty much aligns with my thought process on this, so I guess it's good at least one other person is coming to the same conclusions I am :) Didn't know about the Ivy Bridge patches - will look into that more. But one of the reasons I haven't patched at all is that all the mitigations for older chips like mine have had significant performance penalties. And at this point that's a bigger issue for me than the security, as I'm not really in that big of a threat environment. But I plan to use whatever I buy for the next several years and it would be good to get something that's not going to have major structural vulnerabilities that will be problems that entire time. My major hangup with AMD is not the performance but rather the massive vulnerabilities found in their Ryzen chipset, all because they did a very poor job providing oversight of the company they outsourced it to. That doesn't speak well of their commitment to security in my mind. I had heard that Intel's 2018 lineup was delayed until next year as they try and fix all this stuff, but maybe that was just for their mobile chips? - Brian On Fri, Jul 6, 2018 at 2:20 AM, Greg Sevart wrote: > Actually, your Ivy Bridge CPU had new microcode revision with > additional Spectre defenses released just this past Monday. While it's > a long-shot for your motherboard manufacturer to release a new FW > update, it *is* likely to appear in an OS patch. CPU microcode can and > is loaded via multiple mechanisms, including during OS early boot. On > Windows, your options are a bit more limited as you must wait for > Microsoft to update their microcode patch. > > Microsoft's microcode patch information, which is ONLY available for > Windows 10 1709 (or later?) can be found here: > https://support.microsoft.com/en-us/help/4090007/intel-microcode-updat > es > > It's something of a mess. As you may see, Ivy Bridge desktop CPUs are > not listed explicitly, but I've heard reports of the patch taking > effect on them anyway. Use a tool such as InSpectre or > Get-SpeculationControlSettings in the PowerShell Gallery to verify your status post-update. > > > With regard to an upgrade...hard to say. On the desktop side, with > Ryzen, AMD has finally released a product that is competitive. Broadly > speaking (i.e., on overall average), it is not clearly superior > despite higher core counts, but very competitive and hence a viable > option to Intel's Coffee Lake SKUs. If you're interested in HEDT, > that's a bit harder to answer...for highly threaded workloads, the > Threadripper/X399 platform wins on both performance and price (despite > the dumb name and attempt to usurp Intel's existing platform naming > scheme), but if single-threaded performance is more important, Skylake-X/X299 is still the better bet. > > CPUs with integrated defenses to the various Spectre variants are > expected near the end of the year. As it stands now, performance wise, > Intel's silicon is more negatively impacted via existing mitigations, > but not enough to make a meaningful difference in *most* client > workloads for current silicon. Older CPUs (such as your Ivy) that do > not support INVPCID are especially hurt by Meltdown's mitigation. > Fundamentally,
Re: [H] Should I rebuild my machine now or wait until the next gen of CPUs?
The chipset vulnerabilities were ugly, yes, but for their part AMD did ensure they were resolved quickly despite the research firm not following industry best-practices regarding vulnerability disclosure. My bigger beef is that AMD would use ASSmedia (not a typo) at all, given their fairly well-established track record of being roughly equivalent to dog excrement. I don't subscribe to the AMD Fanboy narrative that it was an Intel hit-job, though. Intel's roadmap is a real mess right now. A sudden and surprisingly competitive AMD portfolio coupled with severe yield and performance issues with their ambitious 10nm process technology has painted them into a corner with no good near-term options. So, they're going to push their 14nm++ tech for another iteration, adding cores, to (try to) re-establish clear superiority . Luckily for them, their 14++ is actually really good. Greg -Original Message- From: Hardware [mailto:hardware-boun...@lists.hardwaregroup.com] On Behalf Of Brian Weeden Sent: Friday, July 6, 2018 9:03 AM To: hardware Subject: Re: [H] Should I rebuild my machine now or wait until the next gen of CPUs? Thanks, Greg. That pretty much aligns with my thought process on this, so I guess it's good at least one other person is coming to the same conclusions I am :) Didn't know about the Ivy Bridge patches - will look into that more. But one of the reasons I haven't patched at all is that all the mitigations for older chips like mine have had significant performance penalties. And at this point that's a bigger issue for me than the security, as I'm not really in that big of a threat environment. But I plan to use whatever I buy for the next several years and it would be good to get something that's not going to have major structural vulnerabilities that will be problems that entire time. My major hangup with AMD is not the performance but rather the massive vulnerabilities found in their Ryzen chipset, all because they did a very poor job providing oversight of the company they outsourced it to. That doesn't speak well of their commitment to security in my mind. I had heard that Intel's 2018 lineup was delayed until next year as they try and fix all this stuff, but maybe that was just for their mobile chips? - Brian On Fri, Jul 6, 2018 at 2:20 AM, Greg Sevart wrote: > Actually, your Ivy Bridge CPU had new microcode revision with > additional Spectre defenses released just this past Monday. While it's > a long-shot for your