Quantcast

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Major security flaw in ALL intel chip......

13»

Comments

  • Loke666Loke666 Member EpicPosts: 21,441
    Thanks, Quizz. :)
  • Octagon7711Octagon7711 Member LegendaryPosts: 8,967

    "We all do the best we can based on life experience, point of view, and our ability to believe in ourselves." - Naropa      "We don't see things as they are, we see them as we are."  SR Covey

  • RidelynnRidelynn Member EpicPosts: 7,060
    edited January 2018
    One of the posters at Epic had a really good explanation - he even talks about this versus something like a keylogger. In essence, you can think of these attacks as keyloggers for your CPU caches. The "patch" involves extra encryption steps for data that is intended to be encrypted, so that the CPU is processing encrypted data, and that adds a lot of overhead. 

    You probably won't see a big impact on your gaming computer, unless you run something like an encrypted SSH tunnel or VPN service full time. Most typical home/gaming computers don't deal with a lot of encrypted data streams, apart from the occasional password hash or https header whenever you log into something.

    Servers, on the other hand... and Epic is saying they are seeing a lot of issues on their cloud servers for Fortnite right now.

    https://www.epicgames.com/fortnite/forums/news/announcements/132642-epic-services-stability-update?p=132713#post132713

    Another good explanation, from the fellow that brought you the Raspberry Pi (which are immune to these attacks, btw).

    https://www.raspberrypi.org/blog/why-raspberry-pi-isnt-vulnerable-to-spectre-or-meltdown/
    Torval
  • TorvalTorval Member LegendaryPosts: 19,952
    My entire work world lives on encrypted data, virtual machines, and various VPN tunnels. I use VMs because I run VPNs from my desktop and RDP to remote hosts. That way I can do my remote work securely while still having access to the internet on my desktop.

    I also run my entire data drive through TrueCrypt at the partition level. I don't use it for my OS drive which is physically separate. I'm keeping my eyes out for a big performance hit.

    How I think this might play out pragmatically is that we could feel a cumulative performance hit. I don't expect my VM to suddenly become slower. I expect the VM, and VPN, and the entire virtualized host network to all contribute small pieces to performance degradation. I'm not entirely sure we'll even feel that in real time interaction. I think we'll see that in longer processing times that add up to larger loss of productivity.

    I expect to see this in my ETL (extract, transform, load) jobs between databases or in file conversions. For example, say I have to move 100k patients between systems with 500GB of discrete data and it used to take me 20 hours. If that now takes me 26 hours of processing time, that can balloon into a couple more days of people time which adds a huge amount of cost or loss to my productivity and our revenue.

    It's even worse I fear with file conversions. I do a lot of those between systems. Medical people scan a lot and create a lot of documents and they often want them converted to formats for a new system or packaged into a single PDF. Converting 10 million files and moving them to a new location can take weeks depending on hardware. Even a 5% across the board increase is going to be incredibly painful. I'm hoping in this situation that I/O is still the main bottleneck.

    I'm also curious how this will affect performance for interpreted languages. Java, .NET, and Python all use an interpreter which is essentially a virtualization layer that interprets byte code to binary. We use those heavily and most of our third party tools are written in Java and .NET.

    Like Quizz said this is actually a set of issues and there is a lot to chew on and unpackage. I'm not worried about security or my personal information on Amazon so much as how this will affect the tech landscape productivity.
    Ridelynn
    Fedora - A modern, free, and open source Operating System. https://getfedora.org/

    traveller, interloper, anomaly, iteration


  • TorvalTorval Member LegendaryPosts: 19,952
    I had to lol when I installed the SpeculationControl module. I had to install the nu-get package installer for PS (okay), but when I went to download the module I got an untrusted repo warning. In this sort of scenario it's kind of important that vendors setup their security chain properly so cert handshakes are happy. No user wants to see an option to install untrusted software to check the status of a security vulnerability. I did some /smh. :lol:
    Octagon7711
    Fedora - A modern, free, and open source Operating System. https://getfedora.org/

    traveller, interloper, anomaly, iteration


  • QuizzicalQuizzical Member LegendaryPosts: 22,096
    Torval said:
    My entire work world lives on encrypted data, virtual machines, and various VPN tunnels. I use VMs because I run VPNs from my desktop and RDP to remote hosts. That way I can do my remote work securely while still having access to the internet on my desktop.

