Meltdown & Spectre - The Worst CPU Bug Ever?
HTML-код
- Опубликовано: 16 сен 2024
- Meltdown and Spectre present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. Unfortunately this affects every intel CPU since 1995 and the fix will slow windows down by as much as 30%. AMD processors won't require this fix thankfully, but many pieces of software are in the process of being patched to fix this.
googleprojectz...
That was a much better explanation than the other's I'd read and heard so far.
And sadly it is wrong in several key details.
Mind informing us what those might be, then?
That was a much better explanation than any of the IT/tech channels I follow, and I follow quite a few...
How could the kernel let this happen? He should be demoted.
He should be investigated for treason, letting an enemy inside Fort Ceepeeyou
This is the best comment I've read today.
The Kernel's rank will be dropped 17-30% lower than it's current position. He get's to keep his title though.
All of you are clever, but this is a serious issue. Can you imagine how bad this execution bug is? It could leak the information of millions!
HOGAN!
Thanks for the write up. As a developer who runs a lot of VMs and databases I'm unfortunately in the large slowdown camp :( Additionally just spent all of yesterday afternoon dealing with Microsoft rebooting literally every Azure VM with no warning to apply the fix...
Remember that both the hypervisor and the VM OS need to be updated.
Daniel Sullivan there was an advisory that they was going to be updating (you need to update your is inside the vm box as well)
lee x Yep, the advisory was for the 10th of January. Unfortunately because The Register leaked it sooner, Microsoft panicked and started rebooting yesterday with no notice. azure.microsoft.com/en-us/blog/securing-azure-customers-from-cpu-vulnerability/
aaaah that what the emergency maintenance was about!
Aa, so that was the deal with the dates. Oh well.
When learning about (RISC -> CISC pipelining & memory protection & caches) back at the University long ago, I've been always wondering how these three manage to properly combine.
Ok. Well. They do not properly combine =)
How that is relevant though?
First rule of CPU silicone design. If a school kid calls it "funky", it's a bad design! D:
TechyBen
He said fucky.
TechyBen lol you said silicone
It's like mechanical design has been rumored to be good only if the 4 year old "tested" the thing and the thing still works. Probably software should be tested by new guys as well
oh, the millennium bug just turned 18 and now its got an attitude, a bad case of acne and still cant get a girl, but now it gets to vote too, there is hope after all :)
There is this bug dubbed "Y10K," and it happens when the time reaches the year 10,000. It massively impacts your computer's performance.
Please, do more videos about computers. Maybe start a sires like you did with nuclear weapons
Matvey Regentov Yes please, it was very infornative.
Do you just decide to record this video in some random public place? Now that's dedication.
I stayed up late playing boardgames instead of making videos, recorded this on the way to work.
This was by far the most understandable explanation of the bug I've seen. Thanks for taking the time to teach us about it, Scott.
This is why we can't have nice things
Barry!
Yup all thanks to assholes that can't be decent people instead of giant storage silos full of shit.
or to "scientists" who, as of late, don't have better things to do than....this....search for black holes in the cpus....
peaks of human civilization!
What's really frustrating is Intel's response to all this. Trying to down play or divert attention, rather than coming clean and being open about it.
Maxx B I think it was more trying to get information out to developers and keep the bug suppressed so people didn't exploit it
Yes, that's standard operating procedure.
I think Linus Torvalds response to all this was spot on.
Intel's CEO sold close to $40 million of his stock in the company after researchers notified Intel of the attack. Slimy.
Maxx B the CEO of intel filed a request to sell off his stock after he found out about this, then he waited to let the information known till his selling of stock was OKed by the FCC, so he was legal.
He sold off every stock he could get away with and still be the CEO.
Insider trading at its best.
Now if the stock crashes he can then buy back his stock at pennies on the dollar and as the stock gains value again he gets to get much wealthier.
Someone needs to go to jail.
We AMD owners shouldn't rejoice TOO much. It's not just about the CPU YOU own, it's also about the CPUs of people whose services you use.
Think of all the places who process your money and purchases you make. Makes you wish they still ran Sun Sparc systems.
Welcome to 2018. :-D
well this issue existed way before now
dandude720 Yes.lol😂😂
But what we really want to know...is MechJeb vulnerable?
UTubeRangerBob No, but kOS might be :)
Scott you are awesome man you approach scientific material in a cool manner
I bet the folks over at AMD are breaking out the champagne.
This also affects AMD CPUs
Spectre does affect AMD CPUs, but as far as we know Meltdown does not. Scott touched on this in the description.
Yes Spectre does, but it's easily fixed and AMD says their processors won't lose any computing power.
According to AMD though, because they don't label their mapping addresses, it's virtually impossible to successfully exploit as it is like, in their words, trying to win the lottery while being blind. You might win, but being blind you can't even check to see if you won the lottery.
uzza2
Dude, there will be benchmarks and you will see.
thank you for doing a video on this i have an Intel CPU and heard about this problem but had no idea where to learn more about it.
