A Note Of Caution Part Doh
The Reg again It gets worse: Microsoft’s Spectre-fixer bricks some AMD PCs
A lengthy thread on answers.microsoft.com records numerous instances in which Security Update for Windows KB4056892, Redmond’s Meltdown/Spectre patch, leaves some AMD-powered PCs with the Windows startup logo and not much more.
Users report Athlon-powered machines in perfect working order before the patch just don’t work after it. The patch doesn’t create a recovery point, so rollback is little use and the machines emerge from a patch in a state from which rollback is sometimes not accessible. Some say that even re-installing Windows 10 doesn’t help matters. Others have been able to do so, only to have their machines quickly download and install the problematic patch all over again …
Maybe if they actually tested some of these things before releasing them they wouldn’t brick people’s computers. I had to muck about for more than a month with my Toshiba laptop after multiple attempts by Microsoft to make it migrate to Windows 10 from Windows 7.
This is why some people won’t update their systems. If you have been burned by a faulty update, you don’t want to take the chance of another disaster.
24 comments
The Linux patches aren’t much better. They’ll slow down my Linux virtual machines by up to 30% because the virtual processors in those virtual machines don’t have the pcid bit set in the capabilities flags, meaning that the OS will issue a memory page table flush every time you do an OS system call.
Since we both are heavy data base users in real life, we seem to be more screwed than others when it comes to degraded performance. Ubuntu isn’t as bad as Win 10, but both are worse than Win 7.
I just read about the PCID bit this morning. If things stabilize I will look at my Linux installs for tweaks.
Yes. I mentioned my experiences with performance here & @ Prometeus in an older thread. Prometeus Are experimenting with various tweaks & patches for their servers & cloud systems. It’s mostly a trial & error process. I’ve had up to 40% performance hit, Prometeus up to 60%.
http://whynow.dumka.us/2018/01/01/happy-new-year-14/#comment-87049
Probably the most comprehensive discussion on the CPU flaws & possible exploits is from my friends @ HardOCP who released this concise summation:
Quick Facts about Meltdown and Spectre
I expect AMD sales to get a boost. Intel stocks have already taken a hit. 🙂 So, in a way… this is just reward for Intel! 😉 😀
Even though Amazon, Google, M$ are all claiming their Cloud services are now *safe* that is, at best, disinformation. As discovered @ Prometius, they are still certainly vulnerable.
I said when everyone began rushing to the Cloud & trusting them with their lives, they were foolish. I have nothing remotely important on any Cloud and never will!
Except AMD’s latest Epyx processor is susceptible to at least one of the Spectre attacks, so AMD isn’t totally out of the woods. And there’s a chance that it’s also susceptible to something similar to Meltdown, even though Meltdown itself doesn’t work on AMD. Speculative prefetching can’t be fixed by microcode because it is a microinstruction, a hardware primitive of the memory controller. You either prefetch, or you don’t prefetch (and take a huge performance hit). There is no inbetween microinstruction.
We run our application in the cloud because we have no choice. To put together a multi-data-center highly available cluster with fat pipes to multiple backbone providers like Amazon’s we’d need a team of data center experts and a million dollars in hardware and six-figure Internet bills every month to pay for the fiber connectivity to the backbones, and we can’t afford that. Instead we lease time on Amazon’s infrastructure, where we share those costs with thousands of other people. I’d prefer not to do this, but either we do it, or we don’t have a business :(.
Here’s a couple quick updates:
Nvidia patch release adds to scope of Spectre worries
Also, Cisco said it has identified 18 vulnerable products and is looking for problems in nearly 30 other products, including switches and routers.
Cloud companies consider Intel rivals after security flaw revealed
The “cars” are still “derailing” and no one can stop the engine. This is such a mess. Chips need to be redesigned, and then they need to be distributed. It will be years to clean up this mess.
Within the next four months we’re going to need to upgrade our infrastructure thanks to a data center move. I was going to exercise my eBay-fu and get a bunch of second-hand Intel servers a couple of generations newer than what I have in order to get more CPU horsepower with less electricity usage (because electrical power is my biggest constraint in my little four-rack data center). But thanks to this fiasco, I’m seriously considering some of the new Supermicro AMD Epyx servers. It turns out that I can get the brand new AMD-based gear for basically the same price as the second-hand Intel gear, *and* get more CPU horsepower, AND it’s not completely broken like the Intel gear.