    I also run my entire data drive through TrueCrypt at the partition level. I don't use it for my OS drive which is physically separate. I'm keeping my eyes out for a big performance hit.

    How I think this might play out pragmatically is that we could feel a cumulative performance hit. I don't expect my VM to suddenly become slower. I expect the VM, and VPN, and the entire virtualized host network to all contribute small pieces to performance degradation. I'm not entirely sure we'll even feel that in real time interaction. I think we'll see that in longer processing times that add up to larger loss of productivity.

    I expect to see this in my ETL (extract, transform, load) jobs between databases or in file conversions. For example, say I have to move 100k patients between systems with 500GB of discrete data and it used to take me 20 hours. If that now takes me 26 hours of processing time, that can balloon into a couple more days of people time which adds a huge amount of cost or loss to my productivity and our revenue.

    It's even worse I fear with file conversions. I do a lot of those between systems. Medical people scan a lot and create a lot of documents and they often want them converted to formats for a new system or packaged into a single PDF. Converting 10 million files and moving them to a new location can take weeks depending on hardware. Even a 5% across the board increase is going to be incredibly painful. I'm hoping in this situation that I/O is still the main bottleneck.

    I'm also curious how this will affect performance for interpreted languages. Java, .NET, and Python all use an interpreter which is essentially a virtualization layer that interprets byte code to binary. We use those heavily and most of our third party tools are written in Java and .NET.

    Like Quizz said this is actually a set of issues and there is a lot to chew on and unpackage. I'm not worried about security or my personal information on Amazon so much as how this will affect the tech landscape productivity.
    It's possible that you won't be particularly affected by the fix.  My understanding is that it doesn't make using a VM slower on its own.  What hurts is switching between VMs.  If you're using a VM for security reasons, but you're the only VM on the server, then you don't have a problem of switching between VMs, so you won't have a big performance hit.  If there are 10 VMs on a physical server but yours is the only one doing much, then it won't have to switch to another VM to let it have some CPU time very much, so again, the performance hit won't be large.  If yours is one of several VMs actively doing a lot of work on the same physical server and competing for CPU time, then the patch will basically impose a much larger context switching penalty to switch between them, and that's how it gets really bad.

    Encrypting and decrypting data is just software, so the patch shouldn't affect the speed of that.  Nor should it affect the performance of changing file formats.  A VPN might be a problem depending on how often it is forced to do system calls, but I suspect that it won't be a big deal.

    If you're doing database work where the database is large enough that you can't keep it in memory and it's a ton of very small file I/O, then that could be a problem.  Having a ton of very short system calls so that you have to constantly switch between user memory and kernel memory will impose a considerable hit every time you switch.
  • TorvalTorval Member LegendaryPosts: 19,952
    I need to understand better user land and kernel memory scheduling. It can get rather complicated.
    Fedora - A modern, free, and open source Operating System. https://getfedora.org/

    traveller, interloper, anomaly, iteration


  • QuizzicalQuizzical Member LegendaryPosts: 22,096
    I should add a caveat that I don't really know.  My real expertise is in GPUs, not CPUs.
  • OzmodanOzmodan Member EpicPosts: 9,726
    Torval said:
    My entire work world lives on encrypted data, virtual machines, and various VPN tunnels. I use VMs because I run VPNs from my desktop and RDP to remote hosts. That way I can do my remote work securely while still having access to the internet on my desktop.

    I also run my entire data drive through TrueCrypt at the partition level. I don't use it for my OS drive which is physically separate. I'm keeping my eyes out for a big performance hit.

    How I think this might play out pragmatically is that we could feel a cumulative performance hit. I don't expect my VM to suddenly become slower. I expect the VM, and VPN, and the entire virtualized host network to all contribute small pieces to performance degradation. I'm not entirely sure we'll even feel that in real time interaction. I think we'll see that in longer processing times that add up to larger loss of productivity.

    I expect to see this in my ETL (extract, transform, load) jobs between databases or in file conversions. For example, say I have to move 100k patients between systems with 500GB of discrete data and it used to take me 20 hours. If that now takes me 26 hours of processing time, that can balloon into a couple more days of people time which adds a huge amount of cost or loss to my productivity and our revenue.