There is a dedicated web site: spectreattack (in com domain). It explains the attacks in a clear manner, go check it :) (If you trust me, and it doesn't contain a malicious JavaScript, that dumps all your system memory )))))) )
its looks like i'm in my processor architecture class again
I hope you paid attention, there will be a test.
Much love to the Linux kernel team for that acronym. Glad I'm running Linux on an AMD CPU.
Thanks for the straight forward explanation.
Scott, I used your discussion as a reference for my post-grad work on Cybersecurity. Your simple explanation is just enough to entice the reader to do more research. Well done!
I still disappointed that Linus didn't choose the name FUCKWIT (Forcefully Unmap Complete Kernel With Interrupt Trampolines) instead of KPTI (Kernel Page Table Isolation)...
[1] lkml.org/lkml/2017/12/4/709
[2] lkml.org/lkml/2017/12/4/758
"now i noramlly talk about rockets..". I actually thought something like that when i saw the thumbnail xD. Nice to see you branch out.
Can we have Scott Manley and Tom Scott in one video taking about this?! Would be awesome! :D
TechyBen tom scott with scott manely. This needs to happen...
Scott and Scott, in Scotland, with a skosh of scotch, discussing Spectre.
They could also discuss Thomas Mann..?
Nice brief explanation for those with mostly IT yet light programming backgrounds.
Yes! My 486DX2/66 is unaffected!
Anonymous Freak no branch prediction on that pre-wilmatte silicon?
But I can still use my Atom netbook and my Itanium server - yes!
You could add a protection card in your ISA slot to be sure, dont forget to install the floppy disk driver on your MS DOS 6.22 (you may have to edit config.sys and autoexec.bat).
Whaaaat? MSDOS 6.22 handles the floppy without drivers :P that is done through the BIOS :) sector read / write and commands are built in into the bios's disk tools
CD driver needed to be installed and then loaded through config.sys (and run some autoexec.bat lines depending on your CD software provider)
The remember game:
what hardware was (mainly) accessible through interrupt &h33 ? (under DOS) :)
Thank you for actually giving a basic rundown of how these bugs work and not just saying "meltdown and spectre" 700 times with no information on what the problem actually is.
Oh, so hackers can use the difference in timing in a confirmed or rejected speculative process to determine what data is in kernel memory. Wish one of the other 8 million folks covering this could have said as much. I mean I understand it's more complex than that, but it's a good enough idea of what's going on for me.
So my previously "overkill" i7 processor might be the new gaming norm, not because of CPU intensive games, but because of a bug?
I think AMD processors might become the gaming norm.
There are no big changes in gaming performance, not even 2%. No idea for multiplayer where you need to call the network stack a lot
Franco Minucci Thanks for the info
Alternativley they will be selling high performance chips that are unsecure specifically for gaming.
It's difficult to concentrate on your highly informative video with Paul Simon's Late in the Evening playing in the background 😉
To put all of this simply:
Meltdown doesn't affect AMD, and there're two versions of Spectre and only one of which affects AMD, while all three things affect Intel.
Meltdown is the most severe because it affects the entire system and not just applications like Spectre.
Meltdown isn't remotely accessible, but Spectre is.
The Meltdown fix only affects systems which do lots of context switching like servers with multiple virtual machines, but if your system does things with low context switching like productivity and gaming you're fine.
This is why this is mainly big news for servers and data centres, and not so much the desktop PC space.
I work in CPU verification, but hadn’t heard the details yet (not 100% back from holiday yet!). So, excellent info; thanks, Scott!
Poor Intel.
*laughs maniacally*
This also applies to AMD, just as bad as Intel.
Meltdown only applies to Intel and is going to cause serious slowdown in some applications. Billion dollar lawsuits coming Intel's way.
Spectre can also target AMD but it's fixable without performance degradation according to AMD.
Molo900 "according to AMD"
And the authors that first described Spectre and Kaiser said what? Oh right - it can not be fixed in software without serious performance degradation and needs a complete redesign of all modern CPUs.
Where as meltDown has already gotten a HotFix that has nearly no impact on performance.
But guess i will just have to wait and then laugh when the FanBoys finally realise that the security-bug for Intel is not even close to as problematic than the one hitting everybody - including AMD :P
@Molo900
"Billion dollar lawsuits coming Intel's way."
Those lawsuits would be rejected anyway.
Awesome Explanation !! Thank you
Throw the dice; You got a 4.
Move forward 4 steps.
What's that? Looks like you landed on a random event! Let's see what you'll get:
"A new potential class of computer viruses has been discovered; For the sake of protection,
all of your future system calls will take 30% longer to execute.
Alternatively, if you previously landed on the event 'deprecated dependencies lock-in',
throw a dice every round. Each time the dice shows a six, add another 'HACKED!' marker to your player card."
