Rush to fix 'serious' computer chip flaws


Well - if that is as bad as it implies, it is pretty terrible. Seems to effect every hardware platform on all operating system. In a nutshell, it is a problem caused by Speculative Execution - which is where the computer does tasks that are not requested in case they are requested and thus improves speed.

Further reading:


Just been reading up on this. Seems it will be patched soon via a Windows update.


My question would be: How are they fixing it? If it is just to switch-off features that improve performance to make the system safer, then how much of a performance hit would be felt. The report says performance could be hit by 30% (seems excessive).


I thought I read somewhere yesterday that this issue was rooted in the Kernel? Wouldn’t that make patching it a bit more complex than a simple software update?


i believe the intent is to patch it in the kernel as you can’t patch the processors, and yes it’ll involve taking a performance hit of some of whatever you gain from speculative execution (entirely task dependent). They’ve known about it for a good while but the details are supposedly kept under wraps to keep everyone safe, until a suitable patch Tuesday has passed. How complex a kernel update is is an issue for the OS engineers and it’ll vary depending on the OS.

If you’re going to be affected, you probably already would have been. There is other stuff already in there to make something like this difficult to exploit.


Ars has a nice overview. First article is from yesterday, the 3rd, and the second is the update from today.


Real world stats:


If you read the ARS article @Ronin linked it says in there that these patches will likely not affect the average user since the average user either wouldn’t be using intensive applications (Specifically applications that have a very high volume of Kernal calls) or would just be gaming which apparently isn’t affected. It says that when the patch is pushed out to all, it will be opt-out for non-enterprise users.

One of the big places at least the Intel patch effects is running VMs so @adrock may well see some impact given the nature of your work, @n0tch too in the same regard and maybe @Jester dependant on the number of VMs you run. Even then, the worst prediction I’ve seen is cutting kernal calls from 6mil to 2.5/3mil which seems like it would hit industrial scale VMs (Amazon, Google, etc) far more than those who aren’t running VMs on such a massive scale.

The full scale and nature of the flaws aren’t even fully public yet, but the ARS article descibes the ‘Meltdown’ flaw in decent detail and highlights why that flaw is at present confined to Intel CPUs and some ARM chips but not AMD (at least not yet).


Whoops, looks like someone is in trouble: Intel’s CEO reportedly sold shares after the company already knew about massive security flaws

  • Intel CEO Brian Krzanich sold off a large chunk of his stake in the company after the chipmaker was made aware of serious security flaws, according to multiple reports
  • An SEC filing last November showed Krzanich sold off about 644,000 shares by exercising his options and another roughly 245,700 shares he already owned
  • That reduced Krzanich’s total number of shares to 250,000, which is the bare minimum that an Intel CEO should own, according to The Motley Fool



So performance stats, granted only one CPU.


After reading the ARS article, I figured that this would effect me more with regard my servers that I own that are both dedicated or cloud based.

From a performance point of view on my desktop machine, I figured that gaming wouldn’t be too effected until I saw that report by @n0tch - Nearly a 10% framerate reduction on R6 Siege… that’s pretty heavy. Will effect servers too for games like A3 as well I guess.

From a security point of view, I guess the biggest vulnerability in my eyes is the ability to break out of a VM environment on a server… that’d be devastating - but from a home PC point of view, having your machine compromised and being infected to be used as part of a botnet.


I bookmarked this to read it later. Does seem to call in to question what was suggested in the ARS article.



Not good for Apple

Meltdown and Spectre: All Mac devices affected, says Apple -


Well, of course… because they all use Intel or ARM processors.

ARM processors are the fun one in this whole dilemma - because they’ll be in ‘things’ that aren’t on the face of it ‘a computer’ - so intelligent devices… like your Amazon Echo (not sure if the echo is effected, just an example).

Of course, these devices need to use Speculative Execution to make them vulnerable - but if they did, i’d consider them more of a concern that a popular computer or phone brand that’ll be quickly patched.


Rumour has it that it could be any Intel processor since 1995 or any using modern architecture. So it’s pretty much any processor.


DigitalOcean, who I use to host ZiiP currently seem to be on top of it. I’ll be doing manual updates of the linux OS shortly as good practice, but I believe the droplet should be protected as we are not directly linked to the hardware.


A follow up article from Ars again, this time dealing with the responses from Intel,AMD,ARM and Apple