Comments Locked

107 Comments

Back to Article

  • yeeeeman - Thursday, August 30, 2018 - link

    I think you (the press) created the interest for these fixes, to have something to write/talk about. Other than real businesses, don't see anyone else to be really affected/interested by this.
  • BurntMyBacon - Thursday, August 30, 2018 - link

    In which case, I have to say kudos to Ian Et Al. for creating the interest that prompted Intel to be more forthcoming with this information.
  • AdditionalPylons - Thursday, August 30, 2018 - link

    Agreed.
  • MrSpadge - Thursday, August 30, 2018 - link

    +1
  • Memo.Ray - Thursday, August 30, 2018 - link

    It is OK, that guy still lives in 1983! Even HTTP hasn't been invented yet! no one is going to attack you :-)
  • GekkePrutser - Sunday, September 9, 2018 - link

    I as a consumer am very interested in this. I'm not really worried about the risk, but there was a drop in performance when the software patches were applied. I'm very interested in the hardware fixes' ability to reduce that drop.
  • Ian Cutress - Thursday, August 30, 2018 - link

    'Other than real businesses'

    Which would be 100% of businesses that exist? A large part of our audience? Or is that just the press creating interest? It's a funny move to strike out 100% of 'real' businesses and state we're the ones creating interest.
  • Icehawk - Thursday, August 30, 2018 - link

    Can you convince my company that they need to address these exploits? Management has been ignoring the reports and basically refuses to patch anything.
  • N Zaljov - Thursday, August 30, 2018 - link

    I don't think that it's the job of a tech journalist to ensure that your company's head-honchos are responsible and foresightful people.

    The change of mind has to happen on a different level, and since the only way certain people learn is by burning their hands multiple times on a kitchen stove... ;-)
  • imaheadcase - Thursday, August 30, 2018 - link

    That doesn't matter to normal people with technology. I know many people who just get something else if they can't figure out a problem within a few minutes.
  • Ratman6161 - Friday, August 31, 2018 - link

    "I don't think that it's the job of a tech journalist to ensure..."

    My department (IT) picks which systems we are going to buy and we have a separate Information Security office that rides heard on us. Upper management rightfully puts the responsibility on us to buy the right systems and keep them patched and updated. That's why our departments (IT and Security) exist. If the C-Level has to tell us what to do then we are on our way to being unemployed. That's how it works in "real business".
  • N Zaljov - Saturday, September 1, 2018 - link

    I never assumed anything different at all, but thanks for adding that. Your company seems to do the exact right thing: Distribution of responsibilities by delegating tasks to departments that actually know what they're doing and (most importantly) clear communication, not only between the departments, but also with the C-level execs.

    The fact that the company you're working for even has its own Infosec officer speaks proof enough. I've spent quite some time working for and with companies all over Europe, and the vast majority of small-to-medium (I'm talking about 10-50 employees, not really "medium" for people living in the US or Canada) enterprises don't even have proper guidelines for Infosec, let alone an Infosec officer or an entire department. It's absolutly atrocious.
  • Zan Lynx - Thursday, August 30, 2018 - link

    If your computers only run your code, like a database server or a web backend, then you don't have to worry about these attacks. It only becomes a problem when someone else can run code on the machine, like browser Javascript, Java applets, Flash, or if some malicious attacker breaks in via an application vulnerability.

    Mostly if someone breaks into your server and gets access, you have other things to worry about. And you should definitely notice before they have time to run a Spectre attack to steal your SSL private keys.
  • The_Assimilator - Friday, August 31, 2018 - link

    If your management is too dumb to address critical security vulnerabilities, find somewhere else to work.
  • zlandar - Friday, August 31, 2018 - link

    Depends on your company.

    If you work for a small company that doesn't deal with sensitive financial or personal information the risk your company will be specifically targeted is extremely low.

    If you work for Equifax your boss better be paranoid as f--- because the whole world is trying to break in 24/7.
  • Makaveli - Saturday, September 1, 2018 - link

    Don't worry Icehawk, when they get a serious enough data breach management will all be looking for new jobs. And the next group coming in won't make that mistake.
  • DeepLearner - Thursday, August 30, 2018 - link

    This is hilarious. I read this site because I work for a fintech company (I think games are cool but don't game myself) that uses a ton of high end hardware. I am immediately interested in hardware exploits. yeeeeman, if you think "real businesses" aren't an important audience for a site like this, you should see our budget (I won't disclose it tho lol).
  • imaheadcase - Thursday, August 30, 2018 - link

    To be fair most businesses don't care about it. I mean walmart, the biggest retail chain in the USA leaves its server doors open because quote "it just gets to hot". hundreds of people walk by the doors every day and can just waltz into the room and do whatever they want.