motherboard manufacturer to release a new FW > update, it *is* likely to appear in an OS patch. CPU microcode can and > is loaded via multiple mechanisms, including during OS early boot. On > Windows, your options are a bit more limited as you must wait for > Microsoft to update their microcode patch. > > Microsoft's microcode patch information, which is ONLY available for > Windows 10 1709 (or later?) can be found here: > https://support.microsoft.com/en-us/help/4090007/intel-microcode-updat > es > > It's something of a mess. As you may see, Ivy Bridge desktop CPUs are > not listed explicitly, but I've heard reports of the patch taking > effect on them anyway. Use a tool such as InSpectre or > Get-SpeculationControlSettings in the PowerShell Gallery to verify your > status post-update. > > > With regard to an upgrade...hard to say. On the desktop side, with > Ryzen, AMD has finally released a product that is competitive. Broadly > speaking (i.e., on overall average), it is not clearly superior > despite higher core counts, but very competitive and hence a viable > option to Intel's Coffee Lake SKUs. If you're interested in HEDT, > that's a bit harder to answer...for highly threaded workloads, the > Threadripper/X399 platform wins on both performance and price (despite > the dumb name and attempt to usurp Intel's existing platform naming > scheme), but if single-threaded performance is more important, Skylake-X/X299 > is still the better bet. > > CPUs with integrated defenses to the various Spectre variants are > expected near the end of the year. As it stands now, performance wise, > Intel's silicon is more negatively impacted via existing mitigations, > but not enough to make a meaningful difference in *most* client > workloads for current silicon. Older CPUs (such as your Ivy) that do > not support INVPCID are especially hurt by Meltdown's mitigation. > Fundamentally, I don't think either one is substantially more secure if your > mitigations are current. > While we've already seen some since the initial 3 CVEs were announced, > it's widely expected that more vulnerabilities will be discovered in > the coming months and years as this new and novel class of attack vector is > researched. > > Major items rumored to be coming soon-ish: > Intel desktop: Widely expected to have a new 8-core mainstream chip > out sometime later this year. > Intel HEDT: Cascade Lake-X expected in Q4, up to 28C,
Re: [H] Should I rebuild my machine now or wait until the next gen of CPUs?
Thanks, Greg. That pretty much aligns with my thought process on this, so I guess it's good at least one other person is coming to the same conclusions I am :) Didn't know about the Ivy Bridge patches - will look into that more. But one of the reasons I haven't patched at all is that all the mitigations for older chips like mine have had significant performance penalties. And at this point that's a bigger issue for me than the security, as I'm not really in that big of a threat environment. But I plan to use whatever I buy for the next several years and it would be good to get something that's not going to have major structural vulnerabilities that will be problems that entire time. My major hangup with AMD is not the performance but rather the massive vulnerabilities found in their Ryzen chipset, all because they did a very poor job providing oversight of the company they outsourced it to. That doesn't speak well of their commitment to security in my mind. I had heard that Intel's 2018 lineup was delayed until next year as they try and fix all this stuff, but maybe that was just for their mobile chips? - Brian On Fri, Jul 6, 2018 at 2:20 AM, Greg Sevart wrote: > Actually, your Ivy Bridge CPU had new microcode revision with additional > Spectre defenses released just this past Monday. While it's a long-shot for > your motherboard manufacturer to release a new FW update, it *is* likely to > appear in an OS patch. CPU microcode can and is loaded via multiple > mechanisms, including during OS early boot. On Windows, your options are a > bit more limited as you must wait for Microsoft to update their microcode > patch. > > Microsoft's microcode patch information, which is ONLY available for > Windows 10 1709 (or later?) can be found here: > https://support.microsoft.com/en-us/help/4090007/intel-microcode-updates > > It's something of a mess. As you may see, Ivy Bridge desktop CPUs are not > listed explicitly, but I've heard reports of the patch taking effect on > them anyway. Use a tool such as InSpectre or Get-SpeculationControlSettings > in the PowerShell Gallery to verify your status post-update. > > > With regard to an upgrade...hard to say. On the desktop side, with Ryzen, > AMD has finally released a product that is competitive. Broadly speaking > (i.e., on overall average), it is not clearly superior despite higher core > counts, but very competitive and hence a viable option to Intel's Coffee > Lake SKUs. If you're interested in HEDT, that's a bit harder to > answer...for highly threaded workloads, the Threadripper/X399 platform wins > on both performance and price (despite the dumb name and attempt to usurp > Intel's existing platform naming scheme), but if single-threaded > performance is more important, Skylake-X/X299 is still the better bet. > > CPUs with integrated defenses to the various Spectre variants are expected > near the end of the year. As it stands now, performance wise, Intel's > silicon is more negatively impacted via existing mitigations, but not > enough to make a meaningful difference in *most* client workloads for > current silicon. Older CPUs (such as your Ivy) that do not support INVPCID > are especially hurt by Meltdown's mitigation. Fundamentally, I don't think > either one