I would play this game
Totally would be a fun game that would make me lose most of my friends.
HAAAAAAX!
I am still coming to grips with how huge this is. As a computer science guy, I never really got much into microcode and CPU design, part of me is almost wishing I did now :D. I was reading over the papers you referenced in this and it is slightly above my head these days. It does seem like even though Intel is taking all the heat cause of being more explicitly at risk of the Meltdown prof of concept, but Spectre might actually end up being far worse because it is more generalized and attacks virtulization layers (and isn't really patchable), a backbone of those that AWS all the live long day! I dunno, all a little above me so all I can do is keep patching all the things and hope for the best. Like you said, super entertaining if the entirety of commuting wasn't at risk of exposing all our laundry!
I generally try to stay away from the AMD vs Intel fanboyism, but damn if I've ever been this proud to own a Ryzen.
Doesn't protect you from Spectre. Spectre affects Intel, AMD and ARM.
I think if somebody got physical hold on my machine to exploit Spectre, I'd be more concerned somebody broke into my home...
+Diomepa
Why do you think someone needs to break into your house and sit in front of your computer to abuse Spectre? Spectre can even be effectively used via JavaScript, there is no need to physically sit in front of a targeted PC.
Because the variant of specte you are talking has not be demostraded on AMD yet. The one where you have physical access admittedly works.
And even if I am wrong, a patch would possibly slow all CPUs equally bad. So you don't end up paying few hundreds more for that 5% boost which is then patched away, while the competing chip stays as fast as it was...
Also I do have both Intel and AMD machine, it's just that AMD seems the much better buy right now
You can't patch Spectre. You are literally stuck with this security hole that can read everything in you do with either chip. Meltdown is just a special case of Spectre that can be patched. The only solution is to buy a new CPU and there are none available that are fixed. CS guys get excited when the kernel mem is leaked, but your bank details where never in the kernel memory and methinks that is what a hacker wants.
Great video Scott, I'm not very initiated with this depth in CPUs and processes, the pace was perfect.
You could have gone into a full explanation of Spectre too and I would have watched it all.
Fascinating stuff!
RIP my 4790K ive been hunkered down with thinking it would last 10 years.
It is fine. If you look at benchmarks of Windows Preview Build 17063 which includes the fix there is at most a 3% CPU slowdown and only on programs that are highly CPU bound. Most programs see no appreciable difference in performance. The whole 30% thing is fear mongering at its worst.
How am I supposed to justify new computer parts now?
StormInABag justify it because although meltdown is patchable spectre is not
Only for some specific programs will the performance be that bad. Newer software has a trend of bypassing even the kernel, like the new Vulkan graphics API which is essentially a bare metal API. Programs have been trying to escape from the bloated management of operating systems for a while now, so I seriously doubt the 30% degradation claim.
StormInABag well it’s not as bad as the i5 2500k which I most likely will have to replace its lasted since 2011 and I just bought a psu to replace the original power supply R.I.P I5 2500k we will away remember thou and sandy bridge in general.
If you read up on the literature on Meltdown and previous research on it, it seems like only Intel processors with TSX are affected currently. TSX seemingly allows you to trap illegal memory access and gain very granular timing on access timing in userspace.
I tried modifying a meltdown poc from github to use signal traps and sigsetjmp on a intel cpu without TSX and only got random data out of it, but I only spent a few ours over two days on looking at the papers and the code. (Also I don't know if the meltdown poc actually works as I don't have a intel cpu with tsx)
The origin of meltdown seems to be DrK: Breaking Kernel Address Space Layout Randomization with Intel TSX, and the new research that resulted in Spectre (and meltdown). The DrK is a very good primer on Meltdown (if you understand basic computer architecture)
P.S. I understand why it works, but I have no idea how it infers the data itself.
Why the question mark?
Because Heartbleed was also really bad.
ShadowZone weil er nicht in die Zukunft sehen kann.
He might not be able to see into the future, but "ever" can be replaced by "to date" in this context. I'd reply in German, but I'm not confident enough in my ability :)
Question marks at the end of the title is the hallmark of clickbait, along with all-caps and "top *whatever*".
@MrMonster860 Except it's really 'this or one other option' so the question mark is appropriate (rather than having nothing to do with the previous statement and the question mark somehow making that better) and there's no all-caps.
Thanks for this. Your title says it all and yet I see Intel's share price dipped just a few percent. So virtually everything they have made since 1995 is now useless. Amazing no one seems to care. What I don't believe is that the designers didn't know what they were doing when they prioritised pre-loading over bounds-checking. I guess they figured that us software types would be too stupid to figure out their dirty little secret. Well for 23 years they were right. What a mess.
dat feel when you recently bought an intel cpu
FeelsBadMan
FunBotan I paid out of my nose for a 5930k for faster rendering times and now that is all for nothing. I am so god damn pissed.
