A spokesperson from Intel reached out to provide a statement for us.
“Intel received notice of this research, and we expect that software can be protected against such issues by employing side channel safe software development practices. This includes avoiding control flows that are dependent on the data of interest. We likewise expect that DRAM modules mitigated against Rowhammer style attacks remain protected. Protecting our customers and their data continues to be a critical priority for us and we appreciate the efforts of the security community for their ongoing research.”
This is good news as the original report suggested a sofware mitigation might not be possible.
********** End Update ***********
If Tim's post earlier today was bright spot on an otherwise dismal day, then get ready for the clouds to roll back in. The performance drop experience from protecting yourself against Spectre and it's variants may have been mitigated to a point, however researchers from Worcester Polytechnic Institute, Massachusetts, and the University of Lubeck have discovered Intel chips are still vulnerable to a newly discovered vulnerability dubbed Spoiler.
Like the previous vulnerabilities it exploits speculative execution however unlike Spectre, Meltdown and their variants, it attacks via the Memory Order Buffer, using the timing behaviour it exposes. If there is one bit of good news in this discovery, it is that only Intel processors are affected and not AMD nor ARM.
Read on at Slashdot if you aren't already depressed enough.
"Like the Spectre and Meltdown attacks revealed in January 2018, Spoiler also abuses speculative execution in Intel chips to leak secrets. However, it targets a different area of the processor called the Memory Order Buffer, which is used to manage memory operations and is tightly coupled with the cache."
Here is some more Tech News from around the web:
- Microsoft Edge running on Chromium has more than a hint of Chrome about it @ The Inquirer
- Structural supercapacitors prepare for take-off @ PhysicsWorld
- iPhone 11 release date, specs and price: 2019 iPhones might offer waterproof display tech @ The Inquirer
- 3D Print Your Own Electric Screwdriver @ Hackaday
- Armor Games admits all its users' deets slurped in database mega-hack as site moves to repair chink @ The Register
- Microsoft Will Launch Disc-Less, 'All Digital' Xbox One S Next Month, Report Says @ Slashdot
- Blender 2.80 (Beta) Viewport & Rendering Performance @ Techgage
- Dealmaster: A whole bunch of Anker charging gear is on sale today @ Ars Technica
And yet go out shopping for a
And yet go out shopping for a Linux OS based OEM laptop and Intel/Nvidia is your only choice. All the laptops at the M$ store, the ones in the malls, are all Intel mostly with only the consoles using AMD APUs.
What a Spoiler Intel is and you will like Intel or not have much choice in the matter if you are looking for any Linux OS based OEM laptops(System 76/others).
Now just how much more is that performance hit going to be for Intel’s CPU SKUs from all the way back to the first generation core i series processors. AMD’s Zen, even pre Zen, CPU cores need a new round of retesting against any Intel CPUs with all the mitigations in place, and that includes this latest vulnerabilitiy’s mitigations.
2020 is fast approaching and still not much in the way of AMD choices on Linux OS based OEM laptops even with this new Spoiler(Bug) in the Intel soup.
The bad news is that Intel’s Incentives to laptop OEMs will continue, fixed CPUs or not, and good luck avoiding Both Intel’s CPUs and M$’s windows 10 after the 2020-2023 time frame beacuse the Linux Laptop OEMs sure are ingoring Zen, Zen+!
To be fair to both Intel and
To be fair to both Intel and those OEM’s, this isn’t a problem where one brand has made a mistake, its a new way of looking for faults the past three decades of computer development. Intel gets the brunt of it only because they are the majority producer, there are speculative execution exploits to be had on AMD chips, and even NVIDIA made terga parts, they just have less people actively seeking them.
Any one bug discovered can be fixed, and even with any performance impacts that brings the average CPU continues to become both faster for any given series, and to perform more work per monetary unit. There can and will be more speculation based exploits found (mostly in house and fixed before releases, without the public ever knowing, but yes some in the wild too)across the board for the next 3-5 years, at which point there will be some new focus for bugs. There isn’t a company letting down consumers, find and fix its literally the continuous development process thats already brought us this far and continues to be perfectly safe enough for the average home or business. If you need more than that, your not looking for an AMD made equivalent, your needing off the x86 instruction set, which both brands do make in useably powerful configurations.