    Hell even the training AIO computers have a Windows 7 and windows XP product codes taped to them so easy to reinstall the OS.

    So to get any company to care he has a point.
  • Reflex - Thursday, August 30, 2018 - link

    What risk does having the product codes on the outside of the PC create? For WinXP, none since the codes are in use and attempts to use them again will fail. For Win7 none, as the license is tied to the hardware and attempts to activate that code will fail.

    Also, where did you get that bit about walmart having doors to the 'server rooms' open because its hot?
  • imaheadcase - Thursday, August 30, 2018 - link

    Its enterprise codes, they are not limited by devices.

    I work at walmart is how i know.
  • cashkennedy - Friday, August 31, 2018 - link

    i worked at 2 walmarts, and in both they were in rooms that every department managers had keys to and they would let any employee go into the room alone to use the printer or various other reasons. So you could easily tamper with the physical hardware (insert a flash drive / move around cables / steal a hard drive)
  • 29a - Friday, August 31, 2018 - link

    "Hell even the training AIO computers have a Windows 7 and windows XP product codes taped to them so easy to reinstall the OS."

    OEMs have to put the product key on the case for legal reasons.
  • tmnvnbl - Thursday, August 30, 2018 - link

    How is this not relevant for everyone? These are severe security issues that affects nearly every application processor everybody uses all day for all their personal or work related stuff. I highly recommended you to look into it a bit more, and I really appreciate anandtech going after this. I assume Intel did not want to talk about it because it remains a sore point for them, not that it is not interesting for people.
  • andrewaggb - Thursday, August 30, 2018 - link

    I completely agree, this should be relevant for everyone. Security issues of any kind are important for people to understand and these ones come with a meaningful performance impact.
  • timecop1818 - Thursday, August 30, 2018 - link

    lol it affects literally less than 1% of desktop computing population. it's a hugely blown out of proportion exploit that is completely inpractical to execute on Joe Q Public's machine and even less useful to obtain any valuable data.

    I'm glad Microsoft at least provides registry keys to disable all this fucking nonsense.
  • chrcoluk - Wednesday, September 26, 2018 - link

    I agree with timecop, this has got to be one of if not the most overhyped exploit in my lifetime, its been hyped up in the sense that if you dont patch your systems you going to get wrecked in terms of data loss. The reality is this requires a machine to be already compromised before it can even be attempted and even then its very difficult and complicated to pull off, the performance hit is hideous, I wouldnt put it past a competitor of intel deliberately leaking this to trash intel's performance, as that is the worst impact of this vulnerability, not the security issue itself but the loss of performance, and milions are blindly patching their systems like sheep.

    Most of this stuff requires a microcode update, if you on windows 8.1 or older on old microcode, it means even if you fully patched up only meltdown is mitigated and that can be disabled by a registry key, so thankfully most people wont be feeling the full performance brunt of this nonsense and only need to disable meltdown. Windows 10 however I think does provide microcode updates via windows update loaded up on windows boot, so for windows 10 users its more difficult to reclaim performance but I think the lot including Foreshadow can be disabled via the registry.
  • willis936 - Thursday, August 30, 2018 - link

    If you read about journalism you'll see that it's about stories. And man what a story this is. They didn't manufacture interest, it's just interesting.
  • V900 - Thursday, August 30, 2018 - link

    Journalists manufacture stories all the time.

    It’s how they manufacture consent.
  • cerealspiller - Saturday, September 1, 2018 - link

    "It's how they manufacture consent."

    Now that's what I call a Freudian slip of EPYC proportions. :-)
  • jordanclock - Thursday, August 30, 2018 - link

    That's absolutely not true. These vulnerabilities are scary for everyone. EVERYONE. Your data is traversing systems running CPUs that are vulnerable to this attack, whether or not you directly access those systems.

    I do not remember any other vulnerabilities that were so pervasive and in such fundamental functions of CPUs of many vendors going back years.
  • rocky12345 - Thursday, August 30, 2018 - link

    They were not vulnerable to these exploits until they were made public because no one was aware of them including hackers but then they were given names and pretty much told the world exactly what to and where to look if you wanted the frack over someones CPU/system. Yes the exploits were there but no one was aware of them.