You'll be happy to hear that video rendering, and similar tasks don't make many Kernel calls, and have shown minimal effects from the patches. Most games are within the margin of error on frame rates, so not much issue. I imagine Minecraft will be an exception to that, since Minecraft Server runs on a Java Virtual Machine environment. New Direct X games are in an unknown state too. The thing that noticeably hurts most is any software that uses virtual machine environments and kernel calls. Databases, web services, driver access... Those things are gonna get hit hardest.
richfiles that's good I regularly make very CPU intensive 3d renders. I would hate to have to buy a new computer for over 1000 dollars again to get acceptable render times. So I really hope you are correct and that the impact is negligible.
I got my new PC three weeks ago. xD
Thanks, Scott.
With the information you gave me, I now know how to access your secret settings for your SpaceX Falcon Heavy simulation in KSP!
**Starts to send "targeted advertisements" to Scott's computer**
What do I do??? Do I wait and grab an Intel processor since the price is going to be potato cheap or do I buy an AMD as soon as possible before it costs diamonds??? If AMD is the way to go, what type of high end AMD processor would go well with a GTX 1070/1080 and a respectively compatible MOBO??
buy ryzen 5 or up
Don't be deterred by the current performance hits on Intel. These initial fixes are unrefined, and the performance will return in near future updates. I don't notice any change with my 7700k so far, my benchmarks and gaming performance is identical.
I thought the names in the Meltdown paper looked familiar and I just realized that they are running the security class I'm taking this semester.
I guess I'm in good hands.
it's a great time for stock market junkies. As always, I won't be risking taking my bet :P
I wanted to watch, but unfortunately the high background noise in the audio made that too difficult for me. I was disappointed as you have always given clear and useful explanations of technical topics.
for the first time my purchase of a 8350 several years ago feels like a good decision. Buyers remorse no more!
Vishera master race
I love my 8350. What was your issue?
Never ended up using it for virtualization, which is what I originally bought it for. So I just have a slow and expensive desktop cpu. I tried OC'ing it, but mine refuses to be stable above 4.5Ghz.
You are also affected by spectre
Odd. I oc'd mine to 5Ghz but decided it wasnt worth the wear. I've never thought it was slow though.
Best description I've heard so far. Thank you!
The fix: Buy a new Intel CPU.
Yeah... Right... Also, my 2 year old iPhone needs a new battery.....
positron underVolt yeah, now yourw getting it
Before I continue with the video: if you continue to do computer related videos I will watch religiously!
Glad I got AMD
From what news is coming out, Spectre does still affect AMD yes, but to make use of the information you get from Spectre (as paging the data results in a page fault on AMD systems) you have to have some other kind of system access.
So sure, you can get the memory addresses of data you shouldn't have access to in a VM/runtime, but you can't actually read that data...
I'm sure we will get more information, this is just my understanding.
'Glad I got AMD' ...... that's something you don't read everyday
Glad I got AMD - *catches on fire* :v
But what will the kernel fixes do on AMD processors? I doubt they'll be excluded. So they'll be even slower on tasks that hit system calls hard.
You'll pay for it in electricity bills, if your electricity is expensive. If you're in a cold place, maybe not so much.
I subscribed not so long ago because of all the space stuff, but it just keeps getting better!)))
You rock!
So what you're telling me is to go with amd ryzen right... =)
You might want to read from reliable sources instead of him copying form people with no clue copying from fanboys.
Meltdown is fixed and has no measurable impact on normal software.
on the other hand Spectre - which affects AMD and pretty much every other CPU - is not fully patchable and needs a full architecture redesign.
+ABaumstumpf
To me, it sounds like you are the one who needs to do better research because you have it backward. Meltdown is the one that effects performance. Not Spectre.
yup.... meltdown doesnt work on AMD cpus...... AMD is safe from meltdown
meltdown requires the performance impacting patch
and spectre can be patched with almost zero impact.......and is, on amd systems
at the end of the day...... AMD comes out of this less bruised than intel
*"and spectre can be patched with almost zero impact.......and is, on amd systems"*
You got that backwards. meltdown can (and has been) fixed with early no performance impacts. but Spectre is the different beast that is NOT patchable - it can not be fixed in software as it is a fundamental problem with the whole cache-architecture as a whole.
maybe you should read the whitepapers before writing any more false claims.
+ABaumstumpf
You are the one who has it backward. You are mixing things up quite significantly.
ruclips.net/video/s7W5zsLp7xY/видео.html
The only person spreading false information is you because your brain seems to have a screw loose.
This is a very articulate and understandable explanation of these bugs. Well done, Scott, and thank you!