And there is more than just OEM incentives being the lower number of AMD embedded options, at the top end of mobile platform the competition is between the Intel i7-8559U and AMD AMD Ryzen 7 PRO 2700U, both 4 core 8 thread typical 25w TDP parts. However the Intel is almost 50% faster in all CPU core testing at that wattage, and manages to still slightly beat out its Zen competition in battery life. You’d think the AMD “APU” would pull ahead in graphics benchmarks, but while its closer, the Iris Pro 655 stays ahead. Now to be fair to Zen, it is certainly the cost effective option on workstations thanks to Thread ripper, and it competes well enough on desktop, but in a mobile application its just not doing as well, likely indicating the difference in market focus between the companies, rather than technical aptitude.
“And there is more than just
“And there is more than just OEM incentives being the lower number of AMD embedded options, at the top end of mobile platform the competition is between the Intel i7-8559U and AMD AMD Ryzen 7 PRO 2700U, both 4 core 8 thread typical 25w TDP parts. However the Intel is almost 50% faster in all CPU core testing at that wattage, and manages to still slightly beat out its Zen competition in battery life. You’d think the AMD “APU” would pull ahead in graphics benchmarks, but while its closer, the Iris Pro 655 stays ahead.”
Ceators do not care about ->battery life<- creators want and need a little more power at 35-65 watts for some workhourse laptop offerings. So Really show the links to the full benchmark results and be sure to make the laptop reviewers add in the extra DIMM module to fill out both memory channels because a disproportionate number of AMD APU based laptops are shipped with only a single memory channel populated and the laptop's reviewers test the AMD laptops in an ->as shipped<- condition with only a single memory channel populated. Show me the results on the proper set of benchmarks(Not Cherry Picked) done on fully populated memory channels on laptops! If you are talking about thin and lights/Ultrabooks then that's an Intel project that was foisted on the entire OEM laptop market and I do not care about that product segement! I want a workhorse laptop that will remain plugged in wherever I will be using it and that Laptop only needs to ship with a Linux OS(For After 2020-2023) and a 35-65 watt AMD APU part with maybe an option for a discrete mobile Vega GPU/4GB of HBM2. I could care less about battery life and really I would rather look at the Laptop's Blender 3D benchmarks and I do not care about any gaming performance above all else. Do some Viewport testing with high pologyon count mesh models until the Viewport, in 3D editor mode, UI becomes bogged down. And only one website has actually done any Blender 3D editor Viewport testing but that was for diecrete GPUs and not integrated GPUs. Intel's graphics barely ekes by on those stripped down low resoultion gaming meshes but not on any high resolution 3D mesh models/high resolution textures that are used for animation rendering. So for that high resolution 3D graphics asset creation one needs either AMD or Nvidia graphics based laptop. Gaming workloads are content consumption workloads and are not content creation workloads. The only place where Intel competes with AMD is for some encoding workloads but not Graphics/Creation workloads of the 3D variety. AMD and Nvidia have GPUs that are great for Gaming and content creation but not Intel. Intel's CPUs/Graphics in laptops are geared more towards content consumption and not content creation where work with High resolution 3D models/High Resolution textures are concerned. And I'm not talking about simply Rendering any scenes I'm talking about where the most time by creators is spent and that's in the 3D graphics software suit's 3D ViewPort Editor Mode actually creating and editing the 3D models. And this is where Intel's lack of sufficient numbers of shader cores results in the 3D Graphics software's ViewPort UI actually bogging down and becoming so unresponsive, so unresponsiveas when using Intel Grahics as to become essentially unusable. Intel's Graphics is not there for Folks creating 3D models of the high resolution high polygon count variety Intel's graphics can only manage low resolution Mesh/Textures Gaming sorts of Graphics workloads and not the sorts of High Resolution Meshes that are used in the 3D Animation market where everthing is realistic down to the smallest features and single mesh objects can consist of hundreds of millions of polygons/triangles. AMD's