    You also can not call them exploits that were built into the CPU's because at the time these cpu's were designed the designers had no clue there would be aholes out there trying to pick apart their designs to use them for no good such as screwing peoples systems over. Sorry to say this but if they keep digging they probably will find a few hundred more problem areas in cpu's as well as GPU's as well that could become exploits all of which most likely would slow our hardware down and at some point set us back to stone age computing once all of them are patched and fixed.

    For me personally I hope they stop looking so hard because every time they find something and it gets patched we the user lose a little bit of our systems and at this point we got evry tom,dick,harry,sally looking for something so if they find it they get 15 minutes of fame and get to bolster their resume a bit.
  • aebiv - Thursday, August 30, 2018 - link

    This is the dumbest comment ever @rocky12345

    If Intel had done proper vetting, and looked at the processes for how they were handling those calls, these bugs would NEVER have made it to production. I think it's far more likely they did know of the issue, but didn't think it would ever be one, because it just made them faster.

    Someone, somewhere, is always going to find one of these bugs, and I'd rather it be the good guys who announce it to everyone so it can be fixed, than the bad guys who will just exploit it. It's a race.
  • Holliday75 - Thursday, August 30, 2018 - link

    And who is to say that no state sponsored or private groups were not aware of them? If they were they aren't telling anyone. They just quietly use them as they see fit. We do not think they were ever exploited, but you never truly know.
  • HStewart - Thursday, August 30, 2018 - link

    "If Intel had done proper vetting, and looked at the processes for how they were handling those calls, these bugs would NEVER have made it to production."

    It has already been problem that it not just Intel, but people seem to only think it is Intel and when Intel fixes the issue - they ignore it - it has been proven that both AMD and even ARM have such issue.
  • HStewart - Thursday, August 30, 2018 - link


    "It has already been proven that it not just Intel"

    I wish this site have edit command for only Author.
  • Manch - Friday, August 31, 2018 - link

    As always defender of Intel's virtue, you're not being forthright.

    It's true that Intel isn't alone in the vulnerabilities but Intel has the worst of the two vulnerabilities, Meltdown although it does affect a few ARM CPU's. Spectre affects Intel/AMD/ARM but it affect AMD and ARM to a much lesser degree.
  • rahvin - Friday, August 31, 2018 - link

    Of the 11 Spectre exploits AMD has only been vulnerable to 3 of them, these are the 3 that every out of order processor were vulnerable to as they attack the fundamental idea of executing code out of order. The 3 are very difficult to execute and will require good access to even try.

    Of the 8 remaining Spectre vulnerabilities most of them are Intel only, and some of them like the Meltdown Spectre exploit are extremely easy to exploit. Don't be a fan boy about this, Intel clearly prioritized speed over security and as a result they are suffering from vulnerabilities that the other chip designers aren't. Intel will fix these in upcoming silicon but we shouldn't hand wave away how serious these vulnerabilities are. Meltdown in particular is a very serious vulnerability that can be exploited by something as simple as Javascript that's part of an ad on a website. That's as close to a drive-by exploit as you can get.
  • chrcoluk - Wednesday, September 26, 2018 - link

    meltdown is not easy to exploit, the machine has to be already compromised.

    No malware has even attempted to use meltdown as its too complicated to successfully execute. Much easier fish to fry.
  • voicequal - Thursday, August 30, 2018 - link

    "these bugs would NEVER have made it to production"

    I'm pretty sure by your logic no hardware or software would ever be released because none can be proven 100% secure.

    Traditionally SW has been so rich with exploits that there was no need to go after HW. After a few decades of improving SW security, this is beginning to change, and HW vulnerabilities are now lower hanging fruit for researchers and hackers alike.
  • Dr.X - Monday, September 3, 2018 - link

    @rocky12345 & @aebiv
    Gentlemen you both make very valid points. It is impossible to vet any design for an unknown future use case that exposes vulnerabilities. VM's are such a use case, which has only become popular in the last 10 years. Intel architectures are much older (Pentium Pro, etc), and as such errors of omission are to be expected with new use cases.
  • chrcoluk - Wednesday, September 26, 2018 - link

    its not dumb.

    I think disclosing potential vulnerabilities to the public when the following are all trus is just irresponsible.

    1 - No immediate means of patching
    2 - No Known use of the exploit
    3 - Implications of disclosure are high.

    All of these are true for these exploits, it should never have been publicly disclosed in the first place.