We got the panic email through today at work... It went to double panic when they found out the patch wasn't compatible with Symantic AV :D
That doesn't make any sense... The patch is kernel level meaning Symantic doesn't get a say at all.
stop using a shit AV, problem solved
"Hello, IT, have you tried turning it off and on again" - Roy Trenneman
Well, this seals it. I bought a 6700K, because I grew tired of waiting for [Ry]Zen (which I was almost certain was going to be awesome [based on architectural details released over the months and even years prior], and consequently _really_ wanted it).
Now, I'm going to try to return that Intel CPU (Consumer Guarantees Act, in my country), and switch to AMD.
Maybe I'll splurge for a nice new Threadripper system even, out of righteous anger and lust for power... but at _least_ a binned R7 1700.
_Screw_ Intel and their dirty tricks (see: business practices, and long history of fuckery and antitrust lawsuits against them, and their sabotage and maliciousness against AMD). I will simply not support this company anymore. I have almost no uncertainty about them knowing about this vulnerability, and exploited it for:
1. A cheat, for extra (illegitimate) performance, for just one more wrench in their toolkit for domination and control (vaguely reminiscent of that now quite widely known malicious compiler crime, where they intentionally crippled code that ran on AMD CPUs - like, it literally had check conditions, and _deliberately and explicitly_ used the slowest possible instructions and execution path for non-Intel CPUs)... and
2. mayyyyybe even (dun dun dun) 🤫🤔😱 the Alphabet Agencies (NSA, GCHQ, et al.) 🤯
Anywho. Long enough comment already. Sorry for all those affected by this Computopaclypse. And finally: I look forward to my future 16 (R7 1700) to 32 (TR 1950) threads at my disposal, courtesy of AMD free of Meltdown, once I sort through this warranty/RMA clusterfuck. Threaaaaaads 😍
ya man..... a 1700 that can hit 3.9+ will keep up quite will in single thread with a 6th gen cpu
and completely destroy it in multi
still.... will be interesting to see what happens after the patch drops and we get new benchmarks
and this was defiantly a design decision..... someone, somewhere, sometime..... had to decide to change this
if a plane crashes due to a design defect, people get sued
I definitely would've gone for ryzen for all four of my (now completely börked because of meltdown i guess) systems if it was avilable at the time of purchase (it wasn't). now i HAVE to replace the i5-4460 since it already was bottlenecking the hell out of my 1070, let alone after it loses 30% of its performance, thanks intel.
kain hall Yep! Agreed. This has the stink of a decision from Up High all over it. I can picture it now: a beleaguered, indignant engineer being instructed that they are _not_ to to alter the design, after this engineer (or engineers) spot the issue and make a comment to the effect that speculative execution boundary conditions may exist and could and possibly will be exploited/abused and as such must be mitigated (alas, at a slight performance cost) against. They are then duly informed that this bug is not a Bug, but is in fact a Feature, and then crushed under a metric ton of NDAs with terms so virulent that the military would likely be interested in researching them as potential weapons technologies.
Finally: yeah, re: multi vs. single thread perf. Fortunately, I'm doing a lot of VM and programming work, so multicore perf is where it's at for me in terms of my interests, so it's a natural fit 😙
After the Meltdown fix, I'm betting that perf in these use cases will be severely affected (for Intel chips), due to the many syscalls and context switching these entail, so it's basically now a necessity for me to switch.
Charles Ball That's actually a lot better these days, since the last few AGESA updates. But yes, it certainly was an issue, and to a limited degree still is, particularly with lower quality motherboards (probably owing most to the quality of the UEFIs/BIOSes, and perhaps also electrical layouts).
Fortunately, my set of Corsair DDR4-3200 sticks (32GB; 4× 8GB) are fully compatible, and since I got them as a quad-channel set (even though I've been using them in dual, being on a 6700K), they'll be perfectly adequate for either a 1700[X] or the TR 1950X.
N.B.: it seems the memory controllers in TR are the best of those in all of the Ryzen dies, so that's even less of an issue, should I opt for that family. Same goes for the higher end SKUs (eg. R7 > R5 ... and X SKUs > non-X SKUs, though less noticeably so as compared to TR
+BRAAAP STUTUTU
"i HAVE to replace the i5-4460 since it already was bottlenecking the hell out of my 1070[...]"
I love it when people use words and talk about things that they don't have the slightest clue about. Stop watching Jayz2cents and read a book instead, you might learn a thing or two.
Wow this is surprisingly the best technical explanation I've seen for Meltdown. I'm quite curious where you got the instructions for the exploit from as I hadn't seen any information on them before now. Very interseting attack, though geniuinly terifying as I too work in IT. We're going to have a very unhappy Tuesday here next week.
I lifted the instructions directly from the paper.
Buy AMD stock. JK. buy the intel dip.
I've been telling people to do this since before Ryzen.......
This doesn't only affect Intel, and it also doesn't suddenly make AMDs faster or more capable.
It affect AMD and ARM processors as well, in fact any X86-64 processors...
And then hodl?
