Meltdown and Spectre

I am sure all of you have heard about the recently discovered processor flaws: Meltdown and Spectre. If you have not heard hear is an article about them:
I would request that all of you who own a PC or Mac that you go to your product support (so dell computers go to the dell support page) and check for a release on a patch for your processor.
The best I can offer,
P.S. The PC World article has some great laces to look for product support.

There are patches already available for Linux, Microsoft is releasing a patch next Tuesday with the regular monthly Patch Tuesday updates.

I’ve not heard yet on Apple, but they’re working on a patch too.

This (Spectre) isn’t an OS bug, it’s a processor architecture bug that can be mitigated through the OS, so it affects EVERY system that has a processor that can do speculative execution. That’s Intel, AMD, ARM, pretty much every processor that’s been built the past 20 years. That includes your router and your phone. It’s icky.

Apple has already released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2 to help defend against Meltdown. Apple Watch is not affected by Meltdown. In the coming days we plan to release mitigations in Safari to help defend against Spectre. We continue to develop and test further mitigations for these issues and will release them in upcoming updates of iOS, macOS, tvOS, and watchOS.

Yeah it is very frustrating to hear after so many years…but hey they need to make money somehow…right? note it is sarcasm :smiley:

What’s frustrating is that it took so long to discover, we hope. Who knows if the NSA, FSB, PLA, or even the SWE have been secretly exploiting this for years.

As far as security holes goes, this one falls into the category of “It was a security hole so big no one noticed it because no one could see the edges of it.”

The big question to me is what are the costs of the patch going to be in terms of speed/performance of the chips.

That’s a very good question, and one that is going through wild speculation so far. I’ve seen reports that say it could be 30%, and I’ve seen reports that say it’s not noticeable except in very specific, seldom used edge cases. I expect the truth lies somewhere in the middle - It’s not going to be huge, and on the average consumer computer won’t be a big deal. But when you look at things like server farms with thousands of machines, even a hit of 1% can be significant. It’ll have a bigger affect on widespread Cloud-based applications than anything else.

You are correct. I’ve been reading a lot about this vulnerability today. It’s a mess for providers more so than consumers directly on their end systems.

I suspect this one might actually cause Intel to lose some market share. It’s A LOT less of an issue for AMD and ARM.

In terms of gaming, it only looks to be a 2-4% hit for Intel processors past Haswell. (4xxx series) In terms of FRC use, that may be a bit different.

In addition, the big change coming will specifically affect system calls, which is why it will have a bigger effect on servers and applications which use system resources (time, file information, and much more). Games tend to be light on system calls, which is why they aren’t affected as heavily by the fix for meltdown.

As for FRC, the RoboRio uses an ARM processor, which means that it will not require a fix for meltdown.

Note: there is no immediate fix I am aware of coming for spectre, although all processors are susceptible afaik.

The RoboRIO uses an A9 and it is susceptible based on the data from ARM:

I doubt highly we see a patch though.

TIL, Thanks for double checking!

I agree as well, the situations in which a rio is used generally does not include any private or protected information.