Intel Chip Design Flaw Mitigation May Slow Many Enterprise Systems; Related Security Flaws Will Linger

Ed Ropple wrote:

clang's been better than MSVC for a while, IMO, unless you really need an IDE to drive for you. (And clang has great tools for that, it's just that Xcode feels like crap. I haven't found an excuse to try Rider.)

Considered purely as a C++ compiler and not taking any other part of the toolchain into account, yeah, I'd agree clang is now a slightly better compiler than MSVC. But I do think Microsoft's whole ecosystem of tools still has an edge over anyone else.

To get back to the actual topic of the thread (if anyone remembers it)...

When I first read the details of the vulnerabilities, what struck me was how obvious it all seemed in hindsight. If you know the basic principles of how modern CPUs work - enough to be familiar with terms like "speculative execution", "branch prediction", "page fault", "ring 0 vs ring 3", and the like - your first thought was probably the same as mine: "Holy crap, how did anyone not spot this years ago?"

Then again, of course, it's quite likely that someone in the NSA, GCHQ, Russia, China, and/or North Korea did spot this years ago...

And the Windows fix makes some computers with older AMD chipsets unbootable:

Microsoft Support: Windows operating system security update block for some AMD based devices

Robear wrote:

This has tremendous performance implications for heavily threaded workloads (think databases, virtualization, and multi-stream i/o workloads), as well as for systems that run under heavy load most of the time.

New information coming out on performance effects.

El Reg wrote:

While most casual desktop users and gamers won't notice any prolonged slowdown, or any performance hit at all, people running IO or system-call intensive software, such as databases on backend servers, may notice the difference.

Red Hat has clocked the patch performance impact as ranging from one to 20 per cent.

Epic Games on Friday explained the cause of recent login and stability issues experienced by its players, noting: "All of our cloud services are affected by updates required to mitigate the Meltdown vulnerability."

The company, which relies on AWS servers, posted a screenshot of a graph depicting a spike in CPU utilization after a host was patched. The Register asked Epic to elaborate on its findings, but a spokesperson said the developer had nothing further to add at the moment.

Discussions on the mailing list for Lustre, a parallel distributed filesystem, described slowdowns ranging from 10 per cent to as high as 45 per cent for certain IO intensive applications.

"We found terrible performance on the test system with zfs+compression+lustre," wrote Arman Khalatyan of the Leibniz Institute for Astrophysics Potsdam in a memo on Monday.

On Reddit, a Monero coin miner reported a slowdown of about 45 per cent after applying the Meltdown patch. On that thread, another person cited a hash rate decrease of 10 to 15 per cent.

Quora, which relies on AWS, on Saturday said it is "facing a slowdown due to the patch applied by AWS for Intel's Meltdown and Spectre issues."

Via Twitter, Francis Wolinski, a data scientist with Paris-based Blueprint Strategy, noted that Python slowed significantly (about 37 per cent) after applying the Meltdown patch for Windows 7.

Also via Twitter, Ian Chan, director of engineering for analytics firm Branch Metrics, described CPU utilization increases of five to 20 per cent after the Meltdown patch was applied to the AWS EC2 hypervisor handling its Kafka instances.

I wonder if theres a Plex Transcoding server hit?? Seems like my Plex Server isnt quite up to snuff anymore.

TheGameguru wrote:

I wonder if theres a Plex Transcoding server hit?? Seems like my Plex Server isnt quite up to snuff anymore.

I hadn't done an update on my Plex server yet. I did some before-and-after load tests with transcoding a single 1080 stream and didn't see a noticeable difference. user% bounced between 20% and 30%, and system% was under 1% before and after.

yeah I was waiting for that shoe to drop...

Intel is reportedly advising large Enterprise customers to wait on patching, due to crashes and slowdowns from the initial firmware patches. This is unfolding as I discussed earlier.

Here's a Techspot look at performance hits on a desktop system, early testing. The SSD was hit hard, but gaming was generally less than 5% slowed. Many things were not tested.

So afaik, for total protection you need to update windows and update your graphics drivers which I have done already. Web browsers will be updated as time goes on. I was also advised to update the intel management engine, can that be done through windows?

The last thing that needs to be done is a BIOS update. However I just read that Asus will only patch the BIOS for motherboards with socket 1151 and forward. In other words if you have a Haswell or Broadwell CPU or older you are sh*t out of luck.

My opinion of ASUS has decreased dramatically.

IME is patched via firmware updates, not the OS.

Microsoft Disables Spectre Mitigations Due to Instability

Haven't got the reversion update yet on win7, probably will get it this tuesday. No system instability that I've noticed except for one nvklddm GPU crash, but that one has so many different causes it's hard to say why it happened or if it's related at all.