    It definitely would not surprise me if we had dozens of exploits discovered on cpus and gpus before end of 2020 and as a result our hardware runs significantly slower for exploits that will never be used in the wild. Its insanity.

    aebiv here is something for you to think about

    First of all there is never a guarantee bugs get found, next even if they do how do you know these bugs were not found before but simply not disclosed? even by bad guys.

    Third how do you expect these cpu bugs to be so dangerous to the average joe bloggs, why is no malware using meltdown e.g. when it was disclosed 9 months ago, after all 10s of millions of devices are vulnerable yet no nasty guy has took advantage of it, the answer is they cannot do it because its too complicated to pull off. These are potential security bugs and I would not go above the word potential, they not practical for live attacks.
  • FunBunny2 - Thursday, August 30, 2018 - link

    "at the time these cpu's were designed the designers had no clue there would be aholes out there trying to pick apart their designs to use them for no good such as screwing peoples systems over."

    yeah, the dumbest. processor design is a maths exercise, limited only by what transistors can do. and they can do anything, modulo speed of execution. since cpu design depends, deeply, on CAD widgets made by others. I wager it's been 4 decades since any cpu was drawn at the transistor level and taped out. it's all black boxes, running on black magic. provably correct circuits? only to the extent the testbed knows where the holes could be.
  • eva02langley - Thursday, August 30, 2018 - link

    "at the time these cpu's were designed the designers had no clue there would be aholes out there trying to pick apart their designs to use them for no good such as screwing peoples systems over."

    Intel knew what they were doing a long time ago. Their number one concern was to maintain a near monopolistic market and this is one of the strategy they employed.

    By making people believe their CPUs were faster and as safe as the competition, they manipulated market like they did with Mother of all program (MOAP). In fact, their CPUs were faster at the cost of security... AMD drop the ball with bulldozer, no question, but they were more secure.
  • HStewart - Thursday, August 30, 2018 - link

    "AMD drop the ball with bulldozer, no question, but they were more secure."

    AMD also has problem with Spectre.

    These are not bugs - it design functionality that was made not only in Intel CPUs but also in AMD and ARM cpus. the following statement about it

    "Almost every system is affected by Spectre: Desktops, Laptops, Cloud Servers, as well as Smartphones. More specifically, all modern processors capable of keeping many instructions in flight are potentially vulnerable. In particular, we have verified Spectre on Intel, AMD, and ARM processors."

    https://meltdownattack.com/
  • bji - Thursday, August 30, 2018 - link

    Spectre is also the almost-impossible-to-exploit version of these bugs. Meltdown, the Intel-only one, is the one that could be exploited reasonably easily.
  • Manch - Friday, August 31, 2018 - link

    AMD processors aren’t affected by the Meltdown bug at all.

    Spectre patches are optional for AMD bc they're almost near zero chance. It would require an infected firmware upgrade to do anything. The rest are patch via OS already and have zero impact on performance.

    No, its a bug. Stop being delusional.

    Am I happy about the perf hit? nope. Am I going to toss my 4970K? LOL, nooooo. Is Intel the more vulnerable bc they cut corners on security for performance? Yes.
  • chrcoluk - Wednesday, September 26, 2018 - link

    The severity of a exploit is determined by the ease it can be carried out not by the amount of potential targets. More potential targets means more possible damage but if its difficult to carry out, then its ot a severe exploit. These cpu exploits all of them require local access to the machine already, meaning that requirement alone makes it non trivial. But even if one already has local access they difficult to pull off, in short you never going to see "ANY" of these in malware bots, its the sort of exploit a dedicated state sponsored attacker would use on individual targets.
  • joenathan - Thursday, August 30, 2018 - link

    I 100% don't agree with you, I for one was wondering why this information was missing. I think any CPU Intel releases should have this information. I own an i7-8700K and debated heavily between choosing it or Threadripper, at the time the simple fact was the 8700k benchmarked better.

    Now with the performance hits from the mitigations and patches the reason for me investing in the z370 platform start falling apart.

    Additionally I build systems for other people too, knowing the best CPU to recommend to people is huge for me and Anandtech's stance on this is a breath of fresh air, it means I will be able to make informed choices.
  • Cooe - Thursday, August 30, 2018 - link

    "I own an i7-8700K and debated heavily between choosing it or Threadripper, at the time the simple fact was the 8700k benchmarked better."