@Samuel Silva
No any, but generally most new ones.
Thank you for the Video, Scott. I guess everyone with an Intel Proc appreciates the insights.
Well Damn. Thats a bad time
The background music at the start is just an amazing addition.
Thanks for the "intel" (pun intended) Scott.
Thanks, Scott. Nice to have it explained to me by someone who I am willing to spend 10 minutes of my free time. Yea, a lot of virtual environments had a busy start to year 2018 here too. ;)
So basically, buy Ryzen and AMD stock?
Robin Bruggink
Yup
No. Spectre also effects AMD chips and is less fixable than meltdown
Apparently Intel CEO sold his intel stocks beforehand. Guess what stock he bought instead then?
bergonius
( ͡° ͜ʖ ͡°)
Iiro Yli-Salomäki
So you are basically saying don't buy at all?
Yeah, these problems arise when trying to jump over best practices when designing a CPU. The 'oldies' to whom I am counted, are, or about to be retired, and the 'youngsters' have taken over the work without actually knowing each single detail. They are moving known blocks around, like in Lego, assuming that they will not fail.
In the specific case, the code behind the branch is being executed no matter what happens at the jump, but should remain isolated (aka unused) if the jump takes place. In some way it is similar to how quantum computing works, but unintentionally :-)
can u not just turn it off n on again....?
turn what off , the sun? Actually, that might work...
hackers cant hack if there is no one alive to be a hacker
Battleoid -- genius! But unrealistic.
You see, the sun is just too big to flip a switch and turn off.. So instead, we're just going to blind everything on earth. Same thing. Right.
That's what she said
Just about kept up with that explanation about I subject I know NOTHING about... So... Well done Scott, well done.
I basically only use my PC for browsing (RUclips, forums, etc.) and gaming (Single- and multiplayer).
So I just let Windows patch itself once the update is out and that's basically it for me? I won't really feel the slowdown?
Correct.
You can also download the patch yourself: support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892
The problem is that you're using Windows, so applying a security patch is pretty much useless considering how Windows is spyware itself.
He plays video games... not much of a choice there. And considering WINE and other compatibility layers have the same 30% performance drop (not to mention the fact that they don't work half the time) I think I'll just stick with windows. Thanks for your input though.
patching is for pussies. disable windows updates
Scott to the rescue again. Thanks ! I wondered what all the fuss was about.
That diagram of the stack is *terribly* kerned.
You mean the diagram showing the Kernel is badly Kerned?
The more I look at Kernel Layout.svg, the more confused I get. It seems that the vector graphics are doing weird things; the larger you blow up the image, the more the 'Ke' and 'rn' crash into each other. I presume the one used in the video was the 1280x1011 version.
I was really bugged because I knew I'd heard his voice before but I couldn't pinpoint where. There I looked at his channel and realised I'd watched a bunch of his Kerbal Space Program videos. Quick funny seeing Scott as the number one hit on RUclips for a search of "Meltdown Spectre."
There are tactical defenses you can deploy. First I run a hardware firewall and isolate the internal network and only allow 80, 443 etc. Then on the PC web browser I run ScriptSafe - which blots out scripts of any kind until I allow or deny.
I mean someone could hide a malicious script inside a non-malicious one. So for you it seems like you're allowing some library or JQuery or something like that but in reality you're not.
Or are you meaning to say that you manually go through all the scripts you allow?
Yep I go through it all.
The Meltdown gives me two thoughts:
This is how humans think a lot of the time; "I don't know what to do, so I'll do what I usually do"
Also, I have come across quite a few security systems that end up being too complicated or time-consuming for the end user, who then creates workarounds that make things easier... but less secure. It's like putting your spare key under a rock next to the door, or writing down your computer password on a sticky note you put on the screen.
The same thing seems to have happened in processor development, but in the reverse order: build stuff to work fast, then discover it isn't secure and end up having to put slow security measures in place.
Revive Cyrix.
well apart from the obvious joke :) the trouble would be the same. Speculative execution would (have) been an asset on their end too - which would render them vulnerable too. There is so much benefit of using possible idle time to run code (while waiting for the parameters of the brances) that it outweighs (well at least it did) - the possible sideeffects.
Also apart from their never released CPUs (which were promissed to be intel killers (and some of the drawings were actually pretty impressive) - they would suffer more after the fixes. (speed issues and stability problems were constant with them)
it is time to go back to the Motorola 68000 CPUs :) and other 8 bit varriants :) And i heard abacus is still pretty safe :)
I thought the point was that Cyrix didn't use speculative execution??
Caston Young correct. they were not. however when the cyrix was a thing - the equivalent intel cores were also lacking this feature. my point was, that if cyrix would be still here, they would be affected ( most likely ) - because of the positive effect on speed (ignoring the security issues for the moment)
hope this clarified my point: not saying they were using it - but if they would be here : they would most certainly have the feature.
regardless : commodore 64 FTW!
nice meme my yellow fellow
This is by far the best video about this bug that i have watched.
