The broken microcode is (at some level, anyway) forgivable; Intel's ongoing inability to communicate transparently and honestly with its customers during this crisis of its creation is much less so.
Between Intel's numerous CPU bugs that they refused to refund customers for and ME, it's crystal clear what Intel thinks about their customers.
I know my box is overkill for my needs now, but upgradeability is a big plus for me; I'm only using 16GB of RAM, but could up that to 128GB, and maybe I might swap out the CPU for a 64-core Zen4+ in 2022. For reference, my last dev box is from 2010(!) which I upgraded over time and this strategy has served me well. YMMV.
1. Westmere - 1st Gen 'Intel Core'
My next home PC will be Ryzen 2 at some point this year.
This bug and Intel's response is very good timing for AMD though.
Unfortunately the legal process was far too slow and the penalties were a pittance compared to the profits.
It benefits all of us to have a competitive market for x86 CPUs.
Not a home-built thing, but not what you'd call a laptop (portable, battery life) either..
ouch, that is definitiv not a good issue...
but well my mbp late 2013" gets hot as well.
It's not getting particularly hot in general, entirely depends on the use case. When I max out the cores or run a game? Quite hot. Otherwise: Mostly fine..
It's just unwieldy, big and heavy, hence not really useful on a lap..
How do you propose this could work?
Are side channel vulnerabilities in CPUs really bugs?
I would have expected, if I thought to ask, that items were not added to the cache or were removed from the cache if the branch was not retired.
Intel isn't being sneaky, speculative reading was a standard and accepted feature for out of order processors for over 20 years (remember it affects ARM,AMD,Apple,IBM etc as well). Speculative reading privileged memory while unprivileged was a big mistake though.
Shipping or not, it illustrates, that Intel was not unique.
It's also not the scariest variant, it's easily fixed (performance degradation aside), doesn't require a microcode update to be fixed hence is 100% software mitigated, doesn't allow you to cross between guest and host memory address spaces and isn't remotely exploitable.
On the other hand variant 1 and 2 are much scarier because they are the complete opposite of Meltdown.
And Meltdown was the easiest to exploit. Spectre is "bad" because it affects everyone, but it's less exploitable than Intel's Meltdown.
Meltdown is the easiest to exploit and the easiest to fix it’s also the least scary one as far as compromises go.
While it's more easily exploited, it's also patchable with minimal performance impact, unlike Spectre in general.
Let's not throw the baby out with the bathwater here. I don't think the problem is that speculative execution is not as invisible as it was once believed. The problem is more of awareness and documentation. If there was an option to disable speculative execution and awareness of the associated security issues from the beginning, I don't think anyone would have a problem with using it for a performance boost where it was safe to do so. The problem is there was an industry wide assumption that it wasn't a problem that turned out to be wrong.
Before one makes such a statement, one has to define "modern process isolation" in a very formal way, so that not anybody (neither Intel nor the customer) can redefine the meaning as they desire. I am not aware that Intel gave such a formal definition that they claim to obey to (but perhaps fail). So any operating system can only rely on very weak guarantees for the processor to provide "isolation" (using quotes since I have not defined the term "isolation" formally). Thus the OS has to implement stronger isolation primitives that it desires by itself (by using the weak primitives that the processor provides).
Modern process isolation is not flawless, therefore it is not modern process isolation.
If he is saying that Intel is giving other advice privately then you are welcome not to believe him (and note that it is you who is using the much stronger term "lying" here).
Personally I think un-sourced statements from him are worth listening to.
As developers, we should know this phenomenon well by now, as it's dictated an ever-increasing portion of our toolchain. "Oh, you say Google uses this thing?! I use it too then! Google and me are best buds!". (This applies equally to Facebook, and to a lesser extent, Amazon. Compare one of my son's favorite YouTube videos at ).
Alternatively, they may want customers to think "Oh boy you have to be a super genius guy like the Googles to beat up Intel so this isn't a big deal", or "How could Google do this to a nice company like Intel".
So many possibilities, but really all of them turn out well for Intel.
Withdrawn CPU Microcode Updates: Intel provides to Lenovo the CPU microcode updates required to address Variant 2, which Lenovo then incorporates into BIOS/UEFI firmware. Intel recently notified Lenovo of quality issues in two of these microcode updates, and concerns about one more. These are marked in the product tables with “Earlier update X withdrawn by Intel” and a footnote reference to one of the following:
1 – (Kaby Lake U/Y, U23e, H/S/X) Symptom: Intermittent system hang during system sleep (S3) cycling. If you have already applied the firmware update and experience hangs during sleep/wake, please flash back to the previous BIOS/UEFI level, or disable sleep (S3) mode on your system; and then apply the improved update when it becomes available. If you have not already applied the update, please wait until the improved firmware level is available.
2 – (Broadwell E) Symptom: Intermittent blue screen during system restart. If you have already applied the update, Intel suggests continuing to use the firmware level until an improved one is available. If you have not applied the update, please wait until the improved firmware level is available.
3 – (Broadwell E, H, U/Y; Haswell standard, Core Extreme, ULT) Symptom: Intel has received reports of unexpected page faults, which they are currently investigating. Out of an abundance of caution, Intel requested Lenovo to stop distributing this firmware.
Microsoft has been telling people about problems with the mitigations up-front. There are, for starters, Microsoft KnowledgeBase articles detailing problems with older AMD CPUs and with anti-virus softwares that behave like rootkit viruses resulting in systems that will not boot, and web log articles discussing the performance considerations for server systems.
I can hardly call this rushed.
Rush isn't a word I would use.
What does higher mean here?
This is what they ended up with after a few reviews with legal (“we can’t say ‘our’; they’ll eat us in court”) and marketing (“We need a less emotionally loaded way to say ‘crash’”)
Legal aimed to maintain just enough meaning in the statement to be able to say “we warned customers as soon as we could”; marketing aimed to make it a positive message. I guess that’s why ‘higher’ won over ‘more’.
Odd wording for sure.
I have 495 days of uptime here with intel graphics & wireless.
This just in:
When Samsung phones were blowing up, I thought that was it, but somehow people kept preferring the phones.
the pulled out BIOS update files for 13th gen were released on 5th of Jan.
These symptoms are also the classic ones you get when you install an OS on a new-generation, well-functioning CPU.
I thought it might be memory, but an 8+ hour memory scan (windows internal one, not the normal linux one) didn't tickle any bad bits and its not erorring in any unique component, each time, it seems to be a different one (first I caught the blue screen, it was the network driver, that made sense, so I upgraded it, just in case), but then it started being ntfs and other things. wondering if its just limited to those arches, or others.
That's Sandy Bridge, 3 generations older than Broadwell.
From speaking in my circles, I get the impression that those of us without our own data centers to worry about are much better off than those who do.
"*3 – (Broadwell E, H, U/Y; Haswell standard, Core Extreme, ULT) Symptom: Intel has received reports of unexpected page faults, which they are currently investigating. Out of an abundance of caution, Intel requested Lenovo to stop distributing this firmware."
So far as I can figure, Xeons are covered by "Haswell standard". Core Extreme was those ridiculously overpriced i7s. ULT is the "Ultra Low TDP" chips.
It looks like from the desktop and mobile processor fields, if there is anything special about the core they put a suffix on denoting it, so Xeon may well classify as "Haswell standard"?
A possible convention for ironic quotes:
> To avoid the potential for confusion between ironic quotes and direct quotations, some style guides specify single quotation marks for [irony], and double quotation marks for verbatim speech.
In context it is very clear that the use is sarcastic, given how tight-lipped Intel has been about admitting any fault so far.