    Uhh no.... No it does not. (At least if "benchmarks" means ANYTHING not 1080p gaming or pure single-core synthetics).
  • eva02langley - Thursday, August 30, 2018 - link

    I don't recommend a single Intel CPU altogether. There is no reasons to buy one today. The differences in performances are too marginal to really make a significant impact in anything.

    The 2700x is a great cpu, the 2400G is the best APU on the market and the 2950x is an incredible chip to. It is hard to recommend Intel with Spectre and Meltdown.
  • PEJUman - Thursday, August 30, 2018 - link

    I am definetely no longer interested at Intel processors. Especially after these security incidents and how they handle the microcode rollouts afterwards.

    I am still using PCs (Xeons to celerons, and everything in between) but are closer than ever to switch to MACs. If apple ditched intel for their own, I would be seriously tempted.
  • Cooe - Thursday, August 30, 2018 - link

    You know that AMD exists, right???
  • PEJUman - Thursday, August 30, 2018 - link

    I do, I am considering them to replace the Xeons, problem is their threadripper implementations seems bandwidth/latency compromized, while EPYC is hard to get for sub 10k workstations. Which locks my <22 cores VM backend into these single/dual xeons with quads DDR4 on a ring bus, at least for now...

    Mobiles been processing power indifferent for quite some time... mostly battery life sensitive. Intel’s hold on this market is still a challenge for AMD. Not from CPU standpoint, but vendor’s integration quality.

    That’s leaves them with just 1 space, at least for my personal usage scenarios. A very price sensitive enthusiast desktop space.
  • HStewart - Thursday, August 30, 2018 - link


    "I am definetely no longer interested at Intel processors. Especially after these security incidents and how they handle the microcode rollouts afterwards."

    You do realize that Intel is not only one with Spectre and possibly Meltdown. I would not call them incidents - since as far as I know no official Incident has been notice. Also these fix in these latest processors are not just micro-code.

    "Almost every system is affected by Spectre: Desktops, Laptops, Cloud Servers, as well as Smartphones. More specifically, all modern processors capable of keeping many instructions in flight are potentially vulnerable. In particular, we have verified Spectre on Intel, AMD, and ARM processors."

    https://meltdownattack.com/

    "I am still using PCs (Xeons to celerons, and everything in between) but are closer than ever to switch to MACs. If apple ditched intel for their own, I would be seriously tempted."

    The problem with Apple and there processors - it is almost 100% sure for iPhone X to get the speed they are getting they have they have predicted branch - but they are such closed architecture that one has no idea.
  • PEJUman - Thursday, August 30, 2018 - link

    I do realize the extent of these exploits have on speculative operations. My problem with Intel lies on their response to these issues, not the performance impact thereof.

    "The problem with Apple and there processors - it is almost 100% sure for iPhone X to get the speed they are getting they have they have predicted branch - but they are such closed architecture that one has no idea."
    Agreed, which is my point exactly. This is the first time I seriously doubt Intel commitments into their product. Prior to these exploits, I trust Intel's competencies and code of ethics more than Apple's. But Intel recent singular focus on profitability prompted me to rethink my position on Apple's walled garden approach...

    I spent so much time on their botched microcode 'patch' that I am liquidating the older 'Core' systems, and consolidating them to VM's to reduce the exposure of unpatched systems. I am guessing a lot of other IT pro's are at least considering this scenario. which means less CPU sales for Intel, or at least I hope so. Since that seems to be the only language they understand.
  • FunBunny2 - Thursday, August 30, 2018 - link

    "I think you (the press) created the interest for these fixes, to have something to write/talk about."

    sounds like a Fake News indictment?? No Collusion!!
  • eva02langley - Thursday, August 30, 2018 - link

    This is of utmost importance. Intel deliberatly neglected security over performances and now we have this fiasco. Let me reminder you that many of the Intel CPU will never be patched because the motherboard manufacturer are not supporting older platform anymore.

    I would not buy a single Intel chip until they finally deal with it.
  • Phynaz - Thursday, August 30, 2018 - link

    I take it that you will never be buying an AMD, IBM or ARM CPU either?
  • bji - Thursday, August 30, 2018 - link

    False equivalency.
  • V900 - Thursday, August 30, 2018 - link

    Absolutely not a case of “false equivalence”

    (Which, BTW: Is a non-argument usually used by the kind of people who like to parrot opinions, instead of doing the kind of rigorous thinking that lead one to form his own conclusions.)

    The worst of the Spectre/Meltdown security flaws isn’t limited to Intel, but affects any modern CPU, including AMD, etc.
  • V900 - Thursday, August 30, 2018 - link

    You got a point.