Are you sure this could be considered a bug? Maybe it was an intended backdoor left for the CIA. They already released some backdoors and this one might had been immediately forwarded to the press.
Seems like an oversight earlyin design. Or a concious choce to comprompromise security for performance.
Can you please do an entire series on computers? I actually understand this the way you explain it! Would love to see an entire series on spaceship computing actually :)
In this comments section, AMD and Intel fanboys and girls flailing at each other.
TheOneWhoMightBe you know its all boys
lol a bernie supporter... how do you not feel shame?
911WASanINSIDEjob420: Looking at your channel, I don't think you're in a position to be asking that, troll. Shoo.
~7:00. Wrong. Meltdown has nothing to do with branch prediction. Memory access exceptions are not predicted in BPB. The bug is that Intel CPUs check memory access rights at _retirement_, not at address translation time.
I think Intel is having a meltdown
Silas Andrews nice one!!
Intel knew about these security risks for a decade but chose to stay very quiet for some reason. Too bad no one will sue them. They'll price drop 15% due to the new AMD Ryzen release, which is up to 40% quicker than the first Ryzens.
Woot! amd in my computer!
There is a great question on StackOverflow titled 'Why is it faster to process a sorted array than an unsorted array' which first introduced me to branch prediction. It's an ingenious method of improving CPU performance. It's very sad that combined with L Caches it can be exploited in this way.
One question why would hackers would need or want to do this... ohhhh wait BITCOIN stories in coming in the next weeks.🤔🤔🤔🤔
Thanks Mr Manley for explaining this. Helpful and interesting, as always.
To dumb it down a bit, the processors let code run which accesses the core of your PC? And people can use that to get info out of the core?
To dumb it down a bit, information about how long it takes the processor to execute small chunks of code can tell you about data that your operating system normally would not allow your code to retrieve.
It lets it read one bit only then shuts it down. Therfore it can read it one bit at a time.
You can tell that "Forcefully Unmap Complete Kernel With Interrupt Trampolines" was a term that Linus Torvalds would have come up with.
Guess I’m going to go with AMD next time I build a computer
Don't listen to them, they don't know what they are talking about. AMD is effected by Spectre, not Meltdown. Meltdown is the one that requires the fix that will cause slowdowns.
They are just pissy because they are Intel fanboys.
And don't know the difference between an affect and an effect.
+Lics01
Actually, it's quite a common mistake.
too bad Meltdown already got hotfixed on all major operating systems with no performance impact for desktop users.
@B-Bunny Gaming
"They are just pissy because they are Intel fanboys."
Say a AMD fanboy regard people saying the truth (at least regard the Spectre).
Best explanation of these bugs so far
Intel BETTER start sending out new CPUs for free if there chips aren't patchable. They are claim that it is..
The Meltdown bug is patchable as mentioned, by not mapping kernal memory to user space. Spectre however can't be worked around, and it affects every cpu on the market. The fix is to redesign the architecture itself, and thus needs a new cpu with the fix designed in.
uzza2
read as new designed in way to spy on users that won't be blown as easily
So AMD better send CPUs to everybody as well :P
their are three total issues......AMD is only vulnerable to one
which has more options/ways to patch it.....aka, isnt as easy to hack as the intel cpu
plus.... its already been patched, with "almost zero performance impact"
we will need further testing however..... this is all very VERY VERY early info
its basically 2 websites..... and everyone just repeating said websites
so.... no one really knows for sure right now.....but it does seem that AMD isnt AS effected
They didn't design it like this on purpose, it was a mistake. Also in no way did they guarantee you this functionality. Not even starting with the impossible cost of replacing every CPU of the ~past decade.
One could also semantically consider this timing based attack a form of correlation attack. You observe which cache state correlates to the protected memory bit accessed. And like the security experts always say: "Correlation attacks are a B----"
What a giant, royal mess. I was going to buy an Intel CPU for my next PC setup but this is just insane. How do you miss something this big for so long?
Do you realize how complex computers are? Kind of a dick move to stand on the sideline and scream how bad everything is when you have no clue how difficult it is to create processors, software and whatnot.
I recommend this video for explaining just how complex things are. ruclips.net/video/e2vPp0fQUkM/видео.html
Because some brilliant minds had 20 years to analyze 2 years' work of other brilliant minds on tight deadlines and huge commercial pressures to release their products.
If there are any flaws, they will be found eventually, and hackers only have to be successful once.
Hackers.... Security programs.... Crime... Crime Prevention...
Its a never ending battle. Someone creates a lock, someone else creates a key and that is just how it will always be. No system is 'safe'. All you can ever do with any kind of security is to make it complex to the point where the majority don't know how to break it and the minority who can generally cant be bothered as its a ball ache.