In four months the price differentials will probably be significantly different as Intel is certain to take a hit. The race is on to see who can redesign and get a product to market.
Apparently, AMD have less work to do than Intel does regarding a redesign. Especially given their design teams are fresh from 2 completely new designs anyway. Still… We’ll see! Also, it’s been confirmed that Intel CEO Brian Krzanich has sold every Intel share he could get his hands on in November 2017 before the share price began dropping. Hmmmm. 😉
I was wondering who would get a tool like this out! Ashampoo was first, as far as I’m aware. And it’s free, of course!
Ashampoo Spectre Meltdown CPU Checker
it’s stand-alone & doesn’t require installation, and is less than 1 MB. It does require Powershell & Internet access to compare against a constantly updated database. It will work on Win 7 (not XP) with the “Windows Management Framework 5.1” installed. It’s essentially a Powershell script packaged as a self-executing program to simplify use for non-tech savvy users. 😀
Chris Hoffman has a script for people who’d rather do things themselves manually:
How to Check if Your PC Is Protected Against Meltdown and Spectre
The fun continues… *sigh*
Trump’s Securities & Exchange won’t investigate Krzanich if he’s a Republican.
I just got an updated BIOS patch & W10 patch.
I ran a series of benchmark’s before/after patches.
1. Generally, single core scores changed little. In some cases, improved slightly. But within the margin of error for the tests. Curiously, a few gaming tests improved slightly by up to 5 FPS.
2. Muti-threaded tests varies widely. Multimedia tests such as Cinbench R15 took a hit of 22 points. Other tests varies between -2% to -8%
3. The biggest performance his was the SSD scores! On my 950 PRO Sequential R/W scores took a hit up to 45%! 4K & 4K-64 IOPS Writes took a big hit up to 30%, Read’s up to 11%. Sequential Write: 1,522 MB/s to 837 MB/s. Read: 2,566 MB/s to 1,488 MB/s.
On the 850 EVO 1TB SSD, the hit’s were relatively similar.
Sequential Read: 557 MB/s to 536 MB/s. Write: 535 MB/s to 448 MB/s.
4K IOPS: Read: 97086 to 76697 IOPS, Writes: 88967 to 62277 IOPS.
4. Networking tests varied from about -4% drop (general internet) to -32% accessing my NAS.
So, kinda mixed bag! Storage basically takes the biggest hit. I also did some Linux benchmarks & the SSD penalty was slightly less, but still a problem.
According to online testing appearing now, AMD based systems are less affected than Intel based systems.
Essentially the financial stuff I create and monster data that Badtux works with are screwed by a design flaw/feature. You can have reasonable performance or security, but not both without a processor redesign.
Just by coincidence I was putting back together a SSD-based database server in my little data center last night, one part of which was rebooting the server with all of the latest security patches. At least with Linux you can disable the Meltdown patch on the kernel boot command line with “nopti” or “pti=no”, which for my SSD-based database server (which is physical hardware running no VM’s and running no software not under my direct control) is the rational and logical thing to do. This is also going to probably make me have to switch to RDS for my database in the cloud, because RDS similarly runs on isolated machines that can run “nopti” because they don’t run any customer-provided software. My cloud-based machines talking to the database servers, on the other hand, are going to have a horrific impact because of the number of kernel transitions involved in networking.
To say that I am not happy with this situation is an understatement. 🙁 It will end up costing us significantly (RDS is approximately 25% more expensive than running your own database servers on EC2 instances), while significantly impacting the performance and responsiveness of our solution. GRRRRR.
Yes. Prometeus/IWstack discovered that with their SSD VPS/Cloud servers. A lot of annoyed clients. Hitachi are working with them to help minimize the performance penalty.
Just to add insult to injury, Samsung released firmware, driver & management s/w updates for Commercial & Enterprise SSD’s a couple days ago supposedly to alleviate the performance impact somewhat. If anyone can get them! Twice I’ve been greeted with:
Seriously??! A multi $billion company being such a cheap bunch of a’holes?! Needless to say, their forum/twitter/FB are full of pissed off clients (including a few Corp’s!) Thankfully, an enterprising (necessarily anonymous) group put them up as a Torrent! Unbelievable!