    If you’re an average gamer or consumer, there’s little reason to worry about Spectre & co. As of now, anyways.
  • eva02langley - Thursday, August 30, 2018 - link

    Until another tree fall on the road and the bridge collapse.

    Buying a cripple and insecure product is not what I call a smart move.
  • eva02langley - Thursday, August 30, 2018 - link

    No way I am to back this.
  • V900 - Thursday, August 30, 2018 - link

    So you’re saying I shouldn’t buy an AMD CPU at all under the current circumstances?
  • HStewart - Thursday, August 30, 2018 - link

    Yes the press has pressure on these issue a lot - and some people go so far to Ignore that Intel has work on making fixing them and assume that these fixes required 10nm, Also they make the false assumption that Intel is only company with these problems - in fact both AMD and even ARM have the problems.

    I have yet seen a real virus or malware that uses Spectre or Meltdown in the field.

    Hopefully we will see end such stuff - it not helpful in productivity of new computer technology - in fact it makes it more possible for more virus and malware.
  • Manch - Friday, August 31, 2018 - link

    There are exploits in the wild already. Most are just seeing how viable the exploits are. A couple may be worrisome.

    Seriously, stop spreading FUD.

    Intel is vulnerable to MELTDOWN, A few ARM procs too. AMD is NOT
    Intel/AMD/ARM are vulnerable to Spectre. ARM is less susceptible. AMD even less so to the point its patches are OPTIONAL.

    Intel has had to respin silicon to eliminate the bugs in HW. SW fixes tend to have perf hits. MOST aren't bad, but a couple are significant. With 10nm, all bugs will be fix in silicon as some require a good bit of re engineering.
  • HStewart - Friday, August 31, 2018 - link

    This is not FUD, this is from the following site which looks like good information

    https://meltdownattack.com/

    I don't believe Meltdown is only Intel but that could be wrong, Spectra is ALL CPUs.

    https://thehackernews.com/2018/01/meltdown-spectre...

    Meltdown appears to fix in hardware for this cpus.

    If you so insisting on telling this is fud, then provide just one real example of virus that uses this Meltdown and Spectra stuff.
  • boeush - Friday, August 31, 2018 - link

    Non-business people should care too (at least those for whom performance matters), since Microsoft has pushed out mitigation patches for Windows 10 without allowing anyone to opt out. That means performance nerf with current-gen hardware for *everyone*. So anyone contemplating a new PC purchase in the near future might care about hardware mitigations that might restore some of that lost performance...
  • GreenReaper - Friday, August 31, 2018 - link

    You're allowed to disable them. Just search for all instances of "to disable" here:
    https://support.microsoft.com/en-us/help/4072698/w...

    The code and registry settings are likely to be the same for Client as it is for Server. They just don't tell people running the client version about it because they almost certainly shouldn't disable them.
  • Siress - Monday, September 3, 2018 - link

    Clearly, then, you should let other people think for you.
  • peterlobl - Thursday, August 30, 2018 - link

    power to the press is power to the people !
  • bug77 - Thursday, August 30, 2018 - link

    What's more interesting for me is whether hardware fixes for these vulnerabilities are anything but toned down data prefetching.
  • Mr Perfect - Thursday, August 30, 2018 - link

    I'd like to know what a hardware fix consists of also. Have they found a way to secure prefetching? Rumors suggest that the next processor refresh won't have HT, which makes me wonder if fixing the security flaws means they have to just shut this stuff off.
  • bug77 - Friday, August 31, 2018 - link

    Most likely it means just that.
  • jaydee - Thursday, August 30, 2018 - link

    What's with the "Buy the Right CPU" video right in the middle of the article? Is this the new norm?
  • DanNeely - Thursday, August 30, 2018 - link

    Looks like a video ad posing as anandtech content. Someone on Twitter should ping Ian or Ryan so they can go scream at Purch's ad buyers, because that's totally unacceptable. IMO
  • Ryan Smith - Thursday, August 30, 2018 - link

    Actually it is AnandTech content.

    Our current publisher (and going forward, Future as well) is pushing into doing short-form video. Quick takes under 2 minutes or so. And AnandTech is part of that.

    So now in most articles, you will find a video player that goes through a list of AnandTech videos (Purch's systems try to best match the video's subject with the article). And attached to that is a pre-roll ad that will run first, before the video.