Same idea with a steering wheel lock for your car. Really, it doesn't protect shit as they're so easy to bypass; but, its not as easy as it is to just go down the street and take the next car that doesn't have one so it protects using the innate lazy nature of criminals. That's the best you can hope for with computer security too.
Doesn't matter what it is though, if someone wants in bad enough, there's always a way. If its not Spectre or Meltdown, its just something else...
Well - cause MeltDown, while it is a problem, isn't nearly as big as a problem as the media and FanBoys want to make it out to be.
It has already gotten a working hotfix that has nearly no performance penalties.
While on the other hand Spectre is not fixable without a complete resigned of pretty much every CPU architecture - yes, AMD too - and can only be mitigate, not fixed, with software despite causing huge slowdowns.
This has to be one of the most unexpected best days for an AMD user.
Agreed i was so happy when he said for intel haha....
Dear people dissing intel: Spectre affects AMD too and is less patchable than Meltdown is.
Yep, but the fix for Spectre doesn't involve slowing down every single system call by 30%, it mainly involved fuzzing time measurements in Javascript.
i want to know where the 30% come from, who claimed that originally? Even if someone actually tested or did the math to conclude that slowdowns are as high as 30%, i cant come up with any actual application that is so heavily reliant on syscalls to have a significant or noticable effect on speed.
The claim has since been reworked, and has reduced that to around 5%
TheFlynCow it was initially from Intels initial outlook, but Intel has since reworked those reports
I bet they did.
Something I wanted to point out, since I don't think Scott really touched on it.
Meltdown affects "potentially all out-of-order execution Intel processors since 1995, except Itanium and pre-2013 Atoms. It definitely affects out-of-order x86-64 Intel CPUs since 2011." ("Meltdown, Spectre: The password theft bugs at the heart of Intel CPUs", The Register, www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/)
Additionally, it affects ARM Cortex-A15, 57, 72, and 75 cores, but does not work against AMD processors.
Spectre is believed to affect ALL PROCESSORS. It has been proven against Intel Haswell Xeon, AMD FX and Pro series (and possibly Ryzen, as well), and ARM Cortex-R7, R8, A8, A9, A15, A17, A57, A72, A73, and A75 processors.
AMD claims that its processors are effectively immune to Variant 2 (CVE-2017-5715) attacks, but this has not been independently verified as far as I know.
Meltdown does have software patches in the pipeline, but it is anticipated that, in a WORST CASE SCENARIO, Intel processors could see upwards of a 30% performance hit. This is only when the applications are making multiple syscalls, such as when using the network or accessing the hard drive. Gaming is not expected to take a big hit (save during loading) unless the game is online. There is currently no microcode (firmware) fix, and it is possible one cannot be made.
Spectre has no system-wide patches currently. The only fix (short of getting new, invulnerable hardware) is to patch every single piece of software on the system.
If you're curious, you can look on The Register (theregister.co.uk) and Ars Technica (arstechnica.com) for their articles detailing the vulnerabilities. There is also the Meltdown Attack site (meltdownattack.com).
The bugs are currently listed as CVE-2017-5753 (Spectre Variant 1), CVE-2017-5715 (Spectre Variant 2), and CVE-2017-5754 (Meltdown).
Do you know if they make adaptors that let your intell chipset accept AMD?
Not possible. The CPU needs compatible supporting and cooperative chips on the board. Intel and AMD chips effectively speak different languages. That "language" is hard wired and can't be changed. You couldn't ask someone that only speaks Spanish to teach a class on Japanese. Even if you had the translation, without a fundamental reconfiguration it just wouldn't work.
The adapter is a new motherboard that supports AMD.
Not answering the question, more like adding one, but could it be theoretically possible to have a motherboard containing all the chips needed for both brands, able to have either an Intel or ADM CPU on it ?
You forgot the kappa.
Anonymous Psuedonym to be fair I bet it is possible if the adapter had an AMD chipset on it and was modified to also speak to the Intel chipset to access the memory, the PCI bus, etc.. it would be insane and there would be insane performance degradation but you could maybe make something that was somewhat functional
My respects for a guy who knows so much stuff
Watch benchmarks on the programs you use. Less than 1% decrease.
I run databases, 20% drop in performance for me.
Scott Manley The average user won't even notice, even if they get 10-30% like my parents got in their work program (I think it uses SQL, not sure). What I wonder is if it will get better with time and patches.
III4LB3RT0III
As an IT student, I am not at ease. I am actually using server software in a Skylake i7 as part of my courses. Fortunately, class related data is small and should not impact significantly. It would that I cannot use this same build for practical implementations loaded with actual work related data.
Worst case seems to be high IOPS like databases on NVMe.
My computer exploded and killed me.
Gotta ask, how many documented 'in the wild' attacks since this story popped?
Thanks for all the fish, good night!
ANYTHING can be made to fail in the lab...that's their job!