Stories
Slash Boxes
Comments

SoylentNews is people

posted by mrpg on Saturday January 06 2018, @10:51AM   Printer-friendly
from the ??? dept.

Submitted via IRC for Bytram

Hoping the Meltdown and Spectre security problems might mean Intel would be buying you a shiny new computer after a chip recall? Sorry, ain't gonna happen.

Intel famously paid hundreds of millions of dollars to recall its Pentium processors after the 1994 discovery of the "FDIV bug" that revealed rare but real calculation errors. Meltdown and Spectre are proving similarly damaging to Intel's brand, sending the company's stock down more than 5 percent.

[...] But Intel CEO Brian Krzanich said the new problems are much more easily fixed -- and indeed are already well on their way to being fixed, at least in the case of Intel-powered PCs and servers. Intel said Thursday that 90 percent of computers released in the last 5 years will have fixes available by the end of next week. "This is very very different from FDIV," Krzanich said, criticizing media coverage of Meltdown and Spectre as overblown. "This is not an issue that is not fixable... we're seeing now the first iterations of patches."

Source: Nope, no Intel chip recall after Spectre and Meltdown, CEO says


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Saturday January 06 2018, @01:14PM (7 children)

    by Anonymous Coward on Saturday January 06 2018, @01:14PM (#618739)

    That's not why it's different. The current CPU's have servicable microcode, they can probably patch the chips in-field. I'm guessing they're going to disable all speculative execution across memory protection boundaries.

    And this sets a precedent of course. If Intel gets away with this, they will probably scale down their QA, since they can rely on their customers to do beta-testing for them, like Google and Microsoft are already doing.

  • (Score: 2, Insightful) by fustakrakich on Saturday January 06 2018, @03:50PM

    by fustakrakich (6150) on Saturday January 06 2018, @03:50PM (#618787) Journal

    servicable microcode

    You misspelled 'vulnerable'. Now we can do to CPUs what we've been doing to BIOS for years. Bad dog!

    --
    La politica e i criminali sono la stessa cosa..
  • (Score: 4, Insightful) by Grishnakh on Saturday January 06 2018, @04:18PM (1 child)

    by Grishnakh (2831) on Saturday January 06 2018, @04:18PM (#618803)

    If Intel gets away with this, they will probably scale down their QA, since they can rely on their customers to do beta-testing for them, like Google and Microsoft are already doing.

    Microsoft is absolutely right to eliminate QA and let their customers do their beta testing. Why should they pay QA people to do this work when customers can do it instead? If the customers didn't like it, they could vote with their feet, but they haven't: they've shown over and over that they will take whatever software Microsoft gives them, no matter how buggy or inconvenient (e.g. forced updates), so exactly what incentive does MS have to make things easier for these customers?

    Intel may or may not be able to work this way: it's possible customers could start demanding AMD CPUs in their computers instead. But I kinda doubt it.

    • (Score: 0) by Anonymous Coward on Sunday January 07 2018, @12:50AM

      by Anonymous Coward on Sunday January 07 2018, @12:50AM (#618948)

      What's more, as loud as feminists are about the problems in recent Windows OSes, we never see them use their numbers to move away from Microsoft en masse. Microsoft can be funding sex trafficking, and we still don't see the high priestesses of feminism handing down fatwas against Microsoft.

      Newspapers report about things as though nobody besides Microsoft has operating systems and office software available and ready to use (except those Apple bros), further encouraging Microsoft to not give a fuck. Feminists instead lash out at people who already hate Microsoft, further encouraging Microsoft to not give a fuck. Why should Microsoft (and Intel) bother with quality when anybody who could hold them accountable bigtime is too busy tilting at windmills and saying that free software is something only for failed men?

      To reiterate your point: entrenched companies like Microsoft and Intel can do whatever the crap they want, because there are no consequences for them.

  • (Score: 3, Interesting) by choose another one on Saturday January 06 2018, @04:47PM (1 child)

    by choose another one (515) Subscriber Badge on Saturday January 06 2018, @04:47PM (#618819)

    That's not why it's different either. The two bugs have totally different impact.

    FDIV meant some FP ops gave actual wrong results, for some operands. I was in research at the time, a lot of people had to redo a lot of work (I didn't - I used my own machine and had bought AMD!), only a fraction (maybe one in ten of those that I knew) found actual errors caused by FDIV, but that is enough that all possibly-affected work had to be rechecked. Meanwhile the affected machines were paperweights - you couldn't trust them to do any FP work. On the other hand if you could do your stuff with all integer math, access to lab PCs suddenly became a lot easier... Sure, Intel coughed up replacement processors, eventually, but so far as I know it never compensated anyone who had to redo work. Most people would never notice FDIV impact, but the sci/eng research community (and presumably commercial also) were up in arms because if you were doing any extensive FP you were affected, even if only by the lack of trust in results. At that time the sci/eng community probably bought a significant % of new pentiums, to do FP.

    Meltdown is different - no code has given incorrect results. Except (and arguably, because the result would be the intention of the author) for test programs and live malware, which _might_ exist but doesn't seem to have shown up so far. So, no impact on work done except some systems might have been compromised, so you'd need to check/audit as with any security hole release. Most OSes/hypervisors are patched now, so no impact going forward other than a not-yet-quantified performance impact.

    The performance impact going forward is not yet known, but estimates vary from 5% to 30% and it's workload dependent - big IO DBs and WM hosts being worst. It is also apparently dependent on whether your Intel CPUs have newer PCID instructions or not, which came out in 2008,2010 maybe? So, most people again won't be affected, those that will be badly affected will be VM host admins and DBAs running heavy IO/VM workloads on pre-2010 hardware, now I may be speculating here but I don't think that is a large community...

    • (Score: 1, Insightful) by Anonymous Coward on Sunday January 07 2018, @04:24AM

      by Anonymous Coward on Sunday January 07 2018, @04:24AM (#619004)

      I remember FDIV - these bugs are worse.

      If even 25% of the world's computer users don't patch, and 3% of these are successfully targeted by hackers who steal online banking credentials, that's tens of millions of bank accounts compromised. Can you imagine the social and economic disruption?

      By comparison, FDIV was harmless -- computers were not as widely used. A few analysts and researchers lost time, but eventually got the option to pop the hood and swap the errant CPU.

      Maybe there'll be another cash for computing clunkers deal. :)

  • (Score: 0) by Anonymous Coward on Sunday January 07 2018, @04:12AM

    by Anonymous Coward on Sunday January 07 2018, @04:12AM (#619003)

    From what I read, microcode won't help.

    User-updatable microcode has been around a long time -- almost two decades for Intel CPUs if I recall correctly. But not everything is fixable by microcode. Microcode can't rewire a chip, nor add functionality that isn't there. A CPU isn't an FPGA.

    But I could be wrong -- Intel claim the performance impact of the patches will decrease as time progresses. Maybe this means they have some microcode magic planned that will synergize with newer software patches and reduce some of the performance hit.

  • (Score: 0) by Anonymous Coward on Sunday January 07 2018, @05:04PM

    by Anonymous Coward on Sunday January 07 2018, @05:04PM (#619206)
    If you can fix it with just the microcode then there's no need for Microsoft, Apple, etc to change the code of their OS.