Also, to update the SSD firmware on Samsung drives, you have to create a UNetbootin USB disk to boot the F/W ISO image for the update. The 850/840 EVO’s updated with no problem. The 950 PRO I had to try a few times! I was half afraid I’d brick it! I have 2… Still! If that happened, Samsung would DEFINITELY get the bill! They’re still under warranty, but they state that if it’s damaged during a F/W update, warranty is void! Like to see them argue that in a Class Action right now!
Geez! I truly despise Corp’s! They are all damned cheap crooks!
This is like running Oracle – you spend years fine tuning everything to get the optimal performance, then they update and none of your tuning works with the new system.
Of course this is worse because the problem is in the hardware and machine code.
Then there is the problem of dealing with clients who all believe that every year things are going to get better, faster, and cheaper. They are not going to appreciate slower and more expensive. I have people still using software that would take hours to process thousands of records and was processing millions of records in seconds on today’s systems. They are not going to remember what it was like in the 1980s. They want at least what they had last year.
I think we can all agree that this is Trump’s fault 👿
oh, great. I’ve forgotten – how do I figure out if I have an amd computer?
Go to Control Panel on the Start Menu and select System
aha, I see it now, thanks!
My previous system was AMD. I KNEW going to Intel was gonna cost me somehow! Typical. *sigh* I really should have waited until 2017. I would definitely have gotten a new AMD system. *shrug*
Hindsight… Always 100%. Bah!
It’s not Intel, or AMD, or ARM .. it’s Trump. I don’t know how or why, but this is his fault. He is such a disaster, an “asteroid of awfulness”, that the odds are it is his fault.
I finally checked and my only Intel box is the Dell I use for XP every summer.
If it wasn’t Intel, M$ would have screwed up your life, so there is no point in regretting choices. We will always get screwed by someone else’s perfidy or incompetence.
Well… yeah! Can always guarantee either Dotard or MicroSux will screw up your life!
My PC, Server, Notebook & Tablet are all Intel! PC & Tablet run W10, so it wouldn’t really matter if they were AMD as the M$ *FIX* screws them all up. Server is Xeon & CentOS which has been patched & DELL issued a Firmware update. It has impacted LAN & storage performance, but not as badly as W10.
The Dell Venue 11 Pro 7140 Tablet uses a Core M-5Y71 which is a 2-core, 4-thread Mobile CPU. I haven’t noticed much impact on that so far, but not used it much.
The Dell Precision M6800 Notebook has a Core i7 3940XM Mobile Extreme CPU, 4-Core/8-Thread. It runs W7 & Linux Mint. No real difference noted. While I was checking, I decided to do some comparison benchmarks with my newer 6th Gen PC (Notebook is considered 3rd Gen). In most multimedia/graphics tasks, it beat my PC, sometimes significantly! Probably due to the NVIDIA Quadro K5100M gfx system with 8GB GDDR5 dedicated RAM. It also has 3 Samsung 840 PRO 512GB SSD’s in RAID 0. So R/W performance is very good. It can have up to 4 SSD’s & I had planned to get a 4th. Held off when the 850’s came out with 1TB capacity. I may have to use it more than I have been!
It’s looking more likely Intel knew about this some time ago.
Yeah, I updated the firmware in all my Crucial SSD’s in that database server last night, as well as BLKDISCARD’ed them since I was putting a new filesystem on them. Flashing new firmware onto Crucial SSD’s is easy *if* you have a Windows 10 system with hot swap trays. We put four SSD’s in, flashed the new firmware onto them in parallel with the Crucial SSD Manager, popped them out, and popped in the next four. Then I had to pop them into my Linux system (SATA ports) to run the blkdiscard program, since the LSI Megaraid driver under Linux (what’s running on my big database server) won’t pass through the DISCARD commands to SSD’s. GRR.
This is starting to make me think about the viability of putting our own hardware into data centers. But we’d need to hire someone full time to run it as well as spend a ton on infrastructure and power and at current Silicon Valley prices that’s a *lot* of Amazon credits.
The life of the user: you keep patching and updating and wonder when these corporations we have come to depend on are finally going to get it all together. The answer of course is never. Hell, we have seen major fails at product introductions which made the CEOs look like fools, so why should users expect any better treatment.
You reminded me of the days when I would take my Red Hat installation disk with me, Badtux, to wipe and rebuild a disk for a new clean Windows install. Windows wanted to “protect” you from wiping out a disk it assumed was already partitioned and formatted.
You’re right, co-locating is an expensive alternative to using a cloud system. You have to really need the extra control to justify the cost