    It's even worse I fear with file conversions. I do a lot of those between systems. Medical people scan a lot and create a lot of documents and they often want them converted to formats for a new system or packaged into a single PDF. Converting 10 million files and moving them to a new location can take weeks depending on hardware. Even a 5% across the board increase is going to be incredibly painful. I'm hoping in this situation that I/O is still the main bottleneck.

    I'm also curious how this will affect performance for interpreted languages. Java, .NET, and Python all use an interpreter which is essentially a virtualization layer that interprets byte code to binary. We use those heavily and most of our third party tools are written in Java and .NET.

    Like Quizz said this is actually a set of issues and there is a lot to chew on and unpackage. I'm not worried about security or my personal information on Amazon so much as how this will affect the tech landscape productivity.

    Well a friends company has taken their VM machines and VPN's off the net entirely.  It does take data longer to get into the system because of this, but with files of millions of users they just cannot take any kind of a performance hit.
  • VrikaVrika Member EpicPosts: 6,422
    edited January 2018
    Microsoft released info about how much the security fixes will decrease performance:

    Windows 10 is slowed down less than Windows 8 and Windows 7
    Intels' Skylake processors and later (6000 series and later) is slowed down less than earlier Intel processors.

    If you're using Windows 10 and modern processor the slowdown should be only single digit and most users won't notice anything. If you're unlucky and are using older OS + older processor the slowdown will be so large that most users will notice decreased performance.

    There are two updates required for the security fixes: One for the OS, one for processor microcode. Most of the current slowdown benchmarks are done with only one of those updates, and don't show the full truth of how much the computer will be slowed down.

    https://cloudblogs.microsoft.com/microsoftsecure/2018/01/09/understanding-the-performance-impact-of-spectre-and-meltdown-mitigations-on-windows-systems/
     
  • Asm0deusAsm0deus Member EpicPosts: 3,224
    edited January 2018
    https://www.dslreports.com/shownews/Intels-MeltdownSpectre-Fix-Causes-Numerous-CPU-Headaches-141049
    Intel has released an update addressing the patches the company has issued to resolve recently-revealed, massive CPU security flaws, and the performance hits (and other quirks) users are experiencing in the wake of the updates. The "Meltdown" and "Spectre" errors opened the door to exploits that allow an attacker to swipe data from a PC running millions of CPUs made since the mid-nineties.

    The scope of the flaw was monumental, though the affair was compounded by security updates that have impacted performance and system stability.

    Not only are users who applied these updates now facing notable performance degradation of their CPUs, some customers are seeing constant reboots in the wake of Intel's solution to the problem, something Intel addressed in its blog post.

    "We have received reports from a few customers of higher system reboots after applying firmware updates," Intel states. "Specifically, these systems are running Intel Broadwell and Haswell CPUs for both client and data center. We are working quickly with these customers to understand, diagnose and address this reboot issue."

    Intel's post came on the heels of a Wall Street Journal story claiming that Intel is teling some customers to delay applying the update to avoid system stability problems. That report cited an internal Intel document disclosing that the company identified three issues in microcode updates released over the past week intended to address the vulnerabilities. The warnings were shared with computer makers and large cloud providers, but not consumers or smaller companies.

    Another Intel update clarifies just what kind of a performance hit impacted users are seeing on their systems after applying updates.

    According to Intel, computers equipped with 8th generation (Kaby Lake, Coffee Lake) chips and sold-state-drives (SSDs) will see the least slowdown from the Spectrum/Meltdown update at less than 6%. Devices using the 7th Gen Kaby Lake-H mobile processors will be around 7% slower, while the performance impact on systems with the 6th Gen Skylake-S platform is estimated to be around 8%. Needless to say, enterprise users and hobbyists alike are immensely frustrated by having to choose between system security and system stability and performance, and that Intel isn't being fully forthright with some customers.

    "As we collect more information across the broad range of usages and Intel platforms, we will make it available," Intel says of the slowdowns and rebooting issues. "Within the next week, we intend to offer a representative set of data for mobile and desktop platforms that were launched within the past five years. For those Intel customers who are worried about performance impacts, you should know that we will work on creative solutions with our industry partners to reduce those performance impacts wherever possible."

    Brenics ~ Just to point out I do believe Chris Roberts is going down as the man who cheated backers and took down crowdfunding for gaming.





Sign In or Register to comment.