is substantially more secure if your mitigations are current. > While we've already seen some since the initial 3 CVEs were announced, it's > widely expected that more vulnerabilities will be discovered in the coming > months and years as this new and novel class of attack vector is researched. > > Major items rumored to be coming soon-ish: > Intel desktop: Widely expected to have a new 8-core mainstream chip out > sometime later this year. > Intel HEDT: Cascade Lake-X expected in Q4, up to 28C, though the series > may span sockets. Maybe a 22C interim offering? > AMD Desktop: Zen+ 2000-series just released offering minor improvements, > Zen 2 expected next year > AMD HEDT: Zen+ refresh of Threadripper expected soon, up to 32C. > > > My personal take: I'd buy Intel for intensive, lightly-threaded workloads, > and AMD for intensive, heavily-threaded workloads. Anything not intensive > isn't going to be different enough to matter, so go with whatever floats > your boat and/or wallet. > > Greg > > -Original Message- > From: Hardware [mailto:hardware-boun...@lists.hardwaregroup.com] On > Behalf Of Brian Weeden > Sent: Thursday, July 5, 2018 9:45 PM > To: hwg > Subject: [H] Should I rebuild my machine now or wait until the next gen of > CPUs? > > Currently running a core i5-3750K with 32GB of RAM on my main machine, > which I use for both work and gaming. > > Been looking to replace it for several months now, but have held off in > part because of all the vulnerabilities that keep turning up in modern CPUs > (Meltdown, Spectre, and all their variants). The thing is, my existing CPU > is old enough that it doesn't support any of the mitigations, so I'm > actually less secure now than
Re: [H] Should I rebuild my machine now or wait until the next gen of CPUs?
Actually, your Ivy Bridge CPU had new microcode revision with additional Spectre defenses released just this past Monday. While it's a long-shot for your motherboard manufacturer to release a new FW update, it *is* likely to appear in an OS patch. CPU microcode can and is loaded via multiple mechanisms, including during OS early boot. On Windows, your options are a bit more limited as you must wait for Microsoft to update their microcode patch. Microsoft's microcode patch information, which is ONLY available for Windows 10 1709 (or later?) can be found here: https://support.microsoft.com/en-us/help/4090007/intel-microcode-updates It's something of a mess. As you may see, Ivy Bridge desktop CPUs are not listed explicitly, but I've heard reports of the patch taking effect on them anyway. Use a tool such as InSpectre or Get-SpeculationControlSettings in the PowerShell Gallery to verify your status post-update. With regard to an upgrade...hard to say. On the desktop side, with Ryzen, AMD has finally released a product that is competitive. Broadly speaking (i.e., on overall average), it is not clearly superior despite higher core counts, but very competitive and hence a viable option to Intel's Coffee Lake SKUs. If you're interested in HEDT, that's a bit harder to answer...for highly threaded workloads, the Threadripper/X399 platform wins on both performance and price (despite the dumb name and attempt to usurp Intel's existing platform naming scheme), but if single-threaded performance is more important, Skylake-X/X299 is still the better bet. CPUs with integrated defenses to the various Spectre variants are expected near the end of the year. As it stands now, performance wise, Intel's silicon is more negatively impacted via existing mitigations, but not enough to make a meaningful difference in *most* client workloads for current silicon. Older CPUs (such as your Ivy) that do not support INVPCID are especially hurt by Meltdown's mitigation. Fundamentally, I don't think either one is substantially more secure if your mitigations are current. While we've already seen some since the initial 3 CVEs were announced, it's widely expected that more vulnerabilities will be discovered in the coming months and years as this new and novel class of attack vector is researched. Major items rumored to be coming soon-ish: Intel desktop: Widely expected to have a new 8-core mainstream chip out sometime later this year. Intel HEDT: Cascade Lake-X expected in Q4, up to 28C, though the series may span sockets. Maybe a 22C interim offering? AMD Desktop: Zen+ 2000-series just released offering minor improvements, Zen 2 expected next year AMD HEDT: Zen+ refresh of Threadripper expected soon, up to 32C. My personal take: I'd buy Intel for intensive, lightly-threaded workloads, and AMD for intensive, heavily-threaded workloads. Anything not intensive isn't going to be different enough to matter, so go with whatever floats your boat and/or wallet. Greg -Original Message- From: Hardware [mailto:hardware-boun...@lists.hardwaregroup.com] On Behalf Of Brian Weeden Sent: Thursday, July 5, 2018 9:45 PM To: hwg Subject: [H] Should I rebuild my machine now or wait until the next gen of CPUs? Currently running a core i5-3750K with 32GB of RAM on my main machine, which I use for both work and gaming. Been looking to replace it for several months now, but have held off in part because of all the vulnerabilities that keep turning up in modern CPUs (Meltdown, Spectre, and all their variants). The thing is, my existing CPU is old enough that it doesn't support any of the mitigations, so I'm actually less secure now than if I bought a new CPU that at least had mitigations against the vulns (even if the new CPUs that actually fix them are 6-12 months away). So first question is, is the time right to go do this now? Second question is, Intel or AMD? Is one better off than the other from a security standpoint that's worth taking into consideration? - Brian