and Nvidia's GPUs are what are needed on laptops for content creation of high resolution Mesh Model assets where the content creators can do fine creating their individul high resolution assets and then transferring that over to the workstation for final animation rigging and final scene inclusion and rendering, on usually rendering clusters(Cloud or on site). Hamish McGregor you are being disingenuous with your purported benchmarking results especially where it concerns Laptop Benchmarks because the entire Online Laptop Review Process is Rather unscientific compared to the PC Review process! And even the PC Review Process Online is not very scientific what with the full set of Benchmarks never used in all benchmarking cases. The Intel dominated Server/PC/Laptop market is the dictionary definition of why, in the longer run, Monopolies are bad for consumers and bad for the security of the computing market. Intel will have cost the entire world economy Billions in lost time and lost CPU productivity with all these Intel hardware security vulnerabilities that affect Intel MUCH MORE than they affect AMD. That's billions of developers hours spent patching software and OSs because the Intel Monopoly dominated that x86 ISA CPU market for so many years. The entire computing Industry can not just drop their current Intel assets and have to purchase more Intel CPUs in order to fix what is broken. This is why no market should be tied to any one single maker of processors or a single ISA. AMD's underlying Hardware that is engineered to Execute that x86 32/64 bit ISA is less vulrenable to Spectre and not vulnerable at all to Meltdown. And AMD's x86 offerings are not vulrenable to Spoiler. Hamish McGregor, some Laptop users are not your average content consumers some laptop users are content creators and did just fine with laptops that where produced In The Pre Ultrabook(TM) Era Laptop market. That Market of what was considered as the Desktop Replacement Laptop Market where the majority of laptops where just normal form factor laptops with 35+ watt rated proper laptop cooling solutions. Ultrabooks(TM by Intel) are what lead to the thin and light laptops doninating the laptop market, laptops that are mostly usless for content creation and are geared towards content consumption. Intel's outsized monopoly and control over the third party OEM laptop market, Trust Arrangement, has caused the Laptop OEMs to come under a unnatural monopoly influnce that runs counter to the free market principles where fair competition is fostered. And now with that majority of the laptop market comprised of Intel's anemic ultrabook CPU SKUs that are needing even more fixes that will sap even more performance from an already weak ultrabook dominated class of Laptops some proper re-benchmarking of all Intel CPU SKUs going backwards to the first generation of core i series Intel processors is in order. No amount of apologies from Hamish McGregor is going to make any difference with respect to the fact that Intel's CPUs are the most vulnerable to side channel attacks compared to any other makers' CPU offerings. And AMD's CPUs/APUs are relativly much less vulnerable to side channel attacks. So any AMD mitigations will cost much less in lost performance compared to Intel's offerings.
And how much will the software fixes hurt performance?
That’s more fixes and more code refactoring of software and Intel’s not paying for that to be done, no way no how!
And this may not be the last of it for Intel’s hardware!
I’ll bet that the interest in going with AMD/others is increasing with each new bit of news about new Intel vulnerabities. And that’s to be expected as the entire server/cloud services industry learns that it’s just not good to have one maker’s brand of x86 ISA based CPU products deployed across such a large percantage of the market.
These types of Spoilers are not keeping Intel’s treads firmly on the road as the Chipzilla Express Bus rounds that curve on Devil’s Slide California. Oops that branch branch predictor chosen code path did not factor in the friction coefficient of rubber if the tires are not even touching the pavement because that Spoiler was switched to providing lift in the wrong vector via some side channel vulnerabities. [Qbert falling sound]
With Intel’s market share you are either on the Intel bus or on the Intel bus going over the edge and down onto the wave worn rocks below. But really you are wishing that you had never got on that Intel bus to begin with had you just chosen not to make the Intel Bus your only option! .