    As for the videos themselves, we're still working on those. These first videos are all approved by me, but they're essentially recycled from Tom's Hardware. This is due to timing and the fact that we're still getting our feet wet with the format. Going forward we will have more unique videos, but we need to experiment here and see how we can offer AnandTech depth in under 120 seconds (without going full-on blipvert).
  • jaydee - Friday, August 31, 2018 - link

    The big "X" on the bottom doesn't seem to close the video... There's always "Reader View" on most browsers now (which I'm using more and more), but it doesn't handle tables particularly well.
  • Ryan Smith - Friday, August 31, 2018 - link

    To clarify, the 'X' is to get the floating window to stop following you around. The video anchored in the middle of the article is not intended to go away and will always be there.
  • bug77 - Sunday, September 2, 2018 - link

    Lol, there's a video? Thank you, NoScript.
  • duploxxx - Thursday, August 30, 2018 - link

    and where is the press providing info that Intel has supply issues till the end of the year of most of there skylake cpu?

    https://h41360.www4.hpe.com/partner-news/cat-enter...
  • Chad - Thursday, August 30, 2018 - link

    Thank you, Ian!
  • ajp_anton - Thursday, August 30, 2018 - link

    "Amber Lake is still Kaby Lake, but built on the 14+ process node, identical to Kaby Lake Refresh"

    Uh, isn't 14+ also Kaby Lake? And why do you keep referring these as using the Kaby Lake architecture, when it's all still Sky Lake? Or at least the CPU part is, the GPU got a minor media upgrade in KBL, but the CPU is what's being talked about here.
  • Ryan Smith - Thursday, August 30, 2018 - link

    Note that Kaby Lake has a different iGPU than Skylake. So if we're talking about just the CPU core, then Skylake is an apt comparison. If we're talking about the complete chip design, then Kaby Lake is more accurate.
  • FunBunny2 - Friday, August 31, 2018 - link

    "So if we're talking about just the CPU core"

    it seems, what with CAD and VHDL/Verilog libraries, and just the maths of doing so, that most of what's in a cpu core ought not to have been 're-designed'. modulo wider and smaller node. yes? IOW, has anyone, for example, created a 'new' ALU circuit since 19XX?
  • V900 - Thursday, August 30, 2018 - link

    It’s frankly incredible, and somewhat disturbing, that Intel is THAT out of touch with the market.

    Anytime there’s news about Intel CPUs, within the first dozen comments, people start asking about Spectre fixes. It’s been like that for awhile.

    How Intel could have missed this, is.... Weird, to say the least.

    Did Intel take a lesson from 13th century monasteries, and keep its PR and engineering staff secluded from the rest of the world or something?
  • Dr.X - Monday, September 3, 2018 - link

    @V900 Please understand (<-Sorry for that hated phrase) that the cause of Spectre & Meltdown was a strategic performance feature up to 2016, namely Speculative Execution (spec.ex), which by my memory was first introduced in the Pentium Pro in the late 1990's. There were no Virtual Machines at that time, to expose the now understood vulnerabilities of spec.ex. Today VMs are everywhere and all are vulnerable. Cisco has even switched to AMD based UCS servers to satisfy customer demand for non-Intel platforms.
  • JoeyJoJo123 - Thursday, August 30, 2018 - link

    Hoping that there's purely hardware fixes for the Intel 9000 series and I may consider upgrading to that or Ryzen 2 or 3 from my current 4690k, depending on overall value/features.

    Good to hear there's real hardware fixes on the horizon, even if the implementation isn't entirely in hardware.
  • wow&wow - Thursday, August 30, 2018 - link

    So the mitigation for "Foreshadow" still only reduce the risk but can't eliminate it!

    All the system companies and retail stores selling the products with the Intel faulty chips inside but without the warning sticker "This product has known security risks with Intel CPU inside." on the products should be sued for not disclosing to consumers!
  • Oxford Guy - Monday, September 3, 2018 - link

    Haven't you heard? Only elites are entitled to own IP. The rest of us are supposed to surrender everything about ourselves to the almighty cloud.
  • NuclearArmament - Thursday, August 30, 2018 - link

    Use Fujitsu SPARC64/Solaris; IBM POWER 9/AIX, z/OS; Elbrus; IA-64/HP-UX; SX/Super UX; MIPS IV/IRIX; Alpha/OSF/1. Ditch x86, ARM, and never look back.
  • NuclearArmament - Thursday, August 30, 2018 - link

    IBM's Cell (Broadband Engine Architecture), specifically the venerable QS22 variant is also still a decent option. Hitachi's SuperH, Apollo Computer's PRISM, and Fujitsu's FR-V, used in conjunction with a direct descendant of UNIX--System V, BSD, OSF/1--are also possible alternatives to the x86/ARM hardware and NT, GNU/Linux software hegemony.
  • Senti - Thursday, August 30, 2018 - link

    Typical article of Ian: Variant 3 (Meltdown) mitigation on Amber Lake (=Kaby Lake) by Firmware? Yeah... (And many other squares are also incorrect.)
    Please, just don't write about things you don't understand at all.

    Tom's has much less such errors in their articles.
  • Ian Cutress - Thursday, August 30, 2018 - link

    All squares confirmed by Intel.
  • Senti - Thursday, August 30, 2018 - link

    Then how about using common sense and asking someone who understands the matter in case Intel PR says such things?

    If there is really a pure Firmware Meltdown (and other squares) mitigation (= don't require OS support at all) for Meltdown for Kaby Lake - THAT is interesting.
  • Senti - Thursday, August 30, 2018 - link

    Then how about using common sense and asking someone who understands the matter in case Intel PR says such things?

    If there is really a pure Firmware Meltdown (and other squares) mitigation (= don't require OS support at all) for Meltdown for Kaby Lake - THAT is interesting.
  • HStewart - Thursday, August 30, 2018 - link

    Ian,

    Did Intel provide any specific information about Hardware fixes provided? I also be curious if AMD or ARM has similar changes coming for cpu's - are they just relying on Firmware / Microcode
  • HStewart - Thursday, August 30, 2018 - link

    One more thing, in following web site - it was mention that Smartphones also could be effected and curious if anybody has more information on that

    https://meltdownattack.com/
  • dynamis31 - Thursday, August 30, 2018 - link

    the price to pay if you have xeons :
    https://www.phoronix.com/scan.php?page=article&...
    aws, google, hpc supercomputer owners must be happy
  • Dr.X - Monday, September 3, 2018 - link

    @dynamis31 Great contribution here! Thanks! I forgot about that great review.
  • davesax1 - Friday, August 31, 2018 - link

    How important are these changes to the consumer? How can u tell if a new computer has the improvements? Should a consumer wait for 9th generation procesors for more hardware fixes?
  • HStewart - Friday, August 31, 2018 - link

    "How important are these changes to the consumer? "

    Has there been a single instance of a virus out there - I believe server machines are effected and Hardware fixes in the works.

    "Should a consumer wait for 9th generation procesors for more hardware fixes?"

    As this article indicates Intel has made hardware fixes for 8th gen U processors listed here, Also in article Intel has made Hardware fixes for new Server cpus.

    9th generation or 10nm stuff is not a requirement form hardware fixes - they can do that with current process.
  • GreenReaper - Sunday, September 2, 2018 - link

    The new Cascade Lake server CPUs aren't here yet, of course . . .

    The change is important if only because 99.9% of people will be running with performance-impacting patches until they have new hardware. Even if you never encounter a virus you will still suffer the cost of protecting against them (and indeed, those patches should in part decrease the chance that you get one from someone else - a kind of herd protection).
  • Total Meltdowner - Friday, August 31, 2018 - link

    All the guys here with Intel stock saying "it doesn't matter". Nonsense, this is going to hurt them badly. They have to redesign these chips!
  • HStewart - Friday, August 31, 2018 - link

    NOTE: This is not related to Intel CPU directory - but for any CPU out there.

    One thing I am curious about if your application is code correctly so that it has no buffer over runs for example - dos the Firmware updates have any impact. If the performance impact is only with poorly written code then I don't believe this much of issue. Of course as developer myself, I understand that some time these are to notice.

    As a developer for around 30 years, buffer overruns is not new thing and curious why only in the last year has this come up.
  • abufrejoval - Friday, August 31, 2018 - link

    Still no news on shadow stacks and CFI against Return oriented Programming? The specs were published in 2016...
  • TheJian - Monday, September 3, 2018 - link

    I want the chips benchmarked when all this is done and patched to see how much we lost. IE, I just bought an 8700k not long ago and wonder how much of a hit will it take when done. If I end up down 20-30% in some stuff I think a rebate or coupon towards a next chip (or something) is in order. Or start putting info on the boxes warning customers that "CHIPS WILL NOT PERFORM AS ADVERTISED" and drop the price accordingly.

Log in

Don't have